rpms/awstats/FC-5 .cvsignore, 1.5, 1.6 awstats.spec, 1.11, 1.12 sources, 1.8, 1.9

Aurelien Bompard (abompard) fedora-extras-commits at redhat.com
Sun May 7 08:17:09 UTC 2006


Author: abompard

Update of /cvs/extras/rpms/awstats/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6630/FC-5

Modified Files:
	.cvsignore awstats.spec sources 
Log Message:
version 6.6 (beta), fixes CVE-2005-2732 (bug 190921, 190922, and 190923)


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-5/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore	22 Aug 2005 10:18:17 -0000	1.5
+++ .cvsignore	7 May 2006 08:17:09 -0000	1.6
@@ -1 +1 @@
-awstats-6.5.tar.gz
+awstats-6.6.tar.gz


Index: awstats.spec
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-5/awstats.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- awstats.spec	9 Apr 2006 15:30:30 -0000	1.11
+++ awstats.spec	7 May 2006 08:17:09 -0000	1.12
@@ -1,19 +1,19 @@
 Name:       awstats
-Version:    6.5
-Release:    3%{?dist}
+Version:    6.6
+Release:    0.1.beta%{?dist}
 Summary:    Advanced Web Statistics
 License:    GPL
 Group:      Applications/Internet
 URL:        http://awstats.sourceforge.net
-Source0:    http://dl.sf.net/awstats/awstats-6.5.tar.gz
-#Source0:   http://awstats.sourceforge.net/files/awstats-6.5.tar.gz
+#Source0:    http://dl.sf.net/awstats/awstats-6.6.tar.gz
+Source0:    http://awstats.sourceforge.net/files/awstats-6.6.tar.gz
+Source1:    awstats.README.SELinux
 BuildArch:  noarch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires:   httpd
 Requires:   perl
-Requires(post): perl
-Requires(postun): /sbin/service
-Requires(pre):  policycoreutils
+Requires(post): perl, policycoreutils
+Requires(postun): /sbin/service, policycoreutils
 
 %description
 Advanced Web Statistics is a powerful and featureful tool that generates
@@ -31,18 +31,19 @@
 With the default configuration, the statistics are available:
 http://localhost/awstats/awstats.pl
 
+
 %prep
 %setup -q
-
 # Fix style sheets.
 perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
-
 # Fix some bad file permissions here for convenience.
 chmod -x tools/httpd_conf
 find tools/xslt -type f | xargs chmod -x
-
 # Remove \r in conf file (file written on MS Windows)
 perl -pi -e 's/\r//g' tools/httpd_conf
+# SELinux README
+cp -a %{SOURCE1} README.SELinux
+
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -80,7 +81,7 @@
 ### Commit permanent changes to default configuration
 install -p -m 644 wwwroot/cgi-bin/awstats.model.conf \
     $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.model.conf
-%{__perl} -pi -e '
+perl -pi -e '
                 s|^LogFile=.*$|LogFile="%{_localstatedir}/log/httpd/access_log"|;
                 s|^DirData=.*$|DirData="%{_localstatedir}/lib/awstats"|;
                 s|^DirCgi=.*$|DirCgi="/awstats"|;
@@ -91,16 +92,17 @@
                 s|^SaveDatabaseFilesWithPermissionsForEveryone=.*$|SaveDatabaseFilesWithPermissionsForEveryone=0|;
                 s|^SkipHosts=.*$|SkipHosts="127.0.0.1"|;
                 s|^Expires=.*$|Expires=3600|;
-        ' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.model.conf
+            ' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.model.conf
 install -p -m 644 $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/%{name}.{model,localhost.localdomain}.conf 
 
 # Fix scripts
-%{__perl} -pi -e 's|/usr/local/awstats|%{_datadir}/awstats|g' \
+perl -pi -e 's|/usr/local/awstats|%{_datadir}/awstats|g' \
              $RPM_BUILD_ROOT%{_datadir}/%{name}/tools/{*.pl,httpd_conf}
 
 # Apache configuration
 install -p -m 644 tools/httpd_conf $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
-%{__perl} -pi -e 's|/usr/local|%{_datadir}|g' $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
+perl -pi -e 's|/usr/local|%{_datadir}|g;s|Allow from all|Allow from 127.0.0.1|g' \
+             $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
 echo "# Additional Perl modules
 <IfModule mod_env.c>
     SetEnv PERL5LIB %{_datadir}/awstats/lib:%{_datadir}/awstats/plugins
@@ -114,13 +116,6 @@
 rm -rf $RPM_BUILD_ROOT
 
 
-%pre
-# Set SELinux types
-semanage fcontext -a -t httpd_sys_script_exec_t \
-    '/usr/share/awstats/wwwroot/cgi-bin(/.*)?' 2>/dev/null || :
-semanage fcontext -a -t httpd_sys_script_rw_t '/var/lib/awstats(/.*)?' 2>/dev/null || :
-
-
 %post
 if [ $1 -eq 1 ]; then
   if [ ! -f %{_sysconfdir}/%{name}/%{name}.`hostname`.conf ]; then
@@ -130,18 +125,29 @@
                       ' > %{_sysconfdir}/%{name}/%{name}.`hostname`.conf || :
   fi
 fi
+### SELinux support ###
+# Set SELinux file_context
+semanage fcontext -a -t httpd_sys_script_exec_t \
+    '%{_datadir}/awstats/wwwroot/cgi-bin(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t httpd_sys_script_rw_t '%{_localstatedir}/lib/awstats(/.*)?' 2>/dev/null || :
+# Actually change the context
+chcon -R -t httpd_sys_script_exec_t %{_datadir}/awstats/wwwroot/cgi-bin || :
+chcon -R -t httpd_sys_script_rw_t %{_localstatedir}/lib/awstats || :
 
 
 %postun
 if [ $1 -ne 0 ]; then
   /sbin/service httpd condrestart >/dev/null 2>&1
 fi
+# SELinux support
 if [ $1 -eq 0 ]; then
   semanage fcontext -d -t httpd_sys_script_exec_t \
-    '/usr/share/awstats/wwwroot/cgi-bin(/.*)?' 2>/dev/null || :
+    '%{_datadir}/awstats/wwwroot/cgi-bin(/.*)?' 2>/dev/null || :
+  semanage fcontext -d -t httpd_sys_script_rw_t '%{_localstatedir}/lib/awstats(/.*)?' 2>/dev/null || :
 fi
 
 
+
 %files
 %defattr(-,root,root,755)
 # Apache configuration file
@@ -155,7 +161,7 @@
 %{_datadir}/%{name}/wwwroot/cgi-bin
 # Different defattr to fix lots of files which should not be +x.
 %defattr(644,root,root,755)
-%doc README.TXT docs/*
+%doc README.TXT docs/* README.SELinux
 %{_datadir}/%{name}/lang
 %{_datadir}/%{name}/lib
 %{_datadir}/%{name}/plugins
@@ -164,9 +170,15 @@
 %{_datadir}/%{name}/wwwroot/icon
 %{_datadir}/%{name}/wwwroot/js
 
+
+
 %changelog
+* Sun May 07 2006 Aurelien Bompard <gauret[AT]free.fr> 6.6-0.1.beta
+- version 6.6 (beta), fixes CVE-2005-2732 (bug 190921, 190922, and 190923)
+
 * Sun Apr 09 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-3
 - SELinux support: use semanage to label the cgi and the database files
+- Only allow access from localhost by default (this app has a security history)
 
 * Thu Feb 23 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-2
 - rebuild for FC5


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-5/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sources	11 Jan 2006 15:07:29 -0000	1.8
+++ sources	7 May 2006 08:17:09 -0000	1.9
@@ -1 +1 @@
-aef00b2ff5c5413bd2a868299cabd69a  awstats-6.5.tar.gz
+c9b65c5a58011fdb4ec611feec17eee4  awstats-6.6.tar.gz




More information about the fedora-extras-commits mailing list