From b454c98e93a0b939110728009ca7b77311e1efb1 Mon Sep 17 00:00:00 2001
From: jykanase <v-jykanase@microsoft.com>
Date: Thu, 30 Jan 2025 04:38:05 +0000
Subject: [PATCH] patch m2crypto to fix CVE-2019-11358

---
 SPECS/m2crypto/CVE-2019-11358.patch | 28 ++++++++++++++++++++++++++++
 SPECS/m2crypto/m2crypto.spec        |  6 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/m2crypto/CVE-2019-11358.patch

diff --git a/SPECS/m2crypto/CVE-2019-11358.patch b/SPECS/m2crypto/CVE-2019-11358.patch
new file mode 100644
index 00000000000..a262ca67af0
--- /dev/null
+++ b/SPECS/m2crypto/CVE-2019-11358.patch
@@ -0,0 +1,28 @@
+From d3e8292d3c2ac5e78ee4f8cf7ea00241335159b4 Mon Sep 17 00:00:00 2001
+From: jykanase <v-jykanase@microsoft.com>
+Date: Wed, 29 Jan 2025 13:46:24 +0000
+Subject: [PATCH] CVE-2019-11358
+
+Source Link: https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
+---
+ doc/html/_static/jquery-3.2.1.js | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/doc/html/_static/jquery-3.2.1.js b/doc/html/_static/jquery-3.2.1.js
+index d2d8ca4..8bbd717 100644
+--- a/doc/html/_static/jquery-3.2.1.js
++++ b/doc/html/_static/jquery-3.2.1.js
+@@ -229,8 +229,9 @@ jQuery.extend = jQuery.fn.extend = function() {
+ 				src = target[ name ];
+ 				copy = options[ name ];
+ 
++				// Prevent Object.prototype pollution
+ 				// Prevent never-ending loop
+-				if ( target === copy ) {
++				if (  name === "__proto__" || target === copy ) {
+ 					continue;
+ 				}
+ 
+-- 
+2.45.2
+
diff --git a/SPECS/m2crypto/m2crypto.spec b/SPECS/m2crypto/m2crypto.spec
index 376aa09be8e..b8da8793dd1 100644
--- a/SPECS/m2crypto/m2crypto.spec
+++ b/SPECS/m2crypto/m2crypto.spec
@@ -1,7 +1,7 @@
 Summary:        Crypto and SSL toolkit for Python
 Name:           m2crypto
 Version:        0.38.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,7 @@ URL:            https://pypi.python.org/pypi/M2Crypto
 Source0:        https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-%{version}.tar.gz
 Patch0:         0001-skip-test_tls1_nok-which-cant-be-run-in-FIPS.patch
 Patch1:         CVE-2020-25657.patch
+Patch2:         CVE-2019-11358.patch
 
 %description
 M2Crypto is a crypto and SSL toolkit for Python
@@ -57,6 +58,9 @@ pip3 install parameterized
 %{python3_sitelib}/*
 
 %changelog
+* Wed Jan 29 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 0.38.0-4
+- Fix CVE-2019-11358
+
 * Tue Aug 16 2022 Muhammad Falak <mwani@microsoft.com> - 0.38.0-3
 - Patch CVE-2020-25657