[Frugalware-darcs] frugalware-0.5: mono-1.1.17.2-2siwenna1-x86_64

voroskoi voroskoi at frugalware.org
Fri Dec 29 13:10:52 CET 2006 

Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.5;a=darcs_commitdiff;h=20061229120742-dd049-df009d239674510d1d1dc244d2b3374df4359c98.gz;

[mono-1.1.17.2-2siwenna1-x86_64
voroskoi <voroskoi at frugalware.org>**20061229120742
 secfix relbump, closes #1557
] {
addfile ./source/devel/mono/CVE-2006-6104.patch
hunk ./source/devel/mono/CVE-2006-6104.patch 1
+diff -Naurp mono-1.1.17.2/mcs/class/System.Web/System.Web/HttpRequest.cs mono-1.1.17.2-p/mcs/class/System.Web/System.Web/HttpRequest.cs
+--- mono-1.1.17.2/mcs/class/System.Web/System.Web/HttpRequest.cs	2006-07-05 23:58:18.000000000 +0200
++++ mono-1.1.17.2-p/mcs/class/System.Web/System.Web/HttpRequest.cs	2006-12-22 20:36:09.000000000 +0100
+@@ -923,8 +923,10 @@ namespace System.Web {
+ 				if (worker_request == null)
+ 					return String.Empty; // don't check security with an empty string!
+ 
+-				if (physical_path == null)
+-					physical_path = MapPath (CurrentExecutionFilePath);
++				if (physical_path == null) {
++					// Don't call HttpRequest.MapPath here, as that one *trims* the input
++					physical_path = worker_request.MapPath (FilePath);
++				}
+ 
+ 				if (SecurityManager.SecurityEnabled) {
+ 					new FileIOPermission (FileIOPermissionAccess.PathDiscovery, physical_path).Demand ();
+@@ -1246,6 +1248,7 @@ namespace System.Web {
+ 		internal void SetFilePath (string path)
+ 		{
+ 			file_path = path;
++			physical_path = null;
+ 		}
+ 
+ 		internal void SetCurrentExePath (string path)
hunk ./source/devel/mono/FrugalBuild 1
-# Last modified: Mon, 09 Oct 2006 22:14:40 +0200
hunk ./source/devel/mono/FrugalBuild 6
-pkgrel=1siwenna1
+pkgrel=2siwenna1
hunk ./source/devel/mono/FrugalBuild 15
-source=(http://www.go-mono.com/sources/$pkgname/$pkgname-$pkgver.tar.gz rc.mono rc.mono-hu.po)
+source=(http://www.go-mono.com/sources/$pkgname/$pkgname-$pkgver.tar.gz rc.mono rc.mono-hu.po CVE-2006-6104.patch)
hunk ./source/devel/mono/FrugalBuild 19
-          '6c19f98462d7bb1ecba79a3ad284ea02a1eac2ec')
+          '6c19f98462d7bb1ecba79a3ad284ea02a1eac2ec' \
+	  'c36e1f283d98b5ca71b16d29cc16cdb01614b83a')
}

More information about the Frugalware-darcs mailing list