pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/lang/mono Pullup ticket 2478 - requested by ke...
details: https://anonhg.NetBSD.org/pkgsrc/rev/2635c6032431
branches: pkgsrc-2008Q2
changeset: 544231:2635c6032431
user: tron <tron%pkgsrc.org@localhost>
date: Sun Aug 10 15:27:26 2008 +0000
description:
Pullup ticket 2478 - requested by kefren
Security patch for mono
Revisions pulled up:
- lang/mono/Makefile 1.69
- lang/mono/distinfo 1.36
- lang/mono/patches/patch-cf 1.1
- lang/mono/patches/patch-cg 1.1
- lang/mono/patches/patch-ch 1.1
- lang/mono/patches/patch-ci 1.1
- lang/mono/patches/patch-cj 1.1
- lang/mono/patches/patch-ck 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Sat Aug 9 19:57:51 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cf patch-cg patch-ch patch-ci patch-cj
patch-ck
Log Message:
fix an cross site scripting vulnerability
bump PKGREVISION
diffstat:
lang/mono/Makefile | 4 ++--
lang/mono/distinfo | 8 +++++++-
lang/mono/patches/patch-cf | 14 ++++++++++++++
lang/mono/patches/patch-cg | 12 ++++++++++++
lang/mono/patches/patch-ch | 12 ++++++++++++
lang/mono/patches/patch-ci | 12 ++++++++++++
lang/mono/patches/patch-cj | 12 ++++++++++++
lang/mono/patches/patch-ck | 12 ++++++++++++
8 files changed, 83 insertions(+), 3 deletions(-)
diffs (130 lines):
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/Makefile
--- a/lang/mono/Makefile Sun Aug 10 13:07:39 2008 +0000
+++ b/lang/mono/Makefile Sun Aug 10 15:27:26 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.67 2008/05/30 11:07:22 tnn Exp $
+# $NetBSD: Makefile,v 1.67.4.1 2008/08/10 15:27:26 tron Exp $
DISTNAME= mono-${MONO_VERSION}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= lang
MASTER_SITES= http://go-mono.com/sources/mono/
EXTRACT_SUFX= .tar.bz2
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/distinfo
--- a/lang/mono/distinfo Sun Aug 10 13:07:39 2008 +0000
+++ b/lang/mono/distinfo Sun Aug 10 15:27:26 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2008/04/25 11:23:26 kefren Exp $
+$NetBSD: distinfo,v 1.35.4.1 2008/08/10 15:27:26 tron Exp $
SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7
RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0
@@ -27,3 +27,9 @@
SHA1 (patch-cc) = ee2b28f90034d17330910af2f6c47524a3d6d557
SHA1 (patch-cd) = dc2afe3992c50b4201af628e12fc269d8bf893a6
SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0
+SHA1 (patch-cf) = 5f896a60fe1056c34237c38fb25f6dea3b5939e5
+SHA1 (patch-cg) = eb28f024bae68028fd3d047794974d04b9a59783
+SHA1 (patch-ch) = ac6f50457ac38d922394b47d6e8bd2595991fcaa
+SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961
+SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be
+SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/patches/patch-cf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cf Sun Aug 10 15:27:26 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-cf,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog.orig 2008-02-06 22:38:44.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog 2008-08-09 22:23:02.000000000 +0300
+@@ -1,3 +1,10 @@
++2008-07-25 Dean Brettle <dean%brettle.com@localhost>
++
++ * HtmlControl.cs (PreProcessRelativeReference),
++ HtmlForm.cs (RenderAttributes), HtmlInputButton (RenderAttributes),
++ HtmlInputRadioButton (RenderAttributes), HtmlSelect (RenderChildren):
++ Encode attributes that could contain HTML special chars.
++
+ 2008-02-06 Marek Habersack <mhabersack%novell.com@localhost>
+
+ * HtmlMeta.cs: render XHTML compliant tag if not in the Legacy
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/patches/patch-cg
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cg Sun Aug 10 15:27:26 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-cg,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs.orig 2007-11-09 00:10:32.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs 2008-08-09 22:23:02.000000000 +0300
+@@ -90,7 +90,7 @@
+ catch (Exception) {
+ throw new HttpException(attribName + " property had malformed url");
+ }
+- writer.WriteAttribute(attribName, attr);
++ writer.WriteAttribute(attribName, attr, true);
+ Attributes.Remove(attribName);
+ }
+ }
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/patches/patch-ch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-ch Sun Aug 10 15:27:26 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ch,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs.orig 2008-01-30 00:04:11.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs 2008-08-09 22:23:02.000000000 +0300
+@@ -276,7 +276,7 @@
+ w.WriteAttribute ("name", Name);
+
+ w.WriteAttribute ("method", Method);
+- w.WriteAttribute ("action", action);
++ w.WriteAttribute ("action", action, true);
+
+ /*
+ * This is a hack that guarantees the ID is set properly for HtmlControl to
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/patches/patch-ci
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-ci Sun Aug 10 15:27:26 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ci,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs.orig 2007-11-09 00:10:32.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs 2008-08-09 22:23:02.000000000 +0300
+@@ -302,7 +302,7 @@
+
+ if (oc != null) {
+ writer.WriteAttribute ("language", "javascript");
+- writer.WriteAttribute ("onclick", oc);
++ writer.WriteAttribute ("onclick", oc, true);
+ }
+ }
+ #endif
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/patches/patch-cj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-cj Sun Aug 10 15:27:26 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-cj,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs.orig 2007-11-09 00:10:32.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs 2008-08-09 22:23:02.000000000 +0300
+@@ -126,7 +126,7 @@
+ if (Page != null)
+ Page.ClientScript.RegisterForEventValidation (this.UniqueID, Value);
+ #endif
+- writer.WriteAttribute ("value", Value);
++ writer.WriteAttribute ("value", Value, true);
+ Attributes.Remove ("value");
+ base.RenderAttributes (writer);
+ }
diff -r bd317a49ac7d -r 2635c6032431 lang/mono/patches/patch-ck
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/mono/patches/patch-ck Sun Aug 10 15:27:26 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ck,v 1.1.2.2 2008/08/10 15:27:26 tron Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs.orig 2008-01-30 00:04:11.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs 2008-08-09 22:23:02.000000000 +0300
+@@ -693,7 +693,7 @@
+ }
+ }
+
+- w.WriteAttribute ("value", item.Value);
++ w.WriteAttribute ("value", item.Value, true);
+ w.Write (HtmlTextWriter.TagRightChar);
+
+ w.Write (item.Text);
Home |
Main Index |
Thread Index |
Old Index