From d9a6271f5ceb95bcbf570544eab1b49e02942db116fbfaabe47ba4985f2de59e Mon Sep 17 00:00:00 2001
From: Boris Manojlovic <boris@steki.net>
Date: Mon, 30 Jan 2023 09:24:49 +0000
Subject: [PATCH] Accepting request 1062013 from
 home:bmanojlovic:branches:devel:tools

- add CVE-2022-4510 patch file: CVE-2022-4510.patch

OBS-URL: https://build.opensuse.org/request/show/1062013
OBS-URL: https://build.opensuse.org/package/show/devel:tools/binwalk?expand=0&rev=25
---
 CVE-2022-4510.patch | 13 +++++++++++++
 binwalk.changes     |  5 +++++
 binwalk.spec        |  5 ++++-
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-4510.patch

diff --git a/CVE-2022-4510.patch b/CVE-2022-4510.patch
new file mode 100644
index 0000000..facb636
--- /dev/null
+++ b/CVE-2022-4510.patch
@@ -0,0 +1,13 @@
+Index: src/binwalk/plugins/unpfs.py
+===================================================================
+--- src/binwalk/plugins/unpfs.py.orig	2021-09-10 19:46:40.000000000 +0200
++++ src/binwalk/plugins/unpfs.py	2023-01-30 10:17:15.441077931 +0100
+@@ -104,7 +104,7 @@ class PFSExtractor(binwalk.core.plugin.P
+                 data = binwalk.core.common.BlockFile(fname, 'rb')
+                 data.seek(fs.get_end_of_meta_data())
+                 for entry in fs.entries():
+-                    outfile_path = os.path.join(out_dir, entry.fname)
++                    outfile_path = os.path.abspath(os.path.join(out_dir, entry.fname))
+                     if not outfile_path.startswith(out_dir):
+                         binwalk.core.common.warning("Unpfs extractor detected directory traversal attempt for file: '%s'. Refusing to extract." % outfile_path)
+                     else:
diff --git a/binwalk.changes b/binwalk.changes
index 2881a2d..52e1ff8 100644
--- a/binwalk.changes
+++ b/binwalk.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jan 30 09:18:51 UTC 2023 - Boris Manojlovic <boris@steki.net>
+
+- add CVE-2022-4510 patch file: CVE-2022-4510.patch 
+
 -------------------------------------------------------------------
 Sat Sep 11 12:23:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>
 
diff --git a/binwalk.spec b/binwalk.spec
index a812aa6..f9aaf48 100644
--- a/binwalk.spec
+++ b/binwalk.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package binwalk
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,6 +23,8 @@ Summary:        Firmware Analysis Tool
 License:        MIT
 URL:            https://github.com/devttys0/binwalk
 Source:         https://github.com/devttys0/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM CVE-2022-4510.patch CVE-2022-4510 fix from upstream
+Patch0:         CVE-2022-4510.patch
 BuildRequires:  fdupes
 BuildRequires:  help2man
 BuildRequires:  python-rpm-macros
@@ -73,6 +75,7 @@ bootloaders, filesystems, etc.
 
 %prep
 %setup -q
+%patch0
 
 %build
 %python3_build