head	1.3;
access;
symbols
	pkgsrc-2026Q1:1.3.0.46
	pkgsrc-2026Q1-base:1.3
	pkgsrc-2025Q4:1.3.0.44
	pkgsrc-2025Q4-base:1.3
	pkgsrc-2025Q3:1.3.0.42
	pkgsrc-2025Q3-base:1.3
	pkgsrc-2025Q2:1.3.0.40
	pkgsrc-2025Q2-base:1.3
	pkgsrc-2025Q1:1.3.0.38
	pkgsrc-2025Q1-base:1.3
	pkgsrc-2024Q4:1.3.0.36
	pkgsrc-2024Q4-base:1.3
	pkgsrc-2024Q3:1.3.0.34
	pkgsrc-2024Q3-base:1.3
	pkgsrc-2024Q2:1.3.0.32
	pkgsrc-2024Q2-base:1.3
	pkgsrc-2024Q1:1.3.0.30
	pkgsrc-2024Q1-base:1.3
	pkgsrc-2023Q4:1.3.0.28
	pkgsrc-2023Q4-base:1.3
	pkgsrc-2023Q3:1.3.0.26
	pkgsrc-2023Q3-base:1.3
	pkgsrc-2023Q2:1.3.0.24
	pkgsrc-2023Q2-base:1.3
	pkgsrc-2023Q1:1.3.0.22
	pkgsrc-2023Q1-base:1.3
	pkgsrc-2022Q4:1.3.0.20
	pkgsrc-2022Q4-base:1.3
	pkgsrc-2022Q3:1.3.0.18
	pkgsrc-2022Q3-base:1.3
	pkgsrc-2022Q2:1.3.0.16
	pkgsrc-2022Q2-base:1.3
	pkgsrc-2022Q1:1.3.0.14
	pkgsrc-2022Q1-base:1.3
	pkgsrc-2021Q4:1.3.0.12
	pkgsrc-2021Q4-base:1.3
	pkgsrc-2021Q3:1.3.0.10
	pkgsrc-2021Q3-base:1.3
	pkgsrc-2021Q2:1.3.0.8
	pkgsrc-2021Q2-base:1.3
	pkgsrc-2021Q1:1.3.0.6
	pkgsrc-2021Q1-base:1.3
	pkgsrc-2020Q4:1.3.0.4
	pkgsrc-2020Q4-base:1.3
	pkgsrc-2020Q3:1.3.0.2
	pkgsrc-2020Q3-base:1.3
	pkgsrc-2020Q2:1.2.0.60
	pkgsrc-2020Q2-base:1.2
	pkgsrc-2020Q1:1.2.0.40
	pkgsrc-2020Q1-base:1.2
	pkgsrc-2019Q4:1.2.0.62
	pkgsrc-2019Q4-base:1.2
	pkgsrc-2019Q3:1.2.0.58
	pkgsrc-2019Q3-base:1.2
	pkgsrc-2019Q2:1.2.0.56
	pkgsrc-2019Q2-base:1.2
	pkgsrc-2019Q1:1.2.0.54
	pkgsrc-2019Q1-base:1.2
	pkgsrc-2018Q4:1.2.0.52
	pkgsrc-2018Q4-base:1.2
	pkgsrc-2018Q3:1.2.0.50
	pkgsrc-2018Q3-base:1.2
	pkgsrc-2018Q2:1.2.0.48
	pkgsrc-2018Q2-base:1.2
	pkgsrc-2018Q1:1.2.0.46
	pkgsrc-2018Q1-base:1.2
	pkgsrc-2017Q4:1.2.0.44
	pkgsrc-2017Q4-base:1.2
	pkgsrc-2017Q3:1.2.0.42
	pkgsrc-2017Q3-base:1.2
	pkgsrc-2017Q2:1.2.0.38
	pkgsrc-2017Q2-base:1.2
	pkgsrc-2017Q1:1.2.0.36
	pkgsrc-2017Q1-base:1.2
	pkgsrc-2016Q4:1.2.0.34
	pkgsrc-2016Q4-base:1.2
	pkgsrc-2016Q3:1.2.0.32
	pkgsrc-2016Q3-base:1.2
	pkgsrc-2016Q2:1.2.0.30
	pkgsrc-2016Q2-base:1.2
	pkgsrc-2016Q1:1.2.0.28
	pkgsrc-2016Q1-base:1.2
	pkgsrc-2015Q4:1.2.0.26
	pkgsrc-2015Q4-base:1.2
	pkgsrc-2015Q3:1.2.0.24
	pkgsrc-2015Q3-base:1.2
	pkgsrc-2015Q2:1.2.0.22
	pkgsrc-2015Q2-base:1.2
	pkgsrc-2015Q1:1.2.0.20
	pkgsrc-2015Q1-base:1.2
	pkgsrc-2014Q4:1.2.0.18
	pkgsrc-2014Q4-base:1.2
	pkgsrc-2014Q3:1.2.0.16
	pkgsrc-2014Q3-base:1.2
	pkgsrc-2014Q2:1.2.0.14
	pkgsrc-2014Q2-base:1.2
	pkgsrc-2014Q1:1.2.0.12
	pkgsrc-2014Q1-base:1.2
	pkgsrc-2013Q4:1.2.0.10
	pkgsrc-2013Q4-base:1.2
	pkgsrc-2013Q3:1.2.0.8
	pkgsrc-2013Q3-base:1.2
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2013Q1:1.2.0.4
	pkgsrc-2013Q1-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2012Q3:1.1.0.38
	pkgsrc-2012Q3-base:1.1
	pkgsrc-2012Q2:1.1.0.36
	pkgsrc-2012Q2-base:1.1
	pkgsrc-2012Q1:1.1.0.34
	pkgsrc-2012Q1-base:1.1
	pkgsrc-2011Q4:1.1.0.32
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.30
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.28
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.26
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.24
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.22
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.20
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.18
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.16
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.14
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.12
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.10
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.8
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.6
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.4
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2020.09.07.10.34.52;	author mef;	state Exp;
branches;
next	1.2;
commitid	yzziWc1Qkbzet6nC;

1.2
date	2012.11.02.19.02.51;	author shattered;	state Exp;
branches;
next	1.1;

1.1
date	2008.07.25.02.55.27;	author tonnerre;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.07.25.02.55.27;	author rtr;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.07.25.10.06.30;	author rtr;	state Exp;
branches;
next	;


desc
@@


1.3
log
@(sysutils/webmin) Add comments for patches
@
text
@$NetBSD: patch-aw,v 1.2 2012/11/02 19:02:51 shattered Exp $

Set &html_escape for the safety

--- ldap-useradmin/search_group.cgi.orig	2011-04-27 00:19:01.000000000 +0200
+++ ldap-useradmin/search_group.cgi	2011-06-15 23:37:06.000000000 +0200
@@@@ -24,8 +24,8 @@@@ elsif ($in{'match'} == 3) {
 $rv = $ldap->search(base => $base,
 		    filter => "(&".&group_filter().$search.")");
 if ($rv->code) {
-	&error(&text('search_err', "<tt>$search</tt>",
-		     "<tt>$base</tt>", $rv->error));
+       &error(&text('search_err', "<tt>" . &html_escape($search) . "</tt>",
+                    "<tt>" . &html_escape($base) . "</tt>", $rv->error));
 	}
 @@groups = $rv->all_entries;
 
@


1.2
log
@Update to 1.600.  Closes PR/45066.

Too many changes to list here.
@
text
@d1 3
a3 1
$NetBSD$
@


1.1
log
@Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
@
text
@d3 3
a5 3
--- ldap-useradmin/search_group.cgi.orig	2007-09-21 23:28:25.000000000 +0200
+++ ldap-useradmin/search_group.cgi
@@@@ -23,8 +23,8 @@@@ elsif ($in{'match'} == 3) {
d7 1
a7 1
 		    filter => "(&(objectClass=posixGroup)$search)");
d11 2
a12 2
+	&error(&text('search_err', "<tt>" . &html_escape($search) . "</tt>",
+		     "<tt>" . &html_escape($base) . "</tt>", $rv->error));
@


1.1.2.1
log
@file patch-aw was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:30 +0000
@
text
@d1 15
@


1.1.2.2
log
@pullup ticket #2462 requested by tonnerre
webmin: patch for various security vulnerabilities

revisions pulled up:
pkgsrc/sysutils/webmin/Makefile		1.24
pkgsrc/sysutils/webmin/distinfo		1.16
pkgsrc/sysutils/webmin/patches/patch-ac	1.3
pkgsrc/sysutils/webmin/patches/patch-aj	1.1
pkgsrc/sysutils/webmin/patches/patch-ak	1.1
pkgsrc/sysutils/webmin/patches/patch-al	1.1
pkgsrc/sysutils/webmin/patches/patch-am	1.1
pkgsrc/sysutils/webmin/patches/patch-an	1.1
pkgsrc/sysutils/webmin/patches/patch-ao	1.1
pkgsrc/sysutils/webmin/patches/patch-ap	1.1
pkgsrc/sysutils/webmin/patches/patch-aq	1.1
pkgsrc/sysutils/webmin/patches/patch-ar	1.1
pkgsrc/sysutils/webmin/patches/patch-as	1.1
pkgsrc/sysutils/webmin/patches/patch-at	1.1
pkgsrc/sysutils/webmin/patches/patch-au	1.1
pkgsrc/sysutils/webmin/patches/patch-av	1.1
pkgsrc/sysutils/webmin/patches/patch-aw	1.1
pkgsrc/sysutils/webmin/patches/patch-ax	1.1
pkgsrc/sysutils/webmin/patches/patch-ay	1.1
pkgsrc/sysutils/webmin/patches/patch-az	1.1

   Module Name:	pkgsrc
   Committed By:	tonnerre
   Date:		Fri Jul 25 02:55:28 UTC 2008

   Modified Files:
   	pkgsrc/sysutils/webmin: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak
   patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as
   	    patch-at patch-au patch-av patch-aw patch-ax patch-ay
   patch-az

   Log Message:
   Fix various cross site scripting, arbitrary command execution and
   various other vulnerabilities in webmin (CVE-2008-0720).
@
text
@a0 15
$NetBSD: patch-aw,v 1.1 2008/07/25 02:55:27 tonnerre Exp $

--- ldap-useradmin/search_group.cgi.orig	2007-09-21 23:28:25.000000000 +0200
+++ ldap-useradmin/search_group.cgi
@@@@ -23,8 +23,8 @@@@ elsif ($in{'match'} == 3) {
 $rv = $ldap->search(base => $base,
 		    filter => "(&(objectClass=posixGroup)$search)");
 if ($rv->code) {
-	&error(&text('search_err', "<tt>$search</tt>",
-		     "<tt>$base</tt>", $rv->error));
+	&error(&text('search_err', "<tt>" . &html_escape($search) . "</tt>",
+		     "<tt>" . &html_escape($base) . "</tt>", $rv->error));
 	}
 @@groups = $rv->all_entries;
 
@