ports/76983: Fix security vulnerabilities in awstats < 6.3
Jacques Marneweck
jacques at powertrip.co.za
Tue Feb 1 23:00:46 UTC 2005
>Number: 76983
>Category: ports
>Synopsis: Fix security vulnerabilities in awstats < 6.3
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 01 23:00:42 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Jacques Marneweck
>Release: FreeBSD 5.*snip* i386
>Organization:
Powertrip Networks
>Environment:
System: FreeBSD maquis.powertrip.co.za 5.*snip* FreeBSD 5.*snip* i386
>Description:
Versions of awstats prior to 6.3 contain various security vulnerabilities,
and is listed in the VuXML and needs to be upgraded to 6.3 to close the
three holes that have been reported.
Apparently people can run shell commands in certain circumstances.
>How-To-Repeat:
>Fix:
Upgrade to awstats 6.3
--- awstats.6.3.patch begins here ---
diff -Nurd awstats.old/Makefile awstats/Makefile
--- awstats.old/Makefile Tue Jan 18 14:38:13 2005
+++ awstats/Makefile Wed Feb 2 00:42:32 2005
@@ -6,7 +6,7 @@
#
PORTNAME= awstats
-PORTVERSION= 6.2
+PORTVERSION= 6.3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -15,8 +15,6 @@
MAINTAINER= webmaster at lightningfire.net
COMMENT= Free real-time logfile analyzer to get advanced web statistics
-FORBIDDEN= http://vuxml.FreeBSD.org/0f5a2b4d-694b-11d9-a9e7-0001020eed82.html
-
RUN_DEPENDS= ${SITE_PERL}/Net/XWhois.pm:${PORTSDIR}/net/p5-Net-XWhois
NO_BUILD= yes
@@ -51,7 +49,7 @@
${INSTALL_SCRIPT} ${WRKSRC}/tools/logresolvemerge.pl ${PREFIX}/www/awstats/tools
${INSTALL_SCRIPT} ${WRKSRC}/tools/maillogconvert.pl ${PREFIX}/www/awstats/tools
${INSTALL_SCRIPT} ${WRKSRC}/tools/urlaliasbuilder.pl ${PREFIX}/www/awstats/tools
- ${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.4.wbm ${PREFIX}/www/awstats/tools/webmin
+ ${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.5.wbm ${PREFIX}/www/awstats/tools/webmin
${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awredir.pl ${PREFIX}/www/awstats/cgi-bin
${INSTALL_DATA} ${WRKSRC}/wwwroot/cgi-bin/awstats.model.conf ${PREFIX}/www/awstats/cgi-bin
${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awstats.pl ${PREFIX}/www/awstats/cgi-bin
diff -Nurd awstats.old/distinfo awstats/distinfo
--- awstats.old/distinfo Fri Dec 31 13:35:09 2004
+++ awstats/distinfo Tue Feb 1 19:35:08 2005
@@ -1,2 +1,2 @@
-MD5 (awstats-6.2.tgz) = ee3096899d40e23ecdc897d752b79ac8
-SIZE (awstats-6.2.tgz) = 860606
+MD5 (awstats-6.3.tgz) = edb73007530a5800d53b9f1f90c88053
+SIZE (awstats-6.3.tgz) = 938794
diff -Nurd awstats.old/pkg-plist awstats/pkg-plist
--- awstats.old/pkg-plist Fri Dec 31 13:35:09 2004
+++ awstats/pkg-plist Wed Feb 2 00:44:16 2005
@@ -32,7 +32,6 @@
%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.png
%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_2.png
-%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_3.gif
%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_3.png
%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_4.png
%%PORTDOCS%%%%DOCSDIR%%/images/star.png
@@ -575,7 +574,7 @@
www/awstats/tools/logresolvemerge.pl
www/awstats/tools/maillogconvert.pl
www/awstats/tools/urlaliasbuilder.pl
-www/awstats/tools/webmin/awstats-1.4.wbm
+www/awstats/tools/webmin/awstats-1.5.wbm
@dirrm www/awstats/tools/webmin
@dirrm www/awstats/tools
@dirrm www/awstats/js
--- awstats.6.3.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list