[SCM] eclipse - Powerful IDE written in java - Debian package. branch, squeeze, updated. debian/3.5.2-6-2-gae15998
Niels Thykier
nthykier at alioth.debian.org
Tue Feb 15 14:05:09 UTC 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "eclipse - Powerful IDE written in java - Debian package.".
The branch, squeeze has been updated
via ae159987d5d468c09c06535755470970c8ce09aa (commit)
from 4b95866c797a74205eace051ffdef40b9f5f442a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ae159987d5d468c09c06535755470970c8ce09aa
Author: Niels Thykier <niels at thykier.net>
Date: Fri Feb 11 13:24:43 2011 +0100
Backported patch for CVE-2010-4647 (Closes: #611849)
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 7 ++++
.../bp-eclipse-help-webapps-xss-BZ661901.patch | 34 ++++++++++++++++++++
debian/patches/series | 1 +
.../org.eclipse.help.webapp/advanced/content.jsp | 2 +-
.../org.eclipse.help.webapp/basic/index.jsp | 4 +-
5 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 969e3dc..f47a087 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+eclipse (3.5.2-6squeeze2) stable; urgency=low
+
+ * Backported patch for CVE-2010-4647. (Closes: #611849)
+ - Fixes XSS in help browser application.
+
+ -- Niels Thykier <niels at thykier.net> Fri, 11 Feb 2011 12:46:51 +0100
+
eclipse (3.5.2-6squeeze1) testing-proposed-updates; urgency=low
* Install the NEWS file in eclipse-platform instead of eclipse,
diff --git a/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch b/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch
new file mode 100644
index 0000000..ebe1665
--- /dev/null
+++ b/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch
@@ -0,0 +1,34 @@
+Description: Backported patch for fixing CVE-2010-4647.
+Origin: Fedora, http://pkgs.fedoraproject.org/gitweb/?p=eclipse.git;a=commit;h=5c1617b
+Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
+Bug-Debian: http://bugs.debian.org/611849
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=661901
+
+diff --git a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+index fc9998f..73712b4 100644
+--- a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
++++ b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+@@ -46,7 +46,7 @@ FRAMESET {
+
+
+ <frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" border=0 spacing=0>
+- <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
++ <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
+ <frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>' marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
+ </frameset>
+
+diff --git a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+index c405813..5639f62 100644
+--- a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
++++ b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+@@ -29,8 +29,8 @@
+ <%
+ }
+ %>
+- <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no">
+- <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
++ <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no">
++ <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
+ </frameset>
+
+ </html>
diff --git a/debian/patches/series b/debian/patches/series
index 7a10dc6..4ac429d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@ build-arch.patch
sat4j-version.patch
add-o.e.equinox.concurrent.patch
pdebuild-workspace.patch
+bp-eclipse-help-webapps-xss-BZ661901.patch
diff --git a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
index fc9998f..73712b4 100644
--- a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+++ b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
@@ -46,7 +46,7 @@ FRAMESET {
<frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" border=0 spacing=0>
- <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+data.getQuery()%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
+ <frame name="ContentToolbarFrame" title="<%=ServletResources.getString("topicViewToolbar", request)%>" src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
<frame ACCESSKEY="K" name="ContentViewFrame" title="<%=ServletResources.getString("topicView", request)%>" src='<%=UrlUtil.htmlEncode(data.getContentURL())%>' marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
</frameset>
diff --git a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
index c405813..5639f62 100644
--- a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+++ b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
@@ -29,8 +29,8 @@
<%
}
%>
- <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no">
- <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
+ <frame name="TabsFrame" title="<%=ServletResources.getString("helpToolbarFrame", request)%>" src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no">
+ <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", "HelpFrame", request)%>" src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
</frameset>
</html>
hooks/post-receive
--
eclipse - Powerful IDE written in java - Debian package.
More information about the pkg-java-commits
mailing list