OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xterm?expand=0&rev=27

2009-01-09 01:11:33 +00:00 · 2009-01-09 01:11:33 +00:00 · 1839d56a04
commit 1839d56a04
parent 3c856baad4
6 changed files with 158 additions and 18 deletions
--- a/bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch
+++ b/bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch
@ -1,7 +1,6 @@
-diff -ru xterm-228.orig/XTerm.ad xterm-228/XTerm.ad
--- xterm-228.orig/XTerm.ad	2007-03-18 23:41:40.000000000 +0100
-+++ xterm-228/XTerm.ad	2007-07-24 17:30:25.000000000 +0200
-@@ -4,7 +4,7 @@
+--- xterm-238/XTerm.ad
+++ xterm-238/XTerm.ad
+@@ -3,7 +3,7 @@
 *saveLines: 1024
 
 *SimpleMenu*BackingStore: NotUseful
--- a/xterm-238.tar.bz2
+++ b/xterm-238.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eb5ebe2ea7f82a110de4cb595bd0156c11c1c1bb6ed314cbbd9170d091143614
+size 697301
--- a/xterm-disallow-window-and-fonts-ops.patch
+++ b/xterm-disallow-window-and-fonts-ops.patch
@ -0,0 +1,34 @@
+--- XTerm.ad
+++ XTerm.ad
+@@ -209,6 +209,11 @@
+ ! Alternatively,
+ !*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+ 
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps:	false
+*allowFontOps:		false
+
+ !! We want a 8bit clean xterm
+ *eightBitInput:        true
+ *eightBitOutput:       true
+--- xterm.man
+++ xterm.man
+@@ -1449,7 +1449,7 @@
+ .TP
+ .B "allowFontOps (\fPclass\fB AllowFontOps)"
+ Specifies whether control sequences that set/query the font should be allowed.
+-The default is ``true.''
+The default is ``false.''
+ .TP 8
+ .B "allowSendEvents (\fPclass\fB AllowSendEvents)"
+ Specifies whether or not synthetic key and button events (generated using
+@@ -1473,7 +1473,7 @@
+ .B "allowWindowOps (\fPclass\fB AllowWindowOps)"
+ Specifies whether extended window control sequences (as used in dtterm)
+ should be allowed.
+-The default is ``true.''
+The default is ``false.''
+ .TP 8
+ .B "altIsNotMeta (\fPclass\fB AltIsNotMeta\fP)"
+ If ``true'', treat the Alt-key as if it were the Meta-key.
--- a/xterm.changes
+++ b/xterm.changes
@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Mon Jan  5 15:03:09 CET 2009 - meissner@suse.de
+
+- update to release xterm-238, Linux relevant changes:
+
+- Various security fixes for CVE-2008-2383 (ANSI command injection)
+
+- xterm-disallow-window-and-fonts-ops.patch: add allowWindowOps and
+  allowFontOps as "false" for default. bnc#462917
+
+- Patch #238 - 2008/12/30
+  # reset the screen wrapping-flag at the end of ClearRight to fix an
+    occasional case where the last character of a scrolled and wrapped
+    line would be cleared (patch by Joe Peterson).
+  # modify to use POSIX coding for comparing resource settings such as
+    locale, to work with locales such as Turkish (report by M Vefa
+    Bicakci).
+  # turn on configure paste64 feature by default (request by Jean-Philippe
+    Bernardy). It is runtime enabled/disabled with allowWindowOps.
+  # turn on configure tcap-query feature by default, add resource
+    allowTcapOps to make this runtime enabled/disabled.
+  # make OSC 3 (change X property, from patch #110) subject to
+    allowWindowOps resource.
+  # make VT220 DSR responses inactive in VT100-mode.
+  # make DECUDK feature inactive in VT100-mode.
+  # respond to incorrectly formatted DECRQSS with a cancel.
+  # add allowFontOps resource to allow the fontsize-switching and font
+    query/set control sequences to be enabled/disabled (prompted by Debian
+    #510030).
+  # some code cleanup based on gcc 4.x -Wconversion warnings in button.c
+    and charproc.c
+  # modify tcap-query feature to not return data for shifted cursor-keys
+    when the keyboard type is set to vt220, since returning the same
+    string for shifted/unshifted keys may confuse some applications
+    (GenToo #212546).
+
+- Patch #237 - 2008/09/14
+  # improve usability of TrueType fonts by making the font-size switching
+    for shifted keypad plus/minus use the faceSize resources to determine
+    the order of fonts (when TrueType fonts are used) rather than the
+    bitmap fonts, since their sizes may not be in the same order (report
+    by H Merijn Brand)
+  # remove an optimization of ConfigureNotify events from patch #236
+    which seems to interfere with passing SIGWINCH to applications
+    (GenToo #233836).
+  # modify handling of altSendsEscape to reset the eightBitInput mode,
+    like metaSendsEscape (patch by Ted Phelps).
+  # add feature to show the text-cursor as an underline rather than a box,
+    plus command-line options -uc and +uc and resource cursorUnderLine to
+    control the feature (patch by Paul Lampert).
+  # update config.guess, config.sub
+
+
 -------------------------------------------------------------------
 Mon Jul 28 11:16:08 CEST 2008 - sndirsch@suse.de

--- a/xterm.spec
+++ b/xterm.spec
@ -1,10 +1,17 @@
 #
-# spec file for package xterm (Version 236)
+# spec file for package xterm (Version 238)
 #
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

@ -19,10 +26,10 @@ License:        X11/MIT
 Group:          System/X11/Utilities
 Provides:       xorg-x11:/usr/X11R6/bin/xterm XFree86:/usr/X11R6/bin/xterm
 AutoReqProv:    on
-Version:        236
+Version:        238
 Release:        1
 Summary:        The basic X terminal program
-Source:         %name.tar.gz
+Source:         ftp://invisible-island.net/xterm/%name-%version.tar.bz2
 Source1:        luitx
 Source3:        Backarrow2Delete
 Source4:        Backarrow2BackSpace
@ -37,6 +44,7 @@ Patch1:         p_xterm-settings.diff
 Patch2:         p_xterm-sigwinch.diff
 Patch3:         bug-246573-tentative-patch.diff
 Patch4:         desktop.diff
+Patch5:         xterm-disallow-window-and-fonts-ops.patch
 Patch293793:    bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -155,11 +163,12 @@ Authors:
    Zarick Lau

 %prep
-%setup -n xterm-%version -b7
+%setup -q -b7
 %patch1 -p0 -b .xterm-settings
 %patch2 -p0 -b .xterm-sigwinch
 %patch3 -p1
 %patch4 -p0
+%patch5 -p0
 %patch293793 -p1
 cp $RPM_SOURCE_DIR/*bdf.bz2 .
 bunzip2 *.bdf.bz2
@ -270,6 +279,51 @@ rm -rf $RPM_BUILD_ROOT
 /usr/share/pixmaps/*

 %changelog
+* Mon Jan 05 2009 meissner@suse.de
+- update to release xterm-238, Linux relevant changes:
+- Various security fixes for CVE-2008-2383 (ANSI command injection)
+- xterm-disallow-window-and-fonts-ops.patch: add allowWindowOps and
+  allowFontOps as "false" for default. bnc#462917
+- Patch #238 - 2008/12/30
+  [#] reset the screen wrapping-flag at the end of ClearRight to fix an
+  occasional case where the last character of a scrolled and wrapped
+  line would be cleared (patch by Joe Peterson).
+  [#] modify to use POSIX coding for comparing resource settings such as
+  locale, to work with locales such as Turkish (report by M Vefa
+  Bicakci).
+  [#] turn on configure paste64 feature by default (request by Jean-Philippe
+  Bernardy). It is runtime enabled/disabled with allowWindowOps.
+  [#] turn on configure tcap-query feature by default, add resource
+  allowTcapOps to make this runtime enabled/disabled.
+  [#] make OSC 3 (change X property, from patch #110) subject to
+  allowWindowOps resource.
+  [#] make VT220 DSR responses inactive in VT100-mode.
+  [#] make DECUDK feature inactive in VT100-mode.
+  [#] respond to incorrectly formatted DECRQSS with a cancel.
+  [#] add allowFontOps resource to allow the fontsize-switching and font
+  query/set control sequences to be enabled/disabled (prompted by Debian
+  [#510030]).
+  [#] some code cleanup based on gcc 4.x -Wconversion warnings in button.c
+  and charproc.c
+  [#] modify tcap-query feature to not return data for shifted cursor-keys
+  when the keyboard type is set to vt220, since returning the same
+  string for shifted/unshifted keys may confuse some applications
+  (GenToo #212546).
+- Patch #237 - 2008/09/14
+  [#] improve usability of TrueType fonts by making the font-size switching
+  for shifted keypad plus/minus use the faceSize resources to determine
+  the order of fonts (when TrueType fonts are used) rather than the
+  bitmap fonts, since their sizes may not be in the same order (report
+  by H Merijn Brand)
+  [#] remove an optimization of ConfigureNotify events from patch #236
+  which seems to interfere with passing SIGWINCH to applications
+  (GenToo #233836).
+  [#] modify handling of altSendsEscape to reset the eightBitInput mode,
+  like metaSendsEscape (patch by Ted Phelps).
+  [#] add feature to show the text-cursor as an underline rather than a box,
+  plus command-line options -uc and +uc and resource cursorUnderLine to
+  control the feature (patch by Paul Lampert).
+  [#] update config.guess, config.sub
 * Mon Jul 28 2008 sndirsch@suse.de
 - update to release xterm-236
  * correct memory reallocation when handling a paste of UTF-8
@ -343,12 +397,12 @@ rm -rf $RPM_BUILD_ROOT
  * minor documentation fixes (patch by Slava Semushin)
  * add  makefile  actions  to  install KOI8RXTerm app-defaults
  file (patch by Julien Cristau).
-* Wed Jan 02 2008 sndirsch@suse.de
+* Tue Jan 01 2008 sndirsch@suse.de
 - update to xterm-230:
  * mainly bugfixes
 * Wed Sep 19 2007 sndirsch@suse.de
 - set foreground color as well; fixes xterm -rv (Bug #283984)
-* Sat Sep 01 2007 mfabian@suse.de
+* Fri Aug 31 2007 mfabian@suse.de
 - Bugzilla #306943: add xorg-x11 to BuildRequires because of
  ‘bdftopcf’. Let the build fail if ‘bdftopcf’ is missing.
 - change app-defaults to use these fonts for wide characters
@ -427,7 +481,7 @@ rm -rf $RPM_BUILD_ROOT
  (Bug #283984)
 * Thu Mar 29 2007 dmueller@suse.de
 - add ncurses-devel BuildRequires
-* Sun Mar 25 2007 sndirsch@suse.de
+* Sat Mar 24 2007 sndirsch@suse.de
 - Patch #225 - 2007/3/24:
  * add useClipping resource to allow clipping to be disabled.
  * use   XftDrawSetClipRectangles  to  work  around  Xft  pixel-trash
@ -815,7 +869,7 @@ rm -rf $RPM_BUILD_ROOT
 - adjusted p_xterm-settings.diff
 * Thu Mar 24 2005 sndirsch@suse.de
 - added missing xterm/resize manual pages (Bug #74467)
-* Mon Feb 07 2005 sndirsch@suse.de
+* Sun Feb 06 2005 sndirsch@suse.de
 - updated to xterm-200
 * Fri Jan 28 2005 sndirsch@suse.de
 - updated to xterm-199
--- a/xterm.tar.gz
+++ b/xterm.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:80a2e78ba7dfe39326697be5dc9e7cd840b6053c6cb9687d67479dd6e9c2ee13
-size 859451