- Update to 6.9

  Changes 6.9:
    New features/improvements:
    - With postfix that support DSN (Delivery Status Notifications) we exclude
      some lines to avoid counting mails twice in maillogconvert.pl script.
    - Logresolvemerge.pl support FreeRADIUS logs or anything else using (the
      fixed length!) ctime format timestamp.
    - Add option stoponfirsteof in logresolvemerge tool.
    - Add patch to support host_proxy tag in LogFormat (for Apache LogFormat
      containing %{X-Forwarded-For}i)
    - Renamed Add to favourites on "Hit on favicon".
    - Increase robots, search engines database (Added Google Chrome browser,
      better Vista, WII, detection, ...)
    - Update languages files.
    - Added a lot of patch from sourceforge.

    Fixes:
    - Fixed broken maxmind citi, org and isp plugins.
    - Remove   in name html tag to have HtmlHeadSection first.
    - Fix: [ 2001151 ] Security fix.
    - Fix: [ 2038681 ] missing <br _/_> in plugins/geoip_org_maxmind.pm
    - Fix: [ 1921942 ] html footer is missing from the allextraN report.
    - Fix: [ 1943466 ] error geoip_city_maxmind Can't locate object method "record_
    - Fix: [ 1808277 ] Incorrect function call in geoip_isp_maxmind.pm
    - Fix: Full list of extrasections was not ordered correctly
    - A lot of other fixes.
    - Added missing icons

    Other/Documentation:
    - None

- Fix CVE-2008-3714 from the upstream
  (Sec: Enhance security of sanitizing parameters)
  http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.925&r2=1.926

PR:		ports/129957,
		ports/130143
Submitted by:	Eygene Ryabinkin <rea-fbsd _at\ codelabs.ru>,
		Naram Qashat <cyberbotx -at\ cyberbotx.com>
Approved by:	Alex Samorukov (maintainer)
Security:	http://secunia.com/advisories/31519

5 files changed, 59 insertions, 22 deletions

diff --git a/www/awstats/Makefile b/www/awstats/Makefile
index 522c4aedd22f..094137e53c67 100644
--- a/www/awstats/Makefile
+++ b/www/awstats/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	awstats
-PORTVERSION=	6.8
-PORTREVISION=	1
+PORTVERSION=	6.9
 PORTEPOCH=	1
 CATEGORIES=	www
 MASTER_SITES=	SF
@@ -75,6 +74,7 @@ do-install:
 	@${MKDIR} ${PREFIX}/www/awstats/js
 	@${MKDIR} ${PREFIX}/www/awstats/tools
 	@${MKDIR} ${PREFIX}/www/awstats/tools/webmin
+	@${MKDIR} ${PREFIX}/www/awstats/tools/xslt
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/awstats_buildstaticpages.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/awstats_exportlib.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/awstats_updateall.pl ${PREFIX}/www/awstats/tools
@@ -82,7 +82,8 @@ do-install:
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/logresolvemerge.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/maillogconvert.pl ${PREFIX}/www/awstats/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/tools/urlaliasbuilder.pl ${PREFIX}/www/awstats/tools
-	${INSTALL_SCRIPT} ${WRKSRC}/tools/webmin/awstats-1.8.wbm ${PREFIX}/www/awstats/tools/webmin
+	${INSTALL_DATA} ${WRKSRC}/tools/webmin/awstats-1.8.wbm ${PREFIX}/www/awstats/tools/webmin
+	${INSTALL_DATA} ${WRKSRC}/tools/xslt/* ${PREFIX}/www/awstats/tools/xslt
 	${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awredir.pl ${PREFIX}/www/awstats/cgi-bin
 	${INSTALL_DATA} ${WRKSRC}/wwwroot/cgi-bin/awstats.model.conf ${PREFIX}/www/awstats/cgi-bin
 	${INSTALL_SCRIPT} ${WRKSRC}/wwwroot/cgi-bin/awstats.pl ${PREFIX}/www/awstats/cgi-bin
@@ -103,16 +104,17 @@ do-install:
 	${INSTALL_DATA} ${WRKSRC}/wwwroot/icon/os/* ${PREFIX}/www/awstats/icons/os
 	${INSTALL_DATA} ${WRKSRC}/wwwroot/icon/other/* ${PREFIX}/www/awstats/icons/other
 	${INSTALL_DATA} ${WRKSRC}/wwwroot/js/* ${PREFIX}/www/awstats/js
-	@${ECHO_CMD} ""
-	@${ECHO_CMD} "* Rename ${PREFIX}/www/awstats/cgi-bin/awstats.model.conf to awstats.site.conf to setup awstats"
-	@${ECHO_CMD} "* Documentation has been installed in ${PREFIX}/share/doc/awstats"
-	@${ECHO_CMD} ""
-
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}/images
 	${INSTALL_DATA} ${WRKSRC}/docs/images/* ${DOCSDIR}/images
 	${INSTALL_DATA} ${WRKSRC}/docs/*.* ${DOCSDIR}
 .endif
+	@${ECHO_CMD} ""
+	@${ECHO_CMD} "* Rename ${PREFIX}/www/awstats/cgi-bin/awstats.model.conf to awstats.site.conf to setup awstats"
+.if !defined(NOPORTDOCS)
+	@${ECHO_CMD} "* Documentation has been installed in ${PREFIX}/share/doc/awstats"
+.endif
+	@${ECHO_CMD} ""
 
 .if !defined(BATCH)
 post-install:
diff --git a/www/awstats/distinfo b/www/awstats/distinfo
index 0f49fbdf3089..0d3e1d1c0ec3 100644
--- a/www/awstats/distinfo
+++ b/www/awstats/distinfo
@@ -1,3 +1,3 @@
-MD5 (awstats-6.8.tar.gz) = 1a35d5a2ca29b31dabd650f3e5f173e9
-SHA256 (awstats-6.8.tar.gz) = a888d0fd680016f71950f584b70c607ae3e28f192a0b8a6d758ed2a7928b6a99
-SIZE (awstats-6.8.tar.gz) = 1101851
+MD5 (awstats-6.9.tar.gz) = fc19dbb8449eccf3300efb30ca3376cb
+SHA256 (awstats-6.9.tar.gz) = c5e288d05c71c5692c59625aa4bcf4c9b41ee0c46cb9b83e7dcac6510bb8b04f
+SIZE (awstats-6.9.tar.gz) = 1125906
diff --git a/www/awstats/files/patch-CVE-2008-3714 b/www/awstats/files/patch-CVE-2008-3714
new file mode 100644
index 000000000000..9b26e66f6afd
--- /dev/null
+++ b/www/awstats/files/patch-CVE-2008-3714
@@ -0,0 +1,22 @@
+Fixes XSS in awstats.pl: CVE-2008-3714
+
+Please, note that the upstream fix at r.1911 is incomplete and can be
+easily curcumvented,
+  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080
+
+Obtained from: Upstream, http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.925&r2=1.926
+Debian, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=33;filename=awstats-6.7.dfsg-5_6.7.dfsg-5.1.patch;att=1;bug=495432
+
+See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
+          
+
+--- wwwroot/cgi-bin/awstats.pl.old	2009-01-04 13:50:42.000000000 +0800
++++ wwwroot/cgi-bin/awstats.pl	2009-01-04 13:52:43.000000000 +0800
+@@ -7523,6 +7523,7 @@
+ 	$stringtodecode =~ tr/\+/ /s;
+ 	$stringtodecode =~ s/%22//g;
+ 	$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
++	$stringtodecode =~ s/["']//g;
+ 	return $stringtodecode;
+ }
+ 
diff --git a/www/awstats/files/patch-wwwroot-cgi-bin-awstats.pl b/www/awstats/files/patch-wwwroot-cgi-bin-awstats.pl
index 6ddbf9e3cc65..4b5d5635ed28 100644
--- a/www/awstats/files/patch-wwwroot-cgi-bin-awstats.pl
+++ b/www/awstats/files/patch-wwwroot-cgi-bin-awstats.pl
@@ -1,11 +1,11 @@
---- wwwroot/cgi-bin/awstats.pl.orig	Sun Jan 15 22:28:43 2006
-+++ wwwroot/cgi-bin/awstats.pl	Sun Jan 15 22:30:17 2006
-@@ -1911,7 +1911,7 @@
- 	# Windows and standard package:        		"$DIR/plugins" (plugins in same dir than awstats.pl)
- 	# Redhat :                                  "/usr/local/awstats/wwwroot/cgi-bin/plugins"
- 	# Debian package :                    		"/usr/share/awstats/plugins"
--	my @PossiblePluginsDir=("$DIR/plugins","/usr/local/awstats/wwwroot/cgi-bin/plugins","/usr/share/awstats/plugins");
-+	my @PossiblePluginsDir=("$DIR/plugins","%%PREFIX%%/www/awstats/cgi-bin/plugins","/usr/share/awstats/plugins");
-  	my %DirAddedInINC=();
- 
- 	#Removed for security reason
+--- wwwroot/cgi-bin/awstats.pl.orig	2008-11-30 10:42:46.000000000 -0500
++++ wwwroot/cgi-bin/awstats.pl	2009-01-03 16:32:27.000000000 -0500
+@@ -2925,7 +2925,7 @@
+ # Debian package :                    		"/usr/share/awstats/plugins"
+ 	my @PossiblePluginsDir = (
+ 							   "$DIR/plugins",
+-							   "/usr/local/awstats/wwwroot/cgi-bin/plugins",
++							   "%%PREFIX%%/www/awstats/cgi-bin/plugins",
+ 							   "/usr/share/awstats/plugins"
+ 	);
+ 	my %DirAddedInINC = ();
diff --git a/www/awstats/pkg-plist b/www/awstats/pkg-plist
index 64af9e79e6a5..acb48f4c366b 100644
--- a/www/awstats/pkg-plist
+++ b/www/awstats/pkg-plist
@@ -156,6 +156,7 @@ www/awstats/cgi-bin/lib/worms.pm
 www/awstats/cgi-bin/plugins/clusterinfo.pm
 www/awstats/cgi-bin/plugins/decodeutfkeys.pm
 www/awstats/cgi-bin/plugins/example/example.pm
+www/awstats/cgi-bin/plugins/export_to_csv.pm
 www/awstats/cgi-bin/plugins/geoip.pm
 www/awstats/cgi-bin/plugins/geoip_city_maxmind.pm
 www/awstats/cgi-bin/plugins/geoip_isp_maxmind.pm
@@ -185,6 +186,7 @@ www/awstats/icons/browser/aweb.png
 www/awstats/icons/browser/bpftp.png
 www/awstats/icons/browser/bytel.png
 www/awstats/icons/browser/chimera.png
+www/awstats/icons/browser/chrome.png
 www/awstats/icons/browser/cyberdog.png
 www/awstats/icons/browser/da.png
 www/awstats/icons/browser/dillo.png
@@ -501,6 +503,7 @@ www/awstats/icons/flags/ps.png
 www/awstats/icons/flags/pt.png
 www/awstats/icons/flags/py.png
 www/awstats/icons/flags/qa.png
+www/awstats/icons/flags/re.png
 www/awstats/icons/flags/ro.png
 www/awstats/icons/flags/ru.png
 www/awstats/icons/flags/rw.png
@@ -562,6 +565,7 @@ www/awstats/icons/flags/zw.png
 www/awstats/icons/mime/ai.png
 www/awstats/icons/mime/archive.png
 www/awstats/icons/mime/audio.png
+www/awstats/icons/mime/css.png
 www/awstats/icons/mime/doc.png
 www/awstats/icons/mime/flash.png
 www/awstats/icons/mime/html.png
@@ -614,6 +618,7 @@ www/awstats/icons/os/linux.png
 www/awstats/icons/os/linuxcentos.png
 www/awstats/icons/os/linuxdebian.png
 www/awstats/icons/os/linuxfedora.png
+www/awstats/icons/os/linuxgentoo.png
 www/awstats/icons/os/linuxmandr.png
 www/awstats/icons/os/linuxredhat.png
 www/awstats/icons/os/linuxsuse.png
@@ -646,6 +651,7 @@ www/awstats/icons/os/wince.png
 www/awstats/icons/os/winlong.png
 www/awstats/icons/os/winme.png
 www/awstats/icons/os/winnt.png
+www/awstats/icons/os/winunknown.png
 www/awstats/icons/os/winxp.png
 www/awstats/icons/os/commodore.png
 www/awstats/icons/os/psp.png
@@ -684,6 +690,13 @@ www/awstats/tools/logresolvemerge.pl
 www/awstats/tools/maillogconvert.pl
 www/awstats/tools/urlaliasbuilder.pl
 www/awstats/tools/webmin/awstats-1.8.wbm
+www/awstats/tools/xslt/README.txt
+www/awstats/tools/xslt/awstats.datademo1.xml
+www/awstats/tools/xslt/awstats.datademo1.xslt
+www/awstats/tools/xslt/awstats.datademo2.xml
+www/awstats/tools/xslt/awstats.datademo2.xslt
+www/awstats/tools/xslt/awstats.xsd
+@dirrm www/awstats/tools/xslt
 @dirrm www/awstats/tools/webmin
 @dirrm www/awstats/tools
 @dirrm www/awstats/js