From a035a7ad329443b0d7587b0b5290e41df16fa2eb Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 6 Jan 2009 14:17:46 +0000 Subject: [PATCH] - update to 238 (#479000, CVE-2008-2383) - set default values of allowWindowOps and allowFontOps resources to false --- .cvsignore | 2 +- sources | 2 +- xterm-238-windowfontops.patch | 37 +++++++++++++++++++++++++++++++++++ xterm.spec | 8 +++++++- 4 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 xterm-238-windowfontops.patch diff --git a/.cvsignore b/.cvsignore index b06fcd4..3ea76aa 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ 16colors.txt -xterm-237.tgz +xterm-238.tgz diff --git a/sources b/sources index e03b11d..48f2cc3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 6093439b8d79089f4ff1cdfed358b401 16colors.txt -6d5f9e124fd3e09487f47c66da8c7345 xterm-237.tgz +754f670723eb9a20f9f90d7c5f4a5bad xterm-238.tgz diff --git a/xterm-238-windowfontops.patch b/xterm-238-windowfontops.patch new file mode 100644 index 0000000..994cccb --- /dev/null +++ b/xterm-238-windowfontops.patch @@ -0,0 +1,37 @@ +diff -up xterm-238/charproc.c.windowfontops xterm-238/charproc.c +--- xterm-238/charproc.c.windowfontops 2009-01-06 12:10:30.000000000 +0100 ++++ xterm-238/charproc.c 2009-01-06 12:15:57.000000000 +0100 +@@ -389,10 +389,10 @@ static XtActionsRec actionsList[] = { + static XtResource resources[] = + { + Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0, False), +- Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, True), ++ Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, False), + Bres(XtNallowTcapOps, XtCAllowTcapOps, screen.allowTcapOp0, True), + Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, True), +- Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, True), ++ Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, False), + Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False), + Bres(XtNaltSendsEscape, XtCAltSendsEscape, screen.alt_sends_esc, False), + Bres(XtNalwaysBoldMode, XtCAlwaysBoldMode, screen.always_bold_mode, False), +diff -up xterm-238/xterm.man.windowfontops xterm-238/xterm.man +--- xterm-238/xterm.man.windowfontops 2009-01-06 12:10:30.000000000 +0100 ++++ xterm-238/xterm.man 2009-01-06 12:11:39.000000000 +0100 +@@ -1448,7 +1448,7 @@ The default is ``false.'' + .TP + .B "allowFontOps (\fPclass\fB AllowFontOps)" + Specifies whether control sequences that set/query the font should be allowed. +-The default is ``true.'' ++The default is ``false.'' + .TP 8 + .B "allowSendEvents (\fPclass\fB AllowSendEvents)" + Specifies whether or not synthetic key and button events (generated using +@@ -1472,7 +1472,7 @@ The default is ``true.'' + .B "allowWindowOps (\fPclass\fB AllowWindowOps)" + Specifies whether extended window control sequences (as used in dtterm) + should be allowed. +-The default is ``true.'' ++The default is ``false.'' + .TP 8 + .B "altIsNotMeta (\fPclass\fB AltIsNotMeta\fP)" + If ``true'', treat the Alt-key as if it were the Meta-key. diff --git a/xterm.spec b/xterm.spec index f1750f9..6161a35 100644 --- a/xterm.spec +++ b/xterm.spec @@ -1,6 +1,6 @@ Summary: Terminal emulator for the X Window System Name: xterm -Version: 237 +Version: 238 Release: 1%{?dist} URL: http://dickey.his.com/xterm License: MIT @@ -16,6 +16,7 @@ Source2: %{name}.desktop Patch1: xterm-223-resources.patch Patch2: xterm-222-can-2003-0063.patch Patch3: xterm-226-man-page_paths.patch +Patch4: xterm-238-windowfontops.patch %bcond_with trace @@ -32,6 +33,7 @@ programs that can't use the window system directly. %patch1 -p1 -b .redhat-resources %patch2 -p1 -b .can-2003-0063 %patch3 -p1 -b .man-page_paths +%patch4 -p1 -b .windowfontops %build %configure \ @@ -82,6 +84,10 @@ rm -rf $RPM_BUILD_ROOT %{x11_app_defaults_dir}/XTerm-color %changelog +* Tue Jan 06 2009 Miroslav Lichvar 238-1 +- update to 238 (#479000, CVE-2008-2383) +- set default values of allowWindowOps and allowFontOps resources to false + * Tue Sep 16 2008 Miroslav Lichvar 237-1 - update to 237