Ubuntu
webalizer package

webalizer damages webalizer.hist

Bug #1399615 reported by Igor Bukanov on 2014-12-05

This bug affects 8 people

Affects		Status	Importance	Assigned to	Milestone
	webalizer (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

With the binary pacakage of webalizer in trusty as of 2014-12-05 (webalizer-2.23.08) when webalizer runs for a new month that is not already present in webalizer.hist it replaces in webalizer.hist all entries by the one with statistics from the previous run before adding the new stats.

To reproduce, unpack the attched archive with 3 log files containing single line with a hit for October-November-December, go to the directory webalizer-test and run there (assuming the default webalizer.conf file):

webalizer -o html 1.log

That produces in the html subdirectory normal-loking webalizer.hist:

# Webalizer V2.23-08 History Data - 05/Dec/2014 12:15:00 (120 month)
10 2014 1 1 1 0 1 1 1 1 0 0
9 2014 0 0 0 0 0 0 0 0 0 0
8 2014 0 0 0 0 0 0 0 0 0 0
7 2014 0 0 0 0 0 0 0 0 0 0
6 2014 0 0 0 0 0 0 0 0 0 0
5 2014 0 0 0 0 0 0 0 0 0 0
...

Now run webalizer for 2.log:

webalizer -o html 1.log

This produces already corrupted file:
11 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
...

where all entries but the last one became the statistics for october.

Now run for 3.log:

webalizer -o html 3.log

12 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0

Notice how all entries were replaces by the statistics for November before adding stats for December.

The expected behavior should be the file looking like:

12 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
11 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0
10 2014 1 1 1 0 1 1 1 1 0 0

I tried to reproduce the bug via rebuild the package from sources, but I cannot rebuild it on Ubuntu 14.04 as the debuild gives:

dh --with autoreconf build
dh_testdir
dh_autoreconf
aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in'
configure.in:37: warning: AC_TRY_RUN called without default to allow cross compiling
autoconf: Undefined macros:
configure.in:322:AC_MSG_NOTICE(Done. Type 'make' to continue with build.)
configure.in:36:AC_SYS_LARGEFILE
configure.in:39:AC_CHECK_DECL(altzone,OPTS="-DHAVE_ALTZONE ${OPTS}",,[#include <time.h>])
configure.in:37: warning: AC_TRY_RUN called without default to allow cross compiling
...
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
debuild: fatal error at line 1364:
dpkg-buildpackage -rfakeroot -D -us -uc failed

Also rebuilding the package manually on Fedora gives binary that behaves without the bug.

Tags:

Revision history for this message

Igor Bukanov (igor-mir2) wrote on 2014-12-05:

test case Edit (286 bytes, application/x-tar)

Revision history for this message

Igor Bukanov (igor-mir2) wrote on 2014-12-07:

I se the same bug on Ubuntu 14.10 with the binary webalizer package. I also managed to rebuild the webalizer from the source package, but the resulting binary and/or package has not shown the bug and behaved as it should.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-01:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in webalizer (Ubuntu):
status:	New → Confirmed

Revision history for this message

Jan Willamowius (jan-willamowius) wrote on 2015-04-01:

I see this bug, too. Ubuntu 14.04.2.

This is a data corruption bug and importance should be upgraded!

Revision history for this message

Jan Willamowius (jan-willamowius) wrote on 2015-04-27:

I can confirm that the original source from webalizer.org (version 2.23-08) does not have the bug and works as expected on Ubuntu 14.04.2.

Unfortunately my previous data in webalizer.hist is permanentyl lost.

Revision history for this message

Magnum (magnum-pestilenz) wrote on 2015-10-07:

Same here
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.2 LTS"

Guillaume FRANCOIS (guillaume-francois55) on 2015-10-15

information type:	Public → Public Security
information type:	Public Security → Public

Revision history for this message

Kees Monshouwer (mind04) wrote on 2016-04-05:

Use memmove for overlapping blocks Edit (1.4 KiB, text/plain)

Webalizer is using memcpy for overlapping blocks. This is causing undefined behaviour.

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2016-04-05:

The attachment "Use memmove for overlapping blocks" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-07-14:

This bug was fixed in the package webalizer - 2.23.08-2

---------------
webalizer (2.23.08-2) unstable; urgency=low

  * Add Slovak po-debconf translation, thanks Slavko. Closes: #688906
  * Fix VCS-* field (Lintian)
  * Change dh compat to 9 for hardening flags and enable hardening
  * Updated Policy to 4.0.0 without changes.
  * Added a note in README.Debian about other_vhost log. Closes: #681868
  * Added a debconf question to generate the config file. Closes: #482368
  * Suggest some ttf fonts. Closes: #604428
  * Recommends: geoip-database. Closes: #532123
  * Fix in cron job from Niccolo Rigacci, thanks. Closes: #741515
  * Debconf translation:
    - Dutch (Frans Spiesschaert). Closes: #763863
  * New patch 03_fix_etc_path_in_man. Closes: #794822
  * New patch 08_use_memmove_for_overlapping_blocks.
    Closes: #858602 LP: #1399615
  * New patch to add python script to convert lang file to po file
  * Updated webalizer fr.po in gettest_po-files.diff using convertlang2po.py
    plus some more manual editing.
  * Fix several typo reported by lintian

-- Julien Viard de Galbert <email address hidden> Thu, 13 Jul 2017 00:40:59 +0200

Changed in webalizer (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

M.Tsukakoshi (litspeed) wrote on 2017-09-04:

#10

I have upgraded to 2.23.08-02, However the bug not fixed.
In September, July history gone.

XXXXXX@uBuntu16:~$ dpkg -l | egrep webalizer
ii webalizer 2.23.08-2 amd64 web server log analysis program

Revision history for this message

Alexander Palm (alekscee) wrote on 2017-10-03:

#11

Hello!

I have seen today that my history file is also damaged. Only the last two months are shown on the overview but all detailed html files are in the folder. I take a look in the hist file and all lines except the last two are set to 0 values. Is there any way to repair the hist file with the data of the last years without the access.log-data?

Thx, Alex

Revision history for this message

D J Gardner (djgardner) wrote on 2019-01-02:

#12

I believe the exact same bug as Alexander (#11) has just bitten me,
- historic data zeroed out - on Xenial. I see the Xenial version is 2.23.08-01
Why is a data-corrupting fix (2.23.08-02) only released for trusty?