From b12d93388c95486e3d4dc0cfff6c9ff043c533c3 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Wed, 17 Sep 2025 14:16:46 +0800
Subject: [PATCH] Fix CVE-2022-45787

---
 CVE-2022-45787.patch | 39 +++++++++++++++++++++++++++++++++++++++
 apache-mime4j.spec   |  6 +++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-45787.patch

diff --git a/CVE-2022-45787.patch b/CVE-2022-45787.patch
new file mode 100644
index 0000000..941bdd0
--- /dev/null
+++ b/CVE-2022-45787.patch
@@ -0,0 +1,39 @@
+From 021eb79ba312fe5a7f99fa867ee5350aa5533069 Mon Sep 17 00:00:00 2001
+From: Benoit TELLIER <btellier@linagora.com>
+Date: Tue, 22 Nov 2022 09:14:14 +0700
+Subject: [PATCH] MIME4J-322 Rely on Files.createTempFile (#82)
+
+Origin: https://github.com/apache/james-mime4j/commit/021eb79ba312fe5a7f99fa867ee5350aa5533069
+---
+ .../james/mime4j/storage/TempFileStorageProvider.java    | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/storage/src/main/java/org/apache/james/mime4j/storage/TempFileStorageProvider.java b/storage/src/main/java/org/apache/james/mime4j/storage/TempFileStorageProvider.java
+index ac13cd98..0e87f928 100644
+--- a/storage/src/main/java/org/apache/james/mime4j/storage/TempFileStorageProvider.java
++++ b/storage/src/main/java/org/apache/james/mime4j/storage/TempFileStorageProvider.java
+@@ -26,8 +26,10 @@
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.io.OutputStream;
++import java.nio.file.Files;
+ import java.util.HashSet;
+ import java.util.Iterator;
++import java.util.Optional;
+ import java.util.Set;
+ 
+ import org.apache.commons.io.FileUtils;
+@@ -107,7 +109,12 @@ public TempFileStorageProvider(String prefix, String suffix, File directory) {
+     }
+ 
+     public StorageOutputStream createStorageOutputStream() throws IOException {
+-        File file = File.createTempFile(prefix, suffix, directory);
++        File file;
++        if (directory == null) {
++            file = Files.createTempFile(prefix, suffix).toFile();
++        } else {
++            file = Files.createTempFile(directory.toPath(), prefix, suffix).toFile();
++        }
+         file.deleteOnExit();
+ 
+         return new TempFileStorageOutputStream(file);
diff --git a/apache-mime4j.spec b/apache-mime4j.spec
index 979cc90..d50e542 100644
--- a/apache-mime4j.spec
+++ b/apache-mime4j.spec
@@ -1,12 +1,13 @@
 Name:                apache-mime4j
 Version:             0.8.7
-Release:             4
+Release:             5
 Summary:             Apache JAMES Mime4j
 License:             Apache-2.0
 URL:                 http://james.apache.org/mime4j
 Source0:             http://archive.apache.org/dist/james/mime4j/${version}/james-mime4j-sources-%{version}.zip
 # https://github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1
 Patch0:              CVE-2024-21742.patch
+Patch1:              CVE-2022-45787.patch
 BuildRequires:       maven-local mvn(com.google.guava:guava:18.0) mvn(commons-io:commons-io)
 BuildRequires:       mvn(commons-logging:commons-logging) mvn(junit:junit)
 BuildRequires:       mvn(org.apache:apache:pom:) mvn(org.apache.felix:maven-bundle-plugin)
@@ -51,6 +52,9 @@ export CXXFLAGS="${RPM_OPT_FLAGS}"
 %license LICENSE NOTICE
 
 %changelog
+* Wed Sep 17 2025 yaoxin <1024769339@qq.com> - 0.8.7-5
+- Fix CVE-2022-45787
+
 * Thu Apr 11 2024 Dingli Zhang <dingli@iscas.ac.cn> - 0.8.7-4
 - Update to OpenJDK-11 and fix LenientDateTimeFieldTest
 
-- 
Gitee