From 751c07b64b707bc1c60d035622d969dd5416486a Mon Sep 17 00:00:00 2001
From: xingxing <xingxing9@huawei.com>
Date: Tue, 22 Feb 2022 11:36:40 +0800
Subject: [PATCH] fix CVE-2022-24130

(cherry picked from commit 7842a22baaf93d74c1d371c660c51053d5d93137)
---
 backport-CVE-2022-24130.patch | 400 ++++++++++++++++++++++++++++++++++
 xterm.spec                    |   6 +-
 2 files changed, 405 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-24130.patch

diff --git a/backport-CVE-2022-24130.patch b/backport-CVE-2022-24130.patch
new file mode 100644
index 0000000..5cc4597
--- /dev/null
+++ b/backport-CVE-2022-24130.patch
@@ -0,0 +1,400 @@
+From 1584fc227673264661250d3a8d673c168ac9512d Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Sun, 30 Jan 2022 19:31:01 +0000
+Subject: [PATCH] backport-CVE-2022-14130
+
+---
+ COPYING                  |  4 +-
+ MANIFEST                 |  2 +-
+ graphics_sixel.c         | 26 ++++++++----
+ package/debian/copyright |  2 +-
+ ptyx.h                   |  6 +--
+ terminfo                 | 87 ++++++++++++++++++++++++++--------------
+ xterm.appdata.xml        |  2 +-
+ xterm.log.html           |  4 +-
+ 8 files changed, 86 insertions(+), 47 deletions(-)
+
+diff --git a/COPYING b/COPYING
+index 0656380..20d1d62 100644
+--- a/COPYING
++++ b/COPYING
+@@ -1,7 +1,7 @@
+---- $XTermId: COPYING,v 1.3 2020/01/12 22:53:35 tom Exp $
++--- $XTermId: COPYING,v 1.5 2022/01/30 19:30:32 tom Exp $
+ -------------------------------------------------------------------------------
+ 
+-Copyright 1996-2019,2020 by Thomas E. Dickey
++Copyright 1996-2021,2022 by Thomas E. Dickey
+ 
+                         All Rights Reserved
+ 
+diff --git a/MANIFEST b/MANIFEST
+index e7a1b67..1d1996f 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -1,4 +1,4 @@
+-MANIFEST for xterm-363, version xterm-363
++MANIFEST for xterm-363, version xterm-370
+ --------------------------------------------------------------------------------
+ MANIFEST                        this file
+ 256colres.h                     resource-definitions for 256-color mode
+diff --git a/graphics_sixel.c b/graphics_sixel.c
+index 304fa8f..6a1b9c8 100644
+--- a/graphics_sixel.c
++++ b/graphics_sixel.c
+@@ -1,8 +1,8 @@
+-/* $XTermId: graphics_sixel.c,v 1.28 2020/08/06 20:32:33 Ben.Wong Exp $ */
++/* $XTermId: graphics_sixel.c,v 1.30 2022/01/30 19:25:32 tom Exp $ */
+ 
+ /*
+- * Copyright 2014-2016,2020 by Ross Combs
+- * Copyright 2014-2016,2020 by Thomas E. Dickey
++ * Copyright 2014-2021,2022 by Ross Combs
++ * Copyright 2014-2021,2022 by Thomas E. Dickey
+  *
+  *                         All Rights Reserved
+  *
+@@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic, SixelContext const *context)
+     graphic->color_registers_used[context->background] = 1;
+ }
+ 
+-static void
++static Boolean
+ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ {
+     const int mh = graphic->max_height;
+@@ -183,8 +183,10 @@ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ 	    }
+ 	} else {
+ 	    TRACE(("sixel pixel %d out of bounds\n", pix));
++	    return False;
+ 	}
+     }
++    return True;
+ }
+ 
+ static void
+@@ -462,8 +464,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
+ 		init_sixel_background(graphic, &context);
+ 		graphic->valid = 1;
+ 	    }
+-	    if (sixel)
+-		set_sixel(graphic, &context, sixel);
++	    if (sixel) {
++		if (!set_sixel(graphic, &context, sixel)) {
++		    context.col = 0;
++		    break;
++		}
++	    }
+ 	    context.col++;
+ 	} else if (ch == '$') {	/* DECGCR */
+ 	    /* ignore DECCRNLM in sixel mode */
+@@ -531,8 +537,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
+ 	    if (sixel) {
+ 		int i;
+ 		for (i = 0; i < Pcount; i++) {
+-		    set_sixel(graphic, &context, sixel);
+-		    context.col++;
++		    if (set_sixel(graphic, &context, sixel)) {
++			context.col++;
++		    } else {
++			context.col = 0;
++			break;
++		    }
+ 		}
+ 	    } else {
+ 		context.col += Pcount;
+diff --git a/package/debian/copyright b/package/debian/copyright
+index 1ea0b28..97493e0 100644
+--- a/package/debian/copyright
++++ b/package/debian/copyright
+@@ -35,7 +35,7 @@ authorization.
+ Files: * */*
+ License: MIT-X11
+ 
+-Copyright 1996-2019,2020 by Thomas E. Dickey
++Copyright 1996-2021,2022 by Thomas E. Dickey
+ 
+ (date ranges vary, depending on when the respective files were first changed
+ significantly, and run through the most recent change date).
+diff --git a/ptyx.h b/ptyx.h
+index 0d9dc0e..e682f56 100644
+--- a/ptyx.h
++++ b/ptyx.h
+@@ -1,7 +1,7 @@
+-/* $XTermId: ptyx.h,v 1.1026 2020/12/25 15:15:37 tom Exp $ */
++/* $XTermId: ptyx.h,v 1.1047 2022/01/30 19:29:37 tom Exp $ */
+ 
+ /*
+- * Copyright 1999-2019,2020 by Thomas E. Dickey
++ * Copyright 1999-2021,2022 by Thomas E. Dickey
+  *
+  *                         All Rights Reserved
+  *
+@@ -777,7 +777,7 @@ typedef enum {
+ #endif
+ 
+ #ifndef OPT_SHIFT_FONTS
+-#define OPT_SHIFT_FONTS 1 /* true if xterm interprets fontsize-shifting */
++#define OPT_STATUS_LINE	0 /* true if xterm supports status-line controls */
+ #endif
+ 
+ #ifndef OPT_SUNPC_KBD
+diff --git a/terminfo b/terminfo
+index 268686e..2aac86b 100644
+--- a/terminfo
++++ b/terminfo
+@@ -1,10 +1,10 @@
+-# $XTermId: terminfo,v 1.190 2020/12/11 09:23:14 tom Exp $
++# $XTermId: terminfo,v 1.202 2022/01/30 19:29:59 tom Exp $
+ #
+ # Updates/notes/new entries (e.g., xterm-8bit, xterm-16color, xterm-256color)
+ # - Thomas E. Dickey
+ #
+ #------------------------------------------------------------------------------
+-# Copyright 1996-2019,2020 by Thomas E. Dickey
++# Copyright 1996-2021,2022 by Thomas E. Dickey
+ #
+ #                         All Rights Reserved
+ #
+@@ -147,6 +147,7 @@ xterm-new|modern xterm terminal emulator,
+ # Left/right margins are supported in xterm since patch #279 (2012/05/10)
+ vt420+lrmm|VT420 left/right margins,
+ 	mgc=\E[?69l,
++	smglp=\E[?69h\E[%i%p1%ds,
+ 	smglr=\E[?69h\E[%i%p1%d;%p2%ds,
+ 
+ # These "ansi+XXX" blocks were added in ncurses 5.0:
+@@ -920,7 +921,9 @@ xterm+sm+1006|xterm SGR-mouse,
+ 			l
+ 		%;,
+ 	xm=\E[<%i
+-		%p3%d;%p1%d;%p2%d;
++		%p3%d;
++		%p1%d;
++		%p2%d;
+ 		%?
+ 			%p4
+ 			%tM
+@@ -942,11 +945,13 @@ xterm+x11mouse|X11 xterm mouse protocol,
+ 	xm=\E[M
+ 		%?
+ 			%p4
+-			%t%p3
++			%t
++			%p3
+ 		%e%{3}
+ 		%;
+ 		%'\s'%+%c
+-		%p2%'!'%+%c%p1%'!'%+%c,
++		%p2%'!'%+%c
++		%p1%'!'%+%c,
+ 
+ # This chunk is used for building the VT220/Sun/PC keyboard variants.
+ xterm-basic|modern xterm terminal emulator - common,
+@@ -1085,7 +1090,8 @@ xterm-basic|modern xterm terminal emulator - common,
+ 			%t;4
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		%?
+@@ -1442,7 +1448,8 @@ xterm-bold|xterm with bold instead of underline (X Window System),
+ 			%t;1
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		m,
+@@ -1802,7 +1809,8 @@ xterm-16color|xterm with 16 colors,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t%p1%{40}%+
++			%t
++			%p1%{40}%+
+ 		%e
+ 			%p1%{92}%+
+ 		%;
+@@ -1810,13 +1818,15 @@ xterm-16color|xterm with 16 colors,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t%p1%{30}%+
++			%t
++			%p1%{30}%+
+ 		%e
+ 			%p1%{82}%+
+ 		%;
+ 		%dm,
+ 	setb=
+-		%p1%{8}%/%{6}%*%{4}%+\E[%d%p1%{8}%m%Pa
++		%p1%{8}%/%{6}%*%{3}%+\E[%d
++		%p1%{8}%m%Pa
+ 		%?%ga%{1}%=
+ 			%t4
+ 		%e%ga%{3}%=
+@@ -1869,15 +1879,20 @@ xterm+256color|original xterm 256-color feature,
+ 	colors#0x100,
+ 	pairs#0x10000,
+ 	initc=\E]4;
+-		%p1%d;rgb\:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\E\\,
++		%p1%d;rgb:
++		%p2%{255}%*%{1000}%/%2.2X/
++		%p3%{255}%*%{1000}%/%2.2X/
++		%p4%{255}%*%{1000}%/%2.2X\E\\,
+ 	oc=\E]104\007,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t4%p1%d
++			%t4
++			%p1%d
+ 		%e
+ 			%p1%{16}%<
+-			%t10%p1%{8}%-%d
++			%t10
++			%p1%{8}%-%d
+ 		%e48;5;
+ 			%p1%d
+ 		%;
+@@ -1885,10 +1900,12 @@ xterm+256color|original xterm 256-color feature,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t3%p1%d
++			%t3
++			%p1%d
+ 		%e
+ 			%p1%{16}%<
+-			%t9%p1%{8}%-%d
++			%t9
++			%p1%{8}%-%d
+ 		%e38;5;
+ 			%p1%d
+ 		%;
+@@ -1899,22 +1916,26 @@ xterm+256color2|xterm 256-color feature,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t4%p1%d
++			%t4
++			%p1%d
+ 		%e
+ 			%p1%{16}%<
+-			%t10%p1%{8}%-%d
+-		%e48\:5\:
++			%t10
++			%p1%{8}%-%d
++		%e48:5:
+ 			%p1%d
+ 		%;
+ 		m,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t3%p1%d
++			%t3
++			%p1%d
+ 		%e
+ 			%p1%{16}%<
+-			%t9%p1%{8}%-%d
+-		%e38\:5\:
++			%t9
++			%p1%{8}%-%d
++		%e38:5:
+ 			%p1%d
+ 		%;
+ 		m,
+@@ -1950,17 +1971,23 @@ xterm+direct|xterm with direct-color indexing,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t4%p1%d
+-		%e48\:2\:\:
+-			%p1%{65536}%/%d\:%p1%{256}%/%{255}%&%d\:%p1%{255}%&%d
++			%t4
++			%p1%d
++		%e48:2::
++			%p1%{65536}%/%d:
++			%p1%{256}%/%{255}%&%d:
++			%p1%{255}%&%d
+ 		%;
+ 		m,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t3%p1%d
+-		%e38\:2\:\:
+-			%p1%{65536}%/%d\:%p1%{256}%/%{255}%&%d\:%p1%{255}%&%d
++			%t3
++			%p1%d
++		%e38:2::
++			%p1%{65536}%/%d:
++			%p1%{256}%/%{255}%&%d:
++			%p1%{255}%&%d
+ 		%;
+ 		m,
+ 	setb@,
+@@ -2143,7 +2170,8 @@ xterm-8bit|xterm terminal emulator with 8-bit controls (X Window System),
+ 		%;
+ 		%?
+ 			%p1%p3%|
+-			%t;7
++			%p1
++			%p3%|
+ 		%;
+ 		%?
+ 			%p4
+@@ -2370,7 +2398,8 @@ xterm-xf86-v44|xterm terminal emulator (XFree86 4.4 Window System),
+ 			%t;4
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		%?
+diff --git a/xterm.appdata.xml b/xterm.appdata.xml
+index cd9ab6e..f4e8fbe 100644
+--- a/xterm.appdata.xml
++++ b/xterm.appdata.xml
+@@ -1,5 +1,5 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+-<!-- Copyright 2014-2019,2020 Thomas Dickey <dickey@invisible-island.net> -->
++<!-- Copyright 2014-2021,2022 Thomas Dickey <dickey@invisible-island.net> -->
+ <component type="desktop">
+   <id>xterm.desktop</id>
+   <metadata_license>CC-BY-3.0</metadata_license>
+diff --git a/xterm.log.html b/xterm.log.html
+index 3d5ed4c..8433c6e 100644
+--- a/xterm.log.html
++++ b/xterm.log.html
+@@ -30,7 +30,7 @@
+  * sale, use or other dealings in this Software without prior written        *
+  * authorization.                                                            *
+  *****************************************************************************
+-  $XTermId: xterm.log.html,v 1.2289 2020/12/26 15:38:13 tom Exp $
++ $XTermId: xterm.log.html,v 1.2384 2022/01/30 19:30:18 tom Exp $
+   -->
+ <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
+ <html>
+@@ -50,7 +50,7 @@
+ <body>
+   <hr>
+ 
+-  <p>Copyright &copy; 1997-2019,2020 by <a href=
++  <p>Copyright &copy; 1997-2021,2022 by <a href=
+   "mailto:dickey@invisible-island.net">Thomas E. Dickey</a></p>
+ 
+   <hr>
+-- 
+2.27.0
+
diff --git a/xterm.spec b/xterm.spec
index a057b73..bd898bb 100644
--- a/xterm.spec
+++ b/xterm.spec
@@ -1,12 +1,13 @@
 Name:		xterm
 Version:	363
-Release:        3
+Release:        4
 Summary:	It is a terminal emulator for the X Window System
 License:	MIT
 URL:		http://invisible-island.net/xterm
 Source0:	https://invisible-mirror.net/archives/xterm/xterm-%{version}.tgz
 
 Patch6000:      backport-CVE-2021-27135.patch
+Patch6001:      backport-CVE-2022-24130.patch
 
 BuildRequires: 	gcc pkgconfig ncurses-devel libutempter-devel
 BuildRequires: 	libXft-devel libXaw-devel libXext-devel desktop-file-utils
@@ -64,6 +65,9 @@ install -m 644 -p xterm.appdata.xml %{buildroot}/%{_datadir}/appdata
 %{_mandir}/man1/*
 
 %changelog
+* Tue Feb 22 2022 xingxing <xingxing9@h-partners.com> - 363-4
+- fix CVE-2022-24130
+
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 363-3
 - DESC: delete -S git from %autosetup, and delete BuildRequires git
 
-- 
Gitee