From 81d71e5ba54c2adc2b490bd4d7fa91bf0ff23a09 Mon Sep 17 00:00:00 2001 From: peijiankang Date: Wed, 24 Apr 2024 10:54:15 +0800 Subject: [PATCH] CVE-2023-2091 (cherry picked from commit 5fd2e5987a5a074d04db727a1ffd8dcaa11bb607) --- 0001-CVE-2023-2091.patch | 35 +++++++++++++++++++++++++++++++++++ youker-assistant.spec | 9 +++++++-- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 0001-CVE-2023-2091.patch diff --git a/0001-CVE-2023-2091.patch b/0001-CVE-2023-2091.patch new file mode 100644 index 0000000..fbe70f5 --- /dev/null +++ b/0001-CVE-2023-2091.patch @@ -0,0 +1,35 @@ +From bf35ca1d06f748d9255fa939ee69b411aaf0131e Mon Sep 17 00:00:00 2001 +From: peijiankang +Date: Wed, 24 Apr 2024 10:52:48 +0800 +Subject: [PATCH] CVE-2023-2091 + +--- + kyasDbus/systemdaemon/kacpufm.py | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/kyasDbus/systemdaemon/kacpufm.py b/kyasDbus/systemdaemon/kacpufm.py +index f6b5883..8e39321 100644 +--- a/kyasDbus/systemdaemon/kacpufm.py ++++ b/kyasDbus/systemdaemon/kacpufm.py +@@ -153,6 +153,18 @@ class KACpuFM(dbus.service.Object): + origin = {Cpufm_Average_Corefreq:""} + + if(not os.path.exists("/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq")): ++ # 存在机型没有开启动态调频,默认为cpu频率方案移植 ++ if(os.path.exists("/proc/cpuinfo")): ++ args = ["cat /proc/cpuinfo | grep -i 'cpu MHz'"] ++ pipe = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE , shell=True) ++ output = pipe.stdout.readlines() ++ ++ cpuFreq = "" ++ if len(output) != 0: ++ cpuFreq = bytes.decode(output[0],"utf-8","ignore") ++ if "cpu mhz" in cpuFreq.lower(): ++ cpuFreq = cpuFreq.split(":")[-1].strip() ++ origin[Cpufm_Average_Corefreq] = self.num_convert(str(int(float(cpuFreq)*1000))); + return origin + + v = 0 +-- +2.43.0 + diff --git a/youker-assistant.spec b/youker-assistant.spec index baa1a32..cca507a 100644 --- a/youker-assistant.spec +++ b/youker-assistant.spec @@ -1,6 +1,6 @@ Name: youker-assistant Version: 3.0.4 -Release: 3 +Release: 4 Summary: youker-assistant License: GPL-2+ and GPL-3 URL: https://github.com/UbuntuKylin/youker-assistant @@ -9,6 +9,7 @@ Patch01: 0001-Fix-the-problem-that-the-contents-of-youker-assistan.patch Patch02: 0002-modify-version-of-youker-assistant-is-null.patch Patch03: 0003-Repairing-data-transfer-failure-of-DBUS-service.patch Patch04: 0001-fix-compile-error-of-youker-assistant.patch +Patch05: 0001-CVE-2023-2091.patch BuildRequires: qt5-qtcharts qt5-qtcharts-devel BuildRequires: qt5-qtbase-devel @@ -43,13 +44,14 @@ user experience. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build export PATH=%{_qt5_bindir}:$PATH mkdir qmake-build pushd qmake-build %{qmake_qt5} .. -%{make_build} -j4 +%{make_build} popd %install @@ -79,6 +81,9 @@ cp -r %{_builddir}/%{name}-%{version}/data/toolkit %{buildroot}/usr/share/kylin- %{_datadir}/kylin-user-guide/data/guide %changelog +* Wed Apr 24 2024 peijiankang - 3.0.4-4 +- add 0001-CVE-2023-2091.patch + * Wed Mar 22 2023 peijiankang - 3.0.4-3 - fix version of youker-assistant is debugsource