!150 [sync] PR-148: Fix critical vulnerabilities

From: @openeuler-sync-bot Reviewed-by: @dou33 Signed-off-by: @dou33
2023-05-22 05:55:28 +00:00 · 2023-05-22 05:55:28 +00:00 · 09e7bd1682
commit 09e7bd1682
parent afa894f834 677795e9e4
2 changed files with 64 additions and 1 deletions
--- a/0013-fix-critical-vulnerabilities.patch
+++ b/0013-fix-critical-vulnerabilities.patch
@ -0,0 +1,58 @@
+From a85afbd3022fb63f8356d0260a2a1d976898ff3f Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Fri, 19 May 2023 15:56:07 +0800
+Subject: [PATCH] fix critical vulnerabilities
+
+---
+ registeredQDbus/sysdbusregister.cpp | 5 +++++
+ registeredQDbus/sysdbusregister.h   | 4 +++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
+index 1aaefbe..077c8d6 100644
+--- a/registeredQDbus/sysdbusregister.cpp
+++ b/registeredQDbus/sysdbusregister.cpp
+@@ -30,6 +30,7 @@
+ #include <QDBusReply>
+ #include<QCryptographicHash>
+ #include <polkit-qt5-1/polkitqt1-authority.h>
+#include <QDBusMessage>
+ 
+ /* qt会将glib里的signals成员识别为宏，所以取消该宏
+  * 后面如果用到signals时，使用Q_SIGNALS代替即可
+@@ -180,6 +181,10 @@ int SysdbusRegister::_changeOtherUserPasswd(QString username, QString pwd){
+ }
+ 
+ int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
+    //密码校验
+    QDBusConnection conn = connection();
+    QDBusMessage msg = message();
+    _id = conn.interface()->servicePid(msg.service()).value();
+ 
+     if (_id == 0){
+         return -1;
+diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
+index a513ada..bffc80b 100644
+--- a/registeredQDbus/sysdbusregister.h
+++ b/registeredQDbus/sysdbusregister.h
+@@ -28,6 +28,8 @@
+ #include <QVector>
+ #include <ddcutil_c_api.h>
+ #include <ddcutil_types.h>
+#include <QDBusContext>
+#include <QDBusConnectionInterface>
+ 
+ struct brightInfo {
+     QString serialNum;
+@@ -40,7 +42,7 @@ struct displayInfo {
+     QString             edidHash;      //edid信息的hash值(md5)
+ };
+ 
+-class SysdbusRegister : public QObject
+class SysdbusRegister : public QObject,QDBusContext
+ {
+     Q_OBJECT
+ 
+-- 
+2.39.1
+
--- a/ukui-control-center.spec
+++ b/ukui-control-center.spec
@ -1,7 +1,7 @@
 %define debug_package %{nil}
 Name:           ukui-control-center
 Version:        3.0.4
-Release:        20
+Release:        21
 Summary:        utilities to configure the UKUI desktop
 License:        GPL-2+
 URL:            http://www.ukui.org
@ -18,6 +18,7 @@ Patch09:        0009-Fix-the-resolution-donotsave-button-fails.patch
 Patch10:        0010-Fix-the-problem-of-scrambled-shortcut-keys.patch
 Patch11:        0011-Fix-terminal-garbled-characters.patch
 Patch12:        ukui-control-center-3.0.4-fix-invalid-automatic-login.patch
+Patch13:        0013-fix-critical-vulnerabilities.patch

 BuildRequires: qt5-qtsvg-devel
 BuildRequires: qt5-qtbase-devel
@ -127,6 +128,7 @@ Suggests: ukui-settings-daemon
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1

 %build
 qmake-qt5
@ -186,6 +188,9 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Mon May 15 2023 peijiankang <peijiankang@kylinos.cn> - 3.0.4-21
+- fix critical vulnerabilities
+
 * Tue Jan 10 2023 huayadong <huayadong@kylinos.cn> - 3.0.4-20
 - repair installation %post warning