lp:ubuntu/maverick-proposed/awstats

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

12. By James Page on 2011-01-27

Fix bashism in buildstatic.sh (LP: #707365)

11. By Marc Deslauriers on 2011-01-11

* SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
  - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin
    name in wwwroot/cgi-bin/awstats.pl.
  - CVE-2010-4369

10. By Jonas Smedegaard <email address hidden> on 2010-05-19

[ Sergey B Kirpichev ]
* Show error messages from cron jobs.
  Closes: bug#580672, thanks to Ken Neighbors.
* Add option to disable nightly generation of static html reports.
  Closes: bug#580692, thanks to Ken Neighbors.
* Option to use "nice" to lower the priority of cron scripts.
  Closes: bug#580693, thanks to Ken Neighbors.
* Set default language (en) for static reports generation
* Cosmetic improvements to cron scripts.
  Closes: bug#580704.
* Recognize method/protocol RTSP in uppercase.
  Closes: bug#350601, thanks to Lee Maguire.
* Report permissions problem while reading awstats.custom.conf.
  Closes: bug#572353, thanks to Ken Neighbors.

[ Jonas Smedegaard ]
* Reverse test logic when sourcing /etc/default/awstats to not fail if
  missing.
* Respect TMPDIR for temporary files (i.e. use mktemp --tmpdir).
* Update patches:
  + Drop (unapplied) patch 0011: applied upstream at some point in the
    past.
  + Unfuzz (unapplied) patch 0006.
  + Refresh patches 0006, 1015 and 1016 with compacting quilt options
    --no-index --no-timestamps -pab.

9. By Jonas Smedegaard <email address hidden> on 2009-03-03

[ Sergey B Kirpichev ]
* New upstream release (Closes: #494676).
* Add myself to Uploaders field.
* Drop patches 0001 and 1005 (applied upstream).
* Unfuzz patches 1002-1004.
* Add new patch 1007 updating Russian translation. Thanks to Sergey
  Kirpichev at upstream tracker #2540486.
* Add new patch 1008 enhancing the ExtraSection headings to include
  the words (Top XXX) for consistency with all other section headings.
* Add new patch 1009 fixing URL to Hurd (Closes: #408086).
* Add new patch 1010 fixing dirdata permissions (Closes: #299148).
* Add new patch 1011 fixing Geo::IPfree warnings (Closes: #512373).
* Add new patch 2001 hiding charts in days of month statistics.
* Use debian defaults for geoip data files.

[ Jonas Smedegaard ]
* Repackage upstream tarball.
* Packaging moved to Git (from Subversion). Update debian/control and
  git-buildpackage configfile, enabling pristine-tar support.
* Use new local CDBS snippet package-relations.mk to resolve, cleanup
  and apply CDBS-declared (build-)dependencies.
* Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
* Update local CDBS snippets:
  + upstream-tarball.mk: internal restructuring
  + buildinfo.mk: fix copyright years
  + copyright-check.mk: major rewrite, now generating hint file more
    readily usable as template for new proposed copyright format
  + Update README.cdbs-tweaks to also cover newly added package-
    relations.mk.
* Rewrite debian/copyright using new proposed syntax (v440). Update
  copyright-hints.
* Unfuzz patch 1006.
* Depend on misc:depends (thanks to lintian) and cdbs:depends
  (currently unused, and drop superfluous dependencies (fulfilled by
  perl even in oldstable).

8. By Nico Golde <email address hidden> on 2008-12-10

* Non-maintainer upload by the Security Team.
* Strip '"' characters during URL decoding, fixing a cross-site
  scripting attack (CVE-2008-3714; CVE-2008-5080; Closes: #495432).

7. By Jonas Smedegaard <email address hidden> on 2006-05-09

[ Charles Fry ]
* Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to
  enable configdir. Closes: #365910 (thanks to Hendrik Weimer
  <email address hidden>)
* Integrated security patches from upstream:
  + Decode QueryString. Closes: #364443 (thanks to Micah Anderson
    <email address hidden>)
  + Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
    <email address hidden>)
* Indent Homepage in long description, per debian reference guideline

[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
  + Broaden scan to also look for "(c)" by default.
  + Make egrep options configurable.
* Semi-auto-update debian/control:
  + Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
  (bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake.

6. By Martin Pitt on 2006-05-22

* SECURITY UPDATE: Cross-site scripting.
* debian/patches/1001_sanitize_more.patch:
  - Use the Sanitize function to filter out arbitrary HTML from 'diricons'
    parameter (analoguous to CVE-2006-1945, which is already fixed in this
    version).
  - Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
    [CVE-2006-2237]
  - Patch from upstream CVS, taken from Debian's 6.5-2 version.

5. By Jonas Smedegaard <email address hidden> on 2006-01-15

[ Jonas Smedegaard ]
* New upstream release.
  + Recognizes GNUTLS from lynx User-Agent header. Closes: #306130
    (thanks to Dmitry Baryshkov <email address hidden>).
  + Geoip shows countries for resolved hostnames. Closes: #317310
    (thanks to Administrator <email address hidden>).
* Simplify watch file to better work with parser used at qa.d.o.
* Improve cdbs rules:
  + Use quilt (rather than cdbs-internal patch system).
  + Add and enable new local snippets copyright-check and auto-update.
  + Update local snippet buildinfo (fixing its namespace).
* Auto-update debian/control:
  + Tightened build-dependency on cdbs.
  + Added build-dependencies on patchutils and quilt.
* Package is now team-maintained:
  + New maintainer: Debian AWStats Team
    <email address hidden>.
  + Add myself as uploader.

[ Charles Fry ]
* Use qa.debian.org SF redirector in watch file.
* Use Homepage instead of Website in debian/control, per DDR 6.2.4.
* Removed patches integrated upstream

4. By Jonas Smedegaard <email address hidden> on 2005-09-19

[ Charles Fry ]
* New co-maintainer.
* Suggest libgeo-ipfree-perl. Closes: #316126 (thanks to Gunnar Wolf
  <email address hidden>).
* Fixed README.Debian path to configure.pl. Closes: #313093 (thanks to
  Michael De Nil <email address hidden>).

[ Jonas Smedegaard ]
* Acknowledge NMU. Closes: bug#322591.
* Bump up watch version, and adjust the default command (we have moved
  to SubVerSion).
* Add proto to URL in long description.
* User newer chown syntax in postinst (thanks to lintian).

3. By Jonas Smedegaard <email address hidden> on 2005-02-05

* New upstream release. Closes: bug#293702, #293668 (thanks to Nelson
  A. de Oliveira <email address hidden>).
  + Includes upstream fix for security bug fixed in 6.2-1.1.
  + Includes upstream fix for most of security bug fixed in 6.2-1.1.
* Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin
  Schulze <email address hidden>, Martin Pitt <email address hidden>, Ubuntu,
  Joey Hess <email address hidden>, Frank Lichtenheld <email address hidden> and Steve
  Langasek <email address hidden>).
* Include patch for last parts of security bug fixed in 6.2-1.1:
  01_sanitize_more.patch.
* Patch (02) to include snapshot of recent development:
  + Fix security hole that allowed a user to read log file content
    even when plugin rawlog was not enabled.
  + Fix a possible use of AWStats for a DoS attack.
  + configdir option was broken on windows servers.
  + DebugMessages is by default set to 0 for security reasons.
  + Minor fixes.
* References:
  CAN-2005-0435 - read server logs via loadplugin and pluginmode
  CAN-2005-0436 - code injection via PluginMode
  CAN-2005-0437 - directory traversal via loadplugin
  CAN-2005-0438 - information leak via debug