Projects
openEuler:24.03
less
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 10
View file
_service:tar_scm:less.spec
Changed
@@ -1,6 +1,6 @@ Name: less Version: 633 -Release: 2 +Release: 4 Summary: Less is a pager that displays text files. License: GPLv3+ or BSD URL: http://www.greenwoodsoftware.com/less @@ -10,6 +10,10 @@ Patch2: backport-Some-constifying.patch Patch3: backport-Implement-osc8_open.patch Patch4: backport-CVE-2024-32487.patch +Patch5: backport-Don-t-return-READ_AGAIN-from-iread-if-no-data-has-ye.patch +Patch6: backport-Fix-for-previous-fix.patch +Patch7: backport-Avoid-stealing-data-from-an-input-program-that-uses-.patch +Patch8: backport-Do-not-assume-PATH_MAX-is-defined.patch BuildRequires: gcc make ncurses-devel autoconf automake libtool @@ -48,6 +52,12 @@ %{_mandir}/man1/* %changelog +* Fri May 10 2024 baiguo <baiguo@kylinos.cn> - 633-4 +- Do not assume PATH_MAX is defined + +* Mon Apr 29 2024 huyubiao <huyubiao@huawei.com> - 633-3 +- fix problem when a program piping into less reads from the tty, like sudo asking for password + * Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 633-2 - fix CVE-2024-32487
View file
_service:tar_scm:backport-Avoid-stealing-data-from-an-input-program-that-uses-.patch
Added
@@ -0,0 +1,35 @@ +From c8df315c742fc470e766244ce8efe305a98d720a Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Sun, 28 May 2023 15:28:42 -0700 +Subject: PATCH Avoid stealing data from an input program that uses the tty + at startup, like sudo. + +--- + os.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/os.c b/os.c +index af95834..7206277 100644 +--- a/os.c ++++ b/os.c +@@ -114,6 +114,8 @@ static int check_poll(int fd, int tty) + { + struct pollfd poller2 = { { fd, POLLIN, 0 }, { tty, POLLIN, 0 } }; + int timeout = (waiting_for_data && !(scanning_eof && follow_mode == FOLLOW_NAME)) ? -1 : waiting_for_data_delay; ++ if (!any_data) ++ return (0); + poll(poller, 2, timeout); + #if LESSTEST + if (ttyin_name == NULL) /* Check for ^X only on a real tty. */ +@@ -136,7 +138,7 @@ static int check_poll(int fd, int tty) + * to allow a program piping data into less to have temporary + * access to the tty (like sudo asking for a password). + */ +- if (any_data && (poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0) ++ if ((poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0) + /* No data available; let caller take action, then try again. */ + return (READ_AGAIN); + /* There is data (or HUP/ERR) available. Safe to call read() without blocking. */ +-- +2.33.0 +
View file
_service:tar_scm:backport-Do-not-assume-PATH_MAX-is-defined.patch
Added
@@ -0,0 +1,41 @@ +From eea6fbc196872eeca6f02fcfba298f3e1bb62880 Mon Sep 17 00:00:00 2001 +From: Guillem Jover <guillem@hadrons.org> +Date: Thu, 11 Jan 2024 02:18:07 +0100 +Subject: PATCH Do not assume PATH_MAX is defined + +--- + filename.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/filename.c b/filename.c +index f910aa5..c6bc49e 100644 +--- a/filename.c ++++ b/filename.c +@@ -812,9 +812,24 @@ public char * lrealpath(char *path) + if (!is_fake_pathname(path)) + { + #if HAVE_REALPATH ++ /* ++ * Not all systems support the POSIX.1-2008 realpath() behavior ++ * of allocating when passing a NULL argument. And PATH_MAX is ++ * not required to be defined, or might contain an exceedingly ++ * big value. We assume that if it is not defined (such as on ++ * GNU/Hurd), then realpath() accepts NULL. ++ */ ++#ifndef PATH_MAX ++ char *rpath; ++ ++ rpath = realpath(path, NULL); ++ if (rpath != NULL) ++ return (rpath); ++#else + char rpathPATH_MAX; + if (realpath(path, rpath) != NULL) + return (save(rpath)); ++#endif + #endif + } + return (save(path)); +-- +2.27.0 +
View file
_service:tar_scm:backport-Don-t-return-READ_AGAIN-from-iread-if-no-data-has-ye.patch
Added
@@ -0,0 +1,49 @@ +From 5e93b7b4f99c3cdda3ab38d19fbf20b17f2536f7 Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Sat, 27 May 2023 18:56:08 -0700 +Subject: PATCH Don't return READ_AGAIN from iread if no data has yet been + received, to allow a program piping data into less to have temporary access + to the tty (like sudo asking for a password). + +--- + os.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/os.c b/os.c +index 56e3bf3..7f2d692 100644 +--- a/os.c ++++ b/os.c +@@ -72,6 +72,7 @@ public int consecutive_nulls = 0; + /* Milliseconds to wait for data before displaying "waiting for data" message. */ + static int waiting_for_data_delay = 4000; + static jmp_buf read_label; ++static int any_data = FALSE; + + extern int sigs; + extern int ignore_eoi; +@@ -130,7 +131,12 @@ static int check_poll(int fd, int tty) + if (ignore_eoi && exit_F_on_close && (poller0.revents & (POLLHUP|POLLIN)) == POLLHUP) + /* Break out of F loop on HUP due to --exit-follow-on-close. */ + return (READ_INTR); +- if ((poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0) ++ /* ++ * Don't return READ_AGAIN if no data has yet been received, ++ * to allow a program piping data into less to have temporary ++ * access to the tty (like sudo asking for a password). ++ */ ++ if (any_data && (poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0) + /* No data available; let caller take action, then try again. */ + return (READ_AGAIN); + /* There is data (or HUP/ERR) available. Safe to call read() without blocking. */ +@@ -282,6 +288,8 @@ start: + #endif + return (READ_ERR); + } ++ if (n > 0) ++ any_data = TRUE; + return (n); + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-for-previous-fix.patch
Added
@@ -0,0 +1,25 @@ +From fd2a746b7c967c9f8d3739daf6701f8d3267442f Mon Sep 17 00:00:00 2001 +From: Mark Nudelman <markn@greenwoodsoftware.com> +Date: Sun, 28 May 2023 12:07:31 -0700 +Subject: PATCH Fix for previous fix. + +--- + os.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/os.c b/os.c +index 7f2d692..af95834 100644 +--- a/os.c ++++ b/os.c +@@ -288,7 +288,7 @@ start: + #endif + return (READ_ERR); + } +- if (n > 0) ++ if (fd != tty && n > 0) + any_data = TRUE; + return (n); + } +-- +2.33.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2