!79 [sync] PR-72: fix CVE-2024-32487

From: @openeuler-sync-bot 
Reviewed-by: @openeuler-basic 
Signed-off-by: @openeuler-basic

backport-CVE-2024-32487.patch

@@ -0,0 +1,70 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 64d9ded..8b7d800 100644
+--- a/filename.c
++++ b/filename.c
+@@ -135,6 +135,15 @@ metachar(c)
+ 	return (strchr(metachars(), c) != NULL);
+ }
+ 
++/*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
++	return (c == '\n');
++}
++
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+@@ -170,6 +179,9 @@ shell_quoten(s)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
++			} else if (must_quote(*p))
++			{
++				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -200,15 +212,25 @@ shell_quoten(s)
+ 		constant char *es = s + slen;
+ 		while (s < es)
+ 		{
+-			if (metachar(*s))
++			if (!metachar(*s))
+ 			{
+ 				/*
+ 				 * Add the escape char.
+ 				 */
++				*np++ = *s++;
++			} else if (must_quote(*s))
++			{
++				/* Surround the char with quotes. */
++				*np++ = openquote;
++				*np++ = *s++;
++				*np++ = closequote;
++			} else
++			{
++				/* Insert an escape char before the char. */
+ 				strcpy(np, esc);
+ 				np += esclen;
++				*np++ = *s++;
+ 			}
+-			*np++ = *s++;
+ 		}
+ 		*np = '\0';
+ 	}
+-- 
+2.43.0
+

backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

@@ -0,0 +1,27 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++     		        return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+-- 
+2.27.0
+

backport-Fix-crash-when-enter-invaid-pattern-in-command.patch

@@ -0,0 +1,29 @@
+From 74c598dd717de5e00db3d4995ee23d01f3510516 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sun, 15 Aug 2021 17:38:21 -0700
+Subject: [PATCH] Fix crash when enter invaid pattern in & command.
+
+---
+ search.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/search.c b/search.c
+index f619fbe..4cc6832 100644
+--- a/search.c
++++ b/search.c
+@@ -1908,7 +1908,11 @@ set_filter_pattern(pattern, search_type)
+ 		/* Create a new filter and add it to the filter_infos list. */
+ 		filter = ecalloc(1, sizeof(struct pattern_info));
+ 		init_pattern(filter);
+-		set_pattern(filter, pattern, search_type, 1);
++		if (set_pattern(filter, pattern, search_type, 1) < 0)
++		{
++			free(filter);
++			return;
++		}
+ 		filter->next = filter_infos;
+ 		filter_infos = filter;
+ 	}
+-- 
+2.27.0
+

backport-Fix-memory-leak-when-using-corrupt-lesshst-file.patch

@@ -0,0 +1,26 @@
+From 1974e5f8cd628e5fc1075883f3eba3e5390860d3 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 9 Oct 2021 18:15:58 -0700
+Subject: [PATCH] Fix memory leak when using corrupt lesshst file.
+
+---
+ mark.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/mark.c b/mark.c
+index cbb316f..6506683 100644
+--- a/mark.c
++++ b/mark.c
+@@ -59,6 +59,9 @@ cmark(m, ifile, pos, ln)
+ 	m->m_ifile = ifile;
+ 	m->m_scrpos.pos = pos;
+ 	m->m_scrpos.ln = ln;
++	if (m->m_filename != NULL)
++		/* Normally should not happen but a corrupt lesshst file can do it. */
++		free(m->m_filename);
+ 	m->m_filename = NULL;
+ }
+ 
+-- 
+2.27.0
+

backport-Implement-osc8_open.patch

@@ -0,0 +1,71 @@
+From 90d9d12ba9d3818a0074f33c5153b577d07aa8fd Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Tue, 16 Jan 2024 18:14:33 -0800
+Subject: [PATCH] Implement osc8_open().
+
+---
+ filename.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 482d264..64d9ded 100644
+--- a/filename.c
++++ b/filename.c
+@@ -139,8 +139,9 @@ metachar(c)
+  * Insert a backslash before each metacharacter in a string.
+  */
+ 	public char *
+-shell_quote(s)
++shell_quoten(s, slen)
+ 	char *s;
++	size_t slen;
+ {
+ 	constant char *p;
+ 	char *np;
+@@ -155,7 +156,7 @@ shell_quote(s)
+ 	 * Determine how big a string we need to allocate.
+ 	 */
+ 	len = 1; /* Trailing null byte */
+-	for (p = s;  *p != '\0';  p++)
++	for (p = s;  p < s + slen;  p++)
+ 	{
+ 		len++;
+ 		if (*p == openquote || *p == closequote)
+@@ -185,7 +186,7 @@ shell_quote(s)
+ 			 * We can't quote a string that contains quotes.
+ 			 */
+ 			return (NULL);
+-		len = (int) strlen(s) + 3;
++		len = slen + 3;
+ 	}
+ 	/*
+ 	 * Allocate and construct the new string.
+@@ -193,10 +194,11 @@ shell_quote(s)
+ 	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+-		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
++		SNPRINTF4(newstr, len, "%c%.*s%c", openquote, (int) slen, s, closequote);
+ 	} else
+ 	{
+-		while (*s != '\0')
++		constant char *es = s + slen;
++		while (s < es)
+ 		{
+ 			if (metachar(*s))
+ 			{
+@@ -213,6 +215,11 @@ shell_quote(s)
+ 	return (newstr);
+ }
+ 
++public char * shell_quote(char *s)
++{
++	return shell_quoten(s, strlen(s));
++}
++
+ /*
+  * Return a pathname that points to a specified file in a specified directory.
+  * Return NULL if the file does not exist in the directory.
+-- 
+2.43.0
+

backport-Shell-quote-filenames-when-invoking-LESSCLOSE.patch

@@ -0,0 +1,38 @@
+From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 25 Jun 2022 11:54:43 -0700
+Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
+
+---
+ filename.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5824e385..dff20c08 100644
+--- a/filename.c
++++ b/filename.c
+@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
+ {
+ #if HAVE_POPEN
+ 	char *lessclose;
++	char *qfilename;
++	char *qaltfilename;
+ 	FILE *fd;
+ 	char *cmd;
+ 	int len;
+@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
+ 		error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
+ 		return;
+ 	}
+-	len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
++	qfilename = shell_quote(filename);
++	qaltfilename = shell_quote(altfilename);
++	len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
+ 	cmd = (char *) ecalloc(len, sizeof(char));
+-	SNPRINTF2(cmd, len, lessclose, filename, altfilename);
++	SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
++	free(qaltfilename);
++	free(qfilename);
+ 	fd = shellcmd(cmd);
+ 	free(cmd);
+ 	if (fd != NULL)

backport-Some-constifying.patch

@@ -0,0 +1,56 @@
+From 756acc92c9d6bea9929d9105207e081054be05fb Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Mon, 6 Nov 2023 11:44:08 -0800
+Subject: [PATCH] Some constifying.
+
+---
+ filename.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 2ce7070..482d264 100644
+--- a/filename.c
++++ b/filename.c
+@@ -142,10 +142,11 @@ metachar(c)
+ shell_quote(s)
+ 	char *s;
+ {
+-	char *p;
++	constant char *p;
++	char *np;
+ 	char *newstr;
+ 	int len;
+-	char *esc = get_meta_escape();
++	constant char *esc = get_meta_escape();
+ 	int esclen = (int) strlen(esc);
+ 	int use_quotes = 0;
+ 	int have_quotes = 0;
+@@ -189,7 +190,7 @@ shell_quote(s)
+ 	/*
+ 	 * Allocate and construct the new string.
+ 	 */
+-	newstr = p = (char *) ecalloc(len, sizeof(char));
++	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+ 		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
+@@ -202,12 +203,12 @@ shell_quote(s)
+ 				/*
+ 				 * Add the escape char.
+ 				 */
+-				strcpy(p, esc);
+-				p += esclen;
++				strcpy(np, esc);
++				np += esclen;
+ 			}
+-			*p++ = *s++;
++			*np++ = *s++;
+ 		}
+-		*p = '\0';
++		*np = '\0';
+ 	}
+ 	return (newstr);
+ }
+-- 
+2.43.0
+

less.spec

@@ -1,11 +1,18 @@
 Name:		less
 Version:	590
-Release:        1
+Release:        6
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
 Source0:	http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
-Patch0:		less-394-time.patch
+Patch0:         less-394-time.patch
+Patch6000:      backport-Fix-memory-leak-when-using-corrupt-lesshst-file.patch
+Patch6001:      backport-Fix-crash-when-enter-invaid-pattern-in-command.patch
+Patch6002:	backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
+Patch6003:      backport-Shell-quote-filenames-when-invoking-LESSCLOSE.patch
+Patch6004:      backport-Some-constifying.patch
+Patch6005:      backport-Implement-osc8_open.patch
+Patch6006:      backport-CVE-2024-32487.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -44,6 +51,26 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 590-6
+- fix CVE-2024-32487
+
+* Mon Feb 19 2024 liweigang <izmirvii@gmail.com> - 590-5
+- fix CVE-2022-48624
+
+* Thu Feb 16 2023 hongjinghao <hongjinghao@huawei.com> - 590-4
+- fix CVE-2022-46663
+
+* Fri Dec 9 2022 Eibz-Chan <chenbingzhao@huawei.com> - 590-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:[add] backport patches from upstream
+	Fix-memory-leak-when-using-corrupt-lesshst-file.patch
+	Fix-crash-when-enter-invaid-pattern-in-command.patch
+
+* Thu Oct 13 2022 fuanan <fuanan3@h-partners.com> - 590-2
+- DESC:fix the changelog exception macro
+
 * Tue Dec 14 2021 wangjie <wangjie375@huawei.com> - 590-1
 - Type:enhancement
 - ID:NA
@@ -51,7 +78,7 @@ autoreconf -ivf
 - DESC:Update less to 590
 
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 563-3
-- DESC: delete -S git from %autosetup, and delete BuildRequires git
+- DESC: delete -S git from autosetup, and delete BuildRequires git
 
 * Fri May 28 2021 fuanan <fuanan3@huawei.com> - 563-2
 - Type:bugfix