diff --git a/SOURCES/less-590-CVE-2022-46663.patch b/SOURCES/less-590-CVE-2022-46663.patch new file mode 100644 index 0000000..75d26b6 --- /dev/null +++ b/SOURCES/less-590-CVE-2022-46663.patch @@ -0,0 +1,21 @@ +commit a78e1351113cef564d790a730d657a321624d79c +Author: Mark Nudelman +Date: Fri Oct 7 19:25:46 2022 -0700 + + End OSC8 hyperlink on invalid embedded escape sequence. + +diff --git a/line.c b/line.c +index 236c49a..cba7bdd 100644 +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } diff --git a/SPECS/less.spec b/SPECS/less.spec index 231667f..9564672 100644 --- a/SPECS/less.spec +++ b/SPECS/less.spec @@ -1,7 +1,7 @@ Summary: A text file browser similar to more, but better Name: less Version: 590 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ or BSD Source0: https://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz Source1: lesspipe.sh @@ -15,6 +15,7 @@ Patch8: less-458-lessecho-usage.patch Patch9: less-458-less-filters-man.patch Patch10: less-458-lesskey-usage.patch Patch11: less-458-old-bot-in-help.patch +Patch12: less-590-CVE-2022-46663.patch URL: https://www.greenwoodsoftware.com/less/ BuildRequires: ncurses-devel BuildRequires: autoconf automake libtool @@ -40,6 +41,7 @@ files, and you'll use it frequently. %patch9 -p1 -b .less-filters-man %patch10 -p1 -b .lesskey-usage %patch11 -p1 -b .old-bot +%patch12 -p1 -b .CVE-2022-46663 %build @@ -63,6 +65,10 @@ install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/profile.d %{_mandir}/man1/* %changelog +* Thu Apr 20 2023 Matej Mužila 590-2 +- Fix CVE-2022-46663 +- Resolves: CVE-2022-46663 + * Tue Apr 19 2022 Honza Horak - 590-1 - Update to the version 590 - Also solves the "message overlay" in the terminal