Package Release Info

sarg-2.3.10-bp152.4.22

Update Info: Base Release
Available in Package Hub : 15 SP2

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

sarg

Change Logs

Version: 2.3.10-bp151.4.3.1
* Tue Jan 21 2020 Thomas Abraham <tabraham@suse.com>
- insecure usage of /tmp/sarg allows privilege escalation / DoS vector
  (CVE-2019-18932, bsc#1156643)
- Add patches:
  * sarg-2.4.0-avoid-race-condition-when-creating-the-temporary-dir.patch
  * sarg-2.4.0-use-unpredictable-temporary-directory-name.patch
  * sarg-2.4.0-when-recursively-creating-a-directory-make-sure-the.patch
Version: 2.3.10-bp150.2.5
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
* Thu Jun 15 2017 tchvatal@suse.com
- Remove apache2 dependency as it was only for directory ownership
- Add patch sarg-no-werror.patch to not build with Werror
- Cleanup a bit with spec-cleaner
- Remove patch sarg-reports-english.patch which was applied by upstream
* Tue Dec 15 2015 ecsos@opensuse.org
- update to 2.3.10
  - Greatly reduce the complexity and the number of messages to
    translate.
  - Fix a couple of minor programming errors.
- add missing BuildRequires
* Thu Mar 26 2015 ecsos@opensuse.org
- fix apache.conf for apache 2.4
* Wed Nov 19 2014 Led <ledest@gmail.com>
- fix bashism in sarg-reports script
* Mon Nov 03 2014 tabraham@suse.com
- update source URL due to source being unavailable at original location
- Enable parallel build, remove redundant sections - jengelh@inai.de
* Thu Oct 02 2014 tabraham@suse.com
- Update to 2.3.9
  - Fix various small compile and link time errors.
  - Add some code to help in diagnosing an error with the number of old report
- Changes from 2.3.8
  - Process downloaded volume bigger than 2GB (thanks to Рустам Муса-Ахунов).
* Fri Nov 01 2013 tabraham@suse.com
- Update to 2.3.7
  - backport a fix to acccept a per user limit over 2GB
* Sun Jun 02 2013 tabraham@suse.com
- Update to 2.3.6
  - Store the IP address in the per user limit file (thanks to xeus)
- Changes from 2.3.5
  - Fix an issue when creating the redirector report. Sarg was not creating
    the unsorted file as expected. That regression was introduced in
    sarg 2.3.4
- Changes from 2.3.4
  - Fix an error occurring when several user names contain at least two
    consecutive non-alphanumeric characters. In that case, the mangled
    file name is not unique. Thanks to Fabiola and Pecha for reporting
    this bug
  - Remove a warning about the redirector file that can't be deleted
    when it is not created.
- Changes from 2.3.3
  - Don't abort the report generation due to an error in a squidGuard
    error (wrapped over long lines)
  - Support for gd, ldap and iconv can be disabled during configuration
  - Supporess the blank line breaking the header of the e-mail report
  - Add many debug messages to help understanding why some parts of the
    report are not produced. Considering all the options and various
    conditions that are involved in the creation of a report, that
    help is welcome
  - Fix the report generation if users_sites is disabled
  - Avoid a possible name clash among the temporary files if a user
    happens to have the same name as one of the files sarg generates
  - Fix various links and reports when some options are disabled
  - Accept regular expressions in the hostalias file
  - URL in SquidGuard logs sometimes don't have a scheme. This is now
    handled properly
  - Exclude hosts based on the IPv4 address even if a port number is
    suffixed after the IP address (thanks to Mark Easter for
    reporting the bug)
  - IP addresses can be resolved to host names using an external program
  - Limit the maximum line length read from the input log to avoid
    consuming all the memory when reading a corrupted or invalid file.
    The limit is set to 10MB per line
  - Protect the temporary directory against unsafe deletion (if the
    temporary path is set to a wrong location, sarg won't blindly
    wipe the directory)
  - The smartfilter might be fixed (I need test logs to validate this
    change. If you have some, please send them to fmarchal at
    users.sourceforge.net)
  - The top sites report can be sorted according to the number of
    users who visited each site
  - The two options --convert and --split can read the log file from
    stdin
  - Display execution statistics with --statistics. Only useful to
    test for regressions during development
* Sun Mar 04 2012 tabraham@novell.com
- Update to 2.3.2:
  * removed obsolete sarg-2.2.3.1-description.patch
  * added C_FLAGS=-std99 and sarg-2.3.2-limits_h.diff to compile on
    SLE 10 and openSUSE 11.1
  - Add support for sorttable.js (http://www.kryogenix.org/code/browser/sorttable/)
    to dynamically sort some tables (thanks to Éric).
  - Add the two command line options --lastlog and --keeplogs to set the number of
    reports to keep or to keep all the reports respectively (thanks to Emmanuel
    Lacour for the suggestion).
  - Report the user ID in the e-mail report.
  - Add an option to sort the top sites by time.
  - Delete unused files from the directory containing the user report
    (thanks to alf-man).
  - Add the index_fields option to hide the directory size column in the index
    sorted by date.
  - Split the input log file in several files each containing one day worth of
    data (thanks to Mauricio Silveira).
  - Take the date_format into account when converting a log file.
  - Accept IPv6 addresses in the realtime report.
  - Don't fail for an empty report directory when building the index.
  - Fix a read error when parsing the time of a common log format
    (thanks to Richard P Scott).
  - Use anonymous file and directory names in the report to hide the identity of
    the user whose report is displayed and shorten the total path length.
  - More robust calls to external sort commands (guard against buffer overflows
    and use tab as column separator).
  - Replace host names by aliases and group identicaly aliased host names.
  - IPv6 is accepted in the hosts exclusion list.
  - Discriminate between users whose name produce the same mangled temporary
    file name.
  - Write a note about the number of entries ignored in the reports (thanks
    to Iain Lopata).
  - Command line option -z output some messages to explain why the reports
    are not generated due to the configuration.
  - The Sites & Users report page links to the user's page if the user is
    listed in the Top Users page.
* Wed Dec 21 2011 coolo@suse.com
- remove call to suse_update_config (very old work around)
* Tue Feb 08 2011 alexandre@exatati.com.br
- Update to 2.3.1:
  - Please read ChangeLog with changes from 2.3 at
    http://sarg.sourceforge.net/sarg.ChangeLog.txt
- Refresh config patch:
  Old: sarg-2.2.7.1-config.patch
  New: sarg-2.3.1-config.patch
- Really enabled sarg-php;
- Spec file cleaned with spec-cleaner.
* Tue Nov 09 2010 nix@opensuse.org
- Update conf file to match sarg 2.2.7.1
* Tue Nov 09 2010 nix@opensuse.org
- Conf file appears to have been word wrapped by mistake. Fixed
* Thu Sep 16 2010 chris@computersalat.de
- fix build for suse_version < 1130
  o BuildReq: apache2 (/etc/apache2/conf.d)
* Wed Sep 15 2010 cyberorg@opensuse.org
- Remove obsolete patches
- Add english to sarg-report
- Add suse logo to report index
- Improved default config
- Add apache configuration
- Version 2.2.7
  * Extra compile and run time protection (FORTIFY_SOURCE) fixed
    in configure.
  * Use tabulations as columns separator in intermediary files
    to avoid problems when a field of the log contains a space.
  * Input log file type detection partly rewritten to clearly
    distinguish which type is processed where.
  * Read the input log file from standard input if log file name
    is -.
  * Use string pointers in getword instead of copying the
    strings over and over.
  * Use LC_TIME to format some dates and times in the report
    according to the selected locale.
  * Sarg.conf can list up to 255 access.log files.
  * Downloaded files suffixes are matched against a sorted list
    and use a dichotomic search.
  * Added getword_atoll to read a number directly from a file
    without an intermediary string storage.
  * Use boolean to enable the options instead of string
    compares.
  * Accept an absolute path for the language file in sarg.conf.
  * Experimental: Can show the backtrace of the program when a
    getword loop is detected to help in locating the origin of
    the error.
  * Protect the creation of the index against invalid
    directories.
  * Only copy the files (not the subdirs) when creating the
    directory with the images to include in the reports.
  * Directories deleted without using the rm system command.
  * Index created using an internal sort algorithm instead of a
    system call.
  * Fixed Debian bug #408577 (changed exclude_hosts to exclude
    subdomains and IPv4 subnets).
  * Replace --enable-htmldir by --enable-sargphp to avoid
    confusion on the name (thanks to Peter Nixon).
  * Installation of sarg-php can be disabled with
  - -disable-sargphp.
  * Fixed empty entries in squidGuard log when the URL doesn't
    start with protocol://.
  * Fixed regressions in creation and reading of a sarg parsed
    log (thanks to Joao Alves).
  * Does not report URLs consisting of only a host name ending
    with .com as a downloaded file.
  * Mangle the $ and @ signs in user ID to make the resulting
    file name valid in shell commands.
  * Fixed a regression in the default value of --enable-sargphp.
  * Increase the maximum size of a line read from access.log and
    detect longer lines that were silently splitted in previous
    versions.
  * Tolerate longer URLs during the reading of the access.log to
    have less chances of aborting during that phase. It only
    helps if short URLs are output in the reports. If long_url is set, sarg will
    still abort on over sized URLs.
* Sat Oct 10 2009 crrodriguez@opensuse.org
- sarg-2.2.5-46.17: missing call to fclose  [bnc#544699]
* Tue Feb 03 2009 kssingvo@suse.de
- purified specfile
- added manpage for sarg-report
- fixed wrong permissions of various files
* Tue Sep 09 2008 kssingvo@suse.de
- fix for buffer check assertion in make_index (bnc#416077)
* Thu Apr 24 2008 kssingvo@suse.de
- fix for buffer size in log.c: fun[]  CVE-2008-???
- fix for sprintf() calls through use of snprintf() calls CVE-2008-???
- fix for font buffer size CVE-2008-???