packages/xterm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!9 fix CVE-2021-27135

Browse Source 
From: @jinzhimin369
Reviewed-by: @yanan-rock
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2021-03-03 15:35:25 +08:00 committed by Gitee
commit 5001416fd0
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
backport-CVE-2021-27135.patch Normal file
View File

@ -0,0 +1,52 @@
From 82ba55b8f994ab30ff561a347b82ea340ba7075c Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Tue, 9 Feb 2021 23:04:41 +0000
Subject: [PATCH] snapshot of project "xterm", label xterm-365d
--- a/button.c
+++ b/button.c
@@ -4323,6 +4323,7 @@ SaltTextAway(XtermWidget xw,
int i;
int eol;
int need = 0;
+ size_t have = 0;
Char *line;
Char *lp;
CELL first = *cellc;
@@ -4357,7 +4358,11 @@ SaltTextAway(XtermWidget xw,
/* UTF-8 may require more space */
if_OPT_WIDE_CHARS(screen, {
- need *= 4;
+ if (need > 0) {
+ if (screen->max_combining > 0)
+ need += screen->max_combining;
+ need *= 6;
+ }
});
/* now get some memory to save it in */
@@ -4395,10 +4400,20 @@ SaltTextAway(XtermWidget xw,
}
*lp = '\0'; /* make sure we have end marked */
- TRACE(("Salted TEXT:%u:%s\n", (unsigned) (lp - line),
- visibleChars(line, (unsigned) (lp - line))));
+ have = (size_t) (lp - line);
+ /*
+ * Scanning the buffer twice is unnecessary. Discard unwanted memory if
+ * the estimate is too-far off.
+ */
+ if ((have * 2) < (size_t) need) {
+ scp->data_limit = have + 1;
+ line = realloc(line, scp->data_limit);
+ }
+
+ TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
+ visibleChars(line, (unsigned) have)));
- scp->data_length = (size_t) (lp - line);
+ scp->data_length = have;
}
#if OPT_PASTE64

7
xterm.spec
View File

@ -1,11 +1,13 @@
Name: xterm
Version: 363
Release: 1
Release: 2
Summary: It is a terminal emulator for the X Window System
License: MIT
URL: http://invisible-island.net/xterm
Source0: https://invisible-mirror.net/archives/xterm/xterm-%{version}.tgz
Patch6000: backport-CVE-2021-27135.patch
BuildRequires: gcc git pkgconfig ncurses-devel libutempter-devel
BuildRequires: libXft-devel libXaw-devel libXext-devel desktop-file-utils
BuildRequires: libxkbfile-devel xorg-x11-apps
@ -62,6 +64,9 @@ install -m 644 -p xterm.appdata.xml %{buildroot}/%{_datadir}/appdata
%{_mandir}/man1/*
%changelog
* Wed Mar 03 2021 jinzhimin <jinzhimin2@huawei.com> - 363-2
- fix CVE-2021-27135
* Thu Jan 28 2021 jinzhimin <jinzhimin2@huawei.com> - 363-1
- Upgrade to 363