import CS xterm-366-12.el9_6

SOURCES/xterm-366-CVE-2022-24130.patch

@@ -0,0 +1,60 @@
+commit f4c2576f9b1068a57b7a926b9cdbec6423dd434f
+Author: Tomas Korbar <tkorbar@redhat.com>
+Date:   Wed Jul 9 16:33:46 2025 +0200
+
+    Fix CVE-2022-24130
+
+diff --git a/graphics_sixel.c b/graphics_sixel.c
+index 304fa8f..2f21dcc 100644
+--- a/graphics_sixel.c
++++ b/graphics_sixel.c
+@@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic, SixelContext const *context)
+     graphic->color_registers_used[context->background] = 1;
+ }
+ 
+-static void
++static Boolean
+ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ {
+     const int mh = graphic->max_height;
+@@ -183,8 +183,10 @@ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ 	    }
+ 	} else {
+ 	    TRACE(("sixel pixel %d out of bounds\n", pix));
++	    return False;
+ 	}
+     }
++    return True;
+ }
+ 
+ static void
+@@ -462,8 +464,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
+ 		init_sixel_background(graphic, &context);
+ 		graphic->valid = 1;
+ 	    }
+-	    if (sixel)
+-		set_sixel(graphic, &context, sixel);
++	    if (sixel) {
++		if (!set_sixel(graphic, &context, sixel)) {
++		    context.col = 0;
++		    break;
++		}
++	    }
+ 	    context.col++;
+ 	} else if (ch == '$') {	/* DECGCR */
+ 	    /* ignore DECCRNLM in sixel mode */
+@@ -531,8 +537,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
+ 	    if (sixel) {
+ 		int i;
+ 		for (i = 0; i < Pcount; i++) {
+-		    set_sixel(graphic, &context, sixel);
+-		    context.col++;
++		    if (set_sixel(graphic, &context, sixel)) {
++			context.col++;
++		    } else {
++			context.col = 0;
++			break;
++		    }
+ 		}
+ 	    } else {
+ 		context.col += Pcount;

SPECS/xterm.spec

@@ -1,7 +1,7 @@
 Summary: Terminal emulator for the X Window System
 Name: xterm
 Version: 366
-Release: 10%{?dist}
+Release: 12%{?dist}
 URL: https://invisible-island.net/xterm
 License: MIT
 BuildRequires: make
@@ -18,6 +18,7 @@ Patch1: xterm-defaults.patch
 Patch2: xterm-desktop.patch
 Patch3: xterm-man-paths.patch
 Patch4: xterm-366-CVE-2022-45063.patch
+Patch5: xterm-366-CVE-2022-24130.patch
 
 %bcond_with trace
 
@@ -42,6 +43,7 @@ indicate the current size of the window from which the command is run.
 %patch2 -p1 -b .desk
 %patch3 -p1 -b .man-paths
 %patch4 -p1 -b .CVE-2022-45063
+%patch5 -p1 -b .CVE-2022-24130
 
 for f in THANKS; do
 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -104,6 +106,16 @@ install -m644 -p xterm.appdata.xml $RPM_BUILD_ROOT%{_datadir}/appdata
 %{_mandir}/man1/resize.1*
 
 %changelog
+* Wed Jul 17 2025 Tomas Korbar <tkorbar@redhat.com> - 366-12
+- Rebuild because of build failure
+- Resolves: RHEL-94699
+- Resolves: RHEL-103430
+
+* Wed Jul 09 2025 Tomas Korbar <tkorbar@redhat.com> - 366-11
+- Fix CVE-2022-24130
+- Resolves: RHEL-94699
+- Resolves: RHEL-103430
+
 * Tue Apr 15 2025 Tomas Korbar <tkorbar@redhat.com> - 366-10
 - Fix CVE-2022-45063
 - Resolves: RHEL-87485