pool/xterm
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xterm/xterm-forbid_window_and_font_ops.patch
Marcus Meissner 89e400e6b2 Accepting request 183779 from home:pcerny:factory 
- Patch #296 - 2013/07/10
  * improve experimental sixel feature (patch by Ross Combs).
  * modify delimiter in configure macro used to add a library
    after a given library to avoid confusion with -Wl
    pass-through options to linker (NetBSD #48031).
  * fix quoting in expression used to trim extra libraries from
    patch #295 changes (report by Thomas Klausner).
- Patch #295 - 2013/07/06
  * adjust order of libraries to work around incomplete symbol
    resolution when using --as-needed option (ArchLinux #36047).
  * minor fix for plink.sh, for IRIX64.
- Patch #294 - 2013/07/05
  * add note in ctlseqs.ms for CPR response pointing out a
    potential point of confusion with the string sent by a
    modified F1 key (suggested by Bram Moolenaar).
  * improve plink.sh by checking if the linker supports the
    --as-needed option (suggested by David Philippi).
  * improve clearing for private mode 1049 when switching to the
    alternate screen (Debian #711758).
  * amend fix from patch #292 by removing now-unneeded chunk
    which introduced problem in selection (Debian #714527).
  * add definition to optionally override compiled-in class for
    xterm from makefile, needed for test-packages.
  * add configure option --enable-sixel-graphics
  * add experimental support for sixel graphics (patch by Ross
    Combs).

OBS-URL: https://build.opensuse.org/request/show/183779
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=80
2013-07-20 07:31:39 +00:00

50 lines
1.7 KiB
Diff
Raw Blame History

# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -262,16 +262,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -1702,17 +1702,17 @@ The default is \*(``false\*(''.
.TP
.B "allowColorOps (\fPclass\fB AllowColorOps)"
Specifies whether control sequences that set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps (\fPclass\fB AllowFontOps)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP 5
.B "allowPasteControls (\fPclass\fB AllowPasteControls)"
If true, allow control characters such as BEL and CAN to be pasted.
Formatting characters (tab, newline) are always allowed.
Other C0 control characters are suppressed unless this resource is enabled.
The exact set of control characters (C0 and C1)
depends upon whether UTF-8 encoding is used,
as well as the \fBallowC1Printable\fP resource.
Reference in New Issue View Git Blame Copy Permalink