fix an cross site scripting vulnerability

bump PKGREVISION

8 files changed, 83 insertions, 3 deletions

diff --git a/lang/mono/Makefile b/lang/mono/Makefile
index 79f596b3e1e..c48a3904aa4 100644
--- a/lang/mono/Makefile
+++ b/lang/mono/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.68 2008/07/14 12:56:07 joerg Exp $
+# $NetBSD: Makefile,v 1.69 2008/08/09 19:57:51 kefren Exp $
 
 DISTNAME=	mono-${MONO_VERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	lang
 MASTER_SITES=	http://go-mono.com/sources/mono/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/lang/mono/distinfo b/lang/mono/distinfo
index 015d33f62aa..053a57a928c 100644
--- a/lang/mono/distinfo
+++ b/lang/mono/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2008/04/25 11:23:26 kefren Exp $
+$NetBSD: distinfo,v 1.36 2008/08/09 19:57:51 kefren Exp $
 
 SHA1 (mono-1.9.1.tar.bz2) = a6229bb625dcdbcc992aef3f8049bf1b27205db7
 RMD160 (mono-1.9.1.tar.bz2) = 32659841ef5de912b8064f7b1f0452304ffd35d0
@@ -27,3 +27,9 @@ SHA1 (patch-cb) = eaf041b83af24afc4d82d5088a01f98810a1de69
 SHA1 (patch-cc) = ee2b28f90034d17330910af2f6c47524a3d6d557
 SHA1 (patch-cd) = dc2afe3992c50b4201af628e12fc269d8bf893a6
 SHA1 (patch-ce) = ba1ae96ab63fe798ce781f0def5fe026d1776df0
+SHA1 (patch-cf) = 5f896a60fe1056c34237c38fb25f6dea3b5939e5
+SHA1 (patch-cg) = eb28f024bae68028fd3d047794974d04b9a59783
+SHA1 (patch-ch) = ac6f50457ac38d922394b47d6e8bd2595991fcaa
+SHA1 (patch-ci) = 3f2a817ac3bfab939d62c1053790e0c3d4a8c961
+SHA1 (patch-cj) = 0cd0f67ba1443ee1f9c55ed930208304c1dae0be
+SHA1 (patch-ck) = 31979c8d8136e3530590dd4f1118189fbbcdad68
diff --git a/lang/mono/patches/patch-cf b/lang/mono/patches/patch-cf
new file mode 100644
index 00000000000..18576f56bb9
--- /dev/null
+++ b/lang/mono/patches/patch-cf
@@ -0,0 +1,14 @@
+$NetBSD: patch-cf,v 1.1 2008/08/09 19:57:51 kefren Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog.orig	2008-02-06 22:38:44.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/ChangeLog	2008-08-09 22:23:02.000000000 +0300
+@@ -1,3 +1,10 @@
++2008-07-25  Dean Brettle <dean@brettle.com>
++
++	* HtmlControl.cs (PreProcessRelativeReference), 
++	HtmlForm.cs (RenderAttributes), HtmlInputButton (RenderAttributes),
++	HtmlInputRadioButton (RenderAttributes), HtmlSelect (RenderChildren):
++	Encode attributes that could contain HTML special chars.
++
+ 2008-02-06  Marek Habersack  <mhabersack@novell.com>
+ 
+ 	* HtmlMeta.cs: render XHTML compliant tag if not in the Legacy
diff --git a/lang/mono/patches/patch-cg b/lang/mono/patches/patch-cg
new file mode 100644
index 00000000000..d33b28927e8
--- /dev/null
+++ b/lang/mono/patches/patch-cg
@@ -0,0 +1,12 @@
+$NetBSD: patch-cg,v 1.1 2008/08/09 19:57:51 kefren Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs.orig	2007-11-09 00:10:32.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlControl.cs	2008-08-09 22:23:02.000000000 +0300
+@@ -90,7 +90,7 @@
+ 					catch (Exception) {
+ 						throw new HttpException(attribName + " property had malformed url");
+ 					}
+-					writer.WriteAttribute(attribName, attr);
++					writer.WriteAttribute(attribName, attr, true);
+ 					Attributes.Remove(attribName);
+ 				}
+ 			}
diff --git a/lang/mono/patches/patch-ch b/lang/mono/patches/patch-ch
new file mode 100644
index 00000000000..b7be4e73fee
--- /dev/null
+++ b/lang/mono/patches/patch-ch
@@ -0,0 +1,12 @@
+$NetBSD: patch-ch,v 1.1 2008/08/09 19:57:51 kefren Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs.orig	2008-01-30 00:04:11.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlForm.cs	2008-08-09 22:23:02.000000000 +0300
+@@ -276,7 +276,7 @@
+ 				w.WriteAttribute ("name", Name);
+ 
+ 			w.WriteAttribute ("method", Method);
+-			w.WriteAttribute ("action", action);
++			w.WriteAttribute ("action", action, true);
+ 
+ 			/*
+ 			 * This is a hack that guarantees the ID is set properly for HtmlControl to
diff --git a/lang/mono/patches/patch-ci b/lang/mono/patches/patch-ci
new file mode 100644
index 00000000000..6470de3091d
--- /dev/null
+++ b/lang/mono/patches/patch-ci
@@ -0,0 +1,12 @@
+$NetBSD: patch-ci,v 1.1 2008/08/09 19:57:51 kefren Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs.orig	2007-11-09 00:10:32.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputButton.cs	2008-08-09 22:23:02.000000000 +0300
+@@ -302,7 +302,7 @@
+ 				
+ 				if (oc != null) {
+ 					writer.WriteAttribute ("language", "javascript");
+-					writer.WriteAttribute ("onclick", oc);
++					writer.WriteAttribute ("onclick", oc, true);
+ 				}
+ 			}
+ #endif
diff --git a/lang/mono/patches/patch-cj b/lang/mono/patches/patch-cj
new file mode 100644
index 00000000000..ab1c7c11ea9
--- /dev/null
+++ b/lang/mono/patches/patch-cj
@@ -0,0 +1,12 @@
+$NetBSD: patch-cj,v 1.1 2008/08/09 19:57:51 kefren Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs.orig	2007-11-09 00:10:32.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlInputRadioButton.cs	2008-08-09 22:23:02.000000000 +0300
+@@ -126,7 +126,7 @@
+ 			if (Page != null)
+ 				Page.ClientScript.RegisterForEventValidation (this.UniqueID, Value);
+ #endif
+-			writer.WriteAttribute ("value", Value);
++			writer.WriteAttribute ("value", Value, true);
+ 			Attributes.Remove ("value");
+ 			base.RenderAttributes (writer);
+ 		}
diff --git a/lang/mono/patches/patch-ck b/lang/mono/patches/patch-ck
new file mode 100644
index 00000000000..69cc454ef21
--- /dev/null
+++ b/lang/mono/patches/patch-ck
@@ -0,0 +1,12 @@
+$NetBSD: patch-ck,v 1.1 2008/08/09 19:57:51 kefren Exp $
+--- mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs.orig	2008-01-30 00:04:11.000000000 +0200
++++ mcs/class/System.Web/System.Web.UI.HtmlControls/HtmlSelect.cs	2008-08-09 22:23:02.000000000 +0300
+@@ -693,7 +693,7 @@
+ 					}
+ 				}
+ 				
+-				w.WriteAttribute ("value", item.Value);
++				w.WriteAttribute ("value", item.Value, true);
+ 				w.Write (HtmlTextWriter.TagRightChar);
+ 				
+ 				w.Write (item.Text);