commit less for openSUSE:Factory

Source-Sync Thu, 09 Feb 2023 07:22:23 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package less for openSUSE:Factory checked in 
at 2023-02-09 16:21:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/less (Old)
 and      /work/SRC/openSUSE:Factory/.less.new.4462 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "less"

Thu Feb  9 16:21:57 2023 rev:68 rq:1063861 version:608

Changes:
--------
--- /work/SRC/openSUSE:Factory/less/less.changes        2022-09-20 
19:23:18.786427481 +0200
+++ /work/SRC/openSUSE:Factory/.less.new.4462/less.changes      2023-02-09 
16:22:10.610394551 +0100
@@ -1,0 +2,12 @@
+Tue Feb  7 15:02:12 UTC 2023 - Peter Simons <psim...@suse.com>
+
+- Apply "cve-2022-46663.patch" to fix a vulnerability in less that
+  could be exploited for denial-of-service attacks or even remote
+  code execution by printing specially crafted escape sequences to
+  the terminal. [CVE-2022-46663, bsc#1207815]
+
+- Refreshed all other patches with quilt to an uniform -p1 patch
+  style, which allows us to use %autosetup and simplify the spec
+  file a bit.
+
+-------------------------------------------------------------------

New:
----
  cve-2022-46663.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ less.spec ++++++
--- /var/tmp/diff_new_pack.apu2mp/_old  2023-02-09 16:22:11.218397683 +0100
+++ /var/tmp/diff_new_pack.apu2mp/_new  2023-02-09 16:22:11.230397745 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package less
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,7 @@
 Source6:        
https://www.greenwoodsoftware.com/less/pubkey.asc#/%{name}.keyring
 Patch0:         less-429-shell.patch
 Patch2:         less-429-more.patch
+Patch3:         
https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c.patch#/cve-2022-46663.patch
 BuildRequires:  automake
 BuildRequires:  ncurses-devel
 BuildRequires:  pkgconfig
@@ -51,9 +52,7 @@
 start an editor at any time from within less.
 
 %prep
-%setup -q
-%patch0 -p1
-%patch2
+%autosetup -p1
 #
 # the ./configure script is not writable for the normal user
 # rather fix permissions for all files

++++++ cve-2022-46663.patch ++++++
>From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
From: Mark Nudelman <ma...@greenwoodsoftware.com>
Date: Fri, 7 Oct 2022 19:25:46 -0700
Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.

---
 line.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/line.c b/line.c
index 236c49ae..cba7bdd1 100644
--- a/line.c
+++ b/line.c
@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
                /* Hyperlink ends with \7 or ESC-backslash. */
                if (ch == '\7')
                        return ANSI_END;
-               if (pansi->prev_esc && ch == '\\')
-                       return ANSI_END;
+               if (pansi->prev_esc)
+            return (ch == '\\') ? ANSI_END : ANSI_ERR;
                pansi->prev_esc = (ch == ESC);
                return ANSI_MID;
        }

++++++ less-429-more.patch ++++++
--- /var/tmp/diff_new_pack.apu2mp/_old  2023-02-09 16:22:11.302398116 +0100
+++ /var/tmp/diff_new_pack.apu2mp/_new  2023-02-09 16:22:11.306398136 +0100
@@ -1,6 +1,8 @@
---- option.c
-+++ option.c
-@@ -134,6 +134,10 @@
+Index: less-608/option.c
+===================================================================
+--- less-608.orig/option.c     2022-07-22 19:26:24.000000000 +0000
++++ less-608/option.c  2023-02-07 15:08:06.567552684 +0000
+@@ -171,6 +171,10 @@ scan_option(s)
                        s--;
                        optc = 'z';
                        break;

++++++ less-429-shell.patch ++++++
--- /var/tmp/diff_new_pack.apu2mp/_old  2023-02-09 16:22:11.322398219 +0100
+++ /var/tmp/diff_new_pack.apu2mp/_new  2023-02-09 16:22:11.330398260 +0100
@@ -1,7 +1,8 @@
-diff -ru a/filename.c b/filename.c
---- a/filename.c       2020-05-11 23:36:17.000000000 +0200
-+++ b/filename.c       2020-05-12 14:01:23.624217811 +0200
-@@ -574,7 +574,7 @@
+Index: less-608/filename.c
+===================================================================
+--- less-608.orig/filename.c   2022-07-22 19:26:24.000000000 +0000
++++ less-608/filename.c        2023-02-07 15:07:55.521151736 +0000
+@@ -572,7 +572,7 @@ shellcmd(cmd)
  #if HAVE_SHELL
        char *shell;
  
@@ -10,10 +11,11 @@
        if (!isnullenv(shell))
        {
                char *scmd;
-diff -ru a/less.hlp b/less.hlp
---- a/less.hlp 2020-05-11 23:36:21.000000000 +0200
-+++ b/less.hlp 2020-05-12 14:00:58.680162327 +0200
-@@ -101,7 +101,7 @@
+Index: less-608/less.hlp
+===================================================================
+--- less-608.orig/less.hlp     2022-07-22 19:26:24.000000000 +0000
++++ less-608/less.hlp  2023-02-07 15:07:55.522151863 +0000
+@@ -103,7 +103,7 @@
    ___<_n_a_m_e_>             Display the setting of an option, by name.
    +_c_m_d                 Execute the less cmd each time a new file is 
examined.
  
@@ -22,10 +24,11 @@
    |XX_c_o_m_m_a_n_d            Pipe file between current pos & mark 
XX to shell command.
    s _f_i_l_e               Save input to a file.
    v                    Edit the current file with $VISUAL or $EDITOR.
-diff -ru a/less.nro b/less.nro
---- a/less.nro 2020-05-11 23:36:21.000000000 +0200
-+++ b/less.nro 2020-05-12 14:02:02.728304787 +0200
-@@ -420,7 +420,7 @@
+Index: less-608/less.nro
+===================================================================
+--- less-608.orig/less.nro     2022-07-22 19:26:24.000000000 +0000
++++ less-608/less.nro  2023-02-07 15:07:55.522151863 +0000
+@@ -443,7 +443,7 @@ current file.
  A pound sign (#) is replaced by the name of the previously examined file.
  "!!" repeats the last shell command.
  "!" with no shell command simply invokes a shell.
@@ -34,7 +37,7 @@
  or defaults to "sh".
  On MS-DOS and OS/2 systems, the shell is the normal command processor.
  .IP "| <m> shell-command"
-@@ -1793,7 +1793,7 @@
+@@ -2044,7 +2044,7 @@ compatible mode.
  .IP PATH
  User's search path (used to find a lesskey file
  on MS-DOS and OS/2 systems).
@@ -43,10 +46,11 @@
  The shell used to execute the !\& command, as well as to expand filenames.
  .IP TERM
  The type of terminal on which
-diff -ru a/lsystem.c b/lsystem.c
---- a/lsystem.c        2020-05-11 23:36:17.000000000 +0200
-+++ b/lsystem.c        2020-05-12 14:02:25.352355117 +0200
-@@ -127,13 +127,13 @@
+Index: less-608/lsystem.c
+===================================================================
+--- less-608.orig/lsystem.c    2022-07-22 19:26:24.000000000 +0000
++++ less-608/lsystem.c 2023-02-07 15:07:55.523151990 +0000
+@@ -124,13 +124,13 @@ lsystem(cmd, donemsg)
  
        /*
         * Pass the command to the system to be executed.

commit less for openSUSE:Factory

Reply via email to