rpms/awstats/EL-5 awstats-6.7-CVE-2008-3714.patch, 1.1, 1.2 awstats.spec, 1.23, 1.24
Tim Jackson
timj at fedoraproject.org
Sun Dec 7 18:40:46 UTC 2008
- Previous message (by thread): rpms/duplicity/F-8 .cvsignore, 1.8, 1.9 duplicity.spec, 1.20, 1.21 sources, 1.8, 1.9 duplicity-0.4.12-scp_username.patch, 1.1, NONE
- Next message (by thread): rpms/qdevelop/devel qdevelop.spec,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: timj
Update of /cvs/extras/rpms/awstats/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22932
Modified Files:
awstats-6.7-CVE-2008-3714.patch awstats.spec
Log Message:
Use Debian's patch for CVE-2008-3714 (#474396
Sync spec with devel branch a bit
awstats-6.7-CVE-2008-3714.patch:
Index: awstats-6.7-CVE-2008-3714.patch
===================================================================
RCS file: /cvs/extras/rpms/awstats/EL-5/awstats-6.7-CVE-2008-3714.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- awstats-6.7-CVE-2008-3714.patch 23 Aug 2008 09:03:41 -0000 1.1
+++ awstats-6.7-CVE-2008-3714.patch 7 Dec 2008 18:40:14 -0000 1.2
@@ -1,27 +1,12 @@
-Adapted from:
-http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912
-
diff -ur awstats-6.7/wwwroot/cgi-bin/awstats.pl awstats-6.7-CVE-2008-3714/wwwroot/cgi-bin/awstats.pl
--- awstats-6.7/wwwroot/cgi-bin/awstats.pl 2007-07-07 12:00:06.000000000 +0100
-+++ awstats-6.7-CVE-2008-3714/wwwroot/cgi-bin/awstats.pl 2008-08-23 09:21:31.000000000 +0100
-@@ -4380,6 +4380,7 @@
- sub DecodeEncodedString {
++++ awstats-6.7-CVE-2008-3714/wwwroot/cgi-bin/awstats.pl 2008-12-06 15:01:44.000000000 +0000
+@@ -4381,6 +4381,7 @@
my $stringtodecode=shift;
$stringtodecode =~ tr/\+/ /s;
-+ $stringtodecode =~ s/%22//g;
$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
++ $stringtodecode =~ s/["']//g;
return $stringtodecode;
}
-@@ -4432,9 +4433,12 @@
- #------------------------------------------------------------------------------
- sub CleanXSS {
- my $stringtoclean=shift;
-+ # To avoid html tags and javascript
- $stringtoclean =~ s/</</g;
- $stringtoclean =~ s/>/>/g;
- $stringtoclean =~ s/|//g;
-+ # To avoid onload="
-+ $stringtoclean =~ s/onload//g;
- return $stringtoclean;
- }
+Only in awstats-6.7-CVE-2008-3714/wwwroot/cgi-bin: awstats.pl.orig
Index: awstats.spec
===================================================================
RCS file: /cvs/extras/rpms/awstats/EL-5/awstats.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- awstats.spec 24 Sep 2008 18:46:55 -0000 1.23
+++ awstats.spec 7 Dec 2008 18:40:14 -0000 1.24
@@ -9,7 +9,7 @@
Source1: awstats.README.SELinux
Source2: awstats.README.Fedora
-# Fix pb in xml output for history files
+# Fix XML output for history files
# http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.892&r2=1.894&view=patch
Patch0: awstats-6.7-xmlhistory.patch
@@ -59,8 +59,8 @@
# Fix some bad file permissions here for convenience.
chmod -x tools/httpd_conf
find tools/xslt -type f | xargs chmod -x
-# Remove \r in conf file (file written on MS Windows)
-perl -pi -e 's/\r//g' tools/httpd_conf tools/logresolvemerge.pl
+# Remove \r in various files
+perl -pi -e 's/\r//g' docs/COPYING.TXT docs/LICENSE.TXT docs/pad_awstats.xml docs/awstats_changelog.txt docs/styles.css tools/httpd_conf tools/logresolvemerge.pl tools/awstats_exportlib.pl tools/awstats_buildstaticpages.pl tools/maillogconvert.pl tools/urlaliasbuilder.pl wwwroot/cgi-bin/awredir.pl
# SELinux README
cp -a %{SOURCE1} README.SELinux
cp -a %{SOURCE2} README.Fedora
@@ -126,11 +126,6 @@
iconv -f iso-8859-1 -t utf-8 < docs/awstats_changelog.txt > docs/awstats_changelog.txt.utf8
mv docs/awstats_changelog.txt.utf8 docs/awstats_changelog.txt
-# Fix EOLs
-%{__sed} -i 's/\r//' docs/pad_awstats.xml
-%{__sed} -i 's/\r//' docs/styles.css
-%{__sed} -i 's/\r//' docs/awstats_changelog.txt
-
# Apache configuration
install -p -m 644 tools/httpd_conf $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/%{name}.conf
perl -pi -e 's|/usr/local|%{_datadir}|g;s|Allow from all|Allow from 127.0.0.1|g' \
@@ -220,7 +215,8 @@
%changelog
-* Wed Sep 24 2008 Tim Jackson <rpm at timj.co.uk> 6.7-4
+* Sat Dec 06 2008 Tim Jackson <rpm at timj.co.uk> 6.7-4
+- Use Debian's patch for CVE-2008-3714 (#474396)
- Add README.Fedora file pointing people towards the -selinux subpackage
* Sat Aug 23 2008 Tim Jackson <rpm at timj.co.uk> 6.7-3
- Previous message (by thread): rpms/duplicity/F-8 .cvsignore, 1.8, 1.9 duplicity.spec, 1.20, 1.21 sources, 1.8, 1.9 duplicity-0.4.12-scp_username.patch, 1.1, NONE
- Next message (by thread): rpms/qdevelop/devel qdevelop.spec,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list