import CS less-590-5.el9

2024-09-30 15:45:46 +00:00 · 2024-09-30 15:45:46 +00:00 · bc247ef76c
commit bc247ef76c
parent be0bdf10d5
6 changed files with 246 additions and 9 deletions
--- a/SOURCES/less-590-CVE-2022-46663.patch
+++ b/SOURCES/less-590-CVE-2022-46663.patch
@ -0,0 +1,21 @@
+commit a78e1351113cef564d790a730d657a321624d79c
+Author: Mark Nudelman <markn@greenwoodsoftware.com>
+Date:   Fri Oct 7 19:25:46 2022 -0700
+
+    End OSC8 hyperlink on invalid embedded escape sequence.
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
+++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
+		if (pansi->prev_esc)
+            return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
--- a/SOURCES/less-590-CVE-2022-48624.patch
+++ b/SOURCES/less-590-CVE-2022-48624.patch
@ -0,0 +1,41 @@
+From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 25 Jun 2022 11:54:43 -0700
+Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
+
+---
+ filename.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5824e38..dff20c0 100644
+--- a/filename.c
+++ b/filename.c
+@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
+ {
+ #if HAVE_POPEN
+ 	char *lessclose;
+	char *qfilename;
+	char *qaltfilename;
+ 	FILE *fd;
+ 	char *cmd;
+ 	int len;
+@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
+ 		error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
+ 		return;
+ 	}
+-	len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
+	qfilename = shell_quote(filename);
+	qaltfilename = shell_quote(altfilename);
+	len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
+ 	cmd = (char *) ecalloc(len, sizeof(char));
+-	SNPRINTF2(cmd, len, lessclose, filename, altfilename);
+	SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
+	free(qaltfilename);
+	free(qfilename);
+ 	fd = shellcmd(cmd);
+ 	free(cmd);
+ 	if (fd != NULL)
+-- 
+2.41.0
+
--- a/SOURCES/less-590-CVE-2024-32487.patch
+++ b/SOURCES/less-590-CVE-2024-32487.patch
@ -0,0 +1,65 @@
+Patch backported from:
+
+commit 007521ac3c95bc76e3d59c6dbfe75d06c8075c33
+Author: Mark Nudelman <markn@greenwoodsoftware.com>
+Date:   Thu Apr 11 17:49:48 2024 -0700
+
+    Fix bug when viewing a file whose name contains a newline.
+
+diff -up less-643/filename.c.cve-2024-32487 less-643/filename.c
+--- less-643/filename.c.cve-2024-32487	2023-07-21 00:43:14.000000000 +0200
+++ less-643/filename.c	2024-04-23 10:24:17.347269703 +0200
+@@ -128,6 +128,15 @@ static char * metachars(void)
+ }
+ 
+ /*
+ * Must use quotes rather than escape char for this metachar?
+ */
+static int must_quote(char c)
+{
+	/* {{ Maybe the set of must_quote chars should be configurable? }} */
+	return (c == '\n'); 
+}
+
+/*
+  * Insert a backslash before each metacharacter in a string.
+  */
+	public char *
+@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
+			} else if (must_quote(*p))
+			{
+				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
+ 	{
+ 		while (*s != '\0')
+ 		{
+-			if (metachar(*s))
+			if (!metachar(*s))
+ 			{
+-				/*
+-				 * Add the escape char.
+-				 */
+				*p++ = *s++;
+			} else if (must_quote(*s))
+			{
+				/* Surround the char with quotes. */
+				*p++ = openquote;
+				*p++ = *s++;
+				*p++ = closequote;
+			} else
+			{
+				/* Insert an escape char before the char. */
+ 				strcpy(p, esc);
+ 				p += esclen;
+				*p++ = *s++;
+ 			}
+-			*p++ = *s++;
+ 		}
+ 		*p = '\0';
+ 	}
--- a/SOURCES/less-590-fix_sast1.patch
+++ b/SOURCES/less-590-fix_sast1.patch
@ -0,0 +1,26 @@
+diff -up less-590/command.c.fix_sast1 less-590/command.c
+--- less-590/command.c.fix_sast1	2021-06-03 19:45:48.000000000 +0200
+++ less-590/command.c	2024-08-06 23:28:58.042048590 +0200
+@@ -927,8 +927,8 @@ getcc_repl(orig, repl, gr_getc, gr_unget
+ 	LWCHAR (*gr_getc)(VOID_PARAM);
+ 	void (*gr_ungetc)(LWCHAR);
+ {
+-	LWCHAR c;
+-	LWCHAR keys[16];
+	char c;
+	char keys[16];
+ 	int ki = 0;
+ 
+ 	c = (*gr_getc)();
+diff -up less-590/decode.c.fix_sast1 less-590/decode.c
+--- less-590/decode.c.fix_sast1	2024-08-06 23:28:58.041048580 +0200
+++ less-590/decode.c	2024-08-06 23:29:55.715615701 +0200
+@@ -934,7 +934,7 @@ add_hometable(call_lesskey, envname, def
+ 	char *def_filename;
+ 	int sysvar;
+ {
+-	char *filename;
+	char *filename = NULL;
+ 	int r;
+ 
+ 	if (envname != NULL && (filename = lgetenv(envname)) != NULL)
--- a/SOURCES/less-590-fix_sast2.patch
+++ b/SOURCES/less-590-fix_sast2.patch
@ -0,0 +1,53 @@
+diff -up less-590/lesskey_parse.c.fix_sast2 less-590/lesskey_parse.c
+--- less-590/lesskey_parse.c.fix_sast2	2024-08-06 23:42:33.839079731 +0200
+++ less-590/lesskey_parse.c	2024-08-06 23:47:17.433874330 +0200
+@@ -548,9 +548,9 @@ parse_lesskey(infile, tables)
+ 	FILE *desc;
+ 	char line[1024];
+ 
+-	if (infile == NULL)
+-		infile = homefile(DEF_LESSKEYINFILE);
+-	lesskey_file = infile;
+	lesskey_file = (infile != NULL) ? strdup(infile) : homefile(DEF_LESSKEYINFILE);
+	if (lesskey_file == NULL)
+		return (-1);
+ 
+ 	init_tables(tables);
+ 	errors = 0;
+@@ -559,22 +559,29 @@ parse_lesskey(infile, tables)
+ 	/*
+ 	 * Open the input file.
+ 	 */
+-	if (strcmp(infile, "-") == 0)
+	if (strcmp(lesskey_file, "-") == 0)
+ 		desc = stdin;
+-	else if ((desc = fopen(infile, "r")) == NULL)
+	else if ((desc = fopen(lesskey_file, "r")) == NULL)
+ 	{
+-		/* parse_error("cannot open lesskey file ", infile); */
+-		return (-1);
+		/* parse_error("cannot open lesskey file %s", lesskey_file); */
+		errors = -1;
+ 	}
+ 
+ 	/*
+ 	 * Read and parse the input file, one line at a time.
+ 	 */
+-	while (fgets(line, sizeof(line), desc) != NULL)
+	if (desc != NULL)
+ 	{
+-		++linenum;
+-		parse_line(line, tables);
+		while (fgets(line, sizeof(line), desc) != NULL)
+		{
+			++linenum;
+			parse_line(line, tables);
+		}
+		if (desc != stdin)
+			fclose(desc);
+ 	}
+	free(lesskey_file);
+	lesskey_file = NULL;
+ 
+ 	return (errors);
+ }
--- a/SPECS/less.spec
+++ b/SPECS/less.spec
@ -1,7 +1,7 @@
 Summary: A text file browser similar to more, but better
 Name: less
 Version: 590
-Release: 1%{?dist}
+Release: 5%{?dist}
 License: GPLv3+ or BSD
 Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Source1: lesspipe.sh
@ -15,6 +15,18 @@ Patch8: less-458-lessecho-usage.patch
 Patch9: less-458-less-filters-man.patch
 Patch10: less-458-lesskey-usage.patch
 Patch11: less-458-old-bot-in-help.patch
+Patch12: less-590-CVE-2022-46663.patch
+Patch13: less-590-CVE-2022-48624.patch
+# from upstream, for less < 661 , RHEL-32739
+Patch14: less-590-CVE-2024-32487.patch
+
+# from upstream, for less < 661, RHEL-51178
+# based on https://github.com/gwsw/less/commit/2a79e5cd341f9c8437a71096c23c8fe8e94b7d0a
+# based on https://github.com/gwsw/less/commit/987ebdc424c4865bf883eb0b11aea2b261b353f2
+Patch15: less-590-fix_sast1.patch
+
+# from upstream, for less < 661, based on commit#1649cc355a9eb824837feb4359828f5627e2eb69, RHEL-51178
+Patch16: less-590-fix_sast2.patch
 URL: https://www.greenwoodsoftware.com/less/
 BuildRequires: ncurses-devel
 BuildRequires: autoconf automake libtool
@ -32,14 +44,19 @@ files, and you'll use it frequently.

 %prep
 %setup -q
-%patch4 -p1 -b .time
-%patch5 -p1 -b .fsync
-%patch6 -p1 -b .manpage-add-old-bot-option
-%patch7 -p1 -b .help
-%patch8 -p1 -b .lessecho-usage
-%patch9 -p1 -b .less-filters-man
-%patch10 -p1 -b .lesskey-usage
-%patch11 -p1 -b .old-bot
+%patch -P 4 -p1 -b .time
+%patch -P 5 -p1 -b .fsync
+%patch -P 6 -p1 -b .manpage-add-old-bot-option
+%patch -P 7 -p1 -b .help
+%patch -P 8 -p1 -b .lessecho-usage
+%patch -P 9 -p1 -b .less-filters-man
+%patch -P 10 -p1 -b .lesskey-usage
+%patch -P 11 -p1 -b .old-bot
+%patch -P 12 -p1 -b .CVE-2022-46663
+%patch -P 13 -p1 -b .CVE-2022-48624
+%patch -P 14 -p1 -b .CVE-2024-32487
+%patch -P 15 -p1 -b .fix_sast1
+%patch -P 16 -p1 -b .fix_sast2


 %build
@ -63,6 +80,20 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
 %{_mandir}/man1/*

 %changelog
+* Tue Aug 06 2024 Michal Hlavinka <mhlavink@redhat.com> - 590-5
+- fix static analysis findings (RHEL-51178)
+
+* Tue Aug 06 2024 Michal Hlavinka <mhlavink@redhat.com> - 590-4
+- fix less with LESSOPEN allowing command injection (CVE-2024-32487) (RHEL-32739)
+
+* Wed Feb 21 2024 Matej Mužila <mmuzila@redhat.com> 590-3
+- Fix CVE-2022-48624
+- Resolves: RHEL-26265
+
+* Thu Apr 20 2023 Matej Mužila <mmuzila@redhat.com> 590-2
+- Fix CVE-2022-46663
+- Resolves: CVE-2022-46663
+
 * Tue Apr 19 2022 Honza Horak <hhorak@redhat.com> - 590-1
 - Update to the version 590
 - Also solves the "message overlay" in the terminal