From A.J.Caines@halplant.com  Thu Jan 27 02:05:58 2005
Return-Path: <A.J.Caines@halplant.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3513916A4CF
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 27 Jan 2005 02:05:58 +0000 (GMT)
Received: from lakermmtao05.cox.net (lakermmtao05.cox.net [68.230.240.34])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7331143D2D
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 27 Jan 2005 02:05:57 +0000 (GMT)
	(envelope-from A.J.Caines@halplant.com)
Received: from mail.halplant.com ([68.105.184.54]) by lakermmtao05.cox.net
          (InterMail vM.6.01.04.00 201-2131-117-20041022) with ESMTP
          id <20050127020556.PQGF16431.lakermmtao05.cox.net@mail.halplant.com>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Wed, 26 Jan 2005 21:05:56 -0500
Received: from hal10000.halplant.com (hal10000.halplant.com [192.168.0.3])
	by mail.halplant.com (Postfix) with ESMTP id C7785550B;
	Wed, 26 Jan 2005 21:05:54 -0500 (EST)
Message-Id: <1106791554.0@hal10000.halplant.com>
Date: Wed, 26 Jan 2005 21:05:54 -0500
From: "Andrew J. Caines" <A.J.Caines@halplant.com>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org>
Cc: A.J.Caines@halplant.com
Subject: NON-MAINTAINER UPDATE: www/awstats to 6.3 (includes critical security fix)
X-Send-Pr-Version: gtk-send-pr 0.4.3 
X-GNATS-Notify:

>Number:         76735
>Category:       ports
>Synopsis:       NON-MAINTAINER UPDATE: www/awstats to 6.3 (includes critical security fix)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pav
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 27 02:10:07 GMT 2005
>Closed-Date:    Thu Feb 03 19:33:26 GMT 2005
>Last-Modified:  Thu Feb 03 19:33:26 GMT 2005
>Originator:     Andrew J. Caines
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
H.A.L. Plant 
>Environment:


System: hal9000.halplant.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Thu Nov 11 11:29:19 EST 2004     root@hal9000.halplant.com:/data/obj/data/src/sys/HAL9000  i386



>Description:


Update awstats 6.2 to 6.3, including a fix for an active remote exploit[1].

Patch includes additional pkg-plist changes.

[1] See eg. http://xforce.iss.net/xforce/xfdb/18910


>How-To-Repeat:


Apply the patch[1].

[1] http://halplant.com:88/software/FreeBSD/ports/awstats-6.3.patch


>Fix:


--- awstats-6.3.patch begins here ---
diff -ruN awstats/Makefile awstats-6.3/Makefile
--- awstats/Makefile	Tue Jan 18 07:38:13 2005
+++ awstats-6.3/Makefile	Tue Jan 25 23:33:10 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	awstats
-PORTVERSION=	6.2
+PORTVERSION=	6.3
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -15,8 +15,6 @@
 MAINTAINER=	webmaster@lightningfire.net
 COMMENT=	Free real-time logfile analyzer to get advanced web statistics
 
-FORBIDDEN=	http://vuxml.FreeBSD.org/0f5a2b4d-694b-11d9-a9e7-0001020eed82.html
-
 RUN_DEPENDS=	${SITE_PERL}/Net/XWhois.pm:${PORTSDIR}/net/p5-Net-XWhois
 
 NO_BUILD=	yes
@@ -51,7 +49,7 @@
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/logresolvemerge.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/maillogconvert.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/urlaliasbuilder.pl ${PREFIX}/www/awstats/tools
-	${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.4.wbm ${PREFIX}/www/awstats/tools/webmin
+	${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.5.wbm ${PREFIX}/www/awstats/tools/webmin
 	${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awredir.pl ${PREFIX}/www/awstats/cgi-bin
 	${INSTALL_DATA} ${WRKSRC}/wwwroot/cgi-bin/awstats.model.conf ${PREFIX}/www/awstats/cgi-bin
 	${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awstats.pl ${PREFIX}/www/awstats/cgi-bin
diff -ruN awstats/distinfo awstats-6.3/distinfo
--- awstats/distinfo	Fri Dec 31 06:35:09 2004
+++ awstats-6.3/distinfo	Tue Jan 25 23:38:16 2005
@@ -1,2 +1,2 @@
-MD5 (awstats-6.2.tgz) = ee3096899d40e23ecdc897d752b79ac8
-SIZE (awstats-6.2.tgz) = 860606
+MD5 (awstats-6.3.tgz) = 4335067362c3033ca2c03e08abc67d73
+SIZE (awstats-6.3.tgz) = 936817
diff -ruN awstats/pkg-plist awstats-6.3/pkg-plist
--- awstats/pkg-plist	Fri Dec 31 06:35:09 2004
+++ awstats-6.3/pkg-plist	Wed Jan 26 02:33:28 2005
@@ -1,3 +1,11 @@
+www/awstats/tools/awstats_buildstaticpages.pl
+www/awstats/tools/awstats_configure.pl
+www/awstats/tools/awstats_exportlib.pl
+www/awstats/tools/awstats_updateall.pl
+www/awstats/tools/logresolvemerge.pl
+www/awstats/tools/maillogconvert.pl
+www/awstats/tools/urlaliasbuilder.pl
+www/awstats/tools/webmin/awstats-1.5.wbm
 %%PORTDOCS%%%%DOCSDIR%%/COPYING.TXT
 %%PORTDOCS%%%%DOCSDIR%%/LICENSE.TXT
 %%PORTDOCS%%%%DOCSDIR%%/awstats.pdf
@@ -29,12 +37,18 @@
 %%PORTDOCS%%%%DOCSDIR%%/images/awstats_logo5.png
 %%PORTDOCS%%%%DOCSDIR%%/images/awstats_logo6.png
 %%PORTDOCS%%%%DOCSDIR%%/images/license_chart.png
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.gif
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.jpg
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_1.png
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_2.png
-%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_3.gif
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_3.png
 %%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_4.png
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_5.png
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_large_1.jpg
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_large_2.jpg
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_large_3.jpg
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_large_4.jpg
+%%PORTDOCS%%%%DOCSDIR%%/images/screen_shot_large_5.jpg
 %%PORTDOCS%%%%DOCSDIR%%/images/star.png
 %%PORTDOCS%%%%DOCSDIR%%/index.html
 %%PORTDOCS%%%%DOCSDIR%%/pad_awstats.htm
@@ -81,11 +95,11 @@
 www/awstats/cgi-bin/lang/awstats-si.txt
 www/awstats/cgi-bin/lang/awstats-sk.txt
 www/awstats/cgi-bin/lang/awstats-sr.txt
-www/awstats/cgi-bin/lang/awstats-tr.txt
 www/awstats/cgi-bin/lang/awstats-th.txt
-www/awstats/cgi-bin/lang/awstats-tt-br.txt
+www/awstats/cgi-bin/lang/awstats-tr.txt
 www/awstats/cgi-bin/lang/awstats-tw.txt
 www/awstats/cgi-bin/lang/awstats-ua.txt
+www/awstats/cgi-bin/lang/awstats-tt-br.txt
 www/awstats/cgi-bin/lang/tooltips_f/awstats-tt-br.txt
 www/awstats/cgi-bin/lang/tooltips_f/awstats-tt-cz.txt
 www/awstats/cgi-bin/lang/tooltips_f/awstats-tt-en.txt
@@ -568,35 +582,27 @@
 www/awstats/icons/other/vu.png
 www/awstats/icons/other/vv.png
 www/awstats/js/awstats_misc_tracker.js
-www/awstats/tools/awstats_buildstaticpages.pl
-www/awstats/tools/awstats_configure.pl
-www/awstats/tools/awstats_exportlib.pl
-www/awstats/tools/awstats_updateall.pl
-www/awstats/tools/logresolvemerge.pl
-www/awstats/tools/maillogconvert.pl
-www/awstats/tools/urlaliasbuilder.pl
-www/awstats/tools/webmin/awstats-1.4.wbm
-@dirrm www/awstats/tools/webmin
-@dirrm www/awstats/tools
-@dirrm www/awstats/js
-@dirrm www/awstats/icons/other
-@dirrm www/awstats/icons/os
-@dirrm www/awstats/icons/mime
-@dirrm www/awstats/icons/flags
-@dirrm www/awstats/icons/cpu
-@dirrm www/awstats/icons/clock
-@dirrm www/awstats/icons/browser
-@dirrm www/awstats/icons
-@dirrm www/awstats/css
-@dirrm www/awstats/classes
-@dirrm www/awstats/cgi-bin/plugins/example
-@dirrm www/awstats/cgi-bin/plugins
-@dirrm www/awstats/cgi-bin/lib
-@dirrm www/awstats/cgi-bin/lang/tooltips_w
-@dirrm www/awstats/cgi-bin/lang/tooltips_m
 @dirrm www/awstats/cgi-bin/lang/tooltips_f
+@dirrm www/awstats/cgi-bin/lang/tooltips_m
+@dirrm www/awstats/cgi-bin/lang/tooltips_w
 @dirrm www/awstats/cgi-bin/lang
+@dirrm www/awstats/cgi-bin/lib
+@dirrm www/awstats/cgi-bin/plugins/example
+@dirrm www/awstats/cgi-bin/plugins
 @dirrm www/awstats/cgi-bin
+@dirrm www/awstats/classes
+@dirrm www/awstats/css
+@dirrm www/awstats/icons/browser
+@dirrm www/awstats/icons/clock
+@dirrm www/awstats/icons/cpu
+@dirrm www/awstats/icons/flags
+@dirrm www/awstats/icons/mime
+@dirrm www/awstats/icons/os
+@dirrm www/awstats/icons/other
+@dirrm www/awstats/icons
+@dirrm www/awstats/js
+@dirrm www/awstats/tools/webmin
+@dirrm www/awstats/tools
 @dirrm www/awstats
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/images
 %%PORTDOCS%%@dirrm %%DOCSDIR%%
--- awstats-6.3.patch ends here ---



>Release-Note:
>Audit-Trail:

From: Edwin Groothuis <edwin@mavetju.org>
To: freebsd-gnats-submit@FreeBSD.org, A.J.Caines@halplant.com
Cc:  
Subject: Re: ports/76735: NON-MAINTAINER UPDATE: www/awstats to 6.3 (includes critical security fix)
Date: Thu, 27 Jan 2005 14:21:00 +1100

 It can't find the distfiles yet on the ${MASTER_SITE_SOURCEFORGE} sites.
 
 -- 
 Edwin Groothuis      |            Personal website: http://www.mavetju.org
 edwin@mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/

From: Edwin Groothuis <edwin@mavetju.org>
To: freebsd-gnats-submit@FreeBSD.org, A.J.Caines@halplant.com
Cc:  
Subject: Re: Re: ports/76735: NON-MAINTAINER UPDATE: www/awstats to 6.3 (includes critical security fix)
Date: Thu, 27 Jan 2005 15:07:12 +1100

 <AJ_Z0> It's (still) shown as the "development" version (at http://awstats.sourceforge.net/files/awstats-6.3.tgz).
 
 -- 
 Edwin Groothuis      |            Personal website: http://www.mavetju.org
 edwin@mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/
State-Changed-From-To: open->feedback 
State-Changed-By: pav 
State-Changed-When: Thu Jan 27 22:37:23 GMT 2005 
State-Changed-Why:  
Asked maintainer for approval. 


Responsible-Changed-From-To: freebsd-ports-bugs->pav 
Responsible-Changed-By: pav 
Responsible-Changed-When: Thu Jan 27 22:37:23 GMT 2005 
Responsible-Changed-Why:  
Handle. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76735 

From: Pav Lucistnik <pav@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, webmaster@lightningfire.net
Cc:  
Subject: Re: ports/76735: NON-MAINTAINER UPDATE: www/awstats to 6.3
	(includes critical security fix)
Date: Thu, 27 Jan 2005 23:37:20 +0100

 Dear maintainer of FreeBSD port www/awstats, please take a look at
 
 http://www.freebsd.org/cgi/query-pr.cgi?q=76735
 
 Do you approve this update?
 
 -- 
 Pav Lucistnik <pav@oook.cz>
               <pav@FreeBSD.org>
 
 He had found a Nutri-Matic machine which had provided him with a plastic cup
 filled with a liquid that was almost, but not quite, entirely unlike tea.
State-Changed-From-To: feedback->suspended 
State-Changed-By: pav 
State-Changed-When: Fri Jan 28 09:17:24 GMT 2005 
State-Changed-Why:  
Maintainer's reply: 

No, I don't. Awstat's 6.3 is development. The temporary solution is to  
submit the patch suggested on the security notification. I mentioned in  
reply on ports@ last night that I'd be working on it tonight or  
tomorrow but I was on a couple deadlines and would try my best to get  
it done. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=76735 

From: Andrew J Caines <A.J.Caines@halplant.com>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc: Edwin Groothuis <edwin@mavetju.org>,
	Pav Lucistnik <pav@FreeBSD.org>, freebsd-ports-bugs@FreeBSD.org
Subject: ports/76735: NON-MAINTAINER UPDATE: www/awstats to 6.3 (includes critical security fix)
Date: Tue, 1 Feb 2005 20:47:38 -0500

 6.3 is now released. I've updated the patch[1] for the new sums.
 
 
 [1] http://halplant.com:88/software/FreeBSD/ports/awstats-6.3.patch
 
 -Andrew-
 -- 
  _______________________________________________________________________
 | -Andrew J. Caines-   Unix Systems Engineer   A.J.Caines@halplant.com  |
 | "They that can give up essential liberty to obtain a little temporary |
 |  safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
State-Changed-From-To: suspended->closed 
State-Changed-By: pav 
State-Changed-When: Thu Feb 3 19:33:18 GMT 2005 
State-Changed-Why:  
Maintainer's patch committed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76735 
>Unformatted:
