[koha-commits] main Koha release repository branch master updated. v19.11.00-2252-g8994ded2c4

Git repo owner gitmaster at git.koha-community.org
Tue May 19 16:32:37 CEST 2020 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  8994ded2c47d22fd46ea46f6e7855da52826b351 (commit)
      from  96b4f6802b4b6b195d09f9b7dc9db29288a2b885 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8994ded2c47d22fd46ea46f6e7855da52826b351
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Thu May 14 16:04:20 2020 +0200

    Bug 25481: Pass --user to start-stop-daemon when a pidfile is used
    
    Since D10, the behaviour of start-stop-daemon changed, see from its
    manual:
    """
    Warning:  using this match option with a world-writable pidfile or using it alone with a daemon that writes the pidfile as an unprivileged (non-root) user will be refused with an error (since
    version 1.19.3) as this is a security risk, because either any user can write to it, or if the daemon gets compromised, the contents of the pidfile cannot be trusted, and  then  a  privileged
    runner (such as an init script executed as root) would end up acting on any system process.  Using /dev/null is exempt from these checks.
    """
    
    Test plan:
    koha-plack --restart kohadev
    should success with this patch.
    Without this patch you get:
    start-stop-daemon: matching only on non-root pidfile /var/run/koha/kohadev/plack.pid is insecure
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    Signed-off-by: Victor Grousset/tuxayo <victor at tuxayo.net>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>

-----------------------------------------------------------------------

Summary of changes:
 debian/scripts/koha-functions.sh | 2 ++
 debian/scripts/koha-plack        | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list