diff -pruN 361-1/debian/changelog 361-1ubuntu3/debian/changelog
--- 361-1/debian/changelog	2020-10-17 07:33:19.000000000 +0000
+++ 361-1ubuntu3/debian/changelog	2021-02-22 17:59:13.000000000 +0000
@@ -1,3 +1,35 @@
+xterm (361-1ubuntu3) hirsute; urgency=medium
+
+  * SECURITY UPDATE: crash when handling crafted unicode content
+    - debian/patches/CVE-2021-27135-2.patch: check realloc return code,
+      add some casts in button.c.
+    - CVE-2021-27135
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 22 Feb 2021 12:59:13 -0500
+
+xterm (361-1ubuntu2) hirsute; urgency=medium
+
+  * SECURITY UPDATE: crash when handling crafted unicode content
+    - debian/patches/CVE-2021-27135.patch: correct upper-limit for
+      selection buffer, accounting for combining characters in button.c.
+    - CVE-2021-27135
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 11 Feb 2021 09:11:30 -0500
+
+xterm (361-1ubuntu1) hirsute; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - Add 950_ubuntu_charclass_highlight.diff:
+      + Enable URL highlighting.
+    - Add Add 951_uxterm_utf8_title.diff:
+      + Set utf8Titles to true by default when using uxterm, so that it
+        displays utf8 directories in titles properly.  May cause issues with
+        apps that use control sequences for updating the xterm titlebar -
+        users should use xterm or set utf8Title to false in this case.
+    - Modify debian/gbp.conf: Set "debian-branch" to "ubuntu"
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 11 Nov 2020 17:59:49 +0100
+
 xterm (361-1) unstable; urgency=medium
 
   * New upstream release.
@@ -83,6 +115,20 @@ xterm (354-1) unstable; urgency=medium
 
  -- Sven Joachim <svenjoac@gmx.de>  Wed, 29 Apr 2020 18:03:39 +0200
 
+xterm (353-1ubuntu1) focal; urgency=medium
+
+  * Sync with Debian, remaining changes:
+    - Add 950_ubuntu_charclass_highlight.diff:
+      + Enable URL highlighting.
+    - Add Add 951_uxterm_utf8_title.diff:
+      + Set utf8Titles to true by default when using uxterm, so that it
+        displays utf8 directories in titles properly.  May cause issues with
+        apps that use control sequences for updating the xterm titlebar -
+        users should use xterm or set utf8Title to false in this case.
+    - Modify debian/gbp.conf: Set "debian-branch" to "ubuntu"
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Wed, 26 Feb 2020 11:49:57 +0200
+
 xterm (353-1) unstable; urgency=medium
 
   * New upstream release.
@@ -133,6 +179,20 @@ xterm (349-1) unstable; urgency=medium
 
  -- Sven Joachim <svenjoac@gmx.de>  Mon, 30 Sep 2019 18:25:13 +0200
 
+xterm (348-2ubuntu1) eoan; urgency=medium
+
+  * Sync with Debian, remaining changes:
+    - Add 950_ubuntu_charclass_highlight.diff:
+      + Enable URL highlighting.
+    - Add Add 951_uxterm_utf8_title.diff:
+      + Set utf8Titles to true by default when using uxterm, so that it
+        displays utf8 directories in titles properly.  May cause issues with
+        apps that use control sequences for updating the xterm titlebar -
+        users should use xterm or set utf8Title to false in this case.
+    - Modify debian/gbp.conf: Set "debian-branch" to "Ubuntu"
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Wed, 18 Sep 2019 15:11:35 +0300
+
 xterm (348-2) unstable; urgency=medium
 
   * Update patch 900_debian_xterm.diff:
@@ -1993,3 +2053,4 @@ xorg-x11 (6.8.2.dfsg.1-0pre1v1) experime
     driver.)  Thanks to Jesus Climent for spotting this problem.
 
  -- David Nusinow <dnusinow@debian.org>  Wed, 22 Jun 2005 11:24:38 -0400
+
diff -pruN 361-1/debian/control 361-1ubuntu3/debian/control
--- 361-1/debian/control	2020-10-15 18:03:08.000000000 +0000
+++ 361-1ubuntu3/debian/control	2020-11-11 16:58:44.000000000 +0000
@@ -1,7 +1,8 @@
 Source: xterm
 Section: x11
 Priority: optional
-Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
 Uploaders: Sven Joachim <svenjoac@gmx.de>
 Standards-Version: 4.5.0
 Rules-Requires-Root: no
diff -pruN 361-1/debian/gbp.conf 361-1ubuntu3/debian/gbp.conf
--- 361-1/debian/gbp.conf	2020-10-15 18:03:08.000000000 +0000
+++ 361-1ubuntu3/debian/gbp.conf	2020-10-17 09:16:52.000000000 +0000
@@ -1,6 +1,6 @@
 [DEFAULT]
 pristine-tar = True
-debian-branch = debian-unstable
+debian-branch = ubuntu
 upstream-branch = upstream-unstable
 debian-tag = xterm-%(version)s
 upstream-tag = xterm-%(version)s
diff -pruN 361-1/debian/patches/950_ubuntu_charclass_highlight.diff 361-1ubuntu3/debian/patches/950_ubuntu_charclass_highlight.diff
--- 361-1/debian/patches/950_ubuntu_charclass_highlight.diff	1970-01-01 00:00:00.000000000 +0000
+++ 361-1ubuntu3/debian/patches/950_ubuntu_charclass_highlight.diff	2020-02-26 09:47:19.000000000 +0000
@@ -0,0 +1,13 @@
+Index: b/XTerm.ad
+===================================================================
+--- a/XTerm.ad
++++ b/XTerm.ad
+@@ -237,7 +237,7 @@
+ !*faceSize: 8
+ 
+ ! Here is a pattern that is useful for double-clicking on a URL:
+-!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
++*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
+ !
+ ! Alternatively,
+ !*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
diff -pruN 361-1/debian/patches/951_uxterm_utf8_title.diff 361-1ubuntu3/debian/patches/951_uxterm_utf8_title.diff
--- 361-1/debian/patches/951_uxterm_utf8_title.diff	1970-01-01 00:00:00.000000000 +0000
+++ 361-1ubuntu3/debian/patches/951_uxterm_utf8_title.diff	2020-02-26 09:47:19.000000000 +0000
@@ -0,0 +1,11 @@
+diff -Nurp xterm-253/UXTerm.ad xterm-253-working/UXTerm.ad
+--- xterm-253/UXTerm.ad	2006-02-12 17:14:58.000000000 -0800
++++ xterm-253-working/UXTerm.ad	2010-01-08 13:26:23.000000000 -0800
+@@ -39,6 +39,7 @@
+ 
+ *fontMenu.Label:  Unicode Fonts
+ *VT100.utf8:	1
++*utf8Title:     true
+ 
+ ! This includes "XTerm-color" which includes "XTerm", which defines fonts.
+ ! Why set them here?
diff -pruN 361-1/debian/patches/CVE-2021-27135-2.patch 361-1ubuntu3/debian/patches/CVE-2021-27135-2.patch
--- 361-1/debian/patches/CVE-2021-27135-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ 361-1ubuntu3/debian/patches/CVE-2021-27135-2.patch	2021-02-22 17:58:46.000000000 +0000
@@ -0,0 +1,72 @@
+Backport of:
+
+From f80e543c6dee5ecfe54c58d351fe418ce5f1959b Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Wed, 10 Feb 2021 01:14:51 +0000
+Subject: [PATCH] snapshot of project "xterm", label xterm-365e
+
+---
+ MANIFEST       |  2 +-
+ button.c       | 24 +++++++++++++++---------
+ charproc.c     |  6 +++---
+ main.c         |  4 ++--
+ misc.c         |  6 +++---
+ xterm.log.html |  6 +++++-
+ 6 files changed, 29 insertions(+), 19 deletions(-)
+
+--- a/button.c
++++ b/button.c
+@@ -405,7 +405,7 @@ xtermButtonInit(XtermWidget xw)
+ 	Bool want_button = False;
+ 	Bool have_shift = False;
+ 
+-	TRACE(("xtermButtonInit length %ld\n", strlen(result)));
++	TRACE(("xtermButtonInit length %ld\n", (long) strlen(result)));
+ 	xw->keyboard.print_translations = data;
+ 	while ((next = scanTrans(data, &state, &state2, &first, &last)) != 0) {
+ 	    unsigned len = (last - first);
+@@ -4281,14 +4281,20 @@ SaltTextAway(XtermWidget xw,
+      * the estimate is too-far off.
+      */
+     if ((have * 2) < (size_t) need) {
++	Char *next;
+ 	scp->data_limit = have + 1;
+-	line = realloc(line, scp->data_limit);
++	next = realloc(line, scp->data_limit);
++	if (next == NULL) {
++	    free(line);
++	    scp->data_length = 0;
++	    scp->data_limit = 0;
++	}
++	scp->data_buffer = next;
+     }
++    scp->data_length = have;
+ 
+     TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
+-	   visibleChars(line, (unsigned) have)));
+-
+-    scp->data_length = have;
++	   visibleChars(scp->data_buffer, (unsigned) have)));
+ }
+ 
+ #if OPT_PASTE64
+@@ -4769,7 +4775,7 @@ _OwnSelection(XtermWidget xw,
+ 	    scp = &(screen->selected_cells[CutBufferToCode(cutbuffer)]);
+ 	    if (scp->data_length > limit) {
+ 		TRACE(("selection too big (%lu bytes), not storing in CUT_BUFFER%d\n",
+-		       scp->data_length, cutbuffer));
++		       (unsigned long) scp->data_length, cutbuffer));
+ 		xtermWarning("selection too big (%lu bytes), not storing in CUT_BUFFER%d\n",
+ 			     (unsigned long) scp->data_length, cutbuffer);
+ 	    } else {
+@@ -4825,8 +4831,8 @@ _OwnSelection(XtermWidget xw,
+ 				   SelectionDone);
+ 	    }
+ 	}
+-	TRACE(("... _OwnSelection used length %ld value %s\n",
+-	       scp->data_length,
++	TRACE(("... _OwnSelection used length %lu value %s\n",
++	       (unsigned long) scp->data_length,
+ 	       visibleChars(scp->data_buffer,
+ 			    (unsigned) scp->data_length)));
+     }
diff -pruN 361-1/debian/patches/CVE-2021-27135.patch 361-1ubuntu3/debian/patches/CVE-2021-27135.patch
--- 361-1/debian/patches/CVE-2021-27135.patch	1970-01-01 00:00:00.000000000 +0000
+++ 361-1ubuntu3/debian/patches/CVE-2021-27135.patch	2021-02-11 14:11:25.000000000 +0000
@@ -0,0 +1,70 @@
+Backport of:
+
+From 82ba55b8f994ab30ff561a347b82ea340ba7075c Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Tue, 9 Feb 2021 23:04:41 +0000
+Subject: [PATCH] snapshot of project "xterm", label xterm-365d
+
+---
+ MANIFEST       |  2 +-
+ button.c       | 25 ++++++++++++++++++++-----
+ xterm.log.html |  5 ++++-
+ 3 files changed, 25 insertions(+), 7 deletions(-)
+
+#diff --git a/MANIFEST b/MANIFEST
+#index 47e1318..3ed1c73 100644
+#--- a/MANIFEST
+#+++ b/MANIFEST
+#@@ -1,4 +1,4 @@
+#-MANIFEST for xterm, version xterm-365c
+#+MANIFEST for xterm, version xterm-365d
+# --------------------------------------------------------------------------------
+# MANIFEST                        this file
+# 256colres.h                     resource-definitions for 256-color mode
+--- a/button.c
++++ b/button.c
+@@ -4198,6 +4198,7 @@ SaltTextAway(XtermWidget xw,
+     int i;
+     int eol;
+     int need = 0;
++    size_t have = 0;
+     Char *line;
+     Char *lp;
+     CELL first = *cellc;
+@@ -4232,7 +4233,11 @@ SaltTextAway(XtermWidget xw,
+ 
+     /* UTF-8 may require more space */
+     if_OPT_WIDE_CHARS(screen, {
+-	need *= 4;
++	if (need > 0) {
++	    if (screen->max_combining > 0)
++		need += screen->max_combining;
++	    need *= 6;
++	}
+     });
+ 
+     /* now get some memory to save it in */
+@@ -4270,10 +4275,20 @@ SaltTextAway(XtermWidget xw,
+     }
+     *lp = '\0';			/* make sure we have end marked */
+ 
+-    TRACE(("Salted TEXT:%u:%s\n", (unsigned) (lp - line),
+-	   visibleChars(line, (unsigned) (lp - line))));
++    have = (size_t) (lp - line);
++    /*
++     * Scanning the buffer twice is unnecessary.  Discard unwanted memory if
++     * the estimate is too-far off.
++     */
++    if ((have * 2) < (size_t) need) {
++	scp->data_limit = have + 1;
++	line = realloc(line, scp->data_limit);
++    }
++
++    TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
++	   visibleChars(line, (unsigned) have)));
+ 
+-    scp->data_length = (size_t) (lp - line);
++    scp->data_length = have;
+ }
+ 
+ #if OPT_PASTE64
diff -pruN 361-1/debian/patches/series 361-1ubuntu3/debian/patches/series
--- 361-1/debian/patches/series	2020-10-15 18:03:08.000000000 +0000
+++ 361-1ubuntu3/debian/patches/series	2021-02-22 17:58:42.000000000 +0000
@@ -1,3 +1,7 @@
 900_debian_xterm.diff
 902_windowops.diff
 904_fontops.diff
+950_ubuntu_charclass_highlight.diff
+951_uxterm_utf8_title.diff
+CVE-2021-27135.patch
+CVE-2021-27135-2.patch