add patches for CVE-2012-3543 and CVE-2012-3382 from upstream

7 files changed, 241 insertions, 3 deletions

diff --git a/lang/mono2/Makefile b/lang/mono2/Makefile
index 55e78fda783..40b0b018b2b 100644
--- a/lang/mono2/Makefile
+++ b/lang/mono2/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2014/10/07 16:47:12 adam Exp $
+# $NetBSD: Makefile,v 1.15 2014/11/30 21:51:44 spz Exp $
 
 DISTNAME=	mono-2.10.9
-PKGREVISION=	10
+PKGREVISION=	11
 CATEGORIES=	lang
 MASTER_SITES=	http://download.mono-project.com/sources/mono/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/lang/mono2/distinfo b/lang/mono2/distinfo
index baa3584353b..d2f196a9d79 100644
--- a/lang/mono2/distinfo
+++ b/lang/mono2/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.5 2014/06/10 19:25:58 wiz Exp $
+$NetBSD: distinfo,v 1.6 2014/11/30 21:51:44 spz Exp $
 
 SHA1 (mono-2.10.9.tar.bz2) = 1a6e8c5a0c3d88d87982259aa04402e028a283de
 RMD160 (mono-2.10.9.tar.bz2) = ac9784c413eb2cdb490750a86a96cce5c11ad5bd
 Size (mono-2.10.9.tar.bz2) = 34038017 bytes
+SHA1 (patch-CVE-2012-3382) = f2c35a69c6c4db2ca3576fdc10ce5465f081b686
 SHA1 (patch-aa) = f3c88247c143cba6d0475f1dabb653adbc841bdb
 SHA1 (patch-ab) = 10eb6f4453c626f0bedce4b0ce6519ba6aea4d5f
 SHA1 (patch-ac) = 78f3b0786480e066959cc191e3f45d3f773220e2
@@ -43,5 +44,9 @@ SHA1 (patch-dm) = bac9172f419630f817702e15dd3761cb4f60e0a0
 SHA1 (patch-dn) = 9a55bd9c492b64ec9feadb45419b4bec37900b89
 SHA1 (patch-do) = 6ccd5598198fc04e638ec5bc5e03c92e16206c92
 SHA1 (patch-man_mprof-report.1) = e175943bc63780d907b4ceab08e7f9ad6a1a7ac8
+SHA1 (patch-mcs_class_System.Web_System.Web.UI_Page.cs) = 986874319e849b93a2c89b7eb360e53f18fa7ca4
+SHA1 (patch-mcs_class_System.Web_System.Web.Util_SecureHashCodeProvider.cs) = d82d9737efb07a8095acc5bf78d9cc522d24632d
+SHA1 (patch-mcs_class_System.Web_System.Web.dll.sources) = 751139d6dc4bf8f2cda767e8e6d8a3ed2dd2ecd8
+SHA1 (patch-mcs_class_System.Web_System.Web_WebROCollection.cs) = ff95c3898df3aa4809d1222c29f9bf81e87e9af1
 SHA1 (patch-mono_profiler_proflog.c) = 2f7826873ab7fdb858db3d39606028ee87a34a46
 SHA1 (patch-mono_utils_mono-compiler.h) = 0dce7994bdb350f7080464f416b725cbe3e7e293
diff --git a/lang/mono2/patches/patch-CVE-2012-3382 b/lang/mono2/patches/patch-CVE-2012-3382
new file mode 100644
index 00000000000..97207d532c3
--- /dev/null
+++ b/lang/mono2/patches/patch-CVE-2012-3382
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2012-3382,v 1.1 2014/11/30 21:51:44 spz Exp $
+
+fix CVE-2012-3382 with upstream patch:
+https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
+
+--- mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig	2011-11-15 17:22:42.000000000 +0000
++++ mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
+@@ -42,7 +42,7 @@ namespace System.Web
+ 				
+ 			throw new HttpException (403,
+ 						 "This type of page is not served.",
+-						 req != null ? req.Path : null,
++						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
+ 						 description);
+ 		}
+ 
diff --git a/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.UI_Page.cs b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.UI_Page.cs
new file mode 100644
index 00000000000..825df609ada
--- /dev/null
+++ b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.UI_Page.cs
@@ -0,0 +1,25 @@
+$NetBSD: patch-mcs_class_System.Web_System.Web.UI_Page.cs,v 1.1 2014/11/30 21:51:44 spz Exp $
+
+patch 4 for CVE-2012-3543 from
+https://github.com/mono/mono/commit/c3e088bf2fc22d66d0f17b74676de366f661c3eb
+
+--- mcs/class/System.Web/System.Web.UI/Page.cs.orig	2011-11-15 17:22:42.000000000 +0000
++++ mcs/class/System.Web/System.Web.UI/Page.cs
+@@ -1175,7 +1175,7 @@ public partial class Page : TemplateCont
+ 
+ 	void ProcessPostData (NameValueCollection data, bool second)
+ 	{
+-		NameValueCollection requestValues = _requestValueCollection == null ? new NameValueCollection () : _requestValueCollection;
++		NameValueCollection requestValues = _requestValueCollection == null ? new NameValueCollection (SecureHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant) : _requestValueCollection;
+ 		
+ 		if (data != null && data.Count > 0) {
+ 			var used = new Dictionary <string, string> (StringComparer.Ordinal);
+@@ -1210,7 +1210,7 @@ public partial class Page : TemplateCont
+ 
+ 				} else if (!second) {
+ 					if (secondPostData == null)
+-						secondPostData = new NameValueCollection ();
++						secondPostData = new NameValueCollection (SecureHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant);
+ 					secondPostData.Add (id, data [id]);
+ 				}
+ 			}
diff --git a/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.Util_SecureHashCodeProvider.cs b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.Util_SecureHashCodeProvider.cs
new file mode 100644
index 00000000000..71b889515f3
--- /dev/null
+++ b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.Util_SecureHashCodeProvider.cs
@@ -0,0 +1,140 @@
+$NetBSD: patch-mcs_class_System.Web_System.Web.Util_SecureHashCodeProvider.cs,v 1.1 2014/11/30 21:51:44 spz Exp $
+
+patch for CVE-2012-3543 taken from
+https://github.com/mono/mono/commit/2ab1a051058fee5ea3aec2e071fba7000b693488
+part 1
+
+--- mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs.orig	2014-11-29 12:16:37.000000000 +0000
++++ mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs
+@@ -0,0 +1,131 @@
++//
++// System.Collections.SecureHashCodeProvider.cs
++//
++// Authors:
++// Sergey Chaban (serge@wildwestsoftware.com)
++// Andreas Nahr (ClassDevelopment@A-SoftTech.com)
++// Sebastien Pouliot <sebastien@ximian.com>
++//
++// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
++// Copyright 2012 Xamarin, Inc (http://xamarin.com)
++//
++// Permission is hereby granted, free of charge, to any person obtaining
++// a copy of this software and associated documentation files (the
++// "Software"), to deal in the Software without restriction, including
++// without limitation the rights to use, copy, modify, merge, publish,
++// distribute, sublicense, and/or sell copies of the Software, and to
++// permit persons to whom the Software is furnished to do so, subject to
++// the following conditions:
++//
++// The above copyright notice and this permission notice shall be
++// included in all copies or substantial portions of the Software.
++//
++// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
++// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
++// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
++// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
++//
++using System;
++using System.Collections;
++using System.Globalization;
++
++namespace System.Web.Util
++{
++	class SecureHashCodeProvider : IHashCodeProvider
++	{
++		static readonly SecureHashCodeProvider singletonInvariant = new SecureHashCodeProvider (CultureInfo.InvariantCulture);
++		static SecureHashCodeProvider singleton;
++		static readonly object sync = new object ();
++		static readonly int seed;
++
++		TextInfo m_text; // must match MS name for serialization
++
++		public static SecureHashCodeProvider Default {
++			get {
++				lock (sync) {
++					if (singleton == null) {
++						singleton = new SecureHashCodeProvider ();
++					} else if (singleton.m_text == null) {
++						if (!AreEqual (CultureInfo.CurrentCulture, CultureInfo.InvariantCulture))
++							singleton = new SecureHashCodeProvider ();
++					} else if (!AreEqual (singleton.m_text, CultureInfo.CurrentCulture)) {
++						singleton = new SecureHashCodeProvider ();
++					}
++					return singleton;
++				}
++			}
++		}
++
++		public static SecureHashCodeProvider DefaultInvariant {
++			get { return singletonInvariant; }
++		}
++
++		static SecureHashCodeProvider ()
++		{
++			// It should be enough to fend off the attack described in
++			// https://bugzilla.novell.com/show_bug.cgi?id=739119
++			// In order to predict value of the seed, the attacker would have to know the exact time when
++			// the server process started and since it's a remote attack, this is next to impossible.
++			// Using milliseconds instead of ticks here would make it easier for the attackers since there
++			// would only be as many as 1000 possible values
++			seed = (int)DateTime.UtcNow.Ticks;
++		}
++
++		// Public instance constructor
++		public SecureHashCodeProvider ()
++		{
++			CultureInfo culture = CultureInfo.CurrentCulture;
++			if (!AreEqual (culture, CultureInfo.InvariantCulture))
++				m_text = CultureInfo.CurrentCulture.TextInfo;
++		}
++
++		public SecureHashCodeProvider (CultureInfo culture)
++		{
++			if (culture == null)
++				throw new ArgumentNullException ("culture");
++			if (!AreEqual (culture, CultureInfo.InvariantCulture))
++				m_text = culture.TextInfo;
++		}
++
++		static bool AreEqual (CultureInfo a, CultureInfo b)
++		{
++			return a.LCID == b.LCID;
++		}
++
++		static bool AreEqual (TextInfo info, CultureInfo culture)
++		{
++			return info.LCID == culture.LCID;
++		}
++
++		public int GetHashCode (object obj)
++		{
++			if (obj == null)
++				throw new ArgumentNullException ("obj");
++
++			string str = obj as string;
++
++			if (str == null)
++				return obj.GetHashCode ();
++
++			int h = seed;
++			char c;
++
++			if ((m_text != null) && !AreEqual (m_text, CultureInfo.InvariantCulture)) {
++				str = m_text.ToLower (str);
++				for (int i = 0; i < str.Length; i++) {
++					c = str [i];
++					h = h * 31 + c;
++				}
++			} else {
++				for (int i = 0; i < str.Length; i++) {
++					c = Char.ToLower (str [i], CultureInfo.InvariantCulture);
++					h = h * 31 + c;
++				}
++			}
++			return h;
++		}
++	}
++}
diff --git a/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.dll.sources b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.dll.sources
new file mode 100644
index 00000000000..a90e9791f90
--- /dev/null
+++ b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web.dll.sources
@@ -0,0 +1,16 @@
+$NetBSD: patch-mcs_class_System.Web_System.Web.dll.sources,v 1.1 2014/11/30 21:51:44 spz Exp $
+
+patch for CVE-2012-3543 taken from
+https://github.com/mono/mono/commit/2ab1a051058fee5ea3aec2e071fba7000b693488
+part 2
+
+--- mcs/class/System.Web/System.Web.dll.sources.orig	2012-01-30 18:01:22.000000000 +0000
++++ mcs/class/System.Web/System.Web.dll.sources
+@@ -1174,6 +1174,7 @@ System.Web.Util/IWebPropertyAccessor.cs
+ System.Web.Util/MachineKeySectionUtils.cs
+ System.Web.Util/RuntimeHelpers.cs
+ System.Web.Util/SearchPattern.cs
++System.Web.Util/SecureHashCodeProvider.cs
+ System.Web.Util/SerializationHelper.cs
+ System.Web.Util/StrUtils.cs
+ System.Web.Util/TimeUtil.cs
diff --git a/lang/mono2/patches/patch-mcs_class_System.Web_System.Web_WebROCollection.cs b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web_WebROCollection.cs
new file mode 100644
index 00000000000..53151f7e903
--- /dev/null
+++ b/lang/mono2/patches/patch-mcs_class_System.Web_System.Web_WebROCollection.cs
@@ -0,0 +1,36 @@
+$NetBSD: patch-mcs_class_System.Web_System.Web_WebROCollection.cs,v 1.1 2014/11/30 21:51:44 spz Exp $
+
+patch for CVE-2012-3543 from
+https://github.com/mono/mono/commit/c3e088bf2fc22d66d0f17b74676de366f661c3eb
+part 3
+
+--- mcs/class/System.Web/System.Web/WebROCollection.cs.orig	2011-11-15 17:22:42.000000000 +0000
++++ mcs/class/System.Web/System.Web/WebROCollection.cs
+@@ -5,6 +5,7 @@
+ //   	Gonzalo Paniagua Javier (gonzalo@novell.com)
+ //
+ // (c) 2005-2009 Novell, Inc. (http://www.novell.com)
++// Copyright 2012 Xamarin, Inc (http://xamarin.com)
+ //
+ //
+ // Permission is hereby granted, free of charge, to any person obtaining
+@@ -26,8 +27,10 @@
+ // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ //
++using System.Collections;
+ using System.Collections.Specialized;
+ using System.Text;
++using System.Web.Util;
+ 
+ namespace System.Web
+ {
+@@ -36,7 +39,7 @@ namespace System.Web
+ 		bool got_id;
+ 		int id;
+ 
+-		public WebROCollection () : base (StringComparer.OrdinalIgnoreCase) { }
++		public WebROCollection () : base (SecureHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant) { }
+ 		public bool GotID {
+ 			get { return got_id; }
+ 		}