rpms/awstats/FC-4 awstats-6.5-CVE-2006-1945.patch, NONE, 1.1 .cvsignore, 1.6, 1.7 awstats.spec, 1.10, 1.11 sources, 1.9, 1.10
Aurelien Bompard (abompard)
fedora-extras-commits at redhat.com
Sun May 7 23:40:34 UTC 2006
- Previous message (by thread): rpms/bakery/devel .cvsignore, 1.2, 1.3 bakery.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/awstats/FC-5 awstats-6.5-CVE-2006-1945.patch, NONE, 1.1 awstats.README.SELinux, NONE, 1.1 .cvsignore, 1.6, 1.7 awstats.spec, 1.12, 1.13 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: abompard
Update of /cvs/extras/rpms/awstats/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14808/FC-4
Modified Files:
.cvsignore awstats.spec sources
Added Files:
awstats-6.5-CVE-2006-1945.patch
Log Message:
revert to version 6.5 (build failed for FC-4 and 5 anyway) and backport the fix for the vulnerability
awstats-6.5-CVE-2006-1945.patch:
--- NEW FILE awstats-6.5-CVE-2006-1945.patch ---
diff -u -r1.860 -r1.861
--- wwwroot/cgi-bin/awstats.pl 9 Jan 2006 18:51:06 -0000 1.860
+++ wwwroot/cgi-bin/awstats.pl 22 Jan 2006 12:55:14 -0000 1.861
@@ -5542,7 +5542,7 @@
# No update but report by default when run from a browser
$UpdateStats=($QueryString=~/update=1/i?1:0);
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); }
+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
@@ -5591,7 +5591,7 @@
# Update with no report by default when run from command line
$UpdateStats=1;
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; }
+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); }
if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-4/.cvsignore,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- .cvsignore 7 May 2006 08:17:08 -0000 1.6
+++ .cvsignore 7 May 2006 23:40:34 -0000 1.7
@@ -1 +1 @@
-awstats-6.6.tar.gz
+awstats-6.5.tar.gz
Index: awstats.spec
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-4/awstats.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- awstats.spec 7 May 2006 08:17:08 -0000 1.10
+++ awstats.spec 7 May 2006 23:40:34 -0000 1.11
@@ -1,19 +1,19 @@
Name: awstats
-Version: 6.6
-Release: 0.1.beta%{?dist}
+Version: 6.5
+Release: 1%{?dist}
Summary: Advanced Web Statistics
License: GPL
Group: Applications/Internet
URL: http://awstats.sourceforge.net
-#Source0: http://dl.sf.net/awstats/awstats-6.6.tar.gz
-Source0: http://awstats.sourceforge.net/files/awstats-6.6.tar.gz
-Source1: awstats.README.SELinux
+Source0: http://dl.sf.net/awstats/awstats-6.5.tar.gz
+#Source0: http://awstats.sourceforge.net/files/awstats-6.5.tar.gz
+Patch0: awstats-6.5-CVE-2006-1945.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: httpd
Requires: perl
-Requires(post): perl, policycoreutils
-Requires(postun): /sbin/service, policycoreutils
+Requires(post): perl
+Requires(postun): /sbin/service
%description
Advanced Web Statistics is a powerful and featureful tool that generates
@@ -31,19 +31,20 @@
With the default configuration, the statistics are available:
http://localhost/awstats/awstats.pl
-
%prep
%setup -q
+# no backup or the orig file will be installed
+%patch0 -p0
+
# Fix style sheets.
perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
+
# Fix some bad file permissions here for convenience.
chmod -x tools/httpd_conf
find tools/xslt -type f | xargs chmod -x
+
# Remove \r in conf file (file written on MS Windows)
perl -pi -e 's/\r//g' tools/httpd_conf
-# SELinux README
-cp -a %{SOURCE1} README.SELinux
-
%install
rm -rf $RPM_BUILD_ROOT
@@ -81,7 +82,7 @@
### Commit permanent changes to default configuration
install -p -m 644 wwwroot/cgi-bin/awstats.model.conf \
$RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.model.conf
-perl -pi -e '
+%{__perl} -pi -e '
s|^LogFile=.*$|LogFile="%{_localstatedir}/log/httpd/access_log"|;
s|^DirData=.*$|DirData="%{_localstatedir}/lib/awstats"|;
s|^DirCgi=.*$|DirCgi="/awstats"|;
@@ -92,17 +93,16 @@
s|^SaveDatabaseFilesWithPermissionsForEveryone=.*$|SaveDatabaseFilesWithPermissionsForEveryone=0|;
s|^SkipHosts=.*$|SkipHosts="127.0.0.1"|;
s|^Expires=.*$|Expires=3600|;
- ' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.model.conf
+ ' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.model.conf
install -p -m 644 $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.{model,localhost.localdomain}.conf
# Fix scripts
-perl -pi -e 's|/usr/local/awstats|%{_datadir}/awstats|g' \
+%{__perl} -pi -e 's|/usr/local/awstats|%{_datadir}/awstats|g' \
$RPM_BUILD_ROOT%{_datadir}/%{name}/tools/{*.pl,httpd_conf}
# Apache configuration
install -p -m 644 tools/httpd_conf $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
-perl -pi -e 's|/usr/local|%{_datadir}|g;s|Allow from all|Allow from 127.0.0.1|g' \
- $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
+%{__perl} -pi -e 's|/usr/local|%{_datadir}|g' $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
echo "# Additional Perl modules
<IfModule mod_env.c>
SetEnv PERL5LIB %{_datadir}/awstats/lib:%{_datadir}/awstats/plugins
@@ -115,7 +115,6 @@
%clean
rm -rf $RPM_BUILD_ROOT
-
%post
if [ $1 -eq 1 ]; then
if [ ! -f %{_sysconfdir}/%{name}/%{name}.`hostname`.conf ]; then
@@ -125,27 +124,11 @@
' > %{_sysconfdir}/%{name}/%{name}.`hostname`.conf || :
fi
fi
-### SELinux support ###
-# Set SELinux file_context
-semanage fcontext -a -t httpd_sys_script_exec_t \
- '%{_datadir}/awstats/wwwroot/cgi-bin(/.*)?' 2>/dev/null || :
-semanage fcontext -a -t httpd_sys_script_rw_t '%{_localstatedir}/lib/awstats(/.*)?' 2>/dev/null || :
-# Actually change the context
-chcon -R -t httpd_sys_script_exec_t %{_datadir}/awstats/wwwroot/cgi-bin || :
-chcon -R -t httpd_sys_script_rw_t %{_localstatedir}/lib/awstats || :
-
%postun
if [ $1 -ne 0 ]; then
/sbin/service httpd condrestart >/dev/null 2>&1
fi
-# SELinux support
-if [ $1 -eq 0 ]; then
- semanage fcontext -d -t httpd_sys_script_exec_t \
- '%{_datadir}/awstats/wwwroot/cgi-bin(/.*)?' 2>/dev/null || :
- semanage fcontext -d -t httpd_sys_script_rw_t '%{_localstatedir}/lib/awstats(/.*)?' 2>/dev/null || :
-fi
-
%files
@@ -161,7 +144,7 @@
%{_datadir}/%{name}/wwwroot/cgi-bin
# Different defattr to fix lots of files which should not be +x.
%defattr(644,root,root,755)
-%doc README.TXT docs/* README.SELinux
+%doc README.TXT docs/*
%{_datadir}/%{name}/lang
%{_datadir}/%{name}/lib
%{_datadir}/%{name}/plugins
@@ -170,19 +153,7 @@
%{_datadir}/%{name}/wwwroot/icon
%{_datadir}/%{name}/wwwroot/js
-
-
%changelog
-* Sun May 07 2006 Aurelien Bompard <gauret[AT]free.fr> 6.6-0.1.beta
-- version 6.6 (beta), fixes CVE-2005-2732 (bug 190921, 190922, and 190923)
-
-* Sun Apr 09 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-3
-- SELinux support: use semanage to label the cgi and the database files
-- Only allow access from localhost by default (this app has a security history)
-
-* Thu Feb 23 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-2
-- rebuild for FC5
-
* Wed Jan 11 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-1
- version 6.5 final
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-4/sources,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- sources 7 May 2006 08:17:08 -0000 1.9
+++ sources 7 May 2006 23:40:34 -0000 1.10
@@ -1 +1 @@
-c9b65c5a58011fdb4ec611feec17eee4 awstats-6.6.tar.gz
+aef00b2ff5c5413bd2a868299cabd69a awstats-6.5.tar.gz
- Previous message (by thread): rpms/bakery/devel .cvsignore, 1.2, 1.3 bakery.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/awstats/FC-5 awstats-6.5-CVE-2006-1945.patch, NONE, 1.1 awstats.README.SELinux, NONE, 1.1 .cvsignore, 1.6, 1.7 awstats.spec, 1.12, 1.13 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list