CVS commit: pkgsrc/x11/xterm

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Jan 31 10:00:24 UTC 2022

Modified Files:
        pkgsrc/x11/xterm: Makefile distinfo
Added Files:
        pkgsrc/x11/xterm/patches: patch-graphics__sixel.c

Log Message:
xterm: add patch for CVE-2022-24130

>From upstream.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 pkgsrc/x11/xterm/Makefile
cvs rdiff -u -r1.97 -r1.98 pkgsrc/x11/xterm/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/x11/xterm/patches/patch-graphics__sixel.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/x11/xterm/Makefile
diff -u pkgsrc/x11/xterm/Makefile:1.135 pkgsrc/x11/xterm/Makefile:1.136
--- pkgsrc/x11/xterm/Makefile:1.135     Fri Nov 26 08:37:29 2021
+++ pkgsrc/x11/xterm/Makefile   Mon Jan 31 10:00:24 2022
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.135 2021/11/26 08:37:29 pin Exp $
+# $NetBSD: Makefile,v 1.136 2022/01/31 10:00:24 wiz Exp $
 
 DISTNAME=      xterm-370
+PKGREVISION=   1
 CATEGORIES=    x11
 MASTER_SITES=  ftp://ftp.invisible-island.net/xterm/
 EXTRACT_SUFX=  .tgz

Index: pkgsrc/x11/xterm/distinfo
diff -u pkgsrc/x11/xterm/distinfo:1.97 pkgsrc/x11/xterm/distinfo:1.98
--- pkgsrc/x11/xterm/distinfo:1.97      Fri Nov 26 08:37:29 2021
+++ pkgsrc/x11/xterm/distinfo   Mon Jan 31 10:00:24 2022
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.97 2021/11/26 08:37:29 pin Exp $
+$NetBSD: distinfo,v 1.98 2022/01/31 10:00:24 wiz Exp $
 
 BLAKE2s (xterm-370.tgz) = b0de2145c7c23212c323705804eac28a4398fcd0f77b386358a60b6445db3ffc
 SHA512 (xterm-370.tgz) = 24f1836c4f5aec175c45db77e9bc829b45ee2c93cf12c20252b22bee470392ef0637cfbbb6e90074b1c038ac023f74a4fb713bbd4abf2b5b86d064667caf38dd
 Size (xterm-370.tgz) = 1500208 bytes
+SHA1 (patch-graphics__sixel.c) = 690436769c6472555565e50a61923244ef89e851

Added files:

Index: pkgsrc/x11/xterm/patches/patch-graphics__sixel.c
diff -u /dev/null pkgsrc/x11/xterm/patches/patch-graphics__sixel.c:1.1
--- /dev/null   Mon Jan 31 10:00:24 2022
+++ pkgsrc/x11/xterm/patches/patch-graphics__sixel.c    Mon Jan 31 10:00:24 2022
@@ -0,0 +1,80 @@
+$NetBSD: patch-graphics__sixel.c,v 1.1 2022/01/31 10:00:24 wiz Exp $
+
+Upstream patch to fix CVE-2022-24130.
+
+--- graphics_sixel.c.orig      2021-08-10 00:39:26.000000000 +0000
++++ graphics_sixel.c
+@@ -1,8 +1,8 @@
+-/* $XTermId: graphics_sixel.c,v 1.29 2021/08/10 00:39:26 tom Exp $ */
++/* $XTermId: graphics_sixel.c,v 1.31 2022/01/31 08:53:42 tom Exp $ */
+ 
+ /*
+- * Copyright 2014-2020,2021 by Ross Combs
+- * Copyright 2014-2020,2021 by Thomas E. Dickey
++ * Copyright 2014-2021,2022 by Ross Combs
++ * Copyright 2014-2021,2022 by Thomas E. Dickey
+  *
+  *                         All Rights Reserved
+  *
+@@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic, 
+     graphic->color_registers_used[context->background] = 1;
+ }
+ 
+-static void
++static Boolean
+ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ {
+     const int mh = graphic->max_height;
+@@ -170,7 +170,10 @@ set_sixel(Graphic *graphic, SixelContext
+          ((color != COLOR_HOLE)
+           ? (unsigned) graphic->color_registers[color].b : 0U)));
+     for (pix = 0; pix < 6; pix++) {
+-      if (context->col < mw && context->row + pix < mh) {
++      if (context->col >= 0 &&
++          context->col < mw &&
++          context->row + pix >= 0 &&
++          context->row + pix < mh) {
+           if (sixel & (1 << pix)) {
+               if (context->col + 1 > graphic->actual_width) {
+                   graphic->actual_width = context->col + 1;
+@@ -183,8 +186,10 @@ set_sixel(Graphic *graphic, SixelContext
+           }
+       } else {
+           TRACE(("sixel pixel %d out of bounds\n", pix));
++          return False;
+       }
+     }
++    return True;
+ }
+ 
+ static void
+@@ -462,8 +467,12 @@ parse_sixel(XtermWidget xw, ANSI *params
+               init_sixel_background(graphic, &context);
+               graphic->valid = 1;
+           }
+-          if (sixel)
+-              set_sixel(graphic, &context, sixel);
++          if (sixel) {
++              if (!set_sixel(graphic, &context, sixel)) {
++                  context.col = 0;
++                  break;
++              }
++          }
+           context.col++;
+       } else if (ch == '$') { /* DECGCR */
+           /* ignore DECCRNLM in sixel mode */
+@@ -531,8 +540,12 @@ parse_sixel(XtermWidget xw, ANSI *params
+           if (sixel) {
+               int i;
+               for (i = 0; i < Pcount; i++) {
+-                  set_sixel(graphic, &context, sixel);
+-                  context.col++;
++                  if (set_sixel(graphic, &context, sixel)) {
++                      context.col++;
++                  } else {
++                      context.col = 0;
++                      break;
++                  }
+               }
+           } else {
+               context.col += Pcount;