patch m2crypto to fix CVE-2019-11358

Author: jykanase

SPECS/m2crypto/CVE-2019-11358.patch

@@ -0,0 +1,28 @@
+From d3e8292d3c2ac5e78ee4f8cf7ea00241335159b4 Mon Sep 17 00:00:00 2001
+From: jykanase <[email protected]>
+Date: Wed, 29 Jan 2025 13:46:24 +0000
+Subject: [PATCH] CVE-2019-11358
+
+Source Link: https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
+---
+ doc/html/_static/jquery-3.2.1.js | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/doc/html/_static/jquery-3.2.1.js b/doc/html/_static/jquery-3.2.1.js
+index d2d8ca4..8bbd717 100644
+--- a/doc/html/_static/jquery-3.2.1.js
++++ b/doc/html/_static/jquery-3.2.1.js
+@@ -229,8 +229,9 @@ jQuery.extend = jQuery.fn.extend = function() {
+ 				src = target[ name ];
+ 				copy = options[ name ];
+ 
++				// Prevent Object.prototype pollution
+ 				// Prevent never-ending loop
+-				if ( target === copy ) {
++				if (  name === "__proto__" || target === copy ) {
+ 					continue;
+ 				}
+ 
+-- 
+2.45.2
+

SPECS/m2crypto/m2crypto.spec

@@ -1,7 +1,7 @@
 Summary:        Crypto and SSL toolkit for Python
 Name:           m2crypto
 Version:        0.38.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,7 @@ URL:            https://pypi.python.org/pypi/M2Crypto
 Source0:        https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-%{version}.tar.gz
 Patch0:         0001-skip-test_tls1_nok-which-cant-be-run-in-FIPS.patch
 Patch1:         CVE-2020-25657.patch
+Patch2:         CVE-2019-11358.patch
 
 %description
 M2Crypto is a crypto and SSL toolkit for Python
@@ -57,6 +58,9 @@ pip3 install parameterized
 %{python3_sitelib}/*
 
 %changelog
+* Wed Jan 29 2025 Jyoti Kanase <[email protected]> - 0.38.0-4
+- Fix CVE-2019-11358
+
 * Tue Aug 16 2022 Muhammad Falak <[email protected]> - 0.38.0-3
 - Patch CVE-2020-25657