Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Leo
aports
Commits
5e97601f
Commit
5e97601f
authored
Apr 30, 2021
by
Ariadne Conill
Browse files
main/awstats: security upgrade to 7.8 (CVE-2020-29600, CVE-2020-35176)
parent
7889ff1c
Changes
2
Hide whitespace changes
Inline
Side-by-side
main/awstats/APKBUILD
View file @
5e97601f
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
awstats
pkgver
=
7.
7
pkgver
=
7.
8
pkgrel
=
0
pkgdesc
=
"Free real-time logfile analyzer to get advanced statistics"
url
=
"http://awstats.sourceforge.net/"
...
...
@@ -10,10 +10,13 @@ license="GPL-3.0-or-later"
depends
=
"perl perl-uri"
subpackages
=
"
$pkgname
-doc"
options
=
"!check"
# no testsuite
source
=
"https://prdownloads.sourceforge.net/
$pkgname
/
$pkgname
-
$pkgver
.tar.gz
"
builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
source
=
"https://prdownloads.sourceforge.net/
awstats/awstats
-
$pkgver
.tar.gz
CVE-2020-35176.patch
"
# secfixes:
# 7.8-r0:
# - CVE-2020-29600
# - CVE-2020-35176
# 7.6-r2:
# - CVE-2017-1000501
...
...
@@ -59,4 +62,5 @@ package() {
"
$pkgdir
"
/usr/lib/
$pkgname
/cgi-bin/plugins/example
}
sha512sums
=
"8bf32b0650ef0cc900a16eead866da3847d81c2696e7a90fb49833679c958768833d781e5b4becd9b4f6748c7266e2887ff7ff33d98293ce3a0296a810fbe899 awstats-7.7.tar.gz"
sha512sums
=
"b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz
d012866662206ffba9f84af437824324bf402a49ecb67161833b3f9593ccd4327db4b465d305c3ca78e5b29917acd469760faac6f7678055d4de01621f689c63 CVE-2020-35176.patch"
main/awstats/CVE-2020-35176.patch
0 → 100644
View file @
5e97601f
From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
From: Beuc <beuc@beuc.net>
Date: Thu, 17 Dec 2020 18:14:43 +0100
Subject: [PATCH] Only look for configuration in dedicated awstats directories
Fixes #195/CVE-2020-35176
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5..8341c0a5 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@
sub Read_Config {
# Check config file in common possible directories :
# Windows : "$DIR" (same dir than awstats.pl)
# Standard, Mandrake and Debian package : "/etc/awstats"
- # Other possible directories : "/usr/local/etc/awstats", "/etc"
+ # Other possible directories : "/usr/local/etc/awstats",
# FHS standard, Suse package : "/etc/opt/awstats"
my $configdir = shift;
my @PossibleConfigDir = (
"$DIR",
"/etc/awstats",
- "/usr/local/etc/awstats", "/etc",
+ "/usr/local/etc/awstats",
"/etc/opt/awstats"
);
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment