Sync from SUSE:SLFO:Main less revision e0196ab6f4cd201291067a5af6442c5a

2024-06-30 14:22:47 +02:00 · 2024-06-30 14:22:47 +02:00 · a97e1ba035
commit a97e1ba035
parent 850a11be1d
3 changed files with 78 additions and 0 deletions
--- a/CVE-2024-32487.patch
+++ b/CVE-2024-32487.patch
@ -0,0 +1,67 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+Index: less-633/filename.c
+===================================================================
+--- less-633.orig/filename.c
+++ less-633/filename.c
+@@ -134,6 +134,15 @@ static int metachar(char c)
+ }
+ 
+ /*
+ * Must use quotes rather than escape char for this metachar?
+ */
+static int must_quote(char c)
+{
+	/* {{ Maybe the set of must_quote chars should be configurable? }} */
+	return (c == '\n'); 
+}
+
+/*
+  * Insert a backslash before each metacharacter in a string.
+  */
+ public char * shell_quote(char *s)
+@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
+			} else if (must_quote(*p))
+			{
+				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
+ 	{
+ 		while (*s != '\0')
+ 		{
+-			if (metachar(*s))
+			if (!metachar(*s))
+ 			{
+-				/*
+-				 * Add the escape char.
+-				 */
+				*p++ = *s++;
+			} else if (must_quote(*s))
+			{
+				/* Surround the char with quotes. */
+				*p++ = openquote;
+				*p++ = *s++;
+				*p++ = closequote;
+			} else
+			{
+				/* Insert an escape char before the char. */
+ 				strcpy(p, esc);
+ 				p += esclen;
+				*p++ = *s++;
+ 			}
+-			*p++ = *s++;
+ 		}
+ 		*p = '\0';
+ 	}
--- a/less.changes
+++ b/less.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jun 11 21:53:49 UTC 2024 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix CVE-2024-32487, mishandling of \n character in paths when
+  LESSOPEN is set leads to OS command execution
+  (CVE-2024-32487, bsc#1222849)
+  * CVE-2024-32487.patch
+
 -------------------------------------------------------------------
 Thu May  4 08:12:21 UTC 2023 - Kristyna Streitova <kstreitova@suse.com>

--- a/less.spec
+++ b/less.spec
@ -37,6 +37,9 @@ Source5:        https://www.greenwoodsoftware.com/less/less-%{version}.sig
 Source6:        https://www.greenwoodsoftware.com/less/pubkey.asc#/%{name}.keyring
 Patch0:         less-429-shell.patch
 Patch2:         less-429-more.patch
+# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1222849
+# mishandling of \n character in paths when LESSOPEN is set leads to OS command execution
+Patch3:         CVE-2024-32487.patch
 BuildRequires:  automake
 BuildRequires:  ncurses-devel
 BuildRequires:  pkgconfig