From dc3ed827ae4c948ddb024fec329d223b7390d829 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 23 Feb 2022 11:30:50 +0800
Subject: [PATCH] backport-CVE-2022-14130

---
 MANIFEST                 |  2 +-
 graphics_sixel.c         | 24 +++++++++++----
 package/debian/copyright |  2 +-
 ptyx.h                   |  4 +--
 terminfo                 | 63 ++++++++++++++++++++++++++--------------
 xterm.appdata.xml        |  2 +-
 xterm.log.html           |  4 +--
 7 files changed, 67 insertions(+), 34 deletions(-)

diff --git a/MANIFEST b/MANIFEST
index 3c91d9d..1b9bd60 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,4 +1,4 @@
-MANIFEST for xterm-334, version xterm-334
+MANIFEST for xterm-334, version xterm-370
 --------------------------------------------------------------------------------
 MANIFEST                        this file
 256colres.h                     resource-definitions for 256-color mode
diff --git a/graphics_sixel.c b/graphics_sixel.c
index d066911..158e451 100644
--- a/graphics_sixel.c
+++ b/graphics_sixel.c
@@ -1,7 +1,8 @@
-/* $XTermId: graphics_sixel.c,v 1.18 2016/06/05 20:04:01 tom Exp $ */
+/* $XTermId: graphics_sixel.c,v 1.30 2022/01/30 19:25:32 tom Exp $ */
 
 /*
- * Copyright 2014,2016 by Ross Combs
+* Copyright 2014-2021,2022 by Ross Combs
+ * Copyright 2014-2021,2022 by Thomas E. Dickey
  *
  *                         All Rights Reserved
  *
@@ -141,7 +142,7 @@ init_sixel_background(Graphic *graphic, SixelContext const *context)
     graphic->color_registers_used[context->background] = 1;
 }
 
-static void
+static Boolean
 set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
 {
     const int mh = graphic->max_height;
@@ -175,8 +176,10 @@ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
 	    }
 	} else {
 	    TRACE(("sixel pixel %d out of bounds\n", pix));
+	    return False;
 	}
     }
+    return True;
 }
 
 static void
@@ -451,7 +454,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
 		init_sixel_background(graphic, &context);
 		graphic->valid = 1;
 	    }
-	    set_sixel(graphic, &context, sixel);
+	    if (sixel) {
+		if (!set_sixel(graphic, &context, sixel)) {
+		    context.col = 0;
+		    break;
+		}
+	    }
 	    context.col++;
 	} else if (ch == '$') {	/* DECGCR */
 	    /* ignore DECCRNLM in sixel mode */
@@ -529,8 +537,12 @@ parse_sixel(XtermWidget xw, ANSI *params, char const *string)
 		graphic->valid = 1;
 	    }
 	    for (i = 0; i < Pcount; i++) {
-		set_sixel(graphic, &context, sixel);
-		context.col++;
+		    if (set_sixel(graphic, &context, sixel)) {
+			context.col++;
+		    } else {
+			context.col = 0;
+			break;
+		    }
 	    }
 	} else if (ch == '#') {	/* DECGCI */
 	    ANSI color_params;
diff --git a/package/debian/copyright b/package/debian/copyright
index ddf3bff..9c0d62b 100644
--- a/package/debian/copyright
+++ b/package/debian/copyright
@@ -35,7 +35,7 @@ authorization.
 Files: * */*
 License: MIT-X11
 
-Copyright 1996-2017,2018 by Thomas E. Dickey
+Copyright 1996-2021,2022 by Thomas E. Dickey
 
 (date ranges vary, depending on when the respective files were first changed
 significantly, and run through the most recent change date).
diff --git a/ptyx.h b/ptyx.h
index 9f7f74c..8ccc95c 100644
--- a/ptyx.h
+++ b/ptyx.h
@@ -1,7 +1,7 @@
-/* $XTermId: ptyx.h,v 1.905 2018/08/10 18:40:07 tom Exp $ */
+/* $XTermId: ptyx.h,v 1.1047 2022/01/30 19:29:37 tom Exp $ */
 
 /*
- * Copyright 1999-2017,2018 by Thomas E. Dickey
+* Copyright 1999-2021,2022 by Thomas E. Dickey
  *
  *                         All Rights Reserved
  *
diff --git a/terminfo b/terminfo
index ee558e4..cf8985e 100644
--- a/terminfo
+++ b/terminfo
@@ -1,10 +1,10 @@
-# $XTermId: terminfo,v 1.177 2017/12/25 21:08:55 tom Exp $
+# $XTermId: terminfo,v 1.202 2022/01/30 19:29:59 tom Exp $
 #
 # Updates/notes/new entries (e.g., xterm-8bit, xterm-16color, xterm-256color)
 # - Thomas E. Dickey
 #
 #------------------------------------------------------------------------------
-# Copyright 1996-2016,2017 by Thomas E. Dickey
+# Copyright 1996-2021,2022 by Thomas E. Dickey
 #
 #                         All Rights Reserved
 #
@@ -1038,7 +1038,8 @@ xterm-basic|modern xterm terminal emulator - common,
 			%t;4
 		%;
 		%?
-			%p1%p3%|
+			%p1
+			%p3%|
 			%t;7
 		%;
 		%?
@@ -1354,7 +1355,8 @@ xterm-bold|xterm with bold instead of underline (X Window System),
 			%t;1
 		%;
 		%?
-			%p1%p3%|
+			%p1
+			%p3%|
 			%t;7
 		%;
 		m,
@@ -1631,7 +1633,8 @@ xterm-16color|xterm with 16 colors,
 	setab=\E[
 		%?
 			%p1%{8}%<
-			%t%p1%{40}%+
+			%t
+			%p1%{40}%+
 		%e
 			%p1%{92}%+
 		%;
@@ -1639,13 +1642,15 @@ xterm-16color|xterm with 16 colors,
 	setaf=\E[
 		%?
 			%p1%{8}%<
-			%t%p1%{30}%+
+			%t
+			%p1%{30}%+
 		%e
 			%p1%{82}%+
 		%;
 		%dm,
 	setb=
-		%p1%{8}%/%{6}%*%{4}%+\E[%d%p1%{8}%m%Pa
+		%p1%{8}%/%{6}%*%{4}%+\E[%d
+		%p1%{8}%m%Pa
 		%?%ga%{1}%=
 			%t4
 		%e%ga%{3}%=
@@ -1658,7 +1663,8 @@ xterm-16color|xterm with 16 colors,
 		%;
 		m,
 	setf=
-		%p1%{8}%/%{6}%*%{3}%+\E[%d%p1%{8}%m%Pa
+		%p1%{8}%/%{6}%*%{3}%+\E[%d
+		%p1%{8}%m%Pa
 		%?%ga%{1}%=
 			%t4
 		%e%ga%{3}%=
@@ -1690,16 +1696,21 @@ xterm+256color|xterm 256-color feature,
 	colors#0x100,
 	pairs#0x10000,
 	initc=\E]4;
-		%p1%d;rgb\:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\E\\,
+		%p1%d;rgb:
+		%p2%{255}%*%{1000}%/%2.2X/
+		%p3%{255}%*%{1000}%/%2.2X/
+		%p4%{255}%*%{1000}%/%2.2X\E\\,
 	oc=\E]104\007,
 	rs1=\Ec\E]104\007,
 	setab=\E[
 		%?
 			%p1%{8}%<
-			%t4%p1%d
+			%t4
+			%p1%d
 		%e
 			%p1%{16}%<
-			%t10%p1%{8}%-%d
+			%t10
+			%p1%{8}%-%d
 		%e48;5;
 			%p1%d
 		%;
@@ -1707,10 +1718,12 @@ xterm+256color|xterm 256-color feature,
 	setaf=\E[
 		%?
 			%p1%{8}%<
-			%t3%p1%d
+			%t3
+			%p1%d
 		%e
 			%p1%{16}%<
-			%t9%p1%{8}%-%d
+			%t9
+			%p1%{8}%-%d
 		%e38;5;
 			%p1%d
 		%;
@@ -1746,17 +1759,23 @@ xterm+direct|xterm with direct-color indexing,
 	setab=\E[
 		%?
 			%p1%{8}%<
-			%t4%p1%d
-		%e48\:2\:\:
-			%p1%{65536}%/%d\:%p1%{256}%/%{255}%&%d\:%p1%{255}%&%d
+			%t4
+			%p1%d
+		%e48:2::
+			%p1%{65536}%/%d:
+			%p1%{256}%/%{255}%&%d:
+			%p1%{255}%&%d
 		%;
 		m,
 	setaf=\E[
 		%?
 			%p1%{8}%<
-			%t3%p1%d
-		%e38\:2\:\:
-			%p1%{65536}%/%d\:%p1%{256}%/%{255}%&%d\:%p1%{255}%&%d
+			%t3
+			%p1%d
+		%e38:2::
+			%p1%{65536}%/%d:
+			%p1%{256}%/%{255}%&%d:
+			%p1%{255}%&%d
 		%;
 		m,
 	setb@,
@@ -1938,7 +1957,8 @@ xterm-8bit|xterm terminal emulator with 8-bit controls (X Window System),
 			%t;4
 		%;
 		%?
-			%p1%p3%|
+			%p1
+			%p3%|
 			%t;7
 		%;
 		%?
@@ -2166,7 +2186,8 @@ xterm-xf86-v44|xterm terminal emulator (XFree86 4.4 Window System),
 			%t;4
 		%;
 		%?
-			%p1%p3%|
+			%p1
+			%p3%|
 			%t;7
 		%;
 		%?
diff --git a/xterm.appdata.xml b/xterm.appdata.xml
index ebe4976..ef8ef4d 100644
--- a/xterm.appdata.xml
+++ b/xterm.appdata.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Copyright 2014,2016 Thomas Dickey <dickey@invisible-island.net> -->
+<!-- Copyright 2014-2021,2022 Thomas Dickey <dickey@invisible-island.net> -->
 <component type="desktop">
   <id>xterm.desktop</id>
   <metadata_license>CC-BY-3.0</metadata_license>
diff --git a/xterm.log.html b/xterm.log.html
index a912a6d..bda08d3 100644
--- a/xterm.log.html
+++ b/xterm.log.html
@@ -30,7 +30,7 @@
  * sale, use or other dealings in this Software without prior written        *
  * authorization.                                                            *
  *****************************************************************************
-  $XTermId: xterm.log.html,v 1.1892 2018/08/13 00:45:25 tom Exp $
+$XTermId: xterm.log.html,v 1.2384 2022/01/30 19:30:18 tom Exp $
   -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
 
@@ -53,7 +53,7 @@
 <body>
   <hr>
 
-  <p>Copyright &copy; 1997-2017,2018 by <a href=
+  <p>Copyright &copy; 1997-2021,2022 by <a href=
   "mailto:dickey@invisible-island.net">Thomas E. Dickey</a></p>
   <hr>
 
-- 
2.27.0