hollalinux
/
slackbuilds
mirror of https://github.com/SlackBuildsOrg/slackbuilds.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

network/awstats: Included some security patches from git 

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
This commit is contained in:
Robby Workman 2017-12-27 17:58:08 -06:00
parent d8f337bb0a
commit 064e997373
5 changed files with 2965 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
network/awstats/awstats.SlackBuild
View File

@ -31,7 +31,7 @@ PRGNAM="awstats"
VERSION=${VERSION:-7.6}
# hardcode ARCH
ARCH=noarch
BUILD=${BUILD:-1}
BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
DOCROOT=${DOCROOT:-/var/www/htdocs}
@ -59,6 +59,12 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
# Include some security patches from git
patch -p1 < $CWD/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch
patch -p1 < $CWD/patches/0001-Fix-to-window.opener-vulnerability-in-browser-OS-and.patch
patch -p1 < $CWD/patches/0001-FIX-Security-reported-by-cPanel-Security-Team-can-ex.patch
patch -p1 < $CWD/patches/0001-Fix-another-vulnerability-reported-by-cPanel-Securit.patch
# Patch httpd_conf file supplied by awstats to correct paths
sed s:@DOCROOT@:$DOCROOT: $CWD/patches/httpd-awstats.conf.patch | patch -p0
# Patch awstats_configure.pl file -- see patch header for details

71
network/awstats/patches/0001-FIX-Security-reported-by-cPanel-Security-Team-can-ex.patch Normal file
View File

@ -0,0 +1,71 @@
From cf219843a74c951bf5986f3a7fffa3dcf99c3899 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 17 Dec 2017 12:55:48 +0100
Subject: [PATCH] FIX Security reported by cPanel Security Team (can execute
arbitraty code)
---
wwwroot/cgi-bin/awstats.pl | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 091d6823..fca4900f 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1780,7 +1780,7 @@ sub Read_Config {
}else{if ($Debug){debug("Unable to open config file: $searchdir$SiteConfig", 2);}}
}
- #CL - Added to open config if full path is passed to awstats
+ #CL - Added to open config if full path is passed to awstats
if ( !$FileConfig ) {
my $SiteConfigBis = File::Spec->rel2abs($SiteConfig);
@@ -2205,7 +2205,10 @@ sub Parse_Config {
}
# Plugins
- if ( $param =~ /^LoadPlugin/ ) { push @PluginsToLoad, $value; next; }
+ if ( $param =~ /^LoadPlugin/ ) {
+ $value =~ s/[^a-zA-Z0-9_\/\.\+:=\?\s%\-]//g; # Sanitize plugin name and string param because it is used later in an eval.
+ push @PluginsToLoad, $value; next;
+ }
# Other parameter checks we need to put after MaxNbOfExtra and MinHitExtra
if ( $param =~ /^MaxNbOf(\w+)/ ) { $MaxNbOf{$1} = $value; next; }
@@ -3251,7 +3254,7 @@ sub Read_Plugins {
}
my $ret; # To get init return
my $initfunction =
- "\$ret=Init_$pluginname('$pluginparam')";
+ "\$ret=Init_$pluginname('$pluginparam')"; # Note that pluginname and pluginparam were sanitized when reading cong file entry 'LoadPlugin'
my $initret = eval("$initfunction");
if ( $initret && $initret eq 'xxx' ) {
$initret =
@@ -17140,7 +17143,10 @@ if ( $ENV{'GATEWAY_INTERFACE'} ) { # Run from a browser as CGI
# No update but report by default when run from a browser
$UpdateStats = ( $QueryString =~ /update=1/i ? 1 : 0 );
- if ( $QueryString =~ /config=([^&]+)/i ) { $SiteConfig = &Sanitize("$1"); }
+ if ( $QueryString =~ /config=([^&]+)/i ) {
+ $SiteConfig = &Sanitize("$1");
+ $SiteConfig =~ s/\.\.//g; # Avoid directory transversal
+ }
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
$PluginMode = &Sanitize( "$1", 1 );
@@ -17227,7 +17233,10 @@ else { # Run from command line
# Update with no report by default when run from command line
$UpdateStats = 1;
- if ( $QueryString =~ /config=([^&]+)/i ) { $SiteConfig = &Sanitize("$1"); }
+ if ( $QueryString =~ /config=([^&]+)/i ) {
+ $SiteConfig = &Sanitize("$1");
+ $SiteConfig =~ s/\.\.//g;
+ }
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
$PluginMode = &Sanitize( "$1", 1 );
--
2.15.1

70
network/awstats/patches/0001-Fix-another-vulnerability-reported-by-cPanel-Securit.patch Normal file
View File

@ -0,0 +1,70 @@
From 06c0ab29c1e5059d9e0279c6b64d573d619e1651 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 27 Dec 2017 13:39:57 +0100
Subject: [PATCH] Fix another vulnerability reported by cPanel Security Team
(can execute arbitraty code)
---
wwwroot/cgi-bin/awstats.pl | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index fca4900f..4f14c6ee 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -17145,7 +17145,6 @@ if ( $ENV{'GATEWAY_INTERFACE'} ) { # Run from a browser as CGI
if ( $QueryString =~ /config=([^&]+)/i ) {
$SiteConfig = &Sanitize("$1");
- $SiteConfig =~ s/\.\.//g; # Avoid directory transversal
}
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
@@ -17191,10 +17190,13 @@ if ( $ENV{'GATEWAY_INTERFACE'} ) { # Run from a browser as CGI
# If migrate
if ( $QueryString =~ /(^|-|&|&amp;)migrate=([^&]+)/i ) {
$MigrateStats = &Sanitize("$2");
+
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
- $SiteConfig = $5 ? $5 : 'xxx';
+ $SiteConfig = &Sanitize($5 ? $5 : 'xxx');
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
}
+
+ $SiteConfig =~ s/\.\.//g; # Avoid directory transversal
}
else { # Run from command line
$DebugMessages = 1;
@@ -17204,9 +17206,10 @@ else { # Run from command line
# If migrate
if ( $ARGV[$_] =~ /(^|-|&|&amp;)migrate=([^&]+)/i ) {
- $MigrateStats = "$2";
+ $MigrateStats = &Sanitize("$2");
+
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
- $SiteConfig = $5 ? $5 : 'xxx';
+ $SiteConfig = &Sanitize($5 ? $5 : 'xxx');
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
next;
}
@@ -17235,7 +17238,6 @@ else { # Run from command line
if ( $QueryString =~ /config=([^&]+)/i ) {
$SiteConfig = &Sanitize("$1");
- $SiteConfig =~ s/\.\.//g;
}
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
@@ -17301,6 +17303,8 @@ else { # Run from command line
$ShowDirectOrigin = 1;
$QueryString =~ s/showdirectorigin[^&]*//i;
}
+
+ $SiteConfig =~ s/\.\.//g;
}
if ( $QueryString =~ /(^|&|&amp;)staticlinks/i ) {
$StaticLinks = "$PROG.$SiteConfig";
--
2.15.1

2781
network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-browser-OS-and.patch Normal file
View File

File diff suppressed because it is too large Load Diff

36
network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch Normal file
View File

@ -0,0 +1,36 @@
From b421096d5596f1c6ade078fa0b1103deefc3a5ed Mon Sep 17 00:00:00 2001
From: qssam <Sam.Webb@quiet-storm.net>
Date: Tue, 7 Feb 2017 16:49:10 +0000
Subject: [PATCH] Fix to window.opener vulnerability in external referral site
links
Reference: https://mathiasbynens.github.io/rel-noopener/
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 75f0ed95..8bde5c03 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -8892,7 +8892,7 @@ sub HTMLShowURLInfo {
{ # URL seems to be extracted from a proxy log file
print "<a href=\""
. XMLEncode("$newkey")
- . "\" target=\"url\" rel=\"nofollow\">"
+ . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
. XMLEncode($nompage) . "</a>";
}
elsif ( $newkey =~ /^\// )
@@ -8907,7 +8907,7 @@ sub HTMLShowURLInfo {
}
print "<a href=\""
. XMLEncode("$urlprot://$SiteDomain$newkey")
- . "\" target=\"url\" rel=\"nofollow\">"
+ . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
. XMLEncode($nompage) . "</a>";
}
else {
--
2.15.1