首页 发现 帮助
登录
PUBLIC_REPOS
/
buildroot
镜像自地址 git://git.buildroot.net/buildroot
2
1
派生 0
文件
浏览代码

package/less: fix CVE-2022-46663

In GNU Less before 609, crafted data can result in "less -R" not
filtering ANSI escape sequences sent to the terminal.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine 2 年之前
父节点
bd351c4e93
当前提交
924ca9414f
共有 2 个文件被更改,包括 30 次插入0 次删除
分列视图 显示文件统计
  1. 27 0
      package/less/0001-End-OSC8-hyperlink-on-invalid-embedded-escape-sequence.patch
  2. 3 0
      package/less/less.mk

+ 27 - 0
package/less/0001-End-OSC8-hyperlink-on-invalid-embedded-escape-sequence.patch
查看文件 

@@ -0,0 +1,27 @@
 
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
 
+From: Mark Nudelman <markn@greenwoodsoftware.com>
 
+Date: Fri, 7 Oct 2022 19:25:46 -0700
 
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
 
+
 
+[Retrieved from:
 
+https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c]
 
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
+---
 
+ line.c | 4 ++--
 
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
+
 
+diff --git a/line.c b/line.c
 
+index 236c49ae..cba7bdd1 100644
 
+--- a/line.c
 
++++ b/line.c
 
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
 
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
 
+ 		if (ch == '\7')
 
+ 			return ANSI_END;
 
+-		if (pansi->prev_esc && ch == '\\')
 
+-			return ANSI_END;
 
++		if (pansi->prev_esc)
 
++            return (ch == '\\') ? ANSI_END : ANSI_ERR;
 
+ 		pansi->prev_esc = (ch == ESC);
 
+ 		return ANSI_MID;
 
+ 	}

+ 3 - 0
package/less/less.mk
查看文件 

@@ -11,6 +11,9 @@ LESS_LICENSE_FILES = COPYING
 
 LESS_CPE_ID_VENDOR = gnu
 
 LESS_DEPENDENCIES = ncurses
 
 
+# 0001-End-OSC8-hyperlink-on-invalid-embedded-escape-sequence.patch
 
+LESS_IGNORE_CVES += CVE-2022-46663
 
+
 
 define LESS_INSTALL_TARGET_CMDS
 
 	$(INSTALL) -m 0755 $(@D)/less $(TARGET_DIR)/usr/bin/less
 
 endef