pool/xterm
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xterm/xterm-forbid_window_and_font_ops.patch
Petr Cerny ad13ddb221 Accepting request 433932 from home:pcerny:factory 
- Patch #326 - 2016/09/25
  * updated appdata file (report by Richard Hughes).
  * improve discussion of the different terminal emulations
    provided by xterm in the manual page.
  * add examples of setting the icon title with/without the
    window title in the manual (Debian #833984).
  * correct a limit-check when using a numeric value for extended
    Booleans e.g., *fullscreen:3 rather than a name such as
    *fullscreen:never.
  * add action allow-bold-fonts
  * improved formatting fixes for manual page, using script to
    find mismatches in spelling of resources, actions and menu
    entries.
  * improve documentation of logging resources.
  * fix a special case of flickering cursor by adding
    GraphicsExpose to the list of event types that should not
    trigger making the mouse cursor visible (patch by Joe
    Peterson).
  * correct initialization of line-drawing in VT52-mode,
    overlooked in changes for patch #297 (report/patch by Ben
    Wiley Sittler).
  * minor clarification of form-feed versus line-feed in
    ctlseqs.ms (suggested by David Kemper).
  * amend fix for Debian #738794 to restore a check for missing
    characters which are not combining characters. Also fill in
	a corresponding special case for TrueType fonts
	(Debian #827905).

- Patch #325 - 2016/06/05
  * improve manual page discussion of function keys (discussion

OBS-URL: https://build.opensuse.org/request/show/433932
OBS-URL: https://build.opensuse.org/package/show/X11:terminals/xterm?expand=0&rev=140
2016-10-08 16:43:48 +00:00

50 lines
1.7 KiB
Diff
Raw Blame History

# forbid dangerous escape sequences (font loading)
diff --git a/XTerm.ad b/XTerm.ad
--- a/XTerm.ad
+++ b/XTerm.ad
@@ -262,16 +262,21 @@
!*faceSize: 8
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
!
! Alternatively,
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
+! Security: Disallow operations that might allow raw text being pasted to xterm to
+! execute code.
+*allowWindowOps: false
+*allowFontOps: false
+
!! We want a 8bit clean xterm
*eightBitInput: true
*eightBitOutput: true
!! Default Settings
*termName: xterm
*pointerShape: top_left_arrow
*scrollKey: true
diff --git a/xterm.man b/xterm.man
--- a/xterm.man
+++ b/xterm.man
@@ -1992,17 +1992,17 @@ The default is \*(``false\*(''.
.TP
.B "allowColorOps\fP (class\fB AllowColorOps\fP)"
Specifies whether control sequences that set/query the dynamic colors should be allowed.
ANSI colors are unaffected by this resource setting.
The default is \*(``true\*(''.
.TP
.B "allowFontOps\fP (class\fB AllowFontOps\fP)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is \*(``true\*(''.
+The default is \*(``false\*(''.
.TP 8
.B "allowPasteControls\fP (class\fB AllowPasteControls\fP)"
If true, allow control characters such as BEL and CAN to be pasted.
Formatting characters (tab, newline) are always allowed.
Other C0 control characters are suppressed unless this resource is enabled.
The exact set of control characters (C0 and C1)
depends upon whether UTF-8 encoding is used,
as well as the \fBallowC1Printable\fP resource.
Reference in New Issue View Git Blame Copy Permalink