[arch-commits] Commit in exo/trunk (PKGBUILD)

Evangelos Foutras foutrelis at gemini.archlinux.org
Mon Jun 6 17:24:04 UTC 2022


    Date: Monday, June 6, 2022 @ 17:24:04
  Author: foutrelis
Revision: 447642

upgpkg: exo 4.16.3-2: add fix for CVE-2022-32278

> This patch prevents executing possibly malicious .desktop files
> from online sources (ftp://, http:// etc.).

Modified:
  exo/trunk/PKGBUILD

----------+
 PKGBUILD |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-06-06 17:05:10 UTC (rev 447641)
+++ PKGBUILD	2022-06-06 17:24:04 UTC (rev 447642)
@@ -4,7 +4,7 @@
 
 pkgname=exo
 pkgver=4.16.3
-pkgrel=1
+pkgrel=2
 pkgdesc="Application library for Xfce"
 arch=('x86_64')
 url="https://www.xfce.org/"
@@ -12,11 +12,14 @@
 groups=('xfce4')
 depends=('libxfce4ui' 'hicolor-icon-theme')
 makedepends=('intltool')
-source=(https://archive.xfce.org/src/xfce/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2)
-sha256sums=('722dff3c3fe23f0a65405e63889cf247c99d092d3f9fb16dec78d062cfb8fae6')
+source=(https://archive.xfce.org/src/xfce/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2
+        $pkgname-exo-open-only-execute-local-desktop-files.patch::https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882.patch)
+sha256sums=('722dff3c3fe23f0a65405e63889cf247c99d092d3f9fb16dec78d062cfb8fae6'
+            'a864116f1692ca541d4837640e9c535cc127ae2420f64cbafff329f4b4cc68a0')
 
 prepare() {
   cd "$srcdir/$pkgname-$pkgver"
+  patch -Np1 -i ../$pkgname-exo-open-only-execute-local-desktop-files.patch
 }
 
 build() {



More information about the arch-commits mailing list