* [kirkstone][PATCH] less: backport the fix for CVE-2022-46663
@ 2023-03-01 5:02 Hitendra Prajapati
0 siblings, 0 replies; only message in thread
From: Hitendra Prajapati @ 2023-03-01 5:02 UTC (permalink / raw)
To: openembedded-core; +Cc: Hitendra Prajapati
Upstream-Status: Backport from https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
.../less/less/CVE-2022-46663.patch | 31 +++++++++++++++++++
meta/recipes-extended/less/less_600.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-extended/less/less/CVE-2022-46663.patch
diff --git a/meta/recipes-extended/less/less/CVE-2022-46663.patch b/meta/recipes-extended/less/less/CVE-2022-46663.patch
new file mode 100644
index 0000000000..4d61a52fa6
--- /dev/null
+++ b/meta/recipes-extended/less/less/CVE-2022-46663.patch
@@ -0,0 +1,31 @@
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+
+CVE: CVE-2022-46663
+Upstream-Status: Backport [https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 0ef9b07..9d49cf8 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ /* Hyperlink ends with \7 or ESC-backslash. */
+ if (ch == '\7')
+ return ANSI_END;
+- if (pansi->prev_esc && ch == '\\')
+- return ANSI_END;
++ if (pansi->prev_esc)
++ return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ pansi->prev_esc = (ch == ESC);
+ return ANSI_MID;
+ }
+--
+2.25.1
+
diff --git a/meta/recipes-extended/less/less_600.bb b/meta/recipes-extended/less/less_600.bb
index 9ebe39daab..f68281ac93 100644
--- a/meta/recipes-extended/less/less_600.bb
+++ b/meta/recipes-extended/less/less_600.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
DEPENDS = "ncurses"
SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+ file://CVE-2022-46663.patch \
"
SRC_URI[sha256sum] = "6633d6aa2b3cc717afb2c205778c7c42c4620f63b1d682f3d12c98af0be74d20"
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2023-03-01 5:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-01 5:02 [kirkstone][PATCH] less: backport the fix for CVE-2022-46663 Hitendra Prajapati
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.