Tuesday, October 31, 2023

[security update] sysutils/binwalk 2.3.3 -> 2.3.4

[cc'ing maintainer]

2.3.4 fixes code execution bug:
https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.4

The diff between the versions is minimal:
https://github.com/ReFirmLabs/binwalk/compare/v2.3.3...v2.3.4

Tests are failing for me in both 2.3.3 and 2.3.4, but basic
functionality of the python script works.

Also small patch for setup.py for missing version bump in upstream.

diff refs/heads/master refs/heads/binwalk
commit - 0f0b56af818006cfd3bd9e00962982377811e4b0
commit + 4984a39942d7f0a1f7bc4de55b90e6396dcdfe37
blob - 93a038fbe5ef00855836fd81ad218f3b24bcf058
blob + 23d91076c771cc0bc2ba7ed23c23987bd9b98891
--- sysutils/binwalk/Makefile
+++ sysutils/binwalk/Makefile
@@ -1,10 +1,9 @@
COMMENT = tool for reverse-engineering and analysing firmware blobs

-MODPY_EGG_VERSION = 2.3.3
+MODPY_EGG_VERSION = 2.3.4
GH_ACCOUNT = ReFirmLabs
GH_PROJECT = binwalk
GH_TAGNAME = v${MODPY_EGG_VERSION}
-REVISION = 1

CATEGORIES = sysutils

blob - e5e10fbcc733a0d6d8412af9ea5bd182a6d1e54f
blob + 533314d56e0b70a7fd77e9e3a3d5fd17ef30d290
--- sysutils/binwalk/distinfo
+++ sysutils/binwalk/distinfo
@@ -1,2 +1,2 @@
-SHA256 (binwalk-2.3.3.tar.gz) = fjK5Tcd2MrUdGHMrVFbio++F5FIdfUpUQQ42+ThZUB8=
-SIZE (binwalk-2.3.3.tar.gz) = 39723775
+SHA256 (binwalk-2.3.4.tar.gz) = YEFr/sI5DOx2dCzpQnN98+ZYXJM8JGeTL1nCHgArp6k=
+SIZE (binwalk-2.3.4.tar.gz) = 39723471
blob - /dev/null
blob + 8bb98a9ddd9e98d5df1bef465fee8c5260d10c81 (mode 644)
--- /dev/null
+++ sysutils/binwalk/patches/patch-setup_py
@@ -0,0 +1,12 @@
+Index: setup.py
+--- setup.py.orig
++++ setup.py
+@@ -12,7 +12,7 @@ except ImportError:
+ from distutils.dir_util import remove_tree
+
+ MODULE_NAME = "binwalk"
+-MODULE_VERSION = "2.3.3"
++MODULE_VERSION = "2.3.4"
+ SCRIPT_NAME = MODULE_NAME
+ MODULE_DIRECTORY = os.path.dirname(os.path.realpath(__file__))
+

No comments:

Post a Comment