import UBI less-590-3.el9_3
This commit is contained in:
parent
2bb1bb147d
commit
96077ed124
41
SOURCES/less-590-CVE-2022-48624.patch
Normal file
41
SOURCES/less-590-CVE-2022-48624.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Nudelman <markn@greenwoodsoftware.com>
|
||||
Date: Sat, 25 Jun 2022 11:54:43 -0700
|
||||
Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
|
||||
|
||||
---
|
||||
filename.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/filename.c b/filename.c
|
||||
index 5824e38..dff20c0 100644
|
||||
--- a/filename.c
|
||||
+++ b/filename.c
|
||||
@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
|
||||
{
|
||||
#if HAVE_POPEN
|
||||
char *lessclose;
|
||||
+ char *qfilename;
|
||||
+ char *qaltfilename;
|
||||
FILE *fd;
|
||||
char *cmd;
|
||||
int len;
|
||||
@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
|
||||
error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
|
||||
return;
|
||||
}
|
||||
- len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
|
||||
+ qfilename = shell_quote(filename);
|
||||
+ qaltfilename = shell_quote(altfilename);
|
||||
+ len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
|
||||
cmd = (char *) ecalloc(len, sizeof(char));
|
||||
- SNPRINTF2(cmd, len, lessclose, filename, altfilename);
|
||||
+ SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
|
||||
+ free(qaltfilename);
|
||||
+ free(qfilename);
|
||||
fd = shellcmd(cmd);
|
||||
free(cmd);
|
||||
if (fd != NULL)
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A text file browser similar to more, but better
|
||||
Name: less
|
||||
Version: 590
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv3+ or BSD
|
||||
Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
|
||||
Source1: lesspipe.sh
|
||||
@ -16,6 +16,7 @@ Patch9: less-458-less-filters-man.patch
|
||||
Patch10: less-458-lesskey-usage.patch
|
||||
Patch11: less-458-old-bot-in-help.patch
|
||||
Patch12: less-590-CVE-2022-46663.patch
|
||||
Patch13: less-590-CVE-2022-48624.patch
|
||||
URL: https://www.greenwoodsoftware.com/less/
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: autoconf automake libtool
|
||||
@ -42,6 +43,7 @@ files, and you'll use it frequently.
|
||||
%patch10 -p1 -b .lesskey-usage
|
||||
%patch11 -p1 -b .old-bot
|
||||
%patch12 -p1 -b .CVE-2022-46663
|
||||
%patch13 -p1 -b .CVE-2022-48624
|
||||
|
||||
|
||||
%build
|
||||
@ -65,6 +67,10 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Wed Feb 21 2024 Matej Mužila <mmuzila@redhat.com> 590-3
|
||||
- Fix CVE-2022-48624
|
||||
- Resolves: RHEL-26265
|
||||
|
||||
* Thu Apr 20 2023 Matej Mužila <mmuzila@redhat.com> 590-2
|
||||
- Fix CVE-2022-46663
|
||||
- Resolves: CVE-2022-46663
|
||||
|
||||
Loading…
Reference in New Issue
Block a user