Version in base suite: 551-2 Base version: less_551-2 Target version: less_551-2+deb11u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/l/less/less_551-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/l/less/less_551-2+deb11u2.dsc changelog | 20 ++ patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch | 67 +++++++ patches/Fix-incorrect-display-when-filename-contains-control.patch | 86 ++++++++++ patches/Shell-quote-filenames-when-invoking-LESSCLOSE.patch | 43 +++++ patches/series | 3 5 files changed, 219 insertions(+) diff -Nru less-551/debian/changelog less-551/debian/changelog --- less-551/debian/changelog 2020-07-05 23:36:33.000000000 +0000 +++ less-551/debian/changelog 2024-05-02 18:29:26.000000000 +0000 @@ -1,3 +1,23 @@ +less (551-2+deb11u2) bullseye-security; urgency=high + + * Non-maintainer upload by the Security Team. + + [ Milan Kupcevic ] + * Fix incorrect display when filename contains control chars + (Closes: #1069681) + + -- Salvatore Bonaccorso Thu, 02 May 2024 20:29:26 +0200 + +less (551-2+deb11u1) bullseye-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624) + (Closes: #1064293) + * Fix bug when viewing a file whose name contains a newline (CVE-2024-32487) + (Closes: #1068938) + + -- Salvatore Bonaccorso Fri, 19 Apr 2024 21:37:35 +0200 + less (551-2) sid; urgency=medium * remove /bin/less pager alternative before upgrade diff -Nru less-551/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch less-551/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch --- less-551/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch 1970-01-01 00:00:00.000000000 +0000 +++ less-551/debian/patches/Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch 2024-05-02 18:29:26.000000000 +0000 @@ -0,0 +1,67 @@ +From: Mark Nudelman +Date: Thu, 11 Apr 2024 17:49:48 -0700 +Subject: Fix bug when viewing a file whose name contains a newline. +Origin: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 +Bug-Debian: https://bugs.debian.org/1068938 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-32487 + +--- + filename.c | 31 +++++++++++++++++++++++++------ + 1 file changed, 25 insertions(+), 6 deletions(-) + +--- a/filename.c ++++ b/filename.c +@@ -136,6 +136,15 @@ metachar(c) + } + + /* ++ * Must use quotes rather than escape char for this metachar? ++ */ ++static int must_quote(char c) ++{ ++ /* {{ Maybe the set of must_quote chars should be configurable? }} */ ++ return (c == '\n'); ++} ++ ++/* + * Insert a backslash before each metacharacter in a string. + */ + public char * +@@ -168,6 +177,9 @@ shell_quote(s) + * doesn't support escape chars. Use quotes. + */ + use_quotes = 1; ++ } else if (must_quote(*p)) ++ { ++ len += 3; /* open quote + char + close quote */ + } else + { + /* +@@ -197,15 +209,22 @@ shell_quote(s) + { + while (*s != '\0') + { +- if (metachar(*s)) ++ if (!metachar(*s)) + { +- /* +- * Add the escape char. +- */ ++ *p++ = *s++; ++ } else if (must_quote(*s)) ++ { ++ /* Surround the char with quotes. */ ++ *p++ = openquote; ++ *p++ = *s++; ++ *p++ = closequote; ++ } else ++ { ++ /* Insert an escape char before the char. */ + strcpy(p, esc); + p += esclen; ++ *p++ = *s++; + } +- *p++ = *s++; + } + *p = '\0'; + } diff -Nru less-551/debian/patches/Fix-incorrect-display-when-filename-contains-control.patch less-551/debian/patches/Fix-incorrect-display-when-filename-contains-control.patch --- less-551/debian/patches/Fix-incorrect-display-when-filename-contains-control.patch 1970-01-01 00:00:00.000000000 +0000 +++ less-551/debian/patches/Fix-incorrect-display-when-filename-contains-control.patch 2024-05-02 18:29:26.000000000 +0000 @@ -0,0 +1,86 @@ +From: Mark Nudelman +Date: Tue, 23 Apr 2024 10:54:50 -0700 +Subject: Fix incorrect display when filename contains control chars. Such + chars should not be printed directly to the screen, but instead passed + through prchar() or prutfchar(). +Origin: https://github.com/gwsw/less/commit/2a642a07d86f7f9484db18cd748bc521e71c997f +Bug-Debian: https://bugs.debian.org/1069681 + +--- + output.c | 12 ++++++++++-- + prompt.c | 17 ++++++++++++----- + 2 files changed, 22 insertions(+), 7 deletions(-) + +--- a/output.c ++++ b/output.c +@@ -32,6 +32,7 @@ extern int screen_trashed; + extern int any_display; + extern int is_tty; + extern int oldbot; ++extern int utf_mode; + + #if MSDOS_COMPILER==WIN32C || MSDOS_COMPILER==BORLANDC || MSDOS_COMPILER==DJGPPC + extern int ctldisp; +@@ -541,6 +542,7 @@ less_printf(fmt, parg) + PARG *parg; + { + char *s; ++ char *es; + int col; + + col = 0; +@@ -557,11 +559,17 @@ less_printf(fmt, parg) + { + case 's': + s = parg->p_string; ++ es = s + strlen(s); + parg++; + while (*s != '\0') + { +- putchr(*s++); +- col++; ++ LWCHAR ch = step_char(&s, +1, es); ++ constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); ++ while (*ps != '\0') ++ { ++ putchr(*ps++); ++ col++; ++ } + } + break; + case 'd': +--- a/prompt.c ++++ b/prompt.c +@@ -29,6 +29,7 @@ extern int hshift; + extern int sc_height; + extern int jump_sline; + extern int less_is_more; ++extern int utf_mode; + extern IFILE curr_ifile; + #if EDITOR + extern char *editor; +@@ -83,13 +84,17 @@ init_prompt(VOID_PARAM) + ap_str(s) + char *s; + { +- int len; +- +- len = (int) strlen(s); +- if (mp + len >= message + PROMPT_SIZE) +- len = (int) (message + PROMPT_SIZE - mp - 1); +- strncpy(mp, s, len); +- mp += len; ++ char *es = s + strlen(s); ++ while (*s != '\0') ++ { ++ LWCHAR ch = step_char(&s, +1, es); ++ constant char *ps = utf_mode ? prutfchar(ch) : prchar(ch); ++ size_t plen = strlen(ps); ++ if (mp + plen >= message + PROMPT_SIZE) ++ break; ++ strcpy(mp, ps); ++ mp += plen; ++ } + *mp = '\0'; + } + diff -Nru less-551/debian/patches/Shell-quote-filenames-when-invoking-LESSCLOSE.patch less-551/debian/patches/Shell-quote-filenames-when-invoking-LESSCLOSE.patch --- less-551/debian/patches/Shell-quote-filenames-when-invoking-LESSCLOSE.patch 1970-01-01 00:00:00.000000000 +0000 +++ less-551/debian/patches/Shell-quote-filenames-when-invoking-LESSCLOSE.patch 2024-05-02 18:29:26.000000000 +0000 @@ -0,0 +1,43 @@ +From: Mark Nudelman +Date: Sat, 25 Jun 2022 11:54:43 -0700 +Subject: Shell-quote filenames when invoking LESSCLOSE. +Origin: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 +Bug-Debian: https://bugs.debian.org/1064293 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-48624 + +--- + filename.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/filename.c b/filename.c +index 5824e385dce4..dff20c08d81c 100644 +--- a/filename.c ++++ b/filename.c +@@ -972,6 +972,8 @@ close_altfile(altfilename, filename) + { + #if HAVE_POPEN + char *lessclose; ++ char *qfilename; ++ char *qaltfilename; + FILE *fd; + char *cmd; + int len; +@@ -986,9 +988,13 @@ close_altfile(altfilename, filename) + error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG); + return; + } +- len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2); ++ qfilename = shell_quote(filename); ++ qaltfilename = shell_quote(altfilename); ++ len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2); + cmd = (char *) ecalloc(len, sizeof(char)); +- SNPRINTF2(cmd, len, lessclose, filename, altfilename); ++ SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename); ++ free(qaltfilename); ++ free(qfilename); + fd = shellcmd(cmd); + free(cmd); + if (fd != NULL) +-- +2.43.0 + diff -Nru less-551/debian/patches/series less-551/debian/patches/series --- less-551/debian/patches/series 2019-09-10 19:38:16.000000000 +0000 +++ less-551/debian/patches/series 2024-05-02 18:29:26.000000000 +0000 @@ -1,2 +1,5 @@ less-is-more-434417.patch 02-655926-more_can_go_backwards.patch +Shell-quote-filenames-when-invoking-LESSCLOSE.patch +Fix-bug-when-viewing-a-file-whose-name-contains-a-ne.patch +Fix-incorrect-display-when-filename-contains-control.patch