Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package binwalk for openSUSE:Factory checked 
in at 2023-01-30 17:11:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/binwalk (Old)
 and      /work/SRC/openSUSE:Factory/.binwalk.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "binwalk"

Mon Jan 30 17:11:18 2023 rev:10 rq:1062014 version:2.3.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/binwalk/binwalk.changes  2021-09-11 
22:24:59.711414092 +0200
+++ /work/SRC/openSUSE:Factory/.binwalk.new.32243/binwalk.changes       
2023-01-30 17:19:55.131429023 +0100
@@ -1,0 +2,5 @@
+Mon Jan 30 09:18:51 UTC 2023 - Boris Manojlovic <bo...@steki.net>
+
+- add CVE-2022-4510 patch file: CVE-2022-4510.patch 
+
+-------------------------------------------------------------------

New:
----
  CVE-2022-4510.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ binwalk.spec ++++++
--- /var/tmp/diff_new_pack.6E7elW/_old  2023-01-30 17:19:56.183434693 +0100
+++ /var/tmp/diff_new_pack.6E7elW/_new  2023-01-30 17:19:56.191434736 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package binwalk
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,6 +23,8 @@
 License:        MIT
 URL:            https://github.com/devttys0/binwalk
 Source:         
https://github.com/devttys0/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM CVE-2022-4510.patch CVE-2022-4510 fix from upstream
+Patch0:         CVE-2022-4510.patch
 BuildRequires:  fdupes
 BuildRequires:  help2man
 BuildRequires:  python-rpm-macros
@@ -73,6 +75,7 @@
 
 %prep
 %setup -q
+%patch0
 
 %build
 %python3_build

++++++ CVE-2022-4510.patch ++++++
Index: src/binwalk/plugins/unpfs.py
===================================================================
--- src/binwalk/plugins/unpfs.py.orig   2021-09-10 19:46:40.000000000 +0200
+++ src/binwalk/plugins/unpfs.py        2023-01-30 10:17:15.441077931 +0100
@@ -104,7 +104,7 @@ class PFSExtractor(binwalk.core.plugin.P
                 data = binwalk.core.common.BlockFile(fname, 'rb')
                 data.seek(fs.get_end_of_meta_data())
                 for entry in fs.entries():
-                    outfile_path = os.path.join(out_dir, entry.fname)
+                    outfile_path = os.path.abspath(os.path.join(out_dir, 
entry.fname))
                     if not outfile_path.startswith(out_dir):
                         binwalk.core.common.warning("Unpfs extractor detected 
directory traversal attempt for file: '%s'. Refusing to extract." % 
outfile_path)
                     else:

Reply via email to