pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/mono Merge fix for Bug 418620 (SVN revision 11127...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ecfe79e5a5b8
branches: trunk
changeset: 546435:ecfe79e5a5b8
user: kefren <kefren%pkgsrc.org@localhost>
date: Mon Sep 01 09:28:54 2008 +0000
description:
Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
"HTTP header injection" attacks
diffstat:
lang/mono/Makefile | 4 +-
lang/mono/distinfo | 4 +-
lang/mono/patches/patch-cl | 70 ++++++++++++++++++++++++++++++++++++++++++++++
lang/mono/patches/patch-cm | 21 +++++++++++++
4 files changed, 96 insertions(+), 3 deletions(-)
diffs (127 lines):
diff -r 9ef706f45c26 -r ecfe79e5a5b8 lang/mono/Makefile
--- a/lang/mono/Makefile Mon Sep 01 09:04:19 2008 +0000
+++ b/lang/mono/Makefile Mon Sep 01 09:28:54 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.70 2008/08/10 16:19:33 tron Exp $
+# $NetBSD: Makefile,v 1.71 2008/09/01 09:28:54 kefren Exp $
DISTNAME= mono-${MONO_VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= lang
MASTER_SITES= http://go-mono.com/sources/mono/
EXTRACT_SUFX= .tar.bz2
diff -r 9ef706f45c26 -r ecfe79e5a5b8 lang/mono/distinfo
--- a/lang/mono/distinfo Mon Sep 01 09:04:19 2008 +0000
+++ b/lang/mono/distinfo Mon Sep 01 09:28:54 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36 2008/08/09 19:57:51 kefren Exp $
+$NetBSD: distinfo,v 1.37 2008/09/01 09:28:54 kefren Exp $
SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7
RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0
@@ -33,3 +33,5 @@
SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961
SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be
SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68
+SHA1 (patch-cl) = 7678d74b5ee3c1d179b83d070f8e3855c2eb3c9a
+SHA1 (patch-cm) = 304168de1dc9e16b87264cb14af0c00a55b87f0e
diff -r 9ef706f45c26 -r ecfe79e5a5b8 lang/mono/patches/patch-cl
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cl Mon Sep 01 09:28:54 2008 +0000
@@ -0,0 +1,70 @@
+$NetBSD: patch-cl,v 1.1 2008/09/01 09:28:54 kefren Exp $
+--- mcs/class/System.Web/System.Web/HttpResponseHeader.cs 2008/08/21 16:19:17 111275
++++ mcs/class/System.Web/System.Web/HttpResponseHeader.cs 2008/08/21 16:51:54 111276
+@@ -30,17 +30,65 @@
+
+ using System.Collections;
+ using System.Text;
++using System.Web.Configuration;
+
+ namespace System.Web {
+
+ internal abstract class BaseResponseHeader {
+- public string Value;
++ string headerValue;
++
++ public string Value {
++ get { return headerValue; }
++ set { headerValue = EncodeHeader (value); }
++ }
+
++ static bool headerCheckingEnabled;
++
++ static BaseResponseHeader () {
++#if NET_2_0
++ HttpRuntimeSection section = WebConfigurationManager.GetSection ("system.web/httpRuntime") as HttpRuntimeSection;
++#else
++ HttpRuntimeConfig section = HttpContext.GetAppConfig ("system.web/httpRuntime") as HttpRuntimeConfig;
++#endif
++ headerCheckingEnabled = section == null || section.EnableHeaderChecking;
++ }
++
++
+ internal BaseResponseHeader (string val)
+ {
+ Value = val;
+ }
+
++ string EncodeHeader (string value)
++ {
++ if (value == null || value.Length == 0)
++ return value;
++
++ if (headerCheckingEnabled) {
++ StringBuilder ret = new StringBuilder ();
++ int len = value.Length;
++
++ for (int i = 0; i < len; i++) {
++ switch (value [i]) {
++ case '\r':
++ ret.Append ("%0d");
++ break;
++
++ case '\n':
++ ret.Append ("%0a");
++ break;
++
++ default:
++ ret.Append (value [i]);
++ break;
++ }
++ }
++
++ return ret.ToString ();
++ } else
++ return value;
++ }
++
+ internal abstract void SendContent (HttpWorkerRequest wr);
+ }
+
diff -r 9ef706f45c26 -r ecfe79e5a5b8 lang/mono/patches/patch-cm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cm Mon Sep 01 09:28:54 2008 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-cm,v 1.1 2008/09/01 09:28:54 kefren Exp $
+--- mcs/class/System.Web/System.Web.Configuration/HttpRuntimeConfig.cs 2008/08/21 16:19:17 111275
++++ mcs/class/System.Web/System.Web.Configuration/HttpRuntimeConfig.cs 2008/08/21 16:51:54 111276
+@@ -55,7 +55,8 @@
+ public int IdleTimeout = 20; // minutes
+ public bool Enable = true;
+ public string VersionHeader;
+-
++ public bool EnableHeaderChecking = true;
++
+ /* Only the config. handler should create instances of this. Use GetInstance (context) */
+ public HttpRuntimeConfig (object p)
+ {
+@@ -92,6 +93,7 @@
+ RequireRootSaveAsPath = parent.RequireRootSaveAsPath;
+ IdleTimeout = parent.IdleTimeout;
+ Enable = parent.Enable;
++ EnableHeaderChecking = parent.EnableHeaderChecking;
+ }
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index