[pkgsrc/trunk]: pkgsrc/devel/tcllib SECURITY: Apply patch for XSS in html::te...

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/024673fa7d97
branches:  trunk
changeset: 648857:024673fa7d97
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sat Mar 21 17:14:04 2015 +0000

description:
SECURITY: Apply patch for XSS in html::textarea as of
http://core.tcl.tk/tcllib/info/09110adc43.
Bump PKGREVISION.

diffstat:

 devel/tcllib/Makefile                            |   3 ++-
 devel/tcllib/distinfo                            |   3 ++-
 devel/tcllib/patches/patch-modules_html_html.tcl |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diffs (43 lines):

diff -r b5902bf1fac8 -r 024673fa7d97 devel/tcllib/Makefile
--- a/devel/tcllib/Makefile     Sat Mar 21 16:24:51 2015 +0000
+++ b/devel/tcllib/Makefile     Sat Mar 21 17:14:04 2015 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2014/02/02 19:06:30 wiz Exp $
+# $NetBSD: Makefile,v 1.14 2015/03/21 17:14:04 bsiegert Exp $
 
 DISTNAME=              tcllib-1.15
+PKGREVISION=           1
 CATEGORIES=            devel
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=tcllib/}
 EXTRACT_SUFX=          .tar.bz2
diff -r b5902bf1fac8 -r 024673fa7d97 devel/tcllib/distinfo
--- a/devel/tcllib/distinfo     Sat Mar 21 16:24:51 2015 +0000
+++ b/devel/tcllib/distinfo     Sat Mar 21 17:14:04 2015 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.5 2014/02/02 19:06:30 wiz Exp $
+$NetBSD: distinfo,v 1.6 2015/03/21 17:14:04 bsiegert Exp $
 
 SHA1 (tcllib-1.15.tar.bz2) = 7130ee20c0fe7fc720288886b9ecb449899e0d6d
 RMD160 (tcllib-1.15.tar.bz2) = dcc5b8d180da1fc3ebc9d620a18c5cd063f33d32
 Size (tcllib-1.15.tar.bz2) = 5030648 bytes
+SHA1 (patch-modules_html_html.tcl) = dcd6b9c809990e429bb65084aee3a500af05e40d
diff -r b5902bf1fac8 -r 024673fa7d97 devel/tcllib/patches/patch-modules_html_html.tcl
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/tcllib/patches/patch-modules_html_html.tcl  Sat Mar 21 17:14:04 2015 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-modules_html_html.tcl,v 1.1 2015/03/21 17:14:04 bsiegert Exp $
+
+html - Fixed XSS vulnerability of "textarea" command. Now properly quoting the input value.
+http://core.tcl.tk/tcllib/info/09110adc43
+
+--- modules/html/html.tcl.orig 2015-03-21 17:08:44.000000000 +0000
++++ modules/html/html.tcl
+@@ -912,7 +912,7 @@ proc ::html::selectPlain {name param cho
+ #     The html fragment
+ 
+ proc ::html::textarea {name {param {}} {current {}}} {
+-    ::set value [ncgi::value $name $current]
++    ::set value [quoteFormValue [ncgi::value $name $current]]
+     return "<[string trimright \
+       "textarea name=\"$name\"\
+               [tagParam textarea $param]"]>$value</textarea>\n"