From 0004609d2cbcf46f1c5fbfe7f7b2ec19bf5ff9b4 Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Thu, 25 Apr 2024 09:36:01 +0800
Subject: [PATCH] fix CVE-2023-2091

---
 0001-CVE-2023-2091.patch | 35 +++++++++++++++++++++++++++++++++++
 youker-assistant.spec    |  7 ++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 0001-CVE-2023-2091.patch

diff --git a/0001-CVE-2023-2091.patch b/0001-CVE-2023-2091.patch
new file mode 100644
index 0000000..fbe70f5
--- /dev/null
+++ b/0001-CVE-2023-2091.patch
@@ -0,0 +1,35 @@
+From bf35ca1d06f748d9255fa939ee69b411aaf0131e Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Wed, 24 Apr 2024 10:52:48 +0800
+Subject: [PATCH] CVE-2023-2091
+
+---
+ kyasDbus/systemdaemon/kacpufm.py | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/kyasDbus/systemdaemon/kacpufm.py b/kyasDbus/systemdaemon/kacpufm.py
+index f6b5883..8e39321 100644
+--- a/kyasDbus/systemdaemon/kacpufm.py
++++ b/kyasDbus/systemdaemon/kacpufm.py
+@@ -153,6 +153,18 @@ class KACpuFM(dbus.service.Object):
+         origin = {Cpufm_Average_Corefreq:""}
+ 
+         if(not os.path.exists("/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq")):
++            # 存在机型没有开启动态调频，默认为cpu频率方案移植
++            if(os.path.exists("/proc/cpuinfo")):
++                args = ["cat /proc/cpuinfo | grep -i 'cpu MHz'"]
++                pipe = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE , shell=True)
++                output = pipe.stdout.readlines()
++
++                cpuFreq = ""
++                if len(output) != 0:
++                    cpuFreq = bytes.decode(output[0],"utf-8","ignore")
++                    if "cpu mhz" in cpuFreq.lower():
++                       cpuFreq = cpuFreq.split(":")[-1].strip()
++                       origin[Cpufm_Average_Corefreq] = self.num_convert(str(int(float(cpuFreq)*1000)));
+             return origin
+ 
+         v = 0 
+-- 
+2.43.0
+
diff --git a/youker-assistant.spec b/youker-assistant.spec
index 7b80c53..fc3d545 100644
--- a/youker-assistant.spec
+++ b/youker-assistant.spec
@@ -1,6 +1,6 @@
 Name:          youker-assistant
 Version:       3.0.3
-Release:       7
+Release:       8
 Summary:       youker-assistant
 License:       GPL-2+ and GPL-3
 URL:           https://github.com/UbuntuKylin/youker-assistant
@@ -8,6 +8,7 @@ Source0:       %{name}-%{version}.tar.gz
 Patch01:       0001-Fix-the-problem-that-the-contents-of-youker-assistan.patch
 Patch02:       0002-modify-version-of-youker-assistant-is-null.patch
 Patch03:       0003-Repairing-data-transfer-failure-of-DBUS-service.patch
+Patch05:       0001-CVE-2023-2091.patch 
 
 BuildRequires: python3-devel python3-lxml python3-dbus python3-pyxdg
 BuildRequires: qt5-qtcharts qt5-qtcharts-devel
@@ -42,6 +43,7 @@ user experience.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch5 -p1
 
 %build
 export PATH=%{_qt5_bindir}:$PATH
@@ -75,6 +77,9 @@ cp -r %{_builddir}/%{name}-%{version}/data/toolkit %{buildroot}/usr/share/kylin-
 %{_datadir}/kylin-user-guide/data/guide
 
 %changelog
+* Wed Apr 24 2024 peijiankang <peijiankang@kylinos.cn> - 3.0.3-8
+- add 0001-CVE-2023-2091.patch
+
 * Fri Dec 09 2022 wangyueliang <wangyueliang@kylinos.cn> - 3.0.3-7
 - Fix unsafe compile option not stripped
 
-- 
Gitee