From f6eca4ec4b6c0a9d52b92e36ee1e53de11dfde13 Mon Sep 17 00:00:00 2001
From: xingxing <xingxing9@huawei.com>
Date: Wed, 23 Feb 2022 14:32:49 +0800
Subject: [PATCH] fix CVE-2022-24130

(cherry picked from commit 19b21ff29bf8413d75d75a3f8831bf5a5f01ba3f)
---
 backport-CVE-2022-24130.patch | 317 ++++++++++++++++++++++++++++++++++
 xterm.spec                    |   6 +-
 2 files changed, 322 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-24130.patch

diff --git a/backport-CVE-2022-24130.patch b/backport-CVE-2022-24130.patch
new file mode 100644
index 0000000..02dd10d
--- /dev/null
+++ b/backport-CVE-2022-24130.patch
@@ -0,0 +1,317 @@
+From dc3ed827ae4c948ddb024fec329d223b7390d829 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 23 Feb 2022 11:30:50 +0800
+Subject: [PATCH] backport-CVE-2022-14130
+
+---
+ MANIFEST                 |  2 +-
+ graphics_sixel.c         | 24 +++++++++++----
+ package/debian/copyright |  2 +-
+ ptyx.h                   |  4 +--
+ terminfo                 | 63 ++++++++++++++++++++++++++--------------
+ xterm.appdata.xml        |  2 +-
+ xterm.log.html           |  4 +--
+ 7 files changed, 67 insertions(+), 34 deletions(-)
+
+diff --git a/MANIFEST b/MANIFEST
+index 3c91d9d..1b9bd60 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -1,4 +1,4 @@
+-MANIFEST for xterm-334, version xterm-334
++MANIFEST for xterm-334, version xterm-370
+ --------------------------------------------------------------------------------
+ MANIFEST                        this file
+ 256colres.h                     resource-definitions for 256-color mode
+diff --git a/graphics_sixel.c b/graphics_sixel.c
+index d066911..158e451 100644
+--- a/graphics_sixel.c
++++ b/graphics_sixel.c
+@@ -1,7 +1,8 @@
+-/* $XTermId: graphics_sixel.c,v 1.18 2016/06/05 20:04:01 tom Exp $ */
++/* $XTermId: graphics_sixel.c,v 1.30 2022/01/30 19:25:32 tom Exp $ */
+ 
+ /*
+- * Copyright 2014,2016 by Ross Combs
++* Copyright 2014-2021,2022 by Ross Combs
++ * Copyright 2014-2021,2022 by Thomas E. Dickey
+  *
+  *                         All Rights Reserved
+  *
+@@ -141,7 +142,7 @@ init_sixel_background(Graphic *graphic, SixelContext const *context)
+     graphic->color_registers_used[context->background] = 1;
+ }
+ 
+-static void
++static Boolean
+ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ {
+     const int mh = graphic->max_height;
+@@ -175,8 +176,10 @@ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ 	    }
+ 	} else {
+ 	    TRACE(("sixel pixel %d out of bounds\n", pix));
++	    return False;
+ 	}
+     }
++    return True;
+ }
+ 
+ static void
+@@ -451,7 +454,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
+ 		init_sixel_background(graphic, &context);
+ 		graphic->valid = 1;
+ 	    }
+-	    set_sixel(graphic, &context, sixel);
++	    if (sixel) {
++		if (!set_sixel(graphic, &context, sixel)) {
++		    context.col = 0;
++		    break;
++		}
++	    }
+ 	    context.col++;
+ 	} else if (ch == '$') {	/* DECGCR */
+ 	    /* ignore DECCRNLM in sixel mode */
+@@ -529,8 +537,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
+ 		graphic->valid = 1;
+ 	    }
+ 	    for (i = 0; i < Pcount; i++) {
+-		set_sixel(graphic, &context, sixel);
+-		context.col++;
++		    if (set_sixel(graphic, &context, sixel)) {
++			context.col++;
++		    } else {
++			context.col = 0;
++			break;
++		    }
+ 	    }
+ 	} else if (ch == '#') {	/* DECGCI */
+ 	    ANSI color_params;
+diff --git a/package/debian/copyright b/package/debian/copyright
+index ddf3bff..9c0d62b 100644
+--- a/package/debian/copyright
++++ b/package/debian/copyright
+@@ -35,7 +35,7 @@ authorization.
+ Files: * */*
+ License: MIT-X11
+ 
+-Copyright 1996-2017,2018 by Thomas E. Dickey
++Copyright 1996-2021,2022 by Thomas E. Dickey
+ 
+ (date ranges vary, depending on when the respective files were first changed
+ significantly, and run through the most recent change date).
+diff --git a/ptyx.h b/ptyx.h
+index 9f7f74c..8ccc95c 100644
+--- a/ptyx.h
++++ b/ptyx.h
+@@ -1,7 +1,7 @@
+-/* $XTermId: ptyx.h,v 1.905 2018/08/10 18:40:07 tom Exp $ */
++/* $XTermId: ptyx.h,v 1.1047 2022/01/30 19:29:37 tom Exp $ */
+ 
+ /*
+- * Copyright 1999-2017,2018 by Thomas E. Dickey
++* Copyright 1999-2021,2022 by Thomas E. Dickey
+  *
+  *                         All Rights Reserved
+  *
+diff --git a/terminfo b/terminfo
+index ee558e4..cf8985e 100644
+--- a/terminfo
++++ b/terminfo
+@@ -1,10 +1,10 @@
+-# $XTermId: terminfo,v 1.177 2017/12/25 21:08:55 tom Exp $
++# $XTermId: terminfo,v 1.202 2022/01/30 19:29:59 tom Exp $
+ #
+ # Updates/notes/new entries (e.g., xterm-8bit, xterm-16color, xterm-256color)
+ # - Thomas E. Dickey
+ #
+ #------------------------------------------------------------------------------
+-# Copyright 1996-2016,2017 by Thomas E. Dickey
++# Copyright 1996-2021,2022 by Thomas E. Dickey
+ #
+ #                         All Rights Reserved
+ #
+@@ -1038,7 +1038,8 @@ xterm-basic|modern xterm terminal emulator - common,
+ 			%t;4
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		%?
+@@ -1354,7 +1355,8 @@ xterm-bold|xterm with bold instead of underline (X Window System),
+ 			%t;1
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		m,
+@@ -1631,7 +1633,8 @@ xterm-16color|xterm with 16 colors,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t%p1%{40}%+
++			%t
++			%p1%{40}%+
+ 		%e
+ 			%p1%{92}%+
+ 		%;
+@@ -1639,13 +1642,15 @@ xterm-16color|xterm with 16 colors,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t%p1%{30}%+
++			%t
++			%p1%{30}%+
+ 		%e
+ 			%p1%{82}%+
+ 		%;
+ 		%dm,
+ 	setb=
+-		%p1%{8}%/%{6}%*%{4}%+\E[%d%p1%{8}%m%Pa
++		%p1%{8}%/%{6}%*%{4}%+\E[%d
++		%p1%{8}%m%Pa
+ 		%?%ga%{1}%=
+ 			%t4
+ 		%e%ga%{3}%=
+@@ -1658,7 +1663,8 @@ xterm-16color|xterm with 16 colors,
+ 		%;
+ 		m,
+ 	setf=
+-		%p1%{8}%/%{6}%*%{3}%+\E[%d%p1%{8}%m%Pa
++		%p1%{8}%/%{6}%*%{3}%+\E[%d
++		%p1%{8}%m%Pa
+ 		%?%ga%{1}%=
+ 			%t4
+ 		%e%ga%{3}%=
+@@ -1690,16 +1696,21 @@ xterm+256color|xterm 256-color feature,
+ 	colors#0x100,
+ 	pairs#0x10000,
+ 	initc=\E]4;
+-		%p1%d;rgb\:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\E\\,
++		%p1%d;rgb:
++		%p2%{255}%*%{1000}%/%2.2X/
++		%p3%{255}%*%{1000}%/%2.2X/
++		%p4%{255}%*%{1000}%/%2.2X\E\\,
+ 	oc=\E]104\007,
+ 	rs1=\Ec\E]104\007,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t4%p1%d
++			%t4
++			%p1%d
+ 		%e
+ 			%p1%{16}%<
+-			%t10%p1%{8}%-%d
++			%t10
++			%p1%{8}%-%d
+ 		%e48;5;
+ 			%p1%d
+ 		%;
+@@ -1707,10 +1718,12 @@ xterm+256color|xterm 256-color feature,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t3%p1%d
++			%t3
++			%p1%d
+ 		%e
+ 			%p1%{16}%<
+-			%t9%p1%{8}%-%d
++			%t9
++			%p1%{8}%-%d
+ 		%e38;5;
+ 			%p1%d
+ 		%;
+@@ -1746,17 +1759,23 @@ xterm+direct|xterm with direct-color indexing,
+ 	setab=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t4%p1%d
+-		%e48\:2\:\:
+-			%p1%{65536}%/%d\:%p1%{256}%/%{255}%&%d\:%p1%{255}%&%d
++			%t4
++			%p1%d
++		%e48:2::
++			%p1%{65536}%/%d:
++			%p1%{256}%/%{255}%&%d:
++			%p1%{255}%&%d
+ 		%;
+ 		m,
+ 	setaf=\E[
+ 		%?
+ 			%p1%{8}%<
+-			%t3%p1%d
+-		%e38\:2\:\:
+-			%p1%{65536}%/%d\:%p1%{256}%/%{255}%&%d\:%p1%{255}%&%d
++			%t3
++			%p1%d
++		%e38:2::
++			%p1%{65536}%/%d:
++			%p1%{256}%/%{255}%&%d:
++			%p1%{255}%&%d
+ 		%;
+ 		m,
+ 	setb@,
+@@ -1938,7 +1957,8 @@ xterm-8bit|xterm terminal emulator with 8-bit controls (X Window System),
+ 			%t;4
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		%?
+@@ -2166,7 +2186,8 @@ xterm-xf86-v44|xterm terminal emulator (XFree86 4.4 Window System),
+ 			%t;4
+ 		%;
+ 		%?
+-			%p1%p3%|
++			%p1
++			%p3%|
+ 			%t;7
+ 		%;
+ 		%?
+diff --git a/xterm.appdata.xml b/xterm.appdata.xml
+index ebe4976..ef8ef4d 100644
+--- a/xterm.appdata.xml
++++ b/xterm.appdata.xml
+@@ -1,5 +1,5 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+-<!-- Copyright 2014,2016 Thomas Dickey <dickey@invisible-island.net> -->
++<!-- Copyright 2014-2021,2022 Thomas Dickey <dickey@invisible-island.net> -->
+ <component type="desktop">
+   <id>xterm.desktop</id>
+   <metadata_license>CC-BY-3.0</metadata_license>
+diff --git a/xterm.log.html b/xterm.log.html
+index a912a6d..bda08d3 100644
+--- a/xterm.log.html
++++ b/xterm.log.html
+@@ -30,7 +30,7 @@
+  * sale, use or other dealings in this Software without prior written        *
+  * authorization.                                                            *
+  *****************************************************************************
+-  $XTermId: xterm.log.html,v 1.1892 2018/08/13 00:45:25 tom Exp $
++$XTermId: xterm.log.html,v 1.2384 2022/01/30 19:30:18 tom Exp $
+   -->
+ <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
+ 
+@@ -53,7 +53,7 @@
+ <body>
+   <hr>
+ 
+-  <p>Copyright &copy; 1997-2017,2018 by <a href=
++  <p>Copyright &copy; 1997-2021,2022 by <a href=
+   "mailto:dickey@invisible-island.net">Thomas E. Dickey</a></p>
+   <hr>
+ 
+-- 
+2.27.0
+
diff --git a/xterm.spec b/xterm.spec
index 0460a7a..848ea4b 100644
--- a/xterm.spec
+++ b/xterm.spec
@@ -1,12 +1,13 @@
 Name:		xterm
 Version:	334
-Release:        5
+Release:        6
 Summary:	It is a terminal emulator for the X Window System
 License:	MIT
 URL:		http://invisible-island.net/xterm
 Source0:	http://invisible-island.net/xterm/xterm-334.tgz
 
 Patch6000:      backport-CVE-2021-27135.patch
+Patch6001:      backport-CVE-2022-24130.patch
 
 BuildRequires: 	gcc git pkgconfig ncurses-devel libutempter-devel
 BuildRequires: 	libXft-devel libXaw-devel libXext-devel desktop-file-utils
@@ -64,6 +65,9 @@ install -m 644 -p xterm.appdata.xml %{buildroot}/%{_datadir}/appdata
 %{_mandir}/man1/*
 
 %changelog
+* Wed Feb 23 2022 xingxing <xingxing9@h-partners.com> - 334-6
+- fix CVE-2022-24130
+
 * Wed Mar 03 2021 jinzhimin <jinzhimin2@huawei.com> - 334-5
 - fix CVE-2021-27135
 
-- 
Gitee