fix CVE-2022-46663

(cherry picked from commit 666192d1c0b6964cebc907990f9a23fd80fa87e5)
2023-02-16 14:24:04 +08:00 · 2023-02-16 14:24:04 +08:00 · 1113fd1b1e
commit 1113fd1b1e
parent 80f61250d6
2 changed files with 32 additions and 1 deletions
--- a/backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
+++ b/backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
@ -0,0 +1,27 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
+++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
+		if (pansi->prev_esc)
+    		        return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+-- 
+2.27.0
+
--- a/less.spec
+++ b/less.spec
@ -1,12 +1,13 @@
 Name:		less
 Version:	590
-Release:        1
+Release:        2
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
 Source0:	http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Patch0:		less-394-time.patch
 Patch1:		less-475-fsync.patch
+Patch2:		backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

 BuildRequires:	git gcc make ncurses-devel autoconf automake libtool

@ -45,6 +46,9 @@ autoreconf -ivf
 %{_mandir}/man1/*

 %changelog
+* Thu Feb 16 2023 hongjinghao <hongjinghao@huawei.com> - 590-2
+- fix CVE-2022-46663
+
 * Fri Sep 24 2021 fuanan <fuanan3@huawei.com> - 590-1
 - update version to 590