Security fix for CVE-2012-3382, Mono "ProcessRequest()" Cross-Site Scripting Vulnerability

ok robert@ (MAINTAINER)
2012-07-13 16:59:15 +00:00 · 2012-07-13 16:59:15 +00:00 · 802663255c
commit 802663255c
parent afe54d5764
2 changed files with 18 additions and 1 deletions
--- a/lang/mono/Makefile
+++ b/lang/mono/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.71 2012/07/10 22:32:01 robert Exp $
+# $OpenBSD: Makefile,v 1.72 2012/07/13 16:59:15 jasper Exp $

 COMMENT=	cross platform, open source .NET developement framework

 DISTNAME=	mono-2.10.9
+REVISION=	0

 CATEGORIES=	lang devel

--- a/lang/mono/patches/patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs
+++ b/lang/mono/patches/patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs
@ -0,0 +1,16 @@
+$OpenBSD: patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs,v 1.1 2012/07/13 16:59:15 jasper Exp $
+
+Security fix for CVE-2012-3382, Mono "ProcessRequest()" Cross-Site Scripting Vulnerability
+From upstream git: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
+
+--- mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig	Fri Jul 13 16:36:05 2012
+++ mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs	Fri Jul 13 16:37:03 2012
+@@ -42,7 +42,7 @@ namespace System.Web
+ 				
+ 			throw new HttpException (403,
+ 						 "This type of page is not served.",
+-						 req != null ? req.Path : null,
+						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
+ 						 description);
+ 		}
+