--- awstats-6.5.orig/debian/TODO.Debian +++ awstats-6.5/debian/TODO.Debian @@ -0,0 +1,3 @@ + * Package relevant extra modules + * Get rid of the last uses of $DIR in main script + * Switch to only do static pages per default --- awstats-6.5.orig/debian/awstats.conf.local +++ awstats-6.5/debian/awstats.conf.local @@ -0,0 +1,4 @@ +# You can overrides config directives here. +# This is particularly useful for users with several configs for +# different virtual servers, who want to reuse common parameters. +# Also, this file is not updated with each new upstream release. --- awstats-6.5.orig/debian/awstats.postinst +++ awstats-6.5/debian/awstats.postinst @@ -0,0 +1,29 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ ! -d /var/lib/awstats ]; then + if [ -d /var/cache/awstats ]; then + mv /var/cache/awstats /var/lib/awstats + fi + mkdir -p /var/lib/awstats + chown www-data:www-data /var/lib/awstats + chmod 750 /var/lib/awstats + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +#DEBHELPER# + +exit 0 --- awstats-6.5.orig/debian/awstats.doc-base +++ awstats-6.5/debian/awstats.doc-base @@ -0,0 +1,10 @@ +Document: awstats +Title: AWStats Documentation +Author: Laurent Destailleur +Abstract: This manual describes how to install, + configure, use and extend the AWStats logfile analyzer. +Section: Apps/Net + +Format: HTML +Index: /usr/share/doc/awstats/html/index.html +Files: /usr/share/doc/awstats/html/* --- awstats-6.5.orig/debian/rules +++ awstats-6.5/debian/rules @@ -0,0 +1,57 @@ +#!/usr/bin/make -f +# -*- mode: makefile; coding: utf-8 -*- +# Copyright © 2003 Jonas Smedegaard + +include debian/cdbs/1/rules/auto-update.mk +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk +include debian/cdbs/1/rules/buildinfo.mk +include debian/cdbs/1/rules/copyright-check.mk + +DEB_INSTALL_CHANGELOGS_ALL = docs/awstats_changelog.txt +DEB_INSTALL_DOCS_ALL = README.TXT + +awstats_example_scripts = $(wildcard tools/*.pl) $(debian/examples/*.sh) debian/examples/awstats-update + +DEB_INSTALL_EXAMPLES_awstats = $(awstats_example_scripts) debian/examples/apache.conf debian/examples/awstats-update.8 wwwroot/cgi-bin/awstats.model.conf wwwroot/cgi-bin/plugins/example/* wwwroot/css wwwroot/js tools/xslt +DEB_COMPRESS_EXCLUDE = $(notdir $(awstats_example_scripts)) awstats.ico + +common-configure-indep:: + # Use sed rather than a diff here, to make sure all relevant + # options are checked (upstream defaults have moved around in + # the past) + sed \ + -e 's!^\(LogFile *= *\).*!\1"/var/log/apache/access.log"!g' \ + -e 's!^\(DirData *= *\).*!\1"/var/lib/awstats"!g' \ + -e 's!^\(LogFormat *= *\).*!\14!g' \ + -e 's!^\(DNSLookup *= *\).*!\11!g' \ + -e 's!^\(DirIcons *= *\).*!\1"/awstats-icon"!g' \ + -e 's!^\(HostAliases *= *\).*!\1"localhost 127\.0\.0\.1"!g' \ + -e 's!^\(DirLang *= *\).*!\1"/usr/share/awstats/lang"!g' \ + -e 's!^#\(LoadPlugin *= *"hashfiles"\)!\1!' \ + -e 's!^#\(Include *\)""!\1"/etc/awstats/awstats.conf.local"!' \ + wwwroot/cgi-bin/awstats.model.conf > debian/awstats.conf + +clean:: + rm -f debian/awstats.conf + +# Remove badly coded PDF +binary-post-install/awstats:: + find $(DEB_DESTDIR) -type f -name *.pdf | xargs -r rm + +# Debian stores the GPL at one single spot +binary-post-install/awstats:: + find $(DEB_DESTDIR) -name COPYING.TXT -o -name LICENSE.TXT | xargs -r rm + +# Set scripts executable - and unset other files +binary-fixup/awstats:: + find $(DEB_DESTDIR)/usr/share/awstats -type f | xargs -r chmod -x + find $(DEB_DESTDIR)/usr/share/doc/awstats/examples -name *.pl -o -name *.sh | xargs -r chmod +x + +# Set example scripts executable - and unset for remaining example files +binary-fixup/awstats:: + chmod -x,+X -R $(DEB_DESTDIR)/usr/share/doc/awstats/examples/ + chmod +x $(addprefix $(DEB_DESTDIR)/usr/share/doc/awstats/examples/,$(notdir $(awstats_example_scripts))) + +binary-predep/awstats:: + dh_perl -p$(DEB_CURPACKAGE) --- awstats-6.5.orig/debian/copyright_hints +++ awstats-6.5/debian/copyright_hints @@ -0,0 +1,3 @@ +1 0 obj<>endobj +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +Copyright (C) 2000-2006 - Laurent Destailleur - eldy@users.sourceforge.net --- awstats-6.5.orig/debian/control +++ awstats-6.5/debian/control @@ -0,0 +1,23 @@ +Source: awstats +Section: web +Priority: optional +Maintainer: Debian AWStats Team +Uploaders: Charles Fry , Jonas Smedegaard +Build-Depends-Indep: cdbs (>= 0.4.23-1.1), , debhelper (>= 4.1.0), quilt, patchutils (>= 0.2.25), cdbs (>= 0.4.27-1), dh-buildinfo +Standards-Version: 3.6.2 + +Package: awstats +Architecture: all +Depends: ${perl:Depends}, perl (>= 5.8.0-7) | libstorable-perl, perl (>= 5.8.0-7) | libtime-hires-perl +Recommends: libnet-xwhois-perl +Suggests: apache | httpd, libnet-dns-perl, libnet-ip-perl, libgeo-ipfree-perl +Description: powerful and featureful web server log analyzer + Advanced Web Statistics (AWStats) is a powerful web server logfile + analyzer written in perl that shows you all your web statistics including + visits, unique visitors, pages, hits, rush hours, search engines, keywords + used to find your site, robots, broken links and more. Gives more detailed + information and better graphical charts than webalizer, and is easier to use. + Works with several web server log format as a CGI and/or from command line. + Supports more than 30 languages. + . + Homepage: http://awstats.sourceforge.net/ --- awstats-6.5.orig/debian/awstats.postrm +++ awstats-6.5/debian/awstats.postrm @@ -0,0 +1,22 @@ +#! /bin/sh + +set -e + +case "$1" in + purge) + rm -rf /var/lib/awstats + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; + +esac + +#DEBHELPER# + +exit 0 --- awstats-6.5.orig/debian/changelog +++ awstats-6.5/debian/changelog @@ -0,0 +1,665 @@ +awstats (6.5-1ubuntu1.3) dapper-security; urgency=low + + * SECURITY UPDATE: XSS via quotes in the "config" parameter (CVE-2008-3714). + - 1006_quote_xss.patch: upstream fixes, thanks to Florian Weimer. + + -- Kees Cook Wed, 03 Dec 2008 11:20:43 -0800 + +awstats (6.5-1ubuntu1.2) dapper-security; urgency=low + + * SECURITY UPDATE: Fix path exposure on error. + * Add 'debian/patches/1004_backport_6.6_xss-fixes.patch' to correct URL + decoding and adjust error message reports. Backported from upstream. + * References + CVE-2006-3682 + http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.867&r2=1.871 + + -- Kees Cook Fri, 6 Oct 2006 13:10:50 -0700 + +awstats (6.5-1ubuntu1.1) dapper-security; urgency=low + + * SECURITY UPDATE: Arbitrary command execution as www-data. + * Add debian/patches/1003_disable_configdir.patch: + - Disable 'configdir' CGI parameter unless AWSTATS_ENABLE_CONFIG_DIR env + variable is set. This prevents users from putting a crafted config (with + pipe in LogFile parameter) to e. g. /tmp and update the statistics + through the browser. + - Patch ported from Debian's 6.5-2. + - CVE-2006-2644 + + -- Martin Pitt Wed, 7 Jun 2006 18:40:55 +0200 + +awstats (6.5-1ubuntu1) dapper; urgency=low + + * SECURITY UPDATE: Cross-site scripting. + * debian/patches/1001_sanitize_more.patch: + - Use the Sanitize function to filter out arbitrary HTML from 'diricons' + parameter (analoguous to CVE-2006-1945, which is already fixed in this + version). + - Sanitize MigrateStats parameter (XSS if statistics updates are enabled). + [CVE-2006-2237] + - Patch from upstream CVS, taken from Debian's 6.5-2 version. + + -- Martin Pitt Mon, 22 May 2006 21:51:34 +0200 + +awstats (6.5-1) unstable; urgency=low + + [ Jonas Smedegaard ] + * New upstream release. + + Recognizes GNUTLS from lynx User-Agent header. Closes: #306130 + (thanks to Dmitry Baryshkov ). + + Geoip shows countries for resolved hostnames. Closes: #317310 + (thanks to Administrator ). + * Simplify watch file to better work with parser used at qa.d.o. + * Improve cdbs rules: + + Use quilt (rather than cdbs-internal patch system). + + Add and enable new local snippets copyright-check and auto-update. + + Update local snippet buildinfo (fixing its namespace). + * Auto-update debian/control: + + Tightened build-dependency on cdbs. + + Added build-dependencies on patchutils and quilt. + * Package is now team-maintained: + + New maintainer: Debian AWStats Team + . + + Add myself as uploader. + + [ Charles Fry ] + * Use qa.debian.org SF redirector in watch file. + * Use Homepage instead of Website in debian/control, per DDR 6.2.4. + * Removed patches integrated upstream + + -- Jonas Smedegaard Sun, 15 Jan 2006 22:35:07 +0100 + +awstats (6.4-2) unstable; urgency=low + + [ Charles Fry ] + * New co-maintainer. + * Suggest libgeo-ipfree-perl. Closes: #316126 (thanks to Gunnar Wolf + ). + * Fixed README.Debian path to configure.pl. Closes: #313093 (thanks to + Michael De Nil ). + + [ Jonas Smedegaard ] + * Acknowledge NMU. Closes: bug#322591. + * Bump up watch version, and adjust the default command (we have moved + to SubVerSion). + * Add proto to URL in long description. + * User newer chown syntax in postinst (thanks to lintian). + + -- Jonas Smedegaard Mon, 19 Sep 2005 22:41:16 +0200 + +awstats (6.4-1.1) unstable; urgency=high + + * Non-maintainer upload + * SECURITY UPDATE: Fix arbitrary command injection. (Closes: #322591) + Thanks to Martin Pitt for reporting the issue and providing the + patch. + * Add debian/patches/03_remove_eval.patch: + - Replace all eval() calls for dynamically constructed function names with + soft references. This fixes arbitrary command injection with specially + crafted referer URLs which contain Perl code. + - Patch taken from upstream CVS, and contained in 6.5 release. + * References: + CAN-2005-1527 + http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities + + -- Frank Lichtenheld Sun, 4 Sep 2005 19:17:31 +0200 + +awstats (6.4-1) unstable; urgency=low + + * New upstream release. + * Redirect errors of offline scripts to STDERR. Closes: bug#296435 + (tanks to Charles Fry ). + * Fix typo in README.Debian (thanks to Emmanuel Lacour + ). + + -- Jonas Smedegaard Sat, 26 Mar 2005 06:51:21 +0100 + +awstats (6.3-1) unstable; urgency=high + + * New upstream release. Closes: bug#293702, #293668 (thanks to Nelson + A. de Oliveira ). + + Includes upstream fix for security bug fixed in 6.2-1.1. + + Includes upstream fix for most of security bug fixed in 6.2-1.1. + * Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin + Schulze , Martin Pitt , Ubuntu, + Joey Hess , Frank Lichtenheld and Steve + Langasek ). + * Include patch for last parts of security bug fixed in 6.2-1.1: + 01_sanitize_more.patch. + * Patch (02) to include snapshot of recent development: + + Fix security hole that allowed a user to read log file content + even when plugin rawlog was not enabled. + + Fix a possible use of AWStats for a DoS attack. + + configdir option was broken on windows servers. + + DebugMessages is by default set to 0 for security reasons. + + Minor fixes. + * References: + CAN-2005-0435 - read server logs via loadplugin and pluginmode + CAN-2005-0436 - code injection via PluginMode + CAN-2005-0437 - directory traversal via loadplugin + CAN-2005-0438 - information leak via debug + + -- Jonas Smedegaard Sat, 5 Feb 2005 17:13:48 +0100 + +awstats (6.2-1.2) unstable; urgency=HIGH + + * NMU with the following patch from Ubuntu. Closes: #294488 + * SECURITY UPDATE: fix more arbitrary command execution vulnerabilities + * wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the + "config", "pluginmode", "loadplugin", and "noloadplugin" parameters (which + are defined by the remote user) to prevent execution of arbitrary shell + commands through shell metacharacters. + * References: + CAN-2005-0362 for *plugin* variables + CAN-2005-0363 for the config variable + + -- Joey Hess Sun, 13 Feb 2005 14:02:07 -0500 + +awstats (6.2-1.1) unstable; urgency=HIGH + + * NMU with the following patch from Ubuntu. Closes: #291064 + * SECURITY UPDATE: fix arbitrary command execution + * awstats/wwwroot/cgi-bin/awstats.pl: remove all non-path characters from + the "configdir" parameter and the SiteConfig variable to prevent execution + of arbitrary shell commands when open()'ing them. + * References: + CAN-2005-0116 + http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities + + -- Joey Hess Thu, 20 Jan 2005 16:29:35 -0500 + +awstats (6.2-1) unstable; urgency=low + + * New upstream release. Closes: bug#282665. + * Strip leading article from short description to please lintian. + + -- Jonas Smedegaard Mon, 3 Jan 2005 18:33:47 +0100 + +awstats (6.1-4) unstable; urgency=high + + * Add upstream website URL to long description. + * Fix watch file. + * Use generic (but unofficial) buildinfo cdbs snippet. + * Recommend libnet-xwhois-perl. Closes: bug#261190 (thanks to Thilo + Pfennig ). + * No longer avoid GIFs - the evil patent has expired. This closes: + bug#260345 (thanks to Charles Lepple ). + * Set urgency=high to hopefully get this into sarge in time (the + changes are small but valuable). + + -- Jonas Smedegaard Thu, 4 Nov 2004 00:56:58 +0100 + +awstats (6.1-3) unstable; urgency=low + + * Correct minor typos in README.Debian. + * Add new section to README.Debian: "Quick'n'dirty setup". + * Add example apache config snippet. + + -- Jonas Smedegaard Fri, 8 Oct 2004 12:34:15 +0200 + +awstats (6.1-2) unstable; urgency=low + + * Correct a build target so configuration file is properly included + (arrgh!). This also closes: Bug#258883 (thanks to Raphael Hertzog + ). + + -- Jonas Smedegaard Wed, 21 Jul 2004 22:58:03 +0200 + +awstats (6.1-1) unstable; urgency=low + + * New ustream release. Closes: Bug#251620, #257248 (except not ful- + filling the wish of updating to 6.2 not yet stable upstream). + + Misspelling ("trafic") corrected. Closes: Bug#240975 (thanks to + Cristopher Price ). + * Add new XSLT files as example files. + * Make sure among example files that only scripts and direactories are + executable. + + -- Jonas Smedegaard Fri, 2 Jul 2004 17:55:22 +0200 + +awstats (6.0-4) unstable; urgency=low + + * Really fix bug#247265. Really closes: Bug#247265 (thanks to Edward + J. Shornock ). + + -- Jonas Smedegaard Wed, 5 May 2004 05:12:07 +0200 + +awstats (6.0-3) unstable; urgency=low + + * Avoid perl warning when declaring a set of empty variables. Closes: + Bug#247265 (thanks to J.H.M. Dassen (Ray) ). + * Explicitly favor perl 5.8 to libstorable-perl and libtime-hires-perl + (not really a bug - the perl package satisfies this implicitly, but + since the bugreporter took the time to file a bugreport about it, + I'll manage to set it up explicitly). Closes: Bug#247267. + * Added note about Debian location of configure.pl to README.Debian to + deal with main script hardcoding its location. Closes: Bug#243047 + (again, thanks to J.H.M. Dassen). + * Move cache files to /var/lib/awstats and use that location from now + on by default (as claimed in 5.6-2 - I wonder what went wrong then). + Add note to NEWS about the change, and update README.Debian. Closes: + Bug#232349 (thanks to Erik Jacobson ). + * Standards-version 3.6.1. + + -- Jonas Smedegaard Tue, 4 May 2004 15:51:26 +0200 + +awstats (6.0-2) unstable; urgency=medium + + * Rename NEWS.Debian to NEWS, so that it gets installed. Thanks to + Brock Rozen for spotting it. + * Setting urgency=medium, as this is only a packaging correction, and + is good to get into testing soon. + + -- Jonas Smedegaard Sat, 3 Apr 2004 00:21:38 +0200 + +awstats (6.0-1) unstable; urgency=low + + * New upstream release. Closes: Bug#211005 (at least the main part of + it) + * Acceptance of friendly takeover (mentioned in Bug#211005) withdrawn. + * Suggest in README.Debian the upstream script awstats_updateall.pl as + alternative to awstats-update (mentioned in Bug#211005 - please file + a separate wishlist bug if interested in discussing this further). + * Add NEWS.Debian + + Move relevant stuff from README.Debian + + Add new stuff about upgrade to 6.x. + * Suggest libnet-dns-perl and libnet-ip-perl. Closes: Bug#220393 + (thanks to Craig small ). + * Drop patch to tighten paths possible to pass to main script: Current + code is not as open to XSS flaws as earlier, and it makes the Debian + package harder to maintain (leading to other more important bugfixes + taking longer to reach Debian). + * Remove Debian-specific notes in debian/changelog provided in + debian/changelog as well. + + -- Jonas Smedegaard Sun, 28 Mar 2004 14:04:53 +0200 + +awstats (5.6-2) unstable; urgency=low + + * Use target common-configure-indep instead of common-configure for + inclusion of awstats.conf. Closes: Bug#210351 (thanks to Georges + Kesseler , Paul Slootman and Javier + Fernândez-Sanguino Peña for solving this, and + to Nathanael Nerode for waking me up). + * Update 02_use_static_dirs.diff to not use "." as DirData default. + Closes (the other part of) Bug#222694 (together with the above). + * Use /var/lib/awstats instead of /var/cache/awstats (thanks to Paul + Slootman for his notice in Bug#222694). + + -- Jonas Smedegaard Thu, 18 Dec 2003 16:23:15 +0100 + +awstats (5.6-1) unstable; urgency=low + + * New upstream release (closes: Bug#202006). + + Upstream deals with compliant robots hitting stats page now + (closes: Bug#195840 - the rest of the suggestion is questionable + and can be implemented locally by standard editing config file). + * Problem with mod_gzip possibly solved in version 5.4 (closes: + Bug#165390 - please reopen if problem persist). + * Remove patch 01_use_TableBG (upstream has improved/rearranged visual + design). + * Include sample JavaScript and CSS code as examples. + * Include all tools as examples, not only explicit ones (adds + awstats_exportlib.pl and new maillogconvert.pl). + * Update watch file (use explicit server instead of sourceforge + redirect crap, and add uupdate). + * Standards-version 3.6.0. + * Cleanup debian/rules a bit, thanks to newer cdbs (no need to tighten + build-dependency as cdbs has not yet ever been part of an official + Debian release). + * Update 02_use_static_dirs.diff to match new upstream release. + * Improve long description a bit (mention that more than 30 languages + are supported). + * Fix speling error and generally improve virtually empty + awstats.conf.local (sorry folks - this won't happen often). + * Use cdbs to add examples (instead of separate debhelper file), and + make sure all example scripts are executable and not compressed. + + -- Jonas Smedegaard Fri, 1 Aug 2003 14:08:40 +0200 + +awstats (5.5-2) unstable; urgency=low + + * Build-depend on cdbs, and tighten build-dependency on debhelper + (although I suspect this is actually not really needed for perl + packages). + + -- Jonas Smedegaard Fri, 30 May 2003 12:02:19 +0200 + +awstats (5.5-1) unstable; urgency=low + + * New upstream release + * Switch from cbs to cdbs. + * Correct debian/watch. + * Standards-Version 3.5.10 (no changes needed). + * Avoid the example plugin without the use of 'rm -rf', and include it + instead as, well, an example. + + -- Jonas Smedegaard Fri, 30 May 2003 11:23:40 +0200 + +awstats (5.4-1) unstable; urgency=low + + * New upstream release (closes: bug#170285, bug#175328). + * Update patches. + * Update debian/rules to latest version of CBS. + * provide separate conffile for local tweaks (closes: Bug#179741, + thanks to Francesco Potorti ). + + -- Jonas Smedegaard Sun, 16 Mar 2003 06:01:58 +0100 + +awstats (5.1-6) unstable; urgency=low + + * Fix wrongly placed quotes in /etc/awstats./awstats.conf (thanks to + Wolfgang Karall . Closes bug#177857. + + -- Jonas Smedegaard Wed, 22 Jan 2003 13:31:10 +0100 + +awstats (5.1-5) unstable; urgency=low + + * Switch to using CBS (Colin's Build System). + * Correct (and improve a bit) sed rules adjusting configfile. This + closes: Bug#171698, thanks to Robert Millan + (and to Amaya Rodrigo Sastre for clarifying). + * Separate html documentation and register with doc-base. + * Avoid all GIFs (PNGs are provided for them all). + * Don't strip .ico file. + * Quote the wording of the upstream license statement (instead of just + telling that it is GPL) in debian/copyright, and properly refer to + Debian location of the GPL. + * Declare compliance with Policy version 3.5.8.0. + + -- Jonas Smedegaard Sun, 15 Dec 2002 21:31:14 +0100 + +awstats (5.1-4) unstable; urgency=low + + * Really take care of LogFile default. + + -- Jonas Smedegaard Fri, 15 Nov 2002 00:37:43 +0100 + +awstats (5.1-3) unstable; urgency=low + + * Change default DirData from . to /var/cache/awstats and make sure + LogFile always defaults to /var/log/apache/access.log (currently the + case, but not in 5.0 - who knows if it changes upstream again). + Thanks to Atsuhito Kohda , this closes: + Bug#165979. + + -- Jonas Smedegaard Thu, 14 Nov 2002 23:47:14 +0100 + +awstats (5.1-2) unstable; urgency=medium + + * Add debian/watch file. + * Set urgency=medium (this really shouldn't harm anyone, and I don't + want it to delay entering testing). + + -- Jonas Smedegaard Mon, 4 Nov 2002 19:54:06 +0100 + +awstats (5.1-1) unstable; urgency=low + + * New upstream release. + + -- Jonas Smedegaard Tue, 29 Oct 2002 01:52:02 +0100 + +awstats (5.0-1) unstable; urgency=low + + * New upstream release. + * debian/README.Debian: Add note from changelog about upgrading older + logfiles for speed. + * Add a TODO. + + -- Jonas Smedegaard Sun, 6 Oct 2002 18:03:46 +0200 + +awstats (4.99.20020922-1) unstable; urgency=low + + * New upstream (pre)release. + * Include and add dependencies for plugins, except the non-functional + graph3d plugin. + * Enable hashfiles plugin per default. + + -- Jonas Smedegaard Sun, 22 Sep 2002 14:53:07 +0200 + +awstats (4.1-1) unstable; urgency=low + + * New upstream release. + * This is the newest stable release (5.0 is work-in-progress). Closes: + #156589. + + -- Jonas Smedegaard Wed, 14 Aug 2002 01:29:49 +0200 + +awstats (4.0-3) unstable; urgency=low + + * Add example script provided by Francesco Potorti` + (Closes: #153559). + * I am giving *hints* of ways to integrate AWStats with a running + webserver. There are too many ways to put it together - and I will + not write a manual about it, sorry (but thanks for the + suggestions!). Closes: #153561. + * Remove TODO. Apache2 goes in interesting other ways... + + -- Jonas Smedegaard Tue, 23 Jul 2002 16:57:40 +0200 + +awstats (4.0-2) unstable; urgency=low + + * Add staticpages.sh, suggested by Cyrille Chepelov, as example + script. + + -- Jonas Smedegaard Thu, 4 Jul 2002 00:08:33 +0200 + +awstats (4.0-1) unstable; urgency=low + + * Newer upstream version (closes: #133451, #150246). + * Include the new common2combined.pl and awstats_buildstaticpages.pl + scripts as tools. + + -- Jonas Smedegaard Wed, 3 Jul 2002 20:54:45 +0200 + +awstats (3.2-12) unstable; urgency=low + + * Do a s/OSArrayID/OSSearchIDOrder/g in awstats.pl to make it work + with the new operating_systems.pl db (thanks to "Omniflux" + ). This closes: #140115. + + -- Jonas Smedegaard Wed, 27 Mar 2002 14:14:13 +0100 + +awstats (3.2-11) unstable; urgency=low + + * Remove /var/cache/awstats on purge. Closes: #139292 (or half of it: + The package should not purge configfiles not created by the package. + Please reopen the bug if you disagree). + * Backport translations (lots of updates and new languages latvian and + brasilian portuguese), operating systems (cosmetic change to Amiga) + and search engines (czech engines and correction to alltheweb.com). + + -- Jonas Smedegaard Tue, 26 Mar 2002 00:35:23 +0100 + +awstats (3.2-10) unstable; urgency=low + + * Talk about logrotate and not cron.conf in README.Debian (Apache + cleaned that up in 1.3.22-6). Thanks to Unit3 for spotting it. + + -- Jonas Smedegaard Thu, 7 Feb 2002 23:09:40 +0100 + +awstats (3.2-9) unstable; urgency=low + + * The "Enough is enough..." release. + * Ignore silently if /var/log/apache/access.log is not readable by + www-data. + * Use only awstats.conf in default cron job (as other configurations + typically use separate logfiles and thus cannot be checked as simple + as the above). + * The above is a response to bugreport by Graeme , + and closes: #132781. + * Move awstats-update to examples now that it is no longer used (but - + after much struggle - works as intended). + * Move icon folder from /var/www to /usr/share as suggested by + Emmanuel CHANTREAU . This closes: #131957. + * Rewrite README.Debian to reflect the current situation. + * Add a TODO... + * Backport searchengines from 4.0 (add atlas.cz). + * Backport languages from 4.0 (updates to br, fr, it and pt). + + -- Jonas Smedegaard Thu, 7 Feb 2002 21:40:04 +0100 + +awstats (3.2-8) unstable; urgency=low + + * Fix typo in awstats-update (Closes: 132656). + + -- Jonas Smedegaard Thu, 7 Feb 2002 16:58:14 +0100 + +awstats (3.2-7) unstable; urgency=low + + * Fix awstats-update again, thanks to Emil Soleyman-Zomalan + . + + -- Jonas Smedegaard Tue, 5 Feb 2002 19:03:25 +0100 + +awstats (3.2-6) unstable; urgency=low + + * Rewrite awstats-update again (and make a note on the weird behavior + in README.Debian. Closes: 131321). + + -- Jonas Smedegaard Fri, 1 Feb 2002 01:42:38 +0100 + +awstats (3.2-5) unstable; urgency=low + + * Revert awstats.pl path in awstats-update as well (thanks for a quick + bugreport from Jens fix-your-bloody-address Bech. Closes: #131394). + * I cannot reproduce the problem with recent awstats-update and + believe it to be fixed, so closes: #131394. + + -- Jonas Smedegaard Wed, 30 Jan 2002 03:24:23 +0100 + +awstats (3.2-4) unstable; urgency=low + + * Rewrite awstats.conf to avoid (ba)sh-voodoo that might upset non- + bash shells (Closes: #130713). + * Hack awstats.pl to only use our default folders or those in config + file. + * Move db/* from cgi-bin to /usr/share/awstats. + * Move logresolvemerge.pl out of cgi-bin to + /usr/share/doc/awstats/examples (but keep it uncompressed). + * Revert to using upstream script location /cgi-bin (no need for a + separate folder now that non-executables are moved off of cgi-bin). + * Switch to using upstream default for 'ShowFlagLinks'. + * Comment out '/YourRelativeUrl' and 'myworkstation' in awstats.pl. + + -- Jonas Smedegaard Sun, 27 Jan 2002 22:08:05 +0100 + +awstats (3.2-3) unstable; urgency=low + + * New maintainer (thanks, Eric :-). Updating maintainer field and + maintainer hint in debian/copyright. + * Hack awstats.pl to use for tables instead of (Closes: #130449). + * Acknowledge my own NMUs (Closes: #126250, 120517). + * Recognize Galeon: Add it to browsers.pl and hack awstats.pl to + separate it from Netscape (Closes: 130431). + + -- Jonas Smedegaard Thu, 24 Jan 2002 20:37:26 +0100 + +awstats (3.2-2.2) unstable; urgency=low + + * Another NMU (last one wasn't approved by maintainer - crossing my + fingers about this one). + * Correctly suggests httpd. + * We have been at version 3.2 for a couple of builds now (maintainer + asked me to close these, so closes: #126250, #120517). + * Install only relevant documentation (avoid Windows-specific xml, + virtually empty htm and lintian-triggering LICENSE). + * README.Debian: Add note about default ownership of logfiles and + access from CGI. + * README.Debian: Clarify that the note about enabling logging of + browsers and referers is apache-specific (AWStats runs with other + httpd servers as well). + * Install perl helper scripts non-executable (thanks, lintian). + + -- Jonas Smedegaard Thu, 17 Jan 2002 22:00:06 +0100 + +awstats (3.2-2.1) unstable; urgency=low + + * NMU permitted by maintainer (or at least it will be if this package + happens to show up in sid). + * Build default awstats.conf sed'ing upstream awstats.model.conf (to + make sure added options in a new upstream version are included and + deprecated ones silently ignored). + * Add awstats.model.conf as an example file as well. + * Change DirCgi option from "/usr/lib/cgi-bin/awstats/awstats.pl" to + "/cgi-bin/awstats" (makes more sense according to documented + behaviour). + * Correctly install upstream changelog. + * Remove practically empty preinst, prerm and postrm debhelper files. + * Suggests: apache | httpd. + + -- Jonas Smedegaard Fri, 11 Jan 2002 01:56:27 +0100 + +awstats (3.2-2) unstable; urgency=low + + * I forgot to include cgi-bin/db, sorry (closes: #128113). + + -- Eric Van Buggenhaut Mon, 7 Jan 2002 20:22:10 +0100 + +awstats (3.2-1) unstable; urgency=low + + * New upstream release + + -- Eric Van Buggenhaut Sat, 5 Jan 2002 17:36:22 +0100 + +awstats (3.1build23-6) unstable; urgency=low + + * Included default config in awstats-update (closes: #122518). + + -- Eric Van Buggenhaut Thu, 6 Dec 2001 23:12:51 +0100 + +awstats (3.1build23-5) unstable; urgency=high + + * Corrected awstats-update (closes: #117762). + + -- Eric Van Buggenhaut Mon, 26 Nov 2001 23:22:31 +0100 + +awstats (3.1build23-4) unstable; urgency=low + + * Corrected typo in cronscript (closes: #118412). + * Changed Architecture: to all + + -- Eric Van Buggenhaut Tue, 13 Nov 2001 13:43:00 +0100 + +awstats (3.1build23-3) unstable; urgency=low + + * Corrected bad translations in italian and spanish files (closes: #113046) + * Use 'install' instead of 'cp' in debian/rules (closes: #115266). Patch + * provided by Jonas Smedegaard . + * Check for existence of /usr/sbin/awstats-update in cron script (closes: #117057). Patch + * provided by Jonas Smedegaard . + + + -- Eric Van Buggenhaut Tue, 30 Oct 2001 00:08:49 +0100 + +awstats (3.1build23-2) unstable; urgency=low + + * I (risko gergely) changed the maintainer field to + Eric Van Buggenhaut + , because he will be the sponsor of a new maintainer, + who argued about the maintainership of this package, + and we decided, that he will take it over. There are + bugs, and it gets counted on bugs.debian.org/risko@debian.org, + which is very very bad for me, because it's not my bug, + simply the new maintainer can't upload a new version in 2-3 + months. Sorry for any bandwidth wasting and inconvinence. + Gergely + + -- RISKO Gergely Thu, 11 Oct 2001 21:34:32 +0200 + +awstats (3.1build23-1) unstable; urgency=low + + * new upstream version + + -- RISKO Gergely Fri, 24 Aug 2001 09:12:11 +0200 + +awstats (3.1build20-1) unstable; urgency=low + + * Initial Release. (closes: Bug#90955, Bug#90956) + + -- RISKO Gergely Tue, 21 Aug 2001 13:17:46 +0200 + +Local variables: +mode: debian-changelog +End: --- awstats-6.5.orig/debian/awstats.cron.d +++ awstats-6.5/debian/awstats.cron.d @@ -0,0 +1 @@ +0,10,20,30,40,50 * * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null --- awstats-6.5.orig/debian/copyright +++ awstats-6.5/debian/copyright @@ -0,0 +1,14 @@ +This is AWStats packaged for Debian GNU systems. + +It was downloaded from http://awstats.sourceforge.net + +Upstream Author: Laurent Destailleur + +Copyright: + + AWStats is distributed under the GNU General Public License (GPL). + So you must follow the line "Free software - Copylefted - GPL" to know + what are major license agreements with AWStats. + +On Debian Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. --- awstats-6.5.orig/debian/examples/redostats.sh +++ awstats-6.5/debian/examples/redostats.sh @@ -0,0 +1,40 @@ +#! /bin/bash + +CONFDIR=/etc/awstats +DATADIR=/var/cache/awstats +PROGRAM=/usr/lib/cgi-bin/awstats.pl + +if [ `id -u` != 0 ]; then + exit 1 +fi + +set -e + +cd $DATADIR +OLDSTATS=`date -I` +if mkdir $OLDSTATS 2> /dev/null; then + mv *.txt *.bak $OLDSTATS +fi +rm -f *.txt *.bak + +TMPLOG=/tmp/access.log +TMPCRON=$CONFDIR/awstats.cron +CRONORIG=/etc/cron.d/awstats +CONFORIG=$CONFDIR/conf.orig +CONFFILE=$CONFDIR/awstats.conf + +trap 'rm $TMPLOG; mv -f $CONFORIG $CONFFILE; mv -f $TMPCRON $CRONORIG; /etc/init.d/cron reload' EXIT + +mv -f $CONFFILE $CONFORIG +cat $CONFORIG | + sed "\|/var/log/apache/access.log|s||$TMPLOG|" > $CONFFILE +mv -f $CRONORIG $TMPCRON +/etc/init.d/cron reload + +ls -rt /var/log/apache/access.log* | + while read file + do zcat -f $file > $TMPLOG + echo Processing ${file}... + sudo -u www-data $PROGRAM -config=awstats + done +rm -f $DATADIR/*.bak --- awstats-6.5.orig/debian/examples/staticpages.sh +++ awstats-6.5/debian/examples/staticpages.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# This script written by Cyrille Chepelov + +AWSTATS="/usr/lib/cgi-bin/awstats.pl -config=/etc/awstats/awstats.conf" +TARGET=/var/www + +# source user's overrides (TODO: provide commented out template file) + +[ -f /etc/awstats/awstats-static.conf ] && . /etc/awstats/awstats-static.conf + +$AWSTATS -update +$AWSTATS -output -staticlinks > $TARGET/awstats.html + +for detail in allhosts lasthosts unknownip urldetail unknownreferer unknownrefererbrowser browserdetail allkeyphrases errors404; do + $AWSTATS -output=$detail -staticlinks > $TARGET/awstats.$detail.html +done --- awstats-6.5.orig/debian/examples/awstats-update.8 +++ awstats-6.5/debian/examples/awstats-update.8 @@ -0,0 +1,29 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH AWSTATS-UPDATE 8 "August 2001" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +awstats-update \- update awstats statistics +.SH SYNOPSIS +.B awstats-update +.SH DESCRIPTION +This program is called by cron jobs and in webserver's pre-rotate +script to update the statistics of AwStats, which is a featureful +web server log analyzer. If you don't know what you do, you shouldn't +use this program, it is used by your system. +.SH AUTHOR +This manual page was written by RISKO Gergely , +for the Debian GNU/Linux system (but may be used by others). --- awstats-6.5.orig/debian/examples/apache.conf +++ awstats-6.5/debian/examples/apache.conf @@ -0,0 +1,30 @@ +# This provides worldwide access to everything below the directory +# Security concerns: +# * Raw log processing data is accessible too for everyone +# * The directory is by default writable by the httpd daemon, so if +# any PHP, CGI or other script can be tricked into copying or +# symlinking stuff here, you have a looking glass into your server, +# and if stuff can be uploaded to here, you have a public warez site! + + Options None + AllowOverride None + Order allow,deny + Allow from all + + +# This provides worldwide access to everything below the directory +# Security concerns: none known + + Options None + AllowOverride None + Order allow,deny + Allow from all + + +# This provides worldwide access to everything in the directory +# Security concerns: none known +Alias /awstats-icon/ /usr/share/awstats/icon/ + +# This (hopefully) enables _all_ CGI scripts in the default directory +# Security concerns: Are you sure _all_ CGI scripts are safe? +ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ --- awstats-6.5.orig/debian/examples/awstats-update +++ awstats-6.5/debian/examples/awstats-update @@ -0,0 +1,6 @@ +#!/bin/sh + +[ -f /etc/awstats/awstats.conf ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null +for cfg in `find /etc/awstats -name 'awstats.*.conf' -printf '%f\n' | sed 's/^awstats\.\(.*\)\.conf/\1/'`; do + /usr/lib/cgi-bin/awstats.pl -config=$cfg -update >/dev/null +done --- awstats-6.5.orig/debian/NEWS +++ awstats-6.5/debian/NEWS @@ -0,0 +1,47 @@ +awstats (6.0-3) unstable; urgency=low + + * Cache files are now located at /var/lib/awstats by default. Old + files are automatically moved from /var/cache/awstats. + Exception: If the directory /var/lib/awstats exists already then + no attempts on upgrading are done. + + -- Jonas Smedegaard Tue, 4 May 2004 13:44:47 +0200 + +awstats (6.0-1) unstable; urgency=low + + * If you use the ExtraSections feature, you must check that the + parameter(s) ExtraSectionConditionX use a full REGEX syntax (with + 5.x series, this parameter could contain simple string values). If + not, feature will be broken. + + * If you use the Misc feature, you must check that your ShowMiscStats + parameter is set to "ajdfrqwp", if you want to have all miscellanous + info reported (you must also have added the awstats_misc_tracker.js + script in your home page as described in MiscTrackerUrl parameter + description). Otherwise the new default value "a" will be used (only + the "Add to favourites" will be reported). + + * MaxLengthOfURL parameter has been renamed into MaxLengthOfShownURL. + + * To enable the new worm detection, you must add parameter + LevelForWormsDetection=2 in your config file. + + * If you used the urlalias or userinfo plugin, you must move the + urlalias.*.txt or userinfo.*.txt file from Plugins directory to + DirData directory. + + -- Jonas Smedegaard Sun, 28 Mar 2004 14:04:53 +0200 + +awstats (5.0-1) unstable; urgency=low + + * AWStats 5.0 is compatible with previous versions (3.x or 4.x). + However if you use awstats 5.0 runtime to read statistics for old + month build with 3.x or 4.x, speed will be a little bit reduce but + data will be reported correctly. + + * To benefit the speed/memory improvement of 5.0 (2 to 8 times faster + when reading stats, less memory use) you can migrate your history + files with the command : + awstats.pl -migrate="/fullpath/awstatsMMYYYY.configval.txt" + + -- Jonas Smedegaard Sun, 6 Oct 2002 18:03:46 +0200 --- awstats-6.5.orig/debian/awstats.install +++ awstats-6.5/debian/awstats.install @@ -0,0 +1,7 @@ +debian/awstats.conf* etc/awstats/ +docs/* usr/share/doc/awstats/html/ +wwwroot/cgi-bin/awstats.pl usr/lib/cgi-bin/ +wwwroot/cgi-bin/lang/* usr/share/awstats/lang/ +wwwroot/cgi-bin/lib/* usr/share/awstats/lib/ +wwwroot/cgi-bin/plugins/*.pm usr/share/awstats/plugins/ +wwwroot/icon/* usr/share/awstats/icon/ --- awstats-6.5.orig/debian/control.in +++ awstats-6.5/debian/control.in @@ -0,0 +1,23 @@ +Source: awstats +Section: web +Priority: optional +Maintainer: Debian AWStats Team +Uploaders: Charles Fry , Jonas Smedegaard +Build-Depends-Indep: @cdbs@ +Standards-Version: 3.6.2 + +Package: awstats +Architecture: all +Depends: ${perl:Depends}, perl (>= 5.8.0-7) | libstorable-perl, perl (>= 5.8.0-7) | libtime-hires-perl +Recommends: libnet-xwhois-perl +Suggests: apache | httpd, libnet-dns-perl, libnet-ip-perl, libgeo-ipfree-perl +Description: powerful and featureful web server log analyzer + Advanced Web Statistics (AWStats) is a powerful web server logfile + analyzer written in perl that shows you all your web statistics including + visits, unique visitors, pages, hits, rush hours, search engines, keywords + used to find your site, robots, broken links and more. Gives more detailed + information and better graphical charts than webalizer, and is easier to use. + Works with several web server log format as a CGI and/or from command line. + Supports more than 30 languages. + . + Homepage: http://awstats.sourceforge.net/ --- awstats-6.5.orig/debian/README.Debian +++ awstats-6.5/debian/README.Debian @@ -0,0 +1,98 @@ +awstats for Debian +================== + +Quick'n'dirty setup +------------------- + +Do the following for a simple setup of a single website with Apache 1.3.x: + + * Edit /etc/logrotate.d/apache to permit www-data access to logfiles + * copy /usr/share/doc/awstats/examples/apache.conf to /etc/apache/conf.d/ + +The above is _NOT_ supported or recommended! Please read the rest of this +document instead... + + +No stats are generated +---------------------- + +As AWStats is used both as a CGI-script and offline, it is by default run as +uid=www-data in cron jobs so that generated files are accessible from CGI as +well. +By default Apache stores (since version 1.3.22-1) logfiles with uid=root and +gid=adm, so you need to either... + + 1) Change the rights of the logfiles in /etc/logrotate.d/apache so that + www-data has at least read access. + + 2) As 1) but change to a specific user, and use the suEXEC feature of Apache + to run as same user (and either change the right of /var/lib/awstats as + well or use another directory). This is more complicated, but then the logs + are not generally accessible to the server (which was probably the point of + the Apache default). + + 3) Change awstats.pl to group adm (but beware that you are then taking the + risk of allowing a CGI-script access to admin stuff on the machine!). + +With other webservers than Apache several things should probably be changed, +like location and format of logfiles. + + +A few minutes is lost each day/week/month +----------------------------------------- + +By default AWStats scans logfiles each 10 minutes. When Apache (and other +webservers?) rotate their logfiles, the last entries in the old logfile may not +have been read by AWStats. + +Make sure to run AWStats right _before_ web logs are rotated (add a "prerotate" +in /etc/logrotate.d/apache for Apache). + + +The icons are missing +--------------------- + +You should redirect requests for /awstats-icon/ to /usr/share/awstats/icon/. + +In Apache, this is done by adding the following to /etc/apache/httpd.conf: + + Alias /awstats-icon/ /usr/share/awstats/icon/ + +For other webservers you should either do something similar, or make a symlink +from /var/www/awstats-icon to /usr/share/awstats/icon/. + + +Multiple stats +-------------- + +To handle multiple stats (eg. using VirtualHosts in Apache) you should... + + 1) Place all configs in /etc/awstats. + + 2) Name the configs "awstats." + whatever you want - ".conf" (eg. + awstats.www.debian.org.conf"). But avoid "awstats.awstats.conf. + + 3) Run awstats.pl with each config one by one (have a look at the scripts + awstats-update and awstats_updateall.pl in + /usr/share/doc/awstats/examples). + + +Browser and referer stats are missing +------------------------------------- + +Apache uses CLF (Common Log Format) by default, which doesn't include info +about browser types and referer. + +It is recommended to use "combined" logfiles instead (remember to change +awstats.conf accordingly). + + +Where is configure.pl? +---------------------- + +The main script may tell you to use /usr/lib/cgi-bin/tools/configure.pl. +That script, however, is not available as a CGI script on Debian. +Instead, it is located at /usr/share/doc/awstats/examples/awstats_configure.pl. + + + -- Jonas Smedegaard Fri, 8 Oct 2004 12:28:31 +0200 --- awstats-6.5.orig/debian/cdbs/1/rules/buildinfo.mk +++ awstats-6.5/debian/cdbs/1/rules/buildinfo.mk @@ -0,0 +1,42 @@ +# -*- mode: makefile; coding: utf-8 -*- +# Copyright © 2004-2005 Jonas Smedegaard +# Description: Generate and include build information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, or (at +# your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA. + + +ifndef _cdbs_bootstrap +_cdbs_scripts_path ?= /usr/lib/cdbs +_cdbs_rules_path ?= /usr/share/cdbs/1/rules +_cdbs_class_path ?= /usr/share/cdbs/1/class +endif + +ifndef _cdbs_rules_buildinfo +_cdbs_rules_buildinfo := 1 + +include $(_cdbs_rules_path)/buildcore.mk$(_cdbs_makefile_suffix) + +CDBS_BUILD_DEPENDS := $(CDBS_BUILD_DEPENDS), dh-buildinfo + +common-install-arch common-install-indep:: debian/stamp-buildinfo + +debian/stamp-buildinfo: + dh_buildinfo + +clean:: + rm -f debian/stamp-buildinfo + +endif --- awstats-6.5.orig/debian/cdbs/1/rules/copyright-check.mk +++ awstats-6.5/debian/cdbs/1/rules/copyright-check.mk @@ -0,0 +1,55 @@ +# -*- mode: makefile; coding: utf-8 -*- +# Copyright © 2005-2006 Jonas Smedegaard +# Description: Check for changes to copyright notices in source +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, or (at +# your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA. + +ifndef _cdbs_bootstrap +_cdbs_scripts_path ?= /usr/lib/cdbs +_cdbs_rules_path ?= /usr/share/cdbs/1/rules +_cdbs_class_path ?= /usr/share/cdbs/1/class +endif + +ifndef _cdbs_rules_copyright-check +_cdbs_rules_copyright-check := 1 + +include $(_cdbs_rules_path)/buildcore.mk$(_cdbs_makefile_suffix) + +cdbs_copyright-check_find_opts := -not -regex '\./debian/.*' + +clean:: + @echo 'Scanning upstream source for new/changed copyright notices...' + @echo '(the debian/ subdir is _not_ examined - do that manually!)' + find . -type f $(cdbs_copyright-check_find_opts) -exec cat '{}' ';' \ + | egrep --text -rih 'copyright.*[0-9]{4}' \ + | sed -e 's/^[[:space:]*#]*//' -e 's/[[:space:]]*$$//' \ + | LC_ALL=C sort -u \ + > debian/copyright_newhints + if [ ! -f debian/copyright_hints ]; then touch debian/copyright_hints; fi + @echo "diff --normal debian/copyright_hints debian/copyright_newhints | egrep '^>'" + @diff --normal debian/copyright_hints debian/copyright_newhints | egrep '^>'; \ + if [ "$$?" -eq "0" ]; then \ + echo "New or changed copyright notices discovered! Do this:"; \ + echo " 1) Search source for each of the above lines ('grep -r' is your friend)"; \ + echo " 2) Update debian/copyright as needed"; \ + echo " 3) Replace debian/copyright_hints with debian/copyright_newhints"; \ + exit 1; \ + fi + + @echo 'No new copyright notices found - assuming no news is good news...' + rm -f debian/copyright_newhints + +endif --- awstats-6.5.orig/debian/cdbs/1/rules/auto-update.mk +++ awstats-6.5/debian/cdbs/1/rules/auto-update.mk @@ -0,0 +1,44 @@ +# -*- mode: makefile; coding: utf-8 -*- +# Copyright © 2005-2006 Jonas Smedegaard +# Description: Auto-update debian/control from debian/control.in +# When the environment variable DEB_BUILD_OPTIONS contains the magic +# string "update" the clean target is extended to auto-update +# debian/control from debian/control.in where build-depends can contain +# the magic string @cdbs@ expanded to build-dependencies known to cdbs, +# and more... +# +# In other words, with this in use don't edit debian/control directly, +# but instead edit debian/control.in and invoke the following: +# DEB_BUILD_OPTIONS=update fakeroot debian/rules clean +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, or (at +# your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA. + +ifndef _cdbs_bootstrap +_cdbs_scripts_path ?= /usr/lib/cdbs +_cdbs_rules_path ?= /usr/share/cdbs/1/rules +_cdbs_class_path ?= /usr/share/cdbs/1/class +endif + +ifndef _cdbs_rules_auto-update +_cdbs_rules_auto-update := 1 + +ifneq (,$(findstring update,$(DEB_BUILD_OPTIONS))) +DEB_AUTO_UPDATE_DEBIAN_CONTROL := yes +endif + +# Avoid build-dependency on build-essential (to please ftpmasters) +CDBS_BUILD_DEPENDS := +endif --- awstats-6.5.orig/debian/compat +++ awstats-6.5/debian/compat @@ -0,0 +1 @@ +4 --- awstats-6.5.orig/debian/watch +++ awstats-6.5/debian/watch @@ -0,0 +1,4 @@ +# Run the "uscan" command to check for upstream updates and more. +version=3 +# use qa.debian.org redirector; see man uscan +http://sf.net/awstats/awstats-([\d+\.]+|\d+)\.tar\.gz debian svn-upgrade --- awstats-6.5.orig/debian/patches/1003_disable_configdir.patch +++ awstats-6.5/debian/patches/1003_disable_configdir.patch @@ -0,0 +1,23 @@ +diff -Nur awstats-6.5/wwwroot/cgi-bin/awstats.pl awstats-6.5.new/wwwroot/cgi-bin/awstats.pl +--- awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-22 21:58:30.000000000 +0200 ++++ awstats-6.5.new/wwwroot/cgi-bin/awstats.pl 2006-06-07 18:40:17.000000000 +0200 +@@ -1131,7 +1131,9 @@ + my $configdir=shift; + my @PossibleConfigDir=(); + +- if ($configdir) { @PossibleConfigDir=("$configdir"); } ++ if ($configdir && $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) { ++ @PossibleConfigDir=("$configdir"); ++ } + else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); } + + # Open config file +@@ -5534,7 +5536,7 @@ + $QueryString =~ s/&/&/g; + } + +- $QueryString = CleanFromCSSA($QueryString); ++ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); + + # Security test + if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } --- awstats-6.5.orig/debian/patches/1002_redirect_to_STDERR.patch +++ awstats-6.5/debian/patches/1002_redirect_to_STDERR.patch @@ -0,0 +1,92 @@ +diff -urNad awstats~/tools/awstats_buildstaticpages.pl awstats/tools/awstats_buildstaticpages.pl +--- awstats~/tools/awstats_buildstaticpages.pl 2005-08-23 15:56:35.000000000 -0400 ++++ awstats/tools/awstats_buildstaticpages.pl 2006-01-04 00:58:20.490613529 -0500 +@@ -75,7 +75,7 @@ + # Return: None + #------------------------------------------------------------------------------ + sub error { +- print "Error: $_[0].\n"; ++ print STDERR "Error: $_[0].\n"; + exit 1; + } + +@@ -95,7 +95,7 @@ + # print "$messagestring
\n"; + # } + # else { +- print "$messagestring\n"; ++ print STDERR "$messagestring\n"; + # } + # } + } +diff -urNad awstats~/tools/awstats_configure.pl awstats/tools/awstats_configure.pl +--- awstats~/tools/awstats_configure.pl 2005-04-22 13:34:05.000000000 -0400 ++++ awstats/tools/awstats_configure.pl 2006-01-04 00:58:24.987002812 -0500 +@@ -87,7 +87,7 @@ + # error + #------------------------------------------------------- + sub error { +- print "Error: $_[0].\n"; ++ print STDERR "Error: $_[0].\n"; + exit 1; + } + +diff -urNad awstats~/tools/awstats_exportlib.pl awstats/tools/awstats_exportlib.pl +--- awstats~/tools/awstats_exportlib.pl 2003-12-05 18:53:38.000000000 -0500 ++++ awstats/tools/awstats_exportlib.pl 2006-01-04 00:58:30.769217454 -0500 +@@ -93,8 +93,8 @@ + my $thirdmessage=shift||""; + my $donotshowsetupinfo=shift||0; + if ($Debug) { debug("$message $secondmessage $thirdmessage",1); } +- print "$message"; +- print "\n"; ++ print STDERR "$message"; ++ print STDERR "\n"; + exit 1; + } + +diff -urNad awstats~/tools/awstats_updateall.pl awstats/tools/awstats_updateall.pl +--- awstats~/tools/awstats_updateall.pl 2005-04-22 13:34:05.000000000 -0400 ++++ awstats/tools/awstats_updateall.pl 2006-01-04 00:58:34.910654953 -0500 +@@ -36,7 +36,7 @@ + # Return: None + #------------------------------------------------------------------------------ + sub error { +- print "Error: $_[0].\n"; ++ print STDERR "Error: $_[0].\n"; + exit 1; + } + +diff -urNad awstats~/tools/logresolvemerge.pl awstats/tools/logresolvemerge.pl +--- awstats~/tools/logresolvemerge.pl 2005-12-04 16:10:46.000000000 -0500 ++++ awstats/tools/logresolvemerge.pl 2006-01-04 00:58:38.552160356 -0500 +@@ -104,7 +104,7 @@ + # Return: None + #------------------------------------------------------------------------------ + sub error { +- print "Error: $_[0].\n"; ++ print STDERR "Error: $_[0].\n"; + exit 1; + } + +@@ -133,7 +133,7 @@ + sub warning { + my $messagestring=shift; + if ($Debug) { debug("$messagestring",1); } +- print "$messagestring\n"; ++ print STDERR "$messagestring\n"; + } + + #----------------------------------------------------------------------------- +diff -urNad awstats~/tools/maillogconvert.pl awstats/tools/maillogconvert.pl +--- awstats~/tools/maillogconvert.pl 2005-04-22 13:34:05.000000000 -0400 ++++ awstats/tools/maillogconvert.pl 2006-01-04 00:58:42.465628823 -0500 +@@ -56,7 +56,7 @@ + #------------------------------------------------------- + + sub error { +- print "Error: $_[0].\n"; ++ print STDERR "Error: $_[0].\n"; + exit 1; + } + --- awstats-6.5.orig/debian/patches/1004_backport_6.6_xss-fixes.patch +++ awstats-6.5/debian/patches/1004_backport_6.6_xss-fixes.patch @@ -0,0 +1,87 @@ +diff -Nur awstats-6.5/wwwroot/cgi-bin/awstats.pl awstats-6.5.new/wwwroot/cgi-bin/awstats.pl +--- awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-10-06 13:32:02.366124943 -0700 ++++ awstats-6.5.new/wwwroot/cgi-bin/awstats.pl 2006-10-06 13:35:20.095848772 -0700 +@@ -870,7 +870,7 @@ + print "Example: If your config file is awstats.mysite.conf, use -config=mysite\n"; + } + print "- ${tagbold}Did you create your config file 'awstats.$SiteConfig.conf' ?${tagunbold}${tagbr}\n"; +- print "If not, you can run \"$dir/tools/awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n"; ++ print "If not, you can run \"awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n"; + print "${tagbr}\n"; + } + else { print "${tagbr}${tagbold}Setup (".($FileConfig?"'".$FileConfig."'":"Config")." file, web server or permissions) may be wrong.${tagunbold}${tagbr}\n"; } +@@ -4432,6 +4432,7 @@ + + #------------------------------------------------------------------------------ + # Function: Clean a string of HTML tags to avoid 'Cross Site Scripting attacks' ++# and clean | char. + # Parameters: stringtoclean + # Input: None + # Output: None +@@ -4441,6 +4442,7 @@ + my $stringtoclean=shift; + $stringtoclean =~ s//>/g; ++ $stringtoclean =~ s/|//g; + return $stringtoclean; + } + +@@ -5518,6 +5520,7 @@ + 'hostfilter','hostfilterex','urlfilter','urlfilterex','refererpagesfilter','refererpagesfilterex', + 'pluginmode','filterrawlog'); + ++# Parse input parameters and sanitize them for security reasons + $QueryString=''; + # AWStats use GATEWAY_INTERFACE to known if ran as CLI or CGI. AWSTATS_DEL_GATEWAY_INTERFACE can + # be set to force AWStats to be ran as CLI even from a web page. +@@ -5544,26 +5547,26 @@ + # No update but report by default when run from a browser + $UpdateStats=($QueryString=~/update=1/i?1:0); + +- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); } +- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&Sanitize(&DecodeEncodedString("$1")); } +- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } +- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } ++ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } ++ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } ++ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } ++ if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } + # All filters +- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter +- if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}=&DecodeEncodedString("$1"); } # +- if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can also be defined with urlfilter=filter +- if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}=&DecodeEncodedString("$1"); } # +- if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can also be defined with refererpagesfilter=filter +- if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); } # ++ if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter ++ if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}="$1"; } # ++ if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can also be defined with urlfilter=filter ++ if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}="$1"; } # ++ if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can also be defined with refererpagesfilter=filter ++ if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; } # + # All output +- if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed +- if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed +- if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed +- if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed + + # If migrate + if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { +- $MigrateStats=&Sanitize(&DecodeEncodedString("$2")); ++ $MigrateStats=&Sanitize("$2"); + $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; + $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file + } +@@ -5585,7 +5588,7 @@ + $QueryString .= "$NewLinkParams"; + } + +- $QueryString = CleanFromCSSA($QueryString); ++ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); + + # Security test + if ($ENV{'AWSTATS_DEL_GATEWAY_INTERFACE'} && $QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } --- awstats-6.5.orig/debian/patches/README +++ awstats-6.5/debian/patches/README @@ -0,0 +1,3 @@ +0xxx: Grabbed from upstream development. +1xxx: Possibly relevant for upstream adoption. +2xxx: Only relevant for official Debian release. --- awstats-6.5.orig/debian/patches/1006_quote_xss.patch +++ awstats-6.5/debian/patches/1006_quote_xss.patch @@ -0,0 +1,12 @@ +Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl +=================================================================== +--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2008-12-03 11:21:06.000000000 -0800 ++++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2008-12-03 11:21:11.000000000 -0800 +@@ -4397,6 +4397,7 @@ + my $stringtodecode=shift; + $stringtodecode =~ tr/\+/ /s; + $stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg; ++ $stringtodecode =~ s/["']//g; + return $stringtodecode; + } + --- awstats-6.5.orig/debian/patches/series +++ awstats-6.5/debian/patches/series @@ -0,0 +1,5 @@ +1001_sanitize_more.patch +1002_redirect_to_STDERR.patch +1003_disable_configdir.patch +1004_backport_6.6_xss-fixes.patch +1006_quote_xss.patch --- awstats-6.5.orig/debian/patches/1001_sanitize_more.patch +++ awstats-6.5/debian/patches/1001_sanitize_more.patch @@ -0,0 +1,35 @@ +Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl +=================================================================== +--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2005-11-24 15:11:19.000000000 -0500 ++++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-05 16:43:12.000000000 -0400 +@@ -5542,8 +5542,8 @@ + # No update but report by default when run from a browser + $UpdateStats=($QueryString=~/update=1/i?1:0); + +- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } +- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } ++ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); } ++ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&Sanitize(&DecodeEncodedString("$1")); } + if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } + if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } + # All filters +@@ -5561,7 +5561,7 @@ + + # If migrate + if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { +- $MigrateStats=&DecodeEncodedString("$2"); ++ $MigrateStats=&Sanitize(&DecodeEncodedString("$2")); + $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; + $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file + } +@@ -5591,8 +5591,8 @@ + # Update with no report by default when run from command line + $UpdateStats=1; + +- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; } +- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } ++ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } ++ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&Sanitize("$1"); } + if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } + if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } + # All filters