fix CVE-2022-46663

backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

@@ -0,0 +1,27 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++                       return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+-- 
+2.27.0
+

less.spec

@@ -1,6 +1,6 @@
 Name:		less
 Version:	608
-Release:        2
+Release:        3
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
@@ -50,6 +50,7 @@ Patch6039:      backport-makecheck-0039-lesstest-Add-some-initial-lt-files.patch
 Patch6040:      backport-makecheck-0040-lesstest-Remove-empty-lt-file.patch
 Patch6041:      backport-makecheck-0041-lesstest-Add-a-couple-more-lt-files.patch
 Patch6042:      backport-makecheck-0042-Make-make-check-work-regardless-of-directory-where-l.patch
+Patch6043:      backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -91,6 +92,9 @@ make check
 %{_mandir}/man1/*
 
 %changelog
+* Fri Feb 17 2023 hongjinghao <hongjinghao@huawei.com> - 608-3
+- fix CVE-2022-46663
+
 * Thu Dec 15 2022 EibzChan <chenbingzhao@huawei.com> - 608-2
 - Type:test enhancement
 - ID:NA