diff options
author | hiramatsu <hiramatsu@pkgsrc.org> | 2015-04-01 03:31:54 +0000 |
---|---|---|
committer | hiramatsu <hiramatsu@pkgsrc.org> | 2015-04-01 03:31:54 +0000 |
commit | a8301ee57b2dc3b4dd4dae59d4639428aca256cb (patch) | |
tree | 8267d3eca0cd22fcbdbadb114e0d9b87dcbf5b02 | |
parent | 17980ee3952134ec844d202a46a276d5eb2fc691 (diff) | |
download | pkgsrc-a8301ee57b2dc3b4dd4dae59d4639428aca256cb.tar.gz |
Pullup ticket #4646 - requested by bsiegert
devel/tcllib: security update
Revisions pulled up:
- devel/tcllib/Makefile 1.14
- devel/tcllib/distinfo 1.6
- devel/tcllib/patches/patch-modules_html_html.tcl 1.1
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Mar 21 17:14:04 UTC 2015
Modified Files:
pkgsrc/devel/tcllib: Makefile distinfo
Added Files:
pkgsrc/devel/tcllib/patches: patch-modules_html_html.tcl
Log Message:
SECURITY: Apply patch for XSS in html::textarea as of
http://core.tcl.tk/tcllib/info/09110adc43.
Bump PKGREVISION.
-rw-r--r-- | devel/tcllib/Makefile | 3 | ||||
-rw-r--r-- | devel/tcllib/distinfo | 3 | ||||
-rw-r--r-- | devel/tcllib/patches/patch-modules_html_html.tcl | 16 |
3 files changed, 20 insertions, 2 deletions
diff --git a/devel/tcllib/Makefile b/devel/tcllib/Makefile index 6a96bda03d4..785e83a7f54 100644 --- a/devel/tcllib/Makefile +++ b/devel/tcllib/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.13 2014/02/02 19:06:30 wiz Exp $ +# $NetBSD: Makefile,v 1.13.8.1 2015/04/01 03:31:54 hiramatsu Exp $ DISTNAME= tcllib-1.15 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tcllib/} EXTRACT_SUFX= .tar.bz2 diff --git a/devel/tcllib/distinfo b/devel/tcllib/distinfo index be7bdfe0621..197cce4ffdd 100644 --- a/devel/tcllib/distinfo +++ b/devel/tcllib/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.5 2014/02/02 19:06:30 wiz Exp $ +$NetBSD: distinfo,v 1.5.8.1 2015/04/01 03:31:54 hiramatsu Exp $ SHA1 (tcllib-1.15.tar.bz2) = 7130ee20c0fe7fc720288886b9ecb449899e0d6d RMD160 (tcllib-1.15.tar.bz2) = dcc5b8d180da1fc3ebc9d620a18c5cd063f33d32 Size (tcllib-1.15.tar.bz2) = 5030648 bytes +SHA1 (patch-modules_html_html.tcl) = dcd6b9c809990e429bb65084aee3a500af05e40d diff --git a/devel/tcllib/patches/patch-modules_html_html.tcl b/devel/tcllib/patches/patch-modules_html_html.tcl new file mode 100644 index 00000000000..d86f52ce449 --- /dev/null +++ b/devel/tcllib/patches/patch-modules_html_html.tcl @@ -0,0 +1,16 @@ +$NetBSD: patch-modules_html_html.tcl,v 1.1.2.2 2015/04/01 03:31:54 hiramatsu Exp $ + +html - Fixed XSS vulnerability of "textarea" command. Now properly quoting the input value. +http://core.tcl.tk/tcllib/info/09110adc43 + +--- modules/html/html.tcl.orig 2015-03-21 17:08:44.000000000 +0000 ++++ modules/html/html.tcl +@@ -912,7 +912,7 @@ proc ::html::selectPlain {name param cho + # The html fragment + + proc ::html::textarea {name {param {}} {current {}}} { +- ::set value [ncgi::value $name $current] ++ ::set value [quoteFormValue [ncgi::value $name $current]] + return "<[string trimright \ + "textarea name=\"$name\"\ + [tagParam textarea $param]"]>$value</textarea>\n" |