summaryrefslogtreecommitdiff
path: root/lang
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2007-11-05 11:28:50 +0000
committerdrochner <drochner@pkgsrc.org>2007-11-05 11:28:50 +0000
commitae13fb82c8aa2ed31ccc7ac133b5c9ac97778502 (patch)
treea2c455c1879c7b5b5dfc58cc9e7b16aa10cef2ca /lang
parent91812f0d5f2bc8fe72fa91206cfeea140a78386c (diff)
downloadpkgsrc-ae13fb82c8aa2ed31ccc7ac133b5c9ac97778502.tar.gz
apply a patch from Debian for CVE-2007-5197:
Buffer overflow in the Mono.Math.BigInteger class in Mono allows context-dependent attackers to execute arbitrary code via unspecified vectors
Diffstat (limited to 'lang')
-rw-r--r--lang/mono/Makefile4
-rw-r--r--lang/mono/distinfo4
-rw-r--r--lang/mono/patches/patch-ca13
-rw-r--r--lang/mono/patches/patch-cb13
4 files changed, 31 insertions, 3 deletions
diff --git a/lang/mono/Makefile b/lang/mono/Makefile
index fae0ace3a50..56d22841d69 100644
--- a/lang/mono/Makefile
+++ b/lang/mono/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2007/08/13 16:41:34 taca Exp $
+# $NetBSD: Makefile,v 1.59 2007/11/05 11:28:50 drochner Exp $
DISTNAME= mono-1.1.13.8.1
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= lang
MASTER_SITES= http://go-mono.com/sources/mono-1.1/
diff --git a/lang/mono/distinfo b/lang/mono/distinfo
index 856e4a2d162..3c4cd962411 100644
--- a/lang/mono/distinfo
+++ b/lang/mono/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2007/08/13 16:41:34 taca Exp $
+$NetBSD: distinfo,v 1.31 2007/11/05 11:28:50 drochner Exp $
SHA1 (mono-1.1.13.8.1.tar.gz) = f2cb79844073694859b1fb92eb770e3705239a3d
RMD160 (mono-1.1.13.8.1.tar.gz) = a100a96b19300b253c12a2ad70caf65721418209
@@ -24,3 +24,5 @@ SHA1 (patch-bc) = bbf1a903cf7fee1dbd3a070b0ef0d5aecbdf67e2
SHA1 (patch-bd) = a52007ae22f8b23d20abf4a56e5b9d57ccd1fbbe
SHA1 (patch-be) = d7a6232690ecd15c32ed44dcc498e596c248f332
SHA1 (patch-bf) = cbe6c7a401a183eccc73ffb45120486c1cbc75b8
+SHA1 (patch-ca) = 46c16c507f0b1f127561f03d95711c91b6b26820
+SHA1 (patch-cb) = c99543e4a5d2c968871d51780500731e31d4ea36
diff --git a/lang/mono/patches/patch-ca b/lang/mono/patches/patch-ca
new file mode 100644
index 00000000000..d0f628ca580
--- /dev/null
+++ b/lang/mono/patches/patch-ca
@@ -0,0 +1,13 @@
+$NetBSD: patch-ca,v 1.1 2007/11/05 11:28:50 drochner Exp $
+
+--- mcs/class/Mono.Security/Mono.Math/BigInteger.cs.orig 2007-11-05 11:47:52.000000000 +0100
++++ mcs/class/Mono.Security/Mono.Math/BigInteger.cs
+@@ -1574,7 +1574,7 @@ namespace Mono.Math {
+ uint j = 1;
+
+ // Multiply and add
+- for (; j < m.length; j++) {
++ for (; j < m.length && j < A.length; j++) {
+ c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ *(aDP++) = (uint)c;
+ c >>= 32;
diff --git a/lang/mono/patches/patch-cb b/lang/mono/patches/patch-cb
new file mode 100644
index 00000000000..dffe458dfec
--- /dev/null
+++ b/lang/mono/patches/patch-cb
@@ -0,0 +1,13 @@
+$NetBSD: patch-cb,v 1.1 2007/11/05 11:28:51 drochner Exp $
+
+--- mcs/class/corlib/Mono.Math/BigInteger.cs.orig 2007-11-05 11:48:57.000000000 +0100
++++ mcs/class/corlib/Mono.Math/BigInteger.cs
+@@ -1574,7 +1574,7 @@ namespace Mono.Math {
+ uint j = 1;
+
+ // Multiply and add
+- for (; j < m.length; j++) {
++ for (; j < m.length && j < A.length; j++) {
+ c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ *(aDP++) = (uint)c;
+ c >>= 32;