- Add fix for Eclipse help XSS vulnerability (RH Bz #661901).
This commit is contained in:
parent
e9de2d1d83
commit
e7a3fefc0d
25
eclipse-help-webapps-xss-BZ329582.patch
Normal file
25
eclipse-help-webapps-xss-BZ329582.patch
Normal file
@ -0,0 +1,25 @@
|
||||
# Backport patch for upstream Eclipse BZ: 329582 (XSS attack)
|
||||
--- plugins/org.eclipse.help.webapp/advanced/content.jsp.orig 2010-04-21 14:00:16.000000000 -0400
|
||||
+++ plugins/org.eclipse.help.webapp/advanced/content.jsp 2010-12-10 09:41:14.642196217 -0500
|
||||
@@ -45,7 +45,7 @@
|
||||
|
||||
</head>
|
||||
<frameset id="contentFrameset" rows="<%=frameData.getContentAreaFrameSizes()%>" frameborder=0" framespacing="0" border="0" spacing="0">
|
||||
- <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" >
|
||||
+ <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" >
|
||||
<frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>' marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
|
||||
<%
|
||||
AbstractFrame[] frames = frameData.getFrames(AbstractFrame.BELOW_CONTENT);
|
||||
--- plugins/org.eclipse.help.webapp/basic/index.jsp.orig 2010-04-21 14:00:17.000000000 -0400
|
||||
+++ plugins/org.eclipse.help.webapp/basic/index.jsp 2010-12-10 09:42:58.516317455 -0500
|
||||
@@ -29,8 +29,8 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
- <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no">
|
||||
- <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
|
||||
+ <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no">
|
||||
+ <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
|
||||
<%
|
||||
if(!("0".equals(data.getFooterHeight()))){
|
||||
%>
|
@ -27,7 +27,7 @@ Epoch: 1
|
||||
Summary: An open, extensible IDE
|
||||
Name: eclipse
|
||||
Version: %{eclipse_majmin}.%{eclipse_micro}
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: EPL
|
||||
Group: Text Editors/Integrated Development Environments (IDE)
|
||||
URL: http://www.eclipse.org/
|
||||
@ -44,6 +44,8 @@ Patch0: remove-ant-trax.patch
|
||||
Patch1: eclipse-xpcom-h.patch
|
||||
# Shell script portability patch: prepare-build-dir.sh
|
||||
Patch2: prepare-build-dir.sh.patch
|
||||
# Backport of security fix for BZ 661901
|
||||
Patch3: eclipse-help-webapps-xss-BZ329582.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: ant ant-nodeps
|
||||
@ -207,6 +209,8 @@ popd
|
||||
# Apply shell script portability
|
||||
# patch to upstream prepare-build-dir.sh
|
||||
%patch2
|
||||
# Eclipse help XSS vulnerability
|
||||
%patch3
|
||||
|
||||
# Use our system-installed javadocs, reference only what we built, and
|
||||
# don't like to osgi.org docs (FIXME: maybe we should package them?)
|
||||
@ -609,6 +613,9 @@ fi
|
||||
%{_libdir}/%{name}/configuration/org.eclipse.equinox.source
|
||||
|
||||
%changelog
|
||||
* Mon Dec 13 2010 Severin Gehwolf <sgehwolf@redhat.com> 1:3.6.1-3
|
||||
- Add fix for Eclipse help XSS vulnerability (RH Bz #661901).
|
||||
|
||||
* Tue Oct 12 2010 Severin Gehwolf <sgehwolf@redhat.com> 1:3.6.1-2
|
||||
- Require zip for eclipse-pde.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user