Accepting request 1059323 from editors

- Add CVE-2022-45299-update-webbrowser.patch (copied from gh#tree-sitter/tree-sitter#2042) to use more recent version of webbrowser-rs, which has been fixed against CVE-2022-45299 (bsc#1207196). OBS-URL: https://build.opensuse.org/request/show/1059323 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tree-sitter?expand=0&rev=6
2023-01-18 13:23:18 +00:00 · 2023-01-18 13:23:18 +00:00 · ee6cb8ea60
commit ee6cb8ea60
parent 17587d85dd d10e68f11a
4 changed files with 30 additions and 3 deletions
--- a/CVE-2022-45299-update-webbrowser.patch
+++ b/CVE-2022-45299-update-webbrowser.patch
@ -0,0 +1,15 @@
+---
+ cli/Cargo.toml |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
+@@ -37,7 +37,7 @@ serde = { version = "1.0.130", features
+ smallbitvec = "2.5.1"
+ tiny_http = "0.8"
+ walkdir = "2.3"
+-webbrowser = "0.5.1"
+webbrowser = "0.8.4"
+ which = "4.1.0"
+ 
+ [dependencies.tree-sitter]
--- a/tree-sitter.changes
+++ b/tree-sitter.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jan 18 10:05:05 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2022-45299-update-webbrowser.patch (copied from
+  gh#tree-sitter/tree-sitter#2042) to use more recent version
+  of webbrowser-rs, which has been fixed against CVE-2022-45299
+  (bsc#1207196).
+
 -------------------------------------------------------------------
 Sat Sep 24 09:49:29 UTC 2022 - socvirnyl.estela@gmail.com

--- a/tree-sitter.spec
+++ b/tree-sitter.spec
@ -1,7 +1,7 @@
 #
 # spec file for package tree-sitter
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -27,6 +27,9 @@ URL:            https://tree-sitter.github.io/
 Source0:        https://github.com/tree-sitter/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.xz
 Source1:        vendor.tar.xz
 Source2:        cargo_config
+# PATCH-FIX-UPSTREAM CVE-2022-45299-update-webbrowser.patch bsc#1207196 mcepl@suse.com
+# Use more recent version of webbrowser-rs
+Patch0:         CVE-2022-45299-update-webbrowser.patch
 BuildRequires:  cargo-packaging
 BuildRequires:  rust > 1.40
 Requires:       lib%{name}%{somajor} = %{version}
@ -63,6 +66,7 @@ developing applications that use %{name}.

 %prep
 %autosetup -p1 -a1
+
 mkdir -p .cargo
 cp %{SOURCE2} .cargo/config

--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:6d108dc827180efa41d637739fdb6936e862bf120ddc425562d016352c89a16a
-size 8203012
+oid sha256:75a09d0cfc00ece53acb11649f0c3753fe215693fa51add1f8cb959ada676fdb
+size 19780556