From 0adfac0d005166315a69c6f7643932b7afa3d825 Mon Sep 17 00:00:00 2001
From: hongjinghao <hongjinghao@huawei.com>
Date: Wed, 21 Feb 2024 09:51:28 +0800
Subject: [PATCH] fix CVE-2022-48624

---
 backport-CVE-2022-48624.patch | 38 +++++++++++++++++++++++++++++++++++
 less.spec                     |  5 ++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-48624.patch

diff --git a/backport-CVE-2022-48624.patch b/backport-CVE-2022-48624.patch
new file mode 100644
index 0000000..fdd4244
--- /dev/null
+++ b/backport-CVE-2022-48624.patch
@@ -0,0 +1,38 @@
+From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 25 Jun 2022 11:54:43 -0700
+Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
+
+---
+ filename.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5824e385..dff20c08 100644
+--- a/filename.c
++++ b/filename.c
+@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
+ {
+ #if HAVE_POPEN
+ 	char *lessclose;
++	char *qfilename;
++	char *qaltfilename;
+ 	FILE *fd;
+ 	char *cmd;
+ 	int len;
+@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
+ 		error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
+ 		return;
+ 	}
+-	len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
++	qfilename = shell_quote(filename);
++	qaltfilename = shell_quote(altfilename);
++	len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
+ 	cmd = (char *) ecalloc(len, sizeof(char));
+-	SNPRINTF2(cmd, len, lessclose, filename, altfilename);
++	SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
++	free(qaltfilename);
++	free(qfilename);
+ 	fd = shellcmd(cmd);
+ 	free(cmd);
+ 	if (fd != NULL)
diff --git a/less.spec b/less.spec
index 61cd6c5..3b3b5c0 100644
--- a/less.spec
+++ b/less.spec
@@ -1,6 +1,6 @@
 Name:		less
 Version:	590
-Release:        4
+Release:        5
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
@@ -9,6 +9,7 @@ Patch0:         less-394-time.patch
 Patch6000:      backport-Fix-memory-leak-when-using-corrupt-lesshst-file.patch
 Patch6001:      backport-Fix-crash-when-enter-invaid-pattern-in-command.patch
 Patch6002:	backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
+Patch6003:      backport-CVE-2022-48624.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -47,6 +48,8 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Wed Feb 21 2024 hongjinghao <hongjinghao@huawei.com> - 590-5
+- fix CVE-2022-48624
 * Thu Feb 16 2023 hongjinghao <hongjinghao@huawei.com> - 590-4
 - fix CVE-2022-46663
 
-- 
Gitee