fix CVE-2024-32487

(cherry picked from commit 40e778a4dd7eb55923df57222dc3f7116eae2a7e)

backport-CVE-2024-32487.patch

@@ -0,0 +1,70 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 29 ++++++++++++++++++++++++-----
+ 1 file changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5d7a5ef..987c24a 100644
+--- a/filename.c
++++ b/filename.c
+@@ -133,6 +133,15 @@ static int metachar(char c)
+ 	return (strchr(metachars(), c) != NULL);
+ }
+ 
++/*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
++	return (c == '\n');
++}
++
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+@@ -165,6 +174,9 @@ public char * shell_quoten(constant char *s, size_t slen)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
++			} else if (must_quote(*p))
++			{
++				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -195,15 +207,22 @@ public char * shell_quoten(constant char *s, size_t slen)
+ 		constant char *es = s + slen;
+ 		while (s < es)
+ 		{
+-			if (metachar(*s))
++			if (!metachar(*s))
+ 			{
+-				/*
+-				 * Add the escape char.
+-				 */
++				*np++ = *s++;
++			} else if (must_quote(*s))
++			{
++				/* Surround the char with quotes. */
++				*np++ = openquote;
++				*np++ = *s++;
++				*np++ = closequote;
++			} else
++			{
++				/* Insert an escape char before the char. */
+ 				strcpy(np, esc);
+ 				np += esclen;
++				*np++ = *s++;
+ 			}
+-			*np++ = *s++;
+ 		}
+ 		*np = '\0';
+ 	}
+-- 
+2.43.0
+

backport-Implement-osc8_open.patch

@@ -0,0 +1,69 @@
+From 90d9d12ba9d3818a0074f33c5153b577d07aa8fd Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Tue, 16 Jan 2024 18:14:33 -0800
+Subject: [PATCH] Implement osc8_open().
+
+---
+ filename.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 672dc94..5d7a5ef 100644
+--- a/filename.c
++++ b/filename.c
+@@ -136,7 +136,7 @@ static int metachar(char c)
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+-public char * shell_quote(constant char *s)
++public char * shell_quoten(constant char *s, size_t slen)
+ {
+ 	constant char *p;
+ 	char *np;
+@@ -151,7 +151,7 @@ public char * shell_quote(constant char *s)
+ 	 * Determine how big a string we need to allocate.
+ 	 */
+ 	len = 1; /* Trailing null byte */
+-	for (p = s;  *p != '\0';  p++)
++	for (p = s;  p < s + slen;  p++)
+ 	{
+ 		len++;
+ 		if (*p == openquote || *p == closequote)
+@@ -181,7 +181,7 @@ public char * shell_quote(constant char *s)
+ 			 * We can't quote a string that contains quotes.
+ 			 */
+ 			return (NULL);
+-		len = (int) strlen(s) + 3;
++		len = slen + 3;
+ 	}
+ 	/*
+ 	 * Allocate and construct the new string.
+@@ -189,10 +189,11 @@ public char * shell_quote(constant char *s)
+ 	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+-		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
++		SNPRINTF4(newstr, len, "%c%.*s%c", openquote, (int) slen, s, closequote);
+ 	} else
+ 	{
+-		while (*s != '\0')
++		constant char *es = s + slen;
++		while (s < es)
+ 		{
+ 			if (metachar(*s))
+ 			{
+@@ -209,6 +210,11 @@ public char * shell_quote(constant char *s)
+ 	return (newstr);
+ }
+ 
++public char * shell_quote(char *s)
++{
++	return shell_quoten(s, strlen(s));
++}
++
+ /*
+  * Return a pathname that points to a specified file in a specified directory.
+  * Return NULL if the file does not exist in the directory.
+-- 
+2.43.0
+

backport-Some-constifying.patch

@@ -0,0 +1,59 @@
+From 756acc92c9d6bea9929d9105207e081054be05fb Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Mon, 6 Nov 2023 11:44:08 -0800
+Subject: [PATCH] Some constifying.
+
+---
+ filename.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index a8726dc..672dc94 100644
+--- a/filename.c
++++ b/filename.c
+@@ -136,12 +136,13 @@ static int metachar(char c)
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+-public char * shell_quote(char *s)
++public char * shell_quote(constant char *s)
+ {
+-	char *p;
++	constant char *p;
++	char *np;
+ 	char *newstr;
+ 	int len;
+-	char *esc = get_meta_escape();
++	constant char *esc = get_meta_escape();
+ 	int esclen = (int) strlen(esc);
+ 	int use_quotes = 0;
+ 	int have_quotes = 0;
+@@ -185,7 +186,7 @@ public char * shell_quote(char *s)
+ 	/*
+ 	 * Allocate and construct the new string.
+ 	 */
+-	newstr = p = (char *) ecalloc(len, sizeof(char));
++	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+ 		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
+@@ -198,12 +199,12 @@ public char * shell_quote(char *s)
+ 				/*
+ 				 * Add the escape char.
+ 				 */
+-				strcpy(p, esc);
+-				p += esclen;
++				strcpy(np, esc);
++				np += esclen;
+ 			}
+-			*p++ = *s++;
++			*np++ = *s++;
+ 		}
+-		*p = '\0';
++		*np = '\0';
+ 	}
+ 	return (newstr);
+ }
+-- 
+2.43.0
+

less.spec

@@ -1,12 +1,15 @@
 Name:		less
 Version:	633
-Release:        1
+Release:        2
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
 Source0:	http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Patch0:         less-394-time.patch
 Patch1:         less-475-fsync.patch
+Patch2:         backport-Some-constifying.patch
+Patch3:         backport-Implement-osc8_open.patch
+Patch4:         backport-CVE-2024-32487.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -45,6 +48,9 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 633-2
+- fix CVE-2024-32487
+
 * Tue Jan 30 2024 hongjinghao <hongjinghao@huawei.com> - 633-1
 - Update to 633