[packages/mc] up to 4.8.27 (fixes CVE-2021-36370)

atler atler at pld-linux.org
Tue Aug 17 14:28:20 CEST 2021


commit 444f4ae8534e4d2a06914f1c7d858b7794e2b040
Author: Jan Palus <atler at pld-linux.org>
Date:   Tue Aug 17 14:27:21 2021 +0200

    up to 4.8.27 (fixes CVE-2021-36370)

 ebook-ext.patch |   8 +--
 mc.spec         |  18 +++---
 zip.patch       | 195 --------------------------------------------------------
 3 files changed, 12 insertions(+), 209 deletions(-)
---
diff --git a/mc.spec b/mc.spec
index 7fe2622..3619df5 100644
--- a/mc.spec
+++ b/mc.spec
@@ -18,13 +18,13 @@ Summary(tr.UTF-8):	Midnight Commander görsel kabuğu
 Summary(uk.UTF-8):	Диспетчер файлів Midnight Commander
 Summary(zh_CN.UTF-8):	一个方便实用的文件管理器和虚拟Shell
 Name:		mc
-Version:	4.8.26
-Release:	2
+Version:	4.8.27
+Release:	1
 Epoch:		1
 License:	GPL v3+
 Group:		Applications/Shells
 Source0:	http://ftp.midnight-commander.org/%{name}-%{version}.tar.xz
-# Source0-md5:	3c1f77b71dba1f4eeeedc4276627fed7
+# Source0-md5:	e51cd40a897d9aa01af251d191637ca4
 Source3:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source3-md5:	17d7b574e1b85ad6f8ddceda9e841f19
 Source7:	%{name}.desktop
@@ -34,18 +34,17 @@ Patch3:		%{name}-noperl-vfs.patch
 # at now syntax highligthing for PLD-update-TODO and CVSROOT/users
 Patch4:		%{name}-pld-developerfriendly.patch
 Patch5:		ebook-ext.patch
-Patch6:		zip.patch
 URL:		http://www.midnight-commander.org/
-BuildRequires:	autoconf >= 2.60
-BuildRequires:	automake >= 1.5
+BuildRequires:	autoconf >= 2.64
+BuildRequires:	automake >= 1:1.12
 %{?with_ext2undel:BuildRequires:	e2fsprogs-devel}
 BuildRequires:	file
-BuildRequires:	gettext-tools >= 0.18.1
+BuildRequires:	gettext-tools >= 0.21
 BuildRequires:	glib2-devel >= 1:2.30.0
 %ifnarch s390 s390x
 BuildRequires:	gpm-devel
 %endif
-BuildRequires:	libssh2-devel >= 1.2.5
+BuildRequires:	libssh2-devel >= 1.2.8
 BuildRequires:	libtool >= 2:2
 BuildRequires:	pam-devel
 BuildRequires:	pcre-devel
@@ -59,7 +58,7 @@ BuildRequires:	tar >= 1:1.22
 BuildRequires:	xz
 Requires:	file
 Requires:	glib2 >= 1:2.30.0
-Requires:	libssh2 >= 1.2.5
+Requires:	libssh2 >= 1.2.8
 Requires:	pam >= 0.77.3
 Requires:	sed
 Requires:	setup >= 2.4.6-2
@@ -168,7 +167,6 @@ tar, zip ve RPM dosyalarının içeriklerini gösterebilmesidir.
 %{!?with_perl_vfs:%patch3 -p1}
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
 
 %{__rm} po/stamp-po
 
diff --git a/ebook-ext.patch b/ebook-ext.patch
index 32bd588..4186e74 100644
--- a/ebook-ext.patch
+++ b/ebook-ext.patch
@@ -3,9 +3,9 @@
 @@ -657,7 +657,7 @@
  	Open=@EXTHELPERSDIR@/doc.sh open comic
  
- # Epub & mobi
--regex/i/\.(epub|mobi)$
+ # Epup, mobi, fb2
+-regex/i/\.(epub|mobi|fb2)$
 +regex/i/\.(epub|mobi|lrf|lrs|azw[123]?|pobi|lit|fb2)$
- 	Open=@EXTHELPERSDIR@/doc.sh open epub
- 	View=%view{ascii} @EXTHELPERSDIR@/doc.sh view epub
+ 	Open=@EXTHELPERSDIR@/doc.sh open ebook
+ 	View=%view{ascii} @EXTHELPERSDIR@/doc.sh view ebook
  
diff --git a/zip.patch b/zip.patch
deleted file mode 100644
index dfbc4f5..0000000
--- a/zip.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-From 1ed638d66cf803f69ac12ee80a72d217f2146e43 Mon Sep 17 00:00:00 2001
-From: Andrew Borodin <aborodin at vmail.ru>
-Date: Tue, 16 Feb 2021 16:29:51 +0300
-Subject: [PATCH] Ticket #4180: fix zip handling.
-
-After 8857423e4ebb770b6f0ea3103abf5d35c85fcbe8 zip archives opened with
-an error:
-
-    file -L -z archive.zip: Bad system call
-
-This caused by using /usr/bin/file with -z option, because seccomp (a
-security sandbox) doesn't allow it..
-
-Solution: use -S option together with -z one.
-
-The file command accepts the -S option since 5.33.
-
-Signed-off-by: Andrew Borodin <aborodin at vmail.ru>
----
- configure.ac          | 66 +++++++++++++++++++++++++++++++++++--------
- src/filemanager/ext.c |  7 +++--
- src/setup.c           |  2 ++
- 3 files changed, 60 insertions(+), 15 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5f372dc3f5..f2351c99ad 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -115,23 +115,65 @@ fi
- AC_SUBST(MANDOC)
- AC_SUBST(MAN_FLAGS)
- 
--dnl Check for -L option to file
-+dnl Check for -z, -L, and -S options to file
- AC_CHECK_PROG(HAVE_FILECMD, file, true, false)
- if $HAVE_FILECMD; then
--    AC_MSG_CHECKING([for -L option to file command])
--    AC_CACHE_VAL(mc_cv_filel, [
--    file -L . > /dev/null 2>&1
--    if test $? = 0; then
--	mc_cv_filel=yes
-+    dnl Don't use the file command if it doesn't accept the -z option
-+    AC_MSG_CHECKING([for -z option to file command])
-+    AC_CACHE_VAL(mc_cv_file_z, [
-+        file -z . > /dev/null 2>&1
-+        if test $? = 0; then
-+            mc_cv_file_z=yes
-+        else
-+            mc_cv_file_z=no
-+        fi
-+    ])
-+    AC_MSG_RESULT([$mc_cv_file_z])
-+
-+    if test x$mc_cv_file_z = xyes; then
-+        AC_DEFINE(USE_FILE_CMD, 1, [Define if the file command accepts the -z option])
-     else
--	mc_cv_filel=no
-+        AC_MSG_WARN([The file command doesn't accept the -z option and will not be used])
-     fi
--    ])
--    if test x$mc_cv_filel = xyes; then
--	AC_DEFINE(FILE_L, 1, [Define if the file command accepts the -L option])
-+
-+    if test x$mc_cv_file_z = xyes; then
-+        dnl file is used; check -L and -S options
-+
-+        AC_MSG_CHECKING([for -L option to file command])
-+        AC_CACHE_VAL(mc_cv_file_L, [
-+            file -L . > /dev/null 2>&1
-+            if test $? = 0; then
-+                mc_cv_file_L=yes
-+            else
-+                mc_cv_file_L=no
-+            fi
-+        ])
-+        AC_MSG_RESULT([$mc_cv_file_L])
-+
-+        if test x$mc_cv_file_L = xyes; then
-+            AC_DEFINE(FILE_L, "-L ", [Define if the file command accepts the -L option])
-+        else
-+            AC_DEFINE(FILE_L, "", [Define if the file command accepts the -L option])
-+        fi
-+
-+        dnl The file command accepts the -S option since 5.33
-+        AC_MSG_CHECKING([for -S option to file command])
-+        AC_CACHE_VAL(mc_cv_file_S, [
-+            file -S . > /dev/null 2>&1
-+            if test $? = 0; then
-+                mc_cv_file_S=yes
-+            else
-+                mc_cv_file_S=no
-+            fi
-+        ])
-+        AC_MSG_RESULT([$mc_cv_file_S])
-+
-+        if test x$mc_cv_file_S = xyes; then
-+            AC_DEFINE(FILE_S, "-S ", [Define if file command accepts the -S option])
-+        else
-+            AC_DEFINE(FILE_S, "", [Define if file command accepts the -S option])
-+        fi
-     fi
--    filel=$mc_cv_filel
--    AC_MSG_RESULT([$filel])
- fi
- 
- dnl Only list browsers here that can be run in background (i.e. with `&')
-diff --git a/src/filemanager/ext.c b/src/filemanager/ext.c
-index 4e6f10c6c5..d6a09df7bb 100644
---- a/src/filemanager/ext.c
-+++ b/src/filemanager/ext.c
-@@ -71,10 +71,11 @@
- 
- /*** file scope macro definitions ****************************************************************/
- 
--#ifdef FILE_L
--#define FILE_CMD "file -L -z "
-+#ifdef USE_FILE_CMD
-+#define FILE_CMD "file -z " FILE_S FILE_L
- #else
--#define FILE_CMD "file -z "
-+/* actually file is unused, but define some reasonable command */
-+#define FILE_CMD "file "
- #endif
- 
- /*** file scope type declarations ****************************************************************/
-diff --git a/src/setup.c b/src/setup.c
-index 77c07649d5..2ef07f2569 100644
---- a/src/setup.c
-+++ b/src/setup.c
-@@ -317,7 +317,9 @@ static const struct
-     { "old_esc_mode", &old_esc_mode },
-     { "cd_symlinks", &mc_global.vfs.cd_symlinks },
-     { "show_all_if_ambiguous", &mc_global.widget.show_all_if_ambiguous },
-+#ifdef USE_FILE_CMD
-     { "use_file_to_guess_type", &use_file_to_check_type },
-+#endif
-     { "alternate_plus_minus", &mc_global.tty.alternate_plus_minus },
-     { "only_leading_plus_minus", &only_leading_plus_minus },
-     { "show_output_starts_shell", &output_starts_shell },
-From 7881ed2fda7390d3821abd6864d0097fc818f0ac Mon Sep 17 00:00:00 2001
-From: Andrew Borodin <aborodin at vmail.ru>
-Date: Sat, 23 Jan 2021 21:10:04 +0300
-Subject: [PATCH] Ticket #4180: fix handling of zip archives.
-
-After 8857423e4ebb770b6f0ea3103abf5d35c85fcbe8 due to
-using "file -z", zip archves w/o ".zip" file name extension
-(i.e. "ff_ext.xpi", a Firefox extension) aren't handled
-as zip archives.
-
-misc/mc.ext.in: fix regular expression for zip format.
-
-Signed-off-by: Andrew Borodin <aborodin at vmail.ru>
----
- misc/mc.ext.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/misc/mc.ext.in b/misc/mc.ext.in
-index e9b475cde4..2da4635d1e 100644
---- a/misc/mc.ext.in
-+++ b/misc/mc.ext.in
-@@ -751,7 +751,7 @@ shell/i/.zip
- 	View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zip
- 
- # zip
--type/i/^zip\ archive
-+type/\(Zip archive
- 	Open=%cd %p/uzip://
- 	View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zip
- 
-From 0e023f0dd9ca18a2bab8df6d25ed3c7d9dcbd2d1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Piotrek=20=C5=BBygie=C5=82o?=
- <pzygielo at users.noreply.github.com>
-Date: Thu, 25 Mar 2021 16:59:19 +0100
-Subject: [PATCH] Ticket #4223: fix recognition of JAR files as ZIP archives
-
-Similar to 7881ed2 that solved ticket #4180.
-
-Signed-off-by: Andrew Borodin <aborodin at vmail.ru>
----
- misc/mc.ext.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/misc/mc.ext.in b/misc/mc.ext.in
-index 75f95fc743..f93d8bf229 100644
---- a/misc/mc.ext.in
-+++ b/misc/mc.ext.in
-@@ -386,7 +386,7 @@ type/\(Zip archive
- 	View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zip
- 
- # jar(zip)
--type/i/^Java\ (Jar\ file|archive)\ data\ \((zip|JAR)\)
-+type/i/\(Java\ (Jar\ file|archive)\ data\ \((zip|JAR)\)
- 	Open=%cd %p/uzip://
- 	View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zip
- 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/mc.git/commitdiff/444f4ae8534e4d2a06914f1c7d858b7794e2b040



More information about the pld-cvs-commit mailing list