Fix XSS (http://secunia.com/advisories/31519/). Bump PKGREVISION.diff -r1.37 -r1.38 pkgsrc/www/awstats/Makefile
(minskim)
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.37 2008/06/20 01:09:40 joerg Exp $ | 1 | # $NetBSD: Makefile,v 1.38 2008/08/20 21:20:33 minskim Exp $ | |
2 | 2 | |||
3 | DISTNAME= awstats-6.7 | 3 | DISTNAME= awstats-6.7 | |
4 | PKGREVISION= 1 | |||
4 | CATEGORIES= www | 5 | CATEGORIES= www | |
5 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=awstats/} | 6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=awstats/} | |
6 | 7 | |||
7 | MAINTAINER= minskim@NetBSD.org | 8 | MAINTAINER= minskim@NetBSD.org | |
8 | HOMEPAGE= http://awstats.sourceforge.net/ | 9 | HOMEPAGE= http://awstats.sourceforge.net/ | |
9 | COMMENT= Free real-time logfile analyzer to get advanced web statistics | 10 | COMMENT= Free real-time logfile analyzer to get advanced web statistics | |
10 | 11 | |||
11 | PKG_DESTDIR_SUPPORT= user-destdir | 12 | PKG_DESTDIR_SUPPORT= user-destdir | |
12 | 13 | |||
13 | NO_BUILD= yes | 14 | NO_BUILD= yes | |
14 | 15 | |||
15 | USE_TOOLS+= perl:run pax | 16 | USE_TOOLS+= perl:run pax | |
16 | REPLACE_PERL+= tools/*.pl | 17 | REPLACE_PERL+= tools/*.pl |
@@ -1,7 +1,8 @@ | @@ -1,7 +1,8 @@ | |||
1 | $NetBSD: distinfo,v 1.20 2008/04/07 07:21:00 adam Exp $ | 1 | $NetBSD: distinfo,v 1.21 2008/08/20 21:20:33 minskim Exp $ | |
2 | 2 | |||
3 | SHA1 (awstats-6.7.tar.gz) = 7dab4208441bce494bf1b3937242794a2328ace1 | 3 | SHA1 (awstats-6.7.tar.gz) = 7dab4208441bce494bf1b3937242794a2328ace1 | |
4 | RMD160 (awstats-6.7.tar.gz) = 5a84327871b65cad5cb6dbaded5c223660806953 | 4 | RMD160 (awstats-6.7.tar.gz) = 5a84327871b65cad5cb6dbaded5c223660806953 | |
5 | Size (awstats-6.7.tar.gz) = 1089638 bytes | 5 | Size (awstats-6.7.tar.gz) = 1089638 bytes | |
6 | SHA1 (patch-aa) = 78b3a3100d687f07e0bed7b677abc52b767b8598 | 6 | SHA1 (patch-aa) = 78b3a3100d687f07e0bed7b677abc52b767b8598 | |
7 | SHA1 (patch-ab) = df8961949160d172ab40569a414b52eb4a8b1f06 | 7 | SHA1 (patch-ab) = df8961949160d172ab40569a414b52eb4a8b1f06 | |
8 | SHA1 (patch-ac) = 2c4f26e5cdd3550f20450c3484bc1d91000bdd63 |
$NetBSD: patch-ac,v 1.1 2008/08/20 21:20:33 minskim Exp $
XSS (http://secunia.com/advisories/31519/) fix. Not needed in 6.9.
--- wwwroot/cgi-bin/awstats.pl.orig 2008-08-20 14:17:04.000000000 -0700
+++ wwwroot/cgi-bin/awstats.pl
@@ -4380,6 +4380,7 @@ sub EncodeString {
sub DecodeEncodedString {
my $stringtodecode=shift;
$stringtodecode =~ tr/\+/ /s;
+ $stringtodecode =~ s/%22//g;
$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
return $stringtodecode;
}
@@ -4432,9 +4433,12 @@ sub Sanitize {
#------------------------------------------------------------------------------
sub CleanXSS {
my $stringtoclean=shift;
+ # To avoid html tags and javascript
$stringtoclean =~ s/</</g;
$stringtoclean =~ s/>/>/g;
$stringtoclean =~ s/|//g;
+ # To avoid onload="
+ $stringtoclean =~ s/onload//g;
return $stringtoclean;
}