From 4ce0177a8fe8b7574d383cab10bb7f66a07aaab0 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Feb 22 2021 09:55:35 +0000
Subject: import xterm-295-3.el7_9.1


---

diff --git a/SOURCES/xterm-CVE-2021-27135.patch b/SOURCES/xterm-CVE-2021-27135.patch
new file mode 100644
index 0000000..ba9c918
--- /dev/null
+++ b/SOURCES/xterm-CVE-2021-27135.patch
@@ -0,0 +1,56 @@
+diff --git a/button.c b/button.c
+index 79ec8bd..fd4ba1a 100644
+--- a/button.c
++++ b/button.c
+@@ -3549,6 +3549,7 @@ SaltTextAway(XtermWidget xw,
+     TScreen *screen = TScreenOf(xw);
+     int i, j = 0;
+     int eol;
++    size_t have = 0;
+     int tmp;
+     Char *line;
+     Char *lp;
+@@ -3574,7 +3575,11 @@ SaltTextAway(XtermWidget xw,
+ 
+     /* UTF-8 may require more space */
+     if_OPT_WIDE_CHARS(screen, {
+-	j *= 4;
++	if (j > 0) {
++	    if (screen->max_combining > 0)
++		j += screen->max_combining;
++	    j *= 6;
++	}
+     });
+ 
+     /* now get some memory to save it in */
+@@ -3611,10 +3616,27 @@ SaltTextAway(XtermWidget xw,
+     }
+     *lp = '\0';			/* make sure we have end marked */
+ 
+-    TRACE(("Salted TEXT:%d:%s\n", (int) (lp - line),
+-	   visibleChars(line, (unsigned) (lp - line))));
++    have = (size_t) (lp - line);
++    /*
++     * Scanning the buffer twice is unnecessary.  Discard unwanted memory if
++     * the estimate is too-far off.
++     */
++    if ((have * 2) < (size_t) j) {
++		Char *next;
++		screen->selection_size = have + 1;
++		next = realloc(line, screen->selection_size);
++		if (next == NULL) {
++			free(line);
++			screen->selection_length = 0;
++			screen->selection_size = 0;
++		}
++		screen->selection_data = next;
++    }
++
++	screen->selection_length = have;
+ 
+-    screen->selection_length = (unsigned long) (lp - line);
++    TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
++	   visibleChars(screen->selection_data, (unsigned) have)));
+ }
+ 
+ #if OPT_PASTE64
diff --git a/SPECS/xterm.spec b/SPECS/xterm.spec
index c70161c..0a3bc0b 100644
--- a/SPECS/xterm.spec
+++ b/SPECS/xterm.spec
@@ -1,7 +1,7 @@
 Summary: Terminal emulator for the X Window System
 Name: xterm
 Version: 295
-Release: 3%{?dist}
+Release: 3%{?dist}.1
 URL: http://invisible-island.net/xterm
 License: MIT
 Group: User Interface/X
@@ -15,6 +15,7 @@ Source1: ftp://invisible-island.net/xterm/16colors.txt
 Patch1: xterm-resources.patch
 Patch2: xterm-desktop.patch
 Patch3: xterm-man-paths.patch
+Patch4: xterm-CVE-2021-27135.patch
 
 %bcond_with trace
 
@@ -31,6 +32,7 @@ programs that can't use the window system directly.
 %patch1 -p1 -b .resources
 %patch2 -p1 -b .desk
 %patch3 -p1 -b .man-paths
+%patch4 -p1 -b .CVE-2021-27135
 
 for f in THANKS; do
 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -98,6 +100,10 @@ fi
 %{x11_app_defaults_dir}/XTerm*
 
 %changelog
+* Mon Feb 15 2021 Tomas Korbar <tkorbar@redhat.com> - 295-3.1
+- Backport security fix for CVE-2021-27135
+- Resolves: rhbz#1927564
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 295-3
 - Mass rebuild 2014-01-24