pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/lang/mono Pullup ticket #2516 - requested by k...
details: https://anonhg.NetBSD.org/pkgsrc/rev/0c07b583ad48
branches: pkgsrc-2008Q2
changeset: 544305:0c07b583ad48
user: tron <tron%pkgsrc.org@localhost>
date: Thu Sep 04 21:37:19 2008 +0000
description:
Pullup ticket #2516 - requested by kefren
mono: security patch
Revisions pulled up:
- lang/mono/Makefile 1.70-1.71
- lang/mono/PLIST 1.25
- lang/mono/distinfo 1.37
- lang/mono/patches/patch-cl 1.1
- lang/mono/patches/patch-cm 1.1
---
Module Name: pkgsrc
Committed By: tron
Date: Sun Aug 10 16:19:33 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile PLIST
Log Message:
Remove directory "include/mono-1.0/mono" on deinstallation.
Bump package revision because of a package list fix.
---
Module Name: pkgsrc
Committed By: kefren
Date: Mon Sep 1 09:28:54 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cl patch-cm
Log Message:
Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
"HTTP header injection" attacks
diffstat:
lang/mono/Makefile | 4 +-
lang/mono/PLIST | 3 +-
lang/mono/distinfo | 4 +-
lang/mono/patches/patch-cl | 70 ++++++++++++++++++++++++++++++++++++++++++++++
lang/mono/patches/patch-cm | 21 +++++++++++++
5 files changed, 98 insertions(+), 4 deletions(-)
diffs (142 lines):
diff -r 33d9a98700bf -r 0c07b583ad48 lang/mono/Makefile
--- a/lang/mono/Makefile Thu Sep 04 21:01:44 2008 +0000
+++ b/lang/mono/Makefile Thu Sep 04 21:37:19 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.67.4.1 2008/08/10 15:27:26 tron Exp $
+# $NetBSD: Makefile,v 1.67.4.2 2008/09/04 21:37:19 tron Exp $
DISTNAME= mono-${MONO_VERSION}
-PKGREVISION= 2
+PKGREVISION= 4
CATEGORIES= lang
MASTER_SITES= http://go-mono.com/sources/mono/
EXTRACT_SUFX= .tar.bz2
diff -r 33d9a98700bf -r 0c07b583ad48 lang/mono/PLIST
--- a/lang/mono/PLIST Thu Sep 04 21:01:44 2008 +0000
+++ b/lang/mono/PLIST Thu Sep 04 21:37:19 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2008/04/19 18:42:10 kefren Exp $
+@comment $NetBSD: PLIST,v 1.24.4.1 2008/09/04 21:37:19 tron Exp $
bin/al
bin/al2
bin/caspol
@@ -967,4 +967,5 @@
@dirrm include/mono-1.0/mono/io-layer
@dirrm include/mono-1.0/mono/interpreter
@dirrm include/mono-1.0/mono/cil
+@dirrm include/mono-1.0/mono
@dirrm include/mono-1.0
diff -r 33d9a98700bf -r 0c07b583ad48 lang/mono/distinfo
--- a/lang/mono/distinfo Thu Sep 04 21:01:44 2008 +0000
+++ b/lang/mono/distinfo Thu Sep 04 21:37:19 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35.4.1 2008/08/10 15:27:26 tron Exp $
+$NetBSD: distinfo,v 1.35.4.2 2008/09/04 21:37:19 tron Exp $
SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7
RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0
@@ -33,3 +33,5 @@
SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961
SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be
SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68
+SHA1 (patch-cl) = 7678d74b5ee3c1d179b83d070f8e3855c2eb3c9a
+SHA1 (patch-cm) = 304168de1dc9e16b87264cb14af0c00a55b87f0e
diff -r 33d9a98700bf -r 0c07b583ad48 lang/mono/patches/patch-cl
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cl Thu Sep 04 21:37:19 2008 +0000
@@ -0,0 +1,70 @@
+$NetBSD: patch-cl,v 1.1.2.2 2008/09/04 21:37:19 tron Exp $
+--- mcs/class/System.Web/System.Web/HttpResponseHeader.cs 2008/08/21 16:19:17 111275
++++ mcs/class/System.Web/System.Web/HttpResponseHeader.cs 2008/08/21 16:51:54 111276
+@@ -30,17 +30,65 @@
+
+ using System.Collections;
+ using System.Text;
++using System.Web.Configuration;
+
+ namespace System.Web {
+
+ internal abstract class BaseResponseHeader {
+- public string Value;
++ string headerValue;
++
++ public string Value {
++ get { return headerValue; }
++ set { headerValue = EncodeHeader (value); }
++ }
+
++ static bool headerCheckingEnabled;
++
++ static BaseResponseHeader () {
++#if NET_2_0
++ HttpRuntimeSection section = WebConfigurationManager.GetSection ("system.web/httpRuntime") as HttpRuntimeSection;
++#else
++ HttpRuntimeConfig section = HttpContext.GetAppConfig ("system.web/httpRuntime") as HttpRuntimeConfig;
++#endif
++ headerCheckingEnabled = section == null || section.EnableHeaderChecking;
++ }
++
++
+ internal BaseResponseHeader (string val)
+ {
+ Value = val;
+ }
+
++ string EncodeHeader (string value)
++ {
++ if (value == null || value.Length == 0)
++ return value;
++
++ if (headerCheckingEnabled) {
++ StringBuilder ret = new StringBuilder ();
++ int len = value.Length;
++
++ for (int i = 0; i < len; i++) {
++ switch (value [i]) {
++ case '\r':
++ ret.Append ("%0d");
++ break;
++
++ case '\n':
++ ret.Append ("%0a");
++ break;
++
++ default:
++ ret.Append (value [i]);
++ break;
++ }
++ }
++
++ return ret.ToString ();
++ } else
++ return value;
++ }
++
+ internal abstract void SendContent (HttpWorkerRequest wr);
+ }
+
diff -r 33d9a98700bf -r 0c07b583ad48 lang/mono/patches/patch-cm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cm Thu Sep 04 21:37:19 2008 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-cm,v 1.1.2.2 2008/09/04 21:37:19 tron Exp $
+--- mcs/class/System.Web/System.Web.Configuration/HttpRuntimeConfig.cs 2008/08/21 16:19:17 111275
++++ mcs/class/System.Web/System.Web.Configuration/HttpRuntimeConfig.cs 2008/08/21 16:51:54 111276
+@@ -55,7 +55,8 @@
+ public int IdleTimeout = 20; // minutes
+ public bool Enable = true;
+ public string VersionHeader;
+-
++ public bool EnableHeaderChecking = true;
++
+ /* Only the config. handler should create instances of this. Use GetInstance (context) */
+ public HttpRuntimeConfig (object p)
+ {
+@@ -92,6 +93,7 @@
+ RequireRootSaveAsPath = parent.RequireRootSaveAsPath;
+ IdleTimeout = parent.IdleTimeout;
+ Enable = parent.Enable;
++ EnableHeaderChecking = parent.EnableHeaderChecking;
+ }
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index