SPECS: awstats.spec - up to 6.6 (vendor claims that sec. hole desc...

twittner twittner at pld-linux.org
Tue Jan 16 14:14:11 CET 2007


Author: twittner                     Date: Tue Jan 16 13:14:11 2007 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- up to 6.6 (vendor claims that sec. hole described
  in CVE-2006-3681 has been already fixed)
- updated -PLD.patch for this verion
- stricter file globing in %files (don't pack *.orig files)
- rel. 0.3 (works for me, but see NOTES)

---- Files affected:
SPECS:
   awstats.spec (1.51 -> 1.52) 

---- Diffs:

================================================================
Index: SPECS/awstats.spec
diff -u SPECS/awstats.spec:1.51 SPECS/awstats.spec:1.52
--- SPECS/awstats.spec:1.51	Mon Jan  1 22:54:06 2007
+++ SPECS/awstats.spec	Tue Jan 16 14:14:06 2007
@@ -5,17 +5,26 @@
 #   unfortunately they have already landed in Ac)
 # - apache1 config
 # - security CVE-2006-1945, CVE-2006-2237: http://security.gentoo.org/glsa/glsa-200606-06.xml
+# 
+# NOTES:
+# - /etc/cron.d/awstats contents is overwritten during upgrade - maybe this
+#   should be market as %config(noreplace)
+# - Cron <stats at asus> umask 002; /usr/bin/awstats_updateall.pl now -configdir=/etc/webapps/awstats -awstatsprog=/usr/bin/awstats.pl
+#   Error: Can't scan directory /etc/webapps/awstats.
+#   called from /etc/cron.d/awstats uses `stats' user which has no rights for
+#   reading awstats configuration from /etc/webapps/awstats directory - what
+#   does prevent from making this directory and config files worldreadable?
 #
 %include	/usr/lib/rpm/macros.perl
 Summary:	Advanced Web Statistics is a free powerful server log file analyzer
 Summary(pl):	Zaawansowany program do analizowania logów serwera
 Name:		awstats
-Version:	6.5
-Release:	5
+Version:	6.6
+Release:	0.3
 License:	GPL v2
 Group:		Applications/Networking
-Source0:	http://awstats.sourceforge.net/files/%{name}-%{version}.tgz
-# Source0-md5:	8a4a5f1ad25c45c324182ba369893a5a
+Source0:	http://awstats.sourceforge.net/files/%{name}-%{version}.tar.gz
+# Source0-md5:	38e393edb530d409fdf7f79127a7548e
 Source1:	%{name}.crontab
 Source2:	%{name}-httpd.conf
 Source3:	%{name}.conf
@@ -149,14 +158,15 @@
 %attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/awstats*.conf
 
 %attr(640,root,root) /etc/cron.d/awstats
-%attr(755,root,root) %{_bindir}/*
+%attr(755,root,root) %{_bindir}/*.pl
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/lang
 %{_datadir}/%{name}/lib
 %{_datadir}/%{name}/plugins
 %dir %{_datadir}/%{name}/wwwroot
 %dir %{_datadir}/%{name}/wwwroot/cgi-bin
-%attr(755,root,root) %{_datadir}/%{name}/wwwroot/cgi-bin/*
+%attr(755,root,root) %{_datadir}/%{name}/wwwroot/cgi-bin/awredir.pl
+%attr(755,root,root) %{_datadir}/%{name}/wwwroot/cgi-bin/awstats.pl
 %{_datadir}/%{name}/wwwroot/classes
 %{_datadir}/%{name}/wwwroot/css
 %{_datadir}/%{name}/wwwroot/icon
@@ -169,6 +179,13 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.52  2007/01/16 13:14:06  twittner
+- up to 6.6 (vendor claims that sec. hole described
+  in CVE-2006-3681 has been already fixed)
+- updated -PLD.patch for this verion
+- stricter file globing in %files (don't pack *.orig files)
+- rel. 0.3 (works for me, but see NOTES)
+
 Revision 1.51  2007/01/01 21:54:06  glen
 - trigger for lighttpd config, and package lighttpd config
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/awstats.spec?r1=1.51&r2=1.52&f=u



More information about the pld-cvs-commit mailing list