pool/xterm
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xterm/xterm-forbid_window_and_font_ops.patch
Petr Cerny 1d2631fb31 Accepting request 357555 from home:pcerny:factory 
- Patch #322 - 2016/01/02
  * fix regression due to incorrect fix for compiler warning when
    allocating storage for /etc/shells (reports by Ashish Shukla,
    Debian #809646).
- Patch #321 - 2015/12/31
  * add resource keepClipboard, escape sequence and action
    keep-clipboard.
  * add optional feature to capture text copied to clipboard at
    the time of copying rather than at the time the clipboard
    contents are requested for pasting (patch by Milan Mehner).
  * improve a special case where the -e option was used to pass a
    single-quoted command via luit, by wrapping it in a “sh -c”
    (report by Keith Hedger).
  * minor fix for type-cleanliness when allocating storage for
    /etc/shells (Tobias Stoeckmann).
  * fix a typo in manual page (Dan Church).
  * fix minor file-descriptor leak; after calling openpty, the
    slave's file descriptor is not needed (report by Juha
    Nurmela).
  * editorial change to ctlseqs.ms (report by David Gomboc).
  * minor updates for autoconf macros.
  * update config.guess, config.sub
- vttest 20140305
  * save/restore color enable-flag for menu 11.6 in a couple of
    places so that the ISO-6429 tests do not reset it
    unexpectedly.
  * amend the REP test to not reset colors if it happens to be
    run via the menu entry for BCE-related tests.
- vttest 20140116
  * cosmetic changes (suggested by Itay Chamiel):

OBS-URL: https://build.opensuse.org/request/show/357555
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=134
2016-02-03 13:16:19 +00:00

50 lines
1.7 KiB
Diff
Raw Blame History

# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -260,16 +260,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -1896,17 +1896,17 @@ The default is \*(``false\*(''.
.TP
.B "allowColorOps (\fPclass\fB AllowColorOps)"
Specifies whether control sequences that set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps (\fPclass\fB AllowFontOps)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP 8
.B "allowPasteControls (\fPclass\fB AllowPasteControls)"
If true, allow control characters such as BEL and CAN to be pasted.
Formatting characters (tab, newline) are always allowed.
Other C0 control characters are suppressed unless this resource is enabled.
The exact set of control characters (C0 and C1)
depends upon whether UTF-8 encoding is used,
as well as the \fBallowC1Printable\fP resource.
Reference in New Issue View Git Blame Copy Permalink