packages/ovirt-engine-ui-extensions
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!12 [sync] PR-11: prevent exploit of CVE-2021-30483

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @jxy_git 
Signed-off-by: @jxy_git
This commit is contained in:
openeuler-ci-bot 2025-03-20 05:50:52 +00:00 committed by Gitee
commit 1d9e59ae99
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0002-prevent-exploit-of-CVE-2021-30483.patch Normal file
View File

@ -0,0 +1,37 @@
From f9d72006dcc6033297729c3b0b4a86e43d1925ba Mon Sep 17 00:00:00 2001
From: wangdi <wangdi@kylinos.cn>
Date: Wed, 19 Mar 2025 18:09:32 +0800
Subject: [PATCH] prevent exploit of CVE-2021-30483
---
webpack.common.js | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/webpack.common.js b/webpack.common.js
index 43c25ee..20f175e 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -9,7 +9,8 @@ const InlineManifestWebpackPlugin = require('inline-manifest-webpack-plugin')
const env = process.env.NODE_ENV || 'development'
const useFakeData = process.env.FAKE_DATA === 'true'
const packageInfo = require('./package.json')
-const fetchGitInfo = require('./webpack.gitinfo.js')
+// disable git info fetch to prevent exploit of CVE-2021-30483
+// const fetchGitInfo = require('./webpack.gitinfo.js')
// common modules required by all entry points
const commonModules = ['core-js/stable']
@@ -17,7 +18,9 @@ const commonModules = ['core-js/stable']
// common webpack configuration applicable to all environments
// @see: https://github.com/patternfly/patternfly-react-seed/blob/master/webpack.common.js
async function common () {
- const gitInfo = await fetchGitInfo()
+ // disable git info fetch to prevent exploit of CVE-2021-30483
+ // const gitInfo = await fetchGitInfo()
+ const gitInfo = null
const rpmInfo = process.env.RPM_PACKAGE_NAME && {
packageName: process.env.RPM_PACKAGE_NAME,
packageVersion: process.env.RPM_PACKAGE_VERSION,
--
2.48.1

7
ovirt-engine-ui-extensions.spec
View File

@ -1,11 +1,12 @@
Name: ovirt-engine-ui-extensions Name: ovirt-engine-ui-extensions
Summary: oVirt UI Extensions Summary: oVirt UI Extensions
Version: 1.2.6 Version: 1.2.6
Release: 3 Release: 4
License: Apache-2.0 License: Apache-2.0
URL: http://www.ovirt.org/ URL: http://www.ovirt.org/
Source: ovirt-engine-ui-extensions-1.2.6.tar.gz Source: ovirt-engine-ui-extensions-1.2.6.tar.gz
Patch0: 0001-Update-leading-zero-use-case-for-date-formatting.patch Patch0: 0001-Update-leading-zero-use-case-for-date-formatting.patch
Patch1: 0002-prevent-exploit-of-CVE-2021-30483.patch
BuildArch: noarch BuildArch: noarch
@ -33,6 +34,7 @@ Extensions include:
# Unpack the source: # Unpack the source:
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch 0 -p1 %patch 0 -p1
%patch 1 -p1
# Set up Node.js environment with dependencies linked to ./node_modules: # Set up Node.js environment with dependencies linked to ./node_modules:
source %{_datadir}/ovirt-engine-nodejs-modules/setup-env.sh source %{_datadir}/ovirt-engine-nodejs-modules/setup-env.sh
@ -76,6 +78,9 @@ ln -s "%{_datadir}/%{name}/ansible-playbooks/ovirt-cluster-upgrade.yml" "%{build
%license LICENSE %license LICENSE
%changelog %changelog
* Wed Mar 19 2025 wangdi <wangdi@kylinos.cn> - 1.2.6-4
- Prevent exploit of CVE-2021-30483
* Mon Nov 18 2024 jiangxinyu <jiangxinyu@kylinos.cn> - 1.2.6-3 * Mon Nov 18 2024 jiangxinyu <jiangxinyu@kylinos.cn> - 1.2.6-3
- Fix leading zero issue with date formatting - Fix leading zero issue with date formatting