pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/sysutils/webmin Fix various cross site scripting, arbi...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/fd9a1e0883c9
branches:  trunk
changeset: 545046:fd9a1e0883c9
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Fri Jul 25 02:55:27 2008 +0000

description:
Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).

diffstat:

 sysutils/webmin/Makefile         |   4 +-
 sysutils/webmin/distinfo         |  20 +++++++++++++++-
 sysutils/webmin/patches/patch-ac |  34 +++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-aj |  46 ++++++++++++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-ak |  14 +++++++++++
 sysutils/webmin/patches/patch-al |  25 ++++++++++++++++++++
 sysutils/webmin/patches/patch-am |  34 +++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-an |  24 +++++++++++++++++++
 sysutils/webmin/patches/patch-ao |  14 +++++++++++
 sysutils/webmin/patches/patch-ap |  14 +++++++++++
 sysutils/webmin/patches/patch-aq |  34 +++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-ar |  34 +++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-as |  36 ++++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-at |  38 ++++++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-au |  14 +++++++++++
 sysutils/webmin/patches/patch-av |  15 ++++++++++++
 sysutils/webmin/patches/patch-aw |  15 ++++++++++++
 sysutils/webmin/patches/patch-ax |  48 ++++++++++++++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-ay |  50 ++++++++++++++++++++++++++++++++++++++++
 sysutils/webmin/patches/patch-az |  28 ++++++++++++++++++++++
 20 files changed, 538 insertions(+), 3 deletions(-)

diffs (truncated from 640 to 300 lines):

diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/Makefile
--- a/sysutils/webmin/Makefile  Fri Jul 25 00:54:44 2008 +0000
+++ b/sysutils/webmin/Makefile  Fri Jul 25 02:55:27 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.23 2008/05/26 22:37:30 tnn Exp $
+# $NetBSD: Makefile,v 1.24 2008/07/25 02:55:27 tonnerre Exp $
 
 .include "version.mk"
 
 DISTNAME=      webmin-${WBM_VERSION}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    sysutils www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=webadmin/}
 
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/distinfo
--- a/sysutils/webmin/distinfo  Fri Jul 25 00:54:44 2008 +0000
+++ b/sysutils/webmin/distinfo  Fri Jul 25 02:55:27 2008 +0000
@@ -1,13 +1,31 @@
-$NetBSD: distinfo,v 1.15 2007/10/05 15:47:00 obache Exp $
+$NetBSD: distinfo,v 1.16 2008/07/25 02:55:27 tonnerre Exp $
 
 SHA1 (webmin-1.370.tar.gz) = ed4c1ee751953146356f308c4091eb8ad21df309
 RMD160 (webmin-1.370.tar.gz) = 28805b553adc85b642ad3acffa3765a5127a529d
 Size (webmin-1.370.tar.gz) = 13132344 bytes
 SHA1 (patch-aa) = 3b66c111357358548a8f5e47ae4dfb2e9be5fc2a
 SHA1 (patch-ab) = fa07200462df76af23b9952739388053940c6743
+SHA1 (patch-ac) = c4f73a091ef8b5c5c0d5a6f82427c497e823a946
 SHA1 (patch-ad) = 51d6875b0d825b06ab088e7e63f3e86c280a06f6
 SHA1 (patch-ae) = 16583d392d44176e8175e7637851d000ca2ecb9d
 SHA1 (patch-af) = 24f130a985ab7d3bdfc7db8d82114e8b107f1574
 SHA1 (patch-ag) = 4a2ba61d26a3f3a9bb0e1a22a8afb65d66e43746
 SHA1 (patch-ah) = 9cf6fc0d420535697eac2c32a29701fc095ef67f
 SHA1 (patch-ai) = 14accea4c38882933da3b565fe51adec06db1878
+SHA1 (patch-aj) = bc86ea60c49266fc537690b07d194d5c2fa690c4
+SHA1 (patch-ak) = 201c124d8c407e0439b8531dfb4dacba37ce37bb
+SHA1 (patch-al) = b1382143d42af3ce5057368dc442ba9c2e6de259
+SHA1 (patch-am) = d61fed9c53870aad36651389a5d655f5b2d5c21f
+SHA1 (patch-an) = 4416c2586fc7a732b255d4787be1a3f93c23f32c
+SHA1 (patch-ao) = 007eba7b551fd3d154e470f82c1c15552481e9fa
+SHA1 (patch-ap) = 7b8c983770c7fd08b20de36b006e0f30ce1bce3e
+SHA1 (patch-aq) = 52751d7ec0ce1ebb89aee977a752486372b80e36
+SHA1 (patch-ar) = 647703ab0281991cec015f2f6a6d191c70c0301e
+SHA1 (patch-as) = 65f246bfca5b077d15bf0e874d56792f08c93c03
+SHA1 (patch-at) = 72e88355d9c3bd159d5077acc81073ec048efd0b
+SHA1 (patch-au) = f0d0aaf6819f92fd96543246e7600054fb150d08
+SHA1 (patch-av) = c3a4096058a432863eb10a2b2d44184bc91f8926
+SHA1 (patch-aw) = 2d7738459ed4618b11558d31aef70a42f26c25be
+SHA1 (patch-ax) = 09f78731d35603e736b22a0f1e478103ca14cc4d
+SHA1 (patch-ay) = 04bf4d094a2051469e956b4e57af842daf0232d7
+SHA1 (patch-az) = 55e40bcf0841b20d185265fff98685fe56cb1810
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ac  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-ac,v 1.3 2008/07/25 02:55:27 tonnerre Exp $
+
+--- software/search.cgi.orig   2007-09-21 23:26:13.000000000 +0200
++++ software/search.cgi
+@@ -34,7 +34,8 @@ if (@match == 1 && $in{'goto'}) {
+ if (@match) {
+       @match = sort { lc($packages{$a,'name'}) cmp lc($packages{$b,'name'}) }
+                     @match;
+-      print "<b>",&text('search_match', "<tt>$s</tt>"),"</b><p>\n";
++      print "<b>",&text('search_match', "<tt>" . &html_escape($s) . "</tt>"),
++              "</b><p>\n";
+       print "<form action=delete_packs.cgi method=post>\n";
+       print "<input type=hidden name=search value='$in{'search'}'>\n";
+       @tds = ( "width=5" );
+@@ -47,7 +48,8 @@ if (@match) {
+                                 $text{'search_desc'} ], 100, 0, \@tds);
+       foreach $i (@match) {
+               local @cols;
+-              push(@cols, "<a href=\"edit_pack.cgi?search=$s&package=".
++              push(@cols, "<a href=\"edit_pack.cgi?search=" .
++                      &urlize($s) . "&package=".
+                     &urlize($packages{$i,'name'})."&version=".
+                     &urlize($packages{$i,'version'})."\">".&html_escape(
+                       $packages{$i,'name'}.($packages{$i,'version'} ?
+@@ -69,7 +71,8 @@ if (@match) {
+       print "<input type=submit value='$text{'search_delete'}'></form>\n";
+       }
+ else {
+-      print "<b>",&text('search_nomatch', "<tt>$s</tt>"),"</b><p>\n";
++      print "<b>",&text('search_nomatch', "<tt>" . &html_escape($s) .
++              "</tt>"),"</b><p>\n";
+       }
+ 
+ &ui_print_footer("", $text{'index_return'});
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-aj
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-aj  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,46 @@
+$NetBSD: patch-aj,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- proc/index_search.cgi.orig 2008-07-25 04:39:36.000000000 +0200
++++ proc/index_search.cgi
+@@ -22,12 +22,12 @@ printf "<input type=radio name=mode valu
+       $in{mode}==1 ? "checked" : "";
+ print &hlink("<b>$text{'search_match'}</b>","smatch"),"\n";
+ printf "<input name=match size=20 value=\"%s\"><br>\n",
+-      $in{mode}==1 ? $in{match} : "";
++      $in{mode}==1 ? &html_escape($in{match}) : "";
+ 
+ printf "<input type=radio name=mode value=2 %s>\n",
+       $in{mode}==2 ? "checked" : "";
+ $cpu = sprintf "<input name=cpu size=4 value=\"%s\">\n",
+-              $in{mode}==2 ? $in{cpu} : "";
++              $in{mode}==2 ? html_escape($in{cpu}) : "";
+ print &hlink("<b>".&text('search_cpupc', $cpu)."</b>", "scpu"),"<br>\n";
+ 
+ print "</td><td valign=top>\n";
+@@ -49,7 +49,7 @@ if ($has_fuser_command) {
+               }
+       else {
+               printf "<input name=fs size=15 value='%s'><br>\n",
+-                      $in{'mode'}==3 ? $in{'fs'} : "";
++                      $in{'mode'}==3 ? &html_escape($in{'fs'}) : "";
+               }
+ 
+       printf "<input type=radio name=mode value=4 %s>\n",
+@@ -66,7 +66,7 @@ if ($has_lsof_command) {
+               $in{mode}==5 ? "checked" : "";
+       print &hlink("<b>$text{'search_port'}</b>","ssocket"),"\n";
+       printf "<input name=port size=6 value='%s'>\n",
+-              $in{mode}==5 ? $in{port} : "";
++              $in{mode}==5 ? &html_escape($in{port}) : "";
+ 
+       # Show input for protocol and port
+       print &hlink("<b>$text{'search_protocol'}</b>","ssocket"),"\n";
+@@ -83,7 +83,7 @@ if ($has_lsof_command) {
+               $in{mode}==6 ? "checked" : "";
+       print &hlink("<b>$text{'search_ip'}</b>","sip"),"\n";
+       printf "<input name=ip size=15 value='%s'>\n",
+-              $in{mode}==6 ? $in{ip} : "";
++              $in{mode}==6 ? &html_escape($in{ip}) : "";
+       }
+ 
+ print "</td></tr></table>\n";
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ak  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ak,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- sendmail/mailq_search.cgi.orig     2007-09-21 23:26:27.000000000 +0200
++++ sendmail/mailq_search.cgi
+@@ -18,7 +18,8 @@ $conf = &get_sendmailcf();
+ $fields = [ [ $in{'field'}, $in{'match'} ] ];
+ @qmails = grep { &mail_matches($fields, 1, $_) } @qmails;
+ print "<p><b>",&text($in{'field'} =~ /^\!/ ? 'search_results3' :
+-        'search_results2', scalar(@qmails), "<tt>$in{'match'}</tt>"),"</b><p>\n";
++        'search_results2', scalar(@qmails), "<tt>" .
++        &html_escape($in{'match'}) . "</tt>"),"</b><p>\n";
+ 
+ if (@qmails) {
+       %qmails = map { $_->{'file'}, $_ } @qmails;
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-al  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-al,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- file/search.cgi.orig       2007-09-21 23:26:33.000000000 +0200
++++ file/search.cgi
+@@ -17,16 +17,16 @@ if ($in{'dir'} ne '/') {
+       }
+ $cmd = "find ".quotemeta(&unmake_chroot($in{'dir'}))." -name ".quotemeta($in{'match'});
+ if ($in{'type'}) {
+-      $cmd .= " -type $in{'type'}";
++      $cmd .= " -type " . quotemeta($in{'type'});
+       }
+ if ($in{'user'}) {
+-      $cmd .= " -user $in{'user'}";
++      $cmd .= " -user " . quotemeta($in{'user'});
+       }
+ if ($in{'group'}) {
+-      $cmd .= " -group $in{'group'}";
++      $cmd .= " -group " . quotemeta($in{'group'});
+       }
+ if ($in{'size'}) {
+-      $cmd .= " -size $in{'size'}";
++      $cmd .= " -size " . quotemeta($in{'size'});
+       }
+ if ($in{'xdev'}) {
+       $cmd .= " -mount";
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-am  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-am,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- mysql/search_form.cgi.orig 2007-09-21 23:26:42.000000000 +0200
++++ mysql/search_form.cgi
+@@ -12,7 +12,8 @@ require './view-lib.pl';
+ &can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
+ @str = &table_structure($in{'db'}, $in{'table'});
+ 
+-$desc = &text('table_header', "<tt>$in{'table'}</tt>", "<tt>$in{'db'}</tt>");
++$desc = &text('table_header', "<tt>" . &html_escape($in{'table'}) .
++      "</tt>", "<tt>" . &html_escape($in{'db'}) . "</tt>");
+ &ui_print_header($desc, $text{'adv_title'}, "");
+ 
+ print &ui_form_start("view_table.cgi", "post");
+@@ -36,13 +37,13 @@ print "</table>\n";
+ print &ui_form_end([ [ "advanced", $text{'adv_ok'} ] ]);
+ 
+ if ($access{'edonly'}) {
+-      &ui_print_footer("edit_dbase.cgi?db=$in{'db'}",$text{'dbase_return'},
+-              "", $text{'index_return'});
++      &ui_print_footer("edit_dbase.cgi?db=" . &urlize($in{'db'}),
++              $text{'dbase_return'}, "", $text{'index_return'});
+       }
+ else {
+-      &ui_print_footer("edit_table.cgi?db=$in{'db'}&table=$in{'table'}",
+-              $text{'table_return'},
+-              "edit_dbase.cgi?db=$in{'db'}", $text{'dbase_return'},
+-              "", $text{'index_return'});
++      &ui_print_footer("edit_table.cgi?db=" . &urlize($in{'db'}) .
++              "&table=" . &urlize($in{'table'}), $text{'table_return'},
++              "edit_dbase.cgi?db=" .  &urlize($in{'db'}),
++              $text{'dbase_return'}, "", $text{'index_return'});
+       }
+ 
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-an
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-an  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-an,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- man/search.cgi.orig        2007-09-21 23:26:43.000000000 +0200
++++ man/search.cgi
+@@ -255,7 +255,8 @@ if (@rv == 1 && !$in{'check'}) {
+       }
+ 
+ # Display search results
+-$for = join($in{'and'} ? " and " : " or ", map { "<tt>$_</tt>" } @for);
++$for = join($in{'and'} ? " and " : " or ", map { "<tt>" . &html_escape($_) .
++      "</tt>" } @for);
+ &ui_print_header(&text('search_for', $for), $text{'search_title'}, "");
+ if (@rv) {
+       #@rv = sort { $b->[4] <=> $a->[4] } @rv;
+@@ -280,7 +281,8 @@ if (@rv) {
+       print &ui_columns_end();
+       }
+ else {
+-      print "<p><b>",&text('search_none', "<tt>$in{'for'}</tt>"),"</b><p>\n";
++      print "<p><b>",&text('search_none', "<tt>" . &html_escape($in{'for'}) .
++              "</tt>"),"</b><p>\n";
+       }
+ 
+ &ui_print_footer("", $text{'index_return'});
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ao
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ao  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ao,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- postfix/mailq_search.cgi.orig      2007-09-21 23:26:52.000000000 +0200
++++ postfix/mailq_search.cgi
+@@ -17,7 +17,8 @@ $neg = ($in{'field'} =~ s/^!//);
+                $neg ? !$r : $r } @qfiles;
+ 
+ print "<p><b>",&text($in{'field'} =~ /^\!/ ? 'search_results3' :
+-        'search_results2', scalar(@qfiles), "<tt>$in{'match'}</tt>"),"</b><p>\n";
++        'search_results2', scalar(@qfiles), "<tt>" .
++        &html_escape($in{'match'}) . "</tt>"),"</b><p>\n";
+ if (@qfiles) {
+       # Show matching messages
+       &mailq_table(\@qfiles);
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-ap  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ap,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- webminlog/search.cgi.orig  2007-09-21 23:26:52.000000000 +0200
++++ webminlog/search.cgi
+@@ -91,7 +91,8 @@ $searchmsg = join(" ",
+ if (@match) {
+       if ($in{'sid'}) {
+               print "<b>",&text('search_sid', "<tt>$match[0]->{'user'}</tt>",
+-                                "<tt>$in{'sid'}</tt>")," ..</b><p>\n";
++                                "<tt>" . &html_escape($in{'sid'}) . "</tt>"),
++                                " ..</b><p>\n";
+               }
+       elsif ($in{'uall'} == 1 && $in{'mall'} && $in{'tall'}) {
+               print "<b>$text{'search_critall'} ..</b><p>\n";
diff -r 7c691844cea3 -r fd9a1e0883c9 sysutils/webmin/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/webmin/patches/patch-aq  Fri Jul 25 02:55:27 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-aq,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
+
+--- postgresql/old/search_form.cgi.orig        2007-09-21 23:26:53.000000000 +0200
++++ postgresql/old/search_form.cgi
+@@ -6,7 +6,8 @@ require './postgresql-lib.pl';
+ &can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
+ @str = &table_structure($in{'db'}, $in{'table'});
+ 



Home | Main Index | Thread Index | Old Index