rpms/less
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI less-590-3.el9_3

Browse Source
This commit is contained in:
eabdullin 2024-04-08 14:49:15 +00:00
parent 2bb1bb147d
commit 96077ed124
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
SOURCES/less-590-CVE-2022-48624.patch Normal file
View File

@ -0,0 +1,41 @@
From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
From: Mark Nudelman <markn@greenwoodsoftware.com>
Date: Sat, 25 Jun 2022 11:54:43 -0700
Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
---
filename.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/filename.c b/filename.c
index 5824e38..dff20c0 100644
--- a/filename.c
+++ b/filename.c
@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
{
#if HAVE_POPEN
char *lessclose;
+ char *qfilename;
+ char *qaltfilename;
FILE *fd;
char *cmd;
int len;
@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
return;
}
- len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
+ qfilename = shell_quote(filename);
+ qaltfilename = shell_quote(altfilename);
+ len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
cmd = (char *) ecalloc(len, sizeof(char));
- SNPRINTF2(cmd, len, lessclose, filename, altfilename);
+ SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
+ free(qaltfilename);
+ free(qfilename);
fd = shellcmd(cmd);
free(cmd);
if (fd != NULL)
--
2.41.0

8
SPECS/less.spec
View File

@ -1,7 +1,7 @@
Summary: A text file browser similar to more, but better Summary: A text file browser similar to more, but better
Name: less Name: less
Version: 590 Version: 590
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv3+ or BSD License: GPLv3+ or BSD
Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
Source1: lesspipe.sh Source1: lesspipe.sh
@ -16,6 +16,7 @@ Patch9: less-458-less-filters-man.patch
Patch10: less-458-lesskey-usage.patch Patch10: less-458-lesskey-usage.patch
Patch11: less-458-old-bot-in-help.patch Patch11: less-458-old-bot-in-help.patch
Patch12: less-590-CVE-2022-46663.patch Patch12: less-590-CVE-2022-46663.patch
Patch13: less-590-CVE-2022-48624.patch
URL: https://www.greenwoodsoftware.com/less/ URL: https://www.greenwoodsoftware.com/less/
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
@ -42,6 +43,7 @@ files, and you'll use it frequently.
%patch10 -p1 -b .lesskey-usage %patch10 -p1 -b .lesskey-usage
%patch11 -p1 -b .old-bot %patch11 -p1 -b .old-bot
%patch12 -p1 -b .CVE-2022-46663 %patch12 -p1 -b .CVE-2022-46663
%patch13 -p1 -b .CVE-2022-48624
%build %build
@ -65,6 +67,10 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Wed Feb 21 2024 Matej Mužila <mmuzila@redhat.com> 590-3
- Fix CVE-2022-48624
- Resolves: RHEL-26265
* Thu Apr 20 2023 Matej Mužila <mmuzila@redhat.com> 590-2 * Thu Apr 20 2023 Matej Mužila <mmuzila@redhat.com> 590-2
- Fix CVE-2022-46663 - Fix CVE-2022-46663
- Resolves: CVE-2022-46663 - Resolves: CVE-2022-46663