Security fix for SA46615

BackupPC "num" Cross-Site Scripting Vulnerability

patch taken from ubuntu

sysutils/backuppc/Makefile

@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2011/09/20 11:36:55 landry Exp $
+# $OpenBSD: Makefile,v 1.2 2011/10/28 21:56:56 jasper Exp $
 
 COMMENT =	remote backup software system
 
 DISTNAME =	BackupPC-3.2.1
 PKGNAME =	${DISTNAME:L}
+REVISION =	0
 
 CATEGORIES =	sysutils
 

sysutils/backuppc/patches/patch-lib_BackupPC_CGI_View_pm

@@ -1,6 +1,22 @@
-$OpenBSD: patch-lib_BackupPC_CGI_View_pm,v 1.1.1.1 2011/09/20 11:36:55 landry Exp $
---- lib/BackupPC/CGI/View.pm.orig	Sat Sep 17 18:52:47 2011
-+++ lib/BackupPC/CGI/View.pm	Sat Sep 17 18:53:14 2011
+$OpenBSD: patch-lib_BackupPC_CGI_View_pm,v 1.2 2011/10/28 21:56:57 jasper Exp $
+
+First chunk:
+Security fix for SA46615
+BackupPC "num" Cross-Site Scripting Vulnerability
+
+From http://patches.ubuntu.com/b/backuppc/backuppc_3.2.1-1ubuntu2.patch
+
+--- lib/BackupPC/CGI/View.pm.orig	Mon Apr 25 05:31:55 2011
++++ lib/BackupPC/CGI/View.pm	Fri Oct 28 23:54:56 2011
+@@ -46,7 +46,7 @@ sub action
+     my $compress = 0;
+     my $fh;
+     my $host = $In{host};
+-    my $num  = $In{num};
++    my $num  = ${EscHTML($In{num})};
+     my $type = $In{type};
+     my $linkHosts = 0;
+     my($file, $comment);
 @@ -86,7 +86,7 @@ sub action
          $file = $bpc->ConfDir() . "/hosts";
          $linkHosts = 1;