开源软件构建与测试

_service:tar_scm:less.spec Changed

@@ -1,6 +1,6 @@
 Name:		less
 Version:	633
-Release:        2
+Release:        4
 Summary:	Less is a pager that displays text files.
 License:	GPLv3+ or BSD
 URL:		http://www.greenwoodsoftware.com/less
@@ -10,6 +10,10 @@
 Patch2:         backport-Some-constifying.patch
 Patch3:         backport-Implement-osc8_open.patch
 Patch4:         backport-CVE-2024-32487.patch
+Patch5:         backport-Don-t-return-READ_AGAIN-from-iread-if-no-data-has-ye.patch
+Patch6:         backport-Fix-for-previous-fix.patch
+Patch7:         backport-Avoid-stealing-data-from-an-input-program-that-uses-.patch
+Patch8:         backport-Do-not-assume-PATH_MAX-is-defined.patch
 
 BuildRequires:	gcc make ncurses-devel autoconf automake libtool
 
@@ -48,6 +52,12 @@
 %{_mandir}/man1/*
 
 %changelog
+* Fri May 10 2024 baiguo <baiguo@kylinos.cn> - 633-4
+- Do not assume PATH_MAX is defined 
+
+* Mon Apr 29 2024 huyubiao <huyubiao@huawei.com> - 633-3
+- fix problem when a program piping into less reads from the tty, like sudo asking for password
+
 * Mon Apr 22 2024 wangjiang <wangjiang37@h-partners.com> - 633-2
 - fix CVE-2024-32487

_service:tar_scm:backport-Avoid-stealing-data-from-an-input-program-that-uses-.patch Added

@@ -0,0 +1,35 @@
+From c8df315c742fc470e766244ce8efe305a98d720a Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sun, 28 May 2023 15:28:42 -0700
+Subject: PATCH Avoid stealing data from an input program that uses the tty
+ at startup, like sudo.
+
+---
+ os.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/os.c b/os.c
+index af95834..7206277 100644
+--- a/os.c
++++ b/os.c
+@@ -114,6 +114,8 @@ static int check_poll(int fd, int tty)
+ {
+ 	struct pollfd poller2 = { { fd, POLLIN, 0 }, { tty, POLLIN, 0 } };
+ 	int timeout = (waiting_for_data && !(scanning_eof && follow_mode == FOLLOW_NAME)) ? -1 : waiting_for_data_delay;
++	if (!any_data)
++		return (0);
+ 	poll(poller, 2, timeout);
+ #if LESSTEST
+ 	if (ttyin_name == NULL) /* Check for ^X only on a real tty. */
+@@ -136,7 +138,7 @@ static int check_poll(int fd, int tty)
+ 	 * to allow a program piping data into less to have temporary
+ 	 * access to the tty (like sudo asking for a password).
+ 	 */
+-	if (any_data && (poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0)
++	if ((poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0)
+ 		/* No data available; let caller take action, then try again. */
+ 		return (READ_AGAIN);
+ 	/* There is data (or HUP/ERR) available. Safe to call read() without blocking. */
+-- 
+2.33.0
+

_service:tar_scm:backport-Do-not-assume-PATH_MAX-is-defined.patch Added

@@ -0,0 +1,41 @@
+From eea6fbc196872eeca6f02fcfba298f3e1bb62880 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Thu, 11 Jan 2024 02:18:07 +0100
+Subject: PATCH Do not assume PATH_MAX is defined
+
+---
+ filename.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/filename.c b/filename.c
+index f910aa5..c6bc49e 100644
+--- a/filename.c
++++ b/filename.c
+@@ -812,9 +812,24 @@ public char * lrealpath(char *path)
+ 	if (!is_fake_pathname(path))
+ 	{
+ #if HAVE_REALPATH
++		/*
++		 * Not all systems support the POSIX.1-2008 realpath() behavior
++		 * of allocating when passing a NULL argument. And PATH_MAX is
++		 * not required to be defined, or might contain an exceedingly
++		 * big value. We assume that if it is not defined (such as on
++		 * GNU/Hurd), then realpath() accepts NULL.
++		 */
++#ifndef PATH_MAX
++		char *rpath;
++
++		rpath = realpath(path, NULL);
++		if (rpath != NULL)
++			return (rpath);
++#else
+ 		char rpathPATH_MAX;
+ 		if (realpath(path, rpath) != NULL)
+ 			return (save(rpath));
++#endif
+ #endif
+ 	}
+ 	return (save(path));
+-- 
+2.27.0
+

_service:tar_scm:backport-Don-t-return-READ_AGAIN-from-iread-if-no-data-has-ye.patch Added

@@ -0,0 +1,49 @@
+From 5e93b7b4f99c3cdda3ab38d19fbf20b17f2536f7 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Sat, 27 May 2023 18:56:08 -0700
+Subject: PATCH Don't return READ_AGAIN from iread if no data has yet been
+ received, to allow a program piping data into less to have temporary access
+ to the tty (like sudo asking for a password).
+
+---
+ os.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/os.c b/os.c
+index 56e3bf3..7f2d692 100644
+--- a/os.c
++++ b/os.c
+@@ -72,6 +72,7 @@ public int consecutive_nulls = 0;
+ /* Milliseconds to wait for data before displaying "waiting for data" message. */
+ static int waiting_for_data_delay = 4000;
+ static jmp_buf read_label;
++static int any_data = FALSE;
+ 
+ extern int sigs;
+ extern int ignore_eoi;
+@@ -130,7 +131,12 @@ static int check_poll(int fd, int tty)
+ 	if (ignore_eoi && exit_F_on_close && (poller0.revents & (POLLHUP|POLLIN)) == POLLHUP)
+ 		/* Break out of F loop on HUP due to --exit-follow-on-close. */
+ 		return (READ_INTR);
+-	if ((poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0)
++	/*
++	 * Don't return READ_AGAIN if no data has yet been received,
++	 * to allow a program piping data into less to have temporary
++	 * access to the tty (like sudo asking for a password).
++	 */
++	if (any_data && (poller0.revents & (POLLIN|POLLHUP|POLLERR)) == 0)
+ 		/* No data available; let caller take action, then try again. */
+ 		return (READ_AGAIN);
+ 	/* There is data (or HUP/ERR) available. Safe to call read() without blocking. */
+@@ -282,6 +288,8 @@ start:
+ #endif
+ 		return (READ_ERR);
+ 	}
++	if (n > 0)
++		any_data = TRUE;
+ 	return (n);
+ }
+ 
+-- 
+2.33.0
+

_service:tar_scm:backport-Fix-for-previous-fix.patch Added

Changes of Revision 10