js-jquery: Patch CVE-2019-20149 in kind-of (#10091)
This commit is contained in:
amritakohli
GitHub
Родитель
f028b4d828
Коммит
1e62465186
|
|
@ -0,0 +1,27 @@
|
|||
From 638d1c5d1c33b4383a4e307f5bcb8b366dd36071 Mon Sep 17 00:00:00 2001
|
||||
From: Amrita Kohli <amritakohli@microsoft.com>
|
||||
Date: Fri, 9 Aug 2024 16:19:34 +0000
|
||||
Subject: [PATCH] Modified upstream patch from PR https://github.com/jonschlinkert/kind-of/pull/31 with commit id
|
||||
975c13a7cfaf25d811475823824af3a9c04b0ba8 for CVE-2019-20149. Modified by:
|
||||
Amrita Kohli <amritakohli@microsoft.com>
|
||||
|
||||
---
|
||||
node_modules/kind-of/index.js | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/node_modules/kind-of/index.js b/node_modules/kind-of/index.js
|
||||
index dfa799b7..bdcfdc85 100644
|
||||
--- a/node_modules/kind-of/index.js
|
||||
+++ b/node_modules/kind-of/index.js
|
||||
@@ -66,7 +66,7 @@ module.exports = function kindOf(val) {
|
||||
};
|
||||
|
||||
function ctorName(val) {
|
||||
- return typeof val.constructor === 'function' ? val.constructor.name : null;
|
||||
+ return val.constructor && typeof val.constructor === 'function' ? val.constructor.name : null;
|
||||
}
|
||||
|
||||
function isArray(val) {
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
|
@ -2,7 +2,7 @@ Vendor: Microsoft Corporation
|
|||
Distribution: Azure Linux
|
||||
Name: js-jquery
|
||||
Version: 3.5.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: JavaScript DOM manipulation, event handling, and AJAX library
|
||||
BuildArch: noarch
|
||||
|
||||
|
|
@ -18,6 +18,8 @@ Source1: jquery_%{version}_node_modules.tar.gz
|
|||
|
||||
# disable gzip-js during build
|
||||
Patch1: %{name}-disable-gzip-js.patch
|
||||
# Patch for CVE-2019-20149 in kind-of package https://github.com/jonschlinkert/kind-of/pull/31
|
||||
Patch2: CVE-2019-20149.patch
|
||||
|
||||
|
||||
BuildRequires: web-assets-devel
|
||||
|
|
@ -45,14 +47,15 @@ browsers. With a combination of versatility and extensibility, jQuery has
|
|||
changed the way that millions of people write JavaScript.
|
||||
|
||||
%prep
|
||||
%autosetup -n jquery-%{version} -v -p1
|
||||
%setup -n jquery-%{version}
|
||||
%patch 1 -p1
|
||||
|
||||
#remove precompiled stuff
|
||||
rm -rf dist/*
|
||||
|
||||
# Install the cached node modules
|
||||
tar xf %{SOURCE1}
|
||||
|
||||
%patch 2 -p1
|
||||
|
||||
%build
|
||||
./node_modules/grunt-cli/bin/grunt -v 'build:*:*' uglify
|
||||
|
|
@ -83,6 +86,10 @@ ln -s %{version} %{installdir}/%{ver_x}.%{ver_y}
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Aug 9 2024 Amrita Kohli <amritakohli@microsoft.com> - 3.5.0-4
|
||||
- Patch CVE-2019-20149 in kind-of package.
|
||||
- License verified
|
||||
|
||||
* Mon Jun 14 2021 Thomas Crain <thcrain@microsoft.com> - 3.5.0-3
|
||||
- Initial CBL-Mariner import from Fedora 32 (license: MIT).
|
||||
- Add explicit build-time dependency on nodejs-devel
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче