pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/webmin Update to webmin-1.170nb2 to address:
details: https://anonhg.NetBSD.org/pkgsrc/rev/264581ad1fa0
branches: trunk
changeset: 504043:264581ad1fa0
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sat Dec 03 16:13:34 2005 +0000
description:
Update to webmin-1.170nb2 to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
diffstat:
sysutils/webmin/Makefile | 10 +-
sysutils/webmin/distinfo | 3 +-
sysutils/webmin/patches/patch-ab | 112 +++++++++++++++++++++++++++++++++++++++
3 files changed, 119 insertions(+), 6 deletions(-)
diffs (155 lines):
diff -r 48a1f16c7764 -r 264581ad1fa0 sysutils/webmin/Makefile
--- a/sysutils/webmin/Makefile Sat Dec 03 15:08:29 2005 +0000
+++ b/sysutils/webmin/Makefile Sat Dec 03 16:13:34 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.7 2005/07/16 01:19:23 jlam Exp $
+# $NetBSD: Makefile,v 1.8 2005/12/03 16:13:34 adrianp Exp $
DISTNAME= webmin-1.170-minimal
PKGNAME= ${DISTNAME:S/-minimal$//}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= sysutils www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=webadmin/}
@@ -23,9 +23,9 @@
WEBMIN_SUBDIR= share/webmin
WEBMIN_ETCDIR?= ${PKG_SYSCONFDIR}/webmin
WEBMIN_LOGDIR?= ${VARBASE}/log/webmin
-FILES_SUBST+= WEBMIN_DIR=${WEBMIN_DIR}
-FILES_SUBST+= WEBMIN_ETCDIR=${WEBMIN_ETCDIR}
-FILES_SUBST+= WEBMIN_LOGDIR=${WEBMIN_LOGDIR}
+FILES_SUBST+= WEBMIN_DIR=${WEBMIN_DIR:Q}
+FILES_SUBST+= WEBMIN_ETCDIR=${WEBMIN_ETCDIR:Q}
+FILES_SUBST+= WEBMIN_LOGDIR=${WEBMIN_LOGDIR:Q}
MESSAGE_SUBST+= WEBMIN_DIR=${WEBMIN_DIR}
USE_PKGINSTALL= yes
diff -r 48a1f16c7764 -r 264581ad1fa0 sysutils/webmin/distinfo
--- a/sysutils/webmin/distinfo Sat Dec 03 15:08:29 2005 +0000
+++ b/sysutils/webmin/distinfo Sat Dec 03 16:13:34 2005 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.4 2005/02/24 13:40:59 agc Exp $
+$NetBSD: distinfo,v 1.5 2005/12/03 16:13:34 adrianp Exp $
SHA1 (webmin-1.170-minimal.tar.gz) = a32ef7e89d669020cb47e13bc40e321e3c4b6aa5
RMD160 (webmin-1.170-minimal.tar.gz) = 0ed3b9c54dc5fd97b7ce5ea0e74378491d649695
Size (webmin-1.170-minimal.tar.gz) = 1011002 bytes
SHA1 (patch-aa) = e732d88ab149ba4e577e6b0aa28884d6bc3b8102
+SHA1 (patch-ab) = 24e3b8132b3a9a32e12a5e2b4ba89a23d3ef99a1
diff -r 48a1f16c7764 -r 264581ad1fa0 sysutils/webmin/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ab Sat Dec 03 16:13:34 2005 +0000
@@ -0,0 +1,112 @@
+$NetBSD: patch-ab,v 1.1 2005/12/03 16:13:34 adrianp Exp $
+
+--- miniserv.pl.orig 2005-12-03 14:36:50.000000000 +0000
++++ miniserv.pl
+@@ -216,11 +216,11 @@ if ($use_syslog) {
+ }
+ else {
+ local $msg = ucfirst($config{'pam'})." starting";
+- eval { syslog("info", $msg); };
++ eval { syslog("info", "%s", $msg); };
+ if ($@) {
+ eval {
+ setlogsock("inet");
+- syslog("info", $msg);
++ syslog("info", "%s", $msg);
+ };
+ if ($@) {
+ # All attempts to use syslog have failed..
+@@ -543,7 +543,7 @@ while(1) {
+ &run_logout_script($s, $sdb[0]);
+ delete($sessiondb{$s});
+ if ($use_syslog) {
+- syslog("info", "Timeout of $sdb[0]");
++ syslog("info", "%s", "Timeout of $sdb[0]");
+ }
+ }
+ }
+@@ -709,7 +709,7 @@ while(1) {
+ local $logtext = "Security alert: Host $2 ".
+ "blocked after $config{'blockhost_failures'} ".
+ "failed logins for user $1";
+- syslog("crit", $logtext);
++ syslog("crit", "%s", $logtext);
+ }
+ }
+ else {
+@@ -1043,12 +1043,12 @@ if (%users) {
+ if ($certs{$u} eq $peername) {
+ $authuser = $u;
+ $validated = 2;
+- #syslog("info", "SSL login as $authuser from $acpthost") if ($use_syslog);
++ #syslog("info", "%s", "SSL login as $authuser from $acpthost") if ($use_syslog);
+ last;
+ }
+ }
+ if ($use_syslog && !$validated) {
+- syslog("crit",
++ syslog("crit", "%s",
+ "Unknown SSL certificate $peername");
+ }
+ }
+@@ -1081,7 +1081,7 @@ if (%users) {
+ $validated = 0;
+ }
+ if ($use_syslog && !$validated) {
+- syslog("crit",
++ syslog("crit", "%s",
+ ($nonexist ? "Non-existent" :
+ $expired ? "Expired" : "Invalid").
+ " login as $authuser from $acpthost");
+@@ -1118,7 +1118,7 @@ if (%users) {
+ $authuser = $baseauthuser = undef;
+ if ($louser) {
+ if ($use_syslog) {
+- syslog("info", "Logout by $louser from $acpthost");
++ syslog("info", "%s", "Logout by $louser from $acpthost");
+ }
+ &run_logout_script($louser, $sid,
+ $acptip, $localip);
+@@ -1208,7 +1208,7 @@ if (%users) {
+ &write_keep_alive(0);
+ &write_data("\r\n");
+ &log_request($acpthost, $authuser, $reqline, 302, 0);
+- syslog("info", "Successful login as $authuser from $acpthost") if ($use_syslog);
++ syslog("info", "%s", "Successful login as $authuser from $acpthost") if ($use_syslog);
+ return 0;
+ }
+ elsif ($ok && $expired &&
+@@ -1224,7 +1224,7 @@ if (%users) {
+ $page = $config{'password_form'};
+ $logged_code = 401;
+ $miniserv_internal = 2;
+- syslog("crit",
++ syslog("crit", "%s",
+ "Expired login as $in{'user'} ".
+ "from $acpthost") if ($use_syslog);
+ }
+@@ -1236,7 +1236,7 @@ if (%users) {
+ $already_session_id = undef;
+ $method = "GET";
+ $authuser = $baseauthuser = undef;
+- syslog("crit",
++ syslog("crit", "%s",
+ ($nonexist ? "Non-existent" :
+ $expired ? "Expired" : "Invalid").
+ " login as $in{'user'} from $acpthost")
+@@ -1289,13 +1289,13 @@ if (%users) {
+ # Local user exists in webmin users file
+ $validated = 1;
+ $authuser = $localauth_user;
+- # syslog("info", "Local login as $authuser from $acpthost") if ($use_syslog);
++ # syslog("info", "%s", "Local login as $authuser from $acpthost") if ($use_syslog);
+ }
+ elsif ($config{'unixauth'}) {
+ # Local user must exist
+ $validated = 2;
+ $authuser = $localauth_user;
+- # syslog("info", "Local login as $authuser from $acpthost") if ($use_syslog);
++ # syslog("info", "%s", "Local login as $authuser from $acpthost") if ($use_syslog);
+ }
+ else {
+ $localauth_user = undef;
Home |
Main Index |
Thread Index |
Old Index