add fix for CVE-2010-4159

PKGREVISION++

3 files changed, 54 insertions, 2 deletions

diff --git a/lang/mono/Makefile b/lang/mono/Makefile
index 26760027b0e..3d0720b47a8 100644
--- a/lang/mono/Makefile
+++ b/lang/mono/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.106 2010/10/16 04:32:18 kefren Exp $
+# $NetBSD: Makefile,v 1.107 2010/11/23 16:33:03 kefren Exp $
 
 DISTNAME=	mono-2.8
+PKGREVISION=	1
 CATEGORIES=	lang
 MASTER_SITES=	http://ftp.novell.com/pub/mono/sources/mono/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/lang/mono/distinfo b/lang/mono/distinfo
index d501e68fd5e..81f358b55ac 100644
--- a/lang/mono/distinfo
+++ b/lang/mono/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.68 2010/10/16 04:32:18 kefren Exp $
+$NetBSD: distinfo,v 1.69 2010/11/23 16:33:03 kefren Exp $
 
 SHA1 (mono-2.8.tar.bz2) = a724de68dccb583b54d2e08c5a1e5760c18225ab
 RMD160 (mono-2.8.tar.bz2) = e2f78f8128a94dd983b380a2408c7a648e8e0864
@@ -19,6 +19,7 @@ SHA1 (patch-ap) = 9da5c76e34f1f61da411ab4e0c884c23cc320bb9
 SHA1 (patch-aq) = a356e520eeb95a8c3bb1485cb460710703882e39
 SHA1 (patch-ar) = 7a2a916f3362da087b2dcfe6b91ba47339151e5b
 SHA1 (patch-as) = 9f434c84f57e985d4734872e2dbce1079c87fcfa
+SHA1 (patch-at) = ddcfcde40e9e77c76d3537d01a77c607768c3875
 SHA1 (patch-ba) = b5d7f5832ea53dd00af67ac94b5289d71f0d2152
 SHA1 (patch-bc) = bbf1a903cf7fee1dbd3a070b0ef0d5aecbdf67e2
 SHA1 (patch-bd) = 15c803bf85ad36ad08bcaaf7dbc371a6473ae5f2
diff --git a/lang/mono/patches/patch-at b/lang/mono/patches/patch-at
new file mode 100644
index 00000000000..167bda42ce5
--- /dev/null
+++ b/lang/mono/patches/patch-at
@@ -0,0 +1,50 @@
+$NetBSD: patch-at,v 1.1 2010/11/23 16:33:04 kefren Exp $
+
+Fix for CVE-2010-4159 from git repository:
+https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625
+
+--- mono/metadata/loader.c.orig	2010-11-23 17:54:39.000000000 +0200
++++ mono/metadata/loader.c	2010-11-23 17:54:50.000000000 +0200
+@@ -1340,32 +1340,34 @@
+ 
+ 		if (!module) {
+ 			void *iter = NULL;
+-			while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
++			char *mdirname = g_path_get_dirname (image->name);
++			while ((full_name = mono_dl_build_path (mdirname, file_name, &iter))) {
+ 				mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
+-						"DllImport loading location: '%s'.", full_name);
++					"DllImport loading library: '%s'.", full_name);
+ 				module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
+ 				if (!module) {
+ 					mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
+-							"DllImport error loading library: '%s'.",
+-							error_msg);
++						"DllImport error loading library '%s'.",
++						error_msg);
+ 					g_free (error_msg);
+ 				}
+ 				g_free (full_name);
+ 				if (module)
+ 					break;
+ 			}
++			g_free (mdirname);
+ 		}
+ 
+ 		if (!module) {
+ 			void *iter = NULL;
+-			while ((full_name = mono_dl_build_path (".", file_name, &iter))) {
++			while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
+ 				mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
+-					"DllImport loading library: '%s'.", full_name);
++						"DllImport loading location: '%s'.", full_name);
+ 				module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
+ 				if (!module) {
+ 					mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
+-						"DllImport error loading library '%s'.",
+-						error_msg);
++							"DllImport error loading library: '%s'.",
++							error_msg);
+ 					g_free (error_msg);
+ 				}
+ 				g_free (full_name);