Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:awstats User: [email protected] Usertags: pu
[ Reason ] There is a bug in awstats which freezes process at some conditions based on keyword detections. Bug reported upstream https://github.com/eldy/AWStats/issues/250 [ Impact ] Pacakges is unusable with IIS log file. [ Tests ] Tested in a virtualmachine with a Internet Information Server log file. [ Risks ] Very small, the patch add only tests if 3 variable aren't empty. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] Added upstream patch to fix this issue https://github.com/eldy/AWStats/pull/247/changes/1326f2baacecb7be2c8718a8ae99b47e2f9d74f9 Christian
diff -Nru awstats-7.9/debian/changelog awstats-7.9/debian/changelog --- awstats-7.9/debian/changelog 2026-04-04 16:48:04.000000000 +0200 +++ awstats-7.9/debian/changelog 2026-05-22 11:10:34.000000000 +0200 @@ -1,3 +1,9 @@ +awstats (7.9-1+deb13u2) trixie; urgency=medium + + * Add upstream patch to fix freeze on keyword stat (Closes: #1135203) + + -- Christian Marillat <[email protected]> Fri, 22 May 2026 11:10:34 +0200 + awstats (7.9-1+deb13u1) trixie; urgency=medium * Non-maintainer upload by the LTS Security Team. diff -Nru awstats-7.9/debian/patches/BTS-1135203.patch awstats-7.9/debian/patches/BTS-1135203.patch --- awstats-7.9/debian/patches/BTS-1135203.patch 1970-01-01 01:00:00.000000000 +0100 +++ awstats-7.9/debian/patches/BTS-1135203.patch 2026-05-22 11:10:34.000000000 +0200 @@ -0,0 +1,40 @@ +From 1326f2baacecb7be2c8718a8ae99b47e2f9d74f9 Mon Sep 17 00:00:00 2001 +From: Manuel Mausz <[email protected]> +Date: Thu, 22 Feb 2024 10:41:00 +0100 +Subject: [PATCH] Sorting tree: Check if the key exists. Do not care about its + value. + +Fixes eldy/AWStats#246 +--- + wwwroot/cgi-bin/awstats.pl | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/wwwroot/cgi-bin/awstats.pl ++++ b/wwwroot/cgi-bin/awstats.pl +@@ -8366,7 +8366,7 @@ sub AddInTree { + } + return; + } +- if ( $val{$keyval} ) { # Val is already in tree ++ if ( exists($val{$keyval}) ) { # Val is already in tree + if ($Debug) { debug( " val is already in tree", 4 ); } + $egal{$keytoadd} = $val{$keyval}; + $val{$keyval} = $keytoadd; +@@ -8413,7 +8413,7 @@ sub AddInTree { + while ( $nextval{$valcursor} && ( $nextval{$valcursor} < $keyval ) ) { + $valcursor = $nextval{$valcursor}; + } +- if ( $nextval{$valcursor} ) ++ if ( exists($nextval{$valcursor}) ) + { # keyval is between valcursor and nextval{valcursor} + $nextval{$keyval} = $nextval{$valcursor}; + } +@@ -8441,7 +8441,7 @@ sub Removelowerval { + if ($Debug) { + debug( " remove for lowerval=$lowerval: key=$keytoremove", 4 ); + } +- if ( $egal{$keytoremove} ) { ++ if ( exists($egal{$keytoremove}) ) { + $val{$lowerval} = $egal{$keytoremove}; + delete $egal{$keytoremove}; + } diff -Nru awstats-7.9/debian/patches/series awstats-7.9/debian/patches/series --- awstats-7.9/debian/patches/series 2026-04-04 11:05:33.000000000 +0200 +++ awstats-7.9/debian/patches/series 2026-05-22 11:10:34.000000000 +0200 @@ -11,3 +11,4 @@ 2008_twitter.patch 2009_googlesearch.patch CVE-2025-63261.patch +BTS-1135203.patch
