[Pkg-awstats-commits] [SCM] awstats Debian packaging branch, master, updated. debian/6.9.5.dfsg-4-5-g1f56eef

Tue Dec 14 22:56:13 UTC 2010

The following commit has been merged in the master branch:
commit 1f56eefe28c8d25b51f070ba4d29db7203355af0
Author: Sergey B Kirpichev <skirpichev at gmail.com>
Date:   Wed Dec 15 01:55:07 2010 +0300

    Update patch 1002 to adopt CVE-2010-4368 fix in upstream

diff --git a/debian/patches/1002_disable_configdir.patch b/debian/patches/1002_disable_configdir.patch
index 0edd61f..71f0974 100644
--- a/debian/patches/1002_disable_configdir.patch
+++ b/debian/patches/1002_disable_configdir.patch
@@ -1,14 +1,30 @@
 Description: Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to enable configdir.
-Author: Charles Fry <debian at frogcircus.org>
+Author: Charles Fry <debian at frogcircus.org>, vendor
+Origin: http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.961&r2=1.962
 Bug-Debian: http://bugs.debian.org/365910
+Bug-Debian: http://bugs.debian.org/606263
 
 --- a/wwwroot/cgi-bin/awstats.pl
 +++ b/wwwroot/cgi-bin/awstats.pl
-@@ -1719,17 +1719,13 @@
- 	my @PossibleConfigDir = ();
+@@ -1716,27 +1716,28 @@
+ 	# Other possible directories :				"/usr/local/etc/awstats", "/etc"
+ 	# FHS standard, Suse package : 				"/etc/opt/awstats"
+ 	my $configdir         = shift;
+-	my @PossibleConfigDir = ();
++	my @PossibleConfigDir = (
++			"$DIR",
++			"/etc/awstats",
++			"/usr/local/etc/awstats", "/etc",
++			"/etc/opt/awstats"
++		);
  
  	if ($configdir) {
--
++		# Check if configdir is outside default values.
++		my $outsidedefaultvalue=1;
++		foreach (@PossibleConfigDir) {
++			if ($_ eq $configdir) { $outsidedefaultvalue=0; last; }
++		}
+ 
 -# If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
 -#if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
 -#{
@@ -17,15 +33,22 @@ Bug-Debian: http://bugs.debian.org/365910
 -#else
 -#{
 -		@PossibleConfigDir = ("$configdir");
--
--		#}
-+		# If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
-+		if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) {
-+			error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1");
-+		}
-+		else {
-+			@PossibleConfigDir = ("$configdir");
++		# If from CGI, overwriting of configdir with a value that differs from a default value
++		# is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
++		if ($ENV{'GATEWAY_INTERFACE'} && $outsidedefaultvalue && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
++		{
++			error("Sorry, to allow overwriting of configdir parameter, from an AWStats CGI page, with a non default value, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1. For example, by adding the line 'SetEnv AWSTATS_ENABLE_CONFIG_DIR 1' in your Apache config file or into a .htaccess file.");
 +		}
+ 
+-		#}
+-	}
+-	else {
+-		@PossibleConfigDir = (
+-			"$DIR",                   "/etc/awstats",
+-			"/usr/local/etc/awstats", "/etc",
+-			"/etc/opt/awstats"
+-		);
++		@PossibleConfigDir = ("$configdir");
  	}
- 	else {
- 		@PossibleConfigDir = (
+ 
+ 	# Open config file

-- 
awstats Debian packaging

