[SCM] eclipse - Powerful IDE written in java - Debian package. branch, master, updated. debian/3.5.2-7-11-g60b3351

Niels Thykier nthykier at alioth.debian.org
Fri Feb 11 13:18:41 UTC 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "eclipse - Powerful IDE written in java - Debian package.".

The branch, master has been updated
       via  60b33511401c27bf51bd504e47a0a587fe6f9321 (commit)
       via  e6ab85b61fe2aa593a7efd9b2e3b6df414e1446a (commit)
       via  5fb435694ac481a76bbed0441639003bfe58ef1c (commit)
       via  c5c400dbd24ce3524db7d31a08942c58f814ebe9 (commit)
      from  90641b241ec3d8dfbe1a6bd5eebbdaa3eee49598 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 60b33511401c27bf51bd504e47a0a587fe6f9321
Author: Niels Thykier <niels at thykier.net>
Date:   Fri Feb 11 14:16:26 2011 +0100

    Set dist to unstable

commit e6ab85b61fe2aa593a7efd9b2e3b6df414e1446a
Author: Niels Thykier <niels at thykier.net>
Date:   Fri Feb 11 13:53:26 2011 +0100

    Revert "Add local-options to set unapply-patches by default."
    
    This reverts commit aee5a1205e07a6e1b4b798dd023f5649f704facc.
    Breaks the current setup; we are keeping patches applied until
    3.6 becomes the primary master branch.

commit 5fb435694ac481a76bbed0441639003bfe58ef1c
Author: Niels Thykier <niels at thykier.net>
Date:   Fri Feb 11 13:24:43 2011 +0100

    Backported patch for CVE-2010-4647 (Closes: #611849)

commit c5c400dbd24ce3524db7d31a08942c58f814ebe9
Author: Niels Thykier <niels at thykier.net>
Date:   Fri Feb 11 12:50:31 2011 +0100

    Bump depends for sat4j (Closes: #612738)

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                                   |    8 +++++
 debian/control                                     |    8 ++--
 .../bp-eclipse-help-webapps-xss-BZ661901.patch     |   34 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 debian/source/local-options                        |    1 -
 .../org.eclipse.help.webapp/advanced/content.jsp   |    2 +-
 .../org.eclipse.help.webapp/basic/index.jsp        |    4 +-
 7 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 645b55f..4dfbbc5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+eclipse (3.5.2-9) unstable; urgency=low
+
+  * Bump version for sat4j. (Closes: #612738)
+  * Backported patch for CVE-2010-4647. (Closes: #611849)
+    - Fixes XSS in help browser application.
+
+ -- Niels Thykier <niels at thykier.net>  Fri, 11 Feb 2011 14:15:40 +0100
+
 eclipse (3.5.2-8) unstable; urgency=low
 
   [ Niels Thykier ]
diff --git a/debian/control b/debian/control
index 9e357b3..aeaa483 100644
--- a/debian/control
+++ b/debian/control
@@ -39,8 +39,8 @@ Build-Depends: ant (>= 1.7.1),
                maven-ant-helper,
                maven-repo-helper,
                pkg-config,
-               sat4j (>= 2.2.0-3~),
-               sat4j (<< 2.2.1),
+               sat4j (>= 2.2.3),
+               sat4j (<< 2.2.4),
                unzip,
                xulrunner-dev (>= 1.9.1.3-2),
                zip
@@ -133,8 +133,8 @@ Depends: ant (>= 1.7.1),
          liblucene2-java (>= 2.9.3+ds1),
          liblucene2-java (<< 2.9.4),
          libservlet2.5-java (>= 6.0.20-8),
-         sat4j (>= 2.2.0-3~),
-         sat4j (<< 2.2.1),
+         sat4j (>= 2.2.3),
+         sat4j (<< 2.2.4),
          ${misc:Depends},
          ${perl:Depends},
          ${shlibs:Depends}
diff --git a/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch b/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch
new file mode 100644
index 0000000..ebe1665
--- /dev/null
+++ b/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch
@@ -0,0 +1,34 @@
+Description: Backported patch for fixing CVE-2010-4647.
+Origin: Fedora, http://pkgs.fedoraproject.org/gitweb/?p=eclipse.git;a=commit;h=5c1617b
+Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
+Bug-Debian: http://bugs.debian.org/611849
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=661901
+
+diff --git a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+index fc9998f..73712b4 100644
+--- a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
++++ b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+@@ -46,7 +46,7 @@ FRAMESET {
+ 
+ 
+ <frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" border=0 spacing=0>
+-	<frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>'  marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
++	<frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>'  marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
+ 	<frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>'  marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
+ </frameset>
+ 
+diff --git a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+index c405813..5639f62 100644
+--- a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
++++ b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+@@ -29,8 +29,8 @@
+ <%
+ 	}
+ %>
+-	<frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no">
+-	<frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
++	<frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no">
++	<frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
+ </frameset>
+ 
+ </html>
diff --git a/debian/patches/series b/debian/patches/series
index 277c501..bde6336 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,3 +24,4 @@ add-o.e.equinox.concurrent.patch
 pdebuild-workspace.patch
 bp-osgi-ignore-root-CA.patch
 bp-osgi-allow-illegal-os-qualifier.patch
+bp-eclipse-help-webapps-xss-BZ661901.patch
diff --git a/debian/source/local-options b/debian/source/local-options
deleted file mode 100644
index 4aceb10..0000000
--- a/debian/source/local-options
+++ /dev/null
@@ -1 +0,0 @@
-unapply-patches
diff --git a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
index fc9998f..73712b4 100644
--- a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+++ b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
@@ -46,7 +46,7 @@ FRAMESET {
 
 
 <frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" border=0 spacing=0>
-	<frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>'  marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
+	<frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>'  marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
 	<frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>'  marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
 </frameset>
 
diff --git a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
index c405813..5639f62 100644
--- a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+++ b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
@@ -29,8 +29,8 @@
 <%
 	}
 %>
-	<frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no">
-	<frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
+	<frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no">
+	<frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
 </frameset>
 
 </html>


hooks/post-receive
-- 
eclipse - Powerful IDE written in java - Debian package.

More information about the pkg-java-commits mailing list