zyppe/sagemath
1
0
Fork 0
mirror of https://src.fedoraproject.org/rpms/sagemath.git synced 2025-04-22 19:55:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add patch for CVE-2012-4230 (#1091442)

Browse source
This commit is contained in:
pcpa 2014-12-06 16:35:03 -02:00
parent 3e866bf86e
commit 8d0fccfd0f
2 changed files with 53 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

45
sagemath-CVE-2012-4230.patch Normal file
View file

@ -0,0 +1,45 @@
diff -up build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js.orig build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js
--- build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js.orig 2014-12-06 15:49:57.183458112 -0200
+++ build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js 2014-12-06 15:50:34.399459537 -0200
@@ -85,7 +85,6 @@ $.widget("ui.dialog", {
var self = this,
options = self.options,
- title = options.title || ' ',
titleId = $.ui.dialog.getTitleId(self.element),
uiDialog = (self.uiDialog = $('<div></div>'))
@@ -167,8 +166,8 @@ $.widget("ui.dialog", {
uiDialogTitle = $('<span></span>')
.addClass('ui-dialog-title')
.attr('id', titleId)
- .html(title)
.prependTo(uiDialogTitlebar);
+ this._title( uiDialogTitle );
//handling of deprecated beforeclose (vs beforeClose) option
//Ticket #4669 http://dev.jqueryui.com/ticket/4669
@@ -349,6 +348,13 @@ $.widget("ui.dialog", {
return self;
},
+ _title: function( title ) {
+ if ( !this.options.title ) {
+ title.html( "&#160;" );
+ }
+ title.text( this.options.title );
+ },
+
_createButtons: function(buttons) {
var self = this,
hasButtons = false,
@@ -618,8 +624,7 @@ $.widget("ui.dialog", {
}
break;
case "title":
- // convert whatever was passed in o a string, for html() to not throw up
- $(".ui-dialog-title", self.uiDialogTitlebar).html("" + (value || '&#160;'));
+ this._title( $( ".ui-dialog-title", this.uiDialogTitlebar ) );
break;
}

9
sagemath.spec
View file

@ -39,7 +39,7 @@ Name: sagemath
Group: Applications/Engineering Group: Applications/Engineering
Summary: A free open-source mathematics software system Summary: A free open-source mathematics software system
Version: 6.3 Version: 6.3
Release: 4%{?dist} Release: 5%{?dist}
# The file ${SAGE_ROOT}/COPYING.txt is the upstream license breakdown file # The file ${SAGE_ROOT}/COPYING.txt is the upstream license breakdown file
# Additionally, every $files section has a comment with the license name # Additionally, every $files section has a comment with the license name
# before files with that license # before files with that license
@ -157,6 +157,9 @@ Patch25: %{name}-sphinx.patch
# Rediffed latest version from http://trac.sagemath.org/ticket/15767 # Rediffed latest version from http://trac.sagemath.org/ticket/15767
Patch26: %{name}-pari2.7.patch Patch26: %{name}-pari2.7.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1091442
Patch27: %{name}-CVE-2012-4230.patch
BuildRequires: 4ti2 BuildRequires: 4ti2
BuildRequires: atlas-devel BuildRequires: atlas-devel
BuildRequires: cddlib-tools BuildRequires: cddlib-tools
@ -623,6 +626,7 @@ popd
%patch25 %patch25
%patch26 %patch26
%patch27
sed -e 's|@@SAGE_ROOT@@|%{SAGE_ROOT}|' \ sed -e 's|@@SAGE_ROOT@@|%{SAGE_ROOT}|' \
-e 's|@@SAGE_DOC@@|%{SAGE_DOC}|' \ -e 's|@@SAGE_DOC@@|%{SAGE_DOC}|' \
@ -1341,6 +1345,9 @@ exit 0
######################################################################## ########################################################################
%changelog %changelog
* Sat Dec 6 2014 pcpa <paulo.cesar.pereira.de.andrade@gmail.com> - 6.3-5
- Add patch for CVE-2012-4230 (#1091442)
* Sat Nov 1 2014 pcpa <paulo.cesar.pereira.de.andrade@gmail.com> - 6.3-4 * Sat Nov 1 2014 pcpa <paulo.cesar.pereira.de.andrade@gmail.com> - 6.3-4
- Install 128x128 icon (#1157575) - Install 128x128 icon (#1157575)