[awstats] awstats-7.1-1

Fri Jan 4 09:57:42 UTC 2013

commit 777c71909e5b98b25174df7e3f1858024c4dd80c
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Fri Jan 4 10:57:30 2013 +0100

    awstats-7.1-1

 .gitignore                                   |    1 +
 awstats-awredir.pl-sanitize-parameters.patch |   46 +++-----------------------
 awstats.spec                                 |   17 ++++++---
 sources                                      |    2 +-
 4 files changed, 18 insertions(+), 48 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index f4ddd54..2d80a38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 awstats-7.0.tar.gz
+/awstats-7.1.tar.gz
diff --git a/awstats-awredir.pl-sanitize-parameters.patch b/awstats-awredir.pl-sanitize-parameters.patch
index 1615e9b..bc92ebb 100644
--- a/awstats-awredir.pl-sanitize-parameters.patch
+++ b/awstats-awredir.pl-sanitize-parameters.patch
@@ -1,8 +1,7 @@
-diff --git a/wwwroot/cgi-bin/awredir.pl b/wwwroot/cgi-bin/awredir.pl
-index 35ee82d..f1e4cd2 100755
---- a/wwwroot/cgi-bin/awredir.pl
-+++ b/wwwroot/cgi-bin/awredir.pl
-@@ -8,6 +8,8 @@
+diff -up awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize awstats-7.1/wwwroot/cgi-bin/awredir.pl
+--- awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize	2012-02-15 15:19:22.000000000 +0100
++++ awstats-7.1/wwwroot/cgi-bin/awredir.pl	2013-01-04 10:31:33.303448288 +0100
+@@ -21,6 +21,8 @@
  
  #use DBD::mysql;
  use Digest::MD5 qw(md5 md5_hex md5_base64);
@@ -11,42 +10,7 @@ index 35ee82d..f1e4cd2 100755
  
  
  #-------------------------------------------------------
-@@ -116,26 +118,27 @@ if ($ENV{QUERY_STRING} =~ /tag=\"?([^\"&]+)\"?/) { $Tag=$1; }
- 
- $Key='NOKEY';
- if ($ENV{QUERY_STRING} =~ /key=\"?([^\"&]+)\"?/) { $Key=$1; }
-+$KeyEncoded=HTML::Entities::encode($Key);
- 
- # Extract url to redirect to
- $Url=$ENV{QUERY_STRING};
- if ($Url =~ /url=\"([^\"]+)\"/) { $Url=$1; }
- elsif ($Url =~ /url=(.+)$/) { $Url=$1; }
- $Url = DecodeEncodedString($Url);
--$UrlParam=$Url;
-+$UrlEncoded=HTML::Entities::encode($Url);
- 
--if (! $UrlParam) {
-+if (! $Url) {
-         error("Error: Bad use of $PROG. To redirect an URL with $PROG, use the following syntax:<br><i>/cgi-bin/$PROG.pl?url=http://urltogo</i>");
- }
- 
-+if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$Url))) {
-+#       error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlEncoded." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlEncoded) );
-+        error("Error: Bad value for parameter key=".$KeyEncoded." to allow a redirect to ".$UrlEncoded.". Key must be hexadecimal md5(KEYFORMD5.".$UrlEncoded.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
-+}
-+
- if ($Url !~ /^http/i) { $Url = "http://".$Url; }
- if ($DEBUG) { print LOGFILE "Url=$Url\n"; }
- 
--if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$UrlParam))) {
--#       error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlParam) );
--        error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam.". Key must be hexadecimal md5(KEYFORMD5.".$UrlParam.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
--}
--
- 
- # Get date
- ($nowsec,$nowmin,$nowhour,$nowday,$nowmonth,$nowyear,$nowwday,$nowyday,$nowisdst) = localtime(time);
-@@ -151,14 +154,17 @@ if ($TRACEBASE == 1) {
+@@ -193,14 +195,17 @@ if ($TRACEBASE == 1) {
  	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
  		if ($DEBUG == 1) { print LOGFILE "Execution requete Update sur BASE=$BASE, USER=$USER, PASS=$PASS\n"; }
  		my $dbh = DBI->connect("DBI:mysql:$BASE", $USER, $PASS) || die "Can't connect to DBI:mysql:$BASE: $dbh->errstr\n";
diff --git a/awstats.spec b/awstats.spec
index e6c9dcd..8715ee6 100644
--- a/awstats.spec
+++ b/awstats.spec
@@ -1,6 +1,6 @@
 Name:       awstats
-Version:    7.0
-Release:    11%{?dist}
+Version:    7.1
+Release:    1%{?dist}
 Summary:    Advanced Web Statistics
 License:    GPLv2
 Group:      Applications/Internet
@@ -8,9 +8,11 @@ URL:        http://awstats.sourceforge.net
 Source0:    http://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
 Patch0:     use-if-instead-of-switch-statement.patch
 Patch1:     awstats-awredir.pl-sanitize-parameters.patch
-Patch2:     awstats-perl-5.14.patch
+# fixed upstream
+# Patch2:     awstats-perl-5.14.patch
 # CVE-2012-4547, #871159
-Patch3:     awstats-7.0-cleanxss.patch
+# fixed upstream
+# Patch3:     awstats-7.0-cleanxss.patch
 # fix configuration for httpd 2.4 (#871366)
 Patch4:     awstats-7.0-httpd-2.4.patch
 
@@ -46,8 +48,8 @@ http://localhost/awstats/awstats.pl
 %prep
 %setup -q
 %patch1 -p 1
-%patch2 -p 1
-%patch3 -p 1
+#%patch2 -p 1
+#%patch3 -p 1
 %patch4 -p 1
 
 # Fix style sheets.
@@ -170,6 +172,9 @@ fi
 
 
 %changelog
+* Fri Jan 04 2013 Petr Lautrbach <plautrba at redhat.com> 7.1-1
+- version 7.1
+
 * Fri Nov 16 2012 Petr Lautrbach <plautrba at redhat.com> 7.0-11
 - fix configuration for httpd 2.4 (#871366)
 - fix potential XSS attacks - CVE-2012-4547 (#871159)
diff --git a/sources b/sources
index 6d183bc..59a26c3 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3e8e09b9ebe74513bb34290dbcd37b45  awstats-7.0.tar.gz
+9ee8cb9c89295a519638ae1cf6a4e1e2  awstats-7.1.tar.gz
