rpms/awstats/devel awstats-6.8-CVE-2008-3714.patch, NONE, 1.1 awstats.spec, 1.23, 1.24
Aurelien Bompard
abompard at fedoraproject.org
Sat Aug 23 06:00:34 UTC 2008
Author: abompard
Update of /cvs/pkgs/rpms/awstats/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20379/devel
Modified Files:
awstats.spec
Added Files:
awstats-6.8-CVE-2008-3714.patch
Log Message:
* Sat Aug 23 2008 Aurelien Bompard <abompard at fedoraproject.org> 6.8-2
- Add upstream patch for CVE-2008-3714
awstats-6.8-CVE-2008-3714.patch:
--- NEW FILE awstats-6.8-CVE-2008-3714.patch ---
--- awstats.pl 2008/04/21 21:13:28 1.910
+++ awstats.pl 2008/07/27 17:44:11 1.912
@@ -6,7 +6,7 @@
# line or a browser to read report results.
# See AWStats documentation (in docs/ directory) for all setup instructions.
#------------------------------------------------------------------------------
-# $Revision: 1.910 $ - $Author: eldy $ - $Date: 2008/04/21 21:13:28 $
+# $Revision: 1.912 $ - $Author: eldy $ - $Date: 2008/07/27 17:44:11 $
require 5.005;
#$|=1;
@@ -21,8 +21,8 @@
# Defines
#------------------------------------------------------------------------------
use vars qw/ $REVISION $VERSION /;
-$REVISION='$Revision: 1.910 $'; $REVISION =~ /\s(.*)\s/; $REVISION=$1;
-$VERSION="6.8 (build $REVISION)";
+$REVISION='$Revision: 1.912 $'; $REVISION =~ /\s(.*)\s/; $REVISION=$1;
+$VERSION="6.9 (build $REVISION)";
# ----- Constants -----
use vars qw/
@@ -4406,6 +4406,7 @@
sub DecodeEncodedString {
my $stringtodecode=shift;
$stringtodecode =~ tr/\+/ /s;
+ $stringtodecode =~ s/%22//g;
$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
return $stringtodecode;
}
@@ -4458,9 +4459,12 @@
#------------------------------------------------------------------------------
sub CleanXSS {
my $stringtoclean=shift;
+ # To avoid html tags and javascript
$stringtoclean =~ s/</</g;
$stringtoclean =~ s/>/>/g;
$stringtoclean =~ s/|//g;
+ # To avoid onload="
+ $stringtoclean =~ s/onload//g;
return $stringtoclean;
}
Index: awstats.spec
===================================================================
RCS file: /cvs/pkgs/rpms/awstats/devel/awstats.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- awstats.spec 21 Jul 2008 21:11:08 -0000 1.23
+++ awstats.spec 23 Aug 2008 06:00:04 -0000 1.24
@@ -1,12 +1,14 @@
Name: awstats
Version: 6.8
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Advanced Web Statistics
License: GPLv2
Group: Applications/Internet
URL: http://awstats.sourceforge.net
Source0: http://dl.sf.net/awstats/awstats-%{version}.tar.gz
#Source0: http://awstats.sourceforge.net/files/awstats-6.6.tar.gz
+# http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912&view=patch
+Patch0: awstats-6.8-CVE-2008-3714.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -39,6 +41,9 @@
%prep
%setup -q
+pushd wwwroot/cgi-bin/
+%patch0 -p0 -b .CVE-2008-3714
+popd
# Fix style sheets.
perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
# Fix some bad file permissions here for convenience.
@@ -158,6 +163,9 @@
%changelog
+* Sat Aug 23 2008 Aurelien Bompard <abompard at fedoraproject.org> 6.8-2
+- Add upstream patch for CVE-2008-3714
+
* Mon Jul 21 2008 Aurelien Bompard <abompard at fedoraproject.org> 6.8-1
- version 6.8
More information about the fedora-extras-commits
mailing list