diff options
| author |   Pacho Ramos <pacho@gentoo.org> | 2012-07-21 11:02:32 +0000 |
|---|---|---|
| committer | Pacho Ramos <pacho@gentoo.org> | 2012-07-21 11:02:32 +0000 |
| commit | 1c6b14bccf84be92eb8be0e6839446dc6e520aac (patch) | |
| tree | e2dcc656fd5393f4c608dcc5bb8433ca9e8e0e40 /dev-lang | |
| parent | Use stricter dependencies for libfm (diff) | |
| download | gentoo-2-1c6b14bccf84be92eb8be0e6839446dc6e520aac.tar.gz gentoo-2-1c6b14bccf84be92eb8be0e6839446dc6e520aac.tar.bz2 gentoo-2-1c6b14bccf84be92eb8be0e6839446dc6e520aac.zip | |
Fix CVE-2012-3382 (#426688), drop old.
(Portage version: 2.1.11.9/cvs/Linux x86_64)
Diffstat (limited to 'dev-lang')
| -rw-r--r-- | dev-lang/mono/ChangeLog | 9 | ||||
| -rw-r--r-- | dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch | 13 | ||||
| -rw-r--r-- | dev-lang/mono/mono-2.10.9-r1.ebuild (renamed from dev-lang/mono/mono-2.10.9.ebuild) | 77 |
3 files changed, 60 insertions, 39 deletions
diff --git a/dev-lang/mono/ChangeLog b/dev-lang/mono/ChangeLog index af55ab9799e5..b46c330370a8 100644 --- a/dev-lang/mono/ChangeLog +++ b/dev-lang/mono/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-lang/mono # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/mono/ChangeLog,v 1.240 2012/05/22 12:18:04 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/mono/ChangeLog,v 1.241 2012/07/21 11:02:32 pacho Exp $ + +*mono-2.10.9-r1 (21 Jul 2012) + + 21 Jul 2012; Pacho Ramos <pacho@gentoo.org> + +files/mono-2.10.9-CVE-2012-3382.patch, +mono-2.10.9-r1.ebuild, + -mono-2.10.9.ebuild: + Fix CVE-2012-3382 (#426688), drop old. 22 May 2012; Agostino Sarubbo <ago@gentoo.org> mono-2.10.8.ebuild: Stable for amd64, wrt bug #407701 diff --git a/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch b/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch new file mode 100644 index 000000000000..434adf283d99 --- /dev/null +++ b/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch @@ -0,0 +1,13 @@ +diff --git a/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs b/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs +index af5ddf4..7e87d48 100644 +--- a/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs ++++ b/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs +@@ -42,7 +42,7 @@ public void ProcessRequest (HttpContext context) + + throw new HttpException (403, + "This type of page is not served.", +- req != null ? req.Path : null, ++ req != null ? HttpUtility.HtmlEncode (req.Path) : null, + description); + } + diff --git a/dev-lang/mono/mono-2.10.9.ebuild b/dev-lang/mono/mono-2.10.9-r1.ebuild index d26311712c53..98778bff718f 100644 --- a/dev-lang/mono/mono-2.10.9.ebuild +++ b/dev-lang/mono/mono-2.10.9-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/mono/mono-2.10.9.ebuild,v 1.1 2012/05/04 12:33:18 ali_bush Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/mono/mono-2.10.9-r1.ebuild,v 1.1 2012/07/21 11:02:32 pacho Exp $ EAPI="4" @@ -52,7 +52,8 @@ pkg_setup() { ewarn "See http://bugs.gentoo.org/261869 for more info." fi fi - PATCHES=( "${FILESDIR}/${PN}-2.10.2-threads-access.patch" ) + PATCHES=( "${FILESDIR}/${PN}-2.10.2-threads-access.patch" + "${FILESDIR}/${P}-CVE-2012-3382.patch" ) } src_prepare() { @@ -160,42 +161,42 @@ pkg_preinst() { fi } -pkg_postinst() { - elog "PLEASE TAKE NOTE!" - elog "" - elog "Some of the namespaces supported by Mono require extra packages to be installed." - elog "Below is a list of namespaces and the corresponding package you must install:" - elog "" - elog ">=x11-libs/cairo-1.6.4" - elog " Mono.Cairo" - elog "Also read:" - elog "http://www.mono-project.com/Mono.Cairo" - elog "" - elog ">=dev-db/firebird-2.0.4.13130.1" - elog " FirebirdSql.Data.Firebird" - elog "Also read:" - elog "http://www.mono-project.com/Firebird_Interbase" - elog "" - elog "dev-db/sqlite:3" - elog " Mono.Data.Sqlite" - elog "Also read:" - elog "http://www.mono-project.com/SQLite" - elog "" - elog ">=dev-db/oracle-instantclient-basic-10.2" - elog " System.Data.OracleClient" - elog "Also read:" - elog "http://www.mono-project.com/Oracle" - elog "" - elog "Mono also has support for packages that are not included in portage:" - elog "" - elog "No ebuild available:" - elog " IBM.Data.DB2" - elog "Also read: http://www.mono-project.com/IBM_DB2" - elog "" - elog "No ebuild needed:" - elog " Mono.Data.SybaseClient" - elog "Also read: http://www.mono-project.com/Sybase" -} +#pkg_postinst() { +# elog "PLEASE TAKE NOTE!" +# elog "" +# elog "Some of the namespaces supported by Mono require extra packages to be installed." +# elog "Below is a list of namespaces and the corresponding package you must install:" +# elog "" +# elog ">=x11-libs/cairo-1.6.4" +# elog " Mono.Cairo" +# elog "Also read:" +# elog "http://www.mono-project.com/Mono.Cairo" +# elog "" +# elog ">=dev-db/firebird-2.0.4.13130.1" +# elog " FirebirdSql.Data.Firebird" +# elog "Also read:" +# elog "http://www.mono-project.com/Firebird_Interbase" +# elog "" +# elog "dev-db/sqlite:3" +# elog " Mono.Data.Sqlite" +# elog "Also read:" +# elog "http://www.mono-project.com/SQLite" +# elog "" +# elog ">=dev-db/oracle-instantclient-basic-10.2" +# elog " System.Data.OracleClient" +# elog "Also read:" +# elog "http://www.mono-project.com/Oracle" +# elog "" +# elog "Mono also has support for packages that are not included in portage:" +# elog "" +# elog "No ebuild available:" +# elog " IBM.Data.DB2" +# elog "Also read: http://www.mono-project.com/IBM_DB2" +# elog "" +# elog "No ebuild needed:" +# elog " Mono.Data.SybaseClient" +# elog "Also read: http://www.mono-project.com/Sybase" +#} # NOTICE: THE COPYRIGHT FILES IN THE TARBALL ARE UNCLEAR! # WHENEVER YOU THINK SOMETHING IS GPL-2+, IT'S ONLY GPL-2 |