Update released by AWStats fixing current command injection vulnerability. http://awstats.sourceforge.net/awstats_security_news.php Fix: Update Port. Thanks.
State Changed From-To: open->feedback Awaiting maintainers feedback
>Submitter-Id: current-users >Originator: Takefu Kenji >Organization: >Confidential: no >Synopsis: [PATCH] www/awstats: update to 6.6 >Severity: non-critical >Priority: low >Category: ports >Class: update >Release: FreeBSD 6.1-RELEASE i386 >Environment: System: FreeBSD portstest 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu May 11 10:13:37 JST 2006 >Description: - Update to 6.6 Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- awstats-6.6.patch begins here --- diff -ruN --exclude=CVS /usr/ports/www/awstats/Makefile /usr/ports/www/awstats66/Makefile --- /usr/ports/www/awstats/Makefile Wed May 10 09:37:38 2006 +++ /usr/ports/www/awstats66/Makefile Fri May 19 16:59:16 2006 @@ -6,16 +6,17 @@ # PORTNAME= awstats -PORTVERSION= 6.5 -PORTREVISION= 1 +PORTVERSION= 6.6 CATEGORIES= www -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITES= http://awstats.sourceforge.net/files/ \ + ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} MAINTAINER= webmaster@shopcusa.com COMMENT= Free real-time logfile analyzer to get advanced web statistics -FORBIDDEN= Command Injection Vulnerability RUN_DEPENDS= ${SITE_PERL}/Net/XWhois.pm:${PORTSDIR}/net/p5-Net-XWhois @@ -73,7 +74,7 @@ ${INSTALL_SCRIPT} ${WRKSRC}/tools/logresolvemerge.pl ${PREFIX}/www/awstats/tools ${INSTALL_SCRIPT} ${WRKSRC}/tools/maillogconvert.pl ${PREFIX}/www/awstats/tools ${INSTALL_SCRIPT} ${WRKSRC}/tools/urlaliasbuilder.pl ${PREFIX}/www/awstats/tools - ${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.6.wbm ${PREFIX}/www/awstats/tools/webmin + ${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.7.wbm ${PREFIX}/www/awstats/tools/webmin ${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awredir.pl ${PREFIX}/www/awstats/cgi-bin ${INSTALL_DATA} ${WRKSRC}/wwwroot/cgi-bin/awstats.model.conf ${PREFIX}/www/awstats/cgi-bin ${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awstats.pl ${PREFIX}/www/awstats/cgi-bin diff -ruN --exclude=CVS /usr/ports/www/awstats/distinfo /usr/ports/www/awstats66/distinfo --- /usr/ports/www/awstats/distinfo Tue Feb 7 10:31:19 2006 +++ /usr/ports/www/awstats66/distinfo Fri May 19 16:52:44 2006 @@ -1,3 +1,3 @@ -MD5 (awstats-6.5.tar.gz) = aef00b2ff5c5413bd2a868299cabd69a -SHA256 (awstats-6.5.tar.gz) = 08a63a30c5be698a164c957b3d68e8bacafc0c86ab72458382584d9f8b45bd2c -SIZE (awstats-6.5.tar.gz) = 1051780 +MD5 (awstats-6.6.tar.gz) = c9b65c5a58011fdb4ec611feec17eee4 +SHA256 (awstats-6.6.tar.gz) = 34776a2f487049e2909a399fb03b79ca10e720623fc24ec9051904315efad8ca +SIZE (awstats-6.6.tar.gz) = 1059148 diff -ruN --exclude=CVS /usr/ports/www/awstats/pkg-plist /usr/ports/www/awstats66/pkg-plist --- /usr/ports/www/awstats/pkg-plist Thu Feb 23 11:11:29 2006 +++ /usr/ports/www/awstats66/pkg-plist Fri May 19 17:15:20 2006 @@ -650,7 +650,7 @@ www/awstats/tools/logresolvemerge.pl www/awstats/tools/maillogconvert.pl www/awstats/tools/urlaliasbuilder.pl -www/awstats/tools/webmin/awstats-1.6.wbm +www/awstats/tools/webmin/awstats-1.7.wbm @dirrm www/awstats/tools/webmin @dirrm www/awstats/tools @dirrm www/awstats/js --- awstats-6.6.patch ends here ---
Edwin Groothuis wrote: > Synopsis: [update] www/awstats to 6.6 > > State-Changed-From-To: open->feedback > State-Changed-By: edwin > State-Changed-When: Tue May 16 20:12:16 UTC 2006 > State-Changed-Why: > Awaiting maintainers feedback > > http://www.freebsd.org/cgi/query-pr.cgi?pr=97364 > _______________________________________________ > freebsd-ports-bugs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs > To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe@freebsd.org" Given the nature of the security vulnerability in awstats-6.5 can I petition for this to be considered a Maintainer Timeout and to have this update committed please? It's been more than the two weeks prescribed in the Porter's Handbook. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK
Responsible Changed From-To: freebsd-ports-bugs->mich Grab!
State Changed From-To: feedback->closed Committed, thanks !