less: fix CVE-2024-32487

(From OE-Core rev: bd1c48510a01cd368955e0b8707022e3427e00db) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2024-07-16 09:36:39 +0000
committer: Steve Sakoman <steve@sakoman.com> 2024-07-23 06:05:47 -0700
commit: fbd068df2185c40db4bb73cf4c1d498d2f0dd03c (patch)
tree: 7427f7e879babe9a0c9ef09a00a739a100ebb5ab /meta/recipes-extended
parent: 7c4954d9027e0fa179b2f87db09940fe55ccd601 (diff)
download: poky-fbd068df2185c40db4bb73cf4c1d498d2f0dd03c.tar.gz
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-extended/less/files/CVE-2024-32487.patch b/meta/recipes-extended/less/files/CVE-2024-32487.patch
new file mode 100644
index 0000000000..2d33099cd3
--- /dev/null
+++ b/meta/recipes-extended/less/files/CVE-2024-32487.patch
@@ -0,0 +1,74 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+CVE: CVE-2024-32487
+Upstream-Status: Backport [https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ filename.c | 29 ++++++++++++++++++++++++-----
+ 1 file changed, 24 insertions(+), 5 deletions(-)
+diff --git a/filename.c b/filename.c
+index a8726dc..c4b35b1 100644
+--- a/filename.c
+++ b/filename.c
+@@ -133,6 +133,15 @@ static int metachar(char c)
+        return (strchr(metachars(), c) != NULL);
+ }
+/*
+ * Must use quotes rather than escape char for this metachar?
+ */
+static int must_quote(char c)
+{
+       /* {{ Maybe the set of must_quote chars should be configurable? }} */
+       return (c == '\n');
+}
+
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
+                                 * doesn't support escape chars.  Use quotes.
+                                 */
+                                use_quotes = 1;
+                       } else if (must_quote(*p))
+                       {
+                               len += 3; /* open quote + char + close quote */
+                        } else
+                        {
+                                /*
+@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
+        {
+                while (*s != '\0')
+                {
+-                       if (metachar(*s))
+                       if (!metachar(*s))
+                        {
+-                               /*
+-                                * Add the escape char.
+-                                */
+                               *p++ = *s++;
+                       } else if (must_quote(*s))
+                       {
+                               /* Surround the char with quotes. */
+                               *p++ = openquote;
+                               *p++ = *s++;
+                               *p++ = closequote;
+                       } else
+                       {
+                               /* Insert an escape char before the char. */
+                                strcpy(p, esc);
+                                p += esclen;
+                               *p++ = *s++;
+                        }
+-                       *p++ = *s++;
+                }
+                *p = '\0';
+        }
+--
+2.40.0
diff --git a/meta/recipes-extended/less/less_643.bb b/meta/recipes-extended/less/less_643.bb
index 67834bdd58..537283bde4 100644
--- a/meta/recipes-extended/less/less_643.bb
+++ b/meta/recipes-extended/less/less_643.bb
@@ -27,6 +27,7 @@ DEPENDS = "ncurses"
 SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
           file://run-ptest \
+           file://CVE-2024-32487.patch \
           "
 SRC_URI[sha256sum] = "2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8"
author	Archana Polampalli <archana.polampalli@windriver.com>	2024-07-16 09:36:39 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-07-23 06:05:47 -0700
commit	fbd068df2185c40db4bb73cf4c1d498d2f0dd03c (patch)
tree	7427f7e879babe9a0c9ef09a00a739a100ebb5ab /meta/recipes-extended
parent	7c4954d9027e0fa179b2f87db09940fe55ccd601 (diff)
download	poky-fbd068df2185c40db4bb73cf4c1d498d2f0dd03c.tar.gz

diff --git a/meta/recipes-extended/less/files/CVE-2024-32487.patch b/meta/recipes-extended/less/files/CVE-2024-32487.patch new file mode 100644 index 0000000000..2d33099cd3 --- /dev/null +++ b/meta/recipes-extended/less/files/CVE-2024-32487.patch
@@ -0,0 +1,74 @@
		1	From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
		2	From: Mark Nudelman <markn@greenwoodsoftware.com>
		3	Date: Thu, 11 Apr 2024 17:49:48 -0700
		4	Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
		5
		6	CVE: CVE-2024-32487
		7
		8	Upstream-Status: Backport [https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33]
		9
		10	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		11	---
		12	filename.c \| 29 ++++++++++++++++++++++++-----
		13	1 file changed, 24 insertions(+), 5 deletions(-)
		14
		15	diff --git a/filename.c b/filename.c
		16	index a8726dc..c4b35b1 100644
		17	--- a/filename.c
		18	+++ b/filename.c
		19	@@ -133,6 +133,15 @@ static int metachar(char c)
		20	return (strchr(metachars(), c) != NULL);
		21	}
		22
		23	+/*
		24	+ * Must use quotes rather than escape char for this metachar?
		25	+ */
		26	+static int must_quote(char c)
		27	+{
		28	+ /* {{ Maybe the set of must_quote chars should be configurable? }} */
		29	+ return (c == '\n');
		30	+}
		31	+
		32	/*
		33	* Insert a backslash before each metacharacter in a string.
		34	*/
		35	@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
		36	* doesn't support escape chars. Use quotes.
		37	*/
		38	use_quotes = 1;
		39	+ } else if (must_quote(*p))
		40	+ {
		41	+ len += 3; /* open quote + char + close quote */
		42	} else
		43	{
		44	/*
		45	@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
		46	{
		47	while (*s != '\0')
		48	{
		49	- if (metachar(*s))
		50	+ if (!metachar(*s))
		51	{
		52	- /*
		53	- * Add the escape char.
		54	- */
		55	+ p++ = s++;
		56	+ } else if (must_quote(*s))
		57	+ {
		58	+ /* Surround the char with quotes. */
		59	+ *p++ = openquote;
		60	+ p++ = s++;
		61	+ *p++ = closequote;
		62	+ } else
		63	+ {
		64	+ /* Insert an escape char before the char. */
		65	strcpy(p, esc);
		66	p += esclen;
		67	+ p++ = s++;
		68	}
		69	- p++ = s++;
		70	}
		71	*p = '\0';
		72	}
		73	--
		74	2.40.0


diff --git a/meta/recipes-extended/less/less_643.bb b/meta/recipes-extended/less/less_643.bb index 67834bdd58..537283bde4 100644 --- a/meta/recipes-extended/less/less_643.bb +++ b/meta/recipes-extended/less/less_643.bb
@@ -27,6 +27,7 @@ DEPENDS = "ncurses"
27		27
28	SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \	28	SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
29	file://run-ptest \	29	file://run-ptest \
		30	file://CVE-2024-32487.patch \
30	"	31	"
31		32
32	SRC_URI[sha256sum] = "2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8"	33	SRC_URI[sha256sum] = "2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8"