diff --git a/cve-2022-46663.patch b/cve-2022-46663.patch new file mode 100644 index 0000000..ff452d0 --- /dev/null +++ b/cve-2022-46663.patch @@ -0,0 +1,24 @@ +From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001 +From: Mark Nudelman +Date: Fri, 7 Oct 2022 19:25:46 -0700 +Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence. + +--- + line.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/line.c b/line.c +index 236c49ae..cba7bdd1 100644 +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } diff --git a/less-429-more.patch b/less-429-more.patch index 1733347..3fb6fe6 100644 --- a/less-429-more.patch +++ b/less-429-more.patch @@ -1,6 +1,8 @@ ---- option.c -+++ option.c -@@ -134,6 +134,10 @@ +Index: less-608/option.c +=================================================================== +--- less-608.orig/option.c 2022-07-22 19:26:24.000000000 +0000 ++++ less-608/option.c 2023-02-07 15:08:06.567552684 +0000 +@@ -171,6 +171,10 @@ scan_option(s) s--; optc = 'z'; break; diff --git a/less-429-shell.patch b/less-429-shell.patch index 22a8b55..dd426f6 100644 --- a/less-429-shell.patch +++ b/less-429-shell.patch @@ -1,7 +1,8 @@ -diff -ru a/filename.c b/filename.c ---- a/filename.c 2020-05-11 23:36:17.000000000 +0200 -+++ b/filename.c 2020-05-12 14:01:23.624217811 +0200 -@@ -574,7 +574,7 @@ +Index: less-608/filename.c +=================================================================== +--- less-608.orig/filename.c 2022-07-22 19:26:24.000000000 +0000 ++++ less-608/filename.c 2023-02-07 15:07:55.521151736 +0000 +@@ -572,7 +572,7 @@ shellcmd(cmd) #if HAVE_SHELL char *shell; @@ -10,10 +11,11 @@ diff -ru a/filename.c b/filename.c if (!isnullenv(shell)) { char *scmd; -diff -ru a/less.hlp b/less.hlp ---- a/less.hlp 2020-05-11 23:36:21.000000000 +0200 -+++ b/less.hlp 2020-05-12 14:00:58.680162327 +0200 -@@ -101,7 +101,7 @@ +Index: less-608/less.hlp +=================================================================== +--- less-608.orig/less.hlp 2022-07-22 19:26:24.000000000 +0000 ++++ less-608/less.hlp 2023-02-07 15:07:55.522151863 +0000 +@@ -103,7 +103,7 @@ ___<_n_a_m_e_> Display the setting of an option, by name. +_c_m_d Execute the less cmd each time a new file is examined. @@ -22,10 +24,11 @@ diff -ru a/less.hlp b/less.hlp |XX_c_o_m_m_a_n_d Pipe file between current pos & mark XX to shell command. s _f_i_l_e Save input to a file. v Edit the current file with $VISUAL or $EDITOR. -diff -ru a/less.nro b/less.nro ---- a/less.nro 2020-05-11 23:36:21.000000000 +0200 -+++ b/less.nro 2020-05-12 14:02:02.728304787 +0200 -@@ -420,7 +420,7 @@ +Index: less-608/less.nro +=================================================================== +--- less-608.orig/less.nro 2022-07-22 19:26:24.000000000 +0000 ++++ less-608/less.nro 2023-02-07 15:07:55.522151863 +0000 +@@ -443,7 +443,7 @@ current file. A pound sign (#) is replaced by the name of the previously examined file. "!!" repeats the last shell command. "!" with no shell command simply invokes a shell. @@ -34,7 +37,7 @@ diff -ru a/less.nro b/less.nro or defaults to "sh". On MS-DOS and OS/2 systems, the shell is the normal command processor. .IP "| shell-command" -@@ -1793,7 +1793,7 @@ +@@ -2044,7 +2044,7 @@ compatible mode. .IP PATH User's search path (used to find a lesskey file on MS-DOS and OS/2 systems). @@ -43,10 +46,11 @@ diff -ru a/less.nro b/less.nro The shell used to execute the !\& command, as well as to expand filenames. .IP TERM The type of terminal on which -diff -ru a/lsystem.c b/lsystem.c ---- a/lsystem.c 2020-05-11 23:36:17.000000000 +0200 -+++ b/lsystem.c 2020-05-12 14:02:25.352355117 +0200 -@@ -127,13 +127,13 @@ +Index: less-608/lsystem.c +=================================================================== +--- less-608.orig/lsystem.c 2022-07-22 19:26:24.000000000 +0000 ++++ less-608/lsystem.c 2023-02-07 15:07:55.523151990 +0000 +@@ -124,13 +124,13 @@ lsystem(cmd, donemsg) /* * Pass the command to the system to be executed. diff --git a/less.changes b/less.changes index bb6957f..235ce9d 100644 --- a/less.changes +++ b/less.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Feb 7 15:02:12 UTC 2023 - Peter Simons + +- Apply "cve-2022-46663.patch" to fix a vulnerability in less that + could be exploited for denial-of-service attacks or even remote + code execution by printing specially crafted escape sequences to + the terminal. [CVE-2022-46663, bsc#1207815] + +- Refreshed all other patches with quilt to an uniform -p1 patch + style, which allows us to use %autosetup and simplify the spec + file a bit. + ------------------------------------------------------------------- Wed Sep 14 09:05:33 UTC 2022 - Danilo Spinella diff --git a/less.spec b/less.spec index 8cce1b2..98feede 100644 --- a/less.spec +++ b/less.spec @@ -1,7 +1,7 @@ # # spec file for package less # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,6 +37,7 @@ Source5: https://www.greenwoodsoftware.com/less/less-%{version}.sig Source6: https://www.greenwoodsoftware.com/less/pubkey.asc#/%{name}.keyring Patch0: less-429-shell.patch Patch2: less-429-more.patch +Patch3: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c.patch#/cve-2022-46663.patch BuildRequires: automake BuildRequires: ncurses-devel BuildRequires: pkgconfig @@ -51,9 +52,7 @@ have to read the entire input file before starting. It is possible to start an editor at any time from within less. %prep -%setup -q -%patch0 -p1 -%patch2 +%autosetup -p1 # # the ./configure script is not writable for the normal user # rather fix permissions for all files