diff options
| author | tron <tron@pkgsrc.org> | 2008-09-04 21:37:19 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2008-09-04 21:37:19 +0000 |
| commit | 4339c01c2f47aabb72a54c0f3ac407b223c442d2 (patch) | |
| tree | 645afaa40a082326f05fe28d9d8fff6c6339772f | |
| parent | 8450e94457827a40502c64ea28829e4780cf3739 (diff) | |
| download | pkgsrc-4339c01c2f47aabb72a54c0f3ac407b223c442d2.tar.gz | |
Pullup ticket #2516 - requested by kefren
mono: security patch
Revisions pulled up:
- lang/mono/Makefile 1.70-1.71
- lang/mono/PLIST 1.25
- lang/mono/distinfo 1.37
- lang/mono/patches/patch-cl 1.1
- lang/mono/patches/patch-cm 1.1
---
Module Name: pkgsrc
Committed By: tron
Date: Sun Aug 10 16:19:33 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile PLIST
Log Message:
Remove directory "include/mono-1.0/mono" on deinstallation.
Bump package revision because of a package list fix.
---
Module Name: pkgsrc
Committed By: kefren
Date: Mon Sep 1 09:28:54 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cl patch-cm
Log Message:
Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
"HTTP header injection" attacks
| -rw-r--r-- | lang/mono/Makefile | 4 | ||||
| -rw-r--r-- | lang/mono/PLIST | 3 | ||||
| -rw-r--r-- | lang/mono/distinfo | 4 | ||||
| -rw-r--r-- | lang/mono/patches/patch-cl | 70 | ||||
| -rw-r--r-- | lang/mono/patches/patch-cm | 21 |
5 files changed, 98 insertions, 4 deletions
diff --git a/lang/mono/Makefile b/lang/mono/Makefile index 1d4d5f5419a..9e203cebedd 100644 --- a/lang/mono/Makefile +++ b/lang/mono/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.67.4.1 2008/08/10 15:27:26 tron Exp $ +# $NetBSD: Makefile,v 1.67.4.2 2008/09/04 21:37:19 tron Exp $ DISTNAME= mono-${MONO_VERSION} -PKGREVISION= 2 +PKGREVISION= 4 CATEGORIES= lang MASTER_SITES= http://go-mono.com/sources/mono/ EXTRACT_SUFX= .tar.bz2 diff --git a/lang/mono/PLIST b/lang/mono/PLIST index 930986dcd4c..1cdadde7d4c 100644 --- a/lang/mono/PLIST +++ b/lang/mono/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.24 2008/04/19 18:42:10 kefren Exp $ +@comment $NetBSD: PLIST,v 1.24.4.1 2008/09/04 21:37:19 tron Exp $ bin/al bin/al2 bin/caspol @@ -967,4 +967,5 @@ share/mono-1.0/mono/cil/cil-opcodes.xml @dirrm include/mono-1.0/mono/io-layer @dirrm include/mono-1.0/mono/interpreter @dirrm include/mono-1.0/mono/cil +@dirrm include/mono-1.0/mono @dirrm include/mono-1.0 diff --git a/lang/mono/distinfo b/lang/mono/distinfo index 1e619a42a0e..df525a49ebb 100644 --- a/lang/mono/distinfo +++ b/lang/mono/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.35.4.1 2008/08/10 15:27:26 tron Exp $ +$NetBSD: distinfo,v 1.35.4.2 2008/09/04 21:37:19 tron Exp $ SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7 RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0 @@ -33,3 +33,5 @@ SHA1 (patch-ch) = ac6f50457ac38d922394b47d6e8bd2595991fcaa SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961 SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68 +SHA1 (patch-cl) = 7678d74b5ee3c1d179b83d070f8e3855c2eb3c9a +SHA1 (patch-cm) = 304168de1dc9e16b87264cb14af0c00a55b87f0e diff --git a/lang/mono/patches/patch-cl b/lang/mono/patches/patch-cl new file mode 100644 index 00000000000..e0d02a0d055 --- /dev/null +++ b/lang/mono/patches/patch-cl @@ -0,0 +1,70 @@ +$NetBSD: patch-cl,v 1.1.2.2 2008/09/04 21:37:19 tron Exp $ +--- mcs/class/System.Web/System.Web/HttpResponseHeader.cs 2008/08/21 16:19:17 111275 ++++ mcs/class/System.Web/System.Web/HttpResponseHeader.cs 2008/08/21 16:51:54 111276 +@@ -30,17 +30,65 @@ + + using System.Collections; + using System.Text; ++using System.Web.Configuration; + + namespace System.Web { + + internal abstract class BaseResponseHeader { +- public string Value; ++ string headerValue; ++ ++ public string Value { ++ get { return headerValue; } ++ set { headerValue = EncodeHeader (value); } ++ } + ++ static bool headerCheckingEnabled; ++ ++ static BaseResponseHeader () { ++#if NET_2_0 ++ HttpRuntimeSection section = WebConfigurationManager.GetSection ("system.web/httpRuntime") as HttpRuntimeSection; ++#else ++ HttpRuntimeConfig section = HttpContext.GetAppConfig ("system.web/httpRuntime") as HttpRuntimeConfig; ++#endif ++ headerCheckingEnabled = section == null || section.EnableHeaderChecking; ++ } ++ ++ + internal BaseResponseHeader (string val) + { + Value = val; + } + ++ string EncodeHeader (string value) ++ { ++ if (value == null || value.Length == 0) ++ return value; ++ ++ if (headerCheckingEnabled) { ++ StringBuilder ret = new StringBuilder (); ++ int len = value.Length; ++ ++ for (int i = 0; i < len; i++) { ++ switch (value [i]) { ++ case '\r': ++ ret.Append ("%0d"); ++ break; ++ ++ case '\n': ++ ret.Append ("%0a"); ++ break; ++ ++ default: ++ ret.Append (value [i]); ++ break; ++ } ++ } ++ ++ return ret.ToString (); ++ } else ++ return value; ++ } ++ + internal abstract void SendContent (HttpWorkerRequest wr); + } + diff --git a/lang/mono/patches/patch-cm b/lang/mono/patches/patch-cm new file mode 100644 index 00000000000..f46cd633065 --- /dev/null +++ b/lang/mono/patches/patch-cm @@ -0,0 +1,21 @@ +$NetBSD: patch-cm,v 1.1.2.2 2008/09/04 21:37:19 tron Exp $ +--- mcs/class/System.Web/System.Web.Configuration/HttpRuntimeConfig.cs 2008/08/21 16:19:17 111275 ++++ mcs/class/System.Web/System.Web.Configuration/HttpRuntimeConfig.cs 2008/08/21 16:51:54 111276 +@@ -55,7 +55,8 @@ + public int IdleTimeout = 20; // minutes + public bool Enable = true; + public string VersionHeader; +- ++ public bool EnableHeaderChecking = true; ++ + /* Only the config. handler should create instances of this. Use GetInstance (context) */ + public HttpRuntimeConfig (object p) + { +@@ -92,6 +93,7 @@ + RequireRootSaveAsPath = parent.RequireRootSaveAsPath; + IdleTimeout = parent.IdleTimeout; + Enable = parent.Enable; ++ EnableHeaderChecking = parent.EnableHeaderChecking; + } + } + } |