head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.8 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.6 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.4 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.2 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.3.0.4 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.2 pkgsrc-2009Q3-base:1.3 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.4 date 2010.02.02.11.20.29; author fhajny; state dead; branches; next 1.3; 1.3 date 2009.09.19.00.05.03; author minskim; state Exp; branches; next 1.2; 1.2 date 2009.01.15.12.12.20; author adam; state dead; branches; next 1.1; 1.1 date 2008.08.20.21.20.33; author minskim; state Exp; branches 1.1.2.1 1.1.8.1; next ; 1.1.2.1 date 2008.08.20.21.20.33; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.08.21.11.17.03; author tron; state Exp; branches; next ; 1.1.8.1 date 2009.01.31.21.28.41; author tron; state dead; branches; next ; desc @@ 1.4 log @Updated awstats to 6.96. New features/improvements: * Fix security in awredir.pl script by adding a security key required by default. * Enhance security of parameter sanitizing function. * Add name of config file used to build data files inside data files header. * Added details of version for Chrome, Opera, Safari and Konqueror browsers. * Add AdobeAir detection. * Major update of browsers, robots and search_engines databases (among them, the Bing search engine). * Increase seriously bot detection. * Add Brezhoneg language. * Add a better way to detect Safari versions. * Added subpages for geoip maxmind modules in awstats_buildstaticpages. Fixes: * Fix typo in polish language file * awstats emmits ton of warnings with new geoipfree - ID: 2794728 * Fix: can detect robots with robots.txt url even if file is not root. * Other minor fixes. pkgsrc changes: * Patch XML encoding problem when the AT&T searchbot is encountered. @ text @$NetBSD: patch-ac,v 1.3 2009/09/19 00:05:03 minskim Exp $ CVS Revision 1.13 Fix: awstats emits ton of warnings with new geoipfree - ID: 2794728 --- wwwroot/cgi-bin/plugins/geoipfree.pm.orig 2008-11-15 08:03:42.000000000 -0800 +++ wwwroot/cgi-bin/plugins/geoipfree.pm @@@@ -51,7 +51,7 @@@@ sub Init_geoipfree { # ENTER HERE CODE TO DO INIT PLUGIN ACTIONS debug(" Plugin geoipfree: InitParams=$InitParams",1); %TmpDomainLookup=(); - $gi = Geo::IPfree::new(); + $gi = Geo::IPfree->new(); # $gi->Faster; # Do not enable Faster as the Memoize module is rarely available # -----> @ 1.3 log @Make awstats work with the recent version of p5-Geo-IPfree. Patch from awstats-6.95beta. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Changes 6.9: * With postfix that support DSN (Delivery Status Notifications) we exclude some lines to avoid counting mails twice in maillogconvert.pl script. * Logresolvemerge.pl support FreeRADIUS logs or anything else using (the fixed length!) ctime format timestamp. * Add option stoponfirsteof in logresolvemerge tool. * Add patch to support host_proxy tag in LogFormat (for Apache LogFormat containing %{X-Forwarded-For}i) * Renamed Add to favourites on "Hit on favicon". * Increase robots, search engines database (Added Google Chrome browser, better Vista, WII, detection, ...) * Update languages files. * Added a lot of patch from sourceforge. * Bug fixes. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2008/08/20 21:20:33 minskim Exp $ d3 2 a4 1 XSS (http://secunia.com/advisories/31519/) fix. Not needed in 6.9. d6 10 a15 22 --- wwwroot/cgi-bin/awstats.pl.orig 2008-08-20 14:17:04.000000000 -0700 +++ wwwroot/cgi-bin/awstats.pl @@@@ -4380,6 +4380,7 @@@@ sub EncodeString { sub DecodeEncodedString { my $stringtodecode=shift; $stringtodecode =~ tr/\+/ /s; + $stringtodecode =~ s/%22//g; $stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg; return $stringtodecode; } @@@@ -4432,9 +4433,12 @@@@ sub Sanitize { #------------------------------------------------------------------------------ sub CleanXSS { my $stringtoclean=shift; + # To avoid html tags and javascript $stringtoclean =~ s//>/g; $stringtoclean =~ s/|//g; + # To avoid onload=" + $stringtoclean =~ s/onload//g; return $stringtoclean; } @ 1.1 log @Fix XSS (http://secunia.com/advisories/31519/). Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.8.1 log @Pullup ticket #2674 - requested by taca awstats: security update Revisions pulled up: - www/awstats/Makefile 1.40 - www/awstats/PLIST 1.14 - www/awstats/distinfo 1.23 - www/awstats/options.mk 1.2 - www/awstats/patches/patch-aa 1.9 - www/awstats/patches/patch-ab 1.6 - www/awstats/patches/patch-ac delete --- Module Name: pkgsrc Committed By: adam Date: Thu Jan 15 12:12:04 UTC 2009 Modified Files: pkgsrc/www/awstats: Makefile PLIST distinfo options.mk pkgsrc/www/awstats/patches: patch-aa patch-ab Log Message: Changes 6.9: * With postfix that support DSN (Delivery Status Notifications) we exclude some lines to avoid counting mails twice in maillogconvert.pl script. * Logresolvemerge.pl support FreeRADIUS logs or anything else using (the fixed length!) ctime format timestamp. * Add option stoponfirsteof in logresolvemerge tool. * Add patch to support host_proxy tag in LogFormat (for Apache LogFormat containing %{X-Forwarded-For}i) * Renamed Add to favourites on "Hit on favicon". * Increase robots, search engines database (Added Google Chrome browser, better Vista, WII, detection, ...) * Update languages files. * Added a lot of patch from sourceforge. * Bug fixes. --- Module Name: pkgsrc Committed By: adam Date: Thu Jan 15 12:12:20 UTC 2009 Removed Files: pkgsrc/www/awstats/patches: patch-ac Log Message: Changes 6.9: * With postfix that support DSN (Delivery Status Notifications) we exclude some lines to avoid counting mails twice in maillogconvert.pl script. * Logresolvemerge.pl support FreeRADIUS logs or anything else using (the fixed length!) ctime format timestamp. * Add option stoponfirsteof in logresolvemerge tool. * Add patch to support host_proxy tag in LogFormat (for Apache LogFormat containing %{X-Forwarded-For}i) * Renamed Add to favourites on "Hit on favicon". * Increase robots, search engines database (Added Google Chrome browser, better Vista, WII, detection, ...) * Update languages files. * Added a lot of patch from sourceforge. * Bug fixes. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2008/08/20 21:20:33 minskim Exp $ @ 1.1.2.1 log @file patch-ac was added on branch pkgsrc-2008Q2 on 2008-08-21 11:17:03 +0000 @ text @d1 27 @ 1.1.2.2 log @Pullup ticket #2504 - requested by minskim awstats: security fix Revisions pulled up: - www/awstats/Makefile 1.38 - www/awstats/distinfo 1.21 - www/awstats/patches/patch-ac 1.1 --- Module Name: pkgsrc Committed By: minskim Date: Wed Aug 20 21:20:33 UTC 2008 Modified Files: pkgsrc/www/awstats: Makefile distinfo Added Files: pkgsrc/www/awstats/patches: patch-ac Log Message: Fix XSS (http://secunia.com/advisories/31519/). Bump PKGREVISION. @ text @a0 27 $NetBSD: patch-ac,v 1.1 2008/08/20 21:20:33 minskim Exp $ XSS (http://secunia.com/advisories/31519/) fix. Not needed in 6.9. --- wwwroot/cgi-bin/awstats.pl.orig 2008-08-20 14:17:04.000000000 -0700 +++ wwwroot/cgi-bin/awstats.pl @@@@ -4380,6 +4380,7 @@@@ sub EncodeString { sub DecodeEncodedString { my $stringtodecode=shift; $stringtodecode =~ tr/\+/ /s; + $stringtodecode =~ s/%22//g; $stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg; return $stringtodecode; } @@@@ -4432,9 +4433,12 @@@@ sub Sanitize { #------------------------------------------------------------------------------ sub CleanXSS { my $stringtoclean=shift; + # To avoid html tags and javascript $stringtoclean =~ s//>/g; $stringtoclean =~ s/|//g; + # To avoid onload=" + $stringtoclean =~ s/onload//g; return $stringtoclean; } @