aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-04-30 06:58:42 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-04-30 06:58:42 -0600
commit1e3a21db2b7b34a9f14fe8cf7a8efe662c5c10d1 (patch)
tree2a3f36897a0a98d8365c389b36c46e5360791be8
parent4a3e86fe622ffde8c6ea5afe2a2032211e5efb65 (diff)
downloadaports-1e3a21db2b7b34a9f14fe8cf7a8efe662c5c10d1.tar.gz
aports-1e3a21db2b7b34a9f14fe8cf7a8efe662c5c10d1.tar.bz2
aports-1e3a21db2b7b34a9f14fe8cf7a8efe662c5c10d1.tar.xz
main/awstats: add local copy of patch because github is being silly
-rw-r--r--main/awstats/APKBUILD2
-rw-r--r--main/awstats/CVE-2020-35176.patch30
2 files changed, 31 insertions, 1 deletions
diff --git a/main/awstats/APKBUILD b/main/awstats/APKBUILD
index d35ba9746c..f7270f008c 100644
--- a/main/awstats/APKBUILD
+++ b/main/awstats/APKBUILD
@@ -11,7 +11,7 @@ depends="perl perl-uri"
subpackages="$pkgname-doc"
options="!check" # no testsuite
source="https://prdownloads.sourceforge.net/awstats/awstats-$pkgver.tar.gz
- CVE-2020-35176.patch::https://github.com/Beuc/awstats/commit/0d4d4c05f8e73be8f71dd361dc55cbd52858b823.patch"
+ CVE-2020-35176.patch"
# secfixes:
# 7.8-r1:
diff --git a/main/awstats/CVE-2020-35176.patch b/main/awstats/CVE-2020-35176.patch
new file mode 100644
index 0000000000..3e707c35dc
--- /dev/null
+++ b/main/awstats/CVE-2020-35176.patch
@@ -0,0 +1,30 @@
+From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
+From: Beuc <beuc@beuc.net>
+Date: Thu, 17 Dec 2020 18:14:43 +0100
+Subject: [PATCH] Only look for configuration in dedicated awstats directories
+
+Fixes #195/CVE-2020-35176
+---
+ wwwroot/cgi-bin/awstats.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
+index e709b7f5..8341c0a5 100755
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -1711,13 +1711,13 @@ sub Read_Config {
+ # Check config file in common possible directories :
+ # Windows : "$DIR" (same dir than awstats.pl)
+ # Standard, Mandrake and Debian package : "/etc/awstats"
+- # Other possible directories : "/usr/local/etc/awstats", "/etc"
++ # Other possible directories : "/usr/local/etc/awstats",
+ # FHS standard, Suse package : "/etc/opt/awstats"
+ my $configdir = shift;
+ my @PossibleConfigDir = (
+ "$DIR",
+ "/etc/awstats",
+- "/usr/local/etc/awstats", "/etc",
++ "/usr/local/etc/awstats",
+ "/etc/opt/awstats"
+ );
+