Revision bump for sec bug 81775.

(Portage version: 2.0.51.16)
author: Aaron Walker <ka0ttic@gentoo.org> 2005-02-12 21:55:46 +0000
committer: Aaron Walker <ka0ttic@gentoo.org> 2005-02-12 21:55:46 +0000
commit: 0c7c7a3bd991fa370483b11aa285ab593fa8c8b5 (patch)
tree: 8de61948f685e0646e83e6be85d6644302ff84c2 /net-www/awstats
parent: - ~x86 pic syscall macros (diff)
download: gentoo-2-0c7c7a3bd991fa370483b11aa285ab593fa8c8b5.tar.gz
gentoo-2-0c7c7a3bd991fa370483b11aa285ab593fa8c8b5.tar.bz2
gentoo-2-0c7c7a3bd991fa370483b11aa285ab593fa8c8b5.zip
5 files changed, 36 insertions, 15 deletions
diff --git a/net-www/awstats/ChangeLog b/net-www/awstats/ChangeLog
index 1e95211ff30c..1de564aae492 100644
--- a/net-www/awstats/ChangeLog
+++ b/net-www/awstats/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-www/awstats
 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/awstats/ChangeLog,v 1.11 2005/02/05 10:37:04 ka0ttic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/awstats/ChangeLog,v 1.12 2005/02/12 21:55:46 ka0ttic Exp $
+
+*awstats-6.3-r1 (12 Feb 2005)
+
+  12 Feb 2005; Aaron Walker <ka0ttic@gentoo.org>
+  +files/awstats-6.3-CAN-2005-0016.diff, +awstats-6.3-r1.ebuild,
+  -awstats-6.3.ebuild:
+  Revision bump for sec bug 81775.
 
   05 Feb 2005; Aaron Walker <ka0ttic@gentoo.org> -files/awstats-6.1-r1.diff,
   -awstats-6.1.ebuild, awstats-6.3.ebuild:
diff --git a/net-www/awstats/Manifest b/net-www/awstats/Manifest
index 7a87e03a54cd..b674a626fd1c 100644
--- a/net-www/awstats/Manifest
+++ b/net-www/awstats/Manifest
@@ -1,16 +1,7 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 ea45c38c832965ad856fa17a84f23b70 awstats-6.3.ebuild 3746
-MD5 025b64965bb3207a5bea607e7d1e2335 ChangeLog 1927
+MD5 c147f3a75a7ba65ac6b3b200c45ac776 awstats-6.3-r1.ebuild 3813
+MD5 4d6549ab83fca269b4014b3eb62400fc ChangeLog 2131
 MD5 6bc2db5b1e135821863e91fa8658ad48 metadata.xml 255
-MD5 6e7773a7ddac4fe0259957c488da02cd files/digest-awstats-6.3 60
+MD5 6e7773a7ddac4fe0259957c488da02cd files/digest-awstats-6.3-r1 60
+MD5 8f8b0ad336b5066db17452db770ed878 files/awstats-6.3-CAN-2005-0016.diff 1243
 MD5 7a52d3f65ff7220a519056716d460ecd files/awstats-6.3-gentoo.diff 1219
 MD5 102ec928bf01d326931ea260173c1dab files/postinst-en.txt 649
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFCBKJJEZCkKN40op4RAmraAJ9MZgIglahAAsyukfXLXEZz6utFMwCguylR
-0b8B8kFgj32OoXgM+oHQioY=
-=1KHo
------END PGP SIGNATURE-----
diff --git a/net-www/awstats/awstats-6.3.ebuild b/net-www/awstats/awstats-6.3-r1.ebuild
index 115bc4a3bfb2..f081ed08c2a7 100644
--- a/net-www/awstats/awstats-6.3.ebuild
+++ b/net-www/awstats/awstats-6.3-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/awstats/awstats-6.3.ebuild,v 1.4 2005/02/05 10:37:04 ka0ttic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/awstats/awstats-6.3-r1.ebuild,v 1.1 2005/02/12 21:55:46 ka0ttic Exp $
 
 inherit eutils webapp
 
@@ -23,6 +23,9 @@ src_unpack() {
 	cd ${S}
 	epatch ${FILESDIR}/${P}-gentoo.diff
 
+	# security bug 81775
+	epatch ${FILESDIR}/${P}-CAN-2005-0016.diff
+
 	# change AWStats default installation directory to installation directory of Gentoo
 	for file in tools/* wwwroot/cgi-bin/*; do
 	    if [[ -f "$file" ]]; then
diff --git a/net-www/awstats/files/awstats-6.3-CAN-2005-0016.diff b/net-www/awstats/files/awstats-6.3-CAN-2005-0016.diff
new file mode 100644
index 000000000000..9d00f6beb342
--- /dev/null
+++ b/net-www/awstats/files/awstats-6.3-CAN-2005-0016.diff
@@ -0,0 +1,20 @@
+--- awstats-6.3.orig/wwwroot/cgi-bin/awstats.pl	2005-01-22 11:34:38.000000000 -0500
++++ awstats-6.3/wwwroot/cgi-bin/awstats.pl	2005-02-12 16:48:13.446660569 -0500
+@@ -5368,7 +5368,7 @@
+ 	# No update but report by default when run from a browser
+ 	$UpdateStats=($QueryString=~/update=1/i?1:0);
+ 
+-	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&DecodeEncodedString("$1"); }
++	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
+ 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }
+ 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1")); }
+ 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
+@@ -5416,7 +5416,7 @@
+ 	# Update with no report by default when run from command line
+ 	$UpdateStats=1;
+ 
+-	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig="$1"; }
++	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize("$1"); }
+ 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }
+ 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1"); }
+ 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }
diff --git a/net-www/awstats/files/digest-awstats-6.3 b/net-www/awstats/files/digest-awstats-6.3-r1
index bf5ecfb2f5f1..bf5ecfb2f5f1 100644
--- a/net-www/awstats/files/digest-awstats-6.3
+++ b/net-www/awstats/files/digest-awstats-6.3-r1
author	Aaron Walker <ka0ttic@gentoo.org>	2005-02-12 21:55:46 +0000
committer	Aaron Walker <ka0ttic@gentoo.org>	2005-02-12 21:55:46 +0000
commit	0c7c7a3bd991fa370483b11aa285ab593fa8c8b5 (patch)
tree	8de61948f685e0646e83e6be85d6644302ff84c2 /net-www/awstats
parent	- ~x86 pic syscall macros (diff)
download	gentoo-2-0c7c7a3bd991fa370483b11aa285ab593fa8c8b5.tar.gz gentoo-2-0c7c7a3bd991fa370483b11aa285ab593fa8c8b5.tar.bz2 gentoo-2-0c7c7a3bd991fa370483b11aa285ab593fa8c8b5.zip