CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/04/14 02:34:00
Modified files: usr.bin/less : filename.c Log message: less: escape newlines in file names Newlines in a filename can lead to arbitrary code execution https://marc.info/?l=oss-security&m=171292433330233&w=2 via LESSOPEN. The diff is a straightforward adaptation of https://github.com/gwsw/less/commit/007521ac3c95bc76 The better fix is deleting the misfeatures that are LESSOPEN and LESSCLOSE which will happen in a separate commit. diff looks good to guenther