Commit 5e97601f authored by Ariadne Conill's avatar Ariadne Conill
Browse files

main/awstats: security upgrade to 7.8 (CVE-2020-29600, CVE-2020-35176)

parent 7889ff1c
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=awstats
pkgver=7.7
pkgver=7.8
pkgrel=0
pkgdesc="Free real-time logfile analyzer to get advanced statistics"
url="http://awstats.sourceforge.net/"
......@@ -10,10 +10,13 @@ license="GPL-3.0-or-later"
depends="perl perl-uri"
subpackages="$pkgname-doc"
options="!check" # no testsuite
source="https://prdownloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
builddir="$srcdir/$pkgname-$pkgver"
source="https://prdownloads.sourceforge.net/awstats/awstats-$pkgver.tar.gz
CVE-2020-35176.patch"
# secfixes:
# 7.8-r0:
# - CVE-2020-29600
# - CVE-2020-35176
# 7.6-r2:
# - CVE-2017-1000501
......@@ -59,4 +62,5 @@ package() {
"$pkgdir"/usr/lib/$pkgname/cgi-bin/plugins/example
}
sha512sums="8bf32b0650ef0cc900a16eead866da3847d81c2696e7a90fb49833679c958768833d781e5b4becd9b4f6748c7266e2887ff7ff33d98293ce3a0296a810fbe899 awstats-7.7.tar.gz"
sha512sums="b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz
d012866662206ffba9f84af437824324bf402a49ecb67161833b3f9593ccd4327db4b465d305c3ca78e5b29917acd469760faac6f7678055d4de01621f689c63 CVE-2020-35176.patch"
From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
From: Beuc <beuc@beuc.net>
Date: Thu, 17 Dec 2020 18:14:43 +0100
Subject: [PATCH] Only look for configuration in dedicated awstats directories
Fixes #195/CVE-2020-35176
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5..8341c0a5 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@ sub Read_Config {
# Check config file in common possible directories :
# Windows : "$DIR" (same dir than awstats.pl)
# Standard, Mandrake and Debian package : "/etc/awstats"
- # Other possible directories : "/usr/local/etc/awstats", "/etc"
+ # Other possible directories : "/usr/local/etc/awstats",
# FHS standard, Suse package : "/etc/opt/awstats"
my $configdir = shift;
my @PossibleConfigDir = (
"$DIR",
"/etc/awstats",
- "/usr/local/etc/awstats", "/etc",
+ "/usr/local/etc/awstats",
"/etc/opt/awstats"
);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment