diff --git a/less-590-CVE-2024-32487.patch b/less-590-CVE-2024-32487.patch new file mode 100644 index 0000000..e6ba0e8 --- /dev/null +++ b/less-590-CVE-2024-32487.patch @@ -0,0 +1,65 @@ +Patch backported from: + +commit 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 +Author: Mark Nudelman +Date: Thu Apr 11 17:49:48 2024 -0700 + + Fix bug when viewing a file whose name contains a newline. + +diff -up less-643/filename.c.cve-2024-32487 less-643/filename.c +--- less-643/filename.c.cve-2024-32487 2023-07-21 00:43:14.000000000 +0200 ++++ less-643/filename.c 2024-04-23 10:24:17.347269703 +0200 +@@ -128,6 +128,15 @@ static char * metachars(void) + } + + /* ++ * Must use quotes rather than escape char for this metachar? ++ */ ++static int must_quote(char c) ++{ ++ /* {{ Maybe the set of must_quote chars should be configurable? }} */ ++ return (c == '\n'); ++} ++ ++/* + * Insert a backslash before each metacharacter in a string. + */ + public char * +@@ -164,6 +173,9 @@ public char * shell_quote(char *s) + * doesn't support escape chars. Use quotes. + */ + use_quotes = 1; ++ } else if (must_quote(*p)) ++ { ++ len += 3; /* open quote + char + close quote */ + } else + { + /* +@@ -193,15 +205,22 @@ public char * shell_quote(char *s) + { + while (*s != '\0') + { +- if (metachar(*s)) ++ if (!metachar(*s)) + { +- /* +- * Add the escape char. +- */ ++ *p++ = *s++; ++ } else if (must_quote(*s)) ++ { ++ /* Surround the char with quotes. */ ++ *p++ = openquote; ++ *p++ = *s++; ++ *p++ = closequote; ++ } else ++ { ++ /* Insert an escape char before the char. */ + strcpy(p, esc); + p += esclen; ++ *p++ = *s++; + } +- *p++ = *s++; + } + *p = '\0'; + } diff --git a/less-633-cve2024_32487prereq.patch b/less-633-cve2024_32487prereq.patch deleted file mode 100644 index c0b2a8a..0000000 --- a/less-633-cve2024_32487prereq.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up less-633/prompt.c.cve_prereq less-633/prompt.c ---- less-633/prompt.c.cve_prereq 2024-07-27 00:44:40.347267609 +0200 -+++ less-633/prompt.c 2024-07-27 00:45:26.575783719 +0200 -@@ -36,6 +36,13 @@ extern char *editor; - extern char *editproto; - #endif - -+typedef enum lbool { LFALSE, LTRUE } lbool; -+ -+#undef TRUE -+#define TRUE LTRUE -+#undef FALSE -+#define FALSE LFALSE -+ - /* - * Prototypes for the three flavors of prompts. - * These strings are expanded by pr_expand(). diff --git a/less-654-cve2024_32487fix.patch b/less-654-cve2024_32487fix.patch deleted file mode 100644 index 16ea423..0000000 --- a/less-654-cve2024_32487fix.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -up less-590/output.c.cve2024_32487fix less-590/output.c ---- less-590/output.c.cve2024_32487fix 2021-06-03 19:45:48.000000000 +0200 -+++ less-590/output.c 2024-08-06 21:41:26.672021477 +0200 -@@ -31,6 +31,7 @@ extern int so_s_width, so_e_width; - extern int screen_trashed; - extern int is_tty; - extern int oldbot; -+extern int utf_mode; - - #if MSDOS_COMPILER==WIN32C || MSDOS_COMPILER==BORLANDC || MSDOS_COMPILER==DJGPPC - extern int ctldisp; -@@ -562,6 +563,7 @@ less_printf(fmt, parg) - PARG *parg; - { - char *s; -+ constant char *es; - int col; - - col = 0; -@@ -578,11 +580,17 @@ less_printf(fmt, parg) - { - case 's': - s = parg->p_string; -+ es = s + strlen(s); - parg++; - while (*s != '\0') - { -- putchr(*s++); -- col++; -+ LWCHAR ch = step_char(&s, +1, es); -+ constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); -+ while (*ps != '\0') -+ { -+ putchr(*ps++); -+ col++; -+ } - } - break; - case 'd': -diff -up less-590/prompt.c.cve2024_32487fix less-590/prompt.c ---- less-590/prompt.c.cve2024_32487fix 2024-08-06 16:14:26.980780434 +0200 -+++ less-590/prompt.c 2024-08-06 21:43:10.415868469 +0200 -@@ -29,6 +29,7 @@ extern int hshift; - extern int sc_height; - extern int jump_sline; - extern int less_is_more; -+extern int utf_mode; - extern IFILE curr_ifile; - #if EDITOR - extern char *editor; -@@ -90,13 +91,17 @@ init_prompt(VOID_PARAM) - ap_str(s) - char *s; - { -- int len; -- -- len = (int) strlen(s); -- if (mp + len >= message + PROMPT_SIZE) -- len = (int) (message + PROMPT_SIZE - mp - 1); -- strncpy(mp, s, len); -- mp += len; -+ constant char *es = s + strlen(s); -+ while (*s != '\0') -+ { -+ LWCHAR ch = step_char(&s, +1, es); -+ constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); -+ size_t plen = strlen(ps); -+ if (mp + plen >= message + PROMPT_SIZE) -+ break; -+ strcpy(mp, ps); -+ mp += plen; -+ } - *mp = '\0'; - } - diff --git a/less-654-cve2024_32487regrfix.patch b/less-654-cve2024_32487regrfix.patch deleted file mode 100644 index 7ecc4ff..0000000 --- a/less-654-cve2024_32487regrfix.patch +++ /dev/null @@ -1,65 +0,0 @@ -diff -up less-590/prompt.c.cve2024_32487regrfix less-590/prompt.c ---- less-590/prompt.c.cve2024_32487regrfix 2024-08-06 21:43:33.716058700 +0200 -+++ less-590/prompt.c 2024-08-06 21:48:58.264708406 +0200 -@@ -86,17 +86,30 @@ init_prompt(VOID_PARAM) - - /* - * Append a string to the end of the message. -+ * nprt means the character *may* be nonprintable -+ * and should be converted to printable form. - */ -- static void --ap_str(s) -- char *s; -+static void ap_estr(char *s, lbool nprt) - { - constant char *es = s + strlen(s); - while (*s != '\0') - { - LWCHAR ch = step_char(&s, +1, es); -- constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); -- size_t plen = strlen(ps); -+ constant char *ps; -+ char ubuf[MAX_UTF_CHAR_LEN+1]; -+ size_t plen; -+ -+ if (nprt) -+ { -+ ps = utf_mode ? prutfchar(ch) : prchar(ch); -+ } else -+ { -+ char *up = ubuf; -+ put_wchar(&up, ch); -+ *up = '\0'; -+ ps = ubuf; -+ } -+ plen = strlen(ps); - if (mp + plen >= message + PROMPT_SIZE) - break; - strcpy(mp, ps); -@@ -104,6 +117,12 @@ ap_str(s) - } - *mp = '\0'; - } -+ -+static void ap_str(char *s) -+{ -+ ap_estr(s, FALSE); -+} -+ - - /* - * Append a character to the end of the message. -@@ -316,10 +335,10 @@ protochar(c, where, iseditproto) - break; - #endif - case 'f': /* File name */ -- ap_str(get_filename(curr_ifile)); -+ ap_estr(get_filename(curr_ifile), TRUE); - break; - case 'F': /* Last component of file name */ -- ap_str(last_component(get_filename(curr_ifile))); -+ ap_estr(last_component(get_filename(curr_ifile)), TRUE); - break; - case 'g': /* Shell-escaped file name */ - s = shell_quote(get_filename(curr_ifile)); diff --git a/less.spec b/less.spec index 41d8256..c1baf72 100644 --- a/less.spec +++ b/less.spec @@ -18,9 +18,8 @@ Patch11: less-458-old-bot-in-help.patch Patch12: less-590-CVE-2022-46663.patch Patch13: less-590-CVE-2022-48624.patch # from upstream, for less < 661 , RHEL-32739 -Patch14: less-633-cve2024_32487prereq.patch -Patch15: less-654-cve2024_32487fix.patch -Patch16: less-654-cve2024_32487regrfix.patch +Patch14: less-590-CVE-2024-32487.patch + URL: https://www.greenwoodsoftware.com/less/ BuildRequires: ncurses-devel BuildRequires: autoconf automake libtool @@ -48,9 +47,7 @@ files, and you'll use it frequently. %patch -P 11 -p1 -b .old-bot %patch -P 12 -p1 -b .CVE-2022-46663 %patch -P 13 -p1 -b .CVE-2022-48624 -%patch -P 14 -p1 -b .cve2024_32487prereq -%patch -P 15 -p1 -b .cve2024_32487fix -%patch -P 16 -p1 -b .cve2024_32487regrfix +%patch -P 14 -p1 -b .CVE-2024-32487 %build