--- jquery-1.3.3.orig/dist/jquery.js +++ jquery-1.3.3/dist/jquery.js @@ -27,8 +27,8 @@ }, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, + // Prioritize #id over to avoid XSS via location.hash (#9521) + quickExpr = /^[^#<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, // Is it a simple selector isSimple = /^.[^:#\[\.,]*$/; @@ -1266,150 +1266,150 @@ function num(elem, prop) { return elem[0] && parseInt( jQuery.curCSS(elem[0], prop, true), 10 ) || 0; } -var expando = "jQuery" + now(), uuid = 0, windowData = {}; - -jQuery.extend({ - cache: {}, - - data: function( elem, name, data ) { - elem = elem == window ? - windowData : - elem; - - var id = elem[ expando ]; - - // Compute a unique ID for the element - if ( !id ) - id = elem[ expando ] = ++uuid; - - // Only generate the data cache if we're - // trying to access or manipulate it - if ( name && !jQuery.cache[ id ] ) - jQuery.cache[ id ] = {}; - - // Prevent overriding the named cache with undefined values - if ( data !== undefined ) - jQuery.cache[ id ][ name ] = data; - - // Return the named cache data, or the ID for the element - return name ? - jQuery.cache[ id ][ name ] : - id; - }, - - removeData: function( elem, name ) { - elem = elem == window ? - windowData : - elem; - - var id = elem[ expando ]; - - // If we want to remove a specific section of the element's data - if ( name ) { - if ( jQuery.cache[ id ] ) { - // Remove the section of cache data - delete jQuery.cache[ id ][ name ]; - - // If we've removed all the data, remove the element's cache - name = ""; - - for ( name in jQuery.cache[ id ] ) - break; - - if ( !name ) - jQuery.removeData( elem ); - } - - // Otherwise, we want to remove all of the element's data - } else { - // Clean up the element expando - try { - delete elem[ expando ]; - } catch(e){ - // IE has trouble directly removing the expando - // but it's ok with using removeAttribute - if ( elem.removeAttribute ) - elem.removeAttribute( expando ); - } - - // Completely remove the data cache - delete jQuery.cache[ id ]; - } - }, - queue: function( elem, type, data ) { - if ( elem ){ - - type = (type || "fx") + "queue"; - - var q = jQuery.data( elem, type ); - - if ( !q || jQuery.isArray(data) ) - q = jQuery.data( elem, type, jQuery.makeArray(data) ); - else if( data ) - q.push( data ); - - } - return q; - }, - - dequeue: function( elem, type ){ - var queue = jQuery.queue( elem, type ), - fn = queue.shift(); - - if( !type || type === "fx" ) - fn = queue[0]; - - if( fn !== undefined ) - fn.call(elem); - } -}); - -jQuery.fn.extend({ - data: function( key, value ){ - var parts = key.split("."); - parts[1] = parts[1] ? "." + parts[1] : ""; - - if ( value === undefined ) { - var data = this.triggerHandler("getData" + parts[1] + "!", [parts[0]]); - - if ( data === undefined && this.length ) - data = jQuery.data( this[0], key ); - - return data === undefined && parts[1] ? - this.data( parts[0] ) : - data; - } else - return this.trigger("setData" + parts[1] + "!", [parts[0], value]).each(function(){ - jQuery.data( this, key, value ); - }); - }, - - removeData: function( key ){ - return this.each(function(){ - jQuery.removeData( this, key ); - }); - }, - queue: function(type, data){ - if ( typeof type !== "string" ) { - data = type; - type = "fx"; - } - - if ( data === undefined ) - return jQuery.queue( this[0], type ); - - return this.each(function(){ - var queue = jQuery.queue( this, type, data ); - - if( type == "fx" && queue.length == 1 ) - queue[0].call(this); - }); - }, - dequeue: function(type){ - return this.each(function(){ - jQuery.dequeue( this, type ); - }); - } +var expando = "jQuery" + now(), uuid = 0, windowData = {}; + +jQuery.extend({ + cache: {}, + + data: function( elem, name, data ) { + elem = elem == window ? + windowData : + elem; + + var id = elem[ expando ]; + + // Compute a unique ID for the element + if ( !id ) + id = elem[ expando ] = ++uuid; + + // Only generate the data cache if we're + // trying to access or manipulate it + if ( name && !jQuery.cache[ id ] ) + jQuery.cache[ id ] = {}; + + // Prevent overriding the named cache with undefined values + if ( data !== undefined ) + jQuery.cache[ id ][ name ] = data; + + // Return the named cache data, or the ID for the element + return name ? + jQuery.cache[ id ][ name ] : + id; + }, + + removeData: function( elem, name ) { + elem = elem == window ? + windowData : + elem; + + var id = elem[ expando ]; + + // If we want to remove a specific section of the element's data + if ( name ) { + if ( jQuery.cache[ id ] ) { + // Remove the section of cache data + delete jQuery.cache[ id ][ name ]; + + // If we've removed all the data, remove the element's cache + name = ""; + + for ( name in jQuery.cache[ id ] ) + break; + + if ( !name ) + jQuery.removeData( elem ); + } + + // Otherwise, we want to remove all of the element's data + } else { + // Clean up the element expando + try { + delete elem[ expando ]; + } catch(e){ + // IE has trouble directly removing the expando + // but it's ok with using removeAttribute + if ( elem.removeAttribute ) + elem.removeAttribute( expando ); + } + + // Completely remove the data cache + delete jQuery.cache[ id ]; + } + }, + queue: function( elem, type, data ) { + if ( elem ){ + + type = (type || "fx") + "queue"; + + var q = jQuery.data( elem, type ); + + if ( !q || jQuery.isArray(data) ) + q = jQuery.data( elem, type, jQuery.makeArray(data) ); + else if( data ) + q.push( data ); + + } + return q; + }, + + dequeue: function( elem, type ){ + var queue = jQuery.queue( elem, type ), + fn = queue.shift(); + + if( !type || type === "fx" ) + fn = queue[0]; + + if( fn !== undefined ) + fn.call(elem); + } +}); + +jQuery.fn.extend({ + data: function( key, value ){ + var parts = key.split("."); + parts[1] = parts[1] ? "." + parts[1] : ""; + + if ( value === undefined ) { + var data = this.triggerHandler("getData" + parts[1] + "!", [parts[0]]); + + if ( data === undefined && this.length ) + data = jQuery.data( this[0], key ); + + return data === undefined && parts[1] ? + this.data( parts[0] ) : + data; + } else + return this.trigger("setData" + parts[1] + "!", [parts[0], value]).each(function(){ + jQuery.data( this, key, value ); + }); + }, + + removeData: function( key ){ + return this.each(function(){ + jQuery.removeData( this, key ); + }); + }, + queue: function(type, data){ + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + } + + if ( data === undefined ) + return jQuery.queue( this[0], type ); + + return this.each(function(){ + var queue = jQuery.queue( this, type, data ); + + if( type == "fx" && queue.length == 1 ) + queue[0].call(this); + }); + }, + dequeue: function(type){ + return this.each(function(){ + jQuery.dequeue( this, type ); + }); + } });/*! * Sizzle CSS Selector Engine - v0.9.3 * Copyright 2009, The Dojo Foundation --- jquery-1.3.3.orig/src/core.js +++ jquery-1.3.3/src/core.js @@ -14,8 +14,8 @@ }, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, + // Prioritize #id over to avoid XSS via location.hash (#9521) + quickExpr = /^[^#<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, // Is it a simple selector isSimple = /^.[^:#\[\.,]*$/; --- jquery-1.3.3.orig/test/unit/core.js +++ jquery-1.3.3/test/unit/core.js @@ -435,6 +435,24 @@ body.removeAttribute('foo'); // Cleanup }); +test("XSS via location.hash", function() { + expect(1); + + stop(); + jQuery._check9521 = function(x){ + ok( x, "script called from #id-like selector with inline handler" ); + jQuery("#check9521").remove(); + delete jQuery._check9521; + start(); + }; + try { + // This throws an error because it's processed like an id + jQuery( '#' ).appendTo("#qunit-fixture"); + } catch (err) { + jQuery._check9521(true); + }; +}); + if ( !isLocal ) { test("attr(String) in XML Files", function() { expect(2); --- jquery-1.3.3.orig/debian/changelog +++ jquery-1.3.3/debian/changelog @@ -0,0 +1,142 @@ +jquery (1.3.3-2ubuntu1.2) lucid-security; urgency=low + + * SECURITY UPDATE: cross-site scripting issue via location.hash + - debian/patches/CVE-2011-4969.patch: prioritize #id over in + src/core.js and dist/jquery.js, added test to test/unit/core.js. + - https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9 + - CVE-2011-4969 + + -- Marc Deslauriers Tue, 05 Feb 2013 10:50:40 -0500 + +jquery (1.3.3-2ubuntu1) lucid; urgency=low + + * Merge from Debian testing, remaining changes: + - Drop Recommends: javascript-common to a Suggests:; there's no reason + we need to publish these scripts via http by default. + + -- Steve Langasek Mon, 09 Nov 2009 20:33:54 +0000 + +jquery (1.3.3-2) unstable; urgency=low + + [ Steve Kemp ] + * Removed all non-Debian/ files. We should work from the .orig.gz + * Added. + * Updated to use a -release.zip not the .js file for looking for releases. + + [ Daniel Baumann ] + * Removing myself from uploaders. + + -- Daniel Baumann Wed, 26 Aug 2009 17:39:30 +0200 + +jquery (1.3.3-1ubuntu1) karmic; urgency=low + + * Merge from Debian unstable, remaining changes: + - Drop Recommends: javascript-common to a Suggests:; there's no reason + we need to publish these scripts via http by default. + + -- Steve Langasek Wed, 20 May 2009 12:33:40 +0000 + +jquery (1.3.3-1) unstable; urgency=high + + [ Steve Kemp ] + * Re-upload with orig.tar.gz file present, unfortunately this means + bumping the release number, but that is a small price to pay. + (Closes: #526228) + * Updated to standards version 3.8.1 + + -- Steve Kemp Tue, 19 May 2009 21:11:01 +0000 + +jquery (1.3.2-2ubuntu1) karmic; urgency=low + + * Merge from Debian unstable, remaining changes: + - Drop Recommends: javascript-common to a Suggests:; there's no reason + we need to publish these scripts via http by default. + + -- Steve Langasek Wed, 29 Apr 2009 23:01:44 +0000 + +jquery (1.3.2-2) unstable; urgency=high + + [ Steve Kemp ] + * Correctly update the .min.js, .light.js, and .packaged.js files to + be symlinks. + - My own bad git usage. + + -- Steve Kemp Thu, 26 Feb 2009 16:00:16 +0000 + +jquery (1.3.2-1) unstable; urgency=low + + [ Steve Kemp ] + * Updated to release 1.3.2 of jquery. + (Closes: #515112) + + -- Steve Kemp Thu, 26 Feb 2009 15:55:51 +0000 + +jquery (1.2.6-2ubuntu1) jaunty; urgency=low + + * Drop Recommends: javascript-common to a Suggests:; there's no reason + we need to publish these scripts via http by default. + + -- Steve Langasek Thu, 09 Apr 2009 07:20:04 +0000 + +jquery (1.2.6-2) unstable; urgency=medium + + [ Daniel Baumann ] + * Updating to standards 3.8.0. + + [ Steve Kemp ] + * Updated to the new 1.2.6 release + * Correct the name of the library + + [ Daniel Baumann ] + * Removing 'files' from unclean build. + * Removing useless empty line at the end of links file. + * Temporarily don't install packaged javascript files compressed by + upstream until we have yuicompressor in the archive. To not break + existing installations, symlinks to uncompressed jquery.js are + shipped. + * Correcting wrong symlinks of previous commit, thanks to Christian + Hammers (Closes: #495178). + + -- Daniel Baumann Sat, 10 Jan 2009 14:21:00 -0500 + +jquery (1.2.6-1) unstable; urgency=low + + [ Steve Kemp ] + * New upstream release + + -- Steve Kemp Fri, 18 Jul 2008 15:55:55 +0000 + +jquery (1.2.3-4) unstable; urgency=low + + [ Steve Kemp ] + * Moved to collaborative hosting: + - http://git.debian.org/git/pkg-javascript/ + + [ Daniel Baumann ] + * Downgrading relation to javascript-common from depends to recommends. + * Removing useless empty line on top of README.Debian. + * Removing explicit appearance of README.Debian in dh_installdocs call, since + this is taken automatically anyway. + + -- Steve Kemp Sat, 10 May 2008 16:17:18 +0000 + +jquery (1.2.3-3) unstable; urgency=medium + + * Renamed the binary package from 'jquery' to 'libjs-jquery' + to follow the very early Javascript policy. + + -- Steve Kemp Sun, 6 Apr 2008 15:44:51 +0000 + +jquery (1.2.3-2) unstable; urgency=high + + * Updated to follow the very early Javascript policy. + - Install files beneath /usr/share/javascript + + -- Steve Kemp Sat, 5 Apr 2008 15:14:13 +0000 + +jquery (1.2.3-1) unstable; urgency=low + + * Initial release. (Closes: #473125) + + -- Steve Kemp Fri, 28 Mar 2008 15:14:13 +0000 + --- jquery-1.3.3.orig/debian/compat +++ jquery-1.3.3/debian/compat @@ -0,0 +1 @@ +6 --- jquery-1.3.3.orig/debian/rules +++ jquery-1.3.3/debian/rules @@ -0,0 +1,31 @@ +#!/usr/bin/make -f + +clean: + dh_testdir + dh_testroot + + dh_clean + +build: + +install: + +binary: binary-indep + +binary-arch: + +binary-indep: + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_install + dh_link + dh_compress + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +.PHONY: clean build install binary binary-arch binary-indep --- jquery-1.3.3.orig/debian/watch +++ jquery-1.3.3/debian/watch @@ -0,0 +1,3 @@ +version=3 +http://code.google.com/p/jqueryjs/downloads \ + .*jquery-(\d+(?:\.\d+){1,3})-release.zip --- jquery-1.3.3.orig/debian/README.Sources +++ jquery-1.3.3/debian/README.Sources @@ -0,0 +1,14 @@ + +GIT Usage +--------- + + I've updated this package such that only the debian/ tree is stored + in git, which I think makes sense. + + For minor updates to the package we can get the orig.tar.gz via + "apt-get source .." For new releases we merely need to download + the latest .zip and repack as jquery-x.y.z.orig.tar.gz - making + no other changes. + +Steve +-- --- jquery-1.3.3.orig/debian/copyright +++ jquery-1.3.3/debian/copyright @@ -0,0 +1,24 @@ +This package was debianized by Steve Kemp on +Fri Mar 28 15:16:58 GMT 2008. + +It was downloaded from: + + http://jquery.com/ + +Copyright (c) 2005-2008 by John Resig, Brandon Aaron & Jörn Zaefferer. + +For more details on developers please see : + + http://docs.jquery.com/Contributors + + +This program is free software; you can redistribute it and/or modify +it under the terms of either: + + a) the GNU General Public License as published by the Free Software + Foundation; version 2. + + b) the MIT license. + + On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL' --- jquery-1.3.3.orig/debian/install +++ jquery-1.3.3/debian/install @@ -0,0 +1 @@ +dist/jquery.js /usr/share/javascript/jquery --- jquery-1.3.3.orig/debian/links +++ jquery-1.3.3/debian/links @@ -0,0 +1,3 @@ +/usr/share/javascript/jquery/jquery.js /usr/share/javascript/jquery/jquery.min.js +/usr/share/javascript/jquery/jquery.js /usr/share/javascript/jquery/jquery.pack.js +/usr/share/javascript/jquery/jquery.js /usr/share/javascript/jquery/jquery.lite.js --- jquery-1.3.3.orig/debian/README.Debian +++ jquery-1.3.3/debian/README.Debian @@ -0,0 +1,10 @@ +jquery for Debian +----------------- + +In order to make use of jquery in your html, include the following lines in +your html header: + + + + -- Steve Kemp Sat, 5 April 2008 15:00:51 +0000 --- jquery-1.3.3.orig/debian/control +++ jquery-1.3.3/debian/control @@ -0,0 +1,23 @@ +Source: jquery +Section: web +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Javascript Maintainers +Uploaders: Marcelo Jorge Vieira , Steve Kemp +Build-Depends: debhelper (>= 6) +Standards-Version: 3.8.1 +Homepage: http://jquery.com/ +Vcs-Browser: http://git.debian.org/?p=pkg-javascript/jquery.git +Vcs-Git: git://git.debian.org/git/pkg-javascript/jquery.git + +Package: libjs-jquery +Architecture: all +Conflicts: jquery +Replaces: jquery +Depends: ${misc:Depends} +Suggests: javascript-common +Description: JavaScript library for dynamic web applications + jQuery is a fast, concise, JavaScript Library that simplifies how you + traverse HTML documents, handle events, perform animations, and add Ajax + interactions to your web pages. jQuery is designed to change the way + that you write JavaScript.