From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/less/files/, sys-apps/less/
Date: Sun, 14 Apr 2024 00:49:31 +0000 (UTC) [thread overview]
Message-ID: <1713055751.e9856cc39c2e0ee09e32358b23a120d855e4953c.sam@gentoo> (raw)
commit: e9856cc39c2e0ee09e32358b23a120d855e4953c
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 14 00:47:11 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Apr 14 00:49:11 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9856cc3
sys-apps/less: fix LESSOPEN escape vulnerability
Special thanks to the less upstream maintainer, Mark Nudelman, for providing
us with a backport to 643.
Bug: https://bugs.gentoo.org/929210
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/less/files/less-643-LESSOPEN-escape.patch | 61 ++++++++++++++
sys-apps/less/less-643-r2.ebuild | 97 ++++++++++++++++++++++
2 files changed, 158 insertions(+)
diff --git a/sys-apps/less/files/less-643-LESSOPEN-escape.patch b/sys-apps/less/files/less-643-LESSOPEN-escape.patch
new file mode 100644
index 000000000000..f3fe50fcfaa2
--- /dev/null
+++ b/sys-apps/less/files/less-643-LESSOPEN-escape.patch
@@ -0,0 +1,61 @@
+https://openwall.com/lists/oss-security/2024/04/12/5
+https://bugs.gentoo.org/929210
+https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
+
+Upstream provided this version via email as a backport to 643.
+--- a/filename.c
++++ b/filename.c
+@@ -134,6 +134,15 @@
+ }
+
+ /*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++ /* {{ Maybe the set of must_quote chars should be configurable? }} */
++ return (c == '\n');
++}
++
++/*
+ * Insert a backslash before each metacharacter in a string.
+ */
+ public char * shell_quote(char *s)
+@@ -164,6 +173,9 @@
+ * doesn't support escape chars. Use quotes.
+ */
+ use_quotes = 1;
++ } else if (must_quote(*p))
++ {
++ len += 3; /* open quote + char + close quote */
+ } else
+ {
+ /*
+@@ -193,15 +205,22 @@
+ {
+ while (*s != '\0')
+ {
+- if (metachar(*s))
++ if (!metachar(*s))
+ {
+- /*
+- * Add the escape char.
+- */
++ *p++ = *s++;
++ } else if (must_quote(*s))
++ {
++ /* Surround the char with quotes. */
++ *p++ = openquote;
++ *p++ = *s++;
++ *p++ = closequote;
++ } else
++ {
++ /* Insert an escape char before the char. */
+ strcpy(p, esc);
+ p += esclen;
++ *p++ = *s++;
+ }
+- *p++ = *s++;
+ }
+ *p = '\0';
+ }
diff --git a/sys-apps/less/less-643-r2.ebuild b/sys-apps/less/less-643-r2.ebuild
new file mode 100644
index 000000000000..a8159dc3fa9f
--- /dev/null
+++ b/sys-apps/less/less-643-r2.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Releases are usually first a beta then promoted to stable if no
+# issues were found. Upstream explicitly ask "to not generally distribute"
+# the beta versions. It's okay to keyword beta versions if they fix
+# a serious bug, but otherwise try to avoid it.
+
+WANT_AUTOMAKE=none
+WANT_LIBTOOL=none
+inherit autotools flag-o-matic optfeature toolchain-funcs
+
+DESCRIPTION="Excellent text file viewer"
+HOMEPAGE="https://www.greenwoodsoftware.com/less/"
+
+MY_PV=${PV/_beta/-beta}
+MY_P=${PN}-${MY_PV}
+
+if [[ ${PV} == 9999 ]]; then
+ EGIT_REPO_URI="https://github.com/gwsw/less"
+ inherit git-r3
+else
+ SRC_URI="https://www.greenwoodsoftware.com/less/${MY_P}.tar.gz"
+
+ if [[ ${PV} != *_beta* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+ fi
+fi
+
+S="${WORKDIR}"/${MY_P/?beta}
+
+LICENSE="|| ( GPL-3 BSD-2 )"
+SLOT="0"
+IUSE="pcre test"
+# chinese1, utf8-2
+RESTRICT="test !test? ( test )"
+
+DEPEND="
+ >=app-misc/editor-wrapper-3
+ >=sys-libs/ncurses-5.2:=
+ pcre? ( dev-libs/libpcre2 )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="test? ( virtual/pkgconfig )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-643-lesstest-pkg-config.patch
+ "${FILESDIR}"/${PN}-643-LESSOPEN-escape.patch
+)
+
+src_prepare() {
+ default
+ # Per upstream README to prepare live build
+ [[ ${PV} == 9999 ]] && emake -f Makefile.aut distfiles
+ # Upstream uses unpatched autoconf-2.69, which breaks with clang-16.
+ # https://bugs.gentoo.org/870412
+ eautoreconf
+}
+
+src_configure() {
+ append-lfs-flags # bug #896316
+
+ local myeconfargs=(
+ --with-regex=$(usex pcre pcre2 posix)
+ --with-editor="${EPREFIX}"/usr/libexec/editor
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ emake check VERBOSE=1 CC="$(tc-getCC)" PKG_CONFIG="$(tc-getPKG_CONFIG)"
+}
+
+src_install() {
+ default
+
+ keepdir /usr/lib/lessfilter.d
+ keepdir /etc/lessfilter.d
+
+ newbin "${FILESDIR}"/lesspipe-r3.sh lesspipe
+ newenvd "${FILESDIR}"/less.envd 70less
+}
+
+pkg_preinst() {
+ optfeature "Colorized output support" dev-python/pygments
+
+ if has_version "<${CATEGORY}/${PN}-483-r1" ; then
+ elog "The lesspipe.sh symlink has been dropped. If you are still setting"
+ elog "LESSOPEN to that, you will need to update it to '|lesspipe %s'."
+ fi
+
+ if has_version "<${CATEGORY}/${PN}-643" ; then
+ elog "less now colorizes by default. To disable this, set LESSCOLOR=no."
+ fi
+}
next reply other threads:[~2024-04-14 0:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-14 0:49 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-12-04 8:37 [gentoo-commits] repo/gentoo:master commit in: sys-apps/less/files/, sys-apps/less/ Sam James
2023-07-17 22:04 Sam James
2023-06-23 21:59 Sam James
2023-02-09 3:54 Sam James
2022-11-24 16:53 Mike Gilbert
2020-11-18 8:15 Lars Wendler
2019-02-16 19:11 Lars Wendler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1713055751.e9856cc39c2e0ee09e32358b23a120d855e4953c.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox