Sun Aug 10 15:27:26 2008 UTC ()
Pullup ticket 2478 - requested by kefren
Security patch for mono
Revisions pulled up:
- lang/mono/Makefile 1.69
- lang/mono/distinfo 1.36
- lang/mono/patches/patch-cf 1.1
- lang/mono/patches/patch-cg 1.1
- lang/mono/patches/patch-ch 1.1
- lang/mono/patches/patch-ci 1.1
- lang/mono/patches/patch-cj 1.1
- lang/mono/patches/patch-ck 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Sat Aug 9 19:57:51 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cf patch-cg patch-ch patch-ci patch-cj
patch-ck
Log Message:
fix an cross site scripting vulnerability
bump PKGREVISION
(tron)
diff -r1.67 -r1.67.4.1 pkgsrc/lang/mono/Makefile
diff -r1.35 -r1.35.4.1 pkgsrc/lang/mono/distinfo
diff -r0 -r1.1.2.2 pkgsrc/lang/mono/patches/patch-cf
diff -r0 -r1.1.2.2 pkgsrc/lang/mono/patches/patch-cg
diff -r0 -r1.1.2.2 pkgsrc/lang/mono/patches/patch-ch
diff -r0 -r1.1.2.2 pkgsrc/lang/mono/patches/patch-ci
diff -r0 -r1.1.2.2 pkgsrc/lang/mono/patches/patch-cj
diff -r0 -r1.1.2.2 pkgsrc/lang/mono/patches/patch-ck
--- pkgsrc/lang/mono/Makefile 2008/05/30 11:07:22 1.67
+++ pkgsrc/lang/mono/Makefile 2008/08/10 15:27:26 1.67.4.1
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.67 2008/05/30 11:07:22 tnn Exp $
+# $NetBSD: Makefile,v 1.67.4.1 2008/08/10 15:27:26 tron Exp $
DISTNAME= mono-${MONO_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= lang
MASTER_SITES= http://go-mono.com/sources/mono/
EXTRACT_SUFX= .tar.bz2
--- pkgsrc/lang/mono/distinfo 2008/04/25 11:23:26 1.35
+++ pkgsrc/lang/mono/distinfo 2008/08/10 15:27:26 1.35.4.1
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2008/04/25 11:23:26 kefren Exp $
+$NetBSD: distinfo,v 1.35.4.1 2008/08/10 15:27:26 tron Exp $
SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7
RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0
@@ -27,3 +27,9 @@
SHA1 (patch-cc) = ee2b28f90034d17330910af2f6c47524a3d6d557
SHA1 (patch-cd) = dc2afe3992c50b4201af628e12fc269d8bf893a6
SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0
+SHA1 (patch-cf) = 5f896a60fe1056c34237c38fb25f6dea3b5939e5
+SHA1 (patch-cg) = eb28f024bae68028fd3d047794974d04b9a59783
+SHA1 (patch-ch) = ac6f50457ac38d922394b47d6e8bd2595991fcaa
+SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961
+SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be
+SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68
$NetBSD: patch-cf,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog.orig 2008-02-06 22:38:44.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog 2008-08-09 22:23:02.000000000 +0300
@@ -1,3 +1,10 @@
+2008-07-25 Dean Brettle <dean@brettle.com>
+
+ * HtmlControl.cs (PreProcessRelativeReference),
+ HtmlForm.cs (RenderAttributes), HtmlInputButton (RenderAttributes),
+ HtmlInputRadioButton (RenderAttributes), HtmlSelect (RenderChildren):
+ Encode attributes that could contain HTML special chars.
+
2008-02-06 Marek Habersack <mhabersack@novell.com>
* HtmlMeta.cs: render XHTML compliant tag if not in the Legacy
$NetBSD: patch-cg,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs.orig 2007-11-09 00:10:32.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs 2008-08-09 22:23:02.000000000 +0300
@@ -90,7 +90,7 @@
catch (Exception) {
throw new HttpException(attribName + " property had malformed url");
}
- writer.WriteAttribute(attribName, attr);
+ writer.WriteAttribute(attribName, attr, true);
Attributes.Remove(attribName);
}
}
$NetBSD: patch-ch,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs.orig 2008-01-30 00:04:11.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs 2008-08-09 22:23:02.000000000 +0300
@@ -276,7 +276,7 @@
w.WriteAttribute ("name", Name);
w.WriteAttribute ("method", Method);
- w.WriteAttribute ("action", action);
+ w.WriteAttribute ("action", action, true);
/*
* This is a hack that guarantees the ID is set properly for HtmlControl to
$NetBSD: patch-ci,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs.orig 2007-11-09 00:10:32.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs 2008-08-09 22:23:02.000000000 +0300
@@ -302,7 +302,7 @@
if (oc != null) {
writer.WriteAttribute ("language", "javascript");
- writer.WriteAttribute ("onclick", oc);
+ writer.WriteAttribute ("onclick", oc, true);
}
}
#endif
$NetBSD: patch-cj,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs.orig 2007-11-09 00:10:32.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs 2008-08-09 22:23:02.000000000 +0300
@@ -126,7 +126,7 @@
if (Page != null)
Page.ClientScript.RegisterForEventValidation (this.UniqueID, Value);
#endif
- writer.WriteAttribute ("value", Value);
+ writer.WriteAttribute ("value", Value, true);
Attributes.Remove ("value");
base.RenderAttributes (writer);
}
$NetBSD: patch-ck,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs.orig 2008-01-30 00:04:11.000000000 +0200
+++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs 2008-08-09 22:23:02.000000000 +0300
@@ -693,7 +693,7 @@
}
}
- w.WriteAttribute ("value", item.Value);
+ w.WriteAttribute ("value", item.Value, true);
w.Write (HtmlTextWriter.TagRightChar);
w.Write (item.Text);