From 0efb66a44d1db7eb87c81f5e9feb12ae45b8c5c1 Mon Sep 17 00:00:00 2001
From: Kevin Lockwood <v-klockwood@microsoft.com>
Date: Wed, 29 Jan 2025 14:09:21 -0800
Subject: [PATCH] Patch ceph to fix CVE-2015-9251

---
 SPECS/ceph/CVE-2015-9251.patch | 32 ++++++++++++++++++++++++++++++++
 SPECS/ceph/ceph.spec           |  6 +++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/ceph/CVE-2015-9251.patch

diff --git a/SPECS/ceph/CVE-2015-9251.patch b/SPECS/ceph/CVE-2015-9251.patch
new file mode 100644
index 00000000000..60617f2777a
--- /dev/null
+++ b/SPECS/ceph/CVE-2015-9251.patch
@@ -0,0 +1,32 @@
+From 124fa2abfde0939c5a7684be1c9f11565888a3a5 Mon Sep 17 00:00:00 2001
+From: Kevin Lockwood <v-klockwood@microsoft.com>
+Date: Tue, 28 Jan 2025 17:30:43 -0800
+Subject: [PATCH] [Medium] Patch ceph to fix CVE-2015-9251
+
+Link: https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc.patch
+---
+ qa/workunits/erasure-code/jquery.js | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/qa/workunits/erasure-code/jquery.js b/qa/workunits/erasure-code/jquery.js
+index 8c24ffc61..f4ce660b1 100644
+--- a/qa/workunits/erasure-code/jquery.js
++++ b/qa/workunits/erasure-code/jquery.js
+@@ -8245,6 +8245,14 @@ jQuery.ajaxPrefilter( "json jsonp", function( s, originalSettings, jqXHR ) {
+ 		return "script";
+ 	}
+ });
++
++// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
++jQuery.ajaxPrefilter( function( s ) {
++    if ( s.crossDomain ) {
++        s.contents.script = false;
++    }
++} );
++
+ // Install script dataType
+ jQuery.ajaxSetup({
+ 	accepts: {
+-- 
+2.34.1
+
diff --git a/SPECS/ceph/ceph.spec b/SPECS/ceph/ceph.spec
index 5b6a0045925..5bc992dc985 100644
--- a/SPECS/ceph/ceph.spec
+++ b/SPECS/ceph/ceph.spec
@@ -5,7 +5,7 @@
 Summary:        User space components of the Ceph file system
 Name:           ceph
 Version:        18.2.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
 URL:            https://ceph.io/
 Vendor:         Microsoft Corporation
@@ -14,6 +14,7 @@ Source0:        https://download.ceph.com/tarballs/%{name}-%{version}.tar.gz
 Patch0:         0034-src-pybind-rbd-rbd.pyx.patch
 Patch1:         0032-cmake-modules-BuildBoost.cmake.patch
 Patch2:         CVE-2024-52338.patch
+Patch3:         CVE-2015-9251.patch
 #
 # Copyright (C) 2004-2019 The Ceph Project Developers. See COPYING file
 # at the top-level directory of this distribution and at
@@ -2004,6 +2005,9 @@ exit 0
 
 
 %changelog
+* Tue Jan 28 2025 Kevin Lockwood <v-klockwood@microsoft.com> - 18.2.2-4
+- Fix for CVE-2015-9251
+
 * Tue Jan 01 2025 Sandeep Karambelkar <skarambelkar@microsoft.com> - 18.2.2-3
 - Based on the package build logs, opentelemetry-cpp submodule is not being built
 - Removing opentelemetry-cpp to address below CVEs as this submodule is not relevant