head 1.4;
access;
symbols
pkgsrc-2026Q1:1.4.0.32
pkgsrc-2026Q1-base:1.4
pkgsrc-2025Q4:1.4.0.30
pkgsrc-2025Q4-base:1.4
pkgsrc-2025Q3:1.4.0.28
pkgsrc-2025Q3-base:1.4
pkgsrc-2025Q2:1.4.0.26
pkgsrc-2025Q2-base:1.4
pkgsrc-2025Q1:1.4.0.24
pkgsrc-2025Q1-base:1.4
pkgsrc-2024Q4:1.4.0.22
pkgsrc-2024Q4-base:1.4
pkgsrc-2024Q3:1.4.0.20
pkgsrc-2024Q3-base:1.4
pkgsrc-2024Q2:1.4.0.18
pkgsrc-2024Q2-base:1.4
pkgsrc-2024Q1:1.4.0.16
pkgsrc-2024Q1-base:1.4
pkgsrc-2023Q4:1.4.0.14
pkgsrc-2023Q4-base:1.4
pkgsrc-2023Q3:1.4.0.12
pkgsrc-2023Q3-base:1.4
pkgsrc-2023Q2:1.4.0.10
pkgsrc-2023Q2-base:1.4
pkgsrc-2023Q1:1.4.0.8
pkgsrc-2023Q1-base:1.4
pkgsrc-2022Q4:1.4.0.6
pkgsrc-2022Q4-base:1.4
pkgsrc-2022Q3:1.4.0.4
pkgsrc-2022Q3-base:1.4
pkgsrc-2022Q2:1.4.0.2
pkgsrc-2022Q2-base:1.4
pkgsrc-2022Q1:1.3.0.14
pkgsrc-2022Q1-base:1.3
pkgsrc-2021Q4:1.3.0.12
pkgsrc-2021Q4-base:1.3
pkgsrc-2021Q3:1.3.0.10
pkgsrc-2021Q3-base:1.3
pkgsrc-2021Q2:1.3.0.8
pkgsrc-2021Q2-base:1.3
pkgsrc-2021Q1:1.3.0.6
pkgsrc-2021Q1-base:1.3
pkgsrc-2020Q4:1.3.0.4
pkgsrc-2020Q4-base:1.3
pkgsrc-2020Q3:1.3.0.2
pkgsrc-2020Q3-base:1.3
pkgsrc-2020Q2:1.2.0.60
pkgsrc-2020Q2-base:1.2
pkgsrc-2020Q1:1.2.0.40
pkgsrc-2020Q1-base:1.2
pkgsrc-2019Q4:1.2.0.62
pkgsrc-2019Q4-base:1.2
pkgsrc-2019Q3:1.2.0.58
pkgsrc-2019Q3-base:1.2
pkgsrc-2019Q2:1.2.0.56
pkgsrc-2019Q2-base:1.2
pkgsrc-2019Q1:1.2.0.54
pkgsrc-2019Q1-base:1.2
pkgsrc-2018Q4:1.2.0.52
pkgsrc-2018Q4-base:1.2
pkgsrc-2018Q3:1.2.0.50
pkgsrc-2018Q3-base:1.2
pkgsrc-2018Q2:1.2.0.48
pkgsrc-2018Q2-base:1.2
pkgsrc-2018Q1:1.2.0.46
pkgsrc-2018Q1-base:1.2
pkgsrc-2017Q4:1.2.0.44
pkgsrc-2017Q4-base:1.2
pkgsrc-2017Q3:1.2.0.42
pkgsrc-2017Q3-base:1.2
pkgsrc-2017Q2:1.2.0.38
pkgsrc-2017Q2-base:1.2
pkgsrc-2017Q1:1.2.0.36
pkgsrc-2017Q1-base:1.2
pkgsrc-2016Q4:1.2.0.34
pkgsrc-2016Q4-base:1.2
pkgsrc-2016Q3:1.2.0.32
pkgsrc-2016Q3-base:1.2
pkgsrc-2016Q2:1.2.0.30
pkgsrc-2016Q2-base:1.2
pkgsrc-2016Q1:1.2.0.28
pkgsrc-2016Q1-base:1.2
pkgsrc-2015Q4:1.2.0.26
pkgsrc-2015Q4-base:1.2
pkgsrc-2015Q3:1.2.0.24
pkgsrc-2015Q3-base:1.2
pkgsrc-2015Q2:1.2.0.22
pkgsrc-2015Q2-base:1.2
pkgsrc-2015Q1:1.2.0.20
pkgsrc-2015Q1-base:1.2
pkgsrc-2014Q4:1.2.0.18
pkgsrc-2014Q4-base:1.2
pkgsrc-2014Q3:1.2.0.16
pkgsrc-2014Q3-base:1.2
pkgsrc-2014Q2:1.2.0.14
pkgsrc-2014Q2-base:1.2
pkgsrc-2014Q1:1.2.0.12
pkgsrc-2014Q1-base:1.2
pkgsrc-2013Q4:1.2.0.10
pkgsrc-2013Q4-base:1.2
pkgsrc-2013Q3:1.2.0.8
pkgsrc-2013Q3-base:1.2
pkgsrc-2013Q2:1.2.0.6
pkgsrc-2013Q2-base:1.2
pkgsrc-2013Q1:1.2.0.4
pkgsrc-2013Q1-base:1.2
pkgsrc-2012Q4:1.2.0.2
pkgsrc-2012Q4-base:1.2
pkgsrc-2012Q3:1.1.0.38
pkgsrc-2012Q3-base:1.1
pkgsrc-2012Q2:1.1.0.36
pkgsrc-2012Q2-base:1.1
pkgsrc-2012Q1:1.1.0.34
pkgsrc-2012Q1-base:1.1
pkgsrc-2011Q4:1.1.0.32
pkgsrc-2011Q4-base:1.1
pkgsrc-2011Q3:1.1.0.30
pkgsrc-2011Q3-base:1.1
pkgsrc-2011Q2:1.1.0.28
pkgsrc-2011Q2-base:1.1
pkgsrc-2011Q1:1.1.0.26
pkgsrc-2011Q1-base:1.1
pkgsrc-2010Q4:1.1.0.24
pkgsrc-2010Q4-base:1.1
pkgsrc-2010Q3:1.1.0.22
pkgsrc-2010Q3-base:1.1
pkgsrc-2010Q2:1.1.0.20
pkgsrc-2010Q2-base:1.1
pkgsrc-2010Q1:1.1.0.18
pkgsrc-2010Q1-base:1.1
pkgsrc-2009Q4:1.1.0.16
pkgsrc-2009Q4-base:1.1
pkgsrc-2009Q3:1.1.0.14
pkgsrc-2009Q3-base:1.1
pkgsrc-2009Q2:1.1.0.12
pkgsrc-2009Q2-base:1.1
pkgsrc-2009Q1:1.1.0.10
pkgsrc-2009Q1-base:1.1
pkgsrc-2008Q4:1.1.0.8
pkgsrc-2008Q4-base:1.1
pkgsrc-2008Q3:1.1.0.6
pkgsrc-2008Q3-base:1.1
cube-native-xorg:1.1.0.4
cube-native-xorg-base:1.1
pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment @# @;
1.4
date 2022.04.02.13.23.08; author mef; state Exp;
branches;
next 1.3;
commitid FjAJnquKTGjT0DyD;
1.3
date 2020.09.07.10.34.52; author mef; state Exp;
branches;
next 1.2;
commitid yzziWc1Qkbzet6nC;
1.2
date 2012.11.02.19.02.51; author shattered; state Exp;
branches;
next 1.1;
1.1
date 2008.07.25.02.55.27; author tonnerre; state Exp;
branches
1.1.2.1;
next ;
1.1.2.1
date 2008.07.25.02.55.27; author rtr; state dead;
branches;
next 1.1.2.2;
1.1.2.2
date 2008.07.25.10.06.30; author rtr; state Exp;
branches;
next ;
desc
@@
1.4
log
@
(sysutils/webmin, wbm-*) Updated 1.960 to 1.990, adjusting PLIST
https://www.webmin.com/changes.html
Version 1.990 (3rd March 2022)
+ Fixed two security bugs in the File Manager module that could be
exploited by less privileged Webmin users.
+ Added buttons to stop and start the Cron daemon.
+ Fail2ban rules are preserved when applying the IPtables configuration
file.
+ Added support for static routes when using Netplan for network
configuration.
+ Updated the Authentic Theme to the latest version.
+ Updated the UI in several modules to use the latest API and be more
consistent with the rest of Webmin.
Version 1.984 (26th December 2021)
+ Mostly a bugfix release for issues found in 1.983.
Version 1.983 (4th December 2021)
+ Bugfix release for issues found in 1.982.
Version 1.982 (26th November 2021)
+ Added support for HTTP2 in the Apache module.
+ Added an optional feature to re-format the Apache configuration file.
+ Several different contributed translation updates.
+ Added support for extracting archive files and directory uploads in the
File Manager.
+ Updated the Authentic Theme to the latest version.
+ Many many other small bugfixes and features.
Version 1.981 (28th August 2021)
+ Fixes a couple of minor bugs, including one that broke MySQL backups in
some cases.
Version 1.980 (22nd August 2021)
+ In the Webmin Configuration module, added an option on the
Authentication Options page to enable a password change API for use by
other programs.
+ Removed rarely-used code to check for Webmin module updates.
+ Improved discovery of PHP INI configuration files.
+ Added support for Rocky and Alma Linuxes.
+ Let's Encrypt renewals can use Virtualmin Cloud DNS providers, if
configured.
+ Various language updates from contributors.
+ Update the Authentic Theme to the latest release.
Version 1.979 (15th June 2021)
+ Added support for setting up two-factor authentication in Usermin.
+ Security fixes for un-trusted inputs in the Network Configuration
module.
+ Updated the Authentic Theme to the latest version.
+ Various bugfixes for issues found in version 1.974.
Version 1.974 (1st May 2021)
+ Bugfix release for various issues in 1.973.
Version 1.973 (7th March 2021)
+ Bugfix release for minor issues in 1.972.
Version 1.972 (1st March 2021)
+ Updated the CA cert used for Let's Encrypt again.
+ Updated the Authentic Theme to the latest version.
+ Added support for per-user preferences to the File Manager and other
modules.
Version 1.970 (6th January 2021)
+ Updated the CA cert used for Let's Encrypt.
+ Updated the Authentic Theme to the latest version.
+ Added limits on the number of concurrent connections per IP address and
IP network.
+ Fixed a security bug that affects Webmin when run on Windows.
+ Many French translation updates.
Version 1.962 (11th November 2020)
+ Bugfix release for 2FA issues.
@
text
@$NetBSD: patch-ap,v 1.3 2020/09/07 10:34:52 mef Exp $
Set &html_escape for safety
--- webminlog/search.cgi.orig 2022-03-03 13:10:55.000000000 +0900
+++ webminlog/search.cgi 2022-04-02 20:58:04.828924454 +0900
@@@@ -180,7 +180,8 @@@@ elsif (@@match) {
# Show search results in table
if ($in{'sid'}) {
print "",&text('search_sid', "$match[0]->{'user'}",
- "$in{'sid'}")," ..\n";
+ "" . &html_escape($in{'sid'}) . ""),
+ " ..
\n";
}
elsif ($in{'uall'} == 1 && $in{'mall'} && $in{'tall'}) {
print "$text{'search_critall'} ..
\n";
@
1.3
log
@(sysutils/webmin) Add comments for patches
@
text
@d1 1
a1 1
$NetBSD: patch-ap,v 1.2 2012/11/02 19:02:51 shattered Exp $
d5 3
a7 3
--- webminlog/search.cgi.orig 2011-04-27 00:18:53.000000000 +0200
+++ webminlog/search.cgi 2011-06-15 23:34:38.000000000 +0200
@@@@ -147,7 +147,8 @@@@ elsif (@@match) {
d10 1
a10 1
print "",&text('search_sid', "$match[0]->{'user'}",
d12 2
a13 2
+ "" . &html_escape($in{'sid'}) . ""),
+ " ..
\n";
d16 1
a16 1
print "$text{'search_critall'} ..
\n";
@
1.2
log
@Update to 1.600. Closes PR/45066.
Too many changes to list here.
@
text
@d1 3
a3 1
$NetBSD$
@
1.1
log
@Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
@
text
@d3 4
a6 4
--- webminlog/search.cgi.orig 2007-09-21 23:26:52.000000000 +0200
+++ webminlog/search.cgi
@@@@ -91,7 +91,8 @@@@ $searchmsg = join(" ",
if (@@match) {
d10 2
a11 2
+ "" . &html_escape($in{'sid'}) . ""),
+ " ..
\n";
@
1.1.2.1
log
@file patch-ap was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:29 +0000
@
text
@d1 14
@
1.1.2.2
log
@pullup ticket #2462 requested by tonnerre
webmin: patch for various security vulnerabilities
revisions pulled up:
pkgsrc/sysutils/webmin/Makefile 1.24
pkgsrc/sysutils/webmin/distinfo 1.16
pkgsrc/sysutils/webmin/patches/patch-ac 1.3
pkgsrc/sysutils/webmin/patches/patch-aj 1.1
pkgsrc/sysutils/webmin/patches/patch-ak 1.1
pkgsrc/sysutils/webmin/patches/patch-al 1.1
pkgsrc/sysutils/webmin/patches/patch-am 1.1
pkgsrc/sysutils/webmin/patches/patch-an 1.1
pkgsrc/sysutils/webmin/patches/patch-ao 1.1
pkgsrc/sysutils/webmin/patches/patch-ap 1.1
pkgsrc/sysutils/webmin/patches/patch-aq 1.1
pkgsrc/sysutils/webmin/patches/patch-ar 1.1
pkgsrc/sysutils/webmin/patches/patch-as 1.1
pkgsrc/sysutils/webmin/patches/patch-at 1.1
pkgsrc/sysutils/webmin/patches/patch-au 1.1
pkgsrc/sysutils/webmin/patches/patch-av 1.1
pkgsrc/sysutils/webmin/patches/patch-aw 1.1
pkgsrc/sysutils/webmin/patches/patch-ax 1.1
pkgsrc/sysutils/webmin/patches/patch-ay 1.1
pkgsrc/sysutils/webmin/patches/patch-az 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Fri Jul 25 02:55:28 UTC 2008
Modified Files:
pkgsrc/sysutils/webmin: Makefile distinfo
Added Files:
pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak
patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as
patch-at patch-au patch-av patch-aw patch-ax patch-ay
patch-az
Log Message:
Fix various cross site scripting, arbitrary command execution and
various other vulnerabilities in webmin (CVE-2008-0720).
@
text
@a0 14
$NetBSD: patch-ap,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
--- webminlog/search.cgi.orig 2007-09-21 23:26:52.000000000 +0200
+++ webminlog/search.cgi
@@@@ -91,7 +91,8 @@@@ $searchmsg = join(" ",
if (@@match) {
if ($in{'sid'}) {
print "",&text('search_sid', "$match[0]->{'user'}",
- "$in{'sid'}")," ..
\n";
+ "" . &html_escape($in{'sid'}) . ""),
+ " ..
\n";
}
elsif ($in{'uall'} == 1 && $in{'mall'} && $in{'tall'}) {
print "$text{'search_critall'} ..
\n";
@