[Frugalware-darcs] frugalware-0.5: mono-1.1.17.2-2siwenna1-x86_64

[voroskoi]

Darcsweb-Url: 
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.5;a=darcs_commitdiff;h=20061229120742-dd049-df009d239674510d1d1dc244d2b3374df4359c98.gz;

[mono-1.1.17.2-2siwenna1-x86_64
voroskoi <[EMAIL PROTECTED]>**20061229120742
 secfix relbump, closes #1557
] {
addfile ./source/devel/mono/CVE-2006-6104.patch
hunk ./source/devel/mono/CVE-2006-6104.patch 1
+diff -Naurp mono-1.1.17.2/mcs/class/System.Web/System.Web/HttpRequest.cs 
mono-1.1.17.2-p/mcs/class/System.Web/System.Web/HttpRequest.cs
+--- mono-1.1.17.2/mcs/class/System.Web/System.Web/HttpRequest.cs       
2006-07-05 23:58:18.000000000 +0200
++++ mono-1.1.17.2-p/mcs/class/System.Web/System.Web/HttpRequest.cs     
2006-12-22 20:36:09.000000000 +0100
+@@ -923,8 +923,10 @@ namespace System.Web {
+                               if (worker_request == null)
+                                       return String.Empty; // don't check 
security with an empty string!
+ 
+-                              if (physical_path == null)
+-                                      physical_path = MapPath 
(CurrentExecutionFilePath);
++                              if (physical_path == null) {
++                                      // Don't call HttpRequest.MapPath here, 
as that one *trims* the input
++                                      physical_path = worker_request.MapPath 
(FilePath);
++                              }
+ 
+                               if (SecurityManager.SecurityEnabled) {
+                                       new FileIOPermission 
(FileIOPermissionAccess.PathDiscovery, physical_path).Demand ();
+@@ -1246,6 +1248,7 @@ namespace System.Web {
+               internal void SetFilePath (string path)
+               {
+                       file_path = path;
++                      physical_path = null;
+               }
+ 
+               internal void SetCurrentExePath (string path)
hunk ./source/devel/mono/FrugalBuild 1
-# Last modified: Mon, 09 Oct 2006 22:14:40 +0200
hunk ./source/devel/mono/FrugalBuild 6
-pkgrel=1siwenna1
+pkgrel=2siwenna1
hunk ./source/devel/mono/FrugalBuild 15
-source=(http://www.go-mono.com/sources/$pkgname/$pkgname-$pkgver.tar.gz 
rc.mono rc.mono-hu.po)
+source=(http://www.go-mono.com/sources/$pkgname/$pkgname-$pkgver.tar.gz 
rc.mono rc.mono-hu.po CVE-2006-6104.patch)
hunk ./source/devel/mono/FrugalBuild 19
-          '6c19f98462d7bb1ecba79a3ad284ea02a1eac2ec')
+          '6c19f98462d7bb1ecba79a3ad284ea02a1eac2ec' \
+         'c36e1f283d98b5ca71b16d29cc16cdb01614b83a')
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs