diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2015-03-21 17:14:04 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2015-03-21 17:14:04 +0000 |
| commit | 1b03c07cc56ffafb178da516c93e269d1526bcfd (patch) | |
| tree | fed78eeeb6cc30d88c044c41ae2b352ba139dcde /devel | |
| parent | 0571b7c1fd3589e062a57637be0581fbf1c9a444 (diff) | |
| download | pkgsrc-1b03c07cc56ffafb178da516c93e269d1526bcfd.tar.gz | |
SECURITY: Apply patch for XSS in html::textarea as of
http://core.tcl.tk/tcllib/info/09110adc43.
Bump PKGREVISION.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/tcllib/Makefile | 3 | ||||
| -rw-r--r-- | devel/tcllib/distinfo | 3 | ||||
| -rw-r--r-- | devel/tcllib/patches/patch-modules_html_html.tcl | 16 |
3 files changed, 20 insertions, 2 deletions
diff --git a/devel/tcllib/Makefile b/devel/tcllib/Makefile index 6a96bda03d4..49629106802 100644 --- a/devel/tcllib/Makefile +++ b/devel/tcllib/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.13 2014/02/02 19:06:30 wiz Exp $ +# $NetBSD: Makefile,v 1.14 2015/03/21 17:14:04 bsiegert Exp $ DISTNAME= tcllib-1.15 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tcllib/} EXTRACT_SUFX= .tar.bz2 diff --git a/devel/tcllib/distinfo b/devel/tcllib/distinfo index be7bdfe0621..7e06a7528e0 100644 --- a/devel/tcllib/distinfo +++ b/devel/tcllib/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.5 2014/02/02 19:06:30 wiz Exp $ +$NetBSD: distinfo,v 1.6 2015/03/21 17:14:04 bsiegert Exp $ SHA1 (tcllib-1.15.tar.bz2) = 7130ee20c0fe7fc720288886b9ecb449899e0d6d RMD160 (tcllib-1.15.tar.bz2) = dcc5b8d180da1fc3ebc9d620a18c5cd063f33d32 Size (tcllib-1.15.tar.bz2) = 5030648 bytes +SHA1 (patch-modules_html_html.tcl) = dcd6b9c809990e429bb65084aee3a500af05e40d diff --git a/devel/tcllib/patches/patch-modules_html_html.tcl b/devel/tcllib/patches/patch-modules_html_html.tcl new file mode 100644 index 00000000000..bc585b21714 --- /dev/null +++ b/devel/tcllib/patches/patch-modules_html_html.tcl @@ -0,0 +1,16 @@ +$NetBSD: patch-modules_html_html.tcl,v 1.1 2015/03/21 17:14:04 bsiegert Exp $ + +html - Fixed XSS vulnerability of "textarea" command. Now properly quoting the input value. +http://core.tcl.tk/tcllib/info/09110adc43 + +--- modules/html/html.tcl.orig 2015-03-21 17:08:44.000000000 +0000 ++++ modules/html/html.tcl +@@ -912,7 +912,7 @@ proc ::html::selectPlain {name param cho + # The html fragment + + proc ::html::textarea {name {param {}} {current {}}} { +- ::set value [ncgi::value $name $current] ++ ::set value [quoteFormValue [ncgi::value $name $current]] + return "<[string trimright \ + "textarea name=\"$name\"\ + [tagParam textarea $param]"]>$value</textarea>\n" |