packages/ukui-control-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix critical vulnerabilities

Browse Source 
(cherry picked from commit 753fde283c7a22ed03f58333a9263b3e20386f5a)
This commit is contained in:
peijiankang 2023-05-19 15:57:42 +08:00 committed by openeuler-sync-bot
parent afa894f834
commit 677795e9e4
2 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
0013-fix-critical-vulnerabilities.patch Normal file
View File

@ -0,0 +1,58 @@
From a85afbd3022fb63f8356d0260a2a1d976898ff3f Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Fri, 19 May 2023 15:56:07 +0800
Subject: [PATCH] fix critical vulnerabilities
---
registeredQDbus/sysdbusregister.cpp | 5 +++++
registeredQDbus/sysdbusregister.h | 4 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
index 1aaefbe..077c8d6 100644
--- a/registeredQDbus/sysdbusregister.cpp
+++ b/registeredQDbus/sysdbusregister.cpp
@@ -30,6 +30,7 @@
#include <QDBusReply>
#include<QCryptographicHash>
#include <polkit-qt5-1/polkitqt1-authority.h>
+#include <QDBusMessage>
/* qt会将glib里的signals成员识别为宏所以取消该宏
* 后面如果用到signals时使用Q_SIGNALS代替即可
@@ -180,6 +181,10 @@ int SysdbusRegister::_changeOtherUserPasswd(QString username, QString pwd){
}
int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
+ //密码校验
+ QDBusConnection conn = connection();
+ QDBusMessage msg = message();
+ _id = conn.interface()->servicePid(msg.service()).value();
if (_id == 0){
return -1;
diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
index a513ada..bffc80b 100644
--- a/registeredQDbus/sysdbusregister.h
+++ b/registeredQDbus/sysdbusregister.h
@@ -28,6 +28,8 @@
#include <QVector>
#include <ddcutil_c_api.h>
#include <ddcutil_types.h>
+#include <QDBusContext>
+#include <QDBusConnectionInterface>
struct brightInfo {
QString serialNum;
@@ -40,7 +42,7 @@ struct displayInfo {
QString edidHash; //edid信息的hash值(md5)
};
-class SysdbusRegister : public QObject
+class SysdbusRegister : public QObject,QDBusContext
{
Q_OBJECT
--
2.39.1

7
ukui-control-center.spec
View File

@ -1,7 +1,7 @@
%define debug_package %{nil} %define debug_package %{nil}
Name: ukui-control-center Name: ukui-control-center
Version: 3.0.4 Version: 3.0.4
Release: 20 Release: 21
Summary: utilities to configure the UKUI desktop Summary: utilities to configure the UKUI desktop
License: GPL-2+ License: GPL-2+
URL: http://www.ukui.org URL: http://www.ukui.org
@ -18,6 +18,7 @@ Patch09: 0009-Fix-the-resolution-donotsave-button-fails.patch
Patch10: 0010-Fix-the-problem-of-scrambled-shortcut-keys.patch Patch10: 0010-Fix-the-problem-of-scrambled-shortcut-keys.patch
Patch11: 0011-Fix-terminal-garbled-characters.patch Patch11: 0011-Fix-terminal-garbled-characters.patch
Patch12: ukui-control-center-3.0.4-fix-invalid-automatic-login.patch Patch12: ukui-control-center-3.0.4-fix-invalid-automatic-login.patch
Patch13: 0013-fix-critical-vulnerabilities.patch
BuildRequires: qt5-qtsvg-devel BuildRequires: qt5-qtsvg-devel
BuildRequires: qt5-qtbase-devel BuildRequires: qt5-qtbase-devel
@ -127,6 +128,7 @@ Suggests: ukui-settings-daemon
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1
%build %build
qmake-qt5 qmake-qt5
@ -186,6 +188,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Mon May 15 2023 peijiankang <peijiankang@kylinos.cn> - 3.0.4-21
- fix critical vulnerabilities
* Tue Jan 10 2023 huayadong <huayadong@kylinos.cn> - 3.0.4-20 * Tue Jan 10 2023 huayadong <huayadong@kylinos.cn> - 3.0.4-20
- repair installation %post warning - repair installation %post warning