Activity log for bug #1708665

Date Who What changed Old value New value Message
2017-08-04 13:46:43 Carl W. Soderstrom bug added bug
2017-09-18 12:10:44 Launchpad Janitor awstats (Ubuntu): status New Confirmed
2017-09-20 19:06:04 Andreas Hasenack awstats (Ubuntu): importance Undecided Low
2017-09-20 19:06:16 Andreas Hasenack tags bitesize server-next
2017-09-20 19:20:34 Andreas Hasenack tags bitesize server-next bite-size server-next
2017-09-20 19:20:53 Andreas Hasenack tags bite-size server-next bitesize server-next
2017-09-20 19:22:25 Andreas Hasenack bug added subscriber Ubuntu Server Team
2017-09-20 19:22:57 Andreas Hasenack awstats (Ubuntu): status Confirmed Triaged
2017-09-20 19:27:57 Andreas Hasenack bug watch added https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858461
2017-09-20 19:42:43 Andreas Hasenack bug added subscriber Andreas Hasenack
2017-12-15 20:25:33 Andreas Hasenack nominated for series Ubuntu Artful
2017-12-15 20:25:33 Andreas Hasenack nominated for series Ubuntu Zesty
2017-12-15 20:25:33 Andreas Hasenack nominated for series Ubuntu Xenial
2017-12-15 20:31:49 David Britton bug task added awstats (Ubuntu Artful)
2017-12-15 20:31:54 David Britton bug task added awstats (Ubuntu Xenial)
2017-12-15 20:32:06 David Britton bug task added awstats (Ubuntu Zesty)
2017-12-15 20:36:31 Andreas Hasenack awstats (Ubuntu Xenial): importance Undecided Low
2017-12-15 20:36:34 Andreas Hasenack awstats (Ubuntu Zesty): importance Undecided Low
2017-12-15 20:36:35 Andreas Hasenack awstats (Ubuntu Artful): importance Undecided Low
2017-12-15 20:36:42 Andreas Hasenack awstats (Ubuntu Xenial): status New Triaged
2017-12-15 20:36:44 Andreas Hasenack awstats (Ubuntu Zesty): status New Triaged
2017-12-15 20:36:48 Andreas Hasenack awstats (Ubuntu Artful): status New Triaged
2018-01-05 17:21:03 Andreas Hasenack awstats (Ubuntu Zesty): status Triaged Won't Fix
2018-01-05 17:34:45 Andreas Hasenack awstats (Ubuntu Xenial): assignee Andreas Hasenack (ahasenack)
2018-01-05 17:34:48 Andreas Hasenack awstats (Ubuntu Artful): assignee Andreas Hasenack (ahasenack)
2018-01-05 17:34:52 Andreas Hasenack awstats (Ubuntu Xenial): status Triaged In Progress
2018-01-05 17:34:56 Andreas Hasenack awstats (Ubuntu Artful): status Triaged In Progress
2018-01-05 17:35:05 Andreas Hasenack awstats (Ubuntu): assignee Andreas Hasenack (ahasenack)
2018-01-05 17:35:09 Andreas Hasenack awstats (Ubuntu): status Triaged In Progress
2018-01-05 17:36:52 Andreas Hasenack description This was found in Ubuntu 16.04. I have not tested other versions. The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does not run by default, because the 'www-data' user does not have a valid shell by default. root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh + UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh + '[' -x /usr/share/awstats/tools/update.sh ']' + su -l -c /usr/share/awstats/tools/update.sh www-data This account is currently not available. We could give www-data a valid shell but my preferred fix is to edit /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly specify the shell with '-s /bin/bash': diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh --- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500 +++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31 17:07:54.122034426 -0500 @@ -2,5 +2,5 @@ UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh if [ -x $UPDATE_SCRIPT ] then - su -l -c $UPDATE_SCRIPT www-data + su -l -c $UPDATE_SCRIPT -s /bin/bash www-data fi [Impact] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [Test Case] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance === Original description === This was found in Ubuntu 16.04. I have not tested other versions. The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does not run by default, because the 'www-data' user does not have a valid shell by default. root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh + UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh + '[' -x /usr/share/awstats/tools/update.sh ']' + su -l -c /usr/share/awstats/tools/update.sh www-data This account is currently not available. We could give www-data a valid shell but my preferred fix is to edit /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly specify the shell with '-s /bin/bash': diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh --- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500 +++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31 17:07:54.122034426 -0500 @@ -2,5 +2,5 @@  UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh  if [ -x $UPDATE_SCRIPT ]  then - su -l -c $UPDATE_SCRIPT www-data + su -l -c $UPDATE_SCRIPT -s /bin/bash www-data  fi
2018-01-05 17:50:14 Andreas Hasenack description [Impact] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [Test Case] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance === Original description === This was found in Ubuntu 16.04. I have not tested other versions. The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does not run by default, because the 'www-data' user does not have a valid shell by default. root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh + UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh + '[' -x /usr/share/awstats/tools/update.sh ']' + su -l -c /usr/share/awstats/tools/update.sh www-data This account is currently not available. We could give www-data a valid shell but my preferred fix is to edit /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly specify the shell with '-s /bin/bash': diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh --- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500 +++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31 17:07:54.122034426 -0500 @@ -2,5 +2,5 @@  UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh  if [ -x $UPDATE_SCRIPT ]  then - su -l -c $UPDATE_SCRIPT www-data + su -l -c $UPDATE_SCRIPT -s /bin/bash www-data  fi [Impact] The logrotate script that is responsible for updating awstats statistics does not run because the www-data user that it runs as does not have a valid shell. This update adjusts the su command line to specify the same shell as the script shebang line. [Test Case] To test, run the script: Version with the bug: $ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh No directory, logging in with HOME=/ This account is currently not available. Fixed version: $ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh No directory, logging in with HOME=/ Error while processing /etc/awstats/awstats.conf Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats. Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory). Note the "fixed" version actually runs the script and complains about something else, unrelated to this bug. The admin must complete the installation of awstats before using it, but this test is enough to verify the fix. If you want to get a full run, you have to follow the instructions in the README.Debian file. Basically, at a minimum: - edit /etc/awstats/awstats.conf and give SiteDomain a value - change group ownership of /var/log/apache2 and /var/log/apache2/* to www-data (that's one solution). README.Debian has other ideas, and I would add using ACLs if your filesystem of choice supports them: "setfacl -m g:www-data:rx /var/log/apache2" and "setfacl -m g:www-data:r /var/log/apache2/*" [Regression Potential] Code that wasn't running before because of this bug will now run. If the user didn't complete the awstats configuration he/she will get more verbose cron emails. [Other Info] Users who have already worked around the issue by manually editing the logrotate file and adding "-s /bin/sh" or something similar will get a dpkg prompt when upgrading to this version: Configuration file '/etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. === Original description === This was found in Ubuntu 16.04. I have not tested other versions. The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does not run by default, because the 'www-data' user does not have a valid shell by default. root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh + UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh + '[' -x /usr/share/awstats/tools/update.sh ']' + su -l -c /usr/share/awstats/tools/update.sh www-data This account is currently not available. We could give www-data a valid shell but my preferred fix is to edit /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly specify the shell with '-s /bin/bash': diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh --- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500 +++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31 17:07:54.122034426 -0500 @@ -2,5 +2,5 @@  UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh  if [ -x $UPDATE_SCRIPT ]  then - su -l -c $UPDATE_SCRIPT www-data + su -l -c $UPDATE_SCRIPT -s /bin/bash www-data  fi
2018-01-05 17:53:41 Andreas Hasenack merge proposal linked https://code.launchpad.net/~ahasenack/ubuntu/+source/awstats/+git/awstats/+merge/335761
2018-01-05 17:53:58 Andreas Hasenack merge proposal linked https://code.launchpad.net/~ahasenack/ubuntu/+source/awstats/+git/awstats/+merge/335759
2018-01-05 17:54:07 Andreas Hasenack merge proposal linked https://code.launchpad.net/~ahasenack/ubuntu/+source/awstats/+git/awstats/+merge/335760
2018-01-08 17:22:55 Andreas Hasenack bug task added awstats (Debian)
2018-01-09 14:36:29 Bug Watch Updater awstats (Debian): status Unknown New
2018-01-11 07:15:39 Launchpad Janitor awstats (Ubuntu): status In Progress Fix Released
2018-01-11 21:07:22 Brian Murray awstats (Ubuntu Artful): status In Progress Fix Committed
2018-01-11 21:07:23 Brian Murray bug added subscriber Ubuntu Stable Release Updates Team
2018-01-11 21:07:25 Brian Murray bug added subscriber SRU Verification
2018-01-11 21:07:30 Brian Murray tags bitesize server-next bitesize server-next verification-needed verification-needed-artful
2018-01-11 21:08:10 Brian Murray awstats (Ubuntu Xenial): status In Progress Fix Committed
2018-01-11 21:08:16 Brian Murray tags bitesize server-next verification-needed verification-needed-artful bitesize server-next verification-needed verification-needed-artful verification-needed-xenial
2018-01-12 11:43:51 Andreas Hasenack tags bitesize server-next verification-needed verification-needed-artful verification-needed-xenial bitesize server-next verification-done-xenial verification-needed verification-needed-artful
2018-01-12 11:47:35 Andreas Hasenack tags bitesize server-next verification-done-xenial verification-needed verification-needed-artful bitesize server-next verification-done-artful verification-done-xenial verification-needed
2018-01-22 09:43:52 Launchpad Janitor awstats (Ubuntu Artful): status Fix Committed Fix Released
2018-01-22 09:43:54 Łukasz Zemczak removed subscriber Ubuntu Stable Release Updates Team
2018-01-22 09:44:06 Launchpad Janitor awstats (Ubuntu Xenial): status Fix Committed Fix Released