[awstats] awstats-7.1-1
plautrba
plautrba at fedoraproject.org
Fri Jan 4 09:57:42 UTC 2013
commit 777c71909e5b98b25174df7e3f1858024c4dd80c
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Fri Jan 4 10:57:30 2013 +0100
awstats-7.1-1
.gitignore | 1 +
awstats-awredir.pl-sanitize-parameters.patch | 46 +++-----------------------
awstats.spec | 17 ++++++---
sources | 2 +-
4 files changed, 18 insertions(+), 48 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index f4ddd54..2d80a38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
awstats-7.0.tar.gz
+/awstats-7.1.tar.gz
diff --git a/awstats-awredir.pl-sanitize-parameters.patch b/awstats-awredir.pl-sanitize-parameters.patch
index 1615e9b..bc92ebb 100644
--- a/awstats-awredir.pl-sanitize-parameters.patch
+++ b/awstats-awredir.pl-sanitize-parameters.patch
@@ -1,8 +1,7 @@
-diff --git a/wwwroot/cgi-bin/awredir.pl b/wwwroot/cgi-bin/awredir.pl
-index 35ee82d..f1e4cd2 100755
---- a/wwwroot/cgi-bin/awredir.pl
-+++ b/wwwroot/cgi-bin/awredir.pl
-@@ -8,6 +8,8 @@
+diff -up awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize awstats-7.1/wwwroot/cgi-bin/awredir.pl
+--- awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize 2012-02-15 15:19:22.000000000 +0100
++++ awstats-7.1/wwwroot/cgi-bin/awredir.pl 2013-01-04 10:31:33.303448288 +0100
+@@ -21,6 +21,8 @@
#use DBD::mysql;
use Digest::MD5 qw(md5 md5_hex md5_base64);
@@ -11,42 +10,7 @@ index 35ee82d..f1e4cd2 100755
#-------------------------------------------------------
-@@ -116,26 +118,27 @@ if ($ENV{QUERY_STRING} =~ /tag=\"?([^\"&]+)\"?/) { $Tag=$1; }
-
- $Key='NOKEY';
- if ($ENV{QUERY_STRING} =~ /key=\"?([^\"&]+)\"?/) { $Key=$1; }
-+$KeyEncoded=HTML::Entities::encode($Key);
-
- # Extract url to redirect to
- $Url=$ENV{QUERY_STRING};
- if ($Url =~ /url=\"([^\"]+)\"/) { $Url=$1; }
- elsif ($Url =~ /url=(.+)$/) { $Url=$1; }
- $Url = DecodeEncodedString($Url);
--$UrlParam=$Url;
-+$UrlEncoded=HTML::Entities::encode($Url);
-
--if (! $UrlParam) {
-+if (! $Url) {
- error("Error: Bad use of $PROG. To redirect an URL with $PROG, use the following syntax:<br><i>/cgi-bin/$PROG.pl?url=http://urltogo</i>");
- }
-
-+if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$Url))) {
-+# error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlEncoded." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlEncoded) );
-+ error("Error: Bad value for parameter key=".$KeyEncoded." to allow a redirect to ".$UrlEncoded.". Key must be hexadecimal md5(KEYFORMD5.".$UrlEncoded.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
-+}
-+
- if ($Url !~ /^http/i) { $Url = "http://".$Url; }
- if ($DEBUG) { print LOGFILE "Url=$Url\n"; }
-
--if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$UrlParam))) {
--# error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlParam) );
-- error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam.". Key must be hexadecimal md5(KEYFORMD5.".$UrlParam.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
--}
--
-
- # Get date
- ($nowsec,$nowmin,$nowhour,$nowday,$nowmonth,$nowyear,$nowwday,$nowyday,$nowisdst) = localtime(time);
-@@ -151,14 +154,17 @@ if ($TRACEBASE == 1) {
+@@ -193,14 +195,17 @@ if ($TRACEBASE == 1) {
if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
if ($DEBUG == 1) { print LOGFILE "Execution requete Update sur BASE=$BASE, USER=$USER, PASS=$PASS\n"; }
my $dbh = DBI->connect("DBI:mysql:$BASE", $USER, $PASS) || die "Can't connect to DBI:mysql:$BASE: $dbh->errstr\n";
diff --git a/awstats.spec b/awstats.spec
index e6c9dcd..8715ee6 100644
--- a/awstats.spec
+++ b/awstats.spec
@@ -1,6 +1,6 @@
Name: awstats
-Version: 7.0
-Release: 11%{?dist}
+Version: 7.1
+Release: 1%{?dist}
Summary: Advanced Web Statistics
License: GPLv2
Group: Applications/Internet
@@ -8,9 +8,11 @@ URL: http://awstats.sourceforge.net
Source0: http://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
Patch0: use-if-instead-of-switch-statement.patch
Patch1: awstats-awredir.pl-sanitize-parameters.patch
-Patch2: awstats-perl-5.14.patch
+# fixed upstream
+# Patch2: awstats-perl-5.14.patch
# CVE-2012-4547, #871159
-Patch3: awstats-7.0-cleanxss.patch
+# fixed upstream
+# Patch3: awstats-7.0-cleanxss.patch
# fix configuration for httpd 2.4 (#871366)
Patch4: awstats-7.0-httpd-2.4.patch
@@ -46,8 +48,8 @@ http://localhost/awstats/awstats.pl
%prep
%setup -q
%patch1 -p 1
-%patch2 -p 1
-%patch3 -p 1
+#%patch2 -p 1
+#%patch3 -p 1
%patch4 -p 1
# Fix style sheets.
@@ -170,6 +172,9 @@ fi
%changelog
+* Fri Jan 04 2013 Petr Lautrbach <plautrba at redhat.com> 7.1-1
+- version 7.1
+
* Fri Nov 16 2012 Petr Lautrbach <plautrba at redhat.com> 7.0-11
- fix configuration for httpd 2.4 (#871366)
- fix potential XSS attacks - CVE-2012-4547 (#871159)
diff --git a/sources b/sources
index 6d183bc..59a26c3 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3e8e09b9ebe74513bb34290dbcd37b45 awstats-7.0.tar.gz
+9ee8cb9c89295a519638ae1cf6a4e1e2 awstats-7.1.tar.gz
More information about the scm-commits
mailing list