lp:ubuntu/maverick-proposed/awstats
- Get this branch:
- bzr branch lp:ubuntu/maverick-proposed/awstats
Branch merges
Branch information
Recent revisions
- 11. By Marc Deslauriers
-
* SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
- debian/patches/ 3000_CVE- 2010-4369. patch: properly sanitize plugin
name in wwwroot/cgi-bin/ awstats. pl.
- CVE-2010-4369 - 10. By Jonas Smedegaard <email address hidden>
-
[ Sergey B Kirpichev ]
* Show error messages from cron jobs.
Closes: bug#580672, thanks to Ken Neighbors.
* Add option to disable nightly generation of static html reports.
Closes: bug#580692, thanks to Ken Neighbors.
* Option to use "nice" to lower the priority of cron scripts.
Closes: bug#580693, thanks to Ken Neighbors.
* Set default language (en) for static reports generation
* Cosmetic improvements to cron scripts.
Closes: bug#580704.
* Recognize method/protocol RTSP in uppercase.
Closes: bug#350601, thanks to Lee Maguire.
* Report permissions problem while reading awstats.custom. conf.
Closes: bug#572353, thanks to Ken Neighbors.[ Jonas Smedegaard ]
* Reverse test logic when sourcing /etc/default/awstats to not fail if
missing.
* Respect TMPDIR for temporary files (i.e. use mktemp --tmpdir).
* Update patches:
+ Drop (unapplied) patch 0011: applied upstream at some point in the
past.
+ Unfuzz (unapplied) patch 0006.
+ Refresh patches 0006, 1015 and 1016 with compacting quilt options
--no-index --no-timestamps -pab. - 9. By Jonas Smedegaard <email address hidden>
-
[ Sergey B Kirpichev ]
* New upstream release (Closes: #494676).
* Add myself to Uploaders field.
* Drop patches 0001 and 1005 (applied upstream).
* Unfuzz patches 1002-1004.
* Add new patch 1007 updating Russian translation. Thanks to Sergey
Kirpichev at upstream tracker #2540486.
* Add new patch 1008 enhancing the ExtraSection headings to include
the words (Top XXX) for consistency with all other section headings.
* Add new patch 1009 fixing URL to Hurd (Closes: #408086).
* Add new patch 1010 fixing dirdata permissions (Closes: #299148).
* Add new patch 1011 fixing Geo::IPfree warnings (Closes: #512373).
* Add new patch 2001 hiding charts in days of month statistics.
* Use debian defaults for geoip data files.[ Jonas Smedegaard ]
* Repackage upstream tarball.
* Packaging moved to Git (from Subversion). Update debian/control and
git-buildpackage configfile, enabling pristine-tar support.
* Use new local CDBS snippet package-relations. mk to resolve, cleanup
and apply CDBS-declared (build-)dependencies.
* Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
* Update local CDBS snippets:
+ upstream-tarball. mk: internal restructuring
+ buildinfo.mk: fix copyright years
+ copyright-check.mk: major rewrite, now generating hint file more
readily usable as template for new proposed copyright format
+ Update README.cdbs-tweaks to also cover newly added package-
relations.mk.
* Rewrite debian/copyright using new proposed syntax (v440). Update
copyright-hints.
* Unfuzz patch 1006.
* Depend on misc:depends (thanks to lintian) and cdbs:depends
(currently unused, and drop superfluous dependencies (fulfilled by
perl even in oldstable). - 8. By Nico Golde <email address hidden>
-
* Non-maintainer upload by the Security Team.
* Strip '"' characters during URL decoding, fixing a cross-site
scripting attack (CVE-2008-3714; CVE-2008-5080; Closes: #495432). - 7. By Jonas Smedegaard <email address hidden>
-
[ Charles Fry ]
* Require AWSTATS_ENABLE_ CONFIG_ DIR environmental variable in order to
enable configdir. Closes: #365910 (thanks to Hendrik Weimer
<email address hidden>)
* Integrated security patches from upstream:
+ Decode QueryString. Closes: #364443 (thanks to Micah Anderson
<email address hidden>)
+ Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
<email address hidden>)
* Indent Homepage in long description, per debian reference guideline[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
+ Broaden scan to also look for "(c)" by default.
+ Make egrep options configurable.
* Semi-auto-update debian/control:
+ Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_ hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
(bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake. - 6. By Martin Pitt
-
* SECURITY UPDATE: Cross-site scripting.
* debian/patches/ 1001_sanitize_ more.patch:
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
parameter (analoguous to CVE-2006-1945, which is already fixed in this
version).
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
[CVE-2006-2237]
- Patch from upstream CVS, taken from Debian's 6.5-2 version. - 5. By Jonas Smedegaard <email address hidden>
-
[ Jonas Smedegaard ]
* New upstream release.
+ Recognizes GNUTLS from lynx User-Agent header. Closes: #306130
(thanks to Dmitry Baryshkov <email address hidden>).
+ Geoip shows countries for resolved hostnames. Closes: #317310
(thanks to Administrator <email address hidden>).
* Simplify watch file to better work with parser used at qa.d.o.
* Improve cdbs rules:
+ Use quilt (rather than cdbs-internal patch system).
+ Add and enable new local snippets copyright-check and auto-update.
+ Update local snippet buildinfo (fixing its namespace).
* Auto-update debian/control:
+ Tightened build-dependency on cdbs.
+ Added build-dependencies on patchutils and quilt.
* Package is now team-maintained:
+ New maintainer: Debian AWStats Team
<email address hidden>.
+ Add myself as uploader.[ Charles Fry ]
* Use qa.debian.org SF redirector in watch file.
* Use Homepage instead of Website in debian/control, per DDR 6.2.4.
* Removed patches integrated upstream - 4. By Jonas Smedegaard <email address hidden>
-
[ Charles Fry ]
* New co-maintainer.
* Suggest libgeo-ipfree-perl. Closes: #316126 (thanks to Gunnar Wolf
<email address hidden>).
* Fixed README.Debian path to configure.pl. Closes: #313093 (thanks to
Michael De Nil <email address hidden>).[ Jonas Smedegaard ]
* Acknowledge NMU. Closes: bug#322591.
* Bump up watch version, and adjust the default command (we have moved
to SubVerSion).
* Add proto to URL in long description.
* User newer chown syntax in postinst (thanks to lintian). - 3. By Jonas Smedegaard <email address hidden>
-
* New upstream release. Closes: bug#293702, #293668 (thanks to Nelson
A. de Oliveira <email address hidden>).
+ Includes upstream fix for security bug fixed in 6.2-1.1.
+ Includes upstream fix for most of security bug fixed in 6.2-1.1.
* Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin
Schulze <email address hidden>, Martin Pitt <email address hidden>, Ubuntu,
Joey Hess <email address hidden>, Frank Lichtenheld <email address hidden> and Steve
Langasek <email address hidden>).
* Include patch for last parts of security bug fixed in 6.2-1.1:
01_sanitize_more.patch.
* Patch (02) to include snapshot of recent development:
+ Fix security hole that allowed a user to read log file content
even when plugin rawlog was not enabled.
+ Fix a possible use of AWStats for a DoS attack.
+ configdir option was broken on windows servers.
+ DebugMessages is by default set to 0 for security reasons.
+ Minor fixes.
* References:
CAN-2005-0435 - read server logs via loadplugin and pluginmode
CAN-2005-0436 - code injection via PluginMode
CAN-2005-0437 - directory traversal via loadplugin
CAN-2005-0438 - information leak via debug
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/awstats