From 5cc1abcb8afda73c048907478c8617a7e55710e9 Mon Sep 17 00:00:00 2001
From: wangjiang <wangjiang37@h-partners.com>
Date: Mon, 22 Apr 2024 14:37:12 +0800
Subject: [PATCH] fix CVE-2024-32487

(cherry picked from commit af9f9c64c33c5dcc7eb71d2046b649321fbac25f)
---
 backport-CVE-2024-32487.patch      | 70 +++++++++++++++++++++++++++++
 backport-Implement-osc8_open.patch | 71 ++++++++++++++++++++++++++++++
 backport-Some-constifying.patch    | 56 +++++++++++++++++++++++
 less.spec                          |  8 +++-
 4 files changed, 204 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-32487.patch
 create mode 100644 backport-Implement-osc8_open.patch
 create mode 100644 backport-Some-constifying.patch

diff --git a/backport-CVE-2024-32487.patch b/backport-CVE-2024-32487.patch
new file mode 100644
index 0000000..2be4c3c
--- /dev/null
+++ b/backport-CVE-2024-32487.patch
@@ -0,0 +1,70 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 64d9ded..8b7d800 100644
+--- a/filename.c
++++ b/filename.c
+@@ -135,6 +135,15 @@ metachar(c)
+ 	return (strchr(metachars(), c) != NULL);
+ }
+ 
++/*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
++	return (c == '\n');
++}
++
+ /*
+  * Insert a backslash before each metacharacter in a string.
+  */
+@@ -170,6 +179,9 @@ shell_quoten(s)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
++			} else if (must_quote(*p))
++			{
++				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -200,15 +212,25 @@ shell_quoten(s)
+ 		constant char *es = s + slen;
+ 		while (s < es)
+ 		{
+-			if (metachar(*s))
++			if (!metachar(*s))
+ 			{
+ 				/*
+ 				 * Add the escape char.
+ 				 */
++				*np++ = *s++;
++			} else if (must_quote(*s))
++			{
++				/* Surround the char with quotes. */
++				*np++ = openquote;
++				*np++ = *s++;
++				*np++ = closequote;
++			} else
++			{
++				/* Insert an escape char before the char. */
+ 				strcpy(np, esc);
+ 				np += esclen;
++				*np++ = *s++;
+ 			}
+-			*np++ = *s++;
+ 		}
+ 		*np = '\0';
+ 	}
+-- 
+2.43.0
+
diff --git a/backport-Implement-osc8_open.patch b/backport-Implement-osc8_open.patch
new file mode 100644
index 0000000..82b436f
--- /dev/null
+++ b/backport-Implement-osc8_open.patch
@@ -0,0 +1,71 @@
+From 90d9d12ba9d3818a0074f33c5153b577d07aa8fd Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Tue, 16 Jan 2024 18:14:33 -0800
+Subject: [PATCH] Implement osc8_open().
+
+---
+ filename.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 482d264..64d9ded 100644
+--- a/filename.c
++++ b/filename.c
+@@ -139,8 +139,9 @@ metachar(c)
+  * Insert a backslash before each metacharacter in a string.
+  */
+ 	public char *
+-shell_quote(s)
++shell_quoten(s, slen)
+ 	char *s;
++	size_t slen;
+ {
+ 	constant char *p;
+ 	char *np;
+@@ -155,7 +156,7 @@ shell_quote(s)
+ 	 * Determine how big a string we need to allocate.
+ 	 */
+ 	len = 1; /* Trailing null byte */
+-	for (p = s;  *p != '\0';  p++)
++	for (p = s;  p < s + slen;  p++)
+ 	{
+ 		len++;
+ 		if (*p == openquote || *p == closequote)
+@@ -185,7 +186,7 @@ shell_quote(s)
+ 			 * We can't quote a string that contains quotes.
+ 			 */
+ 			return (NULL);
+-		len = (int) strlen(s) + 3;
++		len = slen + 3;
+ 	}
+ 	/*
+ 	 * Allocate and construct the new string.
+@@ -193,10 +194,11 @@ shell_quote(s)
+ 	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+-		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
++		SNPRINTF4(newstr, len, "%c%.*s%c", openquote, (int) slen, s, closequote);
+ 	} else
+ 	{
+-		while (*s != '\0')
++		constant char *es = s + slen;
++		while (s < es)
+ 		{
+ 			if (metachar(*s))
+ 			{
+@@ -213,6 +215,11 @@ shell_quote(s)
+ 	return (newstr);
+ }
+ 
++public char * shell_quote(char *s)
++{
++	return shell_quoten(s, strlen(s));
++}
++
+ /*
+  * Return a pathname that points to a specified file in a specified directory.
+  * Return NULL if the file does not exist in the directory.
+-- 
+2.43.0
+
diff --git a/backport-Some-constifying.patch b/backport-Some-constifying.patch
new file mode 100644
index 0000000..63069d7
--- /dev/null
+++ b/backport-Some-constifying.patch
@@ -0,0 +1,56 @@
+From 756acc92c9d6bea9929d9105207e081054be05fb Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Mon, 6 Nov 2023 11:44:08 -0800
+Subject: [PATCH] Some constifying.
+
+---
+ filename.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 2ce7070..482d264 100644
+--- a/filename.c
++++ b/filename.c
+@@ -142,10 +142,11 @@ metachar(c)
+ shell_quote(s)
+ 	char *s;
+ {
+-	char *p;
++	constant char *p;
++	char *np;
+ 	char *newstr;
+ 	int len;
+-	char *esc = get_meta_escape();
++	constant char *esc = get_meta_escape();
+ 	int esclen = (int) strlen(esc);
+ 	int use_quotes = 0;
+ 	int have_quotes = 0;
+@@ -189,7 +190,7 @@ shell_quote(s)
+ 	/*
+ 	 * Allocate and construct the new string.
+ 	 */
+-	newstr = p = (char *) ecalloc(len, sizeof(char));
++	newstr = np = (char *) ecalloc(len, sizeof(char));
+ 	if (use_quotes)
+ 	{
+ 		SNPRINTF3(newstr, len, "%c%s%c", openquote, s, closequote);
+@@ -202,12 +203,12 @@ shell_quote(s)
+ 				/*
+ 				 * Add the escape char.
+ 				 */
+-				strcpy(p, esc);
+-				p += esclen;
++				strcpy(np, esc);
++				np += esclen;
+ 			}
+-			*p++ = *s++;
++			*np++ = *s++;
+ 		}
+-		*p = '\0';
++		*np = '\0';
+ 	}
+ 	return (newstr);
+ }
+-- 
+2.43.0
+
diff --git a/less.spec b/less.spec
index 0b67f01..d03c4f4 100644
--- a/less.spec
+++ b/less.spec
@@ -1,6 +1,6 @@
 Name:		less
 Version:	590
-Release:        5
+Release:        6
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
@@ -10,6 +10,9 @@ Patch6000:      backport-Fix-memory-leak-when-using-corrupt-lesshst-file.patch
 Patch6001:      backport-Fix-crash-when-enter-invaid-pattern-in-command.patch
 Patch6002:	backport-End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
 Patch6003:      backport-Shell-quote-filenames-when-invoking-LESSCLOSE.patch
+Patch6004:      backport-Some-constifying.patch
+Patch6005:      backport-Implement-osc8_open.patch
+Patch6006:      backport-CVE-2024-32487.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -48,6 +51,9 @@ autoreconf -ivf
 %{_mandir}/man1/*
 
 %changelog
+* Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 590-6
+- fix CVE-2024-32487
+
 * Mon Feb 19 2024 liweigang <izmirvii@gmail.com> - 590-5
 - fix CVE-2022-48624
 
-- 
Gitee