[langdale,01/28] less: backport the fix for CVE-2022-46663

Message ID	78c44993a190a706a775e70fa59fd4664b20c9cb.1677430770.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.53, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][langdale 01/28] less: backport the fix for CVE-2022-46663 Date: Sun, 26 Feb 2023 07:01:57 -1000 Message-Id: <78c44993a190a706a775e70fa59fd4664b20c9cb.1677430770.git.steve@sakoman.com> In-Reply-To: <cover.1677430770.git.steve@sakoman.com> References: <cover.1677430770.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[langdale,01/28] less: backport the fix for CVE-2022-46663 \| expand [langdale,01/28] less: backport the fix for CVE-2022-46663 [langdale,02/28] xserver-xorg: 21.1.6 -> 21.1.7 [langdale,03/28] vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs [langdale,04/28] libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1 [langdale,05/28] xwayland: upgrade 22.1.7 -> 22.1.8 [langdale,06/28] dbus: upgrade 1.14.4 -> 1.14.6 [langdale,07/28] openssl: Upgrade 3.0.7 -> 3.0.8 [langdale,08/28] linux-firmware: properly set license for all Qualcomm firmware [langdale,09/28] linux-firmware: add yamato fw files to qcom-adreno-a2xx package [langdale,10/28] linux-firmware: upgrade 20230117 -> 20230210 [langdale,11/28] wireless-regdb: upgrade 2022.08.12 -> 2023.02.13 [langdale,12/28] classes/populate_sdk_base: Append cleandirs [langdale,13/28] curl: fix dependencies when building with ldap/ldaps [langdale,14/28] wic: Fix usage of fstype=none in wic [langdale,15/28] bblayers/setupwriters/oe-setup-layers: create dir if not exists [langdale,16/28] bblayers/makesetup: skip git repos that are submodules [langdale,17/28] busybox: Fix depmod patch [langdale,18/28] sstatesig: Improve output hash calculation [langdale,19/28] dhcpcd: fix dhcpcd start failure on qemuppc64 [langdale,20/28] lttng-modules: fix for kernel 6.2+ [langdale,21/28] libssh2: Clean up ptest patch/coverage [langdale,22/28] oeqa/selftest/resulttooltests: fix minor typo [langdale,23/28] lib/buildstats: handle tasks that never finished [langdale,24/28] cml1: remove redundant addtask [langdale,25/28] kernel-yocto: fix kernel-meta data detection [langdale,26/28] libseccomp: fix for the ptest result format [langdale,27/28] oeqa ssh.py: fix hangs in run() [langdale,28/28] runqemu: kill qemu if it hangs

Message ID

78c44993a190a706a775e70fa59fd4664b20c9cb.1677430770.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 01/28] less: backport the fix for CVE-2022-46663
Date: Sun, 26 Feb 2023 07:01:57 -1000
Message-Id: 
 <78c44993a190a706a775e70fa59fd4664b20c9cb.1677430770.git.steve@sakoman.com>
In-Reply-To: <cover.1677430770.git.steve@sakoman.com>
References: <cover.1677430770.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[langdale,01/28] less: backport the fix for CVE-2022-46663 | expand

Commit Message

Steve Sakoman Feb. 26, 2023, 5:01 p.m. UTC

From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 56d31067a34bc1942c7eb4940a41ecfc81110e58)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../less/files/CVE-2022-46663.patch           | 28 +++++++++++++++++++
 meta/recipes-extended/less/less_608.bb        |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-extended/less/files/CVE-2022-46663.patch

diff --git a/meta/recipes-extended/less/files/CVE-2022-46663.patch b/meta/recipes-extended/less/files/CVE-2022-46663.patch
new file mode 100644
index 0000000000..20f9d89ed8
--- /dev/null
+++ b/meta/recipes-extended/less/files/CVE-2022-46663.patch
@@ -0,0 +1,28 @@ 
+CVE: CVE-2022-46663
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a78e1351113cef564d790a730d657a321624d79c Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: [PATCH] End OSC8 hyperlink on invalid embedded escape sequence.
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49ae..cba7bdd1 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++            return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
diff --git a/meta/recipes-extended/less/less_608.bb b/meta/recipes-extended/less/less_608.bb
index f411a8fb53..f907a8159c 100644
--- a/meta/recipes-extended/less/less_608.bb
+++ b/meta/recipes-extended/less/less_608.bb
@@ -26,6 +26,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \
 DEPENDS = "ncurses"
 
 SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+           file://CVE-2022-46663.patch \
 	  "
 
 SRC_URI[sha256sum] = "a69abe2e0a126777e021d3b73aa3222e1b261f10e64624d41ec079685a6ac209"

[langdale,01/28] less: backport the fix for CVE-2022-46663

Commit Message

Patch