From b811b297f4995027d31c62079d5ee05a30ab6a49 Mon Sep 17 00:00:00 2001 From: Christopher Tubbs Date: Wed, 18 Jul 2018 01:47:14 -0400 Subject: [PATCH] Update to 3.3.1 fixes rhbz#1536772 rhbz#1445079 rhbz#1591846 Security fix for CVE-2012-6708 --- .gitignore | 1 + js-jquery.spec | 12 ++++++++++-- remove-typeofs.patch | 18 ++++++++++++++++++ sources | 2 +- 4 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 remove-typeofs.patch diff --git a/.gitignore b/.gitignore index 80fe5c7..bf0694b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /js-jquery-8f2a9d9272d6ed7f32d3a484740ab342c02541e0.tar.gz /jquery-2.2.4.tar.gz /jquery-3.2.1.tar.gz +/jquery-3.3.1.tar.gz diff --git a/js-jquery.spec b/js-jquery.spec index 2d031cb..639053a 100644 --- a/js-jquery.spec +++ b/js-jquery.spec @@ -1,6 +1,6 @@ Name: js-jquery -Version: 3.2.1 -Release: 4%{?dist} +Version: 3.3.1 +Release: 1%{?dist} Summary: JavaScript DOM manipulation, event handling, and AJAX library BuildArch: noarch @@ -18,6 +18,9 @@ Patch1: %{name}-disable-gzip-js.patch # disable missing insight module Patch2: disable-insight-tracking.patch +# disable typeofs compress option (not available in current uglify) +Patch3: remove-typeofs.patch + BuildRequires: web-assets-devel BuildRequires: nodejs-packaging BuildRequires: js-sizzle-static @@ -33,6 +36,7 @@ BuildRequires: npm(grunt-cli) BuildRequires: npm(grunt-contrib-uglify) BuildRequires: npm(load-grunt-tasks) BuildRequires: npm(requirejs) +BuildRequires: npm(raw-body) #BuildRequires: npm(strip-json-comments) # won't work on epel7 branch BuildRequires: nodejs-strip-json-comments @@ -86,6 +90,10 @@ ln -s %{version} %{installdir}/%{ver_x}.%{ver_y} %changelog +* Wed Jul 18 2018 Christopher Tubbs - 3.3.1-1 +- Update to 3.3.1; fixes rhbz#1536772 rhbz#1445079 rhbz#1591846 Security fix for + CVE-2012-6708 + * Fri Jul 13 2018 Fedora Release Engineering - 3.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/remove-typeofs.patch b/remove-typeofs.patch new file mode 100644 index 0000000..02c2197 --- /dev/null +++ b/remove-typeofs.patch @@ -0,0 +1,18 @@ +diff --git a/Gruntfile.js b/Gruntfile.js +index 096370a..173dad7 100644 +--- a/Gruntfile.js ++++ b/Gruntfile.js +@@ -261,12 +261,7 @@ module.exports = function( grunt ) { + compress: { + "hoist_funs": false, + loops: false, +- unused: false, +- +- // Support: IE <11 +- // typeofs transformation is unsafe for IE9-10 +- // See https://github.com/mishoo/UglifyJS2/issues/2198 +- typeofs: false ++ unused: false + } + } + } diff --git a/sources b/sources index 7e2df0f..619effc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (jquery-3.2.1.tar.gz) = c237b4de4e7d31cde8f8de2493ae92f7db1d504b83f24808738066bdaa7c906f3b6f819eeff1bb90881cbbccd1d32fbc06f63e847c13548adc92671d796bf336 +SHA512 (jquery-3.3.1.tar.gz) = 1f718a0128a91e69abfcff9a515b4179a0dee79256953a12a87940358b1f345d9c68e7106a5dfd82d83c947030f040d6ab3b60b0d49362482eac1e78e03f4ac6