Tue Nov 23 16:33:04 2010 UTC ()
add fix for CVE-2010-4159
PKGREVISION++


(kefren)
diff -r1.106 -r1.107 pkgsrc/lang/mono/Makefile
diff -r1.68 -r1.69 pkgsrc/lang/mono/distinfo
diff -r0 -r1.1 pkgsrc/lang/mono/patches/patch-at
cvs diff -r1.106 -r1.107 pkgsrc/lang/mono/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/mono/Makefile 2010/10/16 04:32:18 1.106
+++ pkgsrc/lang/mono/Makefile 2010/11/23 16:33:03 1.107
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1# $NetBSD: Makefile,v 1.106 2010/10/16 04:32:18 kefren Exp $ 1# $NetBSD: Makefile,v 1.107 2010/11/23 16:33:03 kefren Exp $
2 2
3DISTNAME= mono-2.8 3DISTNAME= mono-2.8
 4PKGREVISION= 1
4CATEGORIES= lang 5CATEGORIES= lang
5MASTER_SITES= http://ftp.novell.com/pub/mono/sources/mono/ 6MASTER_SITES= http://ftp.novell.com/pub/mono/sources/mono/
6EXTRACT_SUFX= .tar.bz2 7EXTRACT_SUFX= .tar.bz2
7 8
8MAINTAINER= kefren@NetBSD.org 9MAINTAINER= kefren@NetBSD.org
9HOMEPAGE= http://www.mono-project.com/ 10HOMEPAGE= http://www.mono-project.com/
10COMMENT= Open source implementation of the .NET Development Framework 11COMMENT= Open source implementation of the .NET Development Framework
11 12
12PKG_DESTDIR_SUPPORT= user-destdir 13PKG_DESTDIR_SUPPORT= user-destdir
13MAKE_JOBS_SAFE= no 14MAKE_JOBS_SAFE= no
14 15
15LICENSE= mit AND gnu-gpl-v2 AND gnu-lgpl-v2 AND x11 16LICENSE= mit AND gnu-gpl-v2 AND gnu-lgpl-v2 AND x11
16 17
cvs diff -r1.68 -r1.69 pkgsrc/lang/mono/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/mono/distinfo 2010/10/16 04:32:18 1.68
+++ pkgsrc/lang/mono/distinfo 2010/11/23 16:33:03 1.69
@@ -1,34 +1,35 @@ @@ -1,34 +1,35 @@
1$NetBSD: distinfo,v 1.68 2010/10/16 04:32:18 kefren Exp $ 1$NetBSD: distinfo,v 1.69 2010/11/23 16:33:03 kefren Exp $
2 2
3SHA1 (mono-2.8.tar.bz2) = a724de68dccb583b54d2e08c5a1e5760c18225ab 3SHA1 (mono-2.8.tar.bz2) = a724de68dccb583b54d2e08c5a1e5760c18225ab
4RMD160 (mono-2.8.tar.bz2) = e2f78f8128a94dd983b380a2408c7a648e8e0864 4RMD160 (mono-2.8.tar.bz2) = e2f78f8128a94dd983b380a2408c7a648e8e0864
5Size (mono-2.8.tar.bz2) = 31279224 bytes 5Size (mono-2.8.tar.bz2) = 31279224 bytes
6SHA1 (patch-aa) = f3c88247c143cba6d0475f1dabb653adbc841bdb 6SHA1 (patch-aa) = f3c88247c143cba6d0475f1dabb653adbc841bdb
7SHA1 (patch-ab) = ea20eb85d29c36de8f830a5225cd271d75225407 7SHA1 (patch-ab) = ea20eb85d29c36de8f830a5225cd271d75225407
8SHA1 (patch-ac) = 78f3b0786480e066959cc191e3f45d3f773220e2 8SHA1 (patch-ac) = 78f3b0786480e066959cc191e3f45d3f773220e2
9SHA1 (patch-ad) = e2a7a65f1729113f7c1d8a9c3997afbaa78d2151 9SHA1 (patch-ad) = e2a7a65f1729113f7c1d8a9c3997afbaa78d2151
10SHA1 (patch-ae) = 0280993f1565ebd6fb552d12cfe12d105421de53 10SHA1 (patch-ae) = 0280993f1565ebd6fb552d12cfe12d105421de53
11SHA1 (patch-af) = c109a9a742cb70d83cf99df0ad6c907c68809d52 11SHA1 (patch-af) = c109a9a742cb70d83cf99df0ad6c907c68809d52
12SHA1 (patch-ag) = c9563d5870c7adc44c241f08b89fb73a98fa018a 12SHA1 (patch-ag) = c9563d5870c7adc44c241f08b89fb73a98fa018a
13SHA1 (patch-ah) = 5e38b9d7eadb65da697d9bdd1ebbd053f56c0f5b 13SHA1 (patch-ah) = 5e38b9d7eadb65da697d9bdd1ebbd053f56c0f5b
14SHA1 (patch-ai) = cd5593a7e95039980b839bdabdf59d9e68fb9f56 14SHA1 (patch-ai) = cd5593a7e95039980b839bdabdf59d9e68fb9f56
15SHA1 (patch-aj) = a5aab739e01fd969edb85b5b3e08c087554d0a72 15SHA1 (patch-aj) = a5aab739e01fd969edb85b5b3e08c087554d0a72
16SHA1 (patch-ak) = 034d260926fb31aa6b94faf5942f6ec7c7b461df 16SHA1 (patch-ak) = 034d260926fb31aa6b94faf5942f6ec7c7b461df
17SHA1 (patch-al) = 95dab1ad159b41f9e4f8ab6077bf2e2d2d9f1f03 17SHA1 (patch-al) = 95dab1ad159b41f9e4f8ab6077bf2e2d2d9f1f03
18SHA1 (patch-ap) = 9da5c76e34f1f61da411ab4e0c884c23cc320bb9 18SHA1 (patch-ap) = 9da5c76e34f1f61da411ab4e0c884c23cc320bb9
19SHA1 (patch-aq) = a356e520eeb95a8c3bb1485cb460710703882e39 19SHA1 (patch-aq) = a356e520eeb95a8c3bb1485cb460710703882e39
20SHA1 (patch-ar) = 7a2a916f3362da087b2dcfe6b91ba47339151e5b 20SHA1 (patch-ar) = 7a2a916f3362da087b2dcfe6b91ba47339151e5b
21SHA1 (patch-as) = 9f434c84f57e985d4734872e2dbce1079c87fcfa 21SHA1 (patch-as) = 9f434c84f57e985d4734872e2dbce1079c87fcfa
 22SHA1 (patch-at) = ddcfcde40e9e77c76d3537d01a77c607768c3875
22SHA1 (patch-ba) = b5d7f5832ea53dd00af67ac94b5289d71f0d2152 23SHA1 (patch-ba) = b5d7f5832ea53dd00af67ac94b5289d71f0d2152
23SHA1 (patch-bc) = bbf1a903cf7fee1dbd3a070b0ef0d5aecbdf67e2 24SHA1 (patch-bc) = bbf1a903cf7fee1dbd3a070b0ef0d5aecbdf67e2
24SHA1 (patch-bd) = 15c803bf85ad36ad08bcaaf7dbc371a6473ae5f2 25SHA1 (patch-bd) = 15c803bf85ad36ad08bcaaf7dbc371a6473ae5f2
25SHA1 (patch-be) = d7a6232690ecd15c32ed44dcc498e596c248f332 26SHA1 (patch-be) = d7a6232690ecd15c32ed44dcc498e596c248f332
26SHA1 (patch-bf) = e945b13fbffc1239a4c459a2c6be543e67e883f9 27SHA1 (patch-bf) = e945b13fbffc1239a4c459a2c6be543e67e883f9
27SHA1 (patch-bg) = a748a11e6ccaa4abc6552e64615f16657d277c15 28SHA1 (patch-bg) = a748a11e6ccaa4abc6552e64615f16657d277c15
28SHA1 (patch-bh) = a42432fd8ed92e2213fbcd24bf29c2b6d4cbd8ba 29SHA1 (patch-bh) = a42432fd8ed92e2213fbcd24bf29c2b6d4cbd8ba
29SHA1 (patch-bi) = 91786c858b459cd6b5a0dc683b5bdefc412973c1 30SHA1 (patch-bi) = 91786c858b459cd6b5a0dc683b5bdefc412973c1
30SHA1 (patch-ca) = f5c54525d70b185f9fcb28f82034c4e995395c0b 31SHA1 (patch-ca) = f5c54525d70b185f9fcb28f82034c4e995395c0b
31SHA1 (patch-cb) = eaf041b83af24afc4d82d5088a01f98810a1de69 32SHA1 (patch-cb) = eaf041b83af24afc4d82d5088a01f98810a1de69
32SHA1 (patch-cc) = 97b247ea353c6b0e08b96bdf0e6de74c5dcb60ef 33SHA1 (patch-cc) = 97b247ea353c6b0e08b96bdf0e6de74c5dcb60ef
33SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0 34SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0
34SHA1 (patch-da) = 877ed8ec92ec25686c5a9a59db107f122d49035d 35SHA1 (patch-da) = 877ed8ec92ec25686c5a9a59db107f122d49035d
File Added: pkgsrc/lang/mono/patches/Attic/patch-at
$NetBSD: patch-at,v 1.1 2010/11/23 16:33:04 kefren Exp $

Fix for CVE-2010-4159 from git repository:
https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625

--- mono/metadata/loader.c.orig	2010-11-23 17:54:39.000000000 +0200
+++ mono/metadata/loader.c	2010-11-23 17:54:50.000000000 +0200
@@ -1340,32 +1340,34 @@
 
 		if (!module) {
 			void *iter = NULL;
-			while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
+			char *mdirname = g_path_get_dirname (image->name);
+			while ((full_name = mono_dl_build_path (mdirname, file_name, &iter))) {
 				mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-						"DllImport loading location: '%s'.", full_name);
+					"DllImport loading library: '%s'.", full_name);
 				module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
 				if (!module) {
 					mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-							"DllImport error loading library: '%s'.",
-							error_msg);
+						"DllImport error loading library '%s'.",
+						error_msg);
 					g_free (error_msg);
 				}
 				g_free (full_name);
 				if (module)
 					break;
 			}
+			g_free (mdirname);
 		}
 
 		if (!module) {
 			void *iter = NULL;
-			while ((full_name = mono_dl_build_path (".", file_name, &iter))) {
+			while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
 				mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-					"DllImport loading library: '%s'.", full_name);
+						"DllImport loading location: '%s'.", full_name);
 				module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
 				if (!module) {
 					mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-						"DllImport error loading library '%s'.",
-						error_msg);
+							"DllImport error loading library: '%s'.",
+							error_msg);
 					g_free (error_msg);
 				}
 				g_free (full_name);