[Pkg-awstats-commits] [SCM] awstats Debian packaging branch, master, updated. debian/6.9.5.dfsg-4-5-g1f56eef
Sergey B Kirpichev
skirpichev at gmail.com
Tue Dec 14 22:56:13 UTC 2010
The following commit has been merged in the master branch:
commit 1f56eefe28c8d25b51f070ba4d29db7203355af0
Author: Sergey B Kirpichev <skirpichev at gmail.com>
Date: Wed Dec 15 01:55:07 2010 +0300
Update patch 1002 to adopt CVE-2010-4368 fix in upstream
diff --git a/debian/patches/1002_disable_configdir.patch b/debian/patches/1002_disable_configdir.patch
index 0edd61f..71f0974 100644
--- a/debian/patches/1002_disable_configdir.patch
+++ b/debian/patches/1002_disable_configdir.patch
@@ -1,14 +1,30 @@
Description: Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to enable configdir.
-Author: Charles Fry <debian at frogcircus.org>
+Author: Charles Fry <debian at frogcircus.org>, vendor
+Origin: http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.961&r2=1.962
Bug-Debian: http://bugs.debian.org/365910
+Bug-Debian: http://bugs.debian.org/606263
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
-@@ -1719,17 +1719,13 @@
- my @PossibleConfigDir = ();
+@@ -1716,27 +1716,28 @@
+ # Other possible directories : "/usr/local/etc/awstats", "/etc"
+ # FHS standard, Suse package : "/etc/opt/awstats"
+ my $configdir = shift;
+- my @PossibleConfigDir = ();
++ my @PossibleConfigDir = (
++ "$DIR",
++ "/etc/awstats",
++ "/usr/local/etc/awstats", "/etc",
++ "/etc/opt/awstats"
++ );
if ($configdir) {
--
++ # Check if configdir is outside default values.
++ my $outsidedefaultvalue=1;
++ foreach (@PossibleConfigDir) {
++ if ($_ eq $configdir) { $outsidedefaultvalue=0; last; }
++ }
+
-# If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
-#if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
-#{
@@ -17,15 +33,22 @@ Bug-Debian: http://bugs.debian.org/365910
-#else
-#{
- @PossibleConfigDir = ("$configdir");
--
-- #}
-+ # If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
-+ if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) {
-+ error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1");
-+ }
-+ else {
-+ @PossibleConfigDir = ("$configdir");
++ # If from CGI, overwriting of configdir with a value that differs from a default value
++ # is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
++ if ($ENV{'GATEWAY_INTERFACE'} && $outsidedefaultvalue && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
++ {
++ error("Sorry, to allow overwriting of configdir parameter, from an AWStats CGI page, with a non default value, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1. For example, by adding the line 'SetEnv AWSTATS_ENABLE_CONFIG_DIR 1' in your Apache config file or into a .htaccess file.");
+ }
+
+- #}
+- }
+- else {
+- @PossibleConfigDir = (
+- "$DIR", "/etc/awstats",
+- "/usr/local/etc/awstats", "/etc",
+- "/etc/opt/awstats"
+- );
++ @PossibleConfigDir = ("$configdir");
}
- else {
- @PossibleConfigDir = (
+
+ # Open config file
--
awstats Debian packaging
More information about the Pkg-awstats-commits
mailing list