pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/webmin Fix various cross site scripting, arbi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/fd9a1e0883c9
branches: trunk
changeset: 545046:fd9a1e0883c9
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Fri Jul 25 02:55:27 2008 +0000
description:
Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
diffstat:
sysutils/webmin/Makefile | 4 +-
sysutils/webmin/distinfo | 20 +++++++++++++++-
sysutils/webmin/patches/patch-ac | 34 +++++++++++++++++++++++++++
sysutils/webmin/patches/patch-aj | 46 ++++++++++++++++++++++++++++++++++++
sysutils/webmin/patches/patch-ak | 14 +++++++++++
sysutils/webmin/patches/patch-al | 25 ++++++++++++++++++++
sysutils/webmin/patches/patch-am | 34 +++++++++++++++++++++++++++
sysutils/webmin/patches/patch-an | 24 +++++++++++++++++++
sysutils/webmin/patches/patch-ao | 14 +++++++++++
sysutils/webmin/patches/patch-ap | 14 +++++++++++
sysutils/webmin/patches/patch-aq | 34 +++++++++++++++++++++++++++
sysutils/webmin/patches/patch-ar | 34 +++++++++++++++++++++++++++
sysutils/webmin/patches/patch-as | 36 ++++++++++++++++++++++++++++
sysutils/webmin/patches/patch-at | 38 ++++++++++++++++++++++++++++++
sysutils/webmin/patches/patch-au | 14 +++++++++++
sysutils/webmin/patches/patch-av | 15 ++++++++++++
sysutils/webmin/patches/patch-aw | 15 ++++++++++++
sysutils/webmin/patches/patch-ax | 48 ++++++++++++++++++++++++++++++++++++++
sysutils/webmin/patches/patch-ay | 50 ++++++++++++++++++++++++++++++++++++++++
sysutils/webmin/patches/patch-az | 28 ++++++++++++++++++++++
20 files changed, 538 insertions(+), 3 deletions(-)
diffs (truncated from 640 to 300 lines):
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/Makefile
--- a/sysutils/webmin/Makefile Fri Jul 25 00:54:44 2008 +0000
+++ b/sysutils/webmin/Makefile Fri Jul 25 02:55:27 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.23 2008/05/26 22:37:30 tnn Exp $
+# $NetBSD: Makefile,v 1.24 2008/07/25 02:55:27 tonnerre Exp $
.include "version.mk"
DISTNAME= webmin-${WBM_VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= sysutils www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=webadmin/}
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/distinfo
--- a/sysutils/webmin/distinfo Fri Jul 25 00:54:44 2008 +0000
+++ b/sysutils/webmin/distinfo Fri Jul 25 02:55:27 2008 +0000
@@ -1,13 +1,31 @@
-$NetBSD: distinfo,v 1.15 2007/10/05 15:47:00 obache Exp $
+$NetBSD: distinfo,v 1.16 2008/07/25 02:55:27 tonnerre Exp $
SHA1 (webmin-1.370.tar.gz) = ed4c1ee751953146356f308c4091eb8ad21df309
RMD160 (webmin-1.370.tar.gz) = 28805b553adc85b642ad3acffa3765a5127a529d
Size (webmin-1.370.tar.gz) = 13132344 bytes
SHA1 (patch-aa) = 3b66c111357358548a8f5e47ae4dfb2e9be5fc2a
SHA1 (patch-ab) = fa07200462df76af23b9952739388053940c6743
+SHA1 (patch-ac) = c4f73a091ef8b5c5c0d5a6f82427c497e823a946
SHA1 (patch-ad) = 51d6875b0d825b06ab088e7e63f3e86c280a06f6
SHA1 (patch-ae) = 16583d392d44176e8175e7637851d000ca2ecb9d
SHA1 (patch-af) = 24f130a985ab7d3bdfc7db8d82114e8b107f1574
SHA1 (patch-ag) = 4a2ba61d26a3f3a9bb0e1a22a8afb65d66e43746
SHA1 (patch-ah) = 9cf6fc0d420535697eac2c32a29701fc095ef67f
SHA1 (patch-ai) = 14accea4c38882933da3b565fe51adec06db1878
+SHA1 (patch-aj) = bc86ea60c49266fc537690b07d194d5c2fa690c4
+SHA1 (patch-ak) = 201c124d8c407e0439b8531dfb4dacba37ce37bb
+SHA1 (patch-al) = b1382143d42af3ce5057368dc442ba9c2e6de259
+SHA1 (patch-am) = d61fed9c53870aad36651389a5d655f5b2d5c21f
+SHA1 (patch-an) = 4416c2586fc7a732b255d4787be1a3f93c23f32c
+SHA1 (patch-ao) = 007eba7b551fd3d154e470f82c1c15552481e9fa
+SHA1 (patch-ap) = 7b8c983770c7fd08b20de36b006e0f30ce1bce3e
+SHA1 (patch-aq) = 52751d7ec0ce1ebb89aee977a752486372b80e36
+SHA1 (patch-ar) = 647703ab0281991cec015f2f6a6d191c70c0301e
+SHA1 (patch-as) = 65f246bfca5b077d15bf0e874d56792f08c93c03
+SHA1 (patch-at) = 72e88355d9c3bd159d5077acc81073ec048efd0b
+SHA1 (patch-au) = f0d0aaf6819f92fd96543246e7600054fb150d08
+SHA1 (patch-av) = c3a4096058a432863eb10a2b2d44184bc91f8926
+SHA1 (patch-aw) = 2d7738459ed4618b11558d31aef70a42f26c25be
+SHA1 (patch-ax) = 09f78731d35603e736b22a0f1e478103ca14cc4d
+SHA1 (patch-ay) = 04bf4d094a2051469e956b4e57af842daf0232d7
+SHA1 (patch-az) = 55e40bcf0841b20d185265fff98685fe56cb1810
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ac Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-ac,v 1.3 2008/07/25 02:55:27 tonnerre Exp $
+
+--- software/search.cgi.orig 2007-09-21 23:26:13.000000000 +0200
++++ software/search.cgi
+@@ -34,7 +34,8 @@ if (@match == 1 && $in{'goto'}) {
+ if (@match) {
+ @match = sort { lc($packages{$a,'name'}) cmp lc($packages{$b,'name'}) }
+ @match;
+- print "<b>",&text('search_match', "<tt>$s</tt>"),"</b><p>\n";
++ print "<b>",&text('search_match', "<tt>" . &html_escape($s) . "</tt>"),
++ "</b><p>\n";
+ print "<form action=delete_packs.cgi method=post>\n";
+ print "<input type=hidden name=search value='$in{'search'}'>\n";
+ @tds = ( "width=5" );
+@@ -47,7 +48,8 @@ if (@match) {
+ $text{'search_desc'} ], 100, 0, \@tds);
+ foreach $i (@match) {
+ local @cols;
+- push(@cols, "<a href=\"edit_pack.cgi?search=$s&package=".
++ push(@cols, "<a href=\"edit_pack.cgi?search=" .
++ &urlize($s) . "&package=".
+ &urlize($packages{$i,'name'})."&version=".
+ &urlize($packages{$i,'version'})."\">".&html_escape(
+ $packages{$i,'name'}.($packages{$i,'version'} ?
+@@ -69,7 +71,8 @@ if (@match) {
+ print "<input type=submit value='$text{'search_delete'}'></form>\n";
+ }
+ else {
+- print "<b>",&text('search_nomatch', "<tt>$s</tt>"),"</b><p>\n";
++ print "<b>",&text('search_nomatch', "<tt>" . &html_escape($s) .
++ "</tt>"),"</b><p>\n";
+ }
+
+ &ui_print_footer("", $text{'index_return'});
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-aj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-aj Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,46 @@
+$NetBSD: patch-aj,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- proc/index_search.cgi.orig 2008-07-25 04:39:36.000000000 +0200
++++ proc/index_search.cgi
+@@ -22,12 +22,12 @@ printf "<input type=radio name=mode valu
+ $in{mode}==1 ? "checked" : "";
+ print &hlink("<b>$text{'search_match'}</b>","smatch"),"\n";
+ printf "<input name=match size=20 value=\"%s\"><br>\n",
+- $in{mode}==1 ? $in{match} : "";
++ $in{mode}==1 ? &html_escape($in{match}) : "";
+
+ printf "<input type=radio name=mode value=2 %s>\n",
+ $in{mode}==2 ? "checked" : "";
+ $cpu = sprintf "<input name=cpu size=4 value=\"%s\">\n",
+- $in{mode}==2 ? $in{cpu} : "";
++ $in{mode}==2 ? html_escape($in{cpu}) : "";
+ print &hlink("<b>".&text('search_cpupc', $cpu)."</b>", "scpu"),"<br>\n";
+
+ print "</td><td valign=top>\n";
+@@ -49,7 +49,7 @@ if ($has_fuser_command) {
+ }
+ else {
+ printf "<input name=fs size=15 value='%s'><br>\n",
+- $in{'mode'}==3 ? $in{'fs'} : "";
++ $in{'mode'}==3 ? &html_escape($in{'fs'}) : "";
+ }
+
+ printf "<input type=radio name=mode value=4 %s>\n",
+@@ -66,7 +66,7 @@ if ($has_lsof_command) {
+ $in{mode}==5 ? "checked" : "";
+ print &hlink("<b>$text{'search_port'}</b>","ssocket"),"\n";
+ printf "<input name=port size=6 value='%s'>\n",
+- $in{mode}==5 ? $in{port} : "";
++ $in{mode}==5 ? &html_escape($in{port}) : "";
+
+ # Show input for protocol and port
+ print &hlink("<b>$text{'search_protocol'}</b>","ssocket"),"\n";
+@@ -83,7 +83,7 @@ if ($has_lsof_command) {
+ $in{mode}==6 ? "checked" : "";
+ print &hlink("<b>$text{'search_ip'}</b>","sip"),"\n";
+ printf "<input name=ip size=15 value='%s'>\n",
+- $in{mode}==6 ? $in{ip} : "";
++ $in{mode}==6 ? &html_escape($in{ip}) : "";
+ }
+
+ print "</td></tr></table>\n";
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ak
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ak Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ak,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- sendmail/mailq_search.cgi.orig 2007-09-21 23:26:27.000000000 +0200
++++ sendmail/mailq_search.cgi
+@@ -18,7 +18,8 @@ $conf = &get_sendmailcf();
+ $fields = [ [ $in{'field'}, $in{'match'} ] ];
+ @qmails = grep { &mail_matches($fields, 1, $_) } @qmails;
+ print "<p><b>",&text($in{'field'} =~ /^\!/ ? 'search_results3' :
+- 'search_results2', scalar(@qmails), "<tt>$in{'match'}</tt>"),"</b><p>\n";
++ 'search_results2', scalar(@qmails), "<tt>" .
++ &html_escape($in{'match'}) . "</tt>"),"</b><p>\n";
+
+ if (@qmails) {
+ %qmails = map { $_->{'file'}, $_ } @qmails;
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-al
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-al Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-al,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- file/search.cgi.orig 2007-09-21 23:26:33.000000000 +0200
++++ file/search.cgi
+@@ -17,16 +17,16 @@ if ($in{'dir'} ne '/') {
+ }
+ $cmd = "find ".quotemeta(&unmake_chroot($in{'dir'}))." -name ".quotemeta($in{'match'});
+ if ($in{'type'}) {
+- $cmd .= " -type $in{'type'}";
++ $cmd .= " -type " . quotemeta($in{'type'});
+ }
+ if ($in{'user'}) {
+- $cmd .= " -user $in{'user'}";
++ $cmd .= " -user " . quotemeta($in{'user'});
+ }
+ if ($in{'group'}) {
+- $cmd .= " -group $in{'group'}";
++ $cmd .= " -group " . quotemeta($in{'group'});
+ }
+ if ($in{'size'}) {
+- $cmd .= " -size $in{'size'}";
++ $cmd .= " -size " . quotemeta($in{'size'});
+ }
+ if ($in{'xdev'}) {
+ $cmd .= " -mount";
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-am Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-am,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- mysql/search_form.cgi.orig 2007-09-21 23:26:42.000000000 +0200
++++ mysql/search_form.cgi
+@@ -12,7 +12,8 @@ require './view-lib.pl';
+ &can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
+ @str = &table_structure($in{'db'}, $in{'table'});
+
+-$desc = &text('table_header', "<tt>$in{'table'}</tt>", "<tt>$in{'db'}</tt>");
++$desc = &text('table_header', "<tt>" . &html_escape($in{'table'}) .
++ "</tt>", "<tt>" . &html_escape($in{'db'}) . "</tt>");
+ &ui_print_header($desc, $text{'adv_title'}, "");
+
+ print &ui_form_start("view_table.cgi", "post");
+@@ -36,13 +37,13 @@ print "</table>\n";
+ print &ui_form_end([ [ "advanced", $text{'adv_ok'} ] ]);
+
+ if ($access{'edonly'}) {
+- &ui_print_footer("edit_dbase.cgi?db=$in{'db'}",$text{'dbase_return'},
+- "", $text{'index_return'});
++ &ui_print_footer("edit_dbase.cgi?db=" . &urlize($in{'db'}),
++ $text{'dbase_return'}, "", $text{'index_return'});
+ }
+ else {
+- &ui_print_footer("edit_table.cgi?db=$in{'db'}&table=$in{'table'}",
+- $text{'table_return'},
+- "edit_dbase.cgi?db=$in{'db'}", $text{'dbase_return'},
+- "", $text{'index_return'});
++ &ui_print_footer("edit_table.cgi?db=" . &urlize($in{'db'}) .
++ "&table=" . &urlize($in{'table'}), $text{'table_return'},
++ "edit_dbase.cgi?db=" . &urlize($in{'db'}),
++ $text{'dbase_return'}, "", $text{'index_return'});
+ }
+
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-an Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-an,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- man/search.cgi.orig 2007-09-21 23:26:43.000000000 +0200
++++ man/search.cgi
+@@ -255,7 +255,8 @@ if (@rv == 1 && !$in{'check'}) {
+ }
+
+ # Display search results
+-$for = join($in{'and'} ? " and " : " or ", map { "<tt>$_</tt>" } @for);
++$for = join($in{'and'} ? " and " : " or ", map { "<tt>" . &html_escape($_) .
++ "</tt>" } @for);
+ &ui_print_header(&text('search_for', $for), $text{'search_title'}, "");
+ if (@rv) {
+ #@rv = sort { $b->[4] <=> $a->[4] } @rv;
+@@ -280,7 +281,8 @@ if (@rv) {
+ print &ui_columns_end();
+ }
+ else {
+- print "<p><b>",&text('search_none', "<tt>$in{'for'}</tt>"),"</b><p>\n";
++ print "<p><b>",&text('search_none', "<tt>" . &html_escape($in{'for'}) .
++ "</tt>"),"</b><p>\n";
+ }
+
+ &ui_print_footer("", $text{'index_return'});
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ao
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ao Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ao,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- postfix/mailq_search.cgi.orig 2007-09-21 23:26:52.000000000 +0200
++++ postfix/mailq_search.cgi
+@@ -17,7 +17,8 @@ $neg = ($in{'field'} =~ s/^!//);
+ $neg ? !$r : $r } @qfiles;
+
+ print "<p><b>",&text($in{'field'} =~ /^\!/ ? 'search_results3' :
+- 'search_results2', scalar(@qfiles), "<tt>$in{'match'}</tt>"),"</b><p>\n";
++ 'search_results2', scalar(@qfiles), "<tt>" .
++ &html_escape($in{'match'}) . "</tt>"),"</b><p>\n";
+ if (@qfiles) {
+ # Show matching messages
+ &mailq_table(\@qfiles);
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ap Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ap,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- webminlog/search.cgi.orig 2007-09-21 23:26:52.000000000 +0200
++++ webminlog/search.cgi
+@@ -91,7 +91,8 @@ $searchmsg = join(" ",
+ if (@match) {
+ if ($in{'sid'}) {
+ print "<b>",&text('search_sid', "<tt>$match[0]->{'user'}</tt>",
+- "<tt>$in{'sid'}</tt>")," ..</b><p>\n";
++ "<tt>" . &html_escape($in{'sid'}) . "</tt>"),
++ " ..</b><p>\n";
+ }
+ elsif ($in{'uall'} == 1 && $in{'mall'} && $in{'tall'}) {
+ print "<b>$text{'search_critall'} ..</b><p>\n";
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-aq Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-aq,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- postgresql/old/search_form.cgi.orig 2007-09-21 23:26:53.000000000 +0200
++++ postgresql/old/search_form.cgi
+@@ -6,7 +6,8 @@ require './postgresql-lib.pl';
+ &can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
+ @str = &table_structure($in{'db'}, $in{'table'});
+
Home |
Main Index |
Thread Index |
Old Index