From 677795e9e4aa0f44a038f407c87ebc8c6c90b305 Mon Sep 17 00:00:00 2001 From: peijiankang Date: Fri, 19 May 2023 15:57:42 +0800 Subject: [PATCH] fix critical vulnerabilities (cherry picked from commit 753fde283c7a22ed03f58333a9263b3e20386f5a) --- 0013-fix-critical-vulnerabilities.patch | 58 +++++++++++++++++++++++++ ukui-control-center.spec | 7 ++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 0013-fix-critical-vulnerabilities.patch diff --git a/0013-fix-critical-vulnerabilities.patch b/0013-fix-critical-vulnerabilities.patch new file mode 100644 index 0000000..3448a90 --- /dev/null +++ b/0013-fix-critical-vulnerabilities.patch @@ -0,0 +1,58 @@ +From a85afbd3022fb63f8356d0260a2a1d976898ff3f Mon Sep 17 00:00:00 2001 +From: peijiankang +Date: Fri, 19 May 2023 15:56:07 +0800 +Subject: [PATCH] fix critical vulnerabilities + +--- + registeredQDbus/sysdbusregister.cpp | 5 +++++ + registeredQDbus/sysdbusregister.h | 4 +++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp +index 1aaefbe..077c8d6 100644 +--- a/registeredQDbus/sysdbusregister.cpp ++++ b/registeredQDbus/sysdbusregister.cpp +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + /* qt会将glib里的signals成员识别为宏,所以取消该宏 + * 后面如果用到signals时,使用Q_SIGNALS代替即可 +@@ -180,6 +181,10 @@ int SysdbusRegister::_changeOtherUserPasswd(QString username, QString pwd){ + } + + int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){ ++ //密码校验 ++ QDBusConnection conn = connection(); ++ QDBusMessage msg = message(); ++ _id = conn.interface()->servicePid(msg.service()).value(); + + if (_id == 0){ + return -1; +diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h +index a513ada..bffc80b 100644 +--- a/registeredQDbus/sysdbusregister.h ++++ b/registeredQDbus/sysdbusregister.h +@@ -28,6 +28,8 @@ + #include + #include + #include ++#include ++#include + + struct brightInfo { + QString serialNum; +@@ -40,7 +42,7 @@ struct displayInfo { + QString edidHash; //edid信息的hash值(md5) + }; + +-class SysdbusRegister : public QObject ++class SysdbusRegister : public QObject,QDBusContext + { + Q_OBJECT + +-- +2.39.1 + diff --git a/ukui-control-center.spec b/ukui-control-center.spec index 6fb996f..6311d54 100644 --- a/ukui-control-center.spec +++ b/ukui-control-center.spec @@ -1,7 +1,7 @@ %define debug_package %{nil} Name: ukui-control-center Version: 3.0.4 -Release: 20 +Release: 21 Summary: utilities to configure the UKUI desktop License: GPL-2+ URL: http://www.ukui.org @@ -18,6 +18,7 @@ Patch09: 0009-Fix-the-resolution-donotsave-button-fails.patch Patch10: 0010-Fix-the-problem-of-scrambled-shortcut-keys.patch Patch11: 0011-Fix-terminal-garbled-characters.patch Patch12: ukui-control-center-3.0.4-fix-invalid-automatic-login.patch +Patch13: 0013-fix-critical-vulnerabilities.patch BuildRequires: qt5-qtsvg-devel BuildRequires: qt5-qtbase-devel @@ -127,6 +128,7 @@ Suggests: ukui-settings-daemon %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 %build qmake-qt5 @@ -186,6 +188,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon May 15 2023 peijiankang - 3.0.4-21 +- fix critical vulnerabilities + * Tue Jan 10 2023 huayadong - 3.0.4-20 - repair installation %post warning