From e7a3fefc0d3ce10fbf4c26fecc3fa93f36ea4596 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Dec 13 2010 18:10:39 +0000 Subject: - Add fix for Eclipse help XSS vulnerability (RH Bz #661901). --- diff --git a/eclipse-help-webapps-xss-BZ329582.patch b/eclipse-help-webapps-xss-BZ329582.patch new file mode 100644 index 0000000..7ce0752 --- /dev/null +++ b/eclipse-help-webapps-xss-BZ329582.patch @@ -0,0 +1,25 @@ +# Backport patch for upstream Eclipse BZ: 329582 (XSS attack) +--- plugins/org.eclipse.help.webapp/advanced/content.jsp.orig 2010-04-21 14:00:16.000000000 -0400 ++++ plugins/org.eclipse.help.webapp/advanced/content.jsp 2010-12-10 09:41:14.642196217 -0500 +@@ -45,7 +45,7 @@ + + + +- " src='<%="contentToolbar.jsp"+data.getQuery()%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" > ++ " src='<%="contentToolbar.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="0" marginheight="0" scrolling="no" frameborder="0" > + " src='<%=UrlUtil.htmlEncode(data.getContentURL())%>' marginwidth="10"<%=(data.isIE() && "6.0".compareTo(data.getIEVersion()) <=0)?"scrolling=\"yes\"":""%> marginheight="0" frameborder="0" > + <% + AbstractFrame[] frames = frameData.getFrames(AbstractFrame.BELOW_CONTENT); +--- plugins/org.eclipse.help.webapp/basic/index.jsp.orig 2010-04-21 14:00:17.000000000 -0400 ++++ plugins/org.eclipse.help.webapp/basic/index.jsp 2010-12-10 09:42:58.516317455 -0500 +@@ -29,8 +29,8 @@ + <% + } + %> +- " src='<%="basic/tabs.jsp"+data.getQuery()%>' marginwidth="5" marginheight="5" scrolling="no"> +- " src='<%="basic/help.jsp"+data.getQuery()%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no"> ++ " src='<%="basic/tabs.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' marginwidth="5" marginheight="5" scrolling="no"> ++ " src='<%="basic/help.jsp"+UrlUtil.htmlEncode(data.getQuery())%>' frameborder="no" marginwidth="0" marginheight="0" scrolling="no"> + <% + if(!("0".equals(data.getFooterHeight()))){ + %> diff --git a/eclipse.spec b/eclipse.spec index 6978807..c28338f 100644 --- a/eclipse.spec +++ b/eclipse.spec @@ -27,7 +27,7 @@ Epoch: 1 Summary: An open, extensible IDE Name: eclipse Version: %{eclipse_majmin}.%{eclipse_micro} -Release: 2%{?dist} +Release: 3%{?dist} License: EPL Group: Text Editors/Integrated Development Environments (IDE) URL: http://www.eclipse.org/ @@ -44,6 +44,8 @@ Patch0: remove-ant-trax.patch Patch1: eclipse-xpcom-h.patch # Shell script portability patch: prepare-build-dir.sh Patch2: prepare-build-dir.sh.patch +# Backport of security fix for BZ 661901 +Patch3: eclipse-help-webapps-xss-BZ329582.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: ant ant-nodeps @@ -207,6 +209,8 @@ popd # Apply shell script portability # patch to upstream prepare-build-dir.sh %patch2 +# Eclipse help XSS vulnerability +%patch3 # Use our system-installed javadocs, reference only what we built, and # don't like to osgi.org docs (FIXME: maybe we should package them?) @@ -609,6 +613,9 @@ fi %{_libdir}/%{name}/configuration/org.eclipse.equinox.source %changelog +* Mon Dec 13 2010 Severin Gehwolf 1:3.6.1-3 +- Add fix for Eclipse help XSS vulnerability (RH Bz #661901). + * Tue Oct 12 2010 Severin Gehwolf 1:3.6.1-2 - Require zip for eclipse-pde.