Bug#601200: munin: cgi/fastcgi: Use GMT time zone in Last-Modified: header

Sun, 24 Oct 2010 03:45:20 -0700 

Package: munin
Version: 1.4.5-3
Severity: normal

In both cgi variants, the Last-Modified: header is generated
using the local time zone, which is in violation of the HTTP RFC 2606
"3.3.1 Full Date":

   All HTTP date/time stamps MUST be represented in Greenwich Mean Time
   (GMT), without exception.

Fix is really simple (two times in both programs):

--- a/usr/lib/cgi-bin/munin-fastcgi-graph
+++ b/usr/lib/cgi-bin/munin-fastcgi-graph
@@ -98,7 +98,7 @@ while (new CGI::Fast) {
     # At this time the file exists.  But may be old.  Or not.
 
     my @stats         = stat ($filename);
-    my $last_modified = strftime ("%a, %d %b %Y %H:%M:%S %Z", localtime 
($stats[9]));
+    my $last_modified = strftime ("%a, %d %b %Y %H:%M:%S GMT", gmtime 
($stats[9]));
     # "Expires" has to use last modified time as base:
     my $expires       = strftime ("%a, %d %b %Y %H:%M:%S GMT", 
                                  
gmtime($stats[9]+($period{$scale}-($stats[9]%$period{$scale}))));

At least wget complains about an invalid header.

    Christoph

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32.21 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages munin depends on:
ii  adduser                       3.112jj1   add and remove users and groups
ii  cron                          3.0pl1-115 process scheduling daemon
pn  libdigest-md5-perl            <none>     (no description available)
ii  libhtml-template-perl         2.9-2      module for using HTML Templates wi
ii  liblog-log4perl-perl          1.29-1     A Perl port of the widely popular 
ii  librrds-perl                  1.4.3-1    time-series data storage and displ
pn  libstorable-perl              <none>     (no description available)
ii  munin-common                  1.4.5-3    network-wide graphing framework (c
ii  perl [libtime-hires-perl]     5.10.1-15  Larry Wall's Practical Extraction 
ii  perl-modules                  5.10.1-15  Core Perl modules
ii  rrdtool                       1.4.3-1    time-series data storage and displ
ii  ttf-dejavu                    2.31-1     Metapackage to pull in ttf-dejavu-

Versions of packages munin recommends:
ii  libdate-manip-perl            6.11-1     module for manipulating dates
pn  munin-node                    <none>     (no description available)

Versions of packages munin suggests:
ii  apache2-mpm-prefork [httpd]   2.2.16-3   Apache HTTP Server - traditional n
pn  libnet-ssleay-perl            <none>     (no description available)
ii  lighttpd [httpd]              1.4.28-1   A fast webserver with minimal memo
pn  www-browser                   <none>     (no description available)

-- Configuration Files:
/etc/cron.d/munin changed [not included]
/etc/logrotate.d/munin changed [not included]
/etc/munin/apache.conf changed [not included]
/etc/munin/munin.conf changed [not included]

-- no debconf information

Attachment: signature.asc
Description: Digital signature

Reply via email to