diff --git a/CVE-2022-32278.ptach b/CVE-2022-32278.ptach deleted file mode 100644 index 159aaac..0000000 --- a/CVE-2022-32278.ptach +++ /dev/null @@ -1,39 +0,0 @@ -From 09c97951e91980e345b274063e3600769172c05f Mon Sep 17 00:00:00 2001 -From: yinyongkang -Date: Fri, 8 Jul 2022 10:10:07 +0800 -Subject: [PATCH] exo-open : Only execute local .desktop files - -CVE-2022-32278 - -This patch prevents executing possibly malicious .desktop files -from online sources (ftp://, http:// etc.). - -Original patch authored by Alexander Schwinn ---- - exo-open/main.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/exo-open/main.c b/exo-open/main.c -index a471c78..0176bc3 100644 ---- a/exo-open/main.c -+++ b/exo-open/main.c -@@ -156,6 +156,16 @@ exo_open_launch_desktop_file (const gchar *arg) - if (G_UNLIKELY (gfile == NULL)) - return FALSE; - -+ /* Only execute local .desktop files to prevent execution of malicious launchers from foreign locations */ -+ if (g_file_has_uri_scheme (gfile, "file") == FALSE) -+ { -+ char *uri = g_file_get_uri (gfile); -+ g_warning ("Execution of remote .desktop file '%s' was skipped due to security concerns.", uri); -+ g_object_unref (gfile); -+ g_free (uri); -+ return FALSE; -+ } -+ - /* load the contents of the file */ - result = g_file_load_contents (gfile, NULL, &contents, &length, NULL, NULL); - g_object_unref (G_OBJECT (gfile)); --- -2.33.0 - diff --git a/README.en.md b/README.en.md deleted file mode 100644 index d0d8634..0000000 --- a/README.en.md +++ /dev/null @@ -1,36 +0,0 @@ -# exo - -#### Description -Application library for the Xfce desktop environment - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md deleted file mode 100644 index d616636..0000000 --- a/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# exo - -#### 介绍 -Application library for the Xfce desktop environment - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 码云特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目 -5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/exo-4.16.2.tar.bz2 b/exo-4.16.2.tar.bz2 deleted file mode 100644 index 7d7c865..0000000 Binary files a/exo-4.16.2.tar.bz2 and /dev/null differ diff --git a/exo-4.18.0.tar.bz2 b/exo-4.18.0.tar.bz2 new file mode 100644 index 0000000..7348cc1 Binary files /dev/null and b/exo-4.18.0.tar.bz2 differ diff --git a/exo.spec b/exo.spec index 5ba0e1d..85cd45e 100644 --- a/exo.spec +++ b/exo.spec @@ -1,12 +1,12 @@ -%global xfceversion 4.16 +%global xfceversion 4.18 Name: exo -Version: 4.16.2 -Release: 2 +Version: 4.18.0 +Release: 1 Summary: An extension library to Xfce License: LGPLv2+ and GPLv2+ #Group: Development/Libraries URL: http://xfce.org/ -Source0: https://archive.xfce.org/src/xfce/exo/4.16/exo-4.16.2.tar.bz2 +Source0: https://archive.xfce.org/src/xfce/%{name}/%{xfceversion}/%{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) #BuildArch: noarch @@ -24,9 +24,6 @@ BuildRequires: chrpath BuildRequires: desktop-file-utils BuildRequires: gobject-introspection-devel -#patch -Patch0001: CVE-2022-32278.ptach - %description An extension library for Xfce, targeted at application development. @@ -41,7 +38,6 @@ Development tools and static libraries and header files for the exo library. %prep %setup -q -%patch0001 -p1 %build @@ -53,18 +49,17 @@ Development tools and static libraries and header files for the exo library. find %{buildroot} -type f -name "*.la" -exec rm -f {} ';' -%find_lang exo-2 +%find_lang exo %ldconfig_scriptlets -%files -f exo-2.lang +%files -f exo.lang %license COPYING %doc AUTHORS ChangeLog NEWS THANKS %{_bindir}/exo-desktop-item-edit %{_bindir}/exo-open %{_libdir}/libexo-2.so.0 %{_libdir}/libexo-2.so.0.1.0 -%{_datadir}/icons/hicolor/*/*/* %{_datadir}/pixmaps/exo %{_mandir}/man1/exo-open.1.* @@ -75,6 +70,9 @@ find %{buildroot} -type f -name "*.la" -exec rm -f {} ';' %{_libdir}/pkgconfig/*.pc %changeLog +* Wed Jan 04 2023 misaka00251 - 4.18.0-1 +- Update to 4.18.0 + * Fri Jul 8 2022 yinyongkang - 4.16.2-2 - Fix CVE-2022-32278