From c2819963d22b2577e3fcf9a16e6b791d5c6bb54d Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 21 Jul 2023 15:34:07 +0200
Subject: [PATCH 1/5] Replace custom actions executing bat files to by quiet
 exec custom actions to surpress shown command prompts

Closes #GHSA-9c9p-c3mg-hpjq

(cherry picked from commit fb1ba6390dfcb7028be0eb051b893b744c0444dc)
---
 dist/win/resources/main.wxs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dist/win/resources/main.wxs b/dist/win/resources/main.wxs
index df73b195f..c940b9f9a 100644
--- a/dist/win/resources/main.wxs
+++ b/dist/win/resources/main.wxs
@@ -132,11 +132,17 @@
       <CustomAction Id="JpSetARPURLUPDATEINFO" Property="ARPURLUPDATEINFO" Value="$(var.JpUpdateURL)" />
     <?endif?>
 
+    <Property Id="WixQuietExec64CmdTimeout" Value="20" />
+    <!-- Note for custom actions: Immediate CAs run BEFORE the files are installed, hence if you depend on installed files, the CAs must be deferred.-->
     <!-- WebDAV patches -->
-    <CustomAction Id="PatchWebDAV" Impersonate="no" ExeCommand="[INSTALLDIR]patchWebDAV.bat" Directory="INSTALLDIR" Execute="deferred" Return="asyncWait" />
+    <SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot;"
+            Sequence="execute" Before="PatchWebDAV" />
+    <CustomAction Id="PatchWebDAV" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>
 
     <!-- Special Settings migration for 1.7.0,. Should be removed eventually, for more info, see ../contrib/version170-migrate-settings.ps1-->
-    <CustomAction Id="V170MigrateSettings" Impersonate="no" ExeCommand="[INSTALLDIR]version170-migrate-settings.bat" Directory="INSTALLDIR" Execute="deferred" Return="asyncWait" />
+    <SetProperty Id="V170MigrateSettings" Value="&quot;[INSTALLDIR]version170-migrate-settings.bat&quot;"
+            Sequence="execute" Before="V170MigrateSettings" />
+    <CustomAction Id="V170MigrateSettings" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>
 
     <!-- Running App detection and exit -->
     <Property Id="FOUNDRUNNINGAPP" Admin="yes"/>

From 4e3b2e0be03fd564f465af1a8cfe24fae9efb1b8 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 21 Jul 2023 16:50:27 +0200
Subject: [PATCH 2/5] supress non affecting cve

---
 suppression.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/suppression.xml b/suppression.xml
index e7cc4ea65..b7e99d589 100644
--- a/suppression.xml
+++ b/suppression.xml
@@ -55,4 +55,12 @@
 		<cve>CVE-2022-45688</cve>
 	</suppress>
 
+	<suppress>
+		<notes><![CDATA[
+   		Cryptomator not affected of cve in jackson-databind-2.14.2.jar
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+		<cve>CVE-2023-35116</cve>
+	</suppress>
+
 </suppressions>
\ No newline at end of file

From 8ed1878035be587b5754f8d9e20576107197daef Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 21 Jul 2023 17:07:33 +0200
Subject: [PATCH 3/5] prepare 1.9.2

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 38c917a77..467a40ed3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.9.1</version>
+	<version>1.9.2</version>
 	<name>Cryptomator Desktop App</name>
 
 	<organization>

From 807e718d13dd96842f149e627664f706f78b8286 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Fri, 21 Jul 2023 16:50:27 +0200
Subject: [PATCH 4/5] supress non affecting cve

(cherry picked from commit 4e3b2e0be03fd564f465af1a8cfe24fae9efb1b8)
---
 suppression.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/suppression.xml b/suppression.xml
index e7cc4ea65..b7e99d589 100644
--- a/suppression.xml
+++ b/suppression.xml
@@ -55,4 +55,12 @@
 		<cve>CVE-2022-45688</cve>
 	</suppress>
 
+	<suppress>
+		<notes><![CDATA[
+   		Cryptomator not affected of cve in jackson-databind-2.14.2.jar
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+		<cve>CVE-2023-35116</cve>
+	</suppress>
+
 </suppressions>
\ No newline at end of file

From 164a350e7eab0414c201f0d9ff55b4e60bddf695 Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Mon, 24 Jul 2023 16:34:49 +0200
Subject: [PATCH 5/5] finalize 1.9.2

---
 dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
index 3df3691bc..4fd30d14f 100644
--- a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
+++ b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
@@ -66,6 +66,7 @@
 	</content_rating>
 
 	<releases>
+		<release date="2023-07-24" version="1.9.2"/>
 		<release date="2023-06-07" version="1.9.1"/>
 		<release date="2023-05-30" version="1.9.0"/>
 		<release date="2023-04-25" version="1.8.0"/>