less: backport the fix for CVE-2022-46663

Upstream-Status: Backport from https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c (From OE-Core rev: 6cec065d795a562460c422947ac70c4a6f3f3175) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-03-01 10:32:58 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-03-09 13:19:02 +0000
commit: 358d319cf5acf5d9bdb50b3370ab64c76a80a0bf (patch)
tree: 8a6b9c7a94e03fc493efba1c84f0b13c81285d31 /meta/recipes-extended
parent: bcbb64e7afd1e3a15ac6475661e849214cf59f7e (diff)
download: poky-358d319cf5acf5d9bdb50b3370ab64c76a80a0bf.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-extended/less/less/CVE-2022-46663.patch b/meta/recipes-extended/less/less/CVE-2022-46663.patch
new file mode 100644
index 0000000000..4d61a52fa6
--- /dev/null
+++ b/meta/recipes-extended/less/less/CVE-2022-46663.patch
@@ -0,0 +1,31 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+CVE: CVE-2022-46663
+Upstream-Status: Backport [https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/line.c b/line.c
+index 0ef9b07..9d49cf8 100644
+--- a/line.c
+++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+                /* Hyperlink ends with \7 or ESC-backslash. */
+                if (ch == '\7')
+                        return ANSI_END;
+-               if (pansi->prev_esc && ch == '\\')
+-                       return ANSI_END;
+               if (pansi->prev_esc)
+            return (ch == '\\') ? ANSI_END : ANSI_ERR;
+                pansi->prev_esc = (ch == ESC);
+                return ANSI_MID;
+        }
+-- 
+2.25.1
diff --git a/meta/recipes-extended/less/less_600.bb b/meta/recipes-extended/less/less_600.bb
index 9ebe39daab..f68281ac93 100644
--- a/meta/recipes-extended/less/less_600.bb
+++ b/meta/recipes-extended/less/less_600.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
 DEPENDS = "ncurses"
 SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+           file://CVE-2022-46663.patch \
          "
 SRC_URI[sha256sum] = "6633d6aa2b3cc717afb2c205778c7c42c4620f63b1d682f3d12c98af0be74d20"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-03-01 10:32:58 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-03-09 13:19:02 +0000
commit	358d319cf5acf5d9bdb50b3370ab64c76a80a0bf (patch)
tree	8a6b9c7a94e03fc493efba1c84f0b13c81285d31 /meta/recipes-extended
parent	bcbb64e7afd1e3a15ac6475661e849214cf59f7e (diff)
download	poky-358d319cf5acf5d9bdb50b3370ab64c76a80a0bf.tar.gz

diff --git a/meta/recipes-extended/less/less/CVE-2022-46663.patch b/meta/recipes-extended/less/less/CVE-2022-46663.patch new file mode 100644 index 0000000000..4d61a52fa6 --- /dev/null +++ b/meta/recipes-extended/less/less/CVE-2022-46663.patch
@@ -0,0 +1,31 @@
		1	From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
		2	From: Mark Nudelman <markn@greenwoodsoftware.com>
		3	Date: Fri, 7 Oct 2022 19:25:46 -0700
		4	Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
		5
		6
		7	CVE: CVE-2022-46663
		8	Upstream-Status: Backport [https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c]
		9	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		10	---
		11	line.c \| 4 ++--
		12	1 file changed, 2 insertions(+), 2 deletions(-)
		13
		14	diff --git a/line.c b/line.c
		15	index 0ef9b07..9d49cf8 100644
		16	--- a/line.c
		17	+++ b/line.c
		18	@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
		19	/* Hyperlink ends with \7 or ESC-backslash. */
		20	if (ch == '\7')
		21	return ANSI_END;
		22	- if (pansi->prev_esc && ch == '\\')
		23	- return ANSI_END;
		24	+ if (pansi->prev_esc)
		25	+ return (ch == '\\') ? ANSI_END : ANSI_ERR;
		26	pansi->prev_esc = (ch == ESC);
		27	return ANSI_MID;
		28	}
		29	--
		30	2.25.1
		31


diff --git a/meta/recipes-extended/less/less_600.bb b/meta/recipes-extended/less/less_600.bb index 9ebe39daab..f68281ac93 100644 --- a/meta/recipes-extended/less/less_600.bb +++ b/meta/recipes-extended/less/less_600.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
26	DEPENDS = "ncurses"	26	DEPENDS = "ncurses"
27		27
28	SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \	28	SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
		29	file://CVE-2022-46663.patch \
29	"	30	"
30		31
31	SRC_URI[sha256sum] = "6633d6aa2b3cc717afb2c205778c7c42c4620f63b1d682f3d12c98af0be74d20"	32	SRC_URI[sha256sum] = "6633d6aa2b3cc717afb2c205778c7c42c4620f63b1d682f3d12c98af0be74d20"