import less-590-2.el9_2

SOURCES/less-590-CVE-2022-46663.patch

@@ -0,0 +1,21 @@
+commit a78e1351113cef564d790a730d657a321624d79c
+Author: Mark Nudelman <markn@greenwoodsoftware.com>
+Date:   Fri Oct 7 19:25:46 2022 -0700
+
+    End OSC8 hyperlink on invalid embedded escape sequence.
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++            return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}

SPECS/less.spec

@@ -1,7 +1,7 @@
 Summary: A text file browser similar to more, but better
 Name: less
 Version: 590
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+ or BSD
 Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Source1: lesspipe.sh
@@ -15,6 +15,7 @@ Patch8: less-458-lessecho-usage.patch
 Patch9: less-458-less-filters-man.patch
 Patch10: less-458-lesskey-usage.patch
 Patch11: less-458-old-bot-in-help.patch
+Patch12: less-590-CVE-2022-46663.patch
 URL: https://www.greenwoodsoftware.com/less/
 BuildRequires: ncurses-devel
 BuildRequires: autoconf automake libtool
@@ -40,6 +41,7 @@ files, and you'll use it frequently.
 %patch9 -p1 -b .less-filters-man
 %patch10 -p1 -b .lesskey-usage
 %patch11 -p1 -b .old-bot
+%patch12 -p1 -b .CVE-2022-46663
 
 
 %build
@@ -63,6 +65,10 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
 %{_mandir}/man1/*
 
 %changelog
+* Thu Apr 20 2023 Matej Mužila <mmuzila@redhat.com> 590-2
+- Fix CVE-2022-46663
+- Resolves: CVE-2022-46663
+
 * Tue Apr 19 2022 Honza Horak <hhorak@redhat.com> - 590-1
 - Update to the version 590
 - Also solves the "message overlay" in the terminal