Pullup ticket 2478 - requested by kefren
Security patch for mono
Revisions pulled up:
- lang/mono/Makefile 1.69
- lang/mono/distinfo 1.36
- lang/mono/patches/patch-cf 1.1
- lang/mono/patches/patch-cg 1.1
- lang/mono/patches/patch-ch 1.1
- lang/mono/patches/patch-ci 1.1
- lang/mono/patches/patch-cj 1.1
- lang/mono/patches/patch-ck 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Sat Aug 9 19:57:51 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cf patch-cg patch-ch patch-ci patch-cj
patch-ck
Log Message:
fix an cross site scripting vulnerability
bump PKGREVISION
(tron)
diff -r1.67 -r1.67.4.1 pkgsrc/lang/mono/Makefile| @@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.67 2008/05/30 11:07:22 tnn Exp $ | 1 | # $NetBSD: Makefile,v 1.67.4.1 2008/08/10 15:27:26 tron Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= mono-${MONO_VERSION} | 3 | DISTNAME= mono-${MONO_VERSION} | |
| 4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
| 5 | CATEGORIES= lang | 5 | CATEGORIES= lang | |
| 6 | MASTER_SITES= http://go-mono.com/sources/mono/ | 6 | MASTER_SITES= http://go-mono.com/sources/mono/ | |
| 7 | EXTRACT_SUFX= .tar.bz2 | 7 | EXTRACT_SUFX= .tar.bz2 | |
| 8 | 8 | |||
| 9 | MAINTAINER= kefren@NetBSD.org | 9 | MAINTAINER= kefren@NetBSD.org | |
| 10 | HOMEPAGE= http://www.mono-project.com/ | 10 | HOMEPAGE= http://www.mono-project.com/ | |
| 11 | COMMENT= Open source implementation of the .NET Development Framework | 11 | COMMENT= Open source implementation of the .NET Development Framework | |
| 12 | 12 | |||
| 13 | BUILD_DEPENDS+= p5-XML-Parser-[0-9]*:../../textproc/p5-XML-Parser | 13 | BUILD_DEPENDS+= p5-XML-Parser-[0-9]*:../../textproc/p5-XML-Parser | |
| 14 | 14 | |||
| 15 | CONFLICTS= pnet-[0-9]* | 15 | CONFLICTS= pnet-[0-9]* | |
| 16 | 16 | |||
| 17 | MONO_VERSION= 1.9.1 | 17 | MONO_VERSION= 1.9.1 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | $NetBSD: distinfo,v 1.35 2008/04/25 11:23:26 kefren Exp $ | 1 | $NetBSD: distinfo,v 1.35.4.1 2008/08/10 15:27:26 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7 | 3 | SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7 | |
| 4 | RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0 | 4 | RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0 | |
| 5 | Size (mono-1.9.1.tar.bz2) = 18429855 bytes | 5 | Size (mono-1.9.1.tar.bz2) = 18429855 bytes | |
| 6 | SHA1 (patch-aa) = 5d9fb5f3a468f415337565021497fa1005716502 | 6 | SHA1 (patch-aa) = 5d9fb5f3a468f415337565021497fa1005716502 | |
| 7 | SHA1 (patch-ab) = 28217e3c8bbbde2e26d33bf32297e99971e3d436 | 7 | SHA1 (patch-ab) = 28217e3c8bbbde2e26d33bf32297e99971e3d436 | |
| 8 | SHA1 (patch-ac) = 4ca577c2a03a6bc71b198e6dfa87cc6b2b9ad60a | 8 | SHA1 (patch-ac) = 4ca577c2a03a6bc71b198e6dfa87cc6b2b9ad60a | |
| 9 | SHA1 (patch-ad) = c03630b88d2614eb3bc37dfc0dc4cd0b0bbe5e63 | 9 | SHA1 (patch-ad) = c03630b88d2614eb3bc37dfc0dc4cd0b0bbe5e63 | |
| 10 | SHA1 (patch-ae) = f0654c3103e3d69c44158456f481e5a357350cb1 | 10 | SHA1 (patch-ae) = f0654c3103e3d69c44158456f481e5a357350cb1 | |
| 11 | SHA1 (patch-af) = abe2bc406e8f58c00f4d1226bda3c5fb9d4ea36f | 11 | SHA1 (patch-af) = abe2bc406e8f58c00f4d1226bda3c5fb9d4ea36f | |
| 12 | SHA1 (patch-ag) = 93775d9350fac57f58f20a7f5a512b8f4a3bd1ca | 12 | SHA1 (patch-ag) = 93775d9350fac57f58f20a7f5a512b8f4a3bd1ca | |
| 13 | SHA1 (patch-ak) = 034d260926fb31aa6b94faf5942f6ec7c7b461df | 13 | SHA1 (patch-ak) = 034d260926fb31aa6b94faf5942f6ec7c7b461df | |
| 14 | SHA1 (patch-ap) = db62ab3c1adc9f8a0b6051c4cbb76aef61a5c7dc | 14 | SHA1 (patch-ap) = db62ab3c1adc9f8a0b6051c4cbb76aef61a5c7dc | |
| @@ -17,13 +17,19 @@ SHA1 (patch-ar) = a82fa37f2580cd412ac077 | @@ -17,13 +17,19 @@ SHA1 (patch-ar) = a82fa37f2580cd412ac077 | |||
| 17 | SHA1 (patch-ba) = b5d7f5832ea53dd00af67ac94b5289d71f0d2152 | 17 | SHA1 (patch-ba) = b5d7f5832ea53dd00af67ac94b5289d71f0d2152 | |
| 18 | SHA1 (patch-bc) = bbf1a903cf7fee1dbd3a070b0ef0d5aecbdf67e2 | 18 | SHA1 (patch-bc) = bbf1a903cf7fee1dbd3a070b0ef0d5aecbdf67e2 | |
| 19 | SHA1 (patch-bd) = cf15b750dbd93ebf0e0e5165b8a10aabbf4f1642 | 19 | SHA1 (patch-bd) = cf15b750dbd93ebf0e0e5165b8a10aabbf4f1642 | |
| 20 | SHA1 (patch-be) = d7a6232690ecd15c32ed44dcc498e596c248f332 | 20 | SHA1 (patch-be) = d7a6232690ecd15c32ed44dcc498e596c248f332 | |
| 21 | SHA1 (patch-bf) = e945b13fbffc1239a4c459a2c6be543e67e883f9 | 21 | SHA1 (patch-bf) = e945b13fbffc1239a4c459a2c6be543e67e883f9 | |
| 22 | SHA1 (patch-bg) = 92168eba23d1cf17a1424e318e21b0d845c52c5a | 22 | SHA1 (patch-bg) = 92168eba23d1cf17a1424e318e21b0d845c52c5a | |
| 23 | SHA1 (patch-bh) = a42432fd8ed92e2213fbcd24bf29c2b6d4cbd8ba | 23 | SHA1 (patch-bh) = a42432fd8ed92e2213fbcd24bf29c2b6d4cbd8ba | |
| 24 | SHA1 (patch-bi) = 91786c858b459cd6b5a0dc683b5bdefc412973c1 | 24 | SHA1 (patch-bi) = 91786c858b459cd6b5a0dc683b5bdefc412973c1 | |
| 25 | SHA1 (patch-ca) = f5c54525d70b185f9fcb28f82034c4e995395c0b | 25 | SHA1 (patch-ca) = f5c54525d70b185f9fcb28f82034c4e995395c0b | |
| 26 | SHA1 (patch-cb) = eaf041b83af24afc4d82d5088a01f98810a1de69 | 26 | SHA1 (patch-cb) = eaf041b83af24afc4d82d5088a01f98810a1de69 | |
| 27 | SHA1 (patch-cc) = ee2b28f90034d17330910af2f6c47524a3d6d557 | 27 | SHA1 (patch-cc) = ee2b28f90034d17330910af2f6c47524a3d6d557 | |
| 28 | SHA1 (patch-cd) = dc2afe3992c50b4201af628e12fc269d8bf893a6 | 28 | SHA1 (patch-cd) = dc2afe3992c50b4201af628e12fc269d8bf893a6 | |
| 29 | SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0 | 29 | SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0 | |
| 30 | SHA1 (patch-cf) = 5f896a60fe1056c34237c38fb25f6dea3b5939e5 | |||
| 31 | SHA1 (patch-cg) = eb28f024bae68028fd3d047794974d04b9a59783 | |||
| 32 | SHA1 (patch-ch) = ac6f50457ac38d922394b47d6e8bd2595991fcaa | |||
| 33 | SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961 | |||
| 34 | SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be | |||
| 35 | SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68 |
$NetBSD: patch-cf,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog.orig 2008-02-06 22:38:44.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog 2008-08-09 22:23:02.000000000 +0300
@@ -1,3 +1,10 @@
+2008-07-25 Dean Brettle <dean@brettle.com>
+
+ * HtmlControl.cs (PreProcessRelativeReference),
+ HtmlForm.cs (RenderAttributes), HtmlInputButton (RenderAttributes),
+ HtmlInputRadioButton (RenderAttributes), HtmlSelect (RenderChildren):
+ Encode attributes that could contain HTML special chars.
+
2008-02-06 Marek Habersack <mhabersack@novell.com>
* HtmlMeta.cs: render XHTML compliant tag if not in the Legacy
$NetBSD: patch-cg,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs.orig 2007-11-09 00:10:32.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs 2008-08-09 22:23:02.000000000 +0300
@@ -90,7 +90,7 @@
catch (Exception) {
throw new HttpException(attribName + " property had malformed url");
}
- writer.WriteAttribute(attribName, attr);
+ writer.WriteAttribute(attribName, attr, true);
Attributes.Remove(attribName);
}
}
$NetBSD: patch-ch,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs.orig 2008-01-30 00:04:11.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs 2008-08-09 22:23:02.000000000 +0300
@@ -276,7 +276,7 @@
w.WriteAttribute ("name", Name);
w.WriteAttribute ("method", Method);
- w.WriteAttribute ("action", action);
+ w.WriteAttribute ("action", action, true);
/*
* This is a hack that guarantees the ID is set properly for HtmlControl to
$NetBSD: patch-ci,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs.orig 2007-11-09 00:10:32.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs 2008-08-09 22:23:02.000000000 +0300
@@ -302,7 +302,7 @@
if (oc != null) {
writer.WriteAttribute ("language", "javascript");
- writer.WriteAttribute ("onclick", oc);
+ writer.WriteAttribute ("onclick", oc, true);
}
}
#endif
$NetBSD: patch-cj,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs.orig 2007-11-09 00:10:32.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs 2008-08-09 22:23:02.000000000 +0300
@@ -126,7 +126,7 @@
if (Page != null)
Page.ClientScript.RegisterForEventValidation (this.UniqueID, Value);
#endif
- writer.WriteAttribute ("value", Value);
+ writer.WriteAttribute ("value", Value, true);
Attributes.Remove ("value");
base.RenderAttributes (writer);
}
$NetBSD: patch-ck,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs.orig 2008-01-30 00:04:11.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs 2008-08-09 22:23:02.000000000 +0300
@@ -693,7 +693,7 @@
}
}
- w.WriteAttribute ("value", item.Value);
+ w.WriteAttribute ("value", item.Value, true);
w.Write (HtmlTextWriter.TagRightChar);
w.Write (item.Text);