!95 Fix bug related to ctrl-X when output is not a termi

From: @Linux_zhang2024 
Reviewed-by: @shenyangyang01 
Signed-off-by: @shenyangyang01

backport-Avoid-stealing-data-from-an-input-program-that-uses-.patch

@@ -0,0 +1,35 @@
+From c8df315c742fc470e766244ce8efe305a98d720a Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sun, 28 May 2023 15:28:42 -0700
+Subject: [PATCH] Avoid stealing data from an input program that uses the tty
+ at startup, like sudo.
+
+---
+ os.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/os.c b/os.c
+index af95834..7206277 100644
+--- a/os.c
++++ b/os.c
+@@ -114,6 +114,8 @@ static int check_poll(int fd, int tty)
+ {
+ 	struct pollfd poller[2] = { { fd, POLLIN, 0 }, { tty, POLLIN, 0 } };
+ 	int timeout = (waiting_for_data && !(scanning_eof && follow_mode == FOLLOW_NAME)) ? -1 : waiting_for_data_delay;
++	if (!any_data)
++		return (0);
+ 	poll(poller, 2, timeout);
+ #if LESSTEST
+ 	if (ttyin_name == NULL) /* Check for ^X only on a real tty. */
+@@ -136,7 +138,7 @@ static int check_poll(int fd, int tty)
+ 	 * to allow a program piping data into less to have temporary
+ 	 * access to the tty (like sudo asking for a password).
+ 	 */
+-	if (any_data && (poller[0].revents & (POLLIN|POLLHUP|POLLERR)) == 0)
++	if ((poller[0].revents & (POLLIN|POLLHUP|POLLERR)) == 0)
+ 		/* No data available; let caller take action, then try again. */
+ 		return (READ_AGAIN);
+ 	/* There is data (or HUP/ERR) available. Safe to call read() without blocking. */
+-- 
+2.33.0
+

backport-CVE-2024-32487.patch

@@ -0,0 +1,70 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 29 ++++++++++++++++++++++++-----
+ 1 file changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5d7a5ef..987c24a 100644
+--- a/filename.c
++++ b/filename.c
+@@ -133,6 +133,15 @@ static int metachar(char c)
+ 	return (strchr(metachars(), c) != NULL);
+ }
+ 
++/*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
++	return (c == '\n');
++}
++
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+@@ -165,6 +174,9 @@ public char * shell_quoten(constant char *s, size_t slen)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
++			} else if (must_quote(*p))
++			{
++				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -195,15 +207,22 @@ public char * shell_quoten(constant char *s, size_t slen)
+ 		constant char *es = s + slen;
+ 		while (s < es)
+ 		{
+-			if (metachar(*s))
++			if (!metachar(*s))
+ 			{
+-				/*
+-				 * Add the escape char.
+-				 */
++				*np++ = *s++;
++			} else if (must_quote(*s))
++			{
++				/* Surround the char with quotes. */
++				*np++ = openquote;
++				*np++ = *s++;
++				*np++ = closequote;
++			} else
++			{
++				/* Insert an escape char before the char. */
+ 				strcpy(np, esc);
+ 				np += esclen;
++				*np++ = *s++;
+ 			}
+-			*np++ = *s++;
+ 		}
+ 		*np = '\0';
+ 	}
+-- 
+2.43.0
+

backport-Do-not-assume-PATH_MAX-is-defined.patch

@@ -0,0 +1,41 @@
+From eea6fbc196872eeca6f02fcfba298f3e1bb62880 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Thu, 11 Jan 2024 02:18:07 +0100
+Subject: [PATCH] Do not assume PATH_MAX is defined
+
+---
+ filename.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/filename.c b/filename.c
+index f910aa5..c6bc49e 100644
+--- a/filename.c
++++ b/filename.c
+@@ -812,9 +812,24 @@ public char * lrealpath(char *path)
+ 	if (!is_fake_pathname(path))
+ 	{
+ #if HAVE_REALPATH
++		/*
++		 * Not all systems support the POSIX.1-2008 realpath() behavior
++		 * of allocating when passing a NULL argument. And PATH_MAX is
++		 * not required to be defined, or might contain an exceedingly
++		 * big value. We assume that if it is not defined (such as on
++		 * GNU/Hurd), then realpath() accepts NULL.
++		 */
++#ifndef PATH_MAX
++		char *rpath;
++
++		rpath = realpath(path, NULL);
++		if (rpath != NULL)
++			return (rpath);
++#else
+ 		char rpath[PATH_MAX];
+ 		if (realpath(path, rpath) != NULL)
+ 			return (save(rpath));
++#endif
+ #endif
+ 	}
+ 	return (save(path));
+-- 
+2.27.0
+

backport-Don-t-return-READ_AGAIN-from-iread-if-no-data-has-ye.patch

@@ -0,0 +1,49 @@
+From 5e93b7b4f99c3cdda3ab38d19fbf20b17f2536f7 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 27 May 2023 18:56:08 -0700
+Subject: [PATCH] Don't return READ_AGAIN from iread if no data has yet been
+ received, to allow a program piping data into less to have temporary access
+ to the tty (like sudo asking for a password).
+
+---
+ os.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/os.c b/os.c
+index 56e3bf3..7f2d692 100644
+--- a/os.c
++++ b/os.c
+@@ -72,6 +72,7 @@ public int consecutive_nulls = 0;
+ /* Milliseconds to wait for data before displaying "waiting for data" message. */
+ static int waiting_for_data_delay = 4000;
+ static jmp_buf read_label;
++static int any_data = FALSE;
+ 
+ extern int sigs;
+ extern int ignore_eoi;
+@@ -130,7 +131,12 @@ static int check_poll(int fd, int tty)
+ 	if (ignore_eoi && exit_F_on_close && (poller[0].revents & (POLLHUP|POLLIN)) == POLLHUP)
+ 		/* Break out of F loop on HUP due to --exit-follow-on-close. */
+ 		return (READ_INTR);
+-	if ((poller[0].revents & (POLLIN|POLLHUP|POLLERR)) == 0)
++	/*
++	 * Don't return READ_AGAIN if no data has yet been received,
++	 * to allow a program piping data into less to have temporary
++	 * access to the tty (like sudo asking for a password).
++	 */
++	if (any_data && (poller[0].revents & (POLLIN|POLLHUP|POLLERR)) == 0)
+ 		/* No data available; let caller take action, then try again. */
+ 		return (READ_AGAIN);
+ 	/* There is data (or HUP/ERR) available. Safe to call read() without blocking. */
+@@ -282,6 +288,8 @@ start:
+ #endif
+ 		return (READ_ERR);
+ 	}
++	if (n > 0)
++		any_data = TRUE;
+ 	return (n);
+ }
+ 
+-- 
+2.33.0
+

backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

@@ -1,27 +0,0 @@
-From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
-From: Mark Nudelman <markn@greenwoodsoftware.com>
-Date: Fri, 7 Oct 2022 19:25:46 -0700
-Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
-
----
- line.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/line.c b/line.c
-index 236c49a..cba7bdd 100644
---- a/line.c
-+++ b/line.c
-@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
- 		/* Hyperlink ends with \7 or ESC-backslash. */
- 		if (ch == '\7')
- 			return ANSI_END;
--		if (pansi->prev_esc && ch == '\\')
--			return ANSI_END;
-+		if (pansi->prev_esc)
-+                       return (ch == '\\') ? ANSI_END : ANSI_ERR;
- 		pansi->prev_esc = (ch == ESC);
- 		return ANSI_MID;
- 	}
--- 
-2.27.0
-

backport-Fix-bug-related-to-ctrl-X-when-output-is-not-a-termi.patch

@@ -0,0 +1,43 @@
+From ed454a217da417dc052723ea70da8efde0f2e66c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 10 Aug 2024 08:11:59 -0700
+Subject: [PATCH] Fix bug related to ctrl-X when output is not a terminal.
+
+We should not check for ctrl-X input when the output is not
+a terminal. This results in trying to poll and read input
+characters from stdin instead of from the terminal.
+
+This problem existed in v661 so is not strictly a regression
+that needs to be addressed in the upcoming bug fix release,
+but because it's a low-risk fix and has potentially serious
+consequences, I'm including it.
+
+Related to #558.
+---
+ os.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/os.c b/os.c
+index 61c336c..9f89777 100644
+--- a/os.c
++++ b/os.c
+@@ -80,6 +80,7 @@ extern int exit_F_on_close;
+ extern int follow_mode;
+ extern int scanning_eof;
+ extern char intr_char;
++extern int is_tty;
+ #if !MSDOS_COMPILER
+ extern int tty;
+ #endif
+@@ -237,7 +238,7 @@ start:
+ 	}
+ #endif
+ #if USE_POLL
+-	if (fd != tty && use_poll)
++	if (is_tty && fd != tty && use_poll)
+ 	{
+ 		int ret = check_poll(fd, tty);
+ 		if (ret != 0)
+-- 
+2.33.0
+

backport-Fix-for-previous-fix.patch

@@ -0,0 +1,25 @@
+From fd2a746b7c967c9f8d3739daf6701f8d3267442f Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sun, 28 May 2023 12:07:31 -0700
+Subject: [PATCH] Fix for previous fix.
+
+---
+ os.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/os.c b/os.c
+index 7f2d692..af95834 100644
+--- a/os.c
++++ b/os.c
+@@ -288,7 +288,7 @@ start:
+ #endif
+ 		return (READ_ERR);
+ 	}
+-	if (n > 0)
++	if (fd != tty && n > 0)
+ 		any_data = TRUE;
+ 	return (n);
+ }
+-- 
+2.33.0
+

backport-Implement-osc8_open.patch

@@ -0,0 +1,69 @@
+From 90d9d12ba9d3818a0074f33c5153b577d07aa8fd Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Tue, 16 Jan 2024 18:14:33 -0800
+Subject: [PATCH] Implement osc8_open().
+
+---
+ filename.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 672dc94..5d7a5ef 100644
+--- a/filename.c
++++ b/filename.c
+@@ -136,7 +136,7 @@ static int metachar(char c)
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+-public char * shell_quote(constant char *s)
++public char * shell_quoten(constant char *s, size_t slen)
+ {
+ 	constant char *p;
+ 	char *np;
+@@ -151,7 +151,7 @@ public char * shell_quote(constant char *s)
+ 	 * Determine how big a string we need to allocate.
+ 	 */
+ 	len = 1; /* Trailing null byte */
+-	for (p = s;  *p != '\0';  p++)
++	for (p = s;  p < s + slen;  p++)
+ 	{
+ 		len++;
+ 		if (*p == openquote || *p == closequote)
+@@ -181,7 +181,7 @@ public char * shell_quote(constant char *s)
+ 			 * We can't quote a string that contains quotes.
+ 			 */
+ 			return (NULL);
+-		len = (int) strlen(s) + 3;
++		len = slen + 3;
+ 	}
+ 	/*
+ 	 * Allocate and construct the new string.
+@@ -189,10 +189,11 @@ public char * shell_quote(constant char *s)
+ 	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+-		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
++		SNPRINTF4(newstr, len, "%c%.*s%c", openquote, (int) slen, s, closequote);
+ 	} else
+ 	{
+-		while (*s != '\0')
++		constant char *es = s + slen;
++		while (s < es)
+ 		{
+ 			if (metachar(*s))
+ 			{
+@@ -209,6 +210,11 @@ public char * shell_quote(constant char *s)
+ 	return (newstr);
+ }
+ 
++public char * shell_quote(char *s)
++{
++	return shell_quoten(s, strlen(s));
++}
++
+ /*
+  * Return a pathname that points to a specified file in a specified directory.
+  * Return NULL if the file does not exist in the directory.
+-- 
+2.43.0
+

backport-Some-constifying.patch

@@ -0,0 +1,59 @@
+From 756acc92c9d6bea9929d9105207e081054be05fb Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Mon, 6 Nov 2023 11:44:08 -0800
+Subject: [PATCH] Some constifying.
+
+---
+ filename.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index a8726dc..672dc94 100644
+--- a/filename.c
++++ b/filename.c
+@@ -136,12 +136,13 @@ static int metachar(char c)
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+-public char * shell_quote(char *s)
++public char * shell_quote(constant char *s)
+ {
+-	char *p;
++	constant char *p;
++	char *np;
+ 	char *newstr;
+ 	int len;
+-	char *esc = get_meta_escape();
++	constant char *esc = get_meta_escape();
+ 	int esclen = (int) strlen(esc);
+ 	int use_quotes = 0;
+ 	int have_quotes = 0;
+@@ -185,7 +186,7 @@ public char * shell_quote(char *s)
+ 	/*
+ 	 * Allocate and construct the new string.
+ 	 */
+-	newstr = p = (char *) ecalloc(len, sizeof(char));
++	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+ 		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
+@@ -198,12 +199,12 @@ public char * shell_quote(char *s)
+ 				/*
+ 				 * Add the escape char.
+ 				 */
+-				strcpy(p, esc);
+-				p += esclen;
++				strcpy(np, esc);
++				np += esclen;
+ 			}
+-			*p++ = *s++;
++			*np++ = *s++;
+ 		}
+-		*p = '\0';
++		*np = '\0';
+ 	}
+ 	return (newstr);
+ }
+-- 
+2.43.0
+

less-475-fsync.patch

@@ -1,7 +1,15 @@
-diff -ur less-418.orig/configure.ac less-418/configure.ac
---- less-418.orig/configure.ac	2008-12-22 07:10:44.000000000 -0500
-+++ less-418/configure.ac	2008-12-22 07:28:58.000000000 -0500
-@@ -203,6 +203,8 @@
+From 5396b6b77d0248678f716038dc747d6898acb0b3 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Fri, 22 Jan 2021 09:49:13 -0500
+Subject: [PATCH] Test for fsync on tty
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+
+Modified for less 581.2 Filip Januš <fjanus@redhat.com>
+diff -ur less-581.2/configure.ac less_fsync/configure.ac
+--- less-581.2/configure.ac	2021-04-28 17:00:08.000000000 +0200
++++ less_fsync/configure.ac	2021-05-06 10:59:07.560062397 +0200
+@@ -221,6 +221,8 @@
  	[Define HAVE_TIME_T if your system supports the "time_t" type.])
  AH_TEMPLATE([HAVE_STRERROR],
  	[Define HAVE_STRERROR if you have the strerror() function.])
@@ -10,18 +18,18 @@ diff -ur less-418.orig/configure.ac less-418/configure.ac
  AH_TEMPLATE([HAVE_FILENO],
  	[Define HAVE_FILENO if you have the fileno() macro.])
  AH_TEMPLATE([HAVE_ERRNO],
-@@ -251,7 +253,7 @@
+@@ -274,7 +276,7 @@
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[int f(int a) { return a; }]])],[AC_MSG_RESULT(yes); AC_DEFINE(HAVE_ANSI_PROTOS)],[AC_MSG_RESULT(no)])
  
  # Checks for library functions.
- AC_TYPE_SIGNAL
--AC_CHECK_FUNCS([fchmod fsync nanosleep poll popen realpath _setjmp sigprocmask sigsetmask snprintf stat system ttyname usleep])
-+AC_CHECK_FUNCS([popen _setjmp sigprocmask sigsetmask snprintf stat system fchmod realpath])
+-AC_CHECK_FUNCS([fchmod fsync nanosleep poll popen realpath _setjmp sigprocmask sigsetmask snprintf stat strsignal system ttyname usleep])
++AC_CHECK_FUNCS([fchmod nanosleep poll popen realpath _setjmp sigprocmask sigsetmask snprintf stat strsignal system ttyname usleep])
  
  # AC_CHECK_FUNCS may not work for inline functions, so test these separately.
  AC_MSG_CHECKING(for memcpy)
-@@ -298,6 +300,16 @@
- #endif], [static char *x; x = strerror(0);],
-   [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_STRERROR)], [AC_MSG_RESULT(no)])
+@@ -321,6 +323,16 @@
+ #include <errno.h>
+ #endif]], [[static char *x; x = strerror(0);]])],[AC_MSG_RESULT(yes); AC_DEFINE(HAVE_STRERROR)],[AC_MSG_RESULT(no)])
  
 +AC_MSG_CHECKING(for fsync)
 +AC_TRY_RUN([
@@ -34,5 +42,5 @@ diff -ur less-418.orig/configure.ac less-418/configure.ac
 +}], [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_FSYNC)], [AC_MSG_RESULT(no)])
 +
  AC_MSG_CHECKING(for sys_errlist)
- AC_TRY_LINK(, [extern char *sys_errlist[]; static char **x; x = sys_errlist;], 
-   [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_SYS_ERRLIST)], [AC_MSG_RESULT(no)])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *sys_errlist[]; static char **x; x = sys_errlist;]])],[AC_MSG_RESULT(yes); AC_DEFINE(HAVE_SYS_ERRLIST)],[AC_MSG_RESULT(no)])
+ 

less.spec

@@ -1,13 +1,20 @@
 Name:		less
-Version:	608
-Release:        4
+Version:	633
+Release:        5
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
 Source0:	http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Patch0:         less-394-time.patch
 Patch1:         less-475-fsync.patch
-Patch6000:      backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
+Patch2:         backport-Some-constifying.patch
+Patch3:         backport-Implement-osc8_open.patch
+Patch4:         backport-CVE-2024-32487.patch
+Patch5:         backport-Don-t-return-READ_AGAIN-from-iread-if-no-data-has-ye.patch
+Patch6:         backport-Fix-for-previous-fix.patch
+Patch7:         backport-Avoid-stealing-data-from-an-input-program-that-uses-.patch
+Patch8:         backport-Do-not-assume-PATH_MAX-is-defined.patch
+Patch9:         backport-Fix-bug-related-to-ctrl-X-when-output-is-not-a-termi.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -46,6 +53,21 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Mon Jan 27 2025 Linux_zhang <zhangruifang@h-partners.com> - 633-5
+- Fix bug related to ctrl-X when output is not a termi
+
+* Fri May 10 2024 baiguo <baiguo@kylinos.cn> - 633-4
+- Do not assume PATH_MAX is defined 
+
+* Mon Apr 29 2024 huyubiao <huyubiao@huawei.com> - 633-3
+- fix problem when a program piping into less reads from the tty, like sudo asking for password
+
+* Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 633-2
+- fix CVE-2024-32487
+
+* Tue Jan 30 2024 hongjinghao <hongjinghao@huawei.com> - 633-1
+- Update to 633
+ 
 * Thu Mar 16 2023 EibzChan <chenbingzhao@huawei.com> - 608-4
 - remove unstable test patches and test compilation option