From 586fa165534b7035c60b80c78080ac5e8b9d0c52 Mon Sep 17 00:00:00 2001 From: chkr Date: Jun 24 2010 20:50:38 +0000 Subject: - Add upstream patch for CVE-2010-1459: http://anonsvn.mono-project.com/viewvc?view=revision&revision=156450 --- diff --git a/mono-2.4.3.1-CVE-2010-1459.patch b/mono-2.4.3.1-CVE-2010-1459.patch new file mode 100644 index 0000000..76edf51 --- /dev/null +++ b/mono-2.4.3.1-CVE-2010-1459.patch @@ -0,0 +1,131 @@ +Index: branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/PageParser.cs +=================================================================== +--- branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/PageParser.cs (revision 156449) ++++ branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/PageParser.cs (revision 156450) +@@ -45,7 +45,8 @@ + public sealed class PageParser : TemplateControlParser + { + PagesEnableSessionState enableSessionState = PagesEnableSessionState.True; +- bool enableViewStateMac = true; ++ bool enableViewStateMac; ++ bool enableViewStateMacSet; + bool smartNavigation; + bool haveTrace; + bool trace; +@@ -378,8 +379,12 @@ + enable_event_validation = GetBool (atts, "EnableEventValidation", enable_event_validation); + maintainScrollPositionOnPostBack = GetBool (atts, "MaintainScrollPositionOnPostBack", maintainScrollPositionOnPostBack); + #endif ++ if (atts.ContainsKey ("EnableViewStateMac")) { ++ enableViewStateMac = GetBool (atts, "EnableViewStateMac", enableViewStateMac); ++ enableViewStateMacSet = true; ++ } ++ + // Ignored by now +- GetString (atts, "EnableViewStateMac", null); + GetString (atts, "SmartNavigation", null); + + base.ProcessMainAttributes (atts); +@@ -470,6 +475,10 @@ + internal bool EnableViewStateMac { + get { return enableViewStateMac; } + } ++ ++ internal bool EnableViewStateMacSet { ++ get { return enableViewStateMacSet; } ++ } + + internal bool SmartNavigation { + get { return smartNavigation; } +Index: branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/ChangeLog +=================================================================== +--- branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/ChangeLog (revision 156449) ++++ branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/ChangeLog (revision 156450) +@@ -1,3 +1,11 @@ ++2010-04-29 Marek Habersack ++ ++ * PageParser.cs, Page.cs: do not ignore the EnableViewStateMac ++ directive attribute. Fixes bug #592428 ++ Fixes cross-site scripting vulnerability (CVE: CVE-2010-1459) ++ Credits: Web Security Research Group (WSRG) of Hewlett Packard ++ (HP) ++ + 2009-09-15 Marek Habersack + + * TemplateParser.cs: FindNamespaceInAssembly must catch +Index: branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/Page.cs +=================================================================== +--- branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/Page.cs (revision 156449) ++++ branches/mono-2-4-2/mcs/class/System.Web/System.Web.UI/Page.cs (revision 156450) +@@ -192,11 +192,16 @@ + asyncTimeout = ps.AsyncTimeout; + viewStateEncryptionMode = ps.ViewStateEncryptionMode; + _viewState = ps.EnableViewState; ++ _viewStateMac = ps.EnableViewStateMac; + } else { + asyncTimeout = TimeSpan.FromSeconds (DefaultAsyncTimeout); + viewStateEncryptionMode = ViewStateEncryptionMode.Auto; + _viewState = true; + } ++#else ++ PagesConfiguration ps = PagesConfiguration.GetInstance (HttpContext.Current); ++ if (ps != null) ++ _viewStateMac = ps.EnableViewStateMac; + #endif + } + +Index: branches/mono-2-4-2/mcs/class/System.Web/System.Web.Configuration/PagesConfiguration.cs +=================================================================== +--- branches/mono-2-4-2/mcs/class/System.Web/System.Web.Configuration/PagesConfiguration.cs (revision 156449) ++++ branches/mono-2-4-2/mcs/class/System.Web/System.Web.Configuration/PagesConfiguration.cs (revision 156450) +@@ -38,7 +38,7 @@ + internal bool Buffer = true; + internal PagesEnableSessionState EnableSessionState = PagesEnableSessionState.True; + internal bool EnableViewState = true; +- internal bool EnableViewStateMac = false; ++ internal bool EnableViewStateMac = true; + internal bool SmartNavigation = false; + internal bool AutoEventWireup = true; + internal bool ValidateRequest = true; +Index: branches/mono-2-4-2/mcs/class/System.Web/System.Web.Configuration/ChangeLog +=================================================================== +--- branches/mono-2-4-2/mcs/class/System.Web/System.Web.Configuration/ChangeLog (revision 156449) ++++ branches/mono-2-4-2/mcs/class/System.Web/System.Web.Configuration/ChangeLog (revision 156450) +@@ -1,3 +1,11 @@ ++2010-04-29 Marek Habersack ++ ++ * PagesConfiguration.cs: make EnableViewStateMac default to ++ true. Fixes bug #592428 ++ Fixes cross-site scripting vulnerability (CVE: CVE-2010-1459) ++ Credits: Web Security Research Group (WSRG) of Hewlett Packard ++ (HP) ++ + 2009-05-14 Marek Habersack + + * HandlerFactoryConfiguration.cs: if we're matching a default +@@ -943,4 +951,3 @@ + 2002-06-03 Gonzalo Paniagua Javier + + * System.Web.Configuration/HttpCapabilitiesBase.cs: New file. +- +Index: branches/mono-2-4-2/mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs +=================================================================== +--- branches/mono-2-4-2/mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs (revision 156449) ++++ branches/mono-2-4-2/mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs (revision 156450) +@@ -314,11 +314,13 @@ + + protected override void AddStatementsToInitMethod (CodeMemberMethod method) + { ++ ILocation directiveLocation = pageParser.DirectiveLocation; ++ CodeArgumentReferenceExpression ctrlVar = new CodeArgumentReferenceExpression("__ctrl"); ++ ++ if (pageParser.EnableViewStateMacSet) ++ method.Statements.Add (AddLinePragma (CreatePropertyAssign (ctrlVar, "EnableViewStateMac", pageParser.EnableViewStateMac), directiveLocation)); + #if NET_2_0 + AddStatementsFromDirective (method); +- ILocation directiveLocation = pageParser.DirectiveLocation; +- +- CodeArgumentReferenceExpression ctrlVar = new CodeArgumentReferenceExpression("__ctrl"); + if (pageParser.Title != null) + method.Statements.Add (AddLinePragma (CreatePropertyAssign (ctrlVar, "Title", pageParser.Title), directiveLocation)); + diff --git a/mono.spec b/mono.spec index 2717280..0c0321b 100644 --- a/mono.spec +++ b/mono.spec @@ -2,7 +2,7 @@ Name: mono Version: 2.4.3.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A .NET runtime environment Group: Development/Languages @@ -52,6 +52,8 @@ Patch4: mono-2.0-monoservice.patch Patch5: mono-2.0-metadata-makefile.patch Patch6: mono-242-libgdiplusconfig.patch Patch7: mono-22-libdir.patch +# http://anonsvn.mono-project.com/viewvc?view=revision&revision=156450 +Patch8: mono-2.4.3.1-CVE-2010-1459.patch %description The Mono runtime implements a JIT engine for the ECMA CLI @@ -306,6 +308,7 @@ mono-moonlight are all the parts required for moonlight compilation %patch6 -p1 -F 2 -b .libgdiplus sed -i -e 's!@libdir@!%{_libdir}!' %{PATCH7} %patch7 -p1 -b .libdir-22 +%patch8 -p2 -F 3 -b .cve-2010-1459 sed -i -e 's!%{_libdir}!@libdir@!' %{PATCH7} sed -i -e 's!@prefix@/lib/!%{_libdir}/!' data/mono.web.pc.in sed -i -e 's!@prefix@/lib/!%{_libdir}/!' data/system.web.extensions_1.0.pc.in @@ -752,6 +755,10 @@ install -m 755 %{SOURCE3} %{buildroot}%{_bindir}/ %{_libdir}/pkgconfig/monodoc.pc %changelog +* Thu Jun 24 2010 Christian Krause - 2.4.3.1-2 +- Add upstream patch for CVE-2010-1459: + http://anonsvn.mono-project.com/viewvc?view=revision&revision=156450 + * Wed Jan 13 2010 Christian Krause - 2.4.3.1-1 - Update to 2.4.3.1