Commit 5e97601f authored by Ariadne Conill's avatar Ariadne Conill
Browse files

main/awstats: security upgrade to 7.8 (CVE-2020-29600, CVE-2020-35176)

parent 7889ff1c
# Contributor: Valery Kartel <valery.kartel@gmail.com> # Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=awstats pkgname=awstats
pkgver=7.7 pkgver=7.8
pkgrel=0 pkgrel=0
pkgdesc="Free real-time logfile analyzer to get advanced statistics" pkgdesc="Free real-time logfile analyzer to get advanced statistics"
url="http://awstats.sourceforge.net/" url="http://awstats.sourceforge.net/"
...@@ -10,10 +10,13 @@ license="GPL-3.0-or-later" ...@@ -10,10 +10,13 @@ license="GPL-3.0-or-later"
depends="perl perl-uri" depends="perl perl-uri"
subpackages="$pkgname-doc" subpackages="$pkgname-doc"
options="!check" # no testsuite options="!check" # no testsuite
source="https://prdownloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz" source="https://prdownloads.sourceforge.net/awstats/awstats-$pkgver.tar.gz
builddir="$srcdir/$pkgname-$pkgver" CVE-2020-35176.patch"
# secfixes: # secfixes:
# 7.8-r0:
# - CVE-2020-29600
# - CVE-2020-35176
# 7.6-r2: # 7.6-r2:
# - CVE-2017-1000501 # - CVE-2017-1000501
...@@ -59,4 +62,5 @@ package() { ...@@ -59,4 +62,5 @@ package() {
"$pkgdir"/usr/lib/$pkgname/cgi-bin/plugins/example "$pkgdir"/usr/lib/$pkgname/cgi-bin/plugins/example
} }
sha512sums="8bf32b0650ef0cc900a16eead866da3847d81c2696e7a90fb49833679c958768833d781e5b4becd9b4f6748c7266e2887ff7ff33d98293ce3a0296a810fbe899 awstats-7.7.tar.gz" sha512sums="b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz
d012866662206ffba9f84af437824324bf402a49ecb67161833b3f9593ccd4327db4b465d305c3ca78e5b29917acd469760faac6f7678055d4de01621f689c63 CVE-2020-35176.patch"
From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
From: Beuc <beuc@beuc.net>
Date: Thu, 17 Dec 2020 18:14:43 +0100
Subject: [PATCH] Only look for configuration in dedicated awstats directories
Fixes #195/CVE-2020-35176
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5..8341c0a5 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@ sub Read_Config {
# Check config file in common possible directories :
# Windows : "$DIR" (same dir than awstats.pl)
# Standard, Mandrake and Debian package : "/etc/awstats"
- # Other possible directories : "/usr/local/etc/awstats", "/etc"
+ # Other possible directories : "/usr/local/etc/awstats",
# FHS standard, Suse package : "/etc/opt/awstats"
my $configdir = shift;
my @PossibleConfigDir = (
"$DIR",
"/etc/awstats",
- "/usr/local/etc/awstats", "/etc",
+ "/usr/local/etc/awstats",
"/etc/opt/awstats"
);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment