packages/engrampa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!19 [sync] PR-18: fix CVE-2023-52138

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
This commit is contained in:
openeuler-ci-bot 2024-05-08 02:22:09 +00:00 committed by Gitee
commit 30a4fc5d0c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
CVE-2023-52138.patch Normal file
View File

@ -0,0 +1,49 @@
From 7adf9de007304769bc1857eca85bf72d98cb7bbe Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Tue, 30 Apr 2024 14:02:32 +0800
Subject: [PATCH] CVE-2023-52138
---
src/fr-command-cpio.c | 6 +++---
src/fr-command-unarchiver.c | 1 +
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/fr-command-cpio.c b/src/fr-command-cpio.c
index 6cbe61d..f048fdb 100644
--- a/src/fr-command-cpio.c
+++ b/src/fr-command-cpio.c
@@ -222,7 +222,7 @@ fr_command_cpio_extract (FrCommand *comm,
}
-const char *cpio_mime_type[] = { "application/x-cpio", NULL };
+const char *cpio_mime_type[] = { /*"application/x-cpio",*/ NULL };
static const char **
@@ -240,8 +240,8 @@ fr_command_cpio_get_capabilities (FrCommand *comm,
FrCommandCap capabilities;
capabilities = FR_COMMAND_CAN_ARCHIVE_MANY_FILES;
- if (is_program_available (CPIO_PATH, check_command))
- capabilities |= FR_COMMAND_CAN_READ;
+/* if (is_program_available (CPIO_PATH, check_command))
+ capabilities |= FR_COMMAND_CAN_READ;*/
return capabilities;
}
diff --git a/src/fr-command-unarchiver.c b/src/fr-command-unarchiver.c
index 5e2acd4..548c7da 100644
--- a/src/fr-command-unarchiver.c
+++ b/src/fr-command-unarchiver.c
@@ -255,6 +255,7 @@ fr_command_unarchiver_handle_error (FrCommand *comm,
const char *unarchiver_mime_type[] = { "application/zip",
"application/x-cbr",
"application/x-rar",
+ "application/x-cpio",
NULL };
--
2.43.0

6
engrampa.spec
View File

@ -14,7 +14,7 @@
Name: engrampa
Version: 1.24.1
Release: 3
Release: 4
Summary: MATE Desktop file archiver
License: GPLv2+ and LGPLv2+
URL: http://mate-desktop.org
@ -34,6 +34,7 @@ BuildRequires: caja-devel
BuildRequires: libSM-devel
Patch1: 0004-fix-engrampa-Fix-decompress-files-with-garbled-chara.patch
Patch2: CVE-2023-52138.patch
%description
Mate File Archiver is an application for creating and viewing archives files,
@ -97,6 +98,9 @@ find %{buildroot} -name "*.la" -exec rm -f {} ';'
%changelog
* Tue Apr 30 2024 peijiankang <peijiankang@kylinos.cn> - 1.24.1-4
- fix CVE-2023-52138
* Mon Feb 19 2024 yuanxing <yuanxing@kylinsec.com.cn> - 1.24.1-3
- KYOS-F: enable caja-actions with configure.(#30161)