pool/xterm
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xterm/xterm-forbid_window_and_font_ops.patch
Petr Cerny 85c2100f4c Accepting request 528278 from home:pcerny:factory 
- Patch #330 - 2017/06/20
  * updates for ReGIS (Ross Combs):
     + remove redundant text command error check which broke
       T(B) and T(E).
     + retain the loading alphabet number across multiple “L”
       commands.
     + add S(T) delay handler.
     + fix some color handling error messages.
     + add stubbed-out macrograph handling.
     + use fragment_remaining() and fragment_consumed() instead
       of manually checking position / length in various places.
     + rename some local variables in string / extent / option
       parsing
     + wrap some long lines.
     + move macrograph command handling out of the top-level.
  * add a summary of the italic fonts loaded to -report-fonts
    option.
  * modify the font-lookup for italics to allow for “-i-” if no
    match is found with slant “-o-” (prompted by patch by Ben
    Wong).
  * change default values for mkSamplePass and mkSampleSize to
    reflect generally-improved locale support in various
    operating systems (FreeBSD #219800).
  * modify wcwidth.c to return -1 for non-Unicode values, and
    adjust a couple of blocks to better match assumptions about
    ambiguous-width characters in other implementations. Also
    modify wcwidth.c to support configurable soft-hyphen, so
    there is no drawback to using this version rather than a
    system wcwidth.
  * amend change made in patch #328 for cursor-visibility to

OBS-URL: https://build.opensuse.org/request/show/528278
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=146
2017-09-22 12:05:44 +00:00

50 lines
1.6 KiB
Diff
Raw Blame History

# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -262,16 +262,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -2036,17 +2036,17 @@ The default is \*(``false\*(''.
.TP
.B "allowColorOps\fP (class\fB AllowColorOps\fP)"
Specifies whether control sequences that set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps\fP (class\fB AllowFontOps\fP)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP
.B "allowMouseOps\fP (class\fB AllowMouseOps\fP)"
Specifies whether control sequences that enable \fI\*n\fP to send
escape sequences to the host on mouse-clicks and movement.
The default is \*(``true\*(''.
.TP 8
.B "allowPasteControls\fP (class\fB AllowPasteControls\fP)"
If true, allow control characters such as BEL and CAN to be pasted.
Reference in New Issue View Git Blame Copy Permalink