diff --git a/.gitignore b/.gitignore
index bd70761..f81cfd7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,5 +7,3 @@ awstats-7.0.tar.gz
/awstats-7.6.tar.gz
/awstats-7.7.tar.gz
/awstats-7.8.tar.gz
-/awstats-7.9.tar.gz
-/awstats-8.0.tar.gz
diff --git a/awstats-7.9-httpd-2.4.patch b/awstats-7.0-httpd-2.4.patch
similarity index 74%
rename from awstats-7.9-httpd-2.4.patch
rename to awstats-7.0-httpd-2.4.patch
index a441127..2fe23b6 100644
--- a/awstats-7.9-httpd-2.4.patch
+++ b/awstats-7.0-httpd-2.4.patch
@@ -1,6 +1,7 @@
---- awstats-7.9/tools/httpd_conf.orig 2014-09-23 09:16:09.000000000 +0200
-+++ awstats-7.9/tools/httpd_conf 2023-01-18 23:30:18.097762242 +0100
-@@ -10,20 +10,26 @@
+diff -up awstats-7.0/tools/httpd_conf.http-2.4 awstats-7.0/tools/httpd_conf
+--- awstats-7.0/tools/httpd_conf.http-2.4 2012-11-16 16:11:07.612386681 +0100
++++ awstats-7.0/tools/httpd_conf 2012-11-16 16:44:24.921755562 +0100
+@@ -10,20 +10,33 @@
#
# Directives to add to your Apache conf file to allow use of AWStats as a CGI.
@@ -27,7 +28,14 @@
- Order allow,deny
- Allow from all
+
++ # Apache 2.4
+ Require local
++
++
++ # Apache 2.2
++ Order allow,deny
++ Allow from 127.0.0.1
++ Allow from ::1
+
+# Additional Perl modules
diff --git a/awstats-CVE-2020-35176.patch b/awstats-CVE-2020-35176.patch
new file mode 100644
index 0000000..c954a95
--- /dev/null
+++ b/awstats-CVE-2020-35176.patch
@@ -0,0 +1,20 @@
+diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
+index e709b7f5..8341c0a5 100755
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -1711,13 +1711,13 @@ sub Read_Config {
+ # Check config file in common possible directories :
+ # Windows : "$DIR" (same dir than awstats.pl)
+ # Standard, Mandrake and Debian package : "/etc/awstats"
+- # Other possible directories : "/usr/local/etc/awstats", "/etc"
++ # Other possible directories : "/usr/local/etc/awstats",
+ # FHS standard, Suse package : "/etc/opt/awstats"
+ my $configdir = shift;
+ my @PossibleConfigDir = (
+ "$DIR",
+ "/etc/awstats",
+- "/usr/local/etc/awstats", "/etc",
++ "/usr/local/etc/awstats",
+ "/etc/opt/awstats"
+ );
+
diff --git a/awstats-CVE-2022-46391.patch b/awstats-CVE-2022-46391.patch
new file mode 100644
index 0000000..bed1e7b
--- /dev/null
+++ b/awstats-CVE-2022-46391.patch
@@ -0,0 +1,13 @@
+diff --git a/wwwroot/cgi-bin/plugins/hostinfo.pm b/wwwroot/cgi-bin/plugins/hostinfo.pm
+index 95b2c20b7..1f0ac6994 100644
+--- a/wwwroot/cgi-bin/plugins/hostinfo.pm
++++ b/wwwroot/cgi-bin/plugins/hostinfo.pm
+@@ -181,7 +181,7 @@ sub BuildFullHTMLOutput_hostinfo {
+
+ &tab_head("Full Whois Field",0,0,'whois');
+ if ($w && $w->response()) {
+- print "".($w->response())." |
\n";
++ print "".CleanXSS($w->response())." |
\n";
+ }
+ else {
+ print "
The Whois command failed.
Did the server running AWStats is allowed to send WhoIs queries (If a firewall is running, port 43 should be opened from inside to outside) ?
|
\n";
diff --git a/awstats-awstats_path.patch b/awstats-awstats_path.patch
new file mode 100644
index 0000000..ba708d6
--- /dev/null
+++ b/awstats-awstats_path.patch
@@ -0,0 +1,38 @@
+From: Chris Caron
+Date: Tue, 29 Nov 2016 20:33:53 -0500
+Subject: update default path to be more compatible with Linux distro
+Website: http://nuxref.com
+
+Make it so you don't have to pass in the -awstats=/path/to/awstats.pl
+every time any script is called.
+
+---
+
+diff -Naur awstats-7.4/tools/awstats_buildstaticpages.pl awstats-7.4.patched/tools/awstats_buildstaticpages.pl
+--- awstats-7.4/tools/awstats_buildstaticpages.pl 2014-09-23 03:16:09.000000000 -0400
++++ awstats-7.4.patched/tools/awstats_buildstaticpages.pl 2016-11-29 20:33:53.203777945 -0500
+@@ -299,6 +299,10 @@
+ # Check if AWSTATS prog is found
+ my $AwstatsFound=0;
+ if (-s "$Awstats") { $AwstatsFound=1; }
++elsif (-s "/usr/share/awstats/wwwroot/cgi-bin/awstats.pl") {
++ $Awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl";
++ $AwstatsFound=1;
++}
+ elsif (-s "/usr/local/awstats/wwwroot/cgi-bin/awstats.pl") {
+ $Awstats="/usr/local/awstats/wwwroot/cgi-bin/awstats.pl";
+ $AwstatsFound=1;
+diff -Naur awstats-7.4/tools/awstats_updateall.pl awstats-7.4.patched/tools/awstats_updateall.pl
+--- awstats-7.4/tools/awstats_updateall.pl 2014-09-23 03:16:09.000000000 -0400
++++ awstats-7.4.patched/tools/awstats_updateall.pl 2016-11-29 20:34:58.026745752 -0500
+@@ -129,6 +129,10 @@
+ # Check if AWSTATS prog is found
+ my $AwstatsFound=0;
+ if (-s "$Awstats") { $AwstatsFound=1; }
++ elsif (-s "/usr/share/awstats/wwwroot/cgi-bin/awstats.pl") {
++ $Awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl";
++ $AwstatsFound=1;
++ }
+ elsif (-s "/usr/local/awstats/wwwroot/cgi-bin/awstats.pl") {
+ $Awstats="/usr/local/awstats/wwwroot/cgi-bin/awstats.pl";
+ $AwstatsFound=1;
diff --git a/awstats.spec b/awstats.spec
index 6389fe6..943073a 100644
--- a/awstats.spec
+++ b/awstats.spec
@@ -1,26 +1,33 @@
Name: awstats
-Version: 8.0
-Release: 2%{?dist}
+Version: 7.8
+Release: 3%{?dist}
Summary: Advanced Web Statistics
-# Automatically converted from old format: GPLv3+ - review is highly recommended.
-License: GPL-3.0-or-later
-URL: https://www.awstats.org/
-Source0: https://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
+License: GPLv3+
+URL: http://awstats.sourceforge.net
+Source0: http://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
Source1: %{name}.cron
Patch0: awstats-awredir.pl-sanitize-parameters.patch
# fix configuration for httpd 2.4 (#871366)
-Patch1: awstats-7.9-httpd-2.4.patch
+Patch1: awstats-7.0-httpd-2.4.patch
+
+# https://github.com/eldy/awstats/pull/196/commits/0d4d4c05f8e73be8f71dd361dc55cbd52858b823.diff
+Patch2: awstats-CVE-2020-35176.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2150632
+# https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965.diff
+Patch3: awstats-CVE-2022-46391.patch
BuildArch: noarch
BuildRequires: coreutils
BuildRequires: findutils
-BuildRequires: perl-interpreter
+BuildRequires: perl
BuildRequires: perl-generators
BuildRequires: recode
+Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: perl-Net-IP, perl-Net-DNS, perl-Geo-IP
-Requires: crontabs
-Requires(post): perl-interpreter
+Requires: crontabs
+Requires(post): perl
# For systemd.macros
BuildRequires: systemd
@@ -50,8 +57,11 @@ http://localhost/awstats/awstats.pl
%prep
%setup -q
-%patch -P0 -p 1
-%patch -P1 -p 1
+%patch0 -p 1
+
+%patch1 -p 1
+%patch2 -p 1
+%patch3 -p 1
# Fix style sheets.
perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
@@ -117,6 +127,7 @@ install -m 0750 -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/cron.hourly/%{name}
# https://bugzilla.redhat.com/show_bug.cgi?id=1196549
cd $RPM_BUILD_ROOT%{_datadir}/%{name}/wwwroot/icon
for i in browser/adobe.png browser/seamonkey.png os/win*.png os/macos*.png cpu/intel.png cpu/ibm.png; do
+
cp -v os/unknown.png $i
done
cd -
@@ -159,118 +170,23 @@ fi
%changelog
-* Fri Jan 16 2026 Fedora Release Engineering - 8.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
-
-* Sat Nov 22 2025 Tim Jackson - 8.0-1
-* Update to 8.0
-
-* Wed Jul 23 2025 Fedora Release Engineering - 7.9-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Thu Jan 16 2025 Fedora Release Engineering - 7.9-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Thu Jul 25 2024 Miroslav Suchý - 7.9-6
-- convert license to SPDX
-
-* Wed Jul 17 2024 Fedora Release Engineering - 7.9-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Tue Jan 23 2024 Fedora Release Engineering - 7.9-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering - 7.9-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Wed Jul 19 2023 Fedora Release Engineering - 7.9-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Wed Jan 18 2023 Tim Jackson - 7.9-1
-- Version 7.9
-
-* Wed Jan 18 2023 Fedora Release Engineering - 7.8-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Mon Jan 09 2023 Tim Jackson - 7.8-9
+* Mon Jan 09 2023 Tim Jackson - 7.8-3
- Fix CVE-2022-46391 (rhbz #2150632)
- Clean up spec file, removing conditionals for now-obsolete releases
-* Wed Jul 20 2022 Fedora Release Engineering - 7.8-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon May 30 2022 Jitka Plesnikova - 7.8-7
-- Perl 5.36 rebuild
-
-* Wed Jan 19 2022 Fedora Release Engineering - 7.8-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Jul 21 2021 Fedora Release Engineering - 7.8-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Fri May 21 2021 Jitka Plesnikova - 7.8-4
-- Perl 5.34 rebuild
-
-* Tue Jan 26 2021 Fedora Release Engineering - 7.8-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
* Wed Dec 30 2020 Tim Jackson - 7.8-2
- Fix CVE-2020-35176
* Fri Aug 07 2020 Tim Jackson - 7.8-1
- Version 7.8
-* Mon Jul 27 2020 Fedora Release Engineering - 7.7-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Fri Jun 26 2020 Jitka Plesnikova - 7.7-10
-- Perl 5.32 re-rebuild of bootstrapped packages
-
-* Mon Jun 22 2020 Jitka Plesnikova - 7.7-9
-- Perl 5.32 rebuild
-
-* Tue Jan 28 2020 Fedora Release Engineering - 7.7-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Jul 24 2019 Fedora Release Engineering - 7.7-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu May 30 2019 Jitka Plesnikova - 7.7-6
-- Perl 5.30 rebuild
-
-* Thu Jan 31 2019 Fedora Release Engineering - 7.7-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Jul 12 2018 Fedora Release Engineering - 7.7-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Jun 27 2018 Jitka Plesnikova - 7.7-3
-- Perl 5.28 rebuild
-
-* Wed Feb 07 2018 Fedora Release Engineering - 7.7-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
* Mon Jan 08 2018 Petr Lautrbach - 7.7-1
- Version 7.7
-* Tue Jan 02 2018 Petr Lautrbach - 7.6-8
+* Tue Jan 02 2018 Petr Lautrbach - 7.6-4
- Fix two path traversal issues in awstat.pl - CVE-2017-1000501 (#1529349)
-* Wed Jul 26 2017 Fedora Release Engineering - 7.6-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Fri Jul 14 2017 Petr Pisar - 7.6-6
-- perl dependency renamed to perl-interpreter manually
-
-
-* Thu Jul 13 2017 Petr Pisar - 7.6-5
-- perl dependency renamed to perl-interpreter
-
-
-* Sun Jun 04 2017 Jitka Plesnikova - 7.6-4
-- Perl 5.26 rebuild
-
-* Tue May 30 2017 Petr Lautrbach - 7.6-3
+* Tue May 30 2017 Petr Lautrbach - 7.6-3.1
- Revert "Move cron file to awstats-cron"
* Tue May 23 2017 Petr Lautrbach - 7.6-2
@@ -280,54 +196,22 @@ fi
* Wed Apr 12 2017 Petr Lautrbach - 7.6-1
- version 7.6
-* Fri Feb 10 2017 Fedora Release Engineering - 7.4-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Fri Jul 22 2016 Jitka Plesnikova - 7.4-5
-- Fix FTBFS when perl is not in the SRPM build root
-
-* Sat May 14 2016 Jitka Plesnikova - 7.4-4
-- Perl 5.24 rebuild
-
-* Thu Feb 25 2016 Petr Lautrbach 7.4-3
+* Tue Mar 01 2016 Petr Lautrbach 7.4-1
+- version 7.4
- replace logos with Copyright and Trademark problem by unknown.png (#1196549)
-* Wed Feb 03 2016 Fedora Release Engineering - 7.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Sep 11 2015 Petr Lautrbach 7.4-1
-- version 7.4
-
-* Wed Jun 17 2015 Fedora Release Engineering - 7.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Wed Jun 03 2015 Jitka Plesnikova - 7.3-3
-- Perl 5.22 rebuild
-
-* Fri Sep 05 2014 Jitka Plesnikova - 7.3-2
-- Perl 5.20 rebuild
+* Fri Sep 05 2014 Petr Lautrbach 7.3-2
+- bring back Requires: perl-Geo-IP
* Wed Sep 03 2014 Petr Lautrbach 7.3-1
- version 7.3
-* Tue Aug 26 2014 Jitka Plesnikova - 7.2-2
-- Perl 5.20 rebuild
-
* Mon Jun 09 2014 Petr Lautrbach 7.2-1
- version 7.2
-* Sat Jun 07 2014 Fedora Release Engineering - 7.1.1-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
* Thu Oct 10 2013 Ralf Corsépius - 7.1.1-5
- Add BR: systemd for systemd.macros (RHBZ #1017665).
-* Sat Aug 03 2013 Fedora Release Engineering - 7.1.1-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Wed Jul 17 2013 Petr Pisar - 7.1.1-3
-- Perl 5.18 rebuild
-
* Tue Apr 02 2013 Petr Lautrbach 7.1.1-2
- add a missing requirement on crontab and fix (#947040)
- add missing requirements (#908981)
diff --git a/sources b/sources
index 4008499..318d463 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (awstats-8.0.tar.gz) = b14f820e2ea6895baa0034828bba422d2f0dadd70387f682c1e9f25a72d8817ecf91127e254d6c6e7e7c866e02860a05112b0ac4452da7e71b2d9a6f57f21d03
+SHA512 (awstats-7.8.tar.gz) = b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2