diff --git a/CVE-2023-52138.patch b/CVE-2023-52138.patch new file mode 100644 index 0000000..39ffbef --- /dev/null +++ b/CVE-2023-52138.patch @@ -0,0 +1,49 @@ +From 7adf9de007304769bc1857eca85bf72d98cb7bbe Mon Sep 17 00:00:00 2001 +From: peijiankang +Date: Tue, 30 Apr 2024 14:02:32 +0800 +Subject: [PATCH] CVE-2023-52138 + +--- + src/fr-command-cpio.c | 6 +++--- + src/fr-command-unarchiver.c | 1 + + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/fr-command-cpio.c b/src/fr-command-cpio.c +index 6cbe61d..f048fdb 100644 +--- a/src/fr-command-cpio.c ++++ b/src/fr-command-cpio.c +@@ -222,7 +222,7 @@ fr_command_cpio_extract (FrCommand *comm, + } + + +-const char *cpio_mime_type[] = { "application/x-cpio", NULL }; ++const char *cpio_mime_type[] = { /*"application/x-cpio",*/ NULL }; + + + static const char ** +@@ -240,8 +240,8 @@ fr_command_cpio_get_capabilities (FrCommand *comm, + FrCommandCap capabilities; + + capabilities = FR_COMMAND_CAN_ARCHIVE_MANY_FILES; +- if (is_program_available (CPIO_PATH, check_command)) +- capabilities |= FR_COMMAND_CAN_READ; ++/* if (is_program_available (CPIO_PATH, check_command)) ++ capabilities |= FR_COMMAND_CAN_READ;*/ + + return capabilities; + } +diff --git a/src/fr-command-unarchiver.c b/src/fr-command-unarchiver.c +index 5e2acd4..548c7da 100644 +--- a/src/fr-command-unarchiver.c ++++ b/src/fr-command-unarchiver.c +@@ -255,6 +255,7 @@ fr_command_unarchiver_handle_error (FrCommand *comm, + const char *unarchiver_mime_type[] = { "application/zip", + "application/x-cbr", + "application/x-rar", ++ "application/x-cpio", + NULL }; + + +-- +2.43.0 + diff --git a/engrampa.spec b/engrampa.spec index 3737f66..69c4b18 100644 --- a/engrampa.spec +++ b/engrampa.spec @@ -14,7 +14,7 @@ Name: engrampa Version: 1.24.1 -Release: 3 +Release: 4 Summary: MATE Desktop file archiver License: GPLv2+ and LGPLv2+ URL: http://mate-desktop.org @@ -34,6 +34,7 @@ BuildRequires: caja-devel BuildRequires: libSM-devel Patch1: 0004-fix-engrampa-Fix-decompress-files-with-garbled-chara.patch +Patch2: CVE-2023-52138.patch %description Mate File Archiver is an application for creating and viewing archives files, @@ -97,6 +98,9 @@ find %{buildroot} -name "*.la" -exec rm -f {} ';' %changelog +* Tue Apr 30 2024 peijiankang - 1.24.1-4 +- fix CVE-2023-52138 + * Mon Feb 19 2024 yuanxing - 1.24.1-3 - KYOS-F: enable caja-actions with configure.(#30161)