diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2020-01-27 12:48:57 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2020-01-27 12:48:57 +0000 |
| commit | fc2b57b7b4ab2c7ad6407d7830f5435d73e8fde5 (patch) | |
| tree | 08ab85f8f96f2301ee668cadc76ee22f02bf75a8 | |
| parent | 83bbece01ceffbb651a7ad6442aba0621e9d470c (diff) | |
| download | pkgsrc-fc2b57b7b4ab2c7ad6407d7830f5435d73e8fde5.tar.gz | |
Pullup ticket #6126 - requested by taca
www/awstats: security fix
Revisions pulled up:
- www/awstats/Makefile 1.64
- www/awstats/distinfo 1.38
- www/awstats/patches/patch-aa deleted
- www/awstats/patches/patch-ab deleted
- www/awstats/patches/patch-ad deleted
- www/awstats/patches/patch-tools_awstats__configure.pl 1.1
- www/awstats/patches/patch-wwwroot_cgi-bin_awstats.pl 1.1
- www/awstats/patches/patch-wwwroot_cgi-bin_lib_search__engines.pm 1.1
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Jan 7 18:21:02 UTC 2020
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Added Files:
pkgsrc/www/awstats/patches: patch-tools_awstats__configure.pl
patch-wwwroot_cgi-bin_awstats.pl
patch-wwwroot_cgi-bin_lib_search__engines.pm
Removed Files:
pkgsrc/www/awstats/patches: patch-aa patch-ab patch-ad
Log Message:
awstats: updated to 7.7
7.7:
Security fix: CVE-2017-1000501
Security fix: Missing sanitizing of parameters
Fix LogFormat=4 with url containing spaces.
Fix to window.opener vulnerability in external referral site links.
Add methodurlprot in key to define log format.
Add Dynamic DNS Lookup.
Fix edge support.
| -rw-r--r-- | www/awstats/Makefile | 40 | ||||
| -rw-r--r-- | www/awstats/distinfo | 16 | ||||
| -rw-r--r-- | www/awstats/patches/patch-ad | 15 | ||||
| -rw-r--r-- | www/awstats/patches/patch-tools_awstats__configure.pl (renamed from www/awstats/patches/patch-ab) | 22 | ||||
| -rw-r--r-- | www/awstats/patches/patch-wwwroot_cgi-bin_awstats.pl (renamed from www/awstats/patches/patch-aa) | 6 | ||||
| -rw-r--r-- | www/awstats/patches/patch-wwwroot_cgi-bin_lib_search__engines.pm | 15 |
6 files changed, 52 insertions, 62 deletions
diff --git a/www/awstats/Makefile b/www/awstats/Makefile index eef69b6fac1..0aba2b6afb8 100644 --- a/www/awstats/Makefile +++ b/www/awstats/Makefile @@ -1,12 +1,11 @@ -# $NetBSD: Makefile,v 1.63 2019/08/11 13:24:16 wiz Exp $ +# $NetBSD: Makefile,v 1.63.6.1 2020/01/27 12:48:57 bsiegert Exp $ -DISTNAME= awstats-7.6 -PKGREVISION= 2 +DISTNAME= awstats-7.7 CATEGORIES= www -MASTER_SITES= http://www.awstats.org/files/ +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=awstats/} MAINTAINER= minskim@NetBSD.org -HOMEPAGE= http://www.awstats.org/ +HOMEPAGE= https://awstats.sourceforge.io/ COMMENT= Free real-time logfile analyzer to get advanced web statistics LICENSE= gnu-gpl-v3 @@ -60,9 +59,6 @@ INSTALLATION_DIRS+= awstats/cgi-bin/plugins INSTALLATION_DIRS+= share/doc/awstats INSTALLATION_DIRS+= share/examples/awstats -post-extract: - find ${WRKSRC} -name .cvsignore -exec rm {} \; - do-install: ${INSTALL_SCRIPT} ${WRKSRC}/tools/*.pl ${DESTDIR}${PREFIX}/awstats/bin ${FIND} ${WRKSRC}/wwwroot/cgi-bin -name \*.orig -exec ${RM} {} \; @@ -76,26 +72,20 @@ do-install: ${DESTDIR}${PREFIX}/awstats/cgi-bin/plugins .for d in lang lib cd ${WRKSRC}/wwwroot/cgi-bin \ - && pax -rwpppm ${d} ${DESTDIR}${PREFIX}/awstats/cgi-bin/ + && ${PAX} -rwpppm ${d} ${DESTDIR}${PREFIX}/awstats/cgi-bin/ chown -R ${SHAREOWN}:${SHAREGRP} ${DESTDIR}${PREFIX}/awstats/cgi-bin/${d} - find ${DESTDIR}${PREFIX}/awstats/cgi-bin/${d} -type d -print \ - | xargs chmod ${PKGDIRMODE} - find ${DESTDIR}${PREFIX}/awstats/cgi-bin/${d} -type f -print \ - | xargs chmod ${SHAREMODE} + ${FIND} ${DESTDIR}${PREFIX}/awstats/cgi-bin/${d} -type d -exec ${CHMOD} ${PKGDIRMODE} {} + + ${FIND} ${DESTDIR}${PREFIX}/awstats/cgi-bin/${d} -type f -exec ${CHMOD} ${SHAREMODE} {} + .endfor .for d in classes css icon js - cd ${WRKSRC}/wwwroot && pax -rwpppm ${d} ${DESTDIR}${PREFIX}/awstats/ - chown -R ${SHAREOWN}:${SHAREGRP} ${DESTDIR}${PREFIX}/awstats/${d} - find ${DESTDIR}${PREFIX}/awstats/${d} -type d -print \ - | xargs chmod ${PKGDIRMODE} - find ${DESTDIR}${PREFIX}/awstats/${d} -type f -print \ - | xargs chmod ${SHAREMODE} + cd ${WRKSRC}/wwwroot && ${PAX} -rwpppm ${d} ${DESTDIR}${PREFIX}/awstats/ + ${CHOWN} -R ${SHAREOWN}:${SHAREGRP} ${DESTDIR}${PREFIX}/awstats/${d} + ${FIND} ${DESTDIR}${PREFIX}/awstats/${d} -type d -exec ${CHMOD} ${PKGDIRMODE} {} + + ${FIND} ${DESTDIR}${PREFIX}/awstats/${d} -type f -exec ${CHMOD} ${SHAREMODE} {} + .endfor - cd ${WRKSRC}/docs && pax -rwpppm . ${DESTDIR}${PREFIX}/share/doc/awstats/ - chown -R ${DOCOWN}:${DOCGRP} ${DESTDIR}${PREFIX}/share/doc/awstats/ - find ${DESTDIR}${PREFIX}/share/doc/awstats/ -type d -print \ - | xargs chmod ${PKGDIRMODE} - find ${DESTDIR}${PREFIX}/share/doc/awstats/ -type f -print \ - | xargs chmod ${DOCMODE} + cd ${WRKSRC}/docs && ${PAX} -rwpppm . ${DESTDIR}${PREFIX}/share/doc/awstats/ + ${CHOWN} -R ${DOCOWN}:${DOCGRP} ${DESTDIR}${PREFIX}/share/doc/awstats/ + ${FIND} ${DESTDIR}${PREFIX}/share/doc/awstats/ -type d -exec ${CHMOD} ${PKGDIRMODE} {} + + ${FIND} ${DESTDIR}${PREFIX}/share/doc/awstats/ -type f -exec ${CHMOD} ${DOCMODE} {} + .include "../../mk/bsd.pkg.mk" diff --git a/www/awstats/distinfo b/www/awstats/distinfo index 3301bcaa69c..a1f4066a47e 100644 --- a/www/awstats/distinfo +++ b/www/awstats/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.37 2017/02/12 10:27:41 adam Exp $ +$NetBSD: distinfo,v 1.37.28.1 2020/01/27 12:48:57 bsiegert Exp $ -SHA1 (awstats-7.6.tar.gz) = de0f4842442cbbbfbff61301ff30ca7788dda8a1 -RMD160 (awstats-7.6.tar.gz) = 62e7b046d1c9e40c91889a9109a59fbebb27a506 -SHA512 (awstats-7.6.tar.gz) = ebce29dcbdc1f0eef68f1faf6a511212daba3e3621db682dce692dffa584e0c456fb260b9f8e1b7ac25a2a7d5d2bea5034692d2395d4e56a16fa5a36844c79d5 -Size (awstats-7.6.tar.gz) = 2955876 bytes -SHA1 (patch-aa) = dcd1f70c0196118c57daf22eb41663be675ae4ad -SHA1 (patch-ab) = 5108717a44d993baea7a98e7c3e791e3be766c6c -SHA1 (patch-ad) = f82ee8731bd15d3c956cca6437552df2036190f6 +SHA1 (awstats-7.7.tar.gz) = da00ffc51ec2c4c1a6c4727d4e0ba3be652f1d17 +RMD160 (awstats-7.7.tar.gz) = 361ad5383670bed8a7e343d64d96f6de8b2f800a +SHA512 (awstats-7.7.tar.gz) = 8bf32b0650ef0cc900a16eead866da3847d81c2696e7a90fb49833679c958768833d781e5b4becd9b4f6748c7266e2887ff7ff33d98293ce3a0296a810fbe899 +Size (awstats-7.7.tar.gz) = 2956851 bytes +SHA1 (patch-tools_awstats__configure.pl) = bb098d890e1ee6a0a354dd9036e57f6eb42d3945 +SHA1 (patch-wwwroot_cgi-bin_awstats.pl) = edb1fa423ae1a0608e2226b55a8cded7c0c6292f +SHA1 (patch-wwwroot_cgi-bin_lib_search__engines.pm) = 7f9a3c1d38b8ee47d41fcb72e3aa0c172cd9ac69 diff --git a/www/awstats/patches/patch-ad b/www/awstats/patches/patch-ad deleted file mode 100644 index 82e72a766e5..00000000000 --- a/www/awstats/patches/patch-ad +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ad,v 1.5 2017/02/12 10:27:41 adam Exp $ - -Fix ampersand encoding that breaks XHTML output, ID 1824230. - ---- wwwroot/cgi-bin/lib/search_engines.pm.orig 2016-09-22 19:07:19.000000000 +0000 -+++ wwwroot/cgi-bin/lib/search_engines.pm -@@ -5084,7 +5084,7 @@ - 'atlanticbb','atlanticbb',
- 'atlas','Atlas.cz',
- 'atomz','Atomz',
--'att','<a href="http://www.att.net/" title="Search Engine Home Page [new window]" rel="nofollow" target="_blank">AT&T search (powered by Google)</a>',
-+'att','<a href="http://www.att.net/" title="Search Engine Home Page [new window]" rel="nofollow" target="_blank">AT&T search (powered by Google)</a>',
- 'auone','auone',
- 'avantfind','<a href="http://www.avantfind.com/" title="Search Engine Home Page [new window]" rel="nofollow" target="_blank">Avantfind</a>',
- 'avg','avg',
diff --git a/www/awstats/patches/patch-ab b/www/awstats/patches/patch-tools_awstats__configure.pl index 76a44240612..d1c929cfd7b 100644 --- a/www/awstats/patches/patch-ab +++ b/www/awstats/patches/patch-tools_awstats__configure.pl @@ -1,10 +1,10 @@ -$NetBSD: patch-ab,v 1.7 2013/04/27 11:19:39 adam Exp $ +$NetBSD: patch-tools_awstats__configure.pl,v 1.1.2.2 2020/01/27 12:48:57 bsiegert Exp $ Fix paths. ---- tools/awstats_configure.pl.orig 2008-04-06 15:45:24.000000000 +0200 +--- tools/awstats_configure.pl.orig 2016-08-27 18:59:01.000000000 +0000 +++ tools/awstats_configure.pl -@@ -29,12 +29,12 @@ $AWSTATS_MODEL_CONFIG +@@ -28,12 +28,12 @@ $AWSTATS_MODEL_CONFIG $AWSTATS_DIRDATA_PATH /; $AWSTATS_PATH=''; @@ -23,7 +23,7 @@ Fix paths. -@@ -64,6 +64,7 @@ use vars qw/ +@@ -63,6 +63,7 @@ use vars qw/ '/etc/httpd/httpd.conf', '/usr/local/apache/conf/httpd.conf', '/usr/local/apache2/conf/httpd.conf', @@ -31,7 +31,7 @@ Fix paths. ); use vars qw/ -@@ -309,13 +310,13 @@ if ($OS eq 'linux') { +@@ -308,13 +309,13 @@ if ($OS eq 'linux') { $AWSTATS_PATH=`pwd`; $AWSTATS_PATH =~ s/[\r\n]//; $AWSTATS_PATH=~s/tools[\\\/]?$//; $AWSTATS_PATH=~s/[\\\/]$//; @@ -48,7 +48,7 @@ Fix paths. print "And then, run configure.pl from this location.\n"; print "Do you want to continue setup from this NON standard directory [yN] ? "; my $bidon=''; -@@ -324,23 +325,23 @@ if ($OS eq 'linux') { +@@ -323,23 +324,23 @@ if ($OS eq 'linux') { print "configure.pl aborted.\n"; exit 1; } @@ -79,7 +79,7 @@ Fix paths. print "And then, run configure.pl from this location.\n"; print "Do you want to continue setup from this NON standard directory [yN] ? "; my $bidon=''; -@@ -349,10 +350,10 @@ elsif ($OS eq 'macosx') { +@@ -348,10 +349,10 @@ elsif ($OS eq 'macosx') { print "configure.pl aborted.\n"; exit 1; } @@ -94,7 +94,7 @@ Fix paths. } } elsif ($OS eq 'windows') { -@@ -421,6 +422,7 @@ if (! scalar keys %ApacheConfPath) { +@@ -420,6 +421,7 @@ if (! scalar keys %ApacheConfPath) { print "\n".($bidon?"Now, enter":"Enter")." full config file path of your Web server.\n"; print "Example: /etc/httpd/httpd.conf\n"; print "Example: /usr/local/apache2/conf/httpd.conf\n"; @@ -102,7 +102,7 @@ Fix paths. print "Example: c:\\Program files\\apache group\\apache\\conf\\httpd.conf\n"; $bidon=''; while ($bidon ne 'none' && ! -f "$bidon") { -@@ -546,8 +548,8 @@ EOF +@@ -545,8 +547,8 @@ EOF # ----------------------------- my $modelfile=''; if ($OS eq 'linux') { @@ -113,7 +113,7 @@ Fix paths. } else { $modelfile="$AWSTATS_MODEL_CONFIG"; -@@ -555,7 +557,7 @@ if ($OS eq 'linux') { +@@ -554,7 +556,7 @@ if ($OS eq 'linux') { } } elsif ($OS eq "macosx") { @@ -122,7 +122,7 @@ Fix paths. } elsif ($OS eq 'windows') { $modelfile="$AWSTATS_PATH\\wwwroot\\cgi-bin\\awstats.model.conf"; } else { $modelfile="$AWSTATS_PATH\\wwwroot\\cgi-bin\\awstats.model.conf"; } -@@ -608,11 +610,11 @@ if ($bidon =~ /^y/i) { +@@ -606,11 +608,11 @@ if ($bidon =~ /^y/i) { if ($OS eq 'linux') { print "\n-----> Define config file path\n"; print "In which directory do you plan to store your config file(s) ?\n"; diff --git a/www/awstats/patches/patch-aa b/www/awstats/patches/patch-wwwroot_cgi-bin_awstats.pl index 19de55ad3e3..b397689b3bc 100644 --- a/www/awstats/patches/patch-aa +++ b/www/awstats/patches/patch-wwwroot_cgi-bin_awstats.pl @@ -1,10 +1,10 @@ -$NetBSD: patch-aa,v 1.12 2013/04/27 11:19:38 adam Exp $ +$NetBSD: patch-wwwroot_cgi-bin_awstats.pl,v 1.1.2.2 2020/01/27 12:48:57 bsiegert Exp $ Check for configdir. ---- wwwroot/cgi-bin/awstats.pl.orig 2013-03-08 20:16:52.000000000 +0000 +--- wwwroot/cgi-bin/awstats.pl.orig 2018-01-07 14:36:46.000000000 +0000 +++ wwwroot/cgi-bin/awstats.pl -@@ -1713,7 +1713,7 @@ sub Read_Config { +@@ -1723,7 +1723,7 @@ sub Read_Config { "/etc/opt/awstats" ); diff --git a/www/awstats/patches/patch-wwwroot_cgi-bin_lib_search__engines.pm b/www/awstats/patches/patch-wwwroot_cgi-bin_lib_search__engines.pm new file mode 100644 index 00000000000..af371c8354a --- /dev/null +++ b/www/awstats/patches/patch-wwwroot_cgi-bin_lib_search__engines.pm @@ -0,0 +1,15 @@ +$NetBSD: patch-wwwroot_cgi-bin_lib_search__engines.pm,v 1.1.2.2 2020/01/27 12:48:57 bsiegert Exp $ + +Fix ampersand encoding that breaks XHTML output, ID 1824230. + +--- wwwroot/cgi-bin/lib/search_engines.pm.orig 2017-02-20 23:35:50.000000000 +0000 ++++ wwwroot/cgi-bin/lib/search_engines.pm +@@ -5084,7 +5084,7 @@ + 'atlanticbb','atlanticbb',
+ 'atlas','Atlas.cz',
+ 'atomz','Atomz',
+-'att','<a href="http://www.att.net/" title="Search Engine Home Page [new window]" rel="nofollow noopener noreferrer" target="_blank">AT&T search (powered by Google)</a>',
++'att','<a href="http://www.att.net/" title="Search Engine Home Page [new window]" rel="nofollow noopener noreferrer" target="_blank">AT&T search (powered by Google)</a>',
+ 'auone','auone',
+ 'avantfind','<a href="http://www.avantfind.com/" title="Search Engine Home Page [new window]" rel="nofollow noopener noreferrer" target="_blank">Avantfind</a>',
+ 'avg','avg',
|