Your message dated Sat, 28 May 2016 16:35:05 +0000 with message-id <[email protected]> and subject line Bug#822144: fixed in apache2 2.4.20-2 has caused the Debian Bug report #822144, regarding apache2: Race condition and logical error in apache2 SysV initscript to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 822144: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822144 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: apache2 Version: 2.4.10-10+deb8u4 Severity: important Tags: patch Jessie's apache2 SysV init script has two errors which can cause restarts to fail or cause problems on shutdown. Issue 1: Race condition in do_stop() and apache_wait_stop() The do_stop() functions issues an apache2ctl stop/graceful-stop (or a killproc) and calls apache_wait_stop() afterwards. apache_wait_stop() tries to gather the current apache2 PID via pidofproc from the pid file and afterwards checks, if the process has already terminated (via kill -0). This approach is problematic, because after receiving SIGTERM (via apache2ctl), apache2 will remove its PID file in the shutdown process. When reaching the pidofproc invocation in apache_wait_stop(), the PID file may have already been removed (by apache2) and the PID of the main apache process may not be determined (although the process may yet be actively running). In this case, apache_wait_stop() will wrongly return with 0, indicating that the process has been terminated successfully. In most cases, this is not problematic, because the apache2 process will terminate shortly after - however in case of restarts (which will call do_stop() -> do_start()) this may cause apache2 not being able to start up, because the old main process is still active and holding resources (like sockets/ports or possibly locks etc.). To resolve this, apache2ctl/killproc invocation should be done AFTER determining apaches main PID. Note that in Wheezys initscripts, this race condition was not present - this has been introduced with Jessie. Issue 2: Logical error in apache_wait_stop() When waiting for the main PID to terminate, apache_wait_stop() will check every second, if the process is dead. This is done for 60 seconds max, after that, the inner loop will break and presumably should set/return a statuscode of 2, which it does not, because 'break' is executed before setting the correct return code: if [ $i = '60' ]; then break STATUS=2 fi This might cause problems in case apache2 cannot be shut down correctly (for whatever reason). The following patch should fix the issues mentioned above: --- apache2.init.org 2015-10-24 10:37:19.000000000 +0200 +++ apache2.init 2016-04-21 14:43:22.380946637 +0200 @@ -139,6 +139,7 @@ apache_wait_stop() { local STATUS=$1 + local METH=$2 if [ $STATUS != 0 ] ; then return $STATUS @@ -146,11 +147,18 @@ PIDTMP=$(pidofproc -p $PIDFILE $DAEMON) if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then + + if [ "$METH" = "kill" ]; then + killproc -p $PIDFILE $DAEMON + else + $APACHE2CTL $METH > /dev/null 2>&1 + fi + local i=0 while kill -0 "${PIDTMP:-}" 2> /dev/null; do if [ $i = '60' ]; then + STATUS=2 break - STATUS=2 fi [ "$VERBOSE" != no ] && log_progress_msg "." sleep 1 @@ -223,15 +231,13 @@ fi if [ $AP_RET = 2 ] && apache_conftest ; then - $APACHE2CTL $STOP > /dev/null 2>&1 - apache_wait_stop $? + apache_wait_stop $? $STOP return $? else if [ $AP_RET = 2 ]; then - clear_error_msg + clear_error_msg APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed, so we are trying to kill it manually. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!" - killproc -p $PIDFILE $DAEMON - apache_wait_stop $? + apache_wait_stop $? "kill" return $? elif [ $AP_RET = 1 ] ; then APACHE2_INIT_MESSAGE="There are processes named 'apache2' running which do not match your pid file which are left untouched in the name of safety, Please review the situation by hand". -- Package-specific info: -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin 2.4.10-10+deb8u4 ii apache2-data 2.4.10-10+deb8u4 ii apache2-utils 2.4.10-10+deb8u4 ii dpkg 1.17.26 ii lsb-base 4.1+Debian13+nmu1 ii mime-support 3.58 ii perl 5.20.2-3+deb8u4 ii procps 2:3.3.9-9 Versions of packages apache2 recommends: ii ssl-cert 1.0.35 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> pn www-browser <none> Versions of packages apache2-bin depends on: ii libapr1 1.5.1-3 ii libaprutil1 1.5.4-1 ii libaprutil1-dbd-sqlite3 1.5.4-1 ii libaprutil1-ldap 1.5.4-1 ii libc6 2.19-18+deb8u4 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2 ii liblua5.1-0 5.1.5-7.1 ii libpcre3 2:8.35-3.3+deb8u4 ii libssl1.0.0 1.0.1k-3+deb8u4 ii libxml2 2.9.1+dfsg1-5+deb8u1 ii perl 5.20.2-3+deb8u4 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> pn www-browser <none> Versions of packages apache2 is related to: ii apache2 2.4.10-10+deb8u4 ii apache2-bin 2.4.10-10+deb8u4 -- no debconf information
--- End Message ---
--- Begin Message ---Source: apache2 Source-Version: 2.4.20-2 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <[email protected]> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 28 May 2016 16:14:09 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source amd64 all Version: 2.4.20-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers <[email protected]> Changed-By: Stefan Fritsch <[email protected]> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Closes: 820824 821313 821956 822144 823259 Changes: apache2 (2.4.20-2) unstable; urgency=medium . * Fix crash in ap_get_useragent_host() triggered by mod_perl test. Closes: #820824 * Fix race condition and logical error in init script. Thanks to Thomas Stangner for the patch. Closes: #822144 * Remove links to manpages.debian.org in default index.html to avoid broken robots doing a DoS on the site. Closes: #821313 * Fix a2enmod to run on perl 5.14 to simplify backports. Closes: #821956 * Bump Standards-Version (no changes necessary). * Fix segfault with logresolve -c. Closes: #823259 Checksums-Sha1: e3041ff82a87356f686dfe8fa461ea1f972b1e03 2654 apache2_2.4.20-2.dsc 2beb56e4c56e9e8bd8d74211a114f9beb9888d00 350596 apache2_2.4.20-2.debian.tar.xz a38715b4a0ee01ef5d3a40090355db84652056a6 1120460 apache2-bin_2.4.20-2_amd64.deb 7140b1727dea2e75e566f64a76d4a76de2001e2c 162098 apache2-data_2.4.20-2_all.deb 6a87921928187d8232b4be87945870db024cd4cd 2192224 apache2-dbg_2.4.20-2_amd64.deb c238c68231fb496bc56a086b482b25d1be721b35 301358 apache2-dev_2.4.20-2_amd64.deb f05efff828c1cbb8d54e87509edca53b7645fb69 3734158 apache2-doc_2.4.20-2_all.deb 0e0a105b676d8269aafa4898ff0f39a1d35180b5 145284 apache2-suexec-custom_2.4.20-2_amd64.deb 7f40b4e4352b99dbbdcb7c29751697b500593fb1 143802 apache2-suexec-pristine_2.4.20-2_amd64.deb c9b5f872408ec8d558d75ed22628afc1b60535e4 207854 apache2-utils_2.4.20-2_amd64.deb 7a22461791603435dabafae75b38abc244f1d7f5 216680 apache2_2.4.20-2_amd64.deb Checksums-Sha256: 9794a22559a12245dff5098099da01fcd2a96e02f63c0d7630ce50f902c4b031 2654 apache2_2.4.20-2.dsc 6a43a3b984be205d13dd189a909549ecde8434983236e4043cf379da351c0c15 350596 apache2_2.4.20-2.debian.tar.xz 69e4ea31f6e96bff2b63a849d73533be1aebf2c775dfa06acb67582c3ed1fed1 1120460 apache2-bin_2.4.20-2_amd64.deb d28b1cbfd4eb759098f43eeaa978ba7a1269f27ab2dd7355c32bd327c34e975a 162098 apache2-data_2.4.20-2_all.deb 87a86ff091706fb1172052f3c7a101cd2efe9d9d615a0815f4727b26b4f7cd7b 2192224 apache2-dbg_2.4.20-2_amd64.deb 0ffae1e17372f5e592e3cc9b5e223034a2075dd75b4bd8448217121a6253f218 301358 apache2-dev_2.4.20-2_amd64.deb 2c6b3c489247d6e6ef51ba67f5d4fc5f21354981b3827f5d694748f380d0b6cc 3734158 apache2-doc_2.4.20-2_all.deb 55c496be55fcd592a354e7ae061106bd9c209311299a81820bb39130531c4218 145284 apache2-suexec-custom_2.4.20-2_amd64.deb fe9b1f518f0cef9091a1ca9b78b125514e80018e8796c631b0e5f191d7c5019a 143802 apache2-suexec-pristine_2.4.20-2_amd64.deb 48d37ebd916e4d00f4c4eed7e63045a96edf8f9be3e73bce747adaac9edfd2a5 207854 apache2-utils_2.4.20-2_amd64.deb a1ad9311c1b11550c3a2f1e9712badc954c55fcc9dfc5b8bc6287d39c2dccdea 216680 apache2_2.4.20-2_amd64.deb Files: d0d754b4e2086bfd222a3110e4757379 2654 httpd optional apache2_2.4.20-2.dsc a9fc31dd48d28919d9899464508144fd 350596 httpd optional apache2_2.4.20-2.debian.tar.xz fcd162742a739cb90527ce9d75faa0e1 1120460 httpd optional apache2-bin_2.4.20-2_amd64.deb ad78d0c62878851b86c0e6258ce636a2 162098 httpd optional apache2-data_2.4.20-2_all.deb aa19dc5380e0440ecf1be1a078618045 2192224 debug extra apache2-dbg_2.4.20-2_amd64.deb 25b4e799185ef4b3cf77a82cd29156f4 301358 httpd optional apache2-dev_2.4.20-2_amd64.deb f00d4f0f9af81b2429d1ea7210c70698 3734158 doc optional apache2-doc_2.4.20-2_all.deb aba0031762c70db9705bac5fea67a0e8 145284 httpd extra apache2-suexec-custom_2.4.20-2_amd64.deb 0f2c2aa07bd02412d4302d9c96709bb3 143802 httpd optional apache2-suexec-pristine_2.4.20-2_amd64.deb a8923572a39c3b43719c1872d8b47ab0 207854 httpd optional apache2-utils_2.4.20-2_amd64.deb 88a60a5cb61282f9a06236d8b2039826 216680 httpd optional apache2_2.4.20-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXSamNAAoJEMaHXzVBzv3gCOgQAIuBU1oU0fkGfiUMQE3pcnaB IttgZLeXoIMk0gkgKgW2RQxvl8niM376vUq/tAoX4ZgUTsgtagT1jpgH6TypAYSh jcJll+9UEXhLIwCfcMFJuwko5Vm1lNiEI5bMH4qbnzU7KpduT7WZ+EPyBic091yl 6dX5hd4FqjcDzovy8l751r6rfGMv1RpWBKvtFAGxRJfuXLZO1lNhSVveALHiOvoi qRZcg5mbjgMgFT/Tv6eiYpTL1+Qni26T570Ls6EvP+u3eA0RMSrdGLR9S6GmVuMo 2RgtYDLjFPHWTJje3cAXMHmz9QNcvUTGzvqofO2yhQlh9bFOg1wCA95lAAMsxcj+ VM0E8oWFyR9niaojAnnEDRcl698s8848d4I2721a5ejEZktHg64kwkhGcDxqZ3mK gSljkUwjGB+hDPOlwguv9yNZimRBmkHhsn01BWPtpRymCrsuLVN/XCAWr5OlZ3Qv apBcVKoG5S4uNKqFctT9LisWTkMk6NctJjLbx4RB+CVItR0EhDTo+ufF40mMFsFi 5V3gwElzMYTbwm5848iLD6bBvg4tMdMUS1gbIv99E6gNwCzuaSYx/10jVm9sp/TT yUjC32YREvWzJHbFe+CWH24GYcOZeF1AKL0ZjAwuK5qqh7UJtLHRP8j/QYgq+CEB qhTvqbDSvanf0tWywQ2u =dpdQ -----END PGP SIGNATURE-----
--- End Message ---
