From 79dda241c876c407bebc5a9d799c850f932a6b30 Mon Sep 17 00:00:00 2001
From: hongjinghao <hongjinghao@huawei.com>
Date: Thu, 16 Feb 2023 11:32:21 +0800
Subject: [PATCH] fix CVE-2022-46663

(cherry picked from commit 8819807fa8329abc7cf744bfe506c5275bff4f1b)
---
 ...nk-on-invalid-embedded-escape-sequen.patch | 27 +++++++++++++++++++
 less.spec                                     |  6 ++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

diff --git a/backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch b/backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
new file mode 100644
index 0000000..bddeea5
--- /dev/null
+++ b/backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
@@ -0,0 +1,27 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49a..cba7bdd 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++     		        return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+-- 
+2.27.0
+
diff --git a/less.spec b/less.spec
index 4ca5819..61cd6c5 100644
--- a/less.spec
+++ b/less.spec
@@ -1,6 +1,6 @@
 Name:		less
 Version:	590
-Release:        3
+Release:        4
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
@@ -8,6 +8,7 @@ Source0:	http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
 Patch0:         less-394-time.patch
 Patch6000:      backport-Fix-memory-leak-when-using-corrupt-lesshst-file.patch
 Patch6001:      backport-Fix-crash-when-enter-invaid-pattern-in-command.patch
+Patch6002:	backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -46,6 +47,9 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Thu Feb 16 2023 hongjinghao <hongjinghao@huawei.com> - 590-4
+- fix CVE-2022-46663
+
 * Fri Dec 9 2022 Eibz-Chan <chenbingzhao@huawei.com> - 590-3
 - Type:bugfix
 - ID:NA
-- 
Gitee