Version in base suite: 1.24.1-1

Base version: engrampa_1.24.1-1
Target version: engrampa_1.24.1-1+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/e/engrampa/engrampa_1.24.1-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/e/engrampa/engrampa_1.24.1-1+deb11u1.dsc

 changelog                                                     |    8 +
 patches/0006_use-unar-instead-of-cpio-for-CPIO-archives.patch |   42 ++++++++++
 patches/series                                                |    1 
 3 files changed, 51 insertions(+)

diff -Nru engrampa-1.24.1/debian/changelog engrampa-1.24.1/debian/changelog
--- engrampa-1.24.1/debian/changelog	2020-08-22 08:55:17.000000000 +0000
+++ engrampa-1.24.1/debian/changelog	2024-02-13 06:56:27.000000000 +0000
@@ -1,3 +1,11 @@
+engrampa (1.24.1-1+deb11u1) bullseye-security; urgency=medium
+
+  * debian/patches:
+    + CVE-2023-52138: Add 0006_use-unar-instead-of-cpio-for-CPIO-archives.patch.
+      Use unar instead of cpio for CPIO archives. (Closes: #1063494).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Tue, 13 Feb 2024 07:56:27 +0100
+
 engrampa (1.24.1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru engrampa-1.24.1/debian/patches/0006_use-unar-instead-of-cpio-for-CPIO-archives.patch engrampa-1.24.1/debian/patches/0006_use-unar-instead-of-cpio-for-CPIO-archives.patch
--- engrampa-1.24.1/debian/patches/0006_use-unar-instead-of-cpio-for-CPIO-archives.patch	1970-01-01 00:00:00.000000000 +0000
+++ engrampa-1.24.1/debian/patches/0006_use-unar-instead-of-cpio-for-CPIO-archives.patch	2024-02-13 06:56:27.000000000 +0000
@@ -0,0 +1,42 @@
+From 8cd485a58d865d89d71931b66d7e2cb2202fc1be Mon Sep 17 00:00:00 2001
+From: Colomban Wendling <cwendling@hypra.fr>
+Date: Wed, 17 Jan 2024 11:57:48 +0100
+Subject: [PATCH] Use unar instead of cpio for CPIO archives
+
+---
+ src/fr-command-cpio.c       | 6 +++---
+ src/fr-command-unarchiver.c | 1 +
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+--- a/src/fr-command-cpio.c
++++ b/src/fr-command-cpio.c
+@@ -222,7 +222,7 @@
+ }
+ 
+ 
+-const char *cpio_mime_type[] = { "application/x-cpio", NULL };
++const char *cpio_mime_type[] = { /*"application/x-cpio",*/ NULL };
+ 
+ 
+ static const char **
+@@ -240,8 +240,8 @@
+ 	FrCommandCap capabilities;
+ 
+ 	capabilities = FR_COMMAND_CAN_ARCHIVE_MANY_FILES;
+-	if (is_program_available (CPIO_PATH, check_command))
+-		capabilities |= FR_COMMAND_CAN_READ;
++/*	if (is_program_available (CPIO_PATH, check_command))
++		capabilities |= FR_COMMAND_CAN_READ;*/
+ 
+ 	return capabilities;
+ }
+--- a/src/fr-command-unarchiver.c
++++ b/src/fr-command-unarchiver.c
+@@ -255,6 +255,7 @@
+ const char *unarchiver_mime_type[] = { "application/zip",
+ 				       "application/x-cbr",
+ 				       "application/x-rar",
++				       "application/x-cpio",
+ 				       NULL };
+ 
+ 
diff -Nru engrampa-1.24.1/debian/patches/series engrampa-1.24.1/debian/patches/series
--- engrampa-1.24.1/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ engrampa-1.24.1/debian/patches/series	2024-02-13 06:56:27.000000000 +0000
@@ -0,0 +1 @@
+0006_use-unar-instead-of-cpio-for-CPIO-archives.patch