pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q2]: pkgsrc/www/awstats Pullup ticket 681 - requested by M...
details: https://anonhg.NetBSD.org/pkgsrc/rev/16138c1b96b6
branches: pkgsrc-2005Q2
changeset: 495985:16138c1b96b6
user: snj <snj%pkgsrc.org@localhost>
date: Mon Aug 15 04:43:59 2005 +0000
description:
Pullup ticket 681 - requested by Min Sik Kim
security fix for awstats
Revisions pulled up:
- pkgsrc/www/awstats/Makefile 1.18
- pkgsrc/www/awstats/distinfo 1.11
- pkgsrc/www/awstats/patches/patch-aa removed
- pkgsrc/www/awstats/patches/patch-ab removed
Module Name: pkgsrc
Committed By: minskim
Date: Sun Aug 14 15:33:44 UTC 2005
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Removed Files:
pkgsrc/www/awstats/patches: patch-aa patch-ab
Log Message:
Update awstats to 6.4.
Changes:
- Add option ShowSummary.
- If Geoip plugin is enabled, add a column in Host report.
- Other minor changes on geoip and hostinfo plugins to enhance look.
- If LogFormat is 2, AWStats autodetect log format change.
- Add a way to set ArchiveLogRecords with same tags than LogFile to
add suffix to archived log files.
- Fix security hole that allowed a user to read log file content even
when plugin rawlog was not enabled.
- Fix a possible use of AWStats for a DoS attack.
- Fix errors for setup to analyze media servers.
- If there is no referer field in the log format, do not use them
in the errors reports.
- Label of real player ("media player", not "audio player")
- configdir option was broken on windows servers (Pb on Sanitize
function on windows local use).
- Minor fixes.
- Fix: [ 1094056 ] Bad html-output for maillogs
- Fix: [ 1094060 ] More bad html/xml output
- Fix: [ 1100550 ] Missing flag icon for euskera
- Fix: [ 1111817 ] AllowToUpdateStatsFromBrowser defaults to 1 contrary
to docs
diffstat:
www/awstats/Makefile | 5 +-
www/awstats/distinfo | 10 +-
www/awstats/patches/patch-aa | 161 -------------------------------------------
www/awstats/patches/patch-ab | 16 ----
4 files changed, 6 insertions(+), 186 deletions(-)
diffs (214 lines):
diff -r 8b68177230dc -r 16138c1b96b6 www/awstats/Makefile
--- a/www/awstats/Makefile Sat Aug 13 05:32:50 2005 +0000
+++ b/www/awstats/Makefile Mon Aug 15 04:43:59 2005 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2005/04/11 21:47:51 tv Exp $
+# $NetBSD: Makefile,v 1.16.2.1 2005/08/15 04:43:59 snj Exp $
#
-DISTNAME= awstats-6.3
-PKGREVISION= 4
+DISTNAME= awstats-6.4
CATEGORIES= www
MASTER_SITES= http://awstats.sourceforge.net/files/
EXTRACT_SUFX= .tgz
diff -r 8b68177230dc -r 16138c1b96b6 www/awstats/distinfo
--- a/www/awstats/distinfo Sat Aug 13 05:32:50 2005 +0000
+++ b/www/awstats/distinfo Mon Aug 15 04:43:59 2005 +0000
@@ -1,7 +1,5 @@
-$NetBSD: distinfo,v 1.10 2005/02/24 14:08:29 wiz Exp $
+$NetBSD: distinfo,v 1.10.4.1 2005/08/15 04:43:59 snj Exp $
-SHA1 (awstats-6.3nb4/awstats-6.3.tgz) = 3ca8d0b3e008beaa544b4bc344fec7cab2554da4
-RMD160 (awstats-6.3nb4/awstats-6.3.tgz) = ded6feb778d2f4771c2b72adf49d54dd583d835e
-Size (awstats-6.3nb4/awstats-6.3.tgz) = 938794 bytes
-SHA1 (patch-aa) = ecc293ac7e6a04da2b684cea01ba278d899a90bf
-SHA1 (patch-ab) = 715dcd2689f129aa71872a73a9abe15c3894d5a1
+SHA1 (awstats-6.4/awstats-6.4.tgz) = e58671499006881516406e9fa704b0ef34b94971
+RMD160 (awstats-6.4/awstats-6.4.tgz) = 318b34afcb7f7e8a4d26d46344e37bcbe3a8460a
+Size (awstats-6.4/awstats-6.4.tgz) = 918435 bytes
diff -r 8b68177230dc -r 16138c1b96b6 www/awstats/patches/patch-aa
--- a/www/awstats/patches/patch-aa Sat Aug 13 05:32:50 2005 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,161 +0,0 @@
-$NetBSD: patch-aa,v 1.1 2005/02/15 15:55:25 minskim Exp $
-
---- wwwroot/cgi-bin/awstats.pl.orig 2005-01-22 10:34:38.000000000 -0600
-+++ wwwroot/cgi-bin/awstats.pl
-@@ -132,7 +132,7 @@ $BuildReportFormat='html';
- $BuildHistoryFormat='text';
- $ExtraTrackedRowsLimit=500;
- use vars qw/
--$EnableLockForUpdate $DNSLookup $AllowAccessFromWebToAuthenticatedUsersOnly
-+$DebugMessages $EnableLockForUpdate $DNSLookup $AllowAccessFromWebToAuthenticatedUsersOnly
- $BarHeight $BarWidth $CreateDirDataIfNotExists $KeepBackupOfHistoricFiles
- $NbOfLinesParsed $NbOfLinesDropped $NbOfLinesCorrupted $NbOfOldLines $NbOfNewLines
- $NbOfLinesShowsteps $NewLinePhase $NbOfLinesForCorruptedLog $PurgeLogFile $ArchiveLogRecords
-@@ -144,7 +144,7 @@ $AuthenticatedUsersNotCaseSensitive
- $Expires $UpdateStats $MigrateStats $URLNotCaseSensitive $URLWithQuery $URLReferrerWithQuery
- $DecodeUA
- /;
--($EnableLockForUpdate, $DNSLookup, $AllowAccessFromWebToAuthenticatedUsersOnly,
-+($DebugMessages, $EnableLockForUpdate, $DNSLookup, $AllowAccessFromWebToAuthenticatedUsersOnly,
- $BarHeight, $BarWidth, $CreateDirDataIfNotExists, $KeepBackupOfHistoricFiles,
- $NbOfLinesParsed, $NbOfLinesDropped, $NbOfLinesCorrupted, $NbOfOldLines, $NbOfNewLines,
- $NbOfLinesShowsteps, $NewLinePhase, $NbOfLinesForCorruptedLog, $PurgeLogFile, $ArchiveLogRecords,
-@@ -155,11 +155,11 @@ $IncludeInternalLinksInOriginSection,
- $AuthenticatedUsersNotCaseSensitive,
- $Expires, $UpdateStats, $MigrateStats, $URLNotCaseSensitive, $URLWithQuery, $URLReferrerWithQuery,
- $DecodeUA)=
--(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
-+(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
- use vars qw/
- $AllowToUpdateStatsFromBrowser $DetailedReportsOnNewWindows
- $FirstDayOfWeek $KeyWordsNotSensitive $SaveDatabaseFilesWithPermissionsForEveryone
--$WarningMessages $DebugMessages $ShowLinksOnUrl $UseFramesWhenCGI
-+$WarningMessages $ShowLinksOnUrl $UseFramesWhenCGI
- $ShowMenu $ShowMonthStats $ShowDaysOfMonthStats $ShowDaysOfWeekStats
- $ShowHoursStats $ShowDomainsStats $ShowHostsStats
- $ShowRobotsStats $ShowSessionsStats $ShowPagesStats $ShowFileTypesStats
-@@ -169,7 +169,7 @@ $AddDataArrayMonthStats $AddDataArraySho
- /;
- ($AllowToUpdateStatsFromBrowser, $DetailedReportsOnNewWindows,
- $FirstDayOfWeek, $KeyWordsNotSensitive, $SaveDatabaseFilesWithPermissionsForEveryone,
--$WarningMessages, $DebugMessages, $ShowLinksOnUrl, $UseFramesWhenCGI,
-+$WarningMessages, $ShowLinksOnUrl, $UseFramesWhenCGI,
- $ShowMenu, $ShowMonthStats, $ShowDaysOfMonthStats, $ShowDaysOfWeekStats,
- $ShowHoursStats, $ShowDomainsStats, $ShowHostsStats,
- $ShowRobotsStats, $ShowSessionsStats, $ShowPagesStats, $ShowFileTypesStats,
-@@ -177,7 +177,7 @@ $ShowOSStats, $ShowBrowsersStats, $ShowO
- $ShowKeyphrasesStats, $ShowKeywordsStats, $ShowMiscStats, $ShowHTTPErrorsStats,
- $AddDataArrayMonthStats, $AddDataArrayShowDaysOfMonthStats, $AddDataArrayShowDaysOfWeekStats, $AddDataArrayShowHoursStats
- )=
--(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1);
-+(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1);
- use vars qw/
- $AllowFullYearView
- $LevelForRobotsDetection $LevelForWormsDetection $LevelForBrowsersDetection $LevelForOSDetection $LevelForRefererAnalyze
-@@ -1577,7 +1577,7 @@ sub Check_Config {
- if ($URLWithQuery !~ /[0-1]/) { $URLWithQuery=0; }
- if ($URLReferrerWithQuery !~ /[0-1]/) { $URLReferrerWithQuery=0; }
- if ($WarningMessages !~ /[0-1]/) { $WarningMessages=1; }
-- if ($DebugMessages !~ /[0-1]/) { $DebugMessages=1; }
-+ if ($DebugMessages !~ /[0-1]/) { $DebugMessages=0; }
- if ($NbOfLinesForCorruptedLog !~ /^\d+/ || $NbOfLinesForCorruptedLog<1) { $NbOfLinesForCorruptedLog=50; }
- if ($Expires !~ /^\d+/) { $Expires=0; }
- if ($DecodeUA !~ /[0-1]/) { $DecodeUA=0; }
-@@ -1824,7 +1824,8 @@ sub Read_Plugins {
- my @PossiblePluginsDir=("$DIR/plugins","/usr/local/awstats/wwwroot/cgi-bin/plugins","/usr/share/awstats/plugins");
- my %DirAddedInINC=();
-
-- foreach my $key (keys %NoLoadPlugin) { if ($NoLoadPlugin{$key} < 0) { push @PluginsToLoad, $key; } }
-+ #Removed for security reason
-+ #foreach my $key (keys %NoLoadPlugin) { if ($NoLoadPlugin{$key} < 0) { push @PluginsToLoad, $key; } }
- if ($Debug) { debug("Call to Read_Plugins with list: ".join(',',@PluginsToLoad)); }
- foreach my $plugininfo (@PluginsToLoad) {
- my ($pluginfile,$pluginparam)=split(/\s+/,$plugininfo,2);
-@@ -4288,7 +4289,12 @@ sub UnCompileRegex {
- #------------------------------------------------------------------------------
- sub Sanitize {
- my $stringtoclean=shift;
-- $stringtoclean =~ s/[^\w_\-\\\/\.\s]//g;
-+ my $full=shift||0;
-+ if ($full) {
-+ $stringtoclean =~ s/[^\w]//g;
-+ } else {
-+ $stringtoclean =~ s/[^\w_\-\\\/\.\s]//g;
-+ }
- return $stringtoclean;
- }
-
-@@ -5353,6 +5359,7 @@ $QueryString='';
- # be set to force AWStats to be ran as CLI even from a web page.
- if ($ENV{'AWSTATS_DEL_GATEWAY_INTERFACE'}) { $ENV{'GATEWAY_INTERFACE'}=''; }
- if ($ENV{'GATEWAY_INTERFACE'}) { # Run from a browser as CGI
-+ $DebugMessages=0;
- # Prepare QueryString
- if ($ENV{'CONTENT_LENGTH'}) {
- binmode STDIN;
-@@ -5370,7 +5377,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f
-
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); }
- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
-- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1")); }
-+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
- # All filters
- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with
hostfilter=filter
-@@ -5393,6 +5400,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f
- }
- }
- else { # Run from command line
-+ $DebugMessages=1;
- # Prepare QueryString
- for (0..@ARGV-1) {
- # If migrate
-@@ -5418,7 +5426,7 @@ else { # Run from command line
-
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; }
- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
-- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1"); }
-+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }
- # All filters
- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter
-@@ -5440,6 +5448,7 @@ else { # Run from command line
- if ($QueryString =~ /showcorrupted/i) { $ShowCorrupted=1; $QueryString=~s/showcorrupted[^&]*//i; }
- if ($QueryString =~ /showdropped/i) { $ShowDropped=1; $QueryString=~s/showdropped[^&]*//i; }
- if ($QueryString =~ /showunknownorigin/i) { $ShowUnknownOrigin=1; $QueryString=~s/showunknownorigin[^&]*//i; }
-+
- }
- if ($QueryString =~ /(^|&)staticlinks/i) { $StaticLinks=".$SiteConfig"; }
- if ($QueryString =~ /(^|&)staticlinks=([^&]+)/i) { $StaticLinks=".$2"; } # When ran from awstatsbuildstaticpages.pl
-@@ -5447,8 +5456,9 @@ if ($QueryString =~ /(^|&)staticlinksext
- if ($QueryString =~ /(^|&)framename=([^&]+)/i) { $FrameName="$2"; }
- if ($QueryString =~ /(^|&)debug=(\d+)/i) { $Debug=$2; }
- if ($QueryString =~ /(^|&)updatefor=(\d+)/i) { $UpdateFor=$2; }
--if ($QueryString =~ /(^|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_")}=1; } }
--if ($QueryString =~ /(^|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_")}=-1; } }
-+if ($QueryString =~ /(^|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=1; } }
-+#Removed for security reasons
-+#if ($QueryString =~ /(^|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=-1; } }
- if ($QueryString =~ /(^|&)limitflush=(\d+)/i) { $LIMITFLUSH=$2; }
- # Get/Define output
- if ($QueryString =~ /(^|&)output(=[^&]*|)(.*)&output(=[^&]*|)(&|$)/i) { error("Only 1 output option is allowed","","",1); }
-@@ -5488,7 +5498,7 @@ else { $DayRequired=''; }
- # Print AWStats and Perl version
- if ($Debug) {
- debug(ucfirst($PROG)." - $VERSION - Perl $^X $]",1);
-- debug("DIR=$DIR PROG=$PROG",2);
-+ debug("DIR=$DIR PROG=$PROG Extension=$Extension",2);
- debug("QUERY_STRING=$QueryString",2);
- debug("HTMLOutput=".join(',',keys %HTMLOutput),1);
- debug("YearRequired=$YearRequired, MonthRequired=$MonthRequired",2);
-@@ -5634,6 +5644,10 @@ if (! $Lang || $Lang eq 'auto') {
- &Check_Config();
- # Now SiteDomain is defined
-
-+if ($Debug && ! $DebugMessages) {
-+ error("Debug has not been allowed. Change DebugMessages parameter in config file to allow debug.");
-+}
-+
- # Define frame name and correct variable for frames
- if (! $FrameName) {
- if ($ENV{'GATEWAY_INTERFACE'} && $UseFramesWhenCGI && $HTMLOutput{'main'} && ! $PluginMode) { $FrameName='index'; }
diff -r 8b68177230dc -r 16138c1b96b6 www/awstats/patches/patch-ab
--- a/www/awstats/patches/patch-ab Sat Aug 13 05:32:50 2005 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-ab,v 1.1 2005/02/15 15:55:25 minskim Exp $
-
---- wwwroot/cgi-bin/awstats.model.conf.orig 2005-01-22 09:26:06.000000000 -0600
-+++ wwwroot/cgi-bin/awstats.model.conf
-@@ -701,9 +701,9 @@ ErrorMessages=""
- # security reasons) to disable debugging, set this parameter to 0.
- # Change : Effective immediatly
- # Possible values: 0 or 1
--# Default: 1
-+# Default: 0
- #
--DebugMessages=1
-+DebugMessages=0
-
-
- # To help you to detect if your log format is good, AWStats report an error
Home |
Main Index |
Thread Index |
Old Index