pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/sysutils/webmin Update to webmin-1.170nb2 to address:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/264581ad1fa0
branches:  trunk
changeset: 504043:264581ad1fa0
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Dec 03 16:13:34 2005 +0000

description:
Update to webmin-1.170nb2 to address:
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912

diffstat:

 sysutils/webmin/Makefile         |   10 +-
 sysutils/webmin/distinfo         |    3 +-
 sysutils/webmin/patches/patch-ab |  112 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 119 insertions(+), 6 deletions(-)

diffs (155 lines):

diff -r 48a1f16c7764 -r 264581ad1fa0 sysutils/webmin/Makefile
--- a/sysutils/webmin/Makefile  Sat Dec 03 15:08:29 2005 +0000
+++ b/sysutils/webmin/Makefile  Sat Dec 03 16:13:34 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.7 2005/07/16 01:19:23 jlam Exp $
+# $NetBSD: Makefile,v 1.8 2005/12/03 16:13:34 adrianp Exp $
 
 DISTNAME=      webmin-1.170-minimal
 PKGNAME=       ${DISTNAME:S/-minimal$//}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    sysutils www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=webadmin/}
 
@@ -23,9 +23,9 @@
 WEBMIN_SUBDIR=         share/webmin
 WEBMIN_ETCDIR?=                ${PKG_SYSCONFDIR}/webmin
 WEBMIN_LOGDIR?=                ${VARBASE}/log/webmin
-FILES_SUBST+=          WEBMIN_DIR=${WEBMIN_DIR}
-FILES_SUBST+=          WEBMIN_ETCDIR=${WEBMIN_ETCDIR}
-FILES_SUBST+=          WEBMIN_LOGDIR=${WEBMIN_LOGDIR}
+FILES_SUBST+=          WEBMIN_DIR=${WEBMIN_DIR:Q}
+FILES_SUBST+=          WEBMIN_ETCDIR=${WEBMIN_ETCDIR:Q}
+FILES_SUBST+=          WEBMIN_LOGDIR=${WEBMIN_LOGDIR:Q}
 MESSAGE_SUBST+=                WEBMIN_DIR=${WEBMIN_DIR}
 
 USE_PKGINSTALL=                yes
diff -r 48a1f16c7764 -r 264581ad1fa0 sysutils/webmin/distinfo
--- a/sysutils/webmin/distinfo  Sat Dec 03 15:08:29 2005 +0000
+++ b/sysutils/webmin/distinfo  Sat Dec 03 16:13:34 2005 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.4 2005/02/24 13:40:59 agc Exp $
+$NetBSD: distinfo,v 1.5 2005/12/03 16:13:34 adrianp Exp $
 
 SHA1 (webmin-1.170-minimal.tar.gz) = a32ef7e89d669020cb47e13bc40e321e3c4b6aa5
 RMD160 (webmin-1.170-minimal.tar.gz) = 0ed3b9c54dc5fd97b7ce5ea0e74378491d649695
 Size (webmin-1.170-minimal.tar.gz) = 1011002 bytes
 SHA1 (patch-aa) = e732d88ab149ba4e577e6b0aa28884d6bc3b8102
+SHA1 (patch-ab) = 24e3b8132b3a9a32e12a5e2b4ba89a23d3ef99a1
diff -r 48a1f16c7764 -r 264581ad1fa0 sysutils/webmin/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ab  Sat Dec 03 16:13:34 2005 +0000
@@ -0,0 +1,112 @@
+$NetBSD: patch-ab,v 1.1 2005/12/03 16:13:34 adrianp Exp $
+
+--- miniserv.pl.orig   2005-12-03 14:36:50.000000000 +0000
++++ miniserv.pl
+@@ -216,11 +216,11 @@ if ($use_syslog) {
+               }
+       else {
+               local $msg = ucfirst($config{'pam'})." starting";
+-              eval { syslog("info", $msg); };
++              eval { syslog("info", "%s", $msg); };
+               if ($@) {
+                       eval {
+                               setlogsock("inet");
+-                              syslog("info", $msg);
++                              syslog("info", "%s", $msg);
+                               };
+                       if ($@) {
+                               # All attempts to use syslog have failed..
+@@ -543,7 +543,7 @@ while(1) {
+                               &run_logout_script($s, $sdb[0]);
+                               delete($sessiondb{$s});
+                               if ($use_syslog) {
+-                                      syslog("info", "Timeout of $sdb[0]");
++                                      syslog("info", "%s", "Timeout of $sdb[0]");
+                                       }
+                               }
+                       }
+@@ -709,7 +709,7 @@ while(1) {
+                                                       local $logtext = "Security alert: Host $2 ".
+                                                         "blocked after $config{'blockhost_failures'} ".
+                                                         "failed logins for user $1";
+-                                                      syslog("crit", $logtext);
++                                                      syslog("crit", "%s", $logtext);
+                                                       }
+                                               }
+                                       else {
+@@ -1043,12 +1043,12 @@ if (%users) {
+                       if ($certs{$u} eq $peername) {
+                               $authuser = $u;
+                               $validated = 2;
+-                              #syslog("info", "SSL login as $authuser from $acpthost") if ($use_syslog);
++                              #syslog("info", "%s", "SSL login as $authuser from $acpthost") if ($use_syslog);
+                               last;
+                               }
+                       }
+               if ($use_syslog && !$validated) {
+-                      syslog("crit",
++                      syslog("crit", "%s",
+                              "Unknown SSL certificate $peername");
+                       }
+               }
+@@ -1081,7 +1081,7 @@ if (%users) {
+                       $validated = 0;
+                       }
+               if ($use_syslog && !$validated) {
+-                      syslog("crit",
++                      syslog("crit", "%s",
+                              ($nonexist ? "Non-existent" :
+                               $expired ? "Expired" : "Invalid").
+                              " login as $authuser from $acpthost");
+@@ -1118,7 +1118,7 @@ if (%users) {
+                       $authuser = $baseauthuser = undef;
+                       if ($louser) {
+                               if ($use_syslog) {
+-                                      syslog("info", "Logout by $louser from $acpthost");
++                                      syslog("info", "%s", "Logout by $louser from $acpthost");
+                                       }
+                               &run_logout_script($louser, $sid,
+                                                  $acptip, $localip);
+@@ -1208,7 +1208,7 @@ if (%users) {
+                               &write_keep_alive(0);
+                               &write_data("\r\n");
+                               &log_request($acpthost, $authuser, $reqline, 302, 0);
+-                              syslog("info", "Successful login as $authuser from $acpthost") if ($use_syslog);
++                              syslog("info", "%s", "Successful login as $authuser from $acpthost") if ($use_syslog);
+                               return 0;
+                               }
+                       elsif ($ok && $expired &&
+@@ -1224,7 +1224,7 @@ if (%users) {
+                               $page = $config{'password_form'};
+                               $logged_code = 401;
+                               $miniserv_internal = 2;
+-                              syslog("crit",
++                              syslog("crit", "%s",
+                                       "Expired login as $in{'user'} ".
+                                       "from $acpthost") if ($use_syslog);
+                               }
+@@ -1236,7 +1236,7 @@ if (%users) {
+                               $already_session_id = undef;
+                               $method = "GET";
+                               $authuser = $baseauthuser = undef;
+-                              syslog("crit",
++                              syslog("crit", "%s",
+                                       ($nonexist ? "Non-existent" :
+                                        $expired ? "Expired" : "Invalid").
+                                       " login as $in{'user'} from $acpthost")
+@@ -1289,13 +1289,13 @@ if (%users) {
+                       # Local user exists in webmin users file
+                       $validated = 1;
+                       $authuser = $localauth_user;
+-                      # syslog("info", "Local login as $authuser from $acpthost") if ($use_syslog);
++                      # syslog("info", "%s", "Local login as $authuser from $acpthost") if ($use_syslog);
+                       }
+               elsif ($config{'unixauth'}) {
+                       # Local user must exist
+                       $validated = 2;
+                       $authuser = $localauth_user;
+-                      # syslog("info", "Local login as $authuser from $acpthost") if ($use_syslog);
++                      # syslog("info", "%s", "Local login as $authuser from $acpthost") if ($use_syslog);
+                       }
+               else {
+                       $localauth_user = undef;



Home | Main Index | Thread Index | Old Index