Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.5;a=darcs_commitdiff;h=20061229120742-dd049-df009d239674510d1d1dc244d2b3374df4359c98.gz;
[mono-1.1.17.2-2siwenna1-x86_64 voroskoi <[EMAIL PROTECTED]>**20061229120742 secfix relbump, closes #1557 ] { addfile ./source/devel/mono/CVE-2006-6104.patch hunk ./source/devel/mono/CVE-2006-6104.patch 1 +diff -Naurp mono-1.1.17.2/mcs/class/System.Web/System.Web/HttpRequest.cs mono-1.1.17.2-p/mcs/class/System.Web/System.Web/HttpRequest.cs +--- mono-1.1.17.2/mcs/class/System.Web/System.Web/HttpRequest.cs 2006-07-05 23:58:18.000000000 +0200 ++++ mono-1.1.17.2-p/mcs/class/System.Web/System.Web/HttpRequest.cs 2006-12-22 20:36:09.000000000 +0100 +@@ -923,8 +923,10 @@ namespace System.Web { + if (worker_request == null) + return String.Empty; // don't check security with an empty string! + +- if (physical_path == null) +- physical_path = MapPath (CurrentExecutionFilePath); ++ if (physical_path == null) { ++ // Don't call HttpRequest.MapPath here, as that one *trims* the input ++ physical_path = worker_request.MapPath (FilePath); ++ } + + if (SecurityManager.SecurityEnabled) { + new FileIOPermission (FileIOPermissionAccess.PathDiscovery, physical_path).Demand (); +@@ -1246,6 +1248,7 @@ namespace System.Web { + internal void SetFilePath (string path) + { + file_path = path; ++ physical_path = null; + } + + internal void SetCurrentExePath (string path) hunk ./source/devel/mono/FrugalBuild 1 -# Last modified: Mon, 09 Oct 2006 22:14:40 +0200 hunk ./source/devel/mono/FrugalBuild 6 -pkgrel=1siwenna1 +pkgrel=2siwenna1 hunk ./source/devel/mono/FrugalBuild 15 -source=(http://www.go-mono.com/sources/$pkgname/$pkgname-$pkgver.tar.gz rc.mono rc.mono-hu.po) +source=(http://www.go-mono.com/sources/$pkgname/$pkgname-$pkgver.tar.gz rc.mono rc.mono-hu.po CVE-2006-6104.patch) hunk ./source/devel/mono/FrugalBuild 19 - '6c19f98462d7bb1ecba79a3ad284ea02a1eac2ec') + '6c19f98462d7bb1ecba79a3ad284ea02a1eac2ec' \ + 'c36e1f283d98b5ca71b16d29cc16cdb01614b83a') } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs