eclipse-sig April 2021

eclipse-sig@lists.stg.fedoraproject.org

1 participants
50 discussions

[Bug 1939630] New: CVE-2020-27225 eclipse: Help Subsystem does not authenticate active help requests
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1939630 Bug ID: 1939630 Summary: CVE-2020-27225 eclipse: Help Subsystem does not authenticate active help requests Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, mcermak(a)redhat.com, mprchlik(a)redhat.com, patrickm(a)redhat.com, rgrunber(a)redhat.com, vkadlcik(a)redhat.com Target Milestone: --- Classification: Other In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. References: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1939631] New: CVE-2020-27225 eclipse: Help Subsystem does not authenticate active help requests [fedora-all]
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1939631 Bug ID: 1939631 Summary: CVE-2020-27225 eclipse: Help Subsystem does not authenticate active help requests [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1923574] New: eclipse-cdt: FTBFS in Fedora rawhide/f34
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1923574 Bug ID: 1923574 Summary: eclipse-cdt: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: eclipse-cdt Assignee: extras-orphan(a)fedoraproject.org Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, extras-orphan(a)fedoraproject.org, jjohnstn(a)redhat.com, rgrunber(a)redhat.com, TicoTimo(a)gmail.com Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora eclipse-cdt failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60912606 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix eclipse-cdt at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, eclipse-cdt will be orphaned. Before branching of Fedora 35, eclipse-cdt will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1923480] New: eclipse-remote: FTBFS in Fedora rawhide/f34
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1923480 Bug ID: 1923480 Summary: eclipse-remote: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: eclipse-remote Assignee: extras-orphan(a)fedoraproject.org Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, extras-orphan(a)fedoraproject.org Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora eclipse-remote failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60911006 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix eclipse-remote at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, eclipse-remote will be orphaned. Before branching of Fedora 35, eclipse-remote will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1910322] New: subclipse(Eclipse?) does not keep passwords save
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1910322 Bug ID: 1910322 Summary: subclipse(Eclipse?) does not keep passwords save Product: Fedora Version: 33 Hardware: x86_64 OS: Linux Status: NEW Component: eclipse-subclipse Severity: high Assignee: mat.booth(a)redhat.com Reporter: peljasz(a)yahoo.co.uk QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: Connecting to a remove SVN http repo gets prompt for user+password but those are not kept by Eclipse even during the span of same session. Browsing an SVN repo renders user+passw prompt with each folder/file, which was not the case until a while ago. Version-Release number of selected component (if applicable): eclipse-subclipse-4.3.0-8.fc33.noarch eclipse-platform-4.17-4.fc33.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1897901] New: [abrt] eclipse-pydev: module(): __init__.py:51:<module>:AttributeError: module 'importlib._bootstrap_external' has no attribute '_w_long'
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1897901 Bug ID: 1897901 Summary: [abrt] eclipse-pydev: module(): __init__.py:51:<module>:AttributeError: module 'importlib._bootstrap_external' has no attribute '_w_long' Product: Fedora Version: 33 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:c44fb866899d088156844cb8c4e9c964cd3a84bc;VAR IANT_ID=kde; Component: eclipse-pydev Assignee: mat.booth(a)redhat.com Reporter: dgunchev(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, mat.booth(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: Just started eclipse. Version-Release number of selected component: eclipse-pydev:1-8.0.0-1.fc33 Additional info: reporter: libreport-2.14.0 cgroup: 0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-eclipse-a1bd11afe2c74d0e983356851c6ecc0b.scope cmdline: /usr/bin/python3 -u /usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/pycompletionserver.py 33431 crash_function: module exception_type: AttributeError executable: /usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/pycompletionserver.py interpreter: python3-3.9.0-1.fc33.x86_64 kernel: 5.8.18-300.fc33.x86_64 runlevel: N 5 type: Python3 uid: 1000 Truncated backtrace: #1 [/usr/lib64/python3.7/importlib/__init__.py:51] <module> #2 [/usr/lib64/python3.7/inspect.py:38] <module> #3 [/usr/lib64/python3.7/xmlrpc/server.py:110] <module> #4 [/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/_pydev_imps/_pydev_saved_modules.py:22] <module> #5 [/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/_pydevd_bundle/pydevd_constants.py:357] <module> #6 [/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/pycompletionserver.py:14] <module> -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1901132] New: Request to build eclipse-cdt for EPEL 8
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1901132 Bug ID: 1901132 Summary: Request to build eclipse-cdt for EPEL 8 Product: Fedora EPEL Version: epel8 Status: NEW Component: eclipse Assignee: lef(a)fedoraproject.org Reporter: kretschmer.jens(a)siemens.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: Please build eclipse-cdt for EPEL 8 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1946144] New: eclipse-webtools-dali eclipse-webtools-javaee
by bugzilla＠redhat.com 05 Apr '21

05 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1946144 Bug ID: 1946144 Summary: eclipse-webtools-dali eclipse-webtools-javaee Product: Fedora Version: 32 Hardware: x86_64 OS: Linux Status: NEW Component: eclipse-webtools Severity: medium Assignee: mat.booth(a)gmail.com Reporter: flydove(a)qq.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt, mat.booth(a)gmail.com Target Milestone: --- Classification: Fedora Created attachment 1769160 --> https://bugzilla.redhat.com/attachment.cgi?id=1769160&action=edit Eclipse Workspace start Log $ sudo rpm -qa | grep eclipse-webtools eclipse-webtools-common-3.18.0-4.fc32.noarch eclipse-webtools-servertools-3.18.0-4.fc32.noarch eclipse-webtools-sourceediting-3.18.0-4.fc32.noarch $ sudo dnf search eclipse-webtools Last metadata expiration check: 0:26:31 ago on Mon 05 Apr 2021 10:19:45 AM CST. =============================================================================== Name Matched: eclipse-webtools =============================================================================== eclipse-webtools-common.noarch : WST Common UI and Faceted Project Framework eclipse-webtools-dali.noarch : Eclipse Dali Java Persistence (JPA) Tools eclipse-webtools-javaee.noarch : Eclipse Java EE Developer Tools eclipse-webtools-servertools.noarch : Eclipse Server Tools Framework eclipse-webtools-sourceediting.noarch : Eclipse Web Developer, XML, XPath, and XSL Tools $ sudo dnf install eclipse-webtools-dali eclipse-webtools-javaee -4 -y Last metadata expiration check: 0:26:47 ago on Mon 05 Apr 2021 10:19:45 AM CST. Package eclipse-webtools-common-3.18.0-4.fc32.noarch is already installed. Package eclipse-webtools-common-3.18.0-4.fc32.noarch is already installed. Dependencies resolved. Nothing to do. Complete! -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1888339] New: Error unpacking rpm package eclipse-platform-1:4.16-13.fc33.x86_64
by bugzilla＠redhat.com 01 Apr '21

01 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1888339 Bug ID: 1888339 Summary: Error unpacking rpm package eclipse-platform-1:4.16-13.fc33.x86_64 Product: Fedora Version: 33 Status: NEW Component: eclipse Assignee: mat.booth(a)redhat.com Reporter: mycroft8(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora One RPM file associated with Eclipse in Fedora 33 beta is not installable. Error unpacking rpm package eclipse-platform-1:4.16-13.fc33.x86_64 And the verification step fails. This is a continuation of the same issue since Fedora 32. It does not help to completely remove and re-install Eclipse. The issue remains. It does not help to specifically enable the "latest" Eclipse. The only workaround I can find is to not use Fedora repo's for Eclipse. To reproduce, just try sudo dnf install eclipse-platform -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1933818] New: CVE-2020-11988 eclipse: xmlgraphics-commons: SSRF due to improper input validation by the XMPParser [fedora-all]
by bugzilla＠redhat.com 31 Mar '21

31 Mar '21

https://bugzilla.redhat.com/show_bug.cgi?id=1933818 Bug ID: 1933818 Summary: CVE-2020-11988 eclipse: xmlgraphics-commons: SSRF due to improper input validation by the XMPParser [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 13

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

eclipse-sig April 2021