Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tree-sitter for openSUSE:Factory checked in at 2023-01-18 14:23:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tree-sitter (Old) and /work/SRC/openSUSE:Factory/.tree-sitter.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tree-sitter" Wed Jan 18 14:23:18 2023 rev:6 rq:1059323 version:0.20.7 Changes: -------- --- /work/SRC/openSUSE:Factory/tree-sitter/tree-sitter.changes 2022-09-26 18:48:37.772102514 +0200 +++ /work/SRC/openSUSE:Factory/.tree-sitter.new.32243/tree-sitter.changes 2023-01-18 14:23:20.660127003 +0100 @@ -1,0 +2,8 @@ +Wed Jan 18 10:05:05 UTC 2023 - Matej Cepl <mc...@suse.com> + +- Add CVE-2022-45299-update-webbrowser.patch (copied from + gh#tree-sitter/tree-sitter#2042) to use more recent version + of webbrowser-rs, which has been fixed against CVE-2022-45299 + (bsc#1207196). + +------------------------------------------------------------------- New: ---- CVE-2022-45299-update-webbrowser.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tree-sitter.spec ++++++ --- /var/tmp/diff_new_pack.cB9Q3C/_old 2023-01-18 14:23:25.196152405 +0100 +++ /var/tmp/diff_new_pack.cB9Q3C/_new 2023-01-18 14:23:25.204152450 +0100 @@ -1,7 +1,7 @@ # # spec file for package tree-sitter # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,9 @@ Source0: https://github.com/tree-sitter/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.xz Source1: vendor.tar.xz Source2: cargo_config +# PATCH-FIX-UPSTREAM CVE-2022-45299-update-webbrowser.patch bsc#1207196 mc...@suse.com +# Use more recent version of webbrowser-rs +Patch0: CVE-2022-45299-update-webbrowser.patch BuildRequires: cargo-packaging BuildRequires: rust > 1.40 Requires: lib%{name}%{somajor} = %{version} @@ -63,6 +66,7 @@ %prep %autosetup -p1 -a1 + mkdir -p .cargo cp %{SOURCE2} .cargo/config ++++++ CVE-2022-45299-update-webbrowser.patch ++++++ --- cli/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -37,7 +37,7 @@ serde = { version = "1.0.130", features smallbitvec = "2.5.1" tiny_http = "0.8" walkdir = "2.3" -webbrowser = "0.5.1" +webbrowser = "0.8.4" which = "4.1.0" [dependencies.tree-sitter] ++++++ vendor.tar.xz ++++++ /work/SRC/openSUSE:Factory/tree-sitter/vendor.tar.xz /work/SRC/openSUSE:Factory/.tree-sitter.new.32243/vendor.tar.xz differ: char 26, line 1