From 30ae8921c8aed4e5aaac2d16e42c364f00c10cfa Mon Sep 17 00:00:00 2001 From: minskim Date: Sun, 14 Aug 2005 15:33:44 +0000 Subject: Update awstats to 6.4. Changes: - Add option ShowSummary. - If Geoip plugin is enabled, add a column in Host report. - Other minor changes on geoip and hostinfo plugins to enhance look. - If LogFormat is 2, AWStats autodetect log format change. - Add a way to set ArchiveLogRecords with same tags than LogFile to add suffix to archived log files. - Fix security hole that allowed a user to read log file content even when plugin rawlog was not enabled. - Fix a possible use of AWStats for a DoS attack. - Fix errors for setup to analyze media servers. - If there is no referer field in the log format, do not use them in the errors reports. - Label of real player ("media player", not "audio player") - configdir option was broken on windows servers (Pb on Sanitize function on windows local use). - Minor fixes. - Fix: [ 1094056 ] Bad html-output for maillogs - Fix: [ 1094060 ] More bad html/xml output - Fix: [ 1100550 ] Missing flag icon for euskera - Fix: [ 1111817 ] AllowToUpdateStatsFromBrowser defaults to 1 contrary to docs --- www/awstats/Makefile | 5 +- www/awstats/distinfo | 10 ++- www/awstats/patches/patch-aa | 161 ------------------------------------------- www/awstats/patches/patch-ab | 16 ----- 4 files changed, 6 insertions(+), 186 deletions(-) delete mode 100644 www/awstats/patches/patch-aa delete mode 100644 www/awstats/patches/patch-ab (limited to 'www/awstats') diff --git a/www/awstats/Makefile b/www/awstats/Makefile index f97904cc63f..ff768f54476 100644 --- a/www/awstats/Makefile +++ b/www/awstats/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.17 2005/07/16 01:19:25 jlam Exp $ +# $NetBSD: Makefile,v 1.18 2005/08/14 15:33:44 minskim Exp $ # -DISTNAME= awstats-6.3 -PKGREVISION= 4 +DISTNAME= awstats-6.4 CATEGORIES= www MASTER_SITES= http://awstats.sourceforge.net/files/ EXTRACT_SUFX= .tgz diff --git a/www/awstats/distinfo b/www/awstats/distinfo index c3afe93127a..75561e99c39 100644 --- a/www/awstats/distinfo +++ b/www/awstats/distinfo @@ -1,7 +1,5 @@ -$NetBSD: distinfo,v 1.10 2005/02/24 14:08:29 wiz Exp $ +$NetBSD: distinfo,v 1.11 2005/08/14 15:33:44 minskim Exp $ -SHA1 (awstats-6.3nb4/awstats-6.3.tgz) = 3ca8d0b3e008beaa544b4bc344fec7cab2554da4 -RMD160 (awstats-6.3nb4/awstats-6.3.tgz) = ded6feb778d2f4771c2b72adf49d54dd583d835e -Size (awstats-6.3nb4/awstats-6.3.tgz) = 938794 bytes -SHA1 (patch-aa) = ecc293ac7e6a04da2b684cea01ba278d899a90bf -SHA1 (patch-ab) = 715dcd2689f129aa71872a73a9abe15c3894d5a1 +SHA1 (awstats-6.4/awstats-6.4.tgz) = e58671499006881516406e9fa704b0ef34b94971 +RMD160 (awstats-6.4/awstats-6.4.tgz) = 318b34afcb7f7e8a4d26d46344e37bcbe3a8460a +Size (awstats-6.4/awstats-6.4.tgz) = 918435 bytes diff --git a/www/awstats/patches/patch-aa b/www/awstats/patches/patch-aa deleted file mode 100644 index 4c5ad02225c..00000000000 --- a/www/awstats/patches/patch-aa +++ /dev/null @@ -1,161 +0,0 @@ -$NetBSD: patch-aa,v 1.1 2005/02/15 15:55:25 minskim Exp $ - ---- wwwroot/cgi-bin/awstats.pl.orig 2005-01-22 10:34:38.000000000 -0600 -+++ wwwroot/cgi-bin/awstats.pl -@@ -132,7 +132,7 @@ $BuildReportFormat='html'; - $BuildHistoryFormat='text'; - $ExtraTrackedRowsLimit=500; - use vars qw/ --$EnableLockForUpdate $DNSLookup $AllowAccessFromWebToAuthenticatedUsersOnly -+$DebugMessages $EnableLockForUpdate $DNSLookup $AllowAccessFromWebToAuthenticatedUsersOnly - $BarHeight $BarWidth $CreateDirDataIfNotExists $KeepBackupOfHistoricFiles - $NbOfLinesParsed $NbOfLinesDropped $NbOfLinesCorrupted $NbOfOldLines $NbOfNewLines - $NbOfLinesShowsteps $NewLinePhase $NbOfLinesForCorruptedLog $PurgeLogFile $ArchiveLogRecords -@@ -144,7 +144,7 @@ $AuthenticatedUsersNotCaseSensitive - $Expires $UpdateStats $MigrateStats $URLNotCaseSensitive $URLWithQuery $URLReferrerWithQuery - $DecodeUA - /; --($EnableLockForUpdate, $DNSLookup, $AllowAccessFromWebToAuthenticatedUsersOnly, -+($DebugMessages, $EnableLockForUpdate, $DNSLookup, $AllowAccessFromWebToAuthenticatedUsersOnly, - $BarHeight, $BarWidth, $CreateDirDataIfNotExists, $KeepBackupOfHistoricFiles, - $NbOfLinesParsed, $NbOfLinesDropped, $NbOfLinesCorrupted, $NbOfOldLines, $NbOfNewLines, - $NbOfLinesShowsteps, $NewLinePhase, $NbOfLinesForCorruptedLog, $PurgeLogFile, $ArchiveLogRecords, -@@ -155,11 +155,11 @@ $IncludeInternalLinksInOriginSection, - $AuthenticatedUsersNotCaseSensitive, - $Expires, $UpdateStats, $MigrateStats, $URLNotCaseSensitive, $URLWithQuery, $URLReferrerWithQuery, - $DecodeUA)= --(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); -+(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); - use vars qw/ - $AllowToUpdateStatsFromBrowser $DetailedReportsOnNewWindows - $FirstDayOfWeek $KeyWordsNotSensitive $SaveDatabaseFilesWithPermissionsForEveryone --$WarningMessages $DebugMessages $ShowLinksOnUrl $UseFramesWhenCGI -+$WarningMessages $ShowLinksOnUrl $UseFramesWhenCGI - $ShowMenu $ShowMonthStats $ShowDaysOfMonthStats $ShowDaysOfWeekStats - $ShowHoursStats $ShowDomainsStats $ShowHostsStats - $ShowRobotsStats $ShowSessionsStats $ShowPagesStats $ShowFileTypesStats -@@ -169,7 +169,7 @@ $AddDataArrayMonthStats $AddDataArraySho - /; - ($AllowToUpdateStatsFromBrowser, $DetailedReportsOnNewWindows, - $FirstDayOfWeek, $KeyWordsNotSensitive, $SaveDatabaseFilesWithPermissionsForEveryone, --$WarningMessages, $DebugMessages, $ShowLinksOnUrl, $UseFramesWhenCGI, -+$WarningMessages, $ShowLinksOnUrl, $UseFramesWhenCGI, - $ShowMenu, $ShowMonthStats, $ShowDaysOfMonthStats, $ShowDaysOfWeekStats, - $ShowHoursStats, $ShowDomainsStats, $ShowHostsStats, - $ShowRobotsStats, $ShowSessionsStats, $ShowPagesStats, $ShowFileTypesStats, -@@ -177,7 +177,7 @@ $ShowOSStats, $ShowBrowsersStats, $ShowO - $ShowKeyphrasesStats, $ShowKeywordsStats, $ShowMiscStats, $ShowHTTPErrorsStats, - $AddDataArrayMonthStats, $AddDataArrayShowDaysOfMonthStats, $AddDataArrayShowDaysOfWeekStats, $AddDataArrayShowHoursStats - )= --(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1); -+(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1); - use vars qw/ - $AllowFullYearView - $LevelForRobotsDetection $LevelForWormsDetection $LevelForBrowsersDetection $LevelForOSDetection $LevelForRefererAnalyze -@@ -1577,7 +1577,7 @@ sub Check_Config { - if ($URLWithQuery !~ /[0-1]/) { $URLWithQuery=0; } - if ($URLReferrerWithQuery !~ /[0-1]/) { $URLReferrerWithQuery=0; } - if ($WarningMessages !~ /[0-1]/) { $WarningMessages=1; } -- if ($DebugMessages !~ /[0-1]/) { $DebugMessages=1; } -+ if ($DebugMessages !~ /[0-1]/) { $DebugMessages=0; } - if ($NbOfLinesForCorruptedLog !~ /^\d+/ || $NbOfLinesForCorruptedLog<1) { $NbOfLinesForCorruptedLog=50; } - if ($Expires !~ /^\d+/) { $Expires=0; } - if ($DecodeUA !~ /[0-1]/) { $DecodeUA=0; } -@@ -1824,7 +1824,8 @@ sub Read_Plugins { - my @PossiblePluginsDir=("$DIR/plugins","/usr/local/awstats/wwwroot/cgi-bin/plugins","/usr/share/awstats/plugins"); - my %DirAddedInINC=(); - -- foreach my $key (keys %NoLoadPlugin) { if ($NoLoadPlugin{$key} < 0) { push @PluginsToLoad, $key; } } -+ #Removed for security reason -+ #foreach my $key (keys %NoLoadPlugin) { if ($NoLoadPlugin{$key} < 0) { push @PluginsToLoad, $key; } } - if ($Debug) { debug("Call to Read_Plugins with list: ".join(',',@PluginsToLoad)); } - foreach my $plugininfo (@PluginsToLoad) { - my ($pluginfile,$pluginparam)=split(/\s+/,$plugininfo,2); -@@ -4288,7 +4289,12 @@ sub UnCompileRegex { - #------------------------------------------------------------------------------ - sub Sanitize { - my $stringtoclean=shift; -- $stringtoclean =~ s/[^\w_\-\\\/\.\s]//g; -+ my $full=shift||0; -+ if ($full) { -+ $stringtoclean =~ s/[^\w]//g; -+ } else { -+ $stringtoclean =~ s/[^\w_\-\\\/\.\s]//g; -+ } - return $stringtoclean; - } - -@@ -5353,6 +5359,7 @@ $QueryString=''; - # be set to force AWStats to be ran as CLI even from a web page. - if ($ENV{'AWSTATS_DEL_GATEWAY_INTERFACE'}) { $ENV{'GATEWAY_INTERFACE'}=''; } - if ($ENV{'GATEWAY_INTERFACE'}) { # Run from a browser as CGI -+ $DebugMessages=0; - # Prepare QueryString - if ($ENV{'CONTENT_LENGTH'}) { - binmode STDIN; -@@ -5370,7 +5377,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f - - if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } - if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } -- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1")); } -+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } - if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } - # All filters - if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter -@@ -5393,6 +5400,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f - } - } - else { # Run from command line -+ $DebugMessages=1; - # Prepare QueryString - for (0..@ARGV-1) { - # If migrate -@@ -5418,7 +5426,7 @@ else { # Run from command line - - if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; } - if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } -- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1"); } -+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } - if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } - # All filters - if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter -@@ -5440,6 +5448,7 @@ else { # Run from command line - if ($QueryString =~ /showcorrupted/i) { $ShowCorrupted=1; $QueryString=~s/showcorrupted[^&]*//i; } - if ($QueryString =~ /showdropped/i) { $ShowDropped=1; $QueryString=~s/showdropped[^&]*//i; } - if ($QueryString =~ /showunknownorigin/i) { $ShowUnknownOrigin=1; $QueryString=~s/showunknownorigin[^&]*//i; } -+ - } - if ($QueryString =~ /(^|&)staticlinks/i) { $StaticLinks=".$SiteConfig"; } - if ($QueryString =~ /(^|&)staticlinks=([^&]+)/i) { $StaticLinks=".$2"; } # When ran from awstatsbuildstaticpages.pl -@@ -5447,8 +5456,9 @@ if ($QueryString =~ /(^|&)staticlinksext - if ($QueryString =~ /(^|&)framename=([^&]+)/i) { $FrameName="$2"; } - if ($QueryString =~ /(^|&)debug=(\d+)/i) { $Debug=$2; } - if ($QueryString =~ /(^|&)updatefor=(\d+)/i) { $UpdateFor=$2; } --if ($QueryString =~ /(^|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_")}=1; } } --if ($QueryString =~ /(^|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_")}=-1; } } -+if ($QueryString =~ /(^|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=1; } } -+#Removed for security reasons -+#if ($QueryString =~ /(^|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=-1; } } - if ($QueryString =~ /(^|&)limitflush=(\d+)/i) { $LIMITFLUSH=$2; } - # Get/Define output - if ($QueryString =~ /(^|&)output(=[^&]*|)(.*)&output(=[^&]*|)(&|$)/i) { error("Only 1 output option is allowed","","",1); } -@@ -5488,7 +5498,7 @@ else { $DayRequired=''; } - # Print AWStats and Perl version - if ($Debug) { - debug(ucfirst($PROG)." - $VERSION - Perl $^X $]",1); -- debug("DIR=$DIR PROG=$PROG",2); -+ debug("DIR=$DIR PROG=$PROG Extension=$Extension",2); - debug("QUERY_STRING=$QueryString",2); - debug("HTMLOutput=".join(',',keys %HTMLOutput),1); - debug("YearRequired=$YearRequired, MonthRequired=$MonthRequired",2); -@@ -5634,6 +5644,10 @@ if (! $Lang || $Lang eq 'auto') { - &Check_Config(); - # Now SiteDomain is defined - -+if ($Debug && ! $DebugMessages) { -+ error("Debug has not been allowed. Change DebugMessages parameter in config file to allow debug."); -+} -+ - # Define frame name and correct variable for frames - if (! $FrameName) { - if ($ENV{'GATEWAY_INTERFACE'} && $UseFramesWhenCGI && $HTMLOutput{'main'} && ! $PluginMode) { $FrameName='index'; } diff --git a/www/awstats/patches/patch-ab b/www/awstats/patches/patch-ab deleted file mode 100644 index 3149c4a7de8..00000000000 --- a/www/awstats/patches/patch-ab +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ab,v 1.1 2005/02/15 15:55:25 minskim Exp $ - ---- wwwroot/cgi-bin/awstats.model.conf.orig 2005-01-22 09:26:06.000000000 -0600 -+++ wwwroot/cgi-bin/awstats.model.conf -@@ -701,9 +701,9 @@ ErrorMessages="" - # security reasons) to disable debugging, set this parameter to 0. - # Change : Effective immediatly - # Possible values: 0 or 1 --# Default: 1 -+# Default: 0 - # --DebugMessages=1 -+DebugMessages=0 - - - # To help you to detect if your log format is good, AWStats report an error -- cgit v1.2.3