fix static analysis findigs (RHEL-40257)

updated to 661 Resolves: RHEL-40257
2024-08-05 22:16:56 +02:00 · 2024-08-05 22:16:56 +02:00 · 73b37ac69f
commit 73b37ac69f
parent 5909d6698e
7 changed files with 62 additions and 80 deletions
--- a/.gitignore
+++ b/.gitignore
@ -8,3 +8,4 @@
 /less-608.tar.gz
 /less-633.tar.gz
 /less-643.tar.gz
+/less-661.tar.gz
--- a/less-436-help.patch
+++ b/less-436-help.patch
@ -0,0 +1,24 @@
+diff -up less-661/help.c.help less-661/help.c
+--- less-661/help.c.help	2024-08-05 21:40:34.531327397 +0200
+++ less-661/help.c	2024-08-05 21:40:34.533327418 +0200
+@@ -137,7 +137,7 @@ constant char helpdata[] = {
+ ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','N','u','m','b','e','r',' ','o','f',' ','b','u','f','f','e','r','s','.','\n',
+ ' ',' ','-','B',' ',' ','.','.','.','.','.','.','.','.',' ',' ','-','-','a','u','t','o','-','b','u','f','f','e','r','s','\n',
+ ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','D','o','n','\'','t',' ','a','u','t','o','m','a','t','i','c','a','l','l','y',' ','a','l','l','o','c','a','t','e',' ','b','u','f','f','e','r','s',' ','f','o','r',' ','p','i','p','e','s','.','\n',
+-' ',' ','-','c',' ',' ','.','.','.','.','.','.','.','.',' ',' ','-','-','c','l','e','a','r','-','s','c','r','e','e','n','\n',
+' ',' ','-','c',' ',' ','-','C',' ',' ','.','.','.','.',' ',' ','-','-','c','l','e','a','r','-','s','c','r','e','e','n',' ','-','-','C','L','E','A','R','-','S','C','R','E','E','N','\n',
+ ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','R','e','p','a','i','n','t',' ','b','y',' ','c','l','e','a','r','i','n','g',' ','r','a','t','h','e','r',' ','t','h','a','n',' ','s','c','r','o','l','l','i','n','g','.','\n',
+ ' ',' ','-','d',' ',' ','.','.','.','.','.','.','.','.',' ',' ','-','-','d','u','m','b','\n',
+ ' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ','D','u','m','b',' ','t','e','r','m','i','n','a','l','.','\n',
+diff -up less-661/less.hlp.help less-661/less.hlp
+--- less-661/less.hlp.help	2024-08-05 21:40:34.532327408 +0200
+++ less-661/less.hlp	2024-08-05 21:40:34.533327418 +0200
+@@ -134,7 +134,7 @@
+                   Number of buffers.
+   -B  ........  --auto-buffers
+                   Don't automatically allocate buffers for pipes.
+-  -c  ........  --clear-screen
+  -c  -C  ....  --clear-screen --CLEAR-SCREEN
+                   Repaint by clearing rather than scrolling.
+   -d  ........  --dumb
+                   Dumb terminal.
--- a/less-643-CVE-2024-32487.patch
+++ b/less-643-CVE-2024-32487.patch
@ -1,65 +0,0 @@
-Patch backported from:
-
-commit 007521ac3c95bc76e3d59c6dbfe75d06c8075c33
-Author: Mark Nudelman <markn@greenwoodsoftware.com>
-Date:   Thu Apr 11 17:49:48 2024 -0700
-
-    Fix bug when viewing a file whose name contains a newline.
-
-diff -up less-643/filename.c.cve-2024-32487 less-643/filename.c
--- less-643/filename.c.cve-2024-32487	2023-07-21 00:43:14.000000000 +0200
-+++ less-643/filename.c	2024-04-23 10:24:17.347269703 +0200
-@@ -128,6 +128,15 @@ static char * metachars(void)
- }
- 
- /*
-+ * Must use quotes rather than escape char for this metachar?
-+ */
-+static int must_quote(char c)
-+{
-+	/* {{ Maybe the set of must_quote chars should be configurable? }} */
-+	return (c == '\n'); 
-+}
-+
-+/*
-  * Insert a backslash before each metacharacter in a string.
-  */
- public char * shell_quote(char *s)
-@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
- 				 * doesn't support escape chars.  Use quotes.
- 				 */
- 				use_quotes = 1;
-+			} else if (must_quote(*p))
-+			{
-+				len += 3; /* open quote + char + close quote */
- 			} else
- 			{
- 				/*
-@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
- 	{
- 		while (*s != '\0')
- 		{
-			if (metachar(*s))
-+			if (!metachar(*s))
- 			{
-				/*
-				 * Add the escape char.
-				 */
-+				*p++ = *s++;
-+			} else if (must_quote(*s))
-+			{
-+				/* Surround the char with quotes. */
-+				*p++ = openquote;
-+				*p++ = *s++;
-+				*p++ = closequote;
-+			} else
-+			{
-+				/* Insert an escape char before the char. */
- 				strcpy(p, esc);
- 				p += esclen;
-+				*p++ = *s++;
- 			}
-			*p++ = *s++;
- 		}
- 		*p = '\0';
- 	}
--- a/less-661-fix_sast.patch
+++ b/less-661-fix_sast.patch
@ -0,0 +1,12 @@
+diff -up less-661/input.c.fix_sast less-661/input.c
+--- less-661/input.c.fix_sast	2024-08-05 21:48:33.202257453 +0200
+++ less-661/input.c	2024-08-05 21:49:36.717911621 +0200
+@@ -345,7 +345,7 @@ public POSITION back_line(POSITION curr_
+ {
+ 	POSITION base_pos;
+ 	POSITION new_pos;
+-	POSITION edisp_pos;
+	POSITION edisp_pos = NULL_POSITION;
+ 	POSITION begin_new_pos;
+ 	int c;
+ 	lbool endline;
--- a/less.spec
+++ b/less.spec
@ -1,7 +1,7 @@
 Summary: A text file browser similar to more, but better
 Name: less
-Version: 643
-Release: 8%{?dist}
+Version: 661
+Release: 1%{?dist}
 License: GPL-3.0-only AND BSD-2-Clause
 Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Source1: lesspipe.sh
@ -14,7 +14,8 @@ Patch8: less-458-lessecho-usage.patch
 Patch9: less-458-less-filters-man.patch
 Patch10: less-458-lesskey-usage.patch
 Patch11: less-458-old-bot-in-help.patch
-Patch12: less-643-CVE-2024-32487.patch
+Patch12: less-436-help.patch
+Patch13: less-661-fix_sast.patch
 URL: https://www.greenwoodsoftware.com/less/
 BuildRequires: ncurses-devel
 BuildRequires: autoconf automake libtool
@ -32,14 +33,15 @@ files, and you'll use it frequently.

 %prep
 %setup -q
-%patch4 -p1 -b .time
-%patch5 -p1 -b .fsync
-%patch6 -p1 -b .manpage-add-old-bot-option
-%patch8 -p1 -b .lessecho-usage
-%patch9 -p1 -b .less-filters-man
-%patch10 -p1 -b .lesskey-usage
-%patch11 -p1 -b .old-bot
-%patch12 -p1 -b .CVE-2024-32487
+%patch -P 4 -p1 -b .time
+%patch -P 5 -p1 -b .fsync
+%patch -P 6 -p1 -b .manpage-add-old-bot-option
+%patch -P 8 -p1 -b .lessecho-usage
+%patch -P 9 -p1 -b .less-filters-man
+%patch -P 10 -p1 -b .lesskey-usage
+%patch -P 11 -p1 -b .old-bot
+%patch -P 12 -p1 -b .help
+%patch -P 13 -p1 -b .fix_sast


 %build
@ -63,10 +65,14 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
 %{_mandir}/man1/*

 %changelog
+* Fri Jul 26 2024 Michal Hlavinka <mhlavink@redhat.com> - 661-1
+- fix static analysis findigs (RHEL-40257)
+- updated to 661
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 643-8
 - Bump release for June 2024 mass rebuild

-* Tue Jun 12 2024 Matej Mužila <mmuzila@redhat.com> - 643-7
+* Wed Jun 12 2024 Matej Mužila <mmuzila@redhat.com> - 643-7
 - Bump release
 - Related: RHEL-32740

--- a/lesspipe.sh
+++ b/lesspipe.sh
@ -63,12 +63,16 @@ case "$1" in
 	if [ -n "$DECOMPRESSOR" ] && $DECOMPRESSOR -- "$1" | file - | grep -q troff; then
 		$DECOMPRESSOR -- "$1" | manfilter -
 		exit $?
-	fi ;;&
+	fi
+esac
+case "$1" in
 *.[1-9n]|*.[1-9]x|*.man)
 	if file "$1" | grep -q troff; then
 		manfilter "$1"
 		exit $?
-	fi ;;&
+	fi
+esac
+case "$1" in
 *.tar) tar tvvf "$1"; exit $? ;;
 *.tgz|*.tar.gz|*.tar.[zZ]) tar tzvvf "$1"; exit $? ;;
 *.tar.xz) tar Jtvvf "$1"; exit $? ;;
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (less-643.tar.gz) = 6a324ac54e22429ac652dc303bc1fe48933555d1cbf8ad7ecf345940910c014fef9551a3219743cfb7115e356b5841ae97d6ce62e7a1ba1e3300d243efca34d9
+SHA512 (less-661.tar.gz) = 49d81ff9e79d43ce0271490e3bffd590b4aed5fcb387bc8eb3128de99e5b5a5ede2e2818b546f6e3a140fa6261f1de3dfba1231f7ff7ef18502bb7030eaea1b5