[arch-commits] Commit in ukui-control-center/trunk (6.patch PKGBUILD)

Sat Feb 12 02:16:38 UTC 2022

Date: Saturday, February 12, 2022 @ 02:16:37
  Author: heftig
Revision: 1132391

3.0.4-2: FS#73517 add libcanberra dep

Added:
  ukui-control-center/trunk/6.patch
Modified:
  ukui-control-center/trunk/PKGBUILD

----------+
 6.patch  |   23 +++++++++++++++++++++++
 PKGBUILD |   15 +++++++++++----
 2 files changed, 34 insertions(+), 4 deletions(-)

Added: 6.patch
===================================================================

--- 6.patch	                        (rev 0)
+++ 6.patch	2022-02-12 02:16:37 UTC (rev 1132391)
@@ -0,0 +1,23 @@
+From d827d4850e405f098ed0967f02ef3034dbddd661 Mon Sep 17 00:00:00 2001
+From: Xeonacid <h.dwwwwww at gmail.com>
+Date: Wed, 19 Jan 2022 23:19:35 +0800
+Subject: [PATCH] fix(changeUserPwd/run-passwd.cpp): format security
+
+Add "%s" format to g_error_new, to fix the format string security issue.
+---
+ changeUserPwd/run-passwd.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/changeUserPwd/run-passwd.cpp b/changeUserPwd/run-passwd.cpp
+index 59a76501..aca032f1 100644
+--- a/changeUserPwd/run-passwd.cpp
++++ b/changeUserPwd/run-passwd.cpp
+@@ -377,7 +377,7 @@ static gboolean io_watch_stdout (GIOChannel *source, GIOCondition condition, Pas
+                                          "Your password has been changed after you verify!");
+                 } */else {
+                     error = g_error_new (PASSWD_ERROR, PASSWD_ERROR_UNKNOWN,
+-                                         str->str);
++                                         "%s", str->str);
+                 }
+ 
+                 /* At this point, passwd might have exited, in which case

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-02-12 02:04:47 UTC (rev 1132390)
+++ PKGBUILD	2022-02-12 02:16:37 UTC (rev 1132391)
@@ -2,7 +2,7 @@
 
 pkgname=ukui-control-center
 pkgver=3.0.4
-pkgrel=1
+pkgrel=2
 pkgdesc="Utilities to configure the UKUI desktop"
 arch=('x86_64')
 license=('GPL')
@@ -11,13 +11,20 @@
 depends=('bluez-qt' 'boost-libs' 'ddcutil' 'kconfig' 'kconfigwidgets' 'ki18n' 'kscreen'
          'kwidgetsaddons' 'libpwquality' 'lsb-release' 'peony' 'qt5-quickcontrols' 'ukui-interface'
          'ukui-panel' 'ukui-media' 'ukui-menus' 'ukui-power-manager' 'ukui-screensaver'
-         'ukui-settings-daemon' 'upower')
+         'ukui-settings-daemon' 'upower' 'libcanberra')
 makedepends=('boost' 'qt5-tools')
-source=("$pkgname-$pkgver.tar.gz::https://github.com/ukui/ukui-control-center/archive/v$pkgver.tar.gz")
-sha512sums=('f751502d66a36d8a6fe0199ec4408c3c371923c9a9b1e722f75bff66090f3b6eac18df2c8fd5b7c4d223a7938f491e4b89a91636cf15944574ecdeb43b995f4c')
+source=("$pkgname-$pkgver.tar.gz::https://github.com/ukui/ukui-control-center/archive/v$pkgver.tar.gz"
+        6.patch)
+sha512sums=('f751502d66a36d8a6fe0199ec4408c3c371923c9a9b1e722f75bff66090f3b6eac18df2c8fd5b7c4d223a7938f491e4b89a91636cf15944574ecdeb43b995f4c'
+            'b15fc2f32fac0fbae3bf30d9cc19c78375bd50c35815d540c79ac9a7ba561b52ca599c0385826529603146f7a368045f1a861b5173f2538b226376e9f4cd9129')
 
 prepare() {
   cd ukui-control-center-$pkgver
+
+  # Fix format-security
+  # https://github.com/ukui/ukui-control-center/pull/6
+  patch -Np1 -i ../6.patch
+
   # QSysInfo::productVersion() returns "unknown" on Arch
   #TODO: sed -i 's/productVersion/prettyProductName/' plugins/messages-task/about/about.cpp
 

