rpm/binwalk
SHA256
1
0
Fork 0
forked from pool/binwalk
Code Pull Requests Activity

Accepting request 1065825 from devel:tools

Browse Source 
- Update to version 2.3.4.

OBS-URL: https://build.opensuse.org/request/show/1065825
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/binwalk?expand=0&rev=11
This commit is contained in:
Dominique Leuenberger 2023-02-15 12:40:12 +00:00 committed by Git OBS Bridge
commit 9e19ca0ced
5 changed files with 12 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CVE-2022-4510.patch
View File

@ -1,13 +0,0 @@
Index: src/binwalk/plugins/unpfs.py
===================================================================
--- src/binwalk/plugins/unpfs.py.orig 2021-09-10 19:46:40.000000000 +0200
+++ src/binwalk/plugins/unpfs.py 2023-01-30 10:17:15.441077931 +0100
@@ -104,7 +104,7 @@ class PFSExtractor(binwalk.core.plugin.P
data = binwalk.core.common.BlockFile(fname, 'rb')
data.seek(fs.get_end_of_meta_data())
for entry in fs.entries():
- outfile_path = os.path.join(out_dir, entry.fname)
+ outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
if not outfile_path.startswith(out_dir):
binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
else:

3
binwalk-2.3.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e32b94dc77632b51d18732b5456e2a3ef85e4521d7d4a54410e36f93859501f
size 39723775

3
binwalk-2.3.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:60416bfec2390cec76742ce942737df3e6585c933c2467932f59c21e002ba7a9
size 39723471

9
binwalk.changes
View File

@ -1,7 +1,14 @@
-------------------------------------------------------------------
Tue Feb 14 08:16:19 UTC 2023 - Robert Frohl <rfrohl@suse.com>
- Update to version 2.3.4
* CVE-2022-4510: path traversal in PFS extractor script (boo#1207744)
- drop CVE-2022-4510.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 30 09:18:51 UTC 2023 - Boris Manojlovic <boris@steki.net> Mon Jan 30 09:18:51 UTC 2023 - Boris Manojlovic <boris@steki.net>
- add CVE-2022-4510 patch file: CVE-2022-4510.patch - add CVE-2022-4510 patch file: CVE-2022-4510.patch (boo#1207744)
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Sep 11 12:23:54 UTC 2021 - Martin Hauke <mardnh@gmx.de> Sat Sep 11 12:23:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>

5
binwalk.spec
View File

@ -17,14 +17,12 @@
Name: binwalk Name: binwalk
Version: 2.3.3 Version: 2.3.4
Release: 0 Release: 0
Summary: Firmware Analysis Tool Summary: Firmware Analysis Tool
License: MIT License: MIT
URL: https://github.com/devttys0/binwalk URL: https://github.com/devttys0/binwalk
Source: https://github.com/devttys0/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source: https://github.com/devttys0/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# PATCH-FIX-UPSTREAM CVE-2022-4510.patch CVE-2022-4510 fix from upstream
Patch0: CVE-2022-4510.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: help2man BuildRequires: help2man
BuildRequires: python-rpm-macros BuildRequires: python-rpm-macros
@ -75,7 +73,6 @@ bootloaders, filesystems, etc.
%prep %prep
%setup -q %setup -q
%patch0
%build %build
%python3_build %python3_build