diff --git a/SOURCES/xterm-CVE-2021-27135.patch b/SOURCES/xterm-CVE-2021-27135.patch new file mode 100644 index 0000000..ba9c918 --- /dev/null +++ b/SOURCES/xterm-CVE-2021-27135.patch @@ -0,0 +1,56 @@ +diff --git a/button.c b/button.c +index 79ec8bd..fd4ba1a 100644 +--- a/button.c ++++ b/button.c +@@ -3549,6 +3549,7 @@ SaltTextAway(XtermWidget xw, + TScreen *screen = TScreenOf(xw); + int i, j = 0; + int eol; ++ size_t have = 0; + int tmp; + Char *line; + Char *lp; +@@ -3574,7 +3575,11 @@ SaltTextAway(XtermWidget xw, + + /* UTF-8 may require more space */ + if_OPT_WIDE_CHARS(screen, { +- j *= 4; ++ if (j > 0) { ++ if (screen->max_combining > 0) ++ j += screen->max_combining; ++ j *= 6; ++ } + }); + + /* now get some memory to save it in */ +@@ -3611,10 +3616,27 @@ SaltTextAway(XtermWidget xw, + } + *lp = '\0'; /* make sure we have end marked */ + +- TRACE(("Salted TEXT:%d:%s\n", (int) (lp - line), +- visibleChars(line, (unsigned) (lp - line)))); ++ have = (size_t) (lp - line); ++ /* ++ * Scanning the buffer twice is unnecessary. Discard unwanted memory if ++ * the estimate is too-far off. ++ */ ++ if ((have * 2) < (size_t) j) { ++ Char *next; ++ screen->selection_size = have + 1; ++ next = realloc(line, screen->selection_size); ++ if (next == NULL) { ++ free(line); ++ screen->selection_length = 0; ++ screen->selection_size = 0; ++ } ++ screen->selection_data = next; ++ } ++ ++ screen->selection_length = have; + +- screen->selection_length = (unsigned long) (lp - line); ++ TRACE(("Salted TEXT:%u:%s\n", (unsigned) have, ++ visibleChars(screen->selection_data, (unsigned) have))); + } + + #if OPT_PASTE64 diff --git a/SPECS/xterm.spec b/SPECS/xterm.spec index c70161c..0a3bc0b 100644 --- a/SPECS/xterm.spec +++ b/SPECS/xterm.spec @@ -1,7 +1,7 @@ Summary: Terminal emulator for the X Window System Name: xterm Version: 295 -Release: 3%{?dist} +Release: 3%{?dist}.1 URL: http://invisible-island.net/xterm License: MIT Group: User Interface/X @@ -15,6 +15,7 @@ Source1: ftp://invisible-island.net/xterm/16colors.txt Patch1: xterm-resources.patch Patch2: xterm-desktop.patch Patch3: xterm-man-paths.patch +Patch4: xterm-CVE-2021-27135.patch %bcond_with trace @@ -31,6 +32,7 @@ programs that can't use the window system directly. %patch1 -p1 -b .resources %patch2 -p1 -b .desk %patch3 -p1 -b .man-paths +%patch4 -p1 -b .CVE-2021-27135 for f in THANKS; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -98,6 +100,10 @@ fi %{x11_app_defaults_dir}/XTerm* %changelog +* Mon Feb 15 2021 Tomas Korbar - 295-3.1 +- Backport security fix for CVE-2021-27135 +- Resolves: rhbz#1927564 + * Fri Jan 24 2014 Daniel Mach - 295-3 - Mass rebuild 2014-01-24