!89 Do not assume PATH_MAX is defined

From: @baiguoguo 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

backport-CVE-2024-32487.patch

@@ -0,0 +1,70 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 64d9ded..8b7d800 100644
+--- a/filename.c
++++ b/filename.c
+@@ -135,6 +135,15 @@ metachar(c)
+ 	return (strchr(metachars(), c) != NULL);
+ }
+ 
++/*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
++	return (c == '\n');
++}
++
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+@@ -170,6 +179,9 @@ shell_quoten(s)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
++			} else if (must_quote(*p))
++			{
++				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -200,15 +212,25 @@ shell_quoten(s)
+ 		constant char *es = s + slen;
+ 		while (s < es)
+ 		{
+-			if (metachar(*s))
++			if (!metachar(*s))
+ 			{
+ 				/*
+ 				 * Add the escape char.
+ 				 */
++				*np++ = *s++;
++			} else if (must_quote(*s))
++			{
++				/* Surround the char with quotes. */
++				*np++ = openquote;
++				*np++ = *s++;
++				*np++ = closequote;
++			} else
++			{
++				/* Insert an escape char before the char. */
+ 				strcpy(np, esc);
+ 				np += esclen;
++				*np++ = *s++;
+ 			}
+-			*np++ = *s++;
+ 		}
+ 		*np = '\0';
+ 	}
+-- 
+2.43.0
+

backport-Do-not-assume-PATH_MAX-is-defined.patch

@@ -0,0 +1,43 @@
+From eea6fbc196872eeca6f02fcfba298f3e1bb62880 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Thu, 11 Jan 2024 02:18:07 +0100
+Subject: [PATCH] Do not assume PATH_MAX is defined
+
+---
+ filename.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/filename.c b/filename.c
+index eb6b16c..f17e3ba 100644
+--- a/filename.c
++++ b/filename.c
+@@ -829,10 +829,26 @@ lglob(filename)
+ lrealpath(path)
+ 	char *path;
+ {
++
+ #if HAVE_REALPATH
++		/*
++		 * Not all systems support the POSIX.1-2008 realpath() behavior
++		 * of allocating when passing a NULL argument. And PATH_MAX is
++		 * not required to be defined, or might contain an exceedingly
++		 * big value. We assume that if it is not defined (such as on
++		 * GNU/Hurd), then realpath() accepts NULL.
++		 */
++#ifndef PATH_MAX
++		char *rpath;
++
++		rpath = realpath(path, NULL);
++		if (rpath != NULL)
++			return (rpath);
++#else		
+ 	char rpath[PATH_MAX];
+ 	if (realpath(path, rpath) != NULL)
+ 		return (save(rpath));
++#endif	
+ #endif
+ 	return (save(path));
+ }
+-- 
+2.27.0
+

backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

@@ -0,0 +1,27 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++    		        return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+-- 
+2.27.0
+

backport-Implement-osc8_open.patch

@@ -0,0 +1,71 @@
+From 90d9d12ba9d3818a0074f33c5153b577d07aa8fd Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Tue, 16 Jan 2024 18:14:33 -0800
+Subject: [PATCH] Implement osc8_open().
+
+---
+ filename.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 482d264..64d9ded 100644
+--- a/filename.c
++++ b/filename.c
+@@ -139,8 +139,9 @@ metachar(c)
+  * Insert a backslash before each metacharacter in a string.
+  */
+ 	public char *
+-shell_quote(s)
++shell_quoten(s, slen)
+ 	char *s;
++	size_t slen;
+ {
+ 	constant char *p;
+ 	char *np;
+@@ -155,7 +156,7 @@ shell_quote(s)
+ 	 * Determine how big a string we need to allocate.
+ 	 */
+ 	len = 1; /* Trailing null byte */
+-	for (p = s;  *p != '\0';  p++)
++	for (p = s;  p < s + slen;  p++)
+ 	{
+ 		len++;
+ 		if (*p == openquote || *p == closequote)
+@@ -185,7 +186,7 @@ shell_quote(s)
+ 			 * We can't quote a string that contains quotes.
+ 			 */
+ 			return (NULL);
+-		len = (int) strlen(s) + 3;
++		len = slen + 3;
+ 	}
+ 	/*
+ 	 * Allocate and construct the new string.
+@@ -193,10 +194,11 @@ shell_quote(s)
+ 	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+-		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
++		SNPRINTF4(newstr, len, "%c%.*s%c", openquote, (int) slen, s, closequote);
+ 	} else
+ 	{
+-		while (*s != '\0')
++		constant char *es = s + slen;
++		while (s < es)
+ 		{
+ 			if (metachar(*s))
+ 			{
+@@ -213,6 +215,11 @@ shell_quote(s)
+ 	return (newstr);
+ }
+ 
++public char * shell_quote(char *s)
++{
++	return shell_quoten(s, strlen(s));
++}
++
+ /*
+  * Return a pathname that points to a specified file in a specified directory.
+  * Return NULL if the file does not exist in the directory.
+-- 
+2.43.0
+

backport-Shell-quote-filenames-when-invoking-LESSCLOSE.patch

@@ -0,0 +1,38 @@
+From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 25 Jun 2022 11:54:43 -0700
+Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
+
+---
+ filename.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5824e385..dff20c08 100644
+--- a/filename.c
++++ b/filename.c
+@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
+ {
+ #if HAVE_POPEN
+ 	char *lessclose;
++	char *qfilename;
++	char *qaltfilename;
+ 	FILE *fd;
+ 	char *cmd;
+ 	int len;
+@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
+ 		error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
+ 		return;
+ 	}
+-	len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
++	qfilename = shell_quote(filename);
++	qaltfilename = shell_quote(altfilename);
++	len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
+ 	cmd = (char *) ecalloc(len, sizeof(char));
+-	SNPRINTF2(cmd, len, lessclose, filename, altfilename);
++	SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
++	free(qaltfilename);
++	free(qfilename);
+ 	fd = shellcmd(cmd);
+ 	free(cmd);
+ 	if (fd != NULL)

backport-Some-constifying.patch

@@ -0,0 +1,56 @@
+From 756acc92c9d6bea9929d9105207e081054be05fb Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Mon, 6 Nov 2023 11:44:08 -0800
+Subject: [PATCH] Some constifying.
+
+---
+ filename.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 2ce7070..482d264 100644
+--- a/filename.c
++++ b/filename.c
+@@ -142,10 +142,11 @@ metachar(c)
+ shell_quote(s)
+ 	char *s;
+ {
+-	char *p;
++	constant char *p;
++	char *np;
+ 	char *newstr;
+ 	int len;
+-	char *esc = get_meta_escape();
++	constant char *esc = get_meta_escape();
+ 	int esclen = (int) strlen(esc);
+ 	int use_quotes = 0;
+ 	int have_quotes = 0;
+@@ -189,7 +190,7 @@ shell_quote(s)
+ 	/*
+ 	 * Allocate and construct the new string.
+ 	 */
+-	newstr = p = (char *) ecalloc(len, sizeof(char));
++	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+ 		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
+@@ -202,12 +203,12 @@ shell_quote(s)
+ 				/*
+ 				 * Add the escape char.
+ 				 */
+-				strcpy(p, esc);
+-				p += esclen;
++				strcpy(np, esc);
++				np += esclen;
+ 			}
+-			*p++ = *s++;
++			*np++ = *s++;
+ 		}
+-		*p = '\0';
++		*np = '\0';
+ 	}
+ 	return (newstr);
+ }
+-- 
+2.43.0
+

backport-Undelete-usleep-nanosleep-ttyname-poll.patch

@@ -0,0 +1,25 @@
+From a1253db65213beb0edbf8fa4ab2de9cec729bd2b Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 2 Apr 2024 14:56:55 +0800
+Subject: [PATCH] Undelete usleep,nanosleep,ttyname,poll
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index f0b71e1..52c5f90 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -276,7 +276,7 @@ AC_TRY_COMPILE([], [int f(int a) { return a; }],
+ 
+ # Checks for library functions.
+ AC_TYPE_SIGNAL
+-AC_CHECK_FUNCS([popen _setjmp sigprocmask sigsetmask snprintf stat system fchmod realpath])
++AC_CHECK_FUNCS([fchmod nanosleep poll popen realpath _setjmp sigprocmask sigsetmask snprintf stat system ttyname usleep])
+ 
+ # AC_CHECK_FUNCS may not work for inline functions, so test these separately.
+ AC_MSG_CHECKING(for memcpy)
+-- 
+2.33.0
+

less.spec

@@ -1,12 +1,19 @@
 Name:		less
 Version:	590
-Release:        1
+Release:        6
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
 Source0:	http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Patch0:		less-394-time.patch
 Patch1:		less-475-fsync.patch
+Patch2:		backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
+Patch3:		backport-Shell-quote-filenames-when-invoking-LESSCLOSE.patch
+Patch4:		backport-Undelete-usleep-nanosleep-ttyname-poll.patch
+Patch5:         backport-Some-constifying.patch
+Patch6:         backport-Implement-osc8_open.patch
+Patch7:         backport-CVE-2024-32487.patch
+Patch8:         backport-Do-not-assume-PATH_MAX-is-defined.patch
 
 BuildRequires:	git gcc make ncurses-devel autoconf automake libtool
 
@@ -45,6 +52,21 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Fri Jun 21 2024 baiguo <baiguo@kylinos.cn> - 590-6
+- Do not assume PATH_MAX is defined
+
+* Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 590-5
+- fix CVE-2024-32487
+
+* Tue Apr 02 2024 yinyongkang <yinyongkang@kylinos.cn> - 590-4
+- Undelete usleep,nanosleep,ttyname,poll
+
+* Mon Feb 19 2024 liweigang <izmirvii@gmail.com> - 590-3
+- fix CVE-2022-48624
+
+* Thu Feb 16 2023 hongjinghao <hongjinghao@huawei.com> - 590-2
+- fix CVE-2022-46663
+
 * Fri Sep 24 2021 fuanan <fuanan3@huawei.com> - 590-1
 - update version to 590