!12 [sync] PR-11: prevent exploit of CVE-2021-30483

From: @openeuler-sync-bot Reviewed-by: @jxy_git Signed-off-by: @jxy_git
2025-03-20 05:50:52 +00:00 · 2025-03-20 05:50:52 +00:00 · 1d9e59ae99
commit 1d9e59ae99
parent ec16efcbfa cb1791b364
2 changed files with 43 additions and 1 deletions
--- a/0002-prevent-exploit-of-CVE-2021-30483.patch
+++ b/0002-prevent-exploit-of-CVE-2021-30483.patch
@ -0,0 +1,37 @@
+From f9d72006dcc6033297729c3b0b4a86e43d1925ba Mon Sep 17 00:00:00 2001
+From: wangdi <wangdi@kylinos.cn>
+Date: Wed, 19 Mar 2025 18:09:32 +0800
+Subject: [PATCH] prevent exploit of CVE-2021-30483
+
+---
+ webpack.common.js | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/webpack.common.js b/webpack.common.js
+index 43c25ee..20f175e 100644
+--- a/webpack.common.js
+++ b/webpack.common.js
+@@ -9,7 +9,8 @@ const InlineManifestWebpackPlugin = require('inline-manifest-webpack-plugin')
+ const env = process.env.NODE_ENV || 'development'
+ const useFakeData = process.env.FAKE_DATA === 'true'
+ const packageInfo = require('./package.json')
+-const fetchGitInfo = require('./webpack.gitinfo.js')
+// disable git info fetch to prevent exploit of CVE-2021-30483
+// const fetchGitInfo = require('./webpack.gitinfo.js')
+ 
+ // common modules required by all entry points
+ const commonModules = ['core-js/stable']
+@@ -17,7 +18,9 @@ const commonModules = ['core-js/stable']
+ // common webpack configuration applicable to all environments
+ // @see: https://github.com/patternfly/patternfly-react-seed/blob/master/webpack.common.js
+ async function common () {
+-  const gitInfo = await fetchGitInfo()
+  // disable git info fetch to prevent exploit of CVE-2021-30483
+  // const gitInfo = await fetchGitInfo()
+  const gitInfo = null
+   const rpmInfo = process.env.RPM_PACKAGE_NAME && {
+     packageName: process.env.RPM_PACKAGE_NAME,
+     packageVersion: process.env.RPM_PACKAGE_VERSION,
+-- 
+2.48.1
+
--- a/ovirt-engine-ui-extensions.spec
+++ b/ovirt-engine-ui-extensions.spec
@ -1,11 +1,12 @@
 Name: ovirt-engine-ui-extensions
 Summary: oVirt UI Extensions
 Version: 1.2.6
-Release: 3
+Release: 4
 License: Apache-2.0
 URL: http://www.ovirt.org/
 Source: ovirt-engine-ui-extensions-1.2.6.tar.gz
 Patch0: 0001-Update-leading-zero-use-case-for-date-formatting.patch
+Patch1: 0002-prevent-exploit-of-CVE-2021-30483.patch

 BuildArch: noarch

@ -33,6 +34,7 @@ Extensions include:
 # Unpack the source:
 %setup -q -n %{name}-%{version}
 %patch 0 -p1
+%patch 1 -p1

 # Set up Node.js environment with dependencies linked to ./node_modules:
 source %{_datadir}/ovirt-engine-nodejs-modules/setup-env.sh
@ -76,6 +78,9 @@ ln -s "%{_datadir}/%{name}/ansible-playbooks/ovirt-cluster-upgrade.yml" "%{build
 %license LICENSE

 %changelog
+* Wed Mar 19 2025 wangdi <wangdi@kylinos.cn> - 1.2.6-4
+- Prevent exploit of CVE-2021-30483
+
 * Mon Nov 18 2024 jiangxinyu <jiangxinyu@kylinos.cn> - 1.2.6-3
 - Fix leading zero issue with date formatting