diff --git a/24547fb3.patch b/24547fb3.patch deleted file mode 100644 index 1da5997..0000000 --- a/24547fb3.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 24547fb36377b3bbc39a91d887eb5161e73532e3 Mon Sep 17 00:00:00 2001 -From: Christian Persch -Date: Tue, 25 Apr 2023 23:06:40 +0200 -Subject: [PATCH] widget: Don't consume right clicks on gtk4 - -gtk4 still needs to handle context menus correctly, but on stable branch -we need to remove always claiming the event since it doesn't do anything -yet. - -https://gitlab.gnome.org/GNOME/vte/-/issues/2593 -(cherry picked from commit ff1b03e450fddae623401d8dc619a6c4f17df42d) ---- - src/vte.cc | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/src/vte.cc b/src/vte.cc -index 76086d9d..b8e15d71 100644 ---- a/src/vte.cc -+++ b/src/vte.cc -@@ -6829,16 +6829,6 @@ Terminal::widget_mouse_press(vte::platform::MouseEvent const& event) - break; - } - --#if VTE_GTK == 4 -- if (!handled && -- ((event.button() == vte::platform::MouseEvent::Button::eRIGHT) || -- !(event.modifiers() & (GDK_BUTTON1_MASK | GDK_BUTTON2_MASK)))) { -- _vte_debug_print(VTE_DEBUG_EVENTS, "Showing context menu\n"); -- // FIXMEgtk4 context menu -- handled = true; -- } --#endif /* VTE_GTK == 4 */ -- - /* Save the pointer state for later use. */ - if (event.button_value() >= 1 && event.button_value() <= 3) - m_mouse_pressed_buttons |= (1 << (event.button_value() - 1)); --- -GitLab - diff --git a/_service b/_service index da7c0cd..6d83735 100644 --- a/_service +++ b/_service @@ -5,13 +5,13 @@ git @PARENT_TAG@ enable - refs/tags/0.72.1 + refs/tags/0.74.2 doc/vttest.* *.tar - xz + zst diff --git a/_servicedata b/_servicedata index 1d57573..7bbabc0 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://gitlab.gnome.org/GNOME/vte.git - e86822b8b7013f96f3b3d2d86839395492cb1470 \ No newline at end of file + 3f66edbf598129bafde3baa91ccfb345056418c3 \ No newline at end of file diff --git a/vte-0.72.1.obscpio b/vte-0.72.1.obscpio deleted file mode 100644 index 2af96a7..0000000 --- a/vte-0.72.1.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4b2438b51d95ffb1e2c9489b1db8d13ce01be47b50c6debe9d46604abd156402 -size 3112460 diff --git a/vte-0.74.2.obscpio b/vte-0.74.2.obscpio new file mode 100644 index 0000000..a8ea31a --- /dev/null +++ b/vte-0.74.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:084182f6a92196434612a5919699cbb870e52578ad44bec842de54f806f7c4a9 +size 3126796 diff --git a/vte-emulation-resize-request-limits.patch b/vte-emulation-resize-request-limits.patch new file mode 100644 index 0000000..2bf6266 --- /dev/null +++ b/vte-emulation-resize-request-limits.patch @@ -0,0 +1,58 @@ +From fd5511f24b7269195a7083f409244e9787c705dc Mon Sep 17 00:00:00 2001 +From: Christian Persch +Date: Sun, 2 Jun 2024 19:13:15 +0200 +Subject: [PATCH] emulation: Restrict resize request to sane numbers + +Fixes: https://gitlab.gnome.org/GNOME/vte/-/issues/2786 +--- + src/vteseq.cc | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/vteseq.cc b/src/vteseq.cc +index 2430054c..225c6a59 100644 +--- a/src/vteseq.cc ++++ b/src/vteseq.cc +@@ -216,9 +216,18 @@ Terminal::emit_bell() + /* Emit a "resize-window" signal. (Grid size.) */ + void + Terminal::emit_resize_window(guint columns, +- guint rows) +-{ +- _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n"); ++ guint rows) ++{ ++ // Ignore resizes with excessive number of rows or columns, ++ // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786 ++ if (columns < VTE_MIN_GRID_WIDTH || ++ columns > 511 || ++ rows < VTE_MIN_GRID_HEIGHT || ++ rows > 511) ++ return; ++ ++ _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n", ++ columns, rows); + g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows); + } + +@@ -4702,8 +4711,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq) + else if (param < 24) + return; + +- _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param); +- + emit_resize_window(m_column_count, param); + } + +@@ -9312,9 +9319,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq) + seq.collect(1, {&height, &width}); + + if (width != -1 && height != -1) { +- _vte_debug_print(VTE_DEBUG_EMULATION, +- "Resizing window to %d columns, %d rows.\n", +- width, height); + emit_resize_window(width, height); + } + break; +-- +2.45.0 + diff --git a/vte-revert-back-to-c++17.patch b/vte-revert-back-to-c++17.patch index e58d774..29599f0 100644 --- a/vte-revert-back-to-c++17.patch +++ b/vte-revert-back-to-c++17.patch @@ -1,7 +1,8 @@ -diff --color -Naur vte-0.66.0.orig/meson.build vte-0.66.0/meson.build ---- vte-0.66.0.orig/meson.build 2021-10-26 15:49:40.539203281 +0800 -+++ vte-0.66.0/meson.build 2021-10-26 15:51:22.749208116 +0800 -@@ -30,9 +30,9 @@ +Index: vte-0.74.0/meson.build +=================================================================== +--- vte-0.74.0.orig/meson.build ++++ vte-0.74.0/meson.build +@@ -31,9 +31,9 @@ project( # Compiler requirements c_req_std = 'gnu11' @@ -11,13 +12,14 @@ diff --color -Naur vte-0.66.0.orig/meson.build vte-0.66.0/meson.build +cxx_req_std = 'gnu++17' +gxx_req_version = '7.0' +clangxx_req_version = '8.0' + py_req_version = '3.7' # Version requirements - -diff --color -Naur vte-0.66.0.orig/src/widget.cc vte-0.66.0/src/widget.cc ---- vte-0.66.0.orig/src/widget.cc 2021-10-26 15:49:40.548203282 +0800 -+++ vte-0.66.0/src/widget.cc 2021-10-27 04:08:33.405300452 +0800 -@@ -402,7 +402,11 @@ +Index: vte-0.74.0/src/widget.cc +=================================================================== +--- vte-0.74.0.orig/src/widget.cc ++++ vte-0.74.0/src/widget.cc +@@ -435,7 +435,11 @@ catch (...) #endif /* VTE_GTK == 4 */ Widget::Widget(VteTerminal* t) @@ -30,10 +32,11 @@ diff --color -Naur vte-0.66.0.orig/src/widget.cc vte-0.66.0/src/widget.cc { // Create a default adjustment set_vadjustment({}); -diff --color -Naur vte-0.66.0.orig/src/widget.hh vte-0.66.0/src/widget.hh ---- vte-0.66.0.orig/src/widget.hh 2021-10-26 15:49:40.548203282 +0800 -+++ vte-0.66.0/src/widget.hh 2021-10-27 04:08:52.888301374 +0800 -@@ -577,10 +577,10 @@ +Index: vte-0.74.0/src/widget.hh +=================================================================== +--- vte-0.74.0.orig/src/widget.hh ++++ vte-0.74.0/src/widget.hh +@@ -656,10 +656,10 @@ private: vte::glib::RefPtr m_vadjustment{}; vte::glib::RefPtr m_hadjustment{}; @@ -45,6 +48,63 @@ diff --color -Naur vte-0.66.0.orig/src/widget.hh vte-0.66.0/src/widget.hh + unsigned m_vscroll_policy:1; + unsigned m_scroll_unit_is_pixels:1; + unsigned m_changing_scroll_position:1; + + VteAlign m_xalign{VTE_ALIGN_START}; + VteAlign m_yalign{VTE_ALIGN_START}; +Index: vte-0.74.0/src/pastify.cc +=================================================================== +--- vte-0.74.0.orig/src/pastify.cc ++++ vte-0.74.0/src/pastify.cc +@@ -69,7 +69,7 @@ pastify_string(std::string_view str, + if (run == str.npos) + break; + +- switch (char8_t(str[run])) { ++ switch (str[run]) { + case 0x01 ... 0x09: + case 0x0b ... 0x0c: + case 0x0e ... 0x1f: +Index: vte-0.74.0/src/pastify-test.cc +=================================================================== +--- vte-0.74.0.orig/src/pastify-test.cc ++++ vte-0.74.0/src/pastify-test.cc +@@ -111,7 +111,7 @@ public: + int m_line; + + TestString() = default; +- consteval TestString(char const* str, ++ constexpr TestString(char const* str, + char const* expected, + int line = __builtin_LINE()) noexcept : + m_str(str), +@@ -121,7 +121,7 @@ public: + } }; - } // namespace platform +-consteval auto ++constexpr auto + identity_test(char const *str, + int line = __builtin_LINE()) noexcept + { +@@ -135,7 +135,7 @@ test_pastify_string(void const* ptr) + test_pastify(str->m_str, str->m_expected); + } + +-static constinit TestString const test_strings[] = { ++static constexpr TestString const test_strings[] = { + /* Controls */ + identity_test("\x09"), /* HT passes through */ + identity_test("\x0d"), /* CR passes through */ +Index: vte-0.74.0/src/box-drawing.hh +=================================================================== +--- vte-0.74.0.orig/src/box-drawing.hh ++++ vte-0.74.0/src/box-drawing.hh +@@ -38,7 +38,7 @@ constexpr uint32_t operator""_str2bin(ch + * Definition of most of the glyphs in the 2500..257F range as 5x5 bitmaps + * (bits 24..0 in the obvious order), see bug 709556 and ../doc/boxes.txt + */ +-static constinit uint32_t const _vte_draw_box_drawing_bitmaps[128] = { ++static constexpr uint32_t const _vte_draw_box_drawing_bitmaps[128] = { + + /* U+2500 - BOX DRAWINGS LIGHT HORIZONTAL */ + " " diff --git a/vte-widget-size-limits.patch b/vte-widget-size-limits.patch new file mode 100644 index 0000000..780a61c --- /dev/null +++ b/vte-widget-size-limits.patch @@ -0,0 +1,80 @@ +From 1803ba866053a3d7840892b9d31fe2944a183eda Mon Sep 17 00:00:00 2001 +From: Christian Persch +Date: Sun, 2 Jun 2024 19:13:15 +0200 +Subject: [PATCH] widget: Add safety limit to widget size requests + +https://gitlab.gnome.org/GNOME/vte/-/issues/2786 +--- + src/vtegtk.cc | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/src/vtegtk.cc b/src/vtegtk.cc +index 2d9fcaed..39a85a53 100644 +--- a/src/vtegtk.cc ++++ b/src/vtegtk.cc +@@ -97,6 +97,38 @@ constexpr bool check_enum_value(T value) noexcept; + + static constinit size_t vte_terminal_class_n_instances = 0; + ++static inline void ++sanitise_widget_size_request(int* minimum, ++ int* natural) noexcept ++{ ++ // Overly large size requests will make gtk happily allocate ++ // a window size over the window system's limits (see ++ // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786), ++ // leading to aborting the whole process. ++ // The toolkit should be in a better position to know about ++ // these limits and not exceed them (which here is certainly ++ // possible since our minimum sizes are very small), let's ++ // limit the widget's size request to some large value ++ // that hopefully is within the absolute limits of ++ // the window system (assumed here to be int16 range, ++ // and leaving some space for the widgets that contain ++ // the terminal). ++ auto const limit = (1 << 15) - (1 << 12); ++ ++ if (*minimum > limit || *natural > limit) { ++ static auto warned = false; ++ ++ if (!warned) { ++ g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n", ++ *minimum, *natural); ++ warned = true; ++ } ++ } ++ ++ *minimum = std::min(*minimum, limit); ++ *natural = std::clamp(*natural, *minimum, limit); ++} ++ + struct _VteTerminalClassPrivate { + GtkStyleProvider *style_provider; + }; +@@ -554,6 +586,7 @@ try + { + VteTerminal *terminal = VTE_TERMINAL(widget); + WIDGET(terminal)->get_preferred_width(minimum_width, natural_width); ++ sanitise_widget_size_request(minimum_width, natural_width); + } + catch (...) + { +@@ -568,6 +601,7 @@ try + { + VteTerminal *terminal = VTE_TERMINAL(widget); + WIDGET(terminal)->get_preferred_height(minimum_height, natural_height); ++ sanitise_widget_size_request(minimum_height, natural_height); + } + catch (...) + { +@@ -825,6 +859,7 @@ try + WIDGET(terminal)->measure(orientation, for_size, + minimum, natural, + minimum_baseline, natural_baseline); ++ sanitise_widget_size_request(minimum, natural); + } + catch (...) + { +-- +2.45.0 + diff --git a/vte.changes b/vte.changes index 9fa1f0b..d5d9957 100644 --- a/vte.changes +++ b/vte.changes @@ -1,3 +1,144 @@ +------------------------------------------------------------------- +Tue Jun 11 22:26:03 UTC 2024 - Michael Gorse + +- Add patches to fix CVE-2024-37535 (boo#1226134 + glgo#GNOME/vte#2786): + - vte-widget-size-limits.patch + - vte-emulation-resize-request-limits.patch + +------------------------------------------------------------------- +Sun Jan 14 09:04:08 UTC 2024 - Yifan Jiang + +- Provide and Obsolete old typelib-1_0-Vte-2.91 package whose + %{_binver} used the same exact value as %{_apiver}. + +------------------------------------------------------------------- +Tue Dec 19 10:36:38 UTC 2023 - dimstar@opensuse.org + +- Update to version 0.74.2: + * lib,bidi: Work on the heap rather than the stack + * stream: Fix a rare corruption when advancing the tail + * widget: Fix initial cursor blink state + * build: Post release version bump + +------------------------------------------------------------------- +Tue Nov 28 11:55:23 UTC 2023 - Dominique Leuenberger + +- Use %patch -p N instead of deprecated %patchN. + +------------------------------------------------------------------- +Tue Nov 14 02:01:01 UTC 2023 - Daike Yu + +- Update vte-revert-back-to-c++17.patch + * revert more C++20 features + +------------------------------------------------------------------- +Sat Oct 21 19:21:59 UTC 2023 - bjorn.lie@gmail.com + +- Update to version 0.74.1: + * ci: Only upload docs for tags + * widget: VteTerminalSpawnAsyncCallback's error is nullable + * Updated translations. +- Drop f1a547f1dfebd8860021b6b727fa5d5717e9f143.patch: fixed + upstream. + +------------------------------------------------------------------- +Wed Oct 4 11:07:28 UTC 2023 - Bjørn Lie + +- Add f1a547f1dfebd8860021b6b727fa5d5717e9f143.patch: widget: + VteTerminalSpawnAsyncCallback's error is nullable. Fixes: + https://gitlab.gnome.org/GNOME/vte/-/issues/2647 + +------------------------------------------------------------------- +Sun Sep 17 18:15:24 UTC 2023 - bjorn.lie@gmail.com + +- Update to version 0.74.0: + * widget: Fix conditional + * app: Correct option value description + * build: Post release version bump + * Revert "widget: a11y: Add missing text changes on scrolling + with modifications" + * Revert "widget: Do not count event as handled in more + situations" + * test: Add SGR 4:4 and 4:5 underlines to test script + * emulation: Ignore unknown SGR underline subparams + * lib: Fix preallocated size + * Updated translations. +- Change compression in service and tarball produced to zst. + +------------------------------------------------------------------- +Sun Sep 03 12:47:52 UTC 2023 - bjorn.lie@gmail.com + +- Update to version 0.73.99: + * Revert "widget: a11y: Add missing text changes on scrolling + with modifications" + * Revert "widget: Do not count event as handled in more + situations" + * test: Add SGR 4:4 and 4:5 underlines to test script + * emulation: Ignore unknown SGR underline subparams + * Update Turkish translation + * lib: Fix preallocated size + +------------------------------------------------------------------- +Sun Aug 06 15:56:44 UTC 2023 - bjorn.lie@gmail.com + +- Update to version 0.73.93: + * all: + - Remove SIXEL support from stable branch + - Use defined values for defines + - Use __has_include + * build: + - Enable gtk4 by default + - More detailed version info + - Post release version bump + * docs: Publish as gitlab pages + * draw: Remove need to generate code + * emulation: + - Fix infinite loop on non-number OSC 104 param + - Fix invalid mouse scroll event on window edge + - Treat unsupported SGR 4:n as no-underline + * fonts: + - Don't declare this inline + - Keep layout text available for cairo + - Keep the PangoLayout unchanged + - Remove unnecessary context change call + * pty: + - Do not typecast to GSpawnFlags + - Fix exit delay in presence of a grandchild process + - Make netbsd workaround conditional on kernel version + * Revert "widget: Modernise HTML output" + * widget: + - a11y: Add missing text changes on scrolling with + modifications + - Add API to override font options + - Defer alignment API to next cycle + - Do not count event as handled in more situations + - Do not possibly deny early click gesture + - Don't consume right clicks on gtk4 + - Don't consume right clicks on gtk4 + - Ensure the ringview is updated before converting coordinates + - Fix a deprecation warning + - Fix compilation + - Fix cursor blink timeout + - Fix introspection annotations + - Fix introspection API + - Fix introspection warnings + - Fix setting clipboard with html data + - gtk4: Hint and quantize font metrics + - Invalidate ringview when the invalidating + - Make get_text_range docs more accurate + - More docs and introspection annotation fixes + - Update some Since annotations + + Updated translations. + +------------------------------------------------------------------- +Mon Jun 05 18:52:18 UTC 2023 - bjorn.lie@gmail.com + +- Update to version 0.72.2: + * emulation: Fix infinite loop on non-number OSC 104 param + * widget: Don't consume right clicks on gtk4 +- Drop 24547fb3.patch: Fixed upstream. + ------------------------------------------------------------------- Tue May 9 08:53:35 UTC 2023 - Bjørn Lie diff --git a/vte.obsinfo b/vte.obsinfo index 0953981..76f8cd2 100644 --- a/vte.obsinfo +++ b/vte.obsinfo @@ -1,4 +1,4 @@ name: vte -version: 0.72.1 -mtime: 1681379847 -commit: e86822b8b7013f96f3b3d2d86839395492cb1470 +version: 0.74.2 +mtime: 1702571432 +commit: 3f66edbf598129bafde3baa91ccfb345056418c3 diff --git a/vte.spec b/vte.spec index 5d4d568..5dbb9d3 100644 --- a/vte.spec +++ b/vte.spec @@ -1,7 +1,7 @@ # # spec file for package vte # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,17 +27,20 @@ %bcond_with glade_support Name: vte -Version: 0.72.1 +Version: 0.74.2 Release: 0 Summary: Terminal Emulator Library License: CC-BY-4.0 AND LGPL-3.0-or-later AND GPL-3.0-or-later AND MIT Group: Development/Libraries/GNOME URL: https://gitlab.gnome.org/GNOME/vte -Source: %{_name}-%{version}.tar.xz +Source: %{_name}-%{version}.tar.zst # PATCH-FIX-OPENSUSE vte-enable-build-flag-pie.patch yfjiang@suse.com -- enable PIE flag to be compatible with gcc default linking option Patch0: vte-enable-build-flag-pie.patch -# PATCH-FIX-UPSTREAM 24547fb3.patch -- widget: Don't consume right clicks on gtk4 -Patch1: https://gitlab.gnome.org/GNOME/vte/-/commit/24547fb3.patch +# PATCh-FIX-UPSTREAM vte-widget-size-limits.patch boo#1226134 mgorse@suse.com -- add safety limit to widget size requests. +Patch1: vte-widget-size-limits.patch +# PATCH-FIX-UPSTREAM vte-emulation-resize-request-limits.patch boo#1226134 mgorse@suse.com -- restrict resize request to sane numbers. +Patch2: vte-emulation-resize-request-limits.patch + # PATCH-FIX-SLE vte-revert-back-to-c++17.patch yu.daike@suse.com -- revert c++20 features back to c++17 Patch100: vte-revert-back-to-c++17.patch @@ -92,6 +95,8 @@ emulation settings. Summary: Introspection bindings for the VTE terminal emulator library License: LGPL-2.0-only Group: System/Libraries +Provides: typelib-1_0-Vte-%{_apiver} = %{version} +Obsoletes: typelib-1_0-Vte-%{_apiver} < %{version} %description -n typelib-1_0-Vte-%{?_binver} VTE is a terminal emulator library that provides a terminal widget for @@ -177,10 +182,9 @@ widgets in Glade. %prep %autosetup -n %{_name}-%{version} -N -%patch0 -p1 -%patch1 -p1 +%patch -P 0 -p1 %if 0%{?sle_version} -%patch100 -p1 +%patch -P 100 -p1 %endif %build