Add patch for CVE-2012-4230 (#1091442)

2025-04-22 19:55:54 -04:00 · 2014-12-06 16:11:29 -02:00 · 2014-12-06 16:11:29 -02:00 · 1284d995ea
commit 1284d995ea
parent 52d9e04212
2 changed files with 53 additions and 1 deletions
--- a/sagemath-CVE-2012-4230.patch
+++ b/sagemath-CVE-2012-4230.patch
@ -0,0 +1,45 @@
+diff -up build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js.orig build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js
+--- build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js.orig	2014-12-06 15:49:57.183458112 -0200
+++ build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js	2014-12-06 15:50:34.399459537 -0200
+@@ -85,7 +85,6 @@ $.widget("ui.dialog", {
+ 		var self = this,
+ 			options = self.options,
+ 
+-			title = options.title || '&#160;',
+ 			titleId = $.ui.dialog.getTitleId(self.element),
+ 
+ 			uiDialog = (self.uiDialog = $('<div></div>'))
+@@ -167,8 +166,8 @@ $.widget("ui.dialog", {
+ 			uiDialogTitle = $('<span></span>')
+ 				.addClass('ui-dialog-title')
+ 				.attr('id', titleId)
+-				.html(title)
+ 				.prependTo(uiDialogTitlebar);
+			this._title( uiDialogTitle );
+ 
+ 		//handling of deprecated beforeclose (vs beforeClose) option
+ 		//Ticket #4669 http://dev.jqueryui.com/ticket/4669
+@@ -349,6 +348,13 @@ $.widget("ui.dialog", {
+ 		return self;
+ 	},
+ 
+	_title: function( title ) {
+		if ( !this.options.title ) {
+			title.html( "&#160;" );
+		}
+		title.text( this.options.title );
+	}, 
+
+ 	_createButtons: function(buttons) {
+ 		var self = this,
+ 			hasButtons = false,
+@@ -618,8 +624,7 @@ $.widget("ui.dialog", {
+ 				}
+ 				break;
+ 			case "title":
+-				// convert whatever was passed in o a string, for html() to not throw up
+-				$(".ui-dialog-title", self.uiDialogTitlebar).html("" + (value || '&#160;'));
+				this._title( $( ".ui-dialog-title", this.uiDialogTitlebar ) );
+ 				break;
+ 		}
+ 
--- a/sagemath.spec
+++ b/sagemath.spec
@ -62,7 +62,7 @@ Name:		sagemath
 Group:		Applications/Engineering
 Summary:	A free open-source mathematics software system
 Version:	6.1.1
-Release:	5%{?dist}
+Release:	6%{?dist}
 # The file ${SAGE_ROOT}/COPYING.txt is the upstream license breakdown file
 # Additionally, every $files section has a comment with the license name
 # before files with that license
@ -183,6 +183,9 @@ Patch27:	%{name}-cryptominisat.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=974769
 Patch28:	%{name}-sympy.patch

+# https://bugzilla.redhat.com/show_bug.cgi?id=1091442
+Patch29:	%{name}-CVE-2012-4230.patch
+
 BuildRequires:	4ti2
 BuildRequires:	atlas-devel
 BuildRequires:	cddlib-tools
@ -659,6 +662,7 @@ popd
 %patch26
 %patch27
 %patch28
+%patch29

 sed -e 's|@@SAGE_ROOT@@|%{SAGE_ROOT}|' \
    -e 's|@@SAGE_DOC@@|%{SAGE_DOC}|' \
@ -1371,6 +1375,9 @@ exit 0

 ########################################################################
 %changelog
+* Sat Dec 6 2014 pcpa <paulo.cesar.pereira.de.andrade@gmail.com> - 6.1.1-6
+- Add patch for CVE-2012-4230 (#1091442)
+
 * Wed Apr  2 2014 Jerry James <loganjerry@gmail.com> - 6.1.1-5
 - Rebuild for ntl 6.1.0
 - Fix ld ignoring __global_ldflags due to embedded trailing space