Home Explore Help
Sign In
crispAudio
/
poky
mirror of git://git.yoctoproject.org/poky
5
0
Fork 0
Files Issues 0 Wiki
Browse Source

less: fix CVE-2024-32487

(From OE-Core rev: bd1c48510a01cd368955e0b8707022e3427e00db)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Archana Polampalli 10 months ago
parent
7c4954d902
commit
fbd068df21
2 changed files with 75 additions and 0 deletions
Split View Show Diff Stats
  1. 74 0
      meta/recipes-extended/less/files/CVE-2024-32487.patch
  2. 1 0
      meta/recipes-extended/less/less_643.bb

+ 74 - 0
meta/recipes-extended/less/files/CVE-2024-32487.patch
View File 

@@ -0,0 +1,74 @@
 
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
 
+From: Mark Nudelman <markn@greenwoodsoftware.com>
 
+Date: Thu, 11 Apr 2024 17:49:48 -0700
 
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
 
+
 
+CVE: CVE-2024-32487
 
+
 
+Upstream-Status: Backport [https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33]
 
+
 
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
 
+---
 
+ filename.c | 29 ++++++++++++++++++++++++-----
 
+ 1 file changed, 24 insertions(+), 5 deletions(-)
 
+
 
+diff --git a/filename.c b/filename.c
 
+index a8726dc..c4b35b1 100644
 
+--- a/filename.c
 
++++ b/filename.c
 
+@@ -133,6 +133,15 @@ static int metachar(char c)
 
+	return (strchr(metachars(), c) != NULL);
 
+ }
 
+
 
++/*
 
++ * Must use quotes rather than escape char for this metachar?
 
++ */
 
++static int must_quote(char c)
 
++{
 
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
 
++	return (c == '\n');
 
++}
 
++
 
+ /*
 
+  * Insert a backslash before each metacharacter in a string.
 
+  */
 
+@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
 
+				 * doesn't support escape chars.  Use quotes.
 
+				 */
 
+				use_quotes = 1;
 
++			} else if (must_quote(*p))
 
++			{
 
++				len += 3; /* open quote + char + close quote */
 
+			} else
 
+			{
 
+				/*
 
+@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
 
+	{
 
+		while (*s != '\0')
 
+		{
 
+-			if (metachar(*s))
 
++			if (!metachar(*s))
 
+			{
 
+-				/*
 
+-				 * Add the escape char.
 
+-				 */
 
++				*p++ = *s++;
 
++			} else if (must_quote(*s))
 
++			{
 
++				/* Surround the char with quotes. */
 
++				*p++ = openquote;
 
++				*p++ = *s++;
 
++				*p++ = closequote;
 
++			} else
 
++			{
 
++				/* Insert an escape char before the char. */
 
+				strcpy(p, esc);
 
+				p += esclen;
 
++				*p++ = *s++;
 
+			}
 
+-			*p++ = *s++;
 
+		}
 
+		*p = '\0';
 
+	}
 
+--
 
+2.40.0

+ 1 - 0
meta/recipes-extended/less/less_643.bb
View File 

@@ -27,6 +27,7 @@ DEPENDS = "ncurses"
 
 
 SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
 
            file://run-ptest \
 
+           file://CVE-2024-32487.patch \
 
            "
 
 
 SRC_URI[sha256sum] = "2911b5432c836fa084c8a2e68f6cd6312372c026a58faaa98862731c8b6052e8"