- update to 238 (#479000, CVE-2008-2383)

- set default values of allowWindowOps and allowFontOps resources to false
This commit is contained in:
Miroslav Lichvar 2009-01-06 14:17:46 +00:00
parent 2b135c95c4
commit a035a7ad32
4 changed files with 46 additions and 3 deletions

View File

@ -1,2 +1,2 @@
16colors.txt 16colors.txt
xterm-237.tgz xterm-238.tgz

View File

@ -1,2 +1,2 @@
6093439b8d79089f4ff1cdfed358b401 16colors.txt 6093439b8d79089f4ff1cdfed358b401 16colors.txt
6d5f9e124fd3e09487f47c66da8c7345 xterm-237.tgz 754f670723eb9a20f9f90d7c5f4a5bad xterm-238.tgz

View File

@ -0,0 +1,37 @@
diff -up xterm-238/charproc.c.windowfontops xterm-238/charproc.c
--- xterm-238/charproc.c.windowfontops 2009-01-06 12:10:30.000000000 +0100
+++ xterm-238/charproc.c 2009-01-06 12:15:57.000000000 +0100
@@ -389,10 +389,10 @@ static XtActionsRec actionsList[] = {
static XtResource resources[] =
{
Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0, False),
- Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, True),
+ Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, False),
Bres(XtNallowTcapOps, XtCAllowTcapOps, screen.allowTcapOp0, True),
Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, True),
- Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, True),
+ Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, False),
Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False),
Bres(XtNaltSendsEscape, XtCAltSendsEscape, screen.alt_sends_esc, False),
Bres(XtNalwaysBoldMode, XtCAlwaysBoldMode, screen.always_bold_mode, False),
diff -up xterm-238/xterm.man.windowfontops xterm-238/xterm.man
--- xterm-238/xterm.man.windowfontops 2009-01-06 12:10:30.000000000 +0100
+++ xterm-238/xterm.man 2009-01-06 12:11:39.000000000 +0100
@@ -1448,7 +1448,7 @@ The default is ``false.''
.TP
.B "allowFontOps (\fPclass\fB AllowFontOps)"
Specifies whether control sequences that set/query the font should be allowed.
-The default is ``true.''
+The default is ``false.''
.TP 8
.B "allowSendEvents (\fPclass\fB AllowSendEvents)"
Specifies whether or not synthetic key and button events (generated using
@@ -1472,7 +1472,7 @@ The default is ``true.''
.B "allowWindowOps (\fPclass\fB AllowWindowOps)"
Specifies whether extended window control sequences (as used in dtterm)
should be allowed.
-The default is ``true.''
+The default is ``false.''
.TP 8
.B "altIsNotMeta (\fPclass\fB AltIsNotMeta\fP)"
If ``true'', treat the Alt-key as if it were the Meta-key.

View File

@ -1,6 +1,6 @@
Summary: Terminal emulator for the X Window System Summary: Terminal emulator for the X Window System
Name: xterm Name: xterm
Version: 237 Version: 238
Release: 1%{?dist} Release: 1%{?dist}
URL: http://dickey.his.com/xterm URL: http://dickey.his.com/xterm
License: MIT License: MIT
@ -16,6 +16,7 @@ Source2: %{name}.desktop
Patch1: xterm-223-resources.patch Patch1: xterm-223-resources.patch
Patch2: xterm-222-can-2003-0063.patch Patch2: xterm-222-can-2003-0063.patch
Patch3: xterm-226-man-page_paths.patch Patch3: xterm-226-man-page_paths.patch
Patch4: xterm-238-windowfontops.patch
%bcond_with trace %bcond_with trace
@ -32,6 +33,7 @@ programs that can't use the window system directly.
%patch1 -p1 -b .redhat-resources %patch1 -p1 -b .redhat-resources
%patch2 -p1 -b .can-2003-0063 %patch2 -p1 -b .can-2003-0063
%patch3 -p1 -b .man-page_paths %patch3 -p1 -b .man-page_paths
%patch4 -p1 -b .windowfontops
%build %build
%configure \ %configure \
@ -82,6 +84,10 @@ rm -rf $RPM_BUILD_ROOT
%{x11_app_defaults_dir}/XTerm-color %{x11_app_defaults_dir}/XTerm-color
%changelog %changelog
* Tue Jan 06 2009 Miroslav Lichvar <mlichvar@redhat.com> 238-1
- update to 238 (#479000, CVE-2008-2383)
- set default values of allowWindowOps and allowFontOps resources to false
* Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 237-1 * Tue Sep 16 2008 Miroslav Lichvar <mlichvar@redhat.com> 237-1
- update to 237 - update to 237