ports/76983: Fix security vulnerabilities in awstats < 6.3

Tue Feb 1 23:00:46 UTC 2005

>Number:         76983
>Category:       ports
>Synopsis:       Fix security vulnerabilities in awstats < 6.3
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 01 23:00:42 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jacques Marneweck
>Release:        FreeBSD 5.*snip* i386
>Organization:
Powertrip Networks
>Environment:
System: FreeBSD maquis.powertrip.co.za 5.*snip* FreeBSD 5.*snip* i386


	
>Description:
Versions of awstats prior to 6.3 contain various security vulnerabilities,
and is listed in the VuXML and needs to be upgraded to 6.3 to close the
three holes that have been reported.

Apparently people can run shell commands in certain circumstances.
>How-To-Repeat:
	
>Fix:
Upgrade to awstats 6.3

--- awstats.6.3.patch begins here ---
diff -Nurd awstats.old/Makefile awstats/Makefile
--- awstats.old/Makefile	Tue Jan 18 14:38:13 2005
+++ awstats/Makefile	Wed Feb  2 00:42:32 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	awstats
-PORTVERSION=	6.2
+PORTVERSION=	6.3
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -15,8 +15,6 @@
 MAINTAINER=	webmaster at lightningfire.net
 COMMENT=	Free real-time logfile analyzer to get advanced web statistics
 
-FORBIDDEN=	http://vuxml.FreeBSD.org/0f5a2b4d-694b-11d9-a9e7-0001020eed82.html
-
 RUN_DEPENDS=	${SITE_PERL}/Net/XWhois.pm:${PORTSDIR}/net/p5-Net-XWhois
 
 NO_BUILD=	yes
@@ -51,7 +49,7 @@
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/logresolvemerge.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/maillogconvert.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/urlaliasbuilder.pl ${PREFIX}/www/awstats/tools
-	${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.4.wbm ${PREFIX}/www/awstats/tools/webmin
+	${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.5.wbm ${PREFIX}/www/awstats/tools/webmin
 	${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awredir.pl ${PREFIX}/www/awstats/cgi-bin
 	${INSTALL_DATA} ${WRKSRC}/wwwroot/cgi-bin/awstats.model.conf ${PREFIX}/www/awstats/cgi-bin
 	${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awstats.pl ${PREFIX}/www/awstats/cgi-bin
diff -Nurd awstats.old/distinfo awstats/distinfo
--- awstats.old/distinfo	Fri Dec 31 13:35:09 2004
+++ awstats/distinfo	Tue Feb  1 19:35:08 2005
@@ -1,2 +1,2 @@
-MD5 (awstats-6.2.tgz) = ee3096899d40e23ecdc897d752b79ac8
-SIZE (awstats-6.2.tgz) = 860606
+MD5 (awstats-6.3.tgz) = edb73007530a5800d53b9f1f90c88053
+SIZE (awstats-6.3.tgz) = 938794
diff -Nurd awstats.old/pkg-plist awstats/pkg-plist
--- awstats.old/pkg-plist	Fri Dec 31 13:35:09 2004
+++ awstats/pkg-plist	Wed Feb  2 00:44:16 2005
@@ -32,7 +32,6 @@
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.jpg
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.png
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_2.png
-%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_3.gif
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_3.png
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_4.png
 %%PORTDOCS%%%%DOCSDIR%%/images/star.png
@@ -575,7 +574,7 @@
 www/awstats/tools/logresolvemerge.pl
 www/awstats/tools/maillogconvert.pl
 www/awstats/tools/urlaliasbuilder.pl
-www/awstats/tools/webmin/awstats-1.4.wbm
+www/awstats/tools/webmin/awstats-1.5.wbm
 @dirrm www/awstats/tools/webmin
 @dirrm www/awstats/tools
 @dirrm www/awstats/js
--- awstats.6.3.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

