3 changed files with 1 additions and 119 deletions
--- a/SOURCES/less-530-CVE-2022-48624.patch
+++ b/SOURCES/less-530-CVE-2022-48624.patch
@ -1,41 +0,0 @@
 From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
 From: Mark Nudelman <markn@greenwoodsoftware.com>
 Date: Sat, 25 Jun 2022 11:54:43 -0700
 Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
 ---
 filename.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/filename.c b/filename.c
 index 5824e38..dff20c0 100644
 --- a/filename.c
 +++ b/filename.c
@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
 {
 #if HAVE_POPEN
 	char *lessclose;
 +	char *qfilename;
 +	char *qaltfilename;
 	FILE *fd;
 	char *cmd;
 	int len;
@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
 		error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
 		return;
 	}
 -	len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
 +	qfilename = shell_quote(filename);
 +	qaltfilename = shell_quote(altfilename);
 +	len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
 	cmd = (char *) ecalloc(len, sizeof(char));
 -	SNPRINTF2(cmd, len, lessclose, filename, altfilename);
 +	SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
 +	free(qaltfilename);
 +	free(qfilename);
 	fd = shellcmd(cmd);
 	free(cmd);
 	if (fd != NULL)
 -- 
 2.41.0
--- a/SOURCES/less-530-CVE-2024-32487.patch
+++ b/SOURCES/less-530-CVE-2024-32487.patch
@ -1,65 +0,0 @@
 Patch backported from:
 commit 007521ac3c95bc76e3d59c6dbfe75d06c8075c33
 Author: Mark Nudelman <markn@greenwoodsoftware.com>
 Date:   Thu Apr 11 17:49:48 2024 -0700
    Fix bug when viewing a file whose name contains a newline.
 diff -up less-643/filename.c.cve-2024-32487 less-643/filename.c
 --- less-643/filename.c.cve-2024-32487	2023-07-21 00:43:14.000000000 +0200
 +++ less-643/filename.c	2024-04-23 10:24:17.347269703 +0200
@@ -128,6 +128,15 @@ static char * metachars(void)
 }
 /*
 + * Must use quotes rather than escape char for this metachar?
 + */
 +static int must_quote(char c)
 +{
 +	/* {{ Maybe the set of must_quote chars should be configurable? }} */
 +	return (c == '\n'); 
 +}
 +
 +/*
  * Insert a backslash before each metacharacter in a string.
  */
 	public char *
@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
 				 * doesn't support escape chars.  Use quotes.
 				 */
 				use_quotes = 1;
 +			} else if (must_quote(*p))
 +			{
 +				len += 3; /* open quote + char + close quote */
 			} else
 			{
 				/*
@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
 	{
 		while (*s != '\0')
 		{
 -			if (metachar(*s))
 +			if (!metachar(*s))
 			{
 -				/*
 -				 * Add the escape char.
 -				 */
 +				*p++ = *s++;
 +			} else if (must_quote(*s))
 +			{
 +				/* Surround the char with quotes. */
 +				*p++ = openquote;
 +				*p++ = *s++;
 +				*p++ = closequote;
 +			} else
 +			{
 +				/* Insert an escape char before the char. */
 				strcpy(p, esc);
 				p += esclen;
 +				*p++ = *s++;
 			}
 -			*p++ = *s++;
 		}
 		*p = '\0';
 	}
--- a/SPECS/less.spec
+++ b/SPECS/less.spec
@ -1,7 +1,7 @@
 Summary: A text file browser similar to more, but better
 Name: less
 Version: 530
-Release: 3%{?dist}
+Release: 1%{?dist}
 License: GPLv3+ or BSD
 Group: Applications/Text
 Source: http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
@ -16,8 +16,6 @@ Patch8: less-458-lessecho-usage.patch
 Patch9: less-458-less-filters-man.patch
 Patch10: less-458-lesskey-usage.patch
 Patch11: less-458-old-bot-in-help.patch
 Patch12: less-530-CVE-2022-48624.patch
 Patch13: less-530-CVE-2024-32487.patch
 URL: http://www.greenwoodsoftware.com/less/
 BuildRequires: ncurses-devel
 BuildRequires: autoconf automake libtool
@ -42,8 +40,6 @@ files, and you'll use it frequently.
 %patch9 -p1 -b .less-filters-man
 %patch10 -p1 -b .lesskey-usage
 %patch11 -p1 -b .old-bot
 %patch12 -p1 -b .CVE-2022-48624
 %patch13 -p1 -b .CVE-2024-32487
 %build
@ -67,14 +63,6 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d
 %{_mandir}/man1/*
 %changelog
 * Tue Apr 23 2024 Matej Mužila <mmuzila@redhat.com> - 530-3
 - Fix CVE-2024-32487
 - Resolves: RHEL-32738
 * Wed Feb 21 2024 Matej Mužila <mmuzila@redhat.com> - 530-2
 - Fix CVE-2022-48624
 - Resolves: RHEL-26124
 * Sat Feb 17 2018 Pavel Raiskup <praiskup@redhat.com> - 530-1
 - new release, per upstream release notes:
  http://greenwoodsoftware.com/less/news.530.html