new file mode 100644
@@ -0,0 +1,64 @@
+From 036bc3ddcbb56f05c6ca76712a53b89dee1369e2 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@src.gnome.org>
+Date: Sun, 2 Jun 2024 19:19:35 +0200
+Subject: [PATCH] emulation: Restrict resize request to sane numbers
+
+Fixes: https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+(cherry picked from commit fd5511f24b7269195a7083f409244e9787c705dc)
+
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2]
+CVE: CVE-2024-37535
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/vteseq.cc | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/vteseq.cc b/src/vteseq.cc
+index 8d1c2e1..1c73dad 100644
+--- a/src/vteseq.cc
++++ b/src/vteseq.cc
+@@ -208,9 +208,18 @@ Terminal::emit_bell()
+ /* Emit a "resize-window" signal. (Grid size.) */
+ void
+ Terminal::emit_resize_window(guint columns,
+- guint rows)
+-{
+- _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n");
++ guint rows)
++{
++ // Ignore resizes with excessive number of rows or columns,
++ // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786
++ if (columns < VTE_MIN_GRID_WIDTH ||
++ columns > 511 ||
++ rows < VTE_MIN_GRID_HEIGHT ||
++ rows > 511)
++ return;
++
++ _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n",
++ columns, rows);
+ g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows);
+ }
+
+@@ -4457,8 +4466,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq)
+ else if (param < 24)
+ return;
+
+- _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param);
+-
+ emit_resize_window(m_column_count, param);
+ }
+
+@@ -8917,9 +8924,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq)
+ seq.collect(1, {&height, &width});
+
+ if (width != -1 && height != -1) {
+- _vte_debug_print(VTE_DEBUG_EMULATION,
+- "Resizing window to %d columns, %d rows.\n",
+- width, height);
+ emit_resize_window(width, height);
+ }
+ break;
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,85 @@
+rom c313849c2e5133802e21b13fa0b141b360171d39 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@src.gnome.org>
+Date: Sun, 2 Jun 2024 19:19:35 +0200
+Subject: [PATCH] widget: Add safety limit to widget size requests
+
+https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+(cherry picked from commit 1803ba866053a3d7840892b9d31fe2944a183eda)
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39]
+CVE: CVE-2024-37535
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/vtegtk.cc | 35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+diff --git a/src/vtegtk.cc b/src/vtegtk.cc
+index 0f4641d..060d27e 100644
+--- a/src/vtegtk.cc
++++ b/src/vtegtk.cc
+@@ -91,6 +91,38 @@
+ template<typename T>
+ constexpr bool check_enum_value(T value) noexcept;
+
++static inline void
++sanitise_widget_size_request(int* minimum,
++ int* natural) noexcept
++{
++ // Overly large size requests will make gtk happily allocate
++ // a window size over the window system's limits (see
++ // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786),
++ // leading to aborting the whole process.
++ // The toolkit should be in a better position to know about
++ // these limits and not exceed them (which here is certainly
++ // possible since our minimum sizes are very small), let's
++ // limit the widget's size request to some large value
++ // that hopefully is within the absolute limits of
++ // the window system (assumed here to be int16 range,
++ // and leaving some space for the widgets that contain
++ // the terminal).
++ auto const limit = (1 << 15) - (1 << 12);
++
++ if (*minimum > limit || *natural > limit) {
++ static auto warned = false;
++
++ if (!warned) {
++ g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n",
++ *minimum, *natural);
++ warned = true;
++ }
++ }
++
++ *minimum = std::min(*minimum, limit);
++ *natural = std::clamp(*natural, *minimum, limit);
++}
++
+ struct _VteTerminalClassPrivate {
+ GtkStyleProvider *style_provider;
+ };
+@@ -497,6 +529,7 @@ try
+ {
+ VteTerminal *terminal = VTE_TERMINAL(widget);
+ WIDGET(terminal)->get_preferred_width(minimum_width, natural_width);
++ sanitise_widget_size_request(minimum_width, natural_width);
+ }
+ catch (...)
+ {
+@@ -511,6 +544,7 @@ try
+ {
+ VteTerminal *terminal = VTE_TERMINAL(widget);
+ WIDGET(terminal)->get_preferred_height(minimum_height, natural_height);
++ sanitise_widget_size_request(minimum_height, natural_height);
+ }
+ catch (...)
+ {
+@@ -748,6 +782,7 @@ try
+ WIDGET(terminal)->measure(orientation, for_size,
+ minimum, natural,
+ minimum_baseline, natural_baseline);
++ sanitise_widget_size_request(minimum, natural);
+ }
+ catch (...)
+ {
+--
+2.25.1
+
@@ -18,7 +18,10 @@ GIDOCGEN_MESON_OPTION = "docs"
inherit gnomebase gi-docgen features_check upstream-version-is-even gobject-introspection systemd vala
-SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
+SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \
+ file://CVE-2024-37535-01.patch \
+ file://CVE-2024-37535-02.patch \
+ "
SRC_URI[archive.sha256sum] = "a535fb2a98fea8a2449cd1a02cccf5190131dddff52e715afdace3feb536eae7"
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"