From c561a8b7dfb2112c86bc9085f2da3d9d4e9e66f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Mu=C5=BEila?= Date: Tue, 23 Apr 2024 14:15:35 +0200 Subject: [PATCH] Fix CVE-2024-32487 Resolves: RHEL-32738 --- less-530-CVE-2024-32487.patch | 65 +++++++++++++++++++++++++++++++++++ less.spec | 10 ++++-- 2 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 less-530-CVE-2024-32487.patch diff --git a/less-530-CVE-2024-32487.patch b/less-530-CVE-2024-32487.patch new file mode 100644 index 0000000..e6ba0e8 --- /dev/null +++ b/less-530-CVE-2024-32487.patch @@ -0,0 +1,65 @@ +Patch backported from: + +commit 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 +Author: Mark Nudelman +Date: Thu Apr 11 17:49:48 2024 -0700 + + Fix bug when viewing a file whose name contains a newline. + +diff -up less-643/filename.c.cve-2024-32487 less-643/filename.c +--- less-643/filename.c.cve-2024-32487 2023-07-21 00:43:14.000000000 +0200 ++++ less-643/filename.c 2024-04-23 10:24:17.347269703 +0200 +@@ -128,6 +128,15 @@ static char * metachars(void) + } + + /* ++ * Must use quotes rather than escape char for this metachar? ++ */ ++static int must_quote(char c) ++{ ++ /* {{ Maybe the set of must_quote chars should be configurable? }} */ ++ return (c == '\n'); ++} ++ ++/* + * Insert a backslash before each metacharacter in a string. + */ + public char * +@@ -164,6 +173,9 @@ public char * shell_quote(char *s) + * doesn't support escape chars. Use quotes. + */ + use_quotes = 1; ++ } else if (must_quote(*p)) ++ { ++ len += 3; /* open quote + char + close quote */ + } else + { + /* +@@ -193,15 +205,22 @@ public char * shell_quote(char *s) + { + while (*s != '\0') + { +- if (metachar(*s)) ++ if (!metachar(*s)) + { +- /* +- * Add the escape char. +- */ ++ *p++ = *s++; ++ } else if (must_quote(*s)) ++ { ++ /* Surround the char with quotes. */ ++ *p++ = openquote; ++ *p++ = *s++; ++ *p++ = closequote; ++ } else ++ { ++ /* Insert an escape char before the char. */ + strcpy(p, esc); + p += esclen; ++ *p++ = *s++; + } +- *p++ = *s++; + } + *p = '\0'; + } diff --git a/less.spec b/less.spec index fdaef34..88567f2 100644 --- a/less.spec +++ b/less.spec @@ -1,7 +1,7 @@ Summary: A text file browser similar to more, but better Name: less Version: 530 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ or BSD Group: Applications/Text Source: http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz @@ -17,6 +17,7 @@ Patch9: less-458-less-filters-man.patch Patch10: less-458-lesskey-usage.patch Patch11: less-458-old-bot-in-help.patch Patch12: less-530-CVE-2022-48624.patch +Patch13: less-530-CVE-2024-32487.patch URL: http://www.greenwoodsoftware.com/less/ BuildRequires: ncurses-devel BuildRequires: autoconf automake libtool @@ -42,6 +43,7 @@ files, and you'll use it frequently. %patch10 -p1 -b .lesskey-usage %patch11 -p1 -b .old-bot %patch12 -p1 -b .CVE-2022-48624 +%patch13 -p1 -b .CVE-2024-32487 %build @@ -65,7 +67,11 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d %{_mandir}/man1/* %changelog -* Wed Feb 21 2024 Matej Mužila - 530-2 +* Tue Apr 23 2024 Matej Mužila - 530-3 +- Fix CVE-2024-32487 +- Resolves: RHEL-32738 + +* Wed Feb 21 2024 Matej Mužila - 530-2 - Fix CVE-2022-48624 - Resolves: RHEL-26124