pool/xterm
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3a6ab9a44b
xterm/xterm-forbid_window_and_font_ops.patch
Petr Cerny 7927eeb02d Accepting request 232778 from home:pcerny:factory 
- Patch #304 - 2014/05/03
  * add debugging check for parsing table entries, fixed a few
    inconsistencies.
  * handle utmp/utmpx strings consistently with new function that
    null-pads unused locations.
  * build-fix for imake configuration with FreeBSD 9 and later,
    to account for replacing utmp with utmpx.
  * improve handling of the fontsel (font-selection) menu item:
    + initialize the menu entry differently if the toolbar
      configuration is used, i.e., enabling it without attempting
      to use the current selection as a font name. Because of the
      way in which the toolbar is setup, this attempt usually
      failed, and would result in a warning.
    + if the menu action fails, e.g., no font can be loaded for
      the given selected name, then recover by resuming with the
      current font. Before, the recovery went to the default
      font. That was done to work around missing bitmap font in
      patch #276.
  * document OSC 119 in the control sequences listing (report by
    Egmont Koblinger).
  * modify special handling of XF86Paste or SunPaste keysyms (see
    patch #227) to use the standard shift/lock modifiers in case
    those are, for example, used in level 3 in an XKB file (patch
    by Matthieu Herrb).
  * configure macro updates:
    + drop the -no-gcc option from CF_INTEL_COMPILER
    + modify CF_XOPEN_SOURCE to suppress the check for defining
      _XOPEN_SOURCE on Solaris
  * reduce bss storage used for ReGIS/Sixel modules, as well as
    cleanup storage usage in other modules.

OBS-URL: https://build.opensuse.org/request/show/232778
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=92
2014-05-05 22:05:44 +00:00

50 lines
1.7 KiB
Diff
Raw Blame History

# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -260,16 +260,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -1809,17 +1809,17 @@ The default is \*(``false\*(''.
.TP
.B "allowColorOps (\fPclass\fB AllowColorOps)"
Specifies whether control sequences that set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps (\fPclass\fB AllowFontOps)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP 5
.B "allowPasteControls (\fPclass\fB AllowPasteControls)"
If true, allow control characters such as BEL and CAN to be pasted.
Formatting characters (tab, newline) are always allowed.
Other C0 control characters are suppressed unless this resource is enabled.
The exact set of control characters (C0 and C1)
depends upon whether UTF-8 encoding is used,
as well as the \fBallowC1Printable\fP resource.
Reference in New Issue View Git Blame Copy Permalink