head	1.2;
access;
symbols
	pkgsrc-2026Q1:1.2.0.46
	pkgsrc-2026Q1-base:1.2
	pkgsrc-2025Q4:1.2.0.44
	pkgsrc-2025Q4-base:1.2
	pkgsrc-2025Q3:1.2.0.42
	pkgsrc-2025Q3-base:1.2
	pkgsrc-2025Q2:1.2.0.40
	pkgsrc-2025Q2-base:1.2
	pkgsrc-2025Q1:1.2.0.38
	pkgsrc-2025Q1-base:1.2
	pkgsrc-2024Q4:1.2.0.36
	pkgsrc-2024Q4-base:1.2
	pkgsrc-2024Q3:1.2.0.34
	pkgsrc-2024Q3-base:1.2
	pkgsrc-2024Q2:1.2.0.32
	pkgsrc-2024Q2-base:1.2
	pkgsrc-2024Q1:1.2.0.30
	pkgsrc-2024Q1-base:1.2
	pkgsrc-2023Q4:1.2.0.28
	pkgsrc-2023Q4-base:1.2
	pkgsrc-2023Q3:1.2.0.26
	pkgsrc-2023Q3-base:1.2
	pkgsrc-2023Q2:1.2.0.24
	pkgsrc-2023Q2-base:1.2
	pkgsrc-2023Q1:1.2.0.22
	pkgsrc-2023Q1-base:1.2
	pkgsrc-2022Q4:1.2.0.20
	pkgsrc-2022Q4-base:1.2
	pkgsrc-2022Q3:1.2.0.18
	pkgsrc-2022Q3-base:1.2
	pkgsrc-2022Q2:1.2.0.16
	pkgsrc-2022Q2-base:1.2
	pkgsrc-2022Q1:1.2.0.14
	pkgsrc-2022Q1-base:1.2
	pkgsrc-2021Q4:1.2.0.12
	pkgsrc-2021Q4-base:1.2
	pkgsrc-2021Q3:1.2.0.10
	pkgsrc-2021Q3-base:1.2
	pkgsrc-2021Q2:1.2.0.8
	pkgsrc-2021Q2-base:1.2
	pkgsrc-2021Q1:1.2.0.6
	pkgsrc-2021Q1-base:1.2
	pkgsrc-2020Q4:1.2.0.4
	pkgsrc-2020Q4-base:1.2
	pkgsrc-2020Q3:1.2.0.2
	pkgsrc-2020Q3-base:1.2
	pkgsrc-2020Q2:1.1.0.98
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.78
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.100
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.96
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.94
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.92
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.90
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.88
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.86
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.84
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.82
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.80
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.76
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.74
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.72
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.70
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.68
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.66
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.64
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.62
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.60
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.58
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.56
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.54
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.52
	pkgsrc-2014Q2-base:1.1
	pkgsrc-2014Q1:1.1.0.50
	pkgsrc-2014Q1-base:1.1
	pkgsrc-2013Q4:1.1.0.48
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.46
	pkgsrc-2013Q3-base:1.1
	pkgsrc-2013Q2:1.1.0.44
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2013Q1:1.1.0.42
	pkgsrc-2013Q1-base:1.1
	pkgsrc-2012Q4:1.1.0.40
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2012Q3:1.1.0.38
	pkgsrc-2012Q3-base:1.1
	pkgsrc-2012Q2:1.1.0.36
	pkgsrc-2012Q2-base:1.1
	pkgsrc-2012Q1:1.1.0.34
	pkgsrc-2012Q1-base:1.1
	pkgsrc-2011Q4:1.1.0.32
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.30
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.28
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.26
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.24
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.22
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.20
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.18
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.16
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.14
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.12
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.10
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.8
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.6
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.4
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2020.09.07.10.34.52;	author mef;	state Exp;
branches;
next	1.1;
commitid	yzziWc1Qkbzet6nC;

1.1
date	2008.07.25.02.55.27;	author tonnerre;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.07.25.02.55.27;	author rtr;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.07.25.10.06.30;	author rtr;	state Exp;
branches;
next	;


desc
@@


1.2
log
@(sysutils/webmin) Add comments for patches
@
text
@$NetBSD: patch-au,v 1.1 2008/07/25 02:55:27 tonnerre Exp $

Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).

--- smf/search_instance.cgi.orig	2007-09-21 23:28:42.000000000 +0200
+++ smf/search_instance.cgi
@@@@ -34,7 +34,8 @@@@ print "</h2>";
 
 print "<form  method=\"POST\" action=\"search_instance.cgi\">\n";
 print
-    "<input size=60 name=\"searchstring\" value=\"$original_searchstring\">\n";
+    "<input size=60 name=\"searchstring\" value=\"" .
+    &html_escape($original_searchstring) . "\">\n";
 &print_svc_chooser("searchstring", 0, "$text{'search_instance_browse'}",
 	"both", "0");
 print "&nbsp;<input type=submit value=\"$text{'search_instance_go'}\">\n";
@


1.1
log
@Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
@
text
@d1 4
a4 1
$NetBSD$
@


1.1.2.1
log
@file patch-au was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:30 +0000
@
text
@d1 14
@


1.1.2.2
log
@pullup ticket #2462 requested by tonnerre
webmin: patch for various security vulnerabilities

revisions pulled up:
pkgsrc/sysutils/webmin/Makefile		1.24
pkgsrc/sysutils/webmin/distinfo		1.16
pkgsrc/sysutils/webmin/patches/patch-ac	1.3
pkgsrc/sysutils/webmin/patches/patch-aj	1.1
pkgsrc/sysutils/webmin/patches/patch-ak	1.1
pkgsrc/sysutils/webmin/patches/patch-al	1.1
pkgsrc/sysutils/webmin/patches/patch-am	1.1
pkgsrc/sysutils/webmin/patches/patch-an	1.1
pkgsrc/sysutils/webmin/patches/patch-ao	1.1
pkgsrc/sysutils/webmin/patches/patch-ap	1.1
pkgsrc/sysutils/webmin/patches/patch-aq	1.1
pkgsrc/sysutils/webmin/patches/patch-ar	1.1
pkgsrc/sysutils/webmin/patches/patch-as	1.1
pkgsrc/sysutils/webmin/patches/patch-at	1.1
pkgsrc/sysutils/webmin/patches/patch-au	1.1
pkgsrc/sysutils/webmin/patches/patch-av	1.1
pkgsrc/sysutils/webmin/patches/patch-aw	1.1
pkgsrc/sysutils/webmin/patches/patch-ax	1.1
pkgsrc/sysutils/webmin/patches/patch-ay	1.1
pkgsrc/sysutils/webmin/patches/patch-az	1.1

   Module Name:	pkgsrc
   Committed By:	tonnerre
   Date:		Fri Jul 25 02:55:28 UTC 2008

   Modified Files:
   	pkgsrc/sysutils/webmin: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak
   patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as
   	    patch-at patch-au patch-av patch-aw patch-ax patch-ay
   patch-az

   Log Message:
   Fix various cross site scripting, arbitrary command execution and
   various other vulnerabilities in webmin (CVE-2008-0720).
@
text
@a0 14
$NetBSD: patch-au,v 1.1 2008/07/25 02:55:27 tonnerre Exp $

--- smf/search_instance.cgi.orig	2007-09-21 23:28:42.000000000 +0200
+++ smf/search_instance.cgi
@@@@ -34,7 +34,8 @@@@ print "</h2>";
 
 print "<form  method=\"POST\" action=\"search_instance.cgi\">\n";
 print
-    "<input size=60 name=\"searchstring\" value=\"$original_searchstring\">\n";
+    "<input size=60 name=\"searchstring\" value=\"" .
+    &html_escape($original_searchstring) . "\">\n";
 &print_svc_chooser("searchstring", 0, "$text{'search_instance_browse'}",
 	"both", "0");
 print "&nbsp;<input type=submit value=\"$text{'search_instance_go'}\">\n";
@