rpms/awstats/FC-5 awstats-6.5-CVE-2006-1945.patch, 1.1, 1.2 awstats.spec, 1.13, 1.14
Aurelien Bompard (abompard)
fedora-extras-commits at redhat.com
Tue May 9 09:04:15 UTC 2006
- Previous message (by thread): rpms/awstats/FC-4 awstats-6.5-CVE-2006-1945.patch, 1.1, 1.2 awstats.spec, 1.12, 1.13
- Next message (by thread): rpms/perl-Crypt-DSA/devel perl-Crypt-DSA.spec, 1.1, 1.2 sources, 1.2, 1.3 .cvsignore, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: abompard
Update of /cvs/extras/rpms/awstats/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29910/FC-5
Modified Files:
awstats-6.5-CVE-2006-1945.patch awstats.spec
Log Message:
really fix CVE-2006-1945
awstats-6.5-CVE-2006-1945.patch:
Index: awstats-6.5-CVE-2006-1945.patch
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-5/awstats-6.5-CVE-2006-1945.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- awstats-6.5-CVE-2006-1945.patch 7 May 2006 23:40:34 -0000 1.1
+++ awstats-6.5-CVE-2006-1945.patch 9 May 2006 09:04:15 -0000 1.2
@@ -1,16 +1,81 @@
-diff -u -r1.860 -r1.861
---- wwwroot/cgi-bin/awstats.pl 9 Jan 2006 18:51:06 -0000 1.860
-+++ wwwroot/cgi-bin/awstats.pl 22 Jan 2006 12:55:14 -0000 1.861
-@@ -5542,7 +5542,7 @@
+--- ./wwwroot/cgi-bin/awstats.pl.CVE-2006-1945 2005-11-24 21:11:19.000000000 +0100
++++ ./wwwroot/cgi-bin/awstats.pl 2006-05-09 10:46:34.000000000 +0200
+@@ -4430,6 +4394,7 @@
+
+ #------------------------------------------------------------------------------
+ # Function: Clean a string of HTML tags to avoid 'Cross Site Scripting attacks'
++# and clean | char.
+ # Parameters: stringtoclean
+ # Input: None
+ # Output: None
+@@ -4439,6 +4404,7 @@
+ my $stringtoclean=shift;
+ $stringtoclean =~ s/</</g;
+ $stringtoclean =~ s/>/>/g;
++ $stringtoclean =~ s/|//g;
+ return $stringtoclean;
+ }
+
+@@ -5516,6 +5483,7 @@
+ 'hostfilter','hostfilterex','urlfilter','urlfilterex','refererpagesfilter','refererpagesfilterex',
+ 'pluginmode','filterrawlog');
+
++# Parse input parameters and sanitize them for security reasons
+ $QueryString='';
+ # AWStats use GATEWAY_INTERFACE to known if ran as CLI or CGI. AWSTATS_DEL_GATEWAY_INTERFACE can
+ # be set to force AWStats to be ran as CLI even from a web page.
+@@ -5534,7 +5502,7 @@
+ $QueryString =~ s/&/&/g;
+ }
+
+- $QueryString = CleanFromCSSA($QueryString);
++ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));
+
+ # Security test
+ if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }
+@@ -5542,26 +5510,26 @@
# No update but report by default when run from a browser
$UpdateStats=($QueryString=~/update=1/i?1:0);
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); }
-+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
-@@ -5591,7 +5591,7 @@
+- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
+- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
+- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
++ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); }
++ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
++ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
++ if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }
+ # All filters
+- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter
+- if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}=&DecodeEncodedString("$1"); } #
+- if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can also be defined with urlfilter=filter
+- if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}=&DecodeEncodedString("$1"); } #
+- if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can also be defined with refererpagesfilter=filter
+- if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); } #
++ if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter
++ if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}="$1"; } #
++ if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can also be defined with urlfilter=filter
++ if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}="$1"; } #
++ if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can also be defined with refererpagesfilter=filter
++ if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; } #
+ # All output
+- if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
+- if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
+- if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
+- if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
++ if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
++ if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
++ if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
++ if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
+
+ # If migrate
+ if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) {
+- $MigrateStats=&DecodeEncodedString("$2");
++ $MigrateStats=&Sanitize("$2");
+ $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
+ $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
+ }
+@@ -5591,7 +5559,7 @@
# Update with no report by default when run from command line
$UpdateStats=1;
@@ -19,3 +84,12 @@
if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }
+@@ -5625,8 +5593,6 @@
+ if ($QueryString =~ /(^|&|&)databasebreak=(\w+)/i) { $DatabaseBreak=$2; }
+ if ($QueryString =~ /(^|&|&)updatefor=(\d+)/i) { $UpdateFor=$2; }
+ if ($QueryString =~ /(^|&|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=1; } }
+-#Removed for security reasons
+-#if ($QueryString =~ /(^|&|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=-1; } }
+ if ($QueryString =~ /(^|&|&)limitflush=(\d+)/i) { $LIMITFLUSH=$2; }
+ # Get/Define output
+ if ($QueryString =~ /(^|&|&)output(=[^&]*|)(.*)(&|&)output(=[^&]*|)(&|$)/i) { error("Only 1 output option is allowed","","",1); }
Index: awstats.spec
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-5/awstats.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- awstats.spec 7 May 2006 23:40:34 -0000 1.13
+++ awstats.spec 9 May 2006 09:04:15 -0000 1.14
@@ -1,6 +1,6 @@
Name: awstats
Version: 6.5
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Advanced Web Statistics
License: GPL
Group: Applications/Internet
@@ -176,6 +176,9 @@
%changelog
+* Tue May 09 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-5
+- really fix CVE-2006-1945...
+
* Mon May 08 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-4
- add patch to fix CVE-2006-1945 (bugs 190921, 190922 and 190923)
- Previous message (by thread): rpms/awstats/FC-4 awstats-6.5-CVE-2006-1945.patch, 1.1, 1.2 awstats.spec, 1.12, 1.13
- Next message (by thread): rpms/perl-Crypt-DSA/devel perl-Crypt-DSA.spec, 1.1, 1.2 sources, 1.2, 1.3 .cvsignore, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list