[From nobody Fri Jul 10 10:00:42 2009
Received: (at submit) by bugs.debian.org; 2 Jul 2009 23:15:51 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02
	(2007-08-08) on rietz.debian.org
X-Spam-Level: 
X-Spam-Bayes: score:0.0000 Tokens: new, 67; hammy, 113; neutral, 74; spammy,
	2. spammytokens:0.997-1--H*M:base, 0.997-1--H*MI:base
	hammytokens:0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug,
	0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug, 0.000-+--Severity
X-Spam-Status: No, score=-9.0 required=4.0 tests=AWL,BAYES_00,HAS_PACKAGE,
	IMPRONONCABLE_1, IMPRONONCABLE_2, MURPHY_DRUGS_REL8, MURPHY_WRONG_WORD2,
	SPF_PASS, XMAILER_REPORTBUG autolearn=ham
	version=3.2.3-bugs.debian.org_2005_01_02
Return-path: <debian-bugs@thequod.de>
Received: from hahler.de ([188.40.33.212] helo=elfe.thequod.de)
	by rietz.debian.org with esmtp (Exim 4.63)
	(envelope-from <debian-bugs@thequod.de>) id 1MMVVP-0000YC-3M
	for submit@bugs.debian.org; Thu, 02 Jul 2009 23:15:51 +0000
Received: from elfe.thequod.de (localhost [127.0.0.1])
	by elfe.thequod.de (Postfix) with ESMTP id D0967116002;
	Fri,  3 Jul 2009 01:15:48 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=thequod.de; h=content-type
	:mime-version:from:to:subject:message-id:date; s=postfix2; bh=LD
	2xcZ8vWDdwQyNqbfH2znCsyCM=; b=SuNaqPjqB+8WkyicUwA36Um8stb8PRK8AV
	uH7SAJSfca8nsOmdIVSR09OF0TpGOUulMMa8P2xKb/ruHrU0kp91VpeX7TvctcLC
	c0yeA50C4VMY+oRbselUMwbVTsFQlOUF17OvP45eDG2p4EtmNbeS5b5zYORTrh/f
	i93HUx2tc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=thequod.de; h=content-type
	:mime-version:from:to:subject:message-id:date; q=dns; s=postfix2
	; b=dwo2rdWeLJ++lg507qtHxXOj4vvBGAt4eCd1AbYBlLzFhWOiua4t+JnNVBCM
	Wxo5P3PbmqFlHnNGqWEQpY/6KBxmea+EuOPKJ3fO2txvinw/9AUVNomCqV64f9Ln
	T/NSXU+YpZTh3XTGvt2jXmuFi4tsIs4enaaqLRYxZld+K0E=
Received: from base.localdomain (e181234251.adsl.alicedsl.de [85.181.234.251])
	by elfe.thequod.de (Postfix) with ESMTPSA id BABC3116001;
	Fri,  3 Jul 2009 01:15:48 +0200 (CEST)
Received: by base.localdomain (Postfix, from userid 1000)
	id 8DDDD14A2D9; Fri,  3 Jul 2009 01:15:47 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============0353191300=="
MIME-Version: 1.0
From: Daniel Hahler <debian-bugs@thequod.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lighttpd.logrotate: do not start lighttpd (through "reload") if it is
	not running currently
Message-ID: <20090702231547.12133.30027.reportbug@base.local>
X-Mailer: reportbug 4.4ubuntu1
Date: Fri, 03 Jul 2009 01:15:47 +0200
Delivered-To: submit@bugs.debian.org

This is a multi-part MIME message sent by reportbug.


--===============0353191300==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: lighttpd
Version: 1.4.22-1
Severity: important
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch

>From https://launchpad.net/bugs/393792:
"""
The logrotate script of lighttpd does a lighttpd reload, which is what it should do, but if I stop the lighttpd daemon manually I certainly do NOT want it to be started again by the log rotation. reload should NOT start a daemon if it is not running IMO.

restart -> stop and start
reload -> reload config (for some this is also stop/start, but it should only be executed if the daemon was running before.)

This is a security issue, because if someone does not know that and intentionally stops the server for some reason and wants to leave it that way eg. for testing or so, the server gets started and may run with faulty software. (happened to me)
"""

Please note that e.g. "apache2ctl graceful" will start apache, if it is not running, too.
However, the PID file gets removed when stopping and therefore Apache's logrotate script (which includes the same "is the pidfile there" check), won't start Apache, if it is not running currently.

I could not find any information about if "reload" should start a service; the most sane fix for this problem appears to add the check in the logrotate script.

*** /tmp/tmpOYo0z1
In Ubuntu, we've applied the attached patch to achieve the following:

  * debian/lighttpd.logrotate: check if lighttpd is running, before
    calling reload, which would start the daemon if it is not running
    currently (LP: #393792)

We thought you might be interested in doing the same. 

--===============0353191300==
Content-Type: text/x-diff; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="tmpRmFAXQ"

diff -u lighttpd-1.4.22/debian/lighttpd.logrotate lighttpd-1.4.22/debian/lighttpd.logrotate
--- lighttpd-1.4.22/debian/lighttpd.logrotate
+++ lighttpd-1.4.22/debian/lighttpd.logrotate
@@ -7,7 +7,7 @@
         notifempty
         sharedscripts
         postrotate
-           if [ -f /var/run/lighttpd.pid ]; then \
+           if [ -f /var/run/lighttpd.pid ] && ps --pid $(cat /var/run/lighttpd.pid) > /dev/null 2>&1; then \
              if [ -x /usr/sbin/invoke-rc.d ]; then \
                 invoke-rc.d lighttpd reload > /dev/null 2>&1; \
              else \

--===============0353191300==--


]