--- /dev/null
+Backport patch to fix CVE-2021-33477.
+
+CVE: CVE-2021-33477
+
+Upstream-Status: Backport [http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/command.C | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/command.C b/src/command.C
+index 7b79f51..2f7de60 100644
+--- a/src/command.C
++++ b/src/command.C
+@@ -2725,7 +2725,7 @@ rxvt_term::process_escape_seq ()
+ /* kidnapped escape sequence: Should be 8.3.48 */
+ case C1_ESA: /* ESC G */
+ // used by original rxvt for rob nations own graphics mode
+- if (cmd_getc () == 'Q')
++ if (cmd_getc () == 'Q' && option (Opt_insecure))
+ tt_printf ("\033G0\012"); /* query graphics - no graphics */
+ break;
+
+@@ -2944,7 +2944,7 @@ rxvt_term::process_csi_seq ()
+ break;
+
+ case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
+- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
++ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ #ifdef ISO6429
+ arg[0] = -arg[0];
+ #else /* emulate common DEC VTs */
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6"
-SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch"
+SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch \
+ file://rxvt-unicode-fix-CVE-2021-33477.patch \
+ "
SRC_URI[sha256sum] = "e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd"
