pool/xterm
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62f86cc289
xterm/xterm-forbid_window_and_font_ops.patch
Petr Cerny 81e4ea26bc Accepting request 631631 from home:pcerny:factory 
- Patch #335 - 2018/08/14
  * add colorInnerBorder resource to make a change from patch
    #334 configurable (reports by H Merijn Brand, Gabriele
    Balducci).
- Patch #334 - 2018/08/12
  * modify Imakefile to reflect the fact that NetBSD no longer
    has a working termcap emulation.
  * add resource-setting validShells which can be used to augment
    the system's /etc/shell (prompted by discussion with Paul
    Lampert).
  * stifle some useless warnings from lintian in test-packages.
  * add the ncurses extension “RGB” to the responses for the
    termcap-query feature.
  * improved getopts-handling in sample scripts.
  * fix some warnings from gcc8 and clang --analyze.
  * update note about incorrect documentation for DECRQSS to
    include VT525 (report by Markus Schmidt).
  * correct check for default-values in rectangular parsing; a
    zero counts as a missing or default parameter
    (report/testcase by Markus Schmidt).
  * correct some ranges in the ambiguous[] table in wcwidth
    (adapted from patch by KUGA Tsutomu).
  * fix a special case with faint video attribute incorrectly
    combined with default color.
  * add private control XTREPORTSGR for reporting
    video-attributes and color on a rectangle, and script
    report-sgr.pl to demonstrate it.
  * modify some of the markup in ctlseqs.ms to work around
    groff's reassignment of ASCII punctuation characters as
    documented in groff_char(7).

OBS-URL: https://build.opensuse.org/request/show/631631
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=158
2018-08-26 21:45:34 +00:00

52 lines
1.7 KiB
Diff
Raw Blame History

# HG changeset patch
# Parent d5ffae3ffb4d7bccf09feb476eed67e7688d73cf
# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -263,16 +263,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -2091,17 +2091,17 @@ The default is \*(``false\*(''.
.B "allowColorOps\fP (class\fB AllowColorOps\fP)"
Specifies whether control sequences that
set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps\fP (class\fB AllowFontOps\fP)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP
.B "allowMouseOps\fP (class\fB AllowMouseOps\fP)"
Specifies whether control sequences that enable \fI\*n\fP to send
escape sequences to the host on mouse-clicks and movement.
The default is \*(``true\*(''.
.TP 8
.B "allowPasteControls\fP (class\fB AllowPasteControls\fP)"
If true, allow control characters such as BEL and CAN to be pasted.
Reference in New Issue View Git Blame Copy Permalink