14.2.1-7.1

Disable jQuery use, don't ship jquery.js (CVE-2020-11023)

Resolves: RHEL-78284

gcc.spec

@@ -152,7 +152,7 @@ BuildRequires: scl-utils-build
 Summary: GCC version %{gcc_major}
 Name: %{?scl_prefix}gcc
 Version: %{gcc_version}
-Release: %{gcc_release}%{?dist}
+Release: %{gcc_release}.1%{?dist}
 # License notes for some of the less obvious ones:
 #   gcc/doc/cppinternals.texi: Linux-man-pages-copyleft-2-para
 #   isl: MIT, BSD-2-Clause
@@ -778,6 +778,10 @@ rm -rf libgomp/testsuite/libgomp.fortran/pr90030.f90
 rm -f libstdc++-v3/testsuite/30_threads/future/members/poll.cc
 %endif
 
+# Disable jQuery use (CVE-2020-11023).
+sed -i '/^SEARCHENGINE/s/YES/NO/' libstdc++-v3/doc/doxygen/user.cfg.in
+sed -i '/^GENERATE_TREEVIEW/s/YES/NO/' libstdc++-v3/doc/doxygen/user.cfg.in
+
 %build
 
 # Undo the broken autoconf change in recent Fedora versions
@@ -1314,6 +1318,9 @@ cp -r -p $libstdcxx_doc_builddir/html ../rpm.doc/libstdc++-v3/html/api
 mkdir -p %{buildroot}%{_mandir}/man3
 cp -r -p $libstdcxx_doc_builddir/man/man3/* %{buildroot}%{_mandir}/man3/
 find ../rpm.doc/libstdc++-v3 -name \*~ | xargs rm
+# We don't want to ship jQuery in the libstdc++-docs package.
+find ../rpm.doc/libstdc++-v3 -name jquery.js | xargs rm
+find ../rpm.doc/libstdc++-v3/html -name '*.html' | xargs sed -i '/<script type="text.javascript" src="jquery.js"><.script>/d'
 %endif
 
 %ifarch sparcv9 sparc64
@@ -2789,6 +2796,9 @@ fi
 %endif
 
 %changelog
+* Fri Feb  7 2025 Marek Polacek <polacek@redhat.com> 14.2.1-7.1
+- disable jQuery use, don't ship jquery.js (CVE-2020-11023, RHEL-78284)
+
 * Wed Jan 22 2025 Marek Polacek <polacek@redhat.com> 14.2.1-7
 - update from releases/gcc-14 branch (RHEL-74062)
   - PRs ada/113036, ada/113868, ada/115917, ada/117328, ada/117996,