From 1839d56a046b9efdc5d56a90059f6125541b02ca7332b088daa5489f5d347529 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 9 Jan 2009 01:11:33 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xterm?expand=0&rev=27 --- ...insist-on-iso8859-fonts-for-the-menu.patch | 7 +- xterm-238.tar.bz2 | 3 + xterm-disallow-window-and-fonts-ops.patch | 34 +++++++++ xterm.changes | 53 +++++++++++++ xterm.spec | 76 ++++++++++++++++--- xterm.tar.gz | 3 - 6 files changed, 158 insertions(+), 18 deletions(-) create mode 100644 xterm-238.tar.bz2 create mode 100644 xterm-disallow-window-and-fonts-ops.patch delete mode 100644 xterm.tar.gz diff --git a/bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch b/bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch index e8d5984..d779cec 100644 --- a/bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch +++ b/bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch @@ -1,7 +1,6 @@ -diff -ru xterm-228.orig/XTerm.ad xterm-228/XTerm.ad ---- xterm-228.orig/XTerm.ad 2007-03-18 23:41:40.000000000 +0100 -+++ xterm-228/XTerm.ad 2007-07-24 17:30:25.000000000 +0200 -@@ -4,7 +4,7 @@ +--- xterm-238/XTerm.ad ++++ xterm-238/XTerm.ad +@@ -3,7 +3,7 @@ *saveLines: 1024 *SimpleMenu*BackingStore: NotUseful diff --git a/xterm-238.tar.bz2 b/xterm-238.tar.bz2 new file mode 100644 index 0000000..bf08e6e --- /dev/null +++ b/xterm-238.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eb5ebe2ea7f82a110de4cb595bd0156c11c1c1bb6ed314cbbd9170d091143614 +size 697301 diff --git a/xterm-disallow-window-and-fonts-ops.patch b/xterm-disallow-window-and-fonts-ops.patch new file mode 100644 index 0000000..218ac7f --- /dev/null +++ b/xterm-disallow-window-and-fonts-ops.patch @@ -0,0 +1,34 @@ +--- XTerm.ad ++++ XTerm.ad +@@ -209,6 +209,11 @@ + ! Alternatively, + !*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+ + ++! Security: Disallow operations that might allow raw text being pasted to xterm to ++! execute code. ++*allowWindowOps: false ++*allowFontOps: false ++ + !! We want a 8bit clean xterm + *eightBitInput: true + *eightBitOutput: true +--- xterm.man ++++ xterm.man +@@ -1449,7 +1449,7 @@ + .TP + .B "allowFontOps (\fPclass\fB AllowFontOps)" + Specifies whether control sequences that set/query the font should be allowed. +-The default is ``true.'' ++The default is ``false.'' + .TP 8 + .B "allowSendEvents (\fPclass\fB AllowSendEvents)" + Specifies whether or not synthetic key and button events (generated using +@@ -1473,7 +1473,7 @@ + .B "allowWindowOps (\fPclass\fB AllowWindowOps)" + Specifies whether extended window control sequences (as used in dtterm) + should be allowed. +-The default is ``true.'' ++The default is ``false.'' + .TP 8 + .B "altIsNotMeta (\fPclass\fB AltIsNotMeta\fP)" + If ``true'', treat the Alt-key as if it were the Meta-key. diff --git a/xterm.changes b/xterm.changes index ca4f293..5a1510c 100644 --- a/xterm.changes +++ b/xterm.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Mon Jan 5 15:03:09 CET 2009 - meissner@suse.de + +- update to release xterm-238, Linux relevant changes: + +- Various security fixes for CVE-2008-2383 (ANSI command injection) + +- xterm-disallow-window-and-fonts-ops.patch: add allowWindowOps and + allowFontOps as "false" for default. bnc#462917 + +- Patch #238 - 2008/12/30 + # reset the screen wrapping-flag at the end of ClearRight to fix an + occasional case where the last character of a scrolled and wrapped + line would be cleared (patch by Joe Peterson). + # modify to use POSIX coding for comparing resource settings such as + locale, to work with locales such as Turkish (report by M Vefa + Bicakci). + # turn on configure paste64 feature by default (request by Jean-Philippe + Bernardy). It is runtime enabled/disabled with allowWindowOps. + # turn on configure tcap-query feature by default, add resource + allowTcapOps to make this runtime enabled/disabled. + # make OSC 3 (change X property, from patch #110) subject to + allowWindowOps resource. + # make VT220 DSR responses inactive in VT100-mode. + # make DECUDK feature inactive in VT100-mode. + # respond to incorrectly formatted DECRQSS with a cancel. + # add allowFontOps resource to allow the fontsize-switching and font + query/set control sequences to be enabled/disabled (prompted by Debian + #510030). + # some code cleanup based on gcc 4.x -Wconversion warnings in button.c + and charproc.c + # modify tcap-query feature to not return data for shifted cursor-keys + when the keyboard type is set to vt220, since returning the same + string for shifted/unshifted keys may confuse some applications + (GenToo #212546). + +- Patch #237 - 2008/09/14 + # improve usability of TrueType fonts by making the font-size switching + for shifted keypad plus/minus use the faceSize resources to determine + the order of fonts (when TrueType fonts are used) rather than the + bitmap fonts, since their sizes may not be in the same order (report + by H Merijn Brand) + # remove an optimization of ConfigureNotify events from patch #236 + which seems to interfere with passing SIGWINCH to applications + (GenToo #233836). + # modify handling of altSendsEscape to reset the eightBitInput mode, + like metaSendsEscape (patch by Ted Phelps). + # add feature to show the text-cursor as an underline rather than a box, + plus command-line options -uc and +uc and resource cursorUnderLine to + control the feature (patch by Paul Lampert). + # update config.guess, config.sub + + ------------------------------------------------------------------- Mon Jul 28 11:16:08 CEST 2008 - sndirsch@suse.de diff --git a/xterm.spec b/xterm.spec index 0189216..3a651a8 100644 --- a/xterm.spec +++ b/xterm.spec @@ -1,10 +1,17 @@ # -# spec file for package xterm (Version 236) +# spec file for package xterm (Version 238) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -19,10 +26,10 @@ License: X11/MIT Group: System/X11/Utilities Provides: xorg-x11:/usr/X11R6/bin/xterm XFree86:/usr/X11R6/bin/xterm AutoReqProv: on -Version: 236 +Version: 238 Release: 1 Summary: The basic X terminal program -Source: %name.tar.gz +Source: ftp://invisible-island.net/xterm/%name-%version.tar.bz2 Source1: luitx Source3: Backarrow2Delete Source4: Backarrow2BackSpace @@ -37,6 +44,7 @@ Patch1: p_xterm-settings.diff Patch2: p_xterm-sigwinch.diff Patch3: bug-246573-tentative-patch.diff Patch4: desktop.diff +Patch5: xterm-disallow-window-and-fonts-ops.patch Patch293793: bugzilla-293793-do-not-insist-on-iso8859-fonts-for-the-menu.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -155,11 +163,12 @@ Authors: Zarick Lau %prep -%setup -n xterm-%version -b7 +%setup -q -b7 %patch1 -p0 -b .xterm-settings %patch2 -p0 -b .xterm-sigwinch %patch3 -p1 %patch4 -p0 +%patch5 -p0 %patch293793 -p1 cp $RPM_SOURCE_DIR/*bdf.bz2 . bunzip2 *.bdf.bz2 @@ -270,6 +279,51 @@ rm -rf $RPM_BUILD_ROOT /usr/share/pixmaps/* %changelog +* Mon Jan 05 2009 meissner@suse.de +- update to release xterm-238, Linux relevant changes: +- Various security fixes for CVE-2008-2383 (ANSI command injection) +- xterm-disallow-window-and-fonts-ops.patch: add allowWindowOps and + allowFontOps as "false" for default. bnc#462917 +- Patch #238 - 2008/12/30 + [#] reset the screen wrapping-flag at the end of ClearRight to fix an + occasional case where the last character of a scrolled and wrapped + line would be cleared (patch by Joe Peterson). + [#] modify to use POSIX coding for comparing resource settings such as + locale, to work with locales such as Turkish (report by M Vefa + Bicakci). + [#] turn on configure paste64 feature by default (request by Jean-Philippe + Bernardy). It is runtime enabled/disabled with allowWindowOps. + [#] turn on configure tcap-query feature by default, add resource + allowTcapOps to make this runtime enabled/disabled. + [#] make OSC 3 (change X property, from patch #110) subject to + allowWindowOps resource. + [#] make VT220 DSR responses inactive in VT100-mode. + [#] make DECUDK feature inactive in VT100-mode. + [#] respond to incorrectly formatted DECRQSS with a cancel. + [#] add allowFontOps resource to allow the fontsize-switching and font + query/set control sequences to be enabled/disabled (prompted by Debian + [#510030]). + [#] some code cleanup based on gcc 4.x -Wconversion warnings in button.c + and charproc.c + [#] modify tcap-query feature to not return data for shifted cursor-keys + when the keyboard type is set to vt220, since returning the same + string for shifted/unshifted keys may confuse some applications + (GenToo #212546). +- Patch #237 - 2008/09/14 + [#] improve usability of TrueType fonts by making the font-size switching + for shifted keypad plus/minus use the faceSize resources to determine + the order of fonts (when TrueType fonts are used) rather than the + bitmap fonts, since their sizes may not be in the same order (report + by H Merijn Brand) + [#] remove an optimization of ConfigureNotify events from patch #236 + which seems to interfere with passing SIGWINCH to applications + (GenToo #233836). + [#] modify handling of altSendsEscape to reset the eightBitInput mode, + like metaSendsEscape (patch by Ted Phelps). + [#] add feature to show the text-cursor as an underline rather than a box, + plus command-line options -uc and +uc and resource cursorUnderLine to + control the feature (patch by Paul Lampert). + [#] update config.guess, config.sub * Mon Jul 28 2008 sndirsch@suse.de - update to release xterm-236 * correct memory reallocation when handling a paste of UTF-8 @@ -343,12 +397,12 @@ rm -rf $RPM_BUILD_ROOT * minor documentation fixes (patch by Slava Semushin) * add makefile actions to install KOI8RXTerm app-defaults file (patch by Julien Cristau). -* Wed Jan 02 2008 sndirsch@suse.de +* Tue Jan 01 2008 sndirsch@suse.de - update to xterm-230: * mainly bugfixes * Wed Sep 19 2007 sndirsch@suse.de - set foreground color as well; fixes xterm -rv (Bug #283984) -* Sat Sep 01 2007 mfabian@suse.de +* Fri Aug 31 2007 mfabian@suse.de - Bugzilla #306943: add xorg-x11 to BuildRequires because of ‘bdftopcf’. Let the build fail if ‘bdftopcf’ is missing. - change app-defaults to use these fonts for wide characters @@ -427,7 +481,7 @@ rm -rf $RPM_BUILD_ROOT (Bug #283984) * Thu Mar 29 2007 dmueller@suse.de - add ncurses-devel BuildRequires -* Sun Mar 25 2007 sndirsch@suse.de +* Sat Mar 24 2007 sndirsch@suse.de - Patch #225 - 2007/3/24: * add useClipping resource to allow clipping to be disabled. * use XftDrawSetClipRectangles to work around Xft pixel-trash @@ -815,7 +869,7 @@ rm -rf $RPM_BUILD_ROOT - adjusted p_xterm-settings.diff * Thu Mar 24 2005 sndirsch@suse.de - added missing xterm/resize manual pages (Bug #74467) -* Mon Feb 07 2005 sndirsch@suse.de +* Sun Feb 06 2005 sndirsch@suse.de - updated to xterm-200 * Fri Jan 28 2005 sndirsch@suse.de - updated to xterm-199 diff --git a/xterm.tar.gz b/xterm.tar.gz deleted file mode 100644 index 9d4b708..0000000 --- a/xterm.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:80a2e78ba7dfe39326697be5dc9e7cd840b6053c6cb9687d67479dd6e9c2ee13 -size 859451