[SCM] eclipse - Powerful IDE written in java - Debian package. branch, squeeze, updated. debian/3.5.2-6-2-gae15998

Niels Thykier Tue, 15 Feb 2011 06:13:17 -0800

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "eclipse - Powerful IDE written in java - Debian package.".


The branch, squeeze has been updated
       via  ae159987d5d468c09c06535755470970c8ce09aa (commit)
      from  4b95866c797a74205eace051ffdef40b9f5f442a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ae159987d5d468c09c06535755470970c8ce09aa
Author: Niels Thykier <ni...@thykier.net>
Date:   Fri Feb 11 13:24:43 2011 +0100

    Backported patch for CVE-2010-4647 (Closes: #611849)

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                                   |    7 ++++
 .../bp-eclipse-help-webapps-xss-BZ661901.patch     |   34 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 .../org.eclipse.help.webapp/advanced/content.jsp   |    2 +-
 .../org.eclipse.help.webapp/basic/index.jsp        |    4 +-
 5 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 969e3dc..f47a087 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+eclipse (3.5.2-6squeeze2) stable; urgency=low
+
+  * Backported patch for CVE-2010-4647. (Closes: #611849)
+    - Fixes XSS in help browser application.
+
+ -- Niels Thykier <ni...@thykier.net>  Fri, 11 Feb 2011 12:46:51 +0100
+
 eclipse (3.5.2-6squeeze1) testing-proposed-updates; urgency=low
 
   * Install the NEWS file in eclipse-platform instead of eclipse,
diff --git a/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch 
b/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch
new file mode 100644
index 0000000..ebe1665
--- /dev/null
+++ b/debian/patches/bp-eclipse-help-webapps-xss-BZ661901.patch
@@ -0,0 +1,34 @@
+Description: Backported patch for fixing CVE-2010-4647.
+Origin: Fedora, 
http://pkgs.fedoraproject.org/gitweb/?p=eclipse.git;a=commit;h=5c1617b
+Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
+Bug-Debian: http://bugs.debian.org/611849
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=661901
+
+diff --git a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp 
b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+index fc9998f..73712b4 100644
+--- a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
++++ b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+@@ -46,7 +46,7 @@ FRAMESET {
+ 
+ 
+ <frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" 
border=0 spacing=0>
+-      <frame name="ContentToolbarFrame" 
title="<%=ServletResources.getString("topicViewToolbar", request)%>" 
src='<%="contentToolbar.jsp"+data.getQuery()%>'  marginwidth="0" 
marginheight="0" scrolling="no" frameborder="0" noresize=0>
++      <frame name="ContentToolbarFrame" 
title="<%=ServletResources.getString("topicViewToolbar", request)%>" 
src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>'  
marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
+       <frame ACCESSKEY="K" name="ContentViewFrame" 
title="<%=ServletResources.getString("topicView", request)%>" 
src='<%=UrlUtil.htmlEncode(data.getContentURL())%>'  
marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) 
<=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
+ </frameset>
+ 
+diff --git a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp 
b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+index c405813..5639f62 100644
+--- a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
++++ b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+@@ -29,8 +29,8 @@
+ <%
+       }
+ %>
+-      <frame name="TabsFrame" 
title="<%=ServletResources.getString("helpToolbarFrame", request)%>" 
src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" 
scrolling="no">
+-      <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", 
"HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' 
frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
++      <frame name="TabsFrame" 
title="<%=ServletResources.getString("helpToolbarFrame", request)%>" 
src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" 
marginheight="5" scrolling="no">
++      <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", 
"HelpFrame", request)%>" 
src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' 
frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
+ </frameset>
+ 
+ </html>
diff --git a/debian/patches/series b/debian/patches/series
index 7a10dc6..4ac429d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@ build-arch.patch
 sat4j-version.patch
 add-o.e.equinox.concurrent.patch
 pdebuild-workspace.patch
+bp-eclipse-help-webapps-xss-BZ661901.patch
diff --git a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp 
b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
index fc9998f..73712b4 100644
--- a/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
+++ b/eclipse/plugins/org.eclipse.help.webapp/advanced/content.jsp
@@ -46,7 +46,7 @@ FRAMESET {
 
 
 <frameset id="contentFrameset" rows="24,*" frameborder="0" framespacing="0" 
border=0 spacing=0>
-       <frame name="ContentToolbarFrame" 
title="<%=ServletResources.getString("topicViewToolbar", request)%>" 
src='<%="contentToolbar.jsp"+data.getQuery()%>'  marginwidth="0" 
marginheight="0" scrolling="no" frameborder="0" noresize=0>
+       <frame name="ContentToolbarFrame" 
title="<%=ServletResources.getString("topicViewToolbar", request)%>" 
src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>'  
marginwidth="0" marginheight="0" scrolling="no" frameborder="0" noresize=0>
        <frame ACCESSKEY="K" name="ContentViewFrame" 
title="<%=ServletResources.getString("topicView", request)%>" 
src='<%=UrlUtil.htmlEncode(data.getContentURL())%>'  
marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) 
<=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" >
 </frameset>
 
diff --git a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp 
b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
index c405813..5639f62 100644
--- a/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
+++ b/eclipse/plugins/org.eclipse.help.webapp/basic/index.jsp
@@ -29,8 +29,8 @@
 <%
        }
 %>
-       <frame name="TabsFrame" 
title="<%=ServletResources.getString("helpToolbarFrame", request)%>" 
src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" 
scrolling="no">
-       <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", 
"HelpFrame", request)%>" src='<%="basic/help.jsp"+data.getQuery()%>' 
frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
+       <frame name="TabsFrame" 
title="<%=ServletResources.getString("helpToolbarFrame", request)%>" 
src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" 
marginheight="5" scrolling="no">
+       <frame name="HelpFrame" title="<%=ServletResources.getString("ignore", 
"HelpFrame", request)%>" 
src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' 
frameborder="no" marginwidth="0" marginheight="0" scrolling="no">
 </frameset>
 
 </html>


hooks/post-receive
-- 
eclipse - Powerful IDE written in java - Debian package.

_______________________________________________
pkg-java-commits mailing list
pkg-java-comm...@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-commits

[SCM] eclipse - Powerful IDE written in java - Debian package. branch, squeeze, updated. debian/3.5.2-6-2-gae15998

Reply via email to