[gentoo-commits] repo/gentoo:master commit in: sys-apps/less/files/, sys-apps/less/

["Sam James" <sam@gentoo.org>]

commit:     91641abac0747b8c2b701acb7acfc6d7e3f82c37
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  9 03:45:58 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb  9 03:54:09 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91641aba

sys-apps/less: patch CVE-2022-46663

Bug: https://bugs.gentoo.org/893530
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/less/files/less-608-CVE-2022-46663.patch | 22 +++++++++
 sys-apps/less/less-608-r2.ebuild                  | 60 +++++++++++++++++++++++
 2 files changed, 82 insertions(+)

diff --git a/sys-apps/less/files/less-608-CVE-2022-46663.patch b/sys-apps/less/files/less-608-CVE-2022-46663.patch
new file mode 100644
index 000000000000..a358dd6f1a77
--- /dev/null
+++ b/sys-apps/less/files/less-608-CVE-2022-46663.patch
@@ -0,0 +1,22 @@
+https://bugs.gentoo.org/893530
+https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
+
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++            return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+

diff --git a/sys-apps/less/less-608-r2.ebuild b/sys-apps/less/less-608-r2.ebuild
new file mode 100644
index 000000000000..29f94fcfdae4
--- /dev/null
+++ b/sys-apps/less/less-608-r2.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+WANT_AUTOMAKE=none
+WANT_LIBTOOL=none
+inherit autotools
+
+DESCRIPTION="Excellent text file viewer"
+HOMEPAGE="http://www.greenwoodsoftware.com/less/"
+SRC_URI="http://www.greenwoodsoftware.com/less/${P}.tar.gz"
+
+LICENSE="|| ( GPL-3 BSD-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="pcre unicode"
+
+DEPEND=">=app-misc/editor-wrapper-3
+	>=sys-libs/ncurses-5.2:0=
+	pcre? ( dev-libs/libpcre2 )"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/less-608-procfs.patch"
+		"${FILESDIR}/less-608-CVE-2022-46663.patch"
+	)
+
+	default
+	# Upstream uses unpatched autoconf-2.69, which breaks with clang-16.
+	# https://bugs.gentoo.org/870412
+	eautoreconf
+}
+
+src_configure() {
+	export ac_cv_lib_ncursesw_initscr=$(usex unicode)
+	export ac_cv_lib_ncurses_initscr=$(usex !unicode)
+	local myeconfargs=(
+		--with-regex=$(usex pcre pcre2 posix)
+		--with-editor="${EPREFIX}"/usr/libexec/editor
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	newbin "${FILESDIR}"/lesspipe-r1.sh lesspipe
+	newenvd "${FILESDIR}"/less.envd 70less
+}
+
+pkg_preinst() {
+	if has_version "<${CATEGORY}/${PN}-483-r1" ; then
+		elog "The lesspipe.sh symlink has been dropped.  If you are still setting"
+		elog "LESSOPEN to that, you will need to update it to '|lesspipe %s'."
+		elog "Colorization support has been dropped.  If you want that, check out"
+		elog "the new app-text/lesspipe package."
+	fi
+}