From d10e68f11ae05ccc81fa0a42ded9474ba0c416ece0e864d76519c73425566d8f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 18 Jan 2023 10:13:09 +0000 Subject: [PATCH] - Add CVE-2022-45299-update-webbrowser.patch (copied from gh#tree-sitter/tree-sitter#2042) to use more recent version of webbrowser-rs, which has been fixed against CVE-2022-45299 (bsc#1207196). OBS-URL: https://build.opensuse.org/package/show/editors/tree-sitter?expand=0&rev=11 --- CVE-2022-45299-update-webbrowser.patch | 15 +++++++++++++++ tree-sitter.changes | 8 ++++++++ tree-sitter.spec | 6 +++++- vendor.tar.xz | 4 ++-- 4 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 CVE-2022-45299-update-webbrowser.patch diff --git a/CVE-2022-45299-update-webbrowser.patch b/CVE-2022-45299-update-webbrowser.patch new file mode 100644 index 0000000..5f7a0d9 --- /dev/null +++ b/CVE-2022-45299-update-webbrowser.patch @@ -0,0 +1,15 @@ +--- + cli/Cargo.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/cli/Cargo.toml ++++ b/cli/Cargo.toml +@@ -37,7 +37,7 @@ serde = { version = "1.0.130", features + smallbitvec = "2.5.1" + tiny_http = "0.8" + walkdir = "2.3" +-webbrowser = "0.5.1" ++webbrowser = "0.8.4" + which = "4.1.0" + + [dependencies.tree-sitter] diff --git a/tree-sitter.changes b/tree-sitter.changes index ee1875e..1f73888 100644 --- a/tree-sitter.changes +++ b/tree-sitter.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jan 18 10:05:05 UTC 2023 - Matej Cepl + +- Add CVE-2022-45299-update-webbrowser.patch (copied from + gh#tree-sitter/tree-sitter#2042) to use more recent version + of webbrowser-rs, which has been fixed against CVE-2022-45299 + (bsc#1207196). + ------------------------------------------------------------------- Sat Sep 24 09:49:29 UTC 2022 - socvirnyl.estela@gmail.com diff --git a/tree-sitter.spec b/tree-sitter.spec index 22559db..31f794c 100644 --- a/tree-sitter.spec +++ b/tree-sitter.spec @@ -1,7 +1,7 @@ # # spec file for package tree-sitter # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,9 @@ URL: https://tree-sitter.github.io/ Source0: https://github.com/tree-sitter/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.xz Source1: vendor.tar.xz Source2: cargo_config +# PATCH-FIX-UPSTREAM CVE-2022-45299-update-webbrowser.patch bsc#1207196 mcepl@suse.com +# Use more recent version of webbrowser-rs +Patch0: CVE-2022-45299-update-webbrowser.patch BuildRequires: cargo-packaging BuildRequires: rust > 1.40 Requires: lib%{name}%{somajor} = %{version} @@ -63,6 +66,7 @@ developing applications that use %{name}. %prep %autosetup -p1 -a1 + mkdir -p .cargo cp %{SOURCE2} .cargo/config diff --git a/vendor.tar.xz b/vendor.tar.xz index 18617ca..4cfa32f 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6d108dc827180efa41d637739fdb6936e862bf120ddc425562d016352c89a16a -size 8203012 +oid sha256:75a09d0cfc00ece53acb11649f0c3753fe215693fa51add1f8cb959ada676fdb +size 19780556