pool/xterm
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xterm/xterm-forbid_window_and_font_ops.patch
Marcus Meissner bcff3f73f9 Accepting request 176920 from home:pcerny:factory 
! temporarily pass gpg verification, since it claims that
! the signature file is inaccessible

- Patch #293 - 2013/05/27
  * modify sample xterm.spec to use newer icon
  * add configure option --with-icon-symlink to work around
    systems which map icon requests for to a single "xterm" icon,
    but neglect to install the icon needed for window decorations
    (report by H Merijn Brand).
  * improve parameterizing of sample xterm.spec
  * amend fix for printer from patch #280, removing a reset of the
    signal handler for SIGCHLD (report by Joe Julian).
  * set environment variable XTERM_FILTER if a locale-filter is
    used.
  * enable DEBUG logic when --enable-trace configure option is
    given.
  * improve description of initialFont, set-vt-font and
    set-tex-text in manpage (Debian #707899).
  * fix regression from patch #292; selecting a word that ended at
    the right margin without wrapping would not select the last
    cell (report by Christian Weisgerber).

- cleanup of spec file and patches

OBS-URL: https://build.opensuse.org/request/show/176920
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=74
2013-05-29 14:46:55 +00:00

50 lines
1.7 KiB
Diff
Raw Blame History

# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -258,16 +258,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -1702,17 +1702,17 @@ The default is \*(``false\*(''.
.TP
.B "allowColorOps (\fPclass\fB AllowColorOps)"
Specifies whether control sequences that set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps (\fPclass\fB AllowFontOps)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP 5
.B "allowPasteControls (\fPclass\fB AllowPasteControls)"
If true, allow control characters such as BEL and CAN to be pasted.
Formatting characters (tab, newline) are always allowed.
Other C0 control characters are suppressed unless this resource is enabled.
The exact set of control characters (C0 and C1)
depends upon whether UTF-8 encoding is used,
as well as the \fBallowC1Printable\fP resource.
Reference in New Issue View Git Blame Copy Permalink