* Colin Watson <cjwat...@debian.org>, 2022-10-18 00:12:
https://gitlab.com/cjwatson/man-db/-/commit/09304c00a4a3dea95da5d1f0aa1ad4c20c292f3b
Unfortunately this isn't quite right.
The fix broke prompts for man pages that had special characters in their
titles. For example, for apt.conf.5 the prompt looks like this:
Manual page aptconf(5) line 1 ...
It seems you're supposed to do two rounds of escaping: one for the
prompt parser (question mark, colon, period, percent, and backslash) and
another for the generic option parser (dollar and backslash AGAIN).
Another problems is that the user's existing $LESS variable may rely on
--use-backslash not being set. I thought you could disable it with
-+--use-backslash, but apparently then there's no way to re-enable it:
$ LESS='-Psfoo\\\\bar' less -f /dev/null
foo\\bar
$ LESS='--use-backslash -Psfoo\\\\bar' less -f /dev/null
foo\bar
$ LESS='--use-backslash -+--use-backslash -Psfoo\\\\bar' less -f /dev/null #
so far so good...
foo\\bar
$ LESS='--use-backslash -+--use-backslash --use-backslash -Psfoo\\\\bar' less
-f /dev/null # huh?
foo\\bar
All in all, I think --use-backslash is not worth the trouble. Maybe just
replace dollars with something harmless (say, question marks)? I doubt
there are any non-nefarious use cases for dollars man page titles.
I think this is a niche enough case that I don't plan to put work into
getting a CVE allocated, backporting fixes, etc.
Good call.
--
Jakub Wilk
