Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
aports
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Monitor
Service Desk
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
alpine
aports
Commits
68c3fdc9
Commit
68c3fdc9
authored
3 years ago
by
Ariadne Conill
Browse files
Options
Downloads
Patches
Plain Diff
main/awstats: add mitigation for CVE-2020-35176
parent
e6385ab2
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
main/awstats/APKBUILD
+7
-3
7 additions, 3 deletions
main/awstats/APKBUILD
main/awstats/CVE-2020-35176.patch
+30
-0
30 additions, 0 deletions
main/awstats/CVE-2020-35176.patch
with
37 additions
and
3 deletions
main/awstats/APKBUILD
+
7
−
3
View file @
68c3fdc9
...
...
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
awstats
pkgver
=
7.8
pkgrel
=
0
pkgrel
=
1
pkgdesc
=
"Free real-time logfile analyzer to get advanced statistics"
url
=
"http://awstats.sourceforge.net/"
arch
=
"noarch"
...
...
@@ -10,9 +10,12 @@ license="GPL-3.0-or-later"
depends
=
"perl perl-uri"
subpackages
=
"
$pkgname
-doc"
options
=
"!check"
# no testsuite
source
=
"https://prdownloads.sourceforge.net/awstats/awstats-
$pkgver
.tar.gz"
source
=
"https://prdownloads.sourceforge.net/awstats/awstats-
$pkgver
.tar.gz
CVE-2020-35176.patch"
# secfixes:
# 7.8-r1:
# - CVE-2020-35176
# 7.6-r2:
# - CVE-2017-1000501
...
...
@@ -57,4 +60,5 @@ package() {
"
$pkgdir
"
/usr/lib/
$pkgname
/cgi-bin/plugins/example
}
sha512sums
=
"b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz"
sha512sums
=
"b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2 awstats-7.8.tar.gz
d012866662206ffba9f84af437824324bf402a49ecb67161833b3f9593ccd4327db4b465d305c3ca78e5b29917acd469760faac6f7678055d4de01621f689c63 CVE-2020-35176.patch"
This diff is collapsed.
Click to expand it.
main/awstats/CVE-2020-35176.patch
0 → 100644
+
30
−
0
View file @
68c3fdc9
From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
From: Beuc <beuc@beuc.net>
Date: Thu, 17 Dec 2020 18:14:43 +0100
Subject: [PATCH] Only look for configuration in dedicated awstats directories
Fixes #195/CVE-2020-35176
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5..8341c0a5 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@
sub Read_Config {
# Check config file in common possible directories :
# Windows : "$DIR" (same dir than awstats.pl)
# Standard, Mandrake and Debian package : "/etc/awstats"
- # Other possible directories : "/usr/local/etc/awstats", "/etc"
+ # Other possible directories : "/usr/local/etc/awstats",
# FHS standard, Suse package : "/etc/opt/awstats"
my $configdir = shift;
my @PossibleConfigDir = (
"$DIR",
"/etc/awstats",
- "/usr/local/etc/awstats", "/etc",
+ "/usr/local/etc/awstats",
"/etc/opt/awstats"
);
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment