Skip to content
Snippets Groups Projects
Commit 68c3fdc9 authored by Ariadne Conill's avatar Ariadne Conill
Browse files

main/awstats: add mitigation for CVE-2020-35176

parent e6385ab2
No related branches found
No related tags found
No related merge requests found
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=awstats
pkgver=7.8
pkgrel=0
pkgrel=1
pkgdesc="Free real-time logfile analyzer to get advanced statistics"
url="http://awstats.sourceforge.net/"
arch="noarch"
......@@ -10,9 +10,12 @@ license="GPL-3.0-or-later"
depends="perl perl-uri"
subpackages="$pkgname-doc"
options="!check" # no testsuite
source="https://prdownloads.sourceforge.net/awstats/awstats-$pkgver.tar.gz"
source="https://prdownloads.sourceforge.net/awstats/awstats-$pkgver.tar.gz
CVE-2020-35176.patch"
# secfixes:
# 7.8-r1:
# - CVE-2020-35176
# 7.6-r2:
# - CVE-2017-1000501
......@@ -57,4 +60,5 @@ package() {
"$pkgdir"/usr/lib/$pkgname/cgi-bin/plugins/example
}
sha512sums="b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz"
sha512sums="b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz
d012866662206ffba9f84af437824324bf402a49ecb67161833b3f9593ccd4327db4b465d305c3ca78e5b29917acd469760faac6f7678055d4de01621f689c63 CVE-2020-35176.patch"
From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
From: Beuc <beuc@beuc.net>
Date: Thu, 17 Dec 2020 18:14:43 +0100
Subject: [PATCH] Only look for configuration in dedicated awstats directories
Fixes #195/CVE-2020-35176
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5..8341c0a5 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@ sub Read_Config {
# Check config file in common possible directories :
# Windows : "$DIR" (same dir than awstats.pl)
# Standard, Mandrake and Debian package : "/etc/awstats"
- # Other possible directories : "/usr/local/etc/awstats", "/etc"
+ # Other possible directories : "/usr/local/etc/awstats",
# FHS standard, Suse package : "/etc/opt/awstats"
my $configdir = shift;
my @PossibleConfigDir = (
"$DIR",
"/etc/awstats",
- "/usr/local/etc/awstats", "/etc",
+ "/usr/local/etc/awstats",
"/etc/opt/awstats"
);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment