diff --git a/lang/mono/Makefile b/lang/mono/Makefile index 7a62393e64f..3cb634fd097 100644 --- a/lang/mono/Makefile +++ b/lang/mono/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.71 2012/07/10 22:32:01 robert Exp $ +# $OpenBSD: Makefile,v 1.72 2012/07/13 16:59:15 jasper Exp $ COMMENT= cross platform, open source .NET developement framework DISTNAME= mono-2.10.9 +REVISION= 0 CATEGORIES= lang devel diff --git a/lang/mono/patches/patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs b/lang/mono/patches/patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs new file mode 100644 index 00000000000..04a654a2209 --- /dev/null +++ b/lang/mono/patches/patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs @@ -0,0 +1,16 @@ +$OpenBSD: patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs,v 1.1 2012/07/13 16:59:15 jasper Exp $ + +Security fix for CVE-2012-3382, Mono "ProcessRequest()" Cross-Site Scripting Vulnerability +From upstream git: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 + +--- mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig Fri Jul 13 16:36:05 2012 ++++ mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs Fri Jul 13 16:37:03 2012 +@@ -42,7 +42,7 @@ namespace System.Web + + throw new HttpException (403, + "This type of page is not served.", +- req != null ? req.Path : null, ++ req != null ? HttpUtility.HtmlEncode (req.Path) : null, + description); + } +