From bb07d115d86674090d58097141973324f20ec7de Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 30 Mar 2021 07:15:03 -0400 Subject: [PATCH] import xterm-331-1.el8_3.2 --- SOURCES/xterm-CVE-2021-27135.patch | 56 ++++++++++++++++++++++++++++++ SPECS/xterm.spec | 12 ++++++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 SOURCES/xterm-CVE-2021-27135.patch diff --git a/SOURCES/xterm-CVE-2021-27135.patch b/SOURCES/xterm-CVE-2021-27135.patch new file mode 100644 index 0000000..4960840 --- /dev/null +++ b/SOURCES/xterm-CVE-2021-27135.patch @@ -0,0 +1,56 @@ +diff --git a/button.c b/button.c +index ac1f742..4e8554d 100644 +--- a/button.c ++++ b/button.c +@@ -3802,6 +3802,7 @@ SaltTextAway(XtermWidget xw, + TScreen *screen = TScreenOf(xw); + int i, j = 0; + int eol; ++ size_t have = 0; + Char *line; + Char *lp; + CELL first = *cellc; +@@ -3827,7 +3828,11 @@ SaltTextAway(XtermWidget xw, + + /* UTF-8 may require more space */ + if_OPT_WIDE_CHARS(screen, { +- j *= 4; ++ if (j > 0) { ++ if (screen->max_combining > 0) ++ j += screen->max_combining; ++ j *= 6; ++ } + }); + + /* now get some memory to save it in */ +@@ -3864,10 +3869,27 @@ SaltTextAway(XtermWidget xw, + } + *lp = '\0'; /* make sure we have end marked */ + +- TRACE(("Salted TEXT:%d:%s\n", (int) (lp - line), +- visibleChars(line, (unsigned) (lp - line)))); ++ have = (size_t) (lp - line); ++ /* ++ * Scanning the buffer twice is unnecessary. Discard unwanted memory if ++ * the estimate is too-far off. ++ */ ++ if ((have * 2) < (size_t) j) { ++ Char *next; ++ screen->selection_size = have + 1; ++ next = realloc(line, screen->selection_size); ++ if (next == NULL) { ++ free(line); ++ screen->selection_length = 0; ++ screen->selection_size = 0; ++ } ++ screen->selection_data = next; ++ } ++ ++ screen->selection_length = have; + +- screen->selection_length = (unsigned long) (lp - line); ++ TRACE(("Salted TEXT:%u:%s\n", (unsigned) have, ++ visibleChars(screen->selection_data, (unsigned) have))); + } + + #if OPT_PASTE64 diff --git a/SPECS/xterm.spec b/SPECS/xterm.spec index 5b277cf..73ac35d 100644 --- a/SPECS/xterm.spec +++ b/SPECS/xterm.spec @@ -1,7 +1,7 @@ Summary: Terminal emulator for the X Window System Name: xterm Version: 331 -Release: 1%{?dist} +Release: 1%{?dist}.2 URL: https://invisible-island.net/xterm License: MIT Group: User Interface/X @@ -17,6 +17,7 @@ Source1: ftp://ftp.invisible-island.net/xterm/16colors.txt Patch1: xterm-resources.patch Patch2: xterm-desktop.patch Patch3: xterm-man-paths.patch +Patch4: xterm-CVE-2021-27135.patch %bcond_with trace @@ -40,6 +41,7 @@ indicate the current size of the window from which the command is run. %patch1 -p1 -b .resources %patch2 -p1 -b .desk %patch3 -p1 -b .man-paths +%patch4 -p1 -b .CVE-2021-27135 for f in THANKS; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -101,6 +103,14 @@ install -m644 -p xterm.appdata.xml $RPM_BUILD_ROOT%{_datadir}/appdata %{_mandir}/man1/resize.1* %changelog +* Fri Feb 12 2021 Tomas Korbar - 331-1.2 +- Fix issue found by covcan +- Related: rhbz#1927567 + +* Thu Feb 11 2021 Tomas Korbar - 331-1.1 +- Backport security fix for CVE-2021-27135 +- Resolves: rhbz#1927567 + * Thu Mar 29 2018 Miroslav Lichvar 331-1 - update to 331 - add gcc to build requirements