head 1.2; access; symbols pkgsrc-2016Q4:1.1.0.72 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.70 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.68 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.66 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.64 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.62 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.60 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.58 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.56 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.54 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.52 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.50 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.48 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.46 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.44 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.42 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.40 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.38 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.36 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.34 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.32 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.30 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.28 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.26 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.24 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.22 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.20 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.18 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.16 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.14 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.12 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.10 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2017.02.05.13.19.27; author wiz; state dead; branches; next 1.1; commitid LcDMssYPXXnouLEz; 1.1 date 2008.07.25.02.55.27; author tonnerre; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.07.25.02.55.27; author rtr; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.07.25.10.06.29; author rtr; state Exp; branches; next ; desc @@ 1.2 log @Remove patch that is not in distinfo. @ text @$NetBSD: patch-al,v 1.1 2008/07/25 02:55:27 tonnerre Exp $ --- file/search.cgi.orig 2007-09-21 23:26:33.000000000 +0200 +++ file/search.cgi @@@@ -17,16 +17,16 @@@@ if ($in{'dir'} ne '/') { } $cmd = "find ".quotemeta(&unmake_chroot($in{'dir'}))." -name ".quotemeta($in{'match'}); if ($in{'type'}) { - $cmd .= " -type $in{'type'}"; + $cmd .= " -type " . quotemeta($in{'type'}); } if ($in{'user'}) { - $cmd .= " -user $in{'user'}"; + $cmd .= " -user " . quotemeta($in{'user'}); } if ($in{'group'}) { - $cmd .= " -group $in{'group'}"; + $cmd .= " -group " . quotemeta($in{'group'}); } if ($in{'size'}) { - $cmd .= " -size $in{'size'}"; + $cmd .= " -size " . quotemeta($in{'size'}); } if ($in{'xdev'}) { $cmd .= " -mount"; @ 1.1 log @Fix various cross site scripting, arbitrary command execution and various other vulnerabilities in webmin (CVE-2008-0720). @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-al was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:29 +0000 @ text @d1 25 @ 1.1.2.2 log @pullup ticket #2462 requested by tonnerre webmin: patch for various security vulnerabilities revisions pulled up: pkgsrc/sysutils/webmin/Makefile 1.24 pkgsrc/sysutils/webmin/distinfo 1.16 pkgsrc/sysutils/webmin/patches/patch-ac 1.3 pkgsrc/sysutils/webmin/patches/patch-aj 1.1 pkgsrc/sysutils/webmin/patches/patch-ak 1.1 pkgsrc/sysutils/webmin/patches/patch-al 1.1 pkgsrc/sysutils/webmin/patches/patch-am 1.1 pkgsrc/sysutils/webmin/patches/patch-an 1.1 pkgsrc/sysutils/webmin/patches/patch-ao 1.1 pkgsrc/sysutils/webmin/patches/patch-ap 1.1 pkgsrc/sysutils/webmin/patches/patch-aq 1.1 pkgsrc/sysutils/webmin/patches/patch-ar 1.1 pkgsrc/sysutils/webmin/patches/patch-as 1.1 pkgsrc/sysutils/webmin/patches/patch-at 1.1 pkgsrc/sysutils/webmin/patches/patch-au 1.1 pkgsrc/sysutils/webmin/patches/patch-av 1.1 pkgsrc/sysutils/webmin/patches/patch-aw 1.1 pkgsrc/sysutils/webmin/patches/patch-ax 1.1 pkgsrc/sysutils/webmin/patches/patch-ay 1.1 pkgsrc/sysutils/webmin/patches/patch-az 1.1 Module Name: pkgsrc Committed By: tonnerre Date: Fri Jul 25 02:55:28 UTC 2008 Modified Files: pkgsrc/sysutils/webmin: Makefile distinfo Added Files: pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as patch-at patch-au patch-av patch-aw patch-ax patch-ay patch-az Log Message: Fix various cross site scripting, arbitrary command execution and various other vulnerabilities in webmin (CVE-2008-0720). @ text @a0 25 $NetBSD: patch-al,v 1.1 2008/07/25 02:55:27 tonnerre Exp $ --- file/search.cgi.orig 2007-09-21 23:26:33.000000000 +0200 +++ file/search.cgi @@@@ -17,16 +17,16 @@@@ if ($in{'dir'} ne '/') { } $cmd = "find ".quotemeta(&unmake_chroot($in{'dir'}))." -name ".quotemeta($in{'match'}); if ($in{'type'}) { - $cmd .= " -type $in{'type'}"; + $cmd .= " -type " . quotemeta($in{'type'}); } if ($in{'user'}) { - $cmd .= " -user $in{'user'}"; + $cmd .= " -user " . quotemeta($in{'user'}); } if ($in{'group'}) { - $cmd .= " -group $in{'group'}"; + $cmd .= " -group " . quotemeta($in{'group'}); } if ($in{'size'}) { - $cmd .= " -size $in{'size'}"; + $cmd .= " -size " . quotemeta($in{'size'}); } if ($in{'xdev'}) { $cmd .= " -mount"; @