Accepting request 1065825 from devel:tools

- Update to version 2.3.4. OBS-URL: https://build.opensuse.org/request/show/1065825 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/binwalk?expand=0&rev=11
2023-02-15 12:40:12 +00:00 · 2023-02-15 12:40:12 +00:00 · 9e19ca0ced
commit 9e19ca0ced
parent ad124c1df6 a011a770b9
5 changed files with 12 additions and 21 deletions
--- a/CVE-2022-4510.patch
+++ b/CVE-2022-4510.patch
@ -1,13 +0,0 @@
-Index: src/binwalk/plugins/unpfs.py
-===================================================================
--- src/binwalk/plugins/unpfs.py.orig	2021-09-10 19:46:40.000000000 +0200
-+++ src/binwalk/plugins/unpfs.py	2023-01-30 10:17:15.441077931 +0100
-@@ -104,7 +104,7 @@ class PFSExtractor(binwalk.core.plugin.P
-                 data = binwalk.core.common.BlockFile(fname, 'rb')
-                 data.seek(fs.get_end_of_meta_data())
-                 for entry in fs.entries():
-                    outfile_path = os.path.join(out_dir, entry.fname)
-+                    outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
-                     if not outfile_path.startswith(out_dir):
-                         binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
-                     else:
--- a/binwalk-2.3.3.tar.gz
+++ b/binwalk-2.3.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7e32b94dc77632b51d18732b5456e2a3ef85e4521d7d4a54410e36f93859501f
-size 39723775
--- a/binwalk-2.3.4.tar.gz
+++ b/binwalk-2.3.4.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:60416bfec2390cec76742ce942737df3e6585c933c2467932f59c21e002ba7a9
+size 39723471
--- a/binwalk.changes
+++ b/binwalk.changes
@ -1,7 +1,14 @@
+-------------------------------------------------------------------
+Tue Feb 14 08:16:19 UTC 2023 - Robert Frohl <rfrohl@suse.com>
+
+- Update to version 2.3.4
+  * CVE-2022-4510: path traversal in PFS extractor script (boo#1207744)
+- drop CVE-2022-4510.patch
+
 -------------------------------------------------------------------
 Mon Jan 30 09:18:51 UTC 2023 - Boris Manojlovic <boris@steki.net>

- add CVE-2022-4510 patch file: CVE-2022-4510.patch 
+- add CVE-2022-4510 patch file: CVE-2022-4510.patch (boo#1207744)

 -------------------------------------------------------------------
 Sat Sep 11 12:23:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>
--- a/binwalk.spec
+++ b/binwalk.spec
@ -17,14 +17,12 @@


 Name:           binwalk
-Version:        2.3.3
+Version:        2.3.4
 Release:        0
 Summary:        Firmware Analysis Tool
 License:        MIT
 URL:            https://github.com/devttys0/binwalk
 Source:         https://github.com/devttys0/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM CVE-2022-4510.patch CVE-2022-4510 fix from upstream
-Patch0:         CVE-2022-4510.patch
 BuildRequires:  fdupes
 BuildRequires:  help2man
 BuildRequires:  python-rpm-macros
@ -75,7 +73,6 @@ bootloaders, filesystems, etc.

 %prep
 %setup -q
-%patch0

 %build
 %python3_build