- Add fix for Eclipse help XSS vulnerability (RH Bz #661901).
This commit is contained in:
parent
e9de2d1d83
commit
e7a3fefc0d
|
@ -0,0 +1,25 @@
|
||||||
|
# Backport patch for upstream Eclipse BZ: 329582 (XSS attack)
|
||||||
|
--- plugins/org.eclipse.help.webapp/advanced/content.jsp.orig 2010-04-21 14:00:16.000000000 -0400
|
||||||
|
+++ plugins/org.eclipse.help.webapp/advanced/content.jsp 2010-12-10 09:41:14.642196217 -0500
|
||||||
|
@@ -45,7 +45,7 @@
|
||||||
|
|
||||||
|
</head>
|
||||||
|
<frameset id="contentFrameset" rows="<%=frameData.getContentAreaFrameSizes()%>" frameborder=0" framespacing="0" border="0" spacing="0">
|
||||||
|
- <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" >
|
||||||
|
+ <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" >
|
||||||
|
<frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>' marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
|
||||||
|
<%
|
||||||
|
AbstractFrame[] frames = frameData.getFrames(AbstractFrame.BELOW_CONTENT);
|
||||||
|
--- plugins/org.eclipse.help.webapp/basic/index.jsp.orig 2010-04-21 14:00:17.000000000 -0400
|
||||||
|
+++ plugins/org.eclipse.help.webapp/basic/index.jsp 2010-12-10 09:42:58.516317455 -0500
|
||||||
|
@@ -29,8 +29,8 @@
|
||||||
|
<%
|
||||||
|
}
|
||||||
|
%>
|
||||||
|
- <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no">
|
||||||
|
- <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
|
||||||
|
+ <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no">
|
||||||
|
+ <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
|
||||||
|
<%
|
||||||
|
if(!("0".equals(data.getFooterHeight()))){
|
||||||
|
%>
|
|
@ -27,7 +27,7 @@ Epoch: 1
|
||||||
Summary: An open, extensible IDE
|
Summary: An open, extensible IDE
|
||||||
Name: eclipse
|
Name: eclipse
|
||||||
Version: %{eclipse_majmin}.%{eclipse_micro}
|
Version: %{eclipse_majmin}.%{eclipse_micro}
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: EPL
|
License: EPL
|
||||||
Group: Text Editors/Integrated Development Environments (IDE)
|
Group: Text Editors/Integrated Development Environments (IDE)
|
||||||
URL: http://www.eclipse.org/
|
URL: http://www.eclipse.org/
|
||||||
|
@ -44,6 +44,8 @@ Patch0: remove-ant-trax.patch
|
||||||
Patch1: eclipse-xpcom-h.patch
|
Patch1: eclipse-xpcom-h.patch
|
||||||
# Shell script portability patch: prepare-build-dir.sh
|
# Shell script portability patch: prepare-build-dir.sh
|
||||||
Patch2: prepare-build-dir.sh.patch
|
Patch2: prepare-build-dir.sh.patch
|
||||||
|
# Backport of security fix for BZ 661901
|
||||||
|
Patch3: eclipse-help-webapps-xss-BZ329582.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: ant ant-nodeps
|
BuildRequires: ant ant-nodeps
|
||||||
|
@ -207,6 +209,8 @@ popd
|
||||||
# Apply shell script portability
|
# Apply shell script portability
|
||||||
# patch to upstream prepare-build-dir.sh
|
# patch to upstream prepare-build-dir.sh
|
||||||
%patch2
|
%patch2
|
||||||
|
# Eclipse help XSS vulnerability
|
||||||
|
%patch3
|
||||||
|
|
||||||
# Use our system-installed javadocs, reference only what we built, and
|
# Use our system-installed javadocs, reference only what we built, and
|
||||||
# don't like to osgi.org docs (FIXME: maybe we should package them?)
|
# don't like to osgi.org docs (FIXME: maybe we should package them?)
|
||||||
|
@ -609,6 +613,9 @@ fi
|
||||||
%{_libdir}/%{name}/configuration/org.eclipse.equinox.source
|
%{_libdir}/%{name}/configuration/org.eclipse.equinox.source
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 13 2010 Severin Gehwolf <sgehwolf@redhat.com> 1:3.6.1-3
|
||||||
|
- Add fix for Eclipse help XSS vulnerability (RH Bz #661901).
|
||||||
|
|
||||||
* Tue Oct 12 2010 Severin Gehwolf <sgehwolf@redhat.com> 1:3.6.1-2
|
* Tue Oct 12 2010 Severin Gehwolf <sgehwolf@redhat.com> 1:3.6.1-2
|
||||||
- Require zip for eclipse-pde.
|
- Require zip for eclipse-pde.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue