Projects
home:zhangxiang:branches:Mega:23.03
eclipse
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 33
View file
_service:tar_scm:CVE-2020-27225.patch
Added
@@ -0,0 +1,354 @@ +From 28aac2514656c669ffa16acb996c77def3d4a8d4 Mon Sep 17 00:00:00 2001 +From: Andrew Johnson +Date: Tue, 16 Feb 2021 21:40:49 +0000 +Subject: 569855: Fix for Eclipse live help. - Use tokens - Backport to + R4_11_maintenance branch + +Change-Id: I09cee753dc24d55a2704b80ae13d392d233aac0d +Task-Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 +Signed-off-by: Andrew Johnson <andrew_johnson@uk.ibm.com>(cherry picked from commit 90661664f30d4e1225e4a68b179c6ee110cd7f75) +Also-by: Niraj Modi <niraj.modi@in.ibm.com> +--- + org.eclipse.help.base/META-INF/MANIFEST.MF | 2 +- + org.eclipse.help.base/pom.xml | 2 +- + .../eclipse/help/internal/base/BaseHelpSystem.java | 29 ++++++++++++- + .../eclipse/help/internal/base/HelpDisplay.java | 10 ++++- + org.eclipse.help.webapp/META-INF/MANIFEST.MF | 2 +- + org.eclipse.help.webapp/advanced/livehelp_js.jsp | 12 +++++- + org.eclipse.help.webapp/index.jsp | 32 ++++++++++++--- + org.eclipse.help.webapp/pom.xml | 2 +- + .../help/internal/webapp/data/LayoutData.java | 7 +++- + .../internal/webapp/servlet/LiveHelpServlet.java | 48 +++++++++++++++++++++- + 10 files changed, 129 insertions(+), 17 deletions(-) + +diff --git a/org.eclipse.help.base/META-INF/MANIFEST.MF b/org.eclipse.help.base/META-INF/MANIFEST.MF +index 4ad860070..398a6829a 100644 +--- a/org.eclipse.help.base/META-INF/MANIFEST.MF ++++ b/org.eclipse.help.base/META-INF/MANIFEST.MF +@@ -2,7 +2,7 @@ Manifest-Version: 1.0 + Bundle-ManifestVersion: 2 + Bundle-Name: %help_base_plugin_name + Bundle-SymbolicName: org.eclipse.help.base; singleton:=true +-Bundle-Version: 4.2.500.qualifier ++Bundle-Version: 4.2.501.qualifier + Bundle-Activator: org.eclipse.help.internal.base.HelpBasePlugin + Bundle-Vendor: %providerName + Bundle-Localization: plugin +diff --git a/org.eclipse.help.base/pom.xml b/org.eclipse.help.base/pom.xml +index b90d899f6..36f5145e9 100644 +--- a/org.eclipse.help.base/pom.xml ++++ b/org.eclipse.help.base/pom.xml +@@ -18,7 +18,7 @@ + </parent> + <groupId>org.eclipse.help</groupId> + <artifactId>org.eclipse.help.base</artifactId> +- <version>4.2.500-SNAPSHOT</version> ++ <version>4.2.501-SNAPSHOT</version> + <packaging>eclipse-plugin</packaging> + <properties> + <defaultSigning-excludeInnerJars>true</defaultSigning-excludeInnerJars> +diff --git a/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java b/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java +index 2ea5bf807..f9f09ae7a 100644 +--- a/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java ++++ b/org.eclipse.help.base/src/org/eclipse/help/internal/base/BaseHelpSystem.java +@@ -1,5 +1,5 @@ + /******************************************************************************* +- * Copyright (c) 2000, 2018 IBM Corporation and others. ++ * Copyright (c) 2000, 2021 IBM Corporation and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 +@@ -15,6 +15,7 @@ package org.eclipse.help.internal.base; + + import java.net.MalformedURLException; + import java.net.URL; ++ + import org.eclipse.core.runtime.CoreException; + import org.eclipse.core.runtime.IProduct; + import org.eclipse.core.runtime.IStatus; +@@ -59,6 +60,7 @@ public final class BaseHelpSystem { + private IBrowser browser; + private IBrowser internalBrowser; + private HelpDisplay helpDisplay = null; ++ private String liveHelpToken = null; + + private BaseHelpSystem() { + super(); +@@ -350,4 +352,29 @@ public final class BaseHelpSystem { + } + } + ++ /** ++ * Check supplied token against stored token. Clears the stored token if ++ * successful. ++ * ++ * @param helpSessionToken ++ * @return true if match successful ++ */ ++ public boolean matchOnceLiveHelpToken(String helpSessionToken) { ++ /* ++ * @FIXME - should we use a constant time comparison, and store/compare a ++ * cryptographic hash? ++ */ ++ if (liveHelpToken != null && liveHelpToken.equals(helpSessionToken)) { ++ // Enforce one-time use. ++ liveHelpToken = null; ++ return true; ++ } else { ++ return false; ++ } ++ } ++ ++ public void setLiveHelpToken(String helpSessionToken) { ++ liveHelpToken = helpSessionToken; ++ } ++ + } +diff --git a/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java b/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java +index 28ebfd10d..33a0e08fd 100644 +--- a/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java ++++ b/org.eclipse.help.base/src/org/eclipse/help/internal/base/HelpDisplay.java +@@ -1,5 +1,5 @@ + /******************************************************************************* +- * Copyright (c) 2000, 2015 IBM Corporation and others. ++ * Copyright (c) 2000, 2021 IBM Corporation and others. + * + * This program and the accompanying materials + * are made available under the terms of the Eclipse Public License 2.0 +@@ -15,6 +15,8 @@ package org.eclipse.help.internal.base; + + import java.io.UnsupportedEncodingException; + import java.net.URLEncoder; ++import java.nio.charset.StandardCharsets; ++import java.util.UUID; + + import org.eclipse.core.runtime.CoreException; + import org.eclipse.core.runtime.IConfigurationElement; +@@ -196,6 +198,12 @@ public class HelpDisplay { + String topic = helpURL.substring("topic=".length()); //$NON-NLS-1$ + helpURL = getHelpDisplay().getHelpForTopic( topic, WebappManager.getHost(), WebappManager.getPort()); + } ++ String basehelp = getBaseURL(); ++ if (BaseHelpSystem.getMode() != BaseHelpSystem.MODE_INFOCENTER && helpURL.startsWith(basehelp)) { ++ String sessid = UUID.randomUUID().toString(); ++ BaseHelpSystem.getInstance().setLiveHelpToken(sessid); ++ helpURL += (helpURL.indexOf('?') < 0 ? '?' : '&') + "token=" + sessid; //$NON-NLS-1$ ++ } + + BaseHelpSystem.getHelpBrowser(forceExternal) + .displayURL(helpURL); +diff --git a/org.eclipse.help.webapp/META-INF/MANIFEST.MF b/org.eclipse.help.webapp/META-INF/MANIFEST.MF +index 0c85d674e..c943158a6 100644 +--- a/org.eclipse.help.webapp/META-INF/MANIFEST.MF ++++ b/org.eclipse.help.webapp/META-INF/MANIFEST.MF +@@ -2,7 +2,7 @@ Manifest-Version: 1.0 + Bundle-ManifestVersion: 2 + Bundle-Name: %help_webapp_plugin_name + Bundle-SymbolicName: org.eclipse.help.webapp;singleton:=true +-Bundle-Version: 3.9.400.qualifier ++Bundle-Version: 3.9.401.qualifier + Bundle-Activator: org.eclipse.help.internal.webapp.HelpWebappPlugin + Bundle-Vendor: %providerName + Bundle-Localization: plugin +diff --git a/org.eclipse.help.webapp/advanced/livehelp_js.jsp b/org.eclipse.help.webapp/advanced/livehelp_js.jsp +index 23362f89e..6d04945d6 100644 +--- a/org.eclipse.help.webapp/advanced/livehelp_js.jsp ++++ b/org.eclipse.help.webapp/advanced/livehelp_js.jsp +@@ -1,5 +1,5 @@ + <%-- +- Copyright (c) 2000, 2018 IBM Corporation and others. ++ Copyright (c) 2000, 2021 IBM Corporation and others. + + This program and the accompanying materials + are made available under the terms of the Eclipse Public License 2.0 +@@ -47,7 +47,15 @@ function liveActionInternal(topHelpWindow, pluginId, className, argument) + url=url.substring(0, i+1); + var encodedArg=encodeURIComponent(argument); + url=url+"livehelp/?pluginID="+pluginId+"&class="+className+"&arg="+encodedArg+"&nocaching="+Math.random(); +- ++ <% ++ Object token = request.getSession().getAttribute("LSESSION"); //$NON-NLS-1$ ++ // Validate token to protect against XSS ++ if (token instanceof String && ((String)token).matches("a-z0-9-{36}")) {//$NON-NLS-1$) { ++ %> ++ url=url+"&token=<%=token%>"; ++ <% ++ } ++ %> + // we need to find the toolbar frame. + // to do: cleanup this, including the location of the hidden livehelp frame. + var toolbarFrame = topHelpWindow.HelpFrame.ContentFrame.ContentToolbarFrame; +diff --git a/org.eclipse.help.webapp/index.jsp b/org.eclipse.help.webapp/index.jsp +index 34d3e14ee..76b6564c1 100644 +--- a/org.eclipse.help.webapp/index.jsp ++++ b/org.eclipse.help.webapp/index.jsp +@@ -1,5 +1,5 @@ + <%-- +- Copyright (c) 2000, 2011 IBM Corporation and others. ++ Copyright (c) 2000, 2021 IBM Corporation and others. + + This program and the accompanying materials + are made available under the terms of the Eclipse Public License 2.0 +@@ -12,9 +12,11 @@ + IBM Corporation - initial API and implementation + --%> + <%@ page import="org.eclipse.help.internal.webapp.data.*" errorPage="/advanced/err.jsp" contentType="text/html; charset=UTF-8"%> ++<%@ page import="java.util.UUID" %> ++<%@ page import="org.eclipse.help.internal.base.BaseHelpSystem" %> + <% + request.setCharacterEncoding("UTF-8");
View file
_service:tar_scm:eclipse-feature-plugins-to-category-ius.patch
Changed
@@ -196,7 +196,7 @@ - <requirement> - <type>eclipse-plugin</type> - <id>javax.el</id> -+ <id>jakarta.el-api</id> ++ <id>javax.el-api</id> <versionRange>0.0.0</versionRange> </requirement> <requirement>
View file
_service:tar_scm:riscv.patch
Deleted
@@ -1,127 +0,0 @@ ---- eclipse-platform-sources-I20190307-0500/eclipse.platform.swt.binaries/pom.xml 2022-06-13 09:02:04.367331800 +0800 -+++ eclipse-platform-sources-I20190307-0500/eclipse.platform.swt.binaries/pom.xml 2022-06-13 09:03:20.532068500 +0800 -@@ -56,6 +56,7 @@ - <module>bundles/org.eclipse.swt.cocoa.macosx.x86_64</module> - <module>bundles/org.eclipse.swt.gtk.linux.arm</module> - <module>bundles/org.eclipse.swt.gtk.linux.aarch64</module> -+ <module>bundles/org.eclipse.swt.gtk.linux.riscv64</module> - <module>bundles/org.eclipse.swt.gtk.linux.ppc64le</module> - <module>bundles/org.eclipse.swt.gtk.linux.s390x</module> - <module>bundles/org.eclipse.swt.gtk.linux.x86</module> ---- eclipse-platform-sources-I20190307-0500/eclipse.platform.swt/bundles/org.eclipse.swt/META-INF/p2.inf 2022-06-13 09:10:02.313013100 +0800 -+++ eclipse-platform-sources-I20190307-0500/eclipse.platform.swt/bundles/org.eclipse.swt/META-INF/p2.inf 2022-06-13 09:10:58.177096200 +0800 -@@ -43,4 +43,9 @@ - requires.9.namespace = org.eclipse.equinox.p2.iu - requires.9.name = org.eclipse.swt.gtk.linux.x86 - requires.9.range = $version$,$version$ --requires.9.filter = (&(osgi.os=linux)(osgi.ws=gtk)(osgi.arch=x86)(!(org.eclipse.swt.buildtime=true))) -+requires.9.filter = (&(osgi.os=linux)(osgi.ws=gtk)(osgi.arch=x86)(!(org.eclipse.swt.buildtime=true))) -+ -+requires.10.namespace = org.eclipse.equinox.p2.iu -+requires.10.name = org.eclipse.swt.gtk.linux.riscv64 -+requires.10.range = $version$,$version$ -+requires.10.filter = (&(osgi.os=linux)(osgi.ws=gtk)(osgi.arch=riscv64)(!(org.eclipse.swt.buildtime=true))) ---- eclipse-platform-sources-I20190307-0500/eclipse.platform.ui/features/org.eclipse.e4.rcp/feature.xml 2019-03-07 11:00:05.000000000 +0800 -+++ eclipse-platform-sources-I20190307-0500/eclipse.platform.ui/features/org.eclipse.e4.rcp/feature.xml 2022-06-10 14:56:59.849231400 +0800 -@@ -423,6 +423,16 @@ - fragment="true"/> - - <plugin -+ id="org.eclipse.equinox.launcher.gtk.linux.riscv64" -+ os="linux" -+ ws="gtk" -+ arch="riscv64" -+ download-size="0" -+ install-size="0" -+ version="0.0.0" -+ fragment="true"/> -+ -+ <plugin - id="org.eclipse.equinox.launcher.win32.win32.x86_64" - os="win32" - ws="win32" -@@ -469,6 +479,17 @@ - download-size="0" - install-size="0" - version="0.0.0" -+ fragment="true" -+ unpack="false"/> -+ -+ <plugin -+ id="org.eclipse.swt.gtk.linux.riscv64" -+ os="linux" -+ ws="gtk" -+ arch="riscv64" -+ download-size="0" -+ install-size="0" -+ version="0.0.0" - fragment="true" - unpack="false"/> - ---- eclipse-platform-sources-I20190307-0500/eclipse.platform.ui/features/org.eclipse.e4.rcp/pom.xml 2019-03-07 11:00:05.000000000 +0800 -+++ eclipse-platform-sources-I20190307-0500/eclipse.platform.ui/features/org.eclipse.e4.rcp/pom.xml 2022-06-10 14:59:51.086049000 +0800 -@@ -44,6 +44,7 @@ - <plugin id="org.eclipse.equinox.launcher.win32.win32.x86_64"/> - <plugin id="org.eclipse.equinox.launcher.gtk.linux.arm" /> - <plugin id="org.eclipse.equinox.launcher.gtk.linux.aarch64" /> -+ <plugin id="org.eclipse.equinox.launcher.gtk.linux.riscv64" /> - <plugin id="org.eclipse.equinox.launcher.gtk.linux.s390x" /> - <plugin id="org.eclipse.equinox.launcher.gtk.linux.x86" /> - <plugin id="org.eclipse.e4.ui.workbench.renderers.swt.cocoa" /> ---- eclipse-platform-sources-I20190307-0500/rt.equinox.framework/features/org.eclipse.equinox.executable.feature/build.properties 2018-09-14 18:27:05.000000000 +0800 -+++ eclipse-platform-sources-I20190307-0500/rt.equinox.framework/features/org.eclipse.equinox.executable.feature/build.properties 2022-06-10 15:02:06.582577100 +0800 -@@ -39,6 +39,9 @@ - root.linux.gtk.aarch64=bin/gtk/linux/aarch64,gtk_root - root.linux.gtk.aarch64.permissions.755=launcher - -+root.linux.gtk.riscv64=bin/gtk/linux/riscv64,gtk_root -+root.linux.gtk.riscv64.permissions.755=launcher -+ - root.linux.gtk.s390x=bin/gtk/linux/s390x,gtk_root - root.linux.gtk.s390x.permissions.755=launcher - ---- eclipse-platform-sources-I20190307-0500/rt.equinox.framework/features/org.eclipse.equinox.executable.feature/library/gtk/build.sh 2018-08-23 08:04:10.000000000 +0800 -+++ eclipse-platform-sources-I20190307-0500/rt.equinox.framework/features/org.eclipse.equinox.executable.feature/library/gtk/build.sh 2022-06-10 15:04:52.156916700 +0800 -@@ -121,6 +121,11 @@ - defaultJava=DEFAULT_JAVA_EXEC - OUTPUT_DIR="$EXEC_DIR/bin/$defaultWS/$defaultOS/$defaultOSArch" - ;; -+ "riscv64") -+ defaultOSArch="riscv64" -+ defaultJava=DEFAULT_JAVA_EXEC -+ OUTPUT_DIR="$EXEC_DIR/bin/$defaultWS/$defaultOS/$defaultOSArch" -+ ;; - *) - echo "*** Unknown MODEL <${MODEL}>" - ;; ---- eclipse-platform-sources-I20190307-0500/rt.equinox.framework/pom.xml 2022-06-10 17:08:02.791754200 +0800 -+++ eclipse-platform-sources-I20190307-0500/rt.equinox.framework/pom.xml 2022-06-10 17:09:14.079668300 +0800 -@@ -74,6 +74,18 @@ - </modules> - </profile> - <profile> -+ <id>build-native-launchers-gtk.linux.riscv64</id> -+ <activation> -+ <property> -+ <name>native</name> -+ <value>gtk.linux.riscv64</value> -+ </property> -+ </activation> -+ <modules> -+ <module>bundles/org.eclipse.equinox.launcher.gtk.linux.riscv64</module> -+ </modules> -+ </profile> -+ <profile> - <id>build-native-launchers-gtk.linux.s390x</id> - <activation> - <property> ---- eclipse-platform-sources-I20190307-0500/rt.equinox.framework/features/org.eclipse.equinox.executable.feature/pom.xml 2022-06-10 17:54:33.365416200 +0800 -+++ eclipse-platform-sources-I20190307-0500/rt.equinox.framework/features/org.eclipse.equinox.executable.feature/pom.xml 2022-06-10 17:55:46.766618600 +0800 -@@ -134,6 +134,7 @@ - <include name="gtk/linux/x86/**/*"/> - <include name="gtk/linux/x86_64/**/*"/> - <include name="win32/win32/x86_64/**/*"/> -+ <include name="gtk/linux/riscv64/**/*"/> - </fileset> - </copy> - <!-- rename eclipse launchers to "launcher" -->
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:a-xiang-and-shanhaijing/eclipse.git</param> <param name="scm">git</param> - <param name="revision">riscv-master</param> + <param name="revision">temp-mega</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2