diff options
Diffstat (limited to 'main/awstats')
| -rw-r--r-- | main/awstats/APKBUILD | 20 | ||||
| -rw-r--r-- | main/awstats/CVE-2017-1000501-1.patch | 68 | ||||
| -rw-r--r-- | main/awstats/CVE-2017-1000501-2.patch | 67 |
3 files changed, 149 insertions, 6 deletions
diff --git a/main/awstats/APKBUILD b/main/awstats/APKBUILD index 2a41a20684..168d9dcbd3 100644 --- a/main/awstats/APKBUILD +++ b/main/awstats/APKBUILD @@ -2,19 +2,27 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=awstats pkgver=7.6 -pkgrel=1 +pkgrel=2 pkgdesc="Free real-time logfile analyzer to get advanced statistics" url="http://awstats.sourceforge.net/" arch="noarch" license="GPL-3.0-or-later" depends="perl perl-uri" subpackages="$pkgname-doc" -source="https://prdownloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz" +options="!check" # no testsuite +source="https://prdownloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2017-1000501-1.patch + CVE-2017-1000501-2.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 7.6-r2 +# - CVE-2017-1000501 + prepare() { local file - cd "$builddir" + default_prepare for file in tools/* wwwroot/cgi-bin/*; do [ -f "${file}" ] || continue sed -e "s:/usr/local/$pkgname/wwwroot:/usr/lib/$pkgname:g" \ @@ -54,6 +62,6 @@ package() { "$pkgdir"/usr/lib/$pkgname/cgi-bin/plugins/example } -md5sums="c69977f938be594b81fdb5e065846d31 awstats-7.6.tar.gz" -sha256sums="4045501319bf99e223bdb492a68a8f08b8e814b0f144a008726d7bd59114167a awstats-7.6.tar.gz" -sha512sums="ebce29dcbdc1f0eef68f1faf6a511212daba3e3621db682dce692dffa584e0c456fb260b9f8e1b7ac25a2a7d5d2bea5034692d2395d4e56a16fa5a36844c79d5 awstats-7.6.tar.gz" +sha512sums="ebce29dcbdc1f0eef68f1faf6a511212daba3e3621db682dce692dffa584e0c456fb260b9f8e1b7ac25a2a7d5d2bea5034692d2395d4e56a16fa5a36844c79d5 awstats-7.6.tar.gz +0f5c3f3581c1ca2731f65180d898cf15ffd8fc21d490d54c773efdf310f87dd0dde83be4c3892474924e7c77bad5f0981d15be9ba740ecf146b1d8e6c8091544 CVE-2017-1000501-1.patch +7230907b6184bdcc6f1c971236a91a7053d7340dad848daea82ff2bdaf78c1e1ef882c706955e93221036dca0faf9aa333a9f0231d6b20ad65df915c72900a4d CVE-2017-1000501-2.patch" diff --git a/main/awstats/CVE-2017-1000501-1.patch b/main/awstats/CVE-2017-1000501-1.patch new file mode 100644 index 0000000000..36b6aaa818 --- /dev/null +++ b/main/awstats/CVE-2017-1000501-1.patch @@ -0,0 +1,68 @@ +From cf219843a74c951bf5986f3a7fffa3dcf99c3899 Mon Sep 17 00:00:00 2001 +From: Laurent Destailleur <eldy@destailleur.fr> +Date: Sun, 17 Dec 2017 12:55:48 +0100 +Subject: [PATCH] FIX Security reported by cPanel Security Team (can execute + arbitraty code) + +--- + wwwroot/cgi-bin/awstats.pl | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl +index 091d6823..fca4900f 100755 +--- a/wwwroot/cgi-bin/awstats.pl ++++ b/wwwroot/cgi-bin/awstats.pl +@@ -1780,7 +1780,7 @@ sub Read_Config { + }else{if ($Debug){debug("Unable to open config file: $searchdir$SiteConfig", 2);}} + } + +- #CL - Added to open config if full path is passed to awstats ++ #CL - Added to open config if full path is passed to awstats + if ( !$FileConfig ) { + + my $SiteConfigBis = File::Spec->rel2abs($SiteConfig); +@@ -2205,7 +2205,10 @@ sub Parse_Config { + } + + # Plugins +- if ( $param =~ /^LoadPlugin/ ) { push @PluginsToLoad, $value; next; } ++ if ( $param =~ /^LoadPlugin/ ) { ++ $value =~ s/[^a-zA-Z0-9_\/\.\+:=\?\s%\-]//g; # Sanitize plugin name and string param because it is used later in an eval. ++ push @PluginsToLoad, $value; next; ++ } + + # Other parameter checks we need to put after MaxNbOfExtra and MinHitExtra + if ( $param =~ /^MaxNbOf(\w+)/ ) { $MaxNbOf{$1} = $value; next; } +@@ -3251,7 +3254,7 @@ sub Read_Plugins { + } + my $ret; # To get init return + my $initfunction = +- "\$ret=Init_$pluginname('$pluginparam')"; ++ "\$ret=Init_$pluginname('$pluginparam')"; # Note that pluginname and pluginparam were sanitized when reading cong file entry 'LoadPlugin' + my $initret = eval("$initfunction"); + if ( $initret && $initret eq 'xxx' ) { + $initret = +@@ -17140,7 +17143,10 @@ sub HTMLMainExtra{ + # No update but report by default when run from a browser + $UpdateStats = ( $QueryString =~ /update=1/i ? 1 : 0 ); + +- if ( $QueryString =~ /config=([^&]+)/i ) { $SiteConfig = &Sanitize("$1"); } ++ if ( $QueryString =~ /config=([^&]+)/i ) { ++ $SiteConfig = &Sanitize("$1"); ++ $SiteConfig =~ s/\.\.//g; # Avoid directory transversal ++ } + if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; } + if ( $QueryString =~ /pluginmode=([^&]+)/i ) { + $PluginMode = &Sanitize( "$1", 1 ); +@@ -17227,7 +17233,10 @@ sub HTMLMainExtra{ + # Update with no report by default when run from command line + $UpdateStats = 1; + +- if ( $QueryString =~ /config=([^&]+)/i ) { $SiteConfig = &Sanitize("$1"); } ++ if ( $QueryString =~ /config=([^&]+)/i ) { ++ $SiteConfig = &Sanitize("$1"); ++ $SiteConfig =~ s/\.\.//g; ++ } + if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; } + if ( $QueryString =~ /pluginmode=([^&]+)/i ) { + $PluginMode = &Sanitize( "$1", 1 ); diff --git a/main/awstats/CVE-2017-1000501-2.patch b/main/awstats/CVE-2017-1000501-2.patch new file mode 100644 index 0000000000..cbf070e02a --- /dev/null +++ b/main/awstats/CVE-2017-1000501-2.patch @@ -0,0 +1,67 @@ +From 06c0ab29c1e5059d9e0279c6b64d573d619e1651 Mon Sep 17 00:00:00 2001 +From: Laurent Destailleur <eldy@destailleur.fr> +Date: Wed, 27 Dec 2017 13:39:57 +0100 +Subject: [PATCH] Fix another vulnerability reported by cPanel Security Team + (can execute arbitraty code) + +--- + wwwroot/cgi-bin/awstats.pl | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl +index fca4900f..4f14c6ee 100755 +--- a/wwwroot/cgi-bin/awstats.pl ++++ b/wwwroot/cgi-bin/awstats.pl +@@ -17145,7 +17145,6 @@ sub HTMLMainExtra{ + + if ( $QueryString =~ /config=([^&]+)/i ) { + $SiteConfig = &Sanitize("$1"); +- $SiteConfig =~ s/\.\.//g; # Avoid directory transversal + } + if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; } + if ( $QueryString =~ /pluginmode=([^&]+)/i ) { +@@ -17191,10 +17190,13 @@ sub HTMLMainExtra{ + # If migrate + if ( $QueryString =~ /(^|-|&|&)migrate=([^&]+)/i ) { + $MigrateStats = &Sanitize("$2"); ++ + $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; +- $SiteConfig = $5 ? $5 : 'xxx'; ++ $SiteConfig = &Sanitize($5 ? $5 : 'xxx'); + $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file + } ++ ++ $SiteConfig =~ s/\.\.//g; # Avoid directory transversal + } + else { # Run from command line + $DebugMessages = 1; +@@ -17204,9 +17206,10 @@ sub HTMLMainExtra{ + + # If migrate + if ( $ARGV[$_] =~ /(^|-|&|&)migrate=([^&]+)/i ) { +- $MigrateStats = "$2"; ++ $MigrateStats = &Sanitize("$2"); ++ + $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; +- $SiteConfig = $5 ? $5 : 'xxx'; ++ $SiteConfig = &Sanitize($5 ? $5 : 'xxx'); + $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file + next; + } +@@ -17235,7 +17238,6 @@ sub HTMLMainExtra{ + + if ( $QueryString =~ /config=([^&]+)/i ) { + $SiteConfig = &Sanitize("$1"); +- $SiteConfig =~ s/\.\.//g; + } + if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; } + if ( $QueryString =~ /pluginmode=([^&]+)/i ) { +@@ -17301,6 +17303,8 @@ sub HTMLMainExtra{ + $ShowDirectOrigin = 1; + $QueryString =~ s/showdirectorigin[^&]*//i; + } ++ ++ $SiteConfig =~ s/\.\.//g; + } + if ( $QueryString =~ /(^|&|&)staticlinks/i ) { + $StaticLinks = "$PROG.$SiteConfig"; |