Bug 269051 - www/awstats: update to 7.9
Summary: www/awstats: update to 7.9
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Fernando Apesteguía
URL: https://awstats.sourceforge.io/docs/a...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2023-01-19 13:46 UTC by Vidar Karlsen
Modified: 2023-01-23 13:13 UTC (History)
3 users (show)

See Also:
fernape: merge-quarterly+

Attachments
git format-patch, update to 7.9 and clean up Makefile (4.08 KB, patch)
2023-01-19 13:46 UTC, Vidar Karlsen 		vidar: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vidar Karlsen 2023-01-19 13:46:06 UTC 
Created attachment 239590 [details]
git format-patch, update to 7.9 and clean up Makefile

Changelog: https://awstats.sourceforge.io/docs/awstats_changelog.txt

Fixes CVE-2020-35176 path traversal flaw (score 5.3)

While here, re-order the Makefile to make portclippy happy.

QA:
- poudriere testport ok on 12.3-amd64, 12.3-i386, 13.1-amd64
- run-time tested ok on 13.1-amd64
- portlint ok
- portclippy ok
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-21 17:10:13 UTC 
Note to self: VuXml entry.
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-01-23 13:09:32 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dec81534f121a291602a9dfb106ce4ec23d0a261

commit dec81534f121a291602a9dfb106ce4ec23d0a261
Author:     Vidar Karlsen <vidar@karlsen.tech>
AuthorDate: 2023-01-21 17:06:39 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-23 13:04:36 +0000

    www/awstats: update to 7.9

    ChangeLog: https://awstats.sourceforge.io/docs/awstats_changelog.txt

     * Add Windows 11 and Android 13 operating systems
     * Update Hungarian translation and migrate it to UTF-8.
     * fix cross site scripting
     * Replace hard coded text with $Message ( Monthly, Daily, Hourly )
     * Android 11 + 12, MacOS 11 ( Big Sur ) + 12 ( Monterey )
     * Catch up german translations
     * Change the substitution that replaces newlines with BR elements so that
       the syntax works for both HTML and XHTML.
     * Added a few robots and 1 phone browser. Also corrected some errors in
       devlop robots.pm
     * Only look for configuration in dedicated awstats directories
     * Unwrap SRS e-mail addresses
     * Fixes #195/CVE-2020-35176
     * As geoip2_country doesn't have AddHTMLGraph_geoip2_country, it should
       only generate subpage for geoip2_city.
     * added support for HaikuOS and Safari based WebPositive browser
     * Adding missing td-tag opening
     * Tajik Language Support

    PR:             269051
    Reported by:    vidar@karlsen.tech (maintainer)
    MFH:            2023Q1 (security fixes)
    Security:       CVE-2020-35176

 www/awstats/Makefile  | 16 ++++++++--------
 www/awstats/distinfo  |  6 +++---
 www/awstats/pkg-plist |  8 ++++++++
 3 files changed, 19 insertions(+), 11 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-01-23 13:11:34 UTC 
A commit in branch 2023Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=abda034c4a91551abb334bbea839a81958f69d50

commit abda034c4a91551abb334bbea839a81958f69d50
Author:     Vidar Karlsen <vidar@karlsen.tech>
AuthorDate: 2023-01-21 17:06:39 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-23 13:07:14 +0000

    www/awstats: update to 7.9

    ChangeLog: https://awstats.sourceforge.io/docs/awstats_changelog.txt

     * Add Windows 11 and Android 13 operating systems
     * Update Hungarian translation and migrate it to UTF-8.
     * fix cross site scripting
     * Replace hard coded text with $Message ( Monthly, Daily, Hourly )
     * Android 11 + 12, MacOS 11 ( Big Sur ) + 12 ( Monterey )
     * Catch up german translations
     * Change the substitution that replaces newlines with BR elements so that
       the syntax works for both HTML and XHTML.
     * Added a few robots and 1 phone browser. Also corrected some errors in
       devlop robots.pm
     * Only look for configuration in dedicated awstats directories
     * Unwrap SRS e-mail addresses
     * Fixes #195/CVE-2020-35176
     * As geoip2_country doesn't have AddHTMLGraph_geoip2_country, it should
       only generate subpage for geoip2_city.
     * added support for HaikuOS and Safari based WebPositive browser
     * Adding missing td-tag opening
     * Tajik Language Support

    PR:             269051
    Reported by:    vidar@karlsen.tech (maintainer)
    MFH:            2023Q1 (security fixes)
    Security:       CVE-2020-35176

    (cherry picked from commit dec81534f121a291602a9dfb106ce4ec23d0a261)

 www/awstats/Makefile  | 16 ++++++++--------
 www/awstats/distinfo  |  6 +++---
 www/awstats/pkg-plist |  8 ++++++++
 3 files changed, 19 insertions(+), 11 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-01-23 13:13:36 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=41493dcf982d8df241837f7f38453130e8fc9121

commit 41493dcf982d8df241837f7f38453130e8fc9121
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-01-23 13:03:16 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-23 13:08:45 +0000

    security/vuxml: register www/awstats vulnerability

    PR:     269051

 security/vuxml/vuln/2023.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-23 13:13:43 UTC 
Committed and merged to 2023Q1,

Thanks!