[Pkg-javascript-devel] Bug#928827: libjs-jquery: Minified version of jquery.js (jquery.min.js) throws syntax error

Christoph Weber christoph.weber at telegant.de
Tue May 14 10:41:01 BST 2019 

Source: jquery
Version: 1.7.2+dfsg-3.2+deb8u6
Followup-For: Bug #928827

Hello,

I investigated this issue and believe the recent change
"Fix problem calling uglify during build." (related patch is
"fix_uglify_invocation.patch") leads to this issue. I guess
it was introduced in the security fix #927385. (The previous
version 1.7.2+dfsg-3.2 works fine after downgrade.)

The key to this issue is the following target in the Makefile:

${JQ_MIN}: ${JQ}
	@@if test ! -z ${JS_ENGINE}; then \
		echo "Minifying jQuery" ${JQ_MIN}; \
		${COMPILER} < ${JQ} > ${JQ_MIN}.tmp; \
		${POST_COMPILER} ${JQ_MIN}.tmp; \
		rm -f ${JQ_MIN}.tmp; \
	else \
		echo "You must have NodeJS installed in order to minify jQuery."; \
	fi

POST_COMPILER, namely post-compile.js, is a script which tries to
replace the first comment in ${JQ_MIN}.tmp with a version number.
The COMPILER, namely uglifyjs, removes all comments by default.
Therefore, the regex in post-compile.js matches some quoted
strings containing "/*" and "*/" and replaces a large section of
code with a version number.

The browser reacts with "nothing to repeat", as the breakage is
within a regex and the asterisk follows nothing appropriate.

There are multiple ways to fix it: Disable post-compile.js, fix
the regex to match only valid comments, or keep the first comment.
I'll add a patch to achieve the latter, because I like the initial
comment containing the version number.

-- System Information:
Debian Release: 8.11
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keep_licence_comment.patch
Type: text/x-diff
Size: 571 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20190514/7e99a5b6/attachment.patch>

More information about the Pkg-javascript-devel mailing list