Projects
home:zhangxiang:branches:Mega:23.03
eclipse
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 27
View file
_service:tar_scm:eclipse.spec
Changed
@@ -46,7 +46,7 @@ Patch35: fixed-compilation-error.patch Patch36: fix-objectweb-asm-version-to-increase.patch # https://git.eclipse.org/c/platform/eclipse.platform.ua.git/commit/?id=28aac2514656c669ffa16acb996c77def3d4a8d4 -#Patch37: CVE-2020-27225.patch +Patch37: CVE-2020-27225.patch Patch38: riscv.patch ExcludeArch: s390 %{arm} %{ix86} BuildRequires: maven-local tycho tycho-extras cbi-plugins maven-antrun-plugin @@ -277,7 +277,7 @@ rm -rf eclipse.platform.swt.binaries/bundles/org.eclipse.swt.gtk.linux.{aarch64,s390x} rm -rf rt.equinox.framework/bundles/org.eclipse.equinox.launcher.gtk.linux.{aarch64,s390x} for dir in rt.equinox.binaries rt.equinox.framework/bundles eclipse.platform.swt.binaries/bundles ; do - utils/ensure_arch.sh "$dir" x86_64 aarch64 s390x riscv64 + utils/ensure_arch.sh "$dir" x86_64 aarch64 s390x done TYCHO_ENV="<environment><os>linux</os><ws>gtk</ws><arch>%{_arch}</arch></environment>" %pom_xpath_set "pom:configuration/pom:environments" "$TYCHO_ENV" eclipse-platform-parent @@ -328,7 +328,7 @@ %pom_xpath_remove -f "plugin@os='macosx'" $f %pom_xpath_remove -f "plugin@os='win32'" $f %pom_xpath_remove -f "plugin@ws='win32'" $f - for arch in x86 x86_64 arm aarch64 ppc64le s390x riscv64; do + for arch in x86 x86_64 arm aarch64 ppc64le s390x ; do if "$arch" != "%{_arch}" ; then %pom_xpath_remove -f "plugin@arch='$arch'" $f fi @@ -767,7 +767,7 @@ %{_eclipsedir}/plugins/org.eclipse.osgi.util_* %changelog -* Wed May 31 2023 Xiang Zhang <zhangxiang@iscas.ac.cn> - 1:4.11-7 +* Wed May 31 2023 Xiang Zhang <zhangxiang@iscas.ac.cn> - 1:4.11-9 - Add riscv64 support * Tue Feb 21 2023 liyanan <liyanan32@h-partners.com> - 1:4.11-8
View file
_service:tar_scm:CVE-2020-27225.patch
Deleted
@@ -1,354 +0,0 @@ -From 28aac2514656c669ffa16acb996c77def3d4a8d4 Mon Sep 17 00:00:00 2001 -From: Andrew Johnson -Date: Tue, 16 Feb 2021 21:40:49 +0000 -Subject: 569855: Fix for Eclipse live help. - Use tokens - Backport to - R4_11_maintenance branch - -Change-Id: I09cee753dc24d55a2704b80ae13d392d233aac0d -Task-Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 -Signed-off-by: Andrew Johnson <andrew_johnson@uk.ibm.com>(cherry picked from commit 90661664f30d4e1225e4a68b179c6ee110cd7f75) -Also-by: Niraj Modi <niraj.modi@in.ibm.com> ---- - org.eclipse.help.base/META-INF/MANIFEST.MF | 2 +- - org.eclipse.help.base/pom.xml | 2 +- - .../eclipse/help/internal/base/BaseHelpSystem.java | 29 ++++++++++++- - .../eclipse/help/internal/base/HelpDisplay.java | 10 ++++- - org.eclipse.help.webapp/META-INF/MANIFEST.MF | 2 +- - org.eclipse.help.webapp/advanced/livehelp_js.jsp | 12 +++++- - org.eclipse.help.webapp/index.jsp | 32 ++++++++++++--- - org.eclipse.help.webapp/pom.xml | 2 +- - .../help/internal/webapp/data/LayoutData.java | 7 +++- - .../internal/webapp/servlet/LiveHelpServlet.java | 48 +++++++++++++++++++++- - 10 files changed, 129 insertions(+), 17 deletions(-) - -diff --git a/org.eclipse.help.base/META-INF/MANIFEST.MF b/org.eclipse.help.base/META-INF/MANIFEST.MF -index 4ad860070..398a6829a 100644 ---- a/org.eclipse.help.base/META-INF/MANIFEST.MF -+++ b/org.eclipse.help.base/META-INF/MANIFEST.MF -@@ -2,7 +2,7 @@ Manifest-Version: 1.0 - Bundle-ManifestVersion: 2 - Bundle-Name: %help_base_plugin_name - Bundle-SymbolicName: org.eclipse.help.base; singleton:=true --Bundle-Version: 4.2.500.qualifier -+Bundle-Version: 4.2.501.qualifier - Bundle-Activator: org.eclipse.help.internal.base.HelpBasePlugin - Bundle-Vendor: %providerName - Bundle-Localization: plugin -diff --git a/org.eclipse.help.base/pom.xml b/org.eclipse.help.base/pom.xml -index b90d899f6..36f5145e9 100644 ---- a/org.eclipse.help.base/pom.xml -+++ b/org.eclipse.help.base/pom.xml -@@ -18,7 +18,7 @@ - </parent> - <groupId>org.eclipse.help</groupId> - <artifactId>org.eclipse.help.base</artifactId> -- <version>4.2.500-SNAPSHOT</version> -+ <version>4.2.501-SNAPSHOT</version> - <packaging>eclipse-plugin</packaging> - <properties> - <defaultSigning-excludeInnerJars>true</defaultSigning-excludeInnerJars> -diff --git a/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java b/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java -index 2ea5bf807..f9f09ae7a 100644 ---- a/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java -+++ b/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java -@@ -1,5 +1,5 @@ - /******************************************************************************* -- * Copyright (c) 2000, 2018 IBM Corporation and others. -+ * Copyright (c) 2000, 2021 IBM Corporation and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 -@@ -15,6 +15,7 @@ package org.eclipse.help.internal.base; - - import java.net.MalformedURLException; - import java.net.URL; -+ - import org.eclipse.core.runtime.CoreException; - import org.eclipse.core.runtime.IProduct; - import org.eclipse.core.runtime.IStatus; -@@ -59,6 +60,7 @@ public final class BaseHelpSystem { - private IBrowser browser; - private IBrowser internalBrowser; - private HelpDisplay helpDisplay = null; -+ private String liveHelpToken = null; - - private BaseHelpSystem() { - super(); -@@ -350,4 +352,29 @@ public final class BaseHelpSystem { - } - } - -+ /** -+ * Check supplied token against stored token. Clears the stored token if -+ * successful. -+ * -+ * @param helpSessionToken -+ * @return true if match successful -+ */ -+ public boolean matchOnceLiveHelpToken(String helpSessionToken) { -+ /* -+ * @FIXME - should we use a constant time comparison, and store/compare a -+ * cryptographic hash? -+ */ -+ if (liveHelpToken != null && liveHelpToken.equals(helpSessionToken)) { -+ // Enforce one-time use. -+ liveHelpToken = null; -+ return true; -+ } else { -+ return false; -+ } -+ } -+ -+ public void setLiveHelpToken(String helpSessionToken) { -+ liveHelpToken = helpSessionToken; -+ } -+ - } -diff --git a/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java b/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java -index 28ebfd10d..33a0e08fd 100644 ---- a/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java -+++ b/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java -@@ -1,5 +1,5 @@ - /******************************************************************************* -- * Copyright (c) 2000, 2015 IBM Corporation and others. -+ * Copyright (c) 2000, 2021 IBM Corporation and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 -@@ -15,6 +15,8 @@ package org.eclipse.help.internal.base; - - import java.io.UnsupportedEncodingException; - import java.net.URLEncoder; -+import java.nio.charset.StandardCharsets; -+import java.util.UUID; - - import org.eclipse.core.runtime.CoreException; - import org.eclipse.core.runtime.IConfigurationElement; -@@ -196,6 +198,12 @@ public class HelpDisplay { - String topic = helpURL.substring("topic=".length()); //$NON-NLS-1$ - helpURL = getHelpDisplay().getHelpForTopic( topic, WebappManager.getHost(), WebappManager.getPort()); - } -+ String basehelp = getBaseURL(); -+ if (BaseHelpSystem.getMode() != BaseHelpSystem.MODE_INFOCENTER && helpURL.startsWith(basehelp)) { -+ String sessid = UUID.randomUUID().toString(); -+ BaseHelpSystem.getInstance().setLiveHelpToken(sessid); -+ helpURL += (helpURL.indexOf('?') < 0 ? '?' : '&') + "token=" + sessid; //$NON-NLS-1$ -+ } - - BaseHelpSystem.getHelpBrowser(forceExternal) - .displayURL(helpURL); -diff --git a/org.eclipse.help.webapp/META-INF/MANIFEST.MF b/org.eclipse.help.webapp/META-INF/MANIFEST.MF -index 0c85d674e..c943158a6 100644 ---- a/org.eclipse.help.webapp/META-INF/MANIFEST.MF -+++ b/org.eclipse.help.webapp/META-INF/MANIFEST.MF -@@ -2,7 +2,7 @@ Manifest-Version: 1.0 - Bundle-ManifestVersion: 2 - Bundle-Name: %help_webapp_plugin_name - Bundle-SymbolicName: org.eclipse.help.webapp;singleton:=true --Bundle-Version: 3.9.400.qualifier -+Bundle-Version: 3.9.401.qualifier - Bundle-Activator: org.eclipse.help.internal.webapp.HelpWebappPlugin - Bundle-Vendor: %providerName - Bundle-Localization: plugin -diff --git a/org.eclipse.help.webapp/advanced/livehelp_js.jsp b/org.eclipse.help.webapp/advanced/livehelp_js.jsp -index 23362f89e..6d04945d6 100644 ---- a/org.eclipse.help.webapp/advanced/livehelp_js.jsp -+++ b/org.eclipse.help.webapp/advanced/livehelp_js.jsp -@@ -1,5 +1,5 @@ - <%-- -- Copyright (c) 2000, 2018 IBM Corporation and others. -+ Copyright (c) 2000, 2021 IBM Corporation and others. - - This program and the accompanying materials - are made available under the terms of the Eclipse Public License 2.0 -@@ -47,7 +47,15 @@ function liveActionInternal(topHelpWindow, pluginId, className, argument) - url=url.substring(0, i+1); - var encodedArg=encodeURIComponent(argument); - url=url+"livehelp/?pluginID="+pluginId+"&class="+className+"&arg="+encodedArg+"&nocaching="+Math.random(); -- -+ <% -+ Object token = request.getSession().getAttribute("LSESSION"); //$NON-NLS-1$ -+ // Validate token to protect against XSS -+ if (token instanceof String && ((String)token).matches("a-z0-9-{36}")) {//$NON-NLS-1$) { -+ %> -+ url=url+"&token=<%=token%>"; -+ <% -+ } -+ %> - // we need to find the toolbar frame. - // to do: cleanup this, including the location of the hidden livehelp frame. - var toolbarFrame = topHelpWindow.HelpFrame.ContentFrame.ContentToolbarFrame; -diff --git a/org.eclipse.help.webapp/index.jsp b/org.eclipse.help.webapp/index.jsp -index 34d3e14ee..76b6564c1 100644 ---- a/org.eclipse.help.webapp/index.jsp -+++ b/org.eclipse.help.webapp/index.jsp -@@ -1,5 +1,5 @@ - <%-- -- Copyright (c) 2000, 2011 IBM Corporation and others. -+ Copyright (c) 2000, 2021 IBM Corporation and others. - - This program and the accompanying materials - are made available under the terms of the Eclipse Public License 2.0 -@@ -12,9 +12,11 @@ - IBM Corporation - initial API and implementation - --%> - <%@ page import="org.eclipse.help.internal.webapp.data.*" errorPage="/advanced/err.jsp" contentType="text/html; charset=UTF-8"%> -+<%@ page import="java.util.UUID" %> -+<%@ page import="org.eclipse.help.internal.base.BaseHelpSystem" %> - <% - request.setCharacterEncoding("UTF-8"); -- ServerState.webappStarted(application,request, response); -+ ServerState.webappStarted(application,request, response); - // Read the scope parameter - RequestScope.setScopeFromRequest(request, response); - LayoutData data = new LayoutData(application,request, response); -@@ -38,9 +40,27 @@ - </body> - </html> - <% -- }else if(data.isAdvancedUI()){ -- request.getRequestDispatcher("/advanced/index.jsp" + data.getQuery()).forward(request, response); -- }else{ -- request.getRequestDispatcher("/basic/index.jsp" + data.getQuery()).forward(request, response); -+ } else { -+ // For live help -+ String token = request.getParameter("token"); //$NON-NLS-1$ -+ if (token != null && token.matches("a-z0-9-{36}")) { //$NON-NLS-1$ -+ if (BaseHelpSystem.getInstance().matchOnceLiveHelpToken(token)) { -+ // Only one session can grab this -+ if (request.getSession().getAttribute("XSESSION") == null) { //$NON-NLS-1$ -+ String token2 = UUID.randomUUID().toString(); -+ request.getSession().setAttribute("XSESSION", token2); //$NON-NLS-1$ -+ int port = request.getLocalPort(); -+ response.addHeader("Set-Cookie", "XSESSION-" + port + "=" + token2 + "; HttpOnly; SameSite=Strict"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ -+ String token3 = UUID.randomUUID().toString(); -+ request.getSession().setAttribute("LSESSION", token3); //$NON-NLS-1$ -+ } -+ } -+ } -+ -+ if(data.isAdvancedUI()){ -+ request.getRequestDispatcher("/advanced/index.jsp" + data.getQuery()).forward(request, response); -+ } else { // legacy UI -+ request.getRequestDispatcher("/basic/index.jsp" + data.getQuery()).forward(request, response); -+ } - } - %> -diff --git a/org.eclipse.help.webapp/pom.xml b/org.eclipse.help.webapp/pom.xml -index 51e7cc9e7..e02982e8c 100644 ---- a/org.eclipse.help.webapp/pom.xml -+++ b/org.eclipse.help.webapp/pom.xml -@@ -18,7 +18,7 @@ - </parent> - <groupId>org.eclipse.help</groupId> - <artifactId>org.eclipse.help.webapp</artifactId> -- <version>3.9.400-SNAPSHOT</version> -+ <version>3.9.401-SNAPSHOT</version> - <packaging>eclipse-plugin</packaging> - <build> - <plugins> -diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java -index d5183e1ab..49a45423b 100644 ---- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java -+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/LayoutData.java -@@ -1,5 +1,5 @@ - /******************************************************************************* -- * Copyright (c) 2000, 2016 IBM Corporation and others. -+ * Copyright (c) 2000, 2021 IBM Corporation and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 -@@ -46,6 +46,11 @@ public class LayoutData extends RequestData { - - // initialize the query string - String qs = request.getQueryString(); -+ // Remove any live help token -+ if (qs != null) { -+ qs = qs.replaceFirst("^token=a-z0-9-{36}", ""); //$NON-NLS-1$ //$NON-NLS-2$ -+ qs = qs.replaceFirst("&token=a-z0-9-{36}", ""); //$NON-NLS-1$ //$NON-NLS-2$ -+ } - if (qs != null && qs.length() > 0) - query = "?" + qs; //$NON-NLS-1$ - } -diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/LiveHelpServlet.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/LiveHelpServlet.java -index ded00b1c1..a2959a6a8 100644 ---- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/LiveHelpServlet.java -+++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/servlet/LiveHelpServlet.java -@@ -1,5 +1,5 @@ - /******************************************************************************* -- * Copyright (c) 2000, 2015 IBM Corporation and others. -+ * Copyright (c) 2000, 2021 IBM Corporation and others. - * - * This program and the accompanying materials - * are made available under the terms of the Eclipse Public License 2.0 -@@ -14,8 +14,8 @@ - package org.eclipse.help.internal.webapp.servlet; - - import java.io.IOException; -- - import javax.servlet.ServletException; -+import javax.servlet.http.Cookie; - import javax.servlet.http.HttpServlet; - import javax.servlet.http.HttpServletRequest; - import javax.servlet.http.HttpServletResponse; -@@ -51,6 +51,45 @@ public class LiveHelpServlet extends HttpServlet { - return; - } - req.setCharacterEncoding("UTF-8"); //$NON-NLS-1$ -+ String sessionid = req.getSession().getId(); -+ Cookie cookies = req.getCookies(); -+ boolean jsessOK = false; -+ boolean xsessOK = false; -+ boolean lsessOK = false; -+ // Unique session ID per help server -+ int port = req.getLocalPort(); -+ String xsessname = "XSESSION-" + port; //$NON-NLS-1$ -+ if (cookies != null) { -+ for (Cookie cookie : cookies) { -+ if (cookie.getName().equals("JSESSIONID")) {//$NON-NLS-1$ -+ if (sessionid.length() >= 30 && -+ cookie.getValue().startsWith(sessionid)) { -+ jsessOK = true; -+ } -+ } -+ if (cookie.getName().equals(xsessname)) { -+ if (cookie.getValue().equals(req.getSession().getAttribute("XSESSION"))) { //$NON-NLS-1$ -+ xsessOK = true; -+ } -+ } -+ } -+ } -+ String token = req.getParameter("token"); //$NON-NLS-1$ -+ if (token != null && token.equals(req.getSession().getAttribute("LSESSION"))) { //$NON-NLS-1$ -+ lsessOK = true; -+ } -+ if (!jsessOK) { -+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "JSESSIONID"); //$NON-NLS-1$ -+ return; -+ } -+ if (!lsessOK) { -+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "token"); //$NON-NLS-1$ -+ return; -+ } -+ if (!xsessOK) { -+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, xsessname); -+ return; -+ } - String pluginID = req.getParameter("pluginID"); //$NON-NLS-1$ - if (pluginID == null) - return; -@@ -59,6 +98,11 @@ public class LiveHelpServlet extends HttpServlet { - return; - String arg = req.getParameter("arg"); //$NON-NLS-1$ - BaseHelpSystem.runLiveHelp(pluginID, className, arg); -+ /* -+ * @FIXME Should runLiveHelp return an error if the plugin/class is wrong -+ * so a SC_BAD_REQUEST can be returned? Or does this reveal too much? -+ */ -+ resp.setStatus(HttpServletResponse.SC_ACCEPTED); - } - /** - * --- -cgit v1.2.3 -
View file
_service:tar_scm:eclipse-feature-plugins-to-category-ius.patch
Changed
@@ -196,7 +196,7 @@ - <requirement> - <type>eclipse-plugin</type> - <id>javax.el</id> -+ <id>javax.el-api</id> ++ <id>jakarta.el-api</id> <versionRange>0.0.0</versionRange> </requirement> <requirement>
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:a-xiang-and-shanhaijing/eclipse.git</param> <param name="scm">git</param> - <param name="revision">temp-mega</param> + <param name="revision">riscv-master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2