Description of problem: awstats does not find new element when I set a domain as SiteDomain. If I set a sub-domain, it finds the element of this sub-domain. It works well with the same config on Mageia 1. On Mageia 2 and Cauldron, it fails. Maybe a Perl problem. Version-Release number of selected component (if applicable): 7.0-1 How reproducible: Launch awstats with the next command line : /usr/share/awstats/www/awstats.pl -config=awstats.conf -update Steps to Reproduce: 1. Install awstats 2. Put the joined awstats.conf file in /etc/awstats/ 3. Put the joined access_invisionboard.log in /var/log/httpd/ 4. Launch with root user this command : /usr/share/awstats/www/awstats.pl -config=awstats.conf -update On Mageia 2 and Cauldron, the result is : Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 7.0 (build 1.971) From data in log file "/var/log/httpd/access_invisionboard.log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 444 Found 444 dropped records, Found 0 comments, Found 0 blank records, Found 0 corrupted records, Found 0 old records, Found 0 new qualified records. Correct result on Mageia 1 : Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 7.0 (build 1.971) From data in log file "/var/log/httpd/access_invisionboard.log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 444 Found 10 dropped records, Found 0 comments, Found 0 blank records, Found 0 corrupted records, Found 0 old records, Found 434 new qualified records.
Created attachment 2823 [details] awstats conf file
Created attachment 2824 [details] log file to analyse
I think it is the same problem encounter in this closed bug : https://bugs.mageia.org/show_bug.cgi?id=3694
Assignee: bugsquad => dmorganec
Any news about this bug ?
Severity: normal => major
Jérôme, can you investiguate if this is a perl problem ? Thank you
CC: (none) => jquelin
i don't think it's directly related to perl. 1- the program doesn't crash or complains about a missing pkg 2- in fact, it only requires the following modules: perl(Encode) perl(LWP::UserAgent) perl(POSIX) perl(Socket) perl(Switch) perl(Time::Local) which aren't that fancy. ==> so it's more related to awstats code itself imo. note that it may be related to perl upgrade, if awstats didn't update its codebase to work with new perl semantics - but honestly, i doubt it given that most of the code should work just fine.
Thank you Jerome for your analyse. After some search on awstat website, there are compatibility problem between awstat 7.0 and perl >= 5.14 awstat 7.1 pushed recently in cauldron solve the problem. Can it be possible to push it as update for Mageia 2 ?
Guillaume, as you pushed the last update in cauldron, is it possible to consider to push it as Mageia 2 update ? I known this is a beta release, but as the current release is broken, I think this better to have a working beta release rather than a stable broken release.
CC: (none) => guillomovitch
There are also multiple security flaws fixed in 7.1. Fedora/RedHat has fixes for all of these issues backported to 7.0. Patched package uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Updated awstats package fixes security vulnerabilities: Multiple unspecified security vulnerabilities in awstats before 7.1, including XSS flaws, sql injection, and header response splitting flaws in awredir.pl (CVE-2012-4547, rhbz#740926). Additionally, on Mageia 2, this fixes awstats usage with perl 5.14. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547 http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068245.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072054.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093401.html ======================== Updated packages in core/updates_testing: ======================== awstats-7.0-1.1.mga1 awstats-7.0-1.1.mga2 from SRPMS: awstats-7.0-1.1.mga1.src.rpm awstats-7.0-1.1.mga2.src.rpm
URL: (none) => http://lwn.net/Vulnerabilities/527351/CC: (none) => dmorganec, luigiwalserHardware: x86_64 => AllAssignee: dmorganec => qa-bugsSummary: awstats does not working on domain analyze => awstats does not work with perl 5.14, plus XSS and other security flaws (including CVE-2012-4547)Whiteboard: (none) => MGA1TOO
Oops, wanted to add the upstream changelog to the References too: http://awstats.sourceforge.net/docs/awstats_changelog.txt
Component: RPM Packages => SecurityAssignee: qa-bugs => bugsquad
Assignee: bugsquad => qa-bugs
We don't appear to ship awredir.pl so I don't think we're vulnerable to this. It isn't required by awstats so doesn't seem to have been included http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awredir.pl?view=markup See line 123 onwards. Is an update necessary?
Testing release version mga2 64 # /usr/share/awstats/www/awstats.pl -config=awstats.conf -update Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 7.0 (build 1.971) From data in log file "/var/log/httpd/access_log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 91 Found 0 dropped records, Found 0 comments, Found 0 blank records, Found 0 corrupted records, Found 0 old records, Found 91 new qualified records. So not able to reproduce the mga2 bug here either. # rpm -q awstats awstats-7.0-1.mga1
I didn't check with the attached conf/log though yet..
Whiteboard: MGA1TOO => MGA1TOO feedback
Indeed we don't ship awredir.pl, so the security bugs are non-issues.
Component: Security => RPM PackagesSummary: awstats does not work with perl 5.14, plus XSS and other security flaws (including CVE-2012-4547) => awstats does not work with perl 5.14Whiteboard: MGA1TOO feedback => (none)Severity: major => normal
URL: http://lwn.net/Vulnerabilities/527351/ => (none)
Thanks David, I guess we can also remove the awstats update for mga1 as this bug is against mga2, unless mga1 is also affected by it. Jerome or Yann are you aware whether mga1 is affected please?
Hello Claire, only mga2 is affected by this bug. I'm just testing the new package : [root@localhost ~]# /usr/share/awstats/www/awstats.pl -config=awstats.conf -update Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 7.0 (build 1.971) From data in log file "/var/log/httpd/access_invisionboard.log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 444 Found 10 dropped records, Found 0 comments, Found 0 blank records, Found 0 corrupted records, Found 0 old records, Found 434 new qualified records. Now it works ! :)
Thanks for the confirmation Yann. This package should be good to go. We could ask tmb to remove from mga1 updates_testing when he pushes it, of course it's gonna be cleared in a few days anyway... Advisory: ======================== This update fixes awstats usage with perl 5.14. References: http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072054.html ======================== Updated packages in core/updates_testing: ======================== awstats-7.0-1.1.mga2 from awstats-7.0-1.1.mga2.src.rpm
Thanks Yann for testing. As Yann has confirmed the bug is fixed and already tested mga2 64, just basic testing mga2 32 it seems OK. Validating Advisory and srpm for mga2 in comment 17 Could sysadmin please push from core/updates_testing to core/updates Also, awstats was built for mga1 but it was not necessary, this can be removed (or left and deleted with the rest later). Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: (none) => mga2-32-OK mga2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0233
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED