From a0397a88f6fa5b68366d34ba3efafd35227a13f7 Mon Sep 17 00:00:00 2001
From: wangdi <wangdi@kylinos.cn>
Date: Wed, 19 Mar 2025 18:12:47 +0800
Subject: [PATCH] prevent exploit of CVE-2021-30483

(cherry picked from commit 8fdd3cda27164799aa7e69f2d7bbdf87411f064d)
---
 0002-prevent-exploit-of-CVE-2021-30483.patch | 37 ++++++++++++++++++++
 ovirt-engine-ui-extensions.spec              |  7 +++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 0002-prevent-exploit-of-CVE-2021-30483.patch

diff --git a/0002-prevent-exploit-of-CVE-2021-30483.patch b/0002-prevent-exploit-of-CVE-2021-30483.patch
new file mode 100644
index 0000000..95465ea
--- /dev/null
+++ b/0002-prevent-exploit-of-CVE-2021-30483.patch
@@ -0,0 +1,37 @@
+From f9d72006dcc6033297729c3b0b4a86e43d1925ba Mon Sep 17 00:00:00 2001
+From: wangdi <wangdi@kylinos.cn>
+Date: Wed, 19 Mar 2025 18:09:32 +0800
+Subject: [PATCH] prevent exploit of CVE-2021-30483
+
+---
+ webpack.common.js | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/webpack.common.js b/webpack.common.js
+index 43c25ee..20f175e 100644
+--- a/webpack.common.js
++++ b/webpack.common.js
+@@ -9,7 +9,8 @@ const InlineManifestWebpackPlugin = require('inline-manifest-webpack-plugin')
+ const env = process.env.NODE_ENV || 'development'
+ const useFakeData = process.env.FAKE_DATA === 'true'
+ const packageInfo = require('./package.json')
+-const fetchGitInfo = require('./webpack.gitinfo.js')
++// disable git info fetch to prevent exploit of CVE-2021-30483
++// const fetchGitInfo = require('./webpack.gitinfo.js')
+ 
+ // common modules required by all entry points
+ const commonModules = ['core-js/stable']
+@@ -17,7 +18,9 @@ const commonModules = ['core-js/stable']
+ // common webpack configuration applicable to all environments
+ // @see: https://github.com/patternfly/patternfly-react-seed/blob/master/webpack.common.js
+ async function common () {
+-  const gitInfo = await fetchGitInfo()
++  // disable git info fetch to prevent exploit of CVE-2021-30483
++  // const gitInfo = await fetchGitInfo()
++  const gitInfo = null
+   const rpmInfo = process.env.RPM_PACKAGE_NAME && {
+     packageName: process.env.RPM_PACKAGE_NAME,
+     packageVersion: process.env.RPM_PACKAGE_VERSION,
+-- 
+2.48.1
+
diff --git a/ovirt-engine-ui-extensions.spec b/ovirt-engine-ui-extensions.spec
index bee1ad6..2ee05ed 100644
--- a/ovirt-engine-ui-extensions.spec
+++ b/ovirt-engine-ui-extensions.spec
@@ -1,11 +1,12 @@
 Name: ovirt-engine-ui-extensions
 Summary: oVirt UI Extensions
 Version: 1.2.6
-Release: 3
+Release: 4
 License: Apache-2.0
 URL: http://www.ovirt.org/
 Source: ovirt-engine-ui-extensions-1.2.6.tar.gz
 Patch0: 0001-Update-leading-zero-use-case-for-date-formatting.patch
+Patch1: 0002-prevent-exploit-of-CVE-2021-30483.patch
 
 BuildArch: noarch
 
@@ -33,6 +34,7 @@ Extensions include:
 # Unpack the source:
 %setup -q -n %{name}-%{version}
 %patch 0 -p1
+%patch 1 -p1
 
 # Set up Node.js environment with dependencies linked to ./node_modules:
 source %{_datadir}/ovirt-engine-nodejs-modules/setup-env.sh
@@ -76,6 +78,9 @@ ln -s "%{_datadir}/%{name}/ansible-playbooks/ovirt-cluster-upgrade.yml" "%{build
 %license LICENSE
 
 %changelog
+* Wed Mar 19 2025 wangdi <wangdi@kylinos.cn> - 1.2.6-4
+- Prevent exploit of CVE-2021-30483
+
 * Mon Nov 18 2024 jiangxinyu <jiangxinyu@kylinos.cn> - 1.2.6-3
 - Fix leading zero issue with date formatting
 
-- 
Gitee