diff options
| author | minskim <minskim@pkgsrc.org> | 2008-08-20 21:20:33 +0000 |
|---|---|---|
| committer | minskim <minskim@pkgsrc.org> | 2008-08-20 21:20:33 +0000 |
| commit | ca7a2c024f3f263faa75f46bffb0b617088ff016 (patch) | |
| tree | d0a00d57095a83f86dfc7a67ef5e63219a3500ab /www/awstats | |
| parent | a189dd86f75f8762faf7a5edf3b38695a2b9aa5b (diff) | |
| download | pkgsrc-ca7a2c024f3f263faa75f46bffb0b617088ff016.tar.gz | |
Fix XSS (http://secunia.com/advisories/31519/). Bump PKGREVISION.
Diffstat (limited to 'www/awstats')
| -rw-r--r-- | www/awstats/Makefile | 3 | ||||
| -rw-r--r-- | www/awstats/distinfo | 3 | ||||
| -rw-r--r-- | www/awstats/patches/patch-ac | 27 |
3 files changed, 31 insertions, 2 deletions
diff --git a/www/awstats/Makefile b/www/awstats/Makefile index 47fe4ada251..90dd069f0e4 100644 --- a/www/awstats/Makefile +++ b/www/awstats/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.37 2008/06/20 01:09:40 joerg Exp $ +# $NetBSD: Makefile,v 1.38 2008/08/20 21:20:33 minskim Exp $ DISTNAME= awstats-6.7 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=awstats/} diff --git a/www/awstats/distinfo b/www/awstats/distinfo index af48d10fbbc..759df20b5eb 100644 --- a/www/awstats/distinfo +++ b/www/awstats/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.20 2008/04/07 07:21:00 adam Exp $ +$NetBSD: distinfo,v 1.21 2008/08/20 21:20:33 minskim Exp $ SHA1 (awstats-6.7.tar.gz) = 7dab4208441bce494bf1b3937242794a2328ace1 RMD160 (awstats-6.7.tar.gz) = 5a84327871b65cad5cb6dbaded5c223660806953 Size (awstats-6.7.tar.gz) = 1089638 bytes SHA1 (patch-aa) = 78b3a3100d687f07e0bed7b677abc52b767b8598 SHA1 (patch-ab) = df8961949160d172ab40569a414b52eb4a8b1f06 +SHA1 (patch-ac) = 2c4f26e5cdd3550f20450c3484bc1d91000bdd63 diff --git a/www/awstats/patches/patch-ac b/www/awstats/patches/patch-ac new file mode 100644 index 00000000000..f9567e28f95 --- /dev/null +++ b/www/awstats/patches/patch-ac @@ -0,0 +1,27 @@ +$NetBSD: patch-ac,v 1.1 2008/08/20 21:20:33 minskim Exp $ + +XSS (http://secunia.com/advisories/31519/) fix. Not needed in 6.9. + +--- wwwroot/cgi-bin/awstats.pl.orig 2008-08-20 14:17:04.000000000 -0700 ++++ wwwroot/cgi-bin/awstats.pl +@@ -4380,6 +4380,7 @@ sub EncodeString { + sub DecodeEncodedString { + my $stringtodecode=shift; + $stringtodecode =~ tr/\+/ /s; ++ $stringtodecode =~ s/%22//g; + $stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg; + return $stringtodecode; + } +@@ -4432,9 +4433,12 @@ sub Sanitize { + #------------------------------------------------------------------------------ + sub CleanXSS { + my $stringtoclean=shift; ++ # To avoid html tags and javascript + $stringtoclean =~ s/</</g; + $stringtoclean =~ s/>/>/g; + $stringtoclean =~ s/|//g; ++ # To avoid onload=" ++ $stringtoclean =~ s/onload//g; + return $stringtoclean; + } + |