From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DD2C615800F for ; Thu, 9 Feb 2023 03:54:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C6C26E07B2; Thu, 9 Feb 2023 03:54:51 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AB013E07B2 for ; Thu, 9 Feb 2023 03:54:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 72C60340940 for ; Thu, 9 Feb 2023 03:54:50 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B2F14807 for ; Thu, 9 Feb 2023 03:54:48 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1675914849.91641abac0747b8c2b701acb7acfc6d7e3f82c37.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/less/files/, sys-apps/less/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/less/files/less-608-CVE-2022-46663.patch sys-apps/less/less-608-r2.ebuild X-VCS-Directories: sys-apps/less/ sys-apps/less/files/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 91641abac0747b8c2b701acb7acfc6d7e3f82c37 X-VCS-Branch: master Date: Thu, 9 Feb 2023 03:54:48 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 522e2ae2-1f09-4336-9dd9-3badd1a562dc X-Archives-Hash: 73186e0b9789049c2eb5df647f31cf1d commit: 91641abac0747b8c2b701acb7acfc6d7e3f82c37 Author: Sam James gentoo org> AuthorDate: Thu Feb 9 03:45:58 2023 +0000 Commit: Sam James gentoo org> CommitDate: Thu Feb 9 03:54:09 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91641aba sys-apps/less: patch CVE-2022-46663 Bug: https://bugs.gentoo.org/893530 Signed-off-by: Sam James gentoo.org> sys-apps/less/files/less-608-CVE-2022-46663.patch | 22 +++++++++ sys-apps/less/less-608-r2.ebuild | 60 +++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/sys-apps/less/files/less-608-CVE-2022-46663.patch b/sys-apps/less/files/less-608-CVE-2022-46663.patch new file mode 100644 index 000000000000..a358dd6f1a77 --- /dev/null +++ b/sys-apps/less/files/less-608-CVE-2022-46663.patch @@ -0,0 +1,22 @@ +https://bugs.gentoo.org/893530 +https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c + +From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001 +From: Mark Nudelman +Date: Fri, 7 Oct 2022 19:25:46 -0700 +Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence. + +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } + diff --git a/sys-apps/less/less-608-r2.ebuild b/sys-apps/less/less-608-r2.ebuild new file mode 100644 index 000000000000..29f94fcfdae4 --- /dev/null +++ b/sys-apps/less/less-608-r2.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +WANT_AUTOMAKE=none +WANT_LIBTOOL=none +inherit autotools + +DESCRIPTION="Excellent text file viewer" +HOMEPAGE="http://www.greenwoodsoftware.com/less/" +SRC_URI="http://www.greenwoodsoftware.com/less/${P}.tar.gz" + +LICENSE="|| ( GPL-3 BSD-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="pcre unicode" + +DEPEND=">=app-misc/editor-wrapper-3 + >=sys-libs/ncurses-5.2:0= + pcre? ( dev-libs/libpcre2 )" +RDEPEND="${DEPEND}" + +src_prepare() { + local PATCHES=( + "${FILESDIR}/less-608-procfs.patch" + "${FILESDIR}/less-608-CVE-2022-46663.patch" + ) + + default + # Upstream uses unpatched autoconf-2.69, which breaks with clang-16. + # https://bugs.gentoo.org/870412 + eautoreconf +} + +src_configure() { + export ac_cv_lib_ncursesw_initscr=$(usex unicode) + export ac_cv_lib_ncurses_initscr=$(usex !unicode) + local myeconfargs=( + --with-regex=$(usex pcre pcre2 posix) + --with-editor="${EPREFIX}"/usr/libexec/editor + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default + + newbin "${FILESDIR}"/lesspipe-r1.sh lesspipe + newenvd "${FILESDIR}"/less.envd 70less +} + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-483-r1" ; then + elog "The lesspipe.sh symlink has been dropped. If you are still setting" + elog "LESSOPEN to that, you will need to update it to '|lesspipe %s'." + elog "Colorization support has been dropped. If you want that, check out" + elog "the new app-text/lesspipe package." + fi +}