File awstats-CVE-2006-2237_read_open.patch of Package awstats

Index: wwwroot/cgi-bin/awstats.pl
===================================================================
--- wwwroot/cgi-bin/awstats.pl.orig
+++ wwwroot/cgi-bin/awstats.pl
@@ -1150,8 +1150,8 @@ sub Read_Config {
 	foreach (@PossibleConfigDir) {
 		my $searchdir=$_;
 		if ($searchdir && $searchdir !~ /[\\\/]$/) { $searchdir .= "/"; }
-		if (open(CONFIG,"$searchdir$PROG.$SiteConfig.conf")) 	{ $FileConfig="$searchdir$PROG.$SiteConfig.conf"; $FileSuffix=".$SiteConfig"; last; }
-		if (open(CONFIG,"$searchdir$PROG.conf"))  				{ $FileConfig="$searchdir$PROG.conf"; $FileSuffix=''; last; }
+		if (open(CONFIG,"<$searchdir$PROG.$SiteConfig.conf")) 	{ $FileConfig="$searchdir$PROG.$SiteConfig.conf"; $FileSuffix=".$SiteConfig"; last; }
+		if (open(CONFIG,"<$searchdir$PROG.conf"))  				{ $FileConfig="$searchdir$PROG.conf"; $FileSuffix=''; last; }
 	}
 	if (! $FileConfig) { error("Couldn't open config file \"$PROG.$SiteConfig.conf\" nor \"$PROG.conf\" after searching in path \"".join(',',@PossibleConfigDir)."\": $!"); }
 
@@ -1482,14 +1482,14 @@ sub Read_Language_Data {
 	foreach (@PossibleLangDir) {
 		my $searchdir=$_;
 		if ($searchdir && (!($searchdir =~ /\/$/)) && (!($searchdir =~ /\\$/)) ) { $searchdir .= "/"; }
-		if (open(LANG,"${searchdir}awstats-$_[0].txt")) { $FileLang="${searchdir}awstats-$_[0].txt"; last; }
+		if (open(LANG,"<${searchdir}awstats-$_[0].txt")) { $FileLang="${searchdir}awstats-$_[0].txt"; last; }
 	}
 	# If file not found, we try english
 	if (! $FileLang) {
 		foreach (@PossibleLangDir) {
 			my $searchdir=$_;
 			if ($searchdir && (!($searchdir =~ /\/$/)) && (!($searchdir =~ /\\$/)) ) { $searchdir .= "/"; }
-			if (open(LANG,"${searchdir}awstats-en.txt")) { $FileLang="${searchdir}awstats-en.txt"; last; }
+			if (open(LANG,"<${searchdir}awstats-en.txt")) { $FileLang="${searchdir}awstats-en.txt"; last; }
 		}
 	}
 	if ($Debug) { debug("Call to Read_Language_Data [FileLang=\"$FileLang\"]"); }
@@ -2157,7 +2157,7 @@ sub Read_History_With_TmpUpdate {
 
 	# Open files
 	if ($withread) {
-		open(HISTORY,$filetoread) || error("Couldn't open file \"$filetoread\" for read: $!","","",$MigrateStats);
+		open(HISTORY,"<$filetoread") || error("Couldn't open file \"$filetoread\" for read: $!","","",$MigrateStats);
 		binmode HISTORY;	# Avoid premature EOF due to history files corrupted with \cZ or bin chars
 	}
 	if ($withupdate) {
@@ -4151,7 +4151,7 @@ sub Read_DNS_Cache {
 	# Plugin call : Load hashtoload
 	if ($PluginsLoaded{'LoadCache'}{'hashfiles'}) { LoadCache_hashfiles($filetoload,$hashtoload); }
 	if (! scalar keys %$hashtoload) {
-		open(DNSFILE,"$filetoload") or error("Couldn't open DNS Cache file \"$filetoload\": $!");
+		open(DNSFILE,"<$filetoload") or error("Couldn't open DNS Cache file \"$filetoload\": $!");
 		#binmode DNSFILE;		# If we set binmode here, it seems that the load is broken on ActiveState 5.8
 		# This is a fast way to load with regexp
 		%$hashtoload = map(/^(?:\d{0,10}\s+)?([0-9A-F:\.]+)\s+([^\s]+)$/oi,<DNSFILE>);
@@ -4433,7 +4433,7 @@ sub FileCopy {
 	my $filesource = shift;
 	my $filetarget = shift;
 	if ($Debug) { debug("FileCopy($filesource,$filetarget)",1); }
-	open(FILESOURCE,"$filesource") || return 1;
+	open(FILESOURCE,"<$filesource") || return 1;
 	open(FILETARGET,">$filetarget") || return 1;
 	binmode FILESOURCE;
 	binmode FILETARGET;
@@ -6169,7 +6169,7 @@ if ($UpdateStats && $FrameName ne 'index
 
 	# Open log file
 	if ($Debug) { debug("Open log file \"$LogFile\""); }
-	open(LOG,"$LogFile") || error("Couldn't open server log file \"$LogFile\" : $!");
+	open(LOG,"<$LogFile") || error("Couldn't open server log file \"$LogFile\" : $!");
 	binmode LOG;	# Avoid premature EOF due to log files corrupted with \cZ or bin chars
 
 	# Define local variables for loop scan