head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.12
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.10
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.8
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.6
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.4
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.2
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.1.0.6
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.4
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2008.10.07.13.22.33;	author kefren;	state dead;
branches;
next	1.1;

1.1
date	2008.09.01.09.28.54;	author kefren;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.09.01.09.28.54;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.09.04.21.37.19;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to mono 2.0

Improved performance, more features, C# 3.0, complete LINQ support etc.

For a more complete list of changes please consult:
http://www.mono-project.com/Release_Notes_Mono_2.0
@
text
@$NetBSD: patch-cl,v 1.1 2008/09/01 09:28:54 kefren Exp $
--- mcs/class/System.Web/System.Web/HttpResponseHeader.cs	2008/08/21 16:19:17	111275
+++ mcs/class/System.Web/System.Web/HttpResponseHeader.cs	2008/08/21 16:51:54	111276
@@@@ -30,17 +30,65 @@@@
 
 using System.Collections;
 using System.Text;
+using System.Web.Configuration;
 
 namespace System.Web {
 
 	internal abstract class BaseResponseHeader {
-		public string Value;
+		string headerValue;
+		
+		public string Value {
+			get { return headerValue; }
+			set { headerValue = EncodeHeader (value); }
+		}
 	  
+		static bool headerCheckingEnabled;
+		
+		static BaseResponseHeader () {
+#if NET_2_0
+			HttpRuntimeSection section = WebConfigurationManager.GetSection ("system.web/httpRuntime") as HttpRuntimeSection;
+#else
+			HttpRuntimeConfig section = HttpContext.GetAppConfig ("system.web/httpRuntime") as HttpRuntimeConfig;
+#endif
+			headerCheckingEnabled = section == null || section.EnableHeaderChecking;
+		}
+
+
 		internal BaseResponseHeader (string val)
 		{
 			Value = val;
 		}
 
+		string EncodeHeader (string value)
+		{
+			if (value == null || value.Length == 0)
+				return value;
+			
+			if (headerCheckingEnabled) {
+				StringBuilder ret = new StringBuilder ();
+				int len = value.Length;
+
+				for (int i = 0; i < len; i++) {
+					switch (value [i]) {
+						case '\r':
+							ret.Append ("%0d");
+							break;
+
+						case '\n':
+							ret.Append ("%0a");
+							break;
+
+						default:
+							ret.Append (value [i]);
+							break;
+					}
+				}
+
+				return ret.ToString ();
+			} else
+				return value;
+		}
+		
 		internal abstract void SendContent (HttpWorkerRequest wr);
 	}
 
@


1.1
log
@Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
"HTTP header injection" attacks
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-cl was added on branch pkgsrc-2008Q2 on 2008-09-04 21:37:19 +0000
@
text
@d1 70
@


1.1.2.2
log
@Pullup ticket #2516 - requested by kefren
mono: security patch

Revisions pulled up:
- lang/mono/Makefile		1.70-1.71
- lang/mono/PLIST		1.25
- lang/mono/distinfo		1.37
- lang/mono/patches/patch-cl	1.1
- lang/mono/patches/patch-cm	1.1
---
Module Name:    pkgsrc
Committed By:   tron
Date:           Sun Aug 10 16:19:33 UTC 2008

Modified Files:
        pkgsrc/lang/mono: Makefile PLIST

Log Message:
Remove directory "include/mono-1.0/mono" on deinstallation.
Bump package revision because of a package list fix.
---
Module Name:	pkgsrc
Committed By:	kefren
Date:		Mon Sep  1 09:28:54 UTC 2008

Modified Files:
	pkgsrc/lang/mono: Makefile distinfo
Added Files:
	pkgsrc/lang/mono/patches: patch-cl patch-cm

Log Message:
Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
"HTTP header injection" attacks
@
text
@a0 70
$NetBSD: patch-cl,v 1.1 2008/09/01 09:28:54 kefren Exp $
--- mcs/class/System.Web/System.Web/HttpResponseHeader.cs	2008/08/21 16:19:17	111275
+++ mcs/class/System.Web/System.Web/HttpResponseHeader.cs	2008/08/21 16:51:54	111276
@@@@ -30,17 +30,65 @@@@
 
 using System.Collections;
 using System.Text;
+using System.Web.Configuration;
 
 namespace System.Web {
 
 	internal abstract class BaseResponseHeader {
-		public string Value;
+		string headerValue;
+		
+		public string Value {
+			get { return headerValue; }
+			set { headerValue = EncodeHeader (value); }
+		}
 	  
+		static bool headerCheckingEnabled;
+		
+		static BaseResponseHeader () {
+#if NET_2_0
+			HttpRuntimeSection section = WebConfigurationManager.GetSection ("system.web/httpRuntime") as HttpRuntimeSection;
+#else
+			HttpRuntimeConfig section = HttpContext.GetAppConfig ("system.web/httpRuntime") as HttpRuntimeConfig;
+#endif
+			headerCheckingEnabled = section == null || section.EnableHeaderChecking;
+		}
+
+
 		internal BaseResponseHeader (string val)
 		{
 			Value = val;
 		}
 
+		string EncodeHeader (string value)
+		{
+			if (value == null || value.Length == 0)
+				return value;
+			
+			if (headerCheckingEnabled) {
+				StringBuilder ret = new StringBuilder ();
+				int len = value.Length;
+
+				for (int i = 0; i < len; i++) {
+					switch (value [i]) {
+						case '\r':
+							ret.Append ("%0d");
+							break;
+
+						case '\n':
+							ret.Append ("%0a");
+							break;
+
+						default:
+							ret.Append (value [i]);
+							break;
+					}
+				}
+
+				return ret.ToString ();
+			} else
+				return value;
+		}
+		
 		internal abstract void SendContent (HttpWorkerRequest wr);
 	}
 
@