xterm: Changes to 'debian-etch'

Julien Cristau Fri, 02 Jan 2009 12:46:39 -0800

 debian/changelog                      |   10 ++++++++++
 debian/patches/900_debian_xterm.diff  |    2 +-
 debian/patches/901_xterm_manpage.diff |    2 +-
 debian/patches/902_disallowWindowOps  |   19 ++++++++++++++++---
 debian/patches/disable-changexprop    |   15 +++++++++++++++
 debian/patches/disable-font-shifting  |   13 +++++++++++++
 debian/patches/disable-udk            |   12 ++++++++++++
 debian/patches/fix-decrqss            |   17 +++++++++++++++++
 debian/patches/series                 |    4 ++++
 9 files changed, 89 insertions(+), 5 deletions(-)


New commits:
commit 13e564f3552cbd8d9e2928a7a2030d1f6dbd2b0b
Author: Julien Cristau <[email protected]>
Date:   Fri Jan 2 21:44:32 2009 +0100

    Import security update by Florian Weimer
    
    * Apply patch from Paul Szabo to fix command injection through DECRQSS
      sequences (CVE-2008-2383).  Closes: #510030.
    * Disable font shifting, X property changes and user-defined keys
      through escape sequences.
    * Update manpage to document that allowWindowOps is disabled.

diff --git a/debian/changelog b/debian/changelog
index 26f660c..171dbbe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+xterm (222-1etch3) stable-security; urgency=high
+
+  * Apply patch from Paul Szabo to fix command injection through DECRQSS
+    sequences (CVE-2008-2383).  Closes: #510030.
+  * Disable font shifting, X property changes and user-defined keys
+    through escape sequences.
+  * Update manpage to document that allowWindowOps is disabled.
+
+ -- Florian Weimer <[email protected]>  Mon, 29 Dec 2008 19:55:02 +0100
+
 xterm (222-1etch2) testing; urgency=low
 
   * Make test for broken alternatives symlink more robust (closes: #405458).
diff --git a/debian/patches/900_debian_xterm.diff 
b/debian/patches/900_debian_xterm.diff
index 768344e..dceaa23 100644
--- a/debian/patches/900_debian_xterm.diff
+++ b/debian/patches/900_debian_xterm.diff
@@ -1,4 +1,4 @@
-$Id$
+$Id: 900_debian_xterm.diff 3892 2006-10-23 22:07:11Z julien $
 
 Make Debian-specific tweaks to xterm:
 * Set the default VT widget foreground and background colors to gray90 on
diff --git a/debian/patches/901_xterm_manpage.diff 
b/debian/patches/901_xterm_manpage.diff
index f262012..3f9c5bb 100644
--- a/debian/patches/901_xterm_manpage.diff
+++ b/debian/patches/901_xterm_manpage.diff
@@ -1,4 +1,4 @@
-$Id$
+$Id: 901_xterm_manpage.diff 3892 2006-10-23 22:07:11Z julien $
 
 Make Debian-specific tweaks to xterm manpage:
 * Use FHS paths to the utmp and wtmp files in xterm's manpage.
diff --git a/debian/patches/902_disallowWindowOps 
b/debian/patches/902_disallowWindowOps
index 45d593c..8b360a0 100644
--- a/debian/patches/902_disallowWindowOps
+++ b/debian/patches/902_disallowWindowOps
@@ -1,10 +1,23 @@
-Index: xterm-210/XTerm.ad
+Index: git/XTerm.ad
 ===================================================================
---- xterm-210.orig/XTerm.ad    2006-09-15 16:17:12.000000000 +0200
-+++ xterm-210/XTerm.ad 2006-09-15 16:17:19.000000000 +0200
+--- git.orig/XTerm.ad  2008-12-29 19:52:33.000000000 +0100
++++ git/XTerm.ad       2008-12-29 19:52:33.000000000 +0100
 @@ -190,3 +190,5 @@
  !
  ! Alternatively,
  !*on2Clicks: regex 
[[:alpha:]]+://([[:alnum:]!#+,./=...@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
 +
 +*allowWindowOps: false
+Index: git/xterm.man
+===================================================================
+--- git.orig/xterm.man 2008-12-29 19:52:54.000000000 +0100
++++ git/xterm.man      2008-12-29 19:53:11.000000000 +0100
+@@ -1361,7 +1361,7 @@
+ .B "allowWindowOps (\fPclass\fB AllowWindowOps)"
+ Specifies whether extended window control sequences (as used in dtterm)
+ for should be allowed.
+-The default is ``true.''
++The default is ``false.''
+ .TP 8
+ .B "alwaysHighlight (\fPclass\fB AlwaysHighlight)"
+ Specifies whether or not \fIxterm\fP should always display a highlighted
diff --git a/debian/patches/disable-changexprop 
b/debian/patches/disable-changexprop
new file mode 100644
index 0000000..e21e461
--- /dev/null
+++ b/debian/patches/disable-changexprop
@@ -0,0 +1,15 @@
+Index: git/misc.c
+===================================================================
+--- git.orig/misc.c    2008-12-29 12:49:38.000000000 +0100
++++ git/misc.c 2008-12-29 12:50:02.000000000 +0100
+@@ -1792,10 +1792,6 @@
+     case 2:                   /* new title only */
+       ChangeTitle(buf);
+       break;
+-
+-    case 3:                   /* change X property */
+-      ChangeXprop(buf);
+-      break;
+ #if OPT_ISO_COLORS
+     case 4:
+       ChangeAnsiColorRequest(xw, buf, final);
diff --git a/debian/patches/disable-font-shifting 
b/debian/patches/disable-font-shifting
new file mode 100644
index 0000000..4c4d5ce
--- /dev/null
+++ b/debian/patches/disable-font-shifting
@@ -0,0 +1,13 @@
+Index: git/ptyx.h
+===================================================================
+--- git.orig/ptyx.h    2008-12-29 12:49:07.000000000 +0100
++++ git/ptyx.h 2008-12-29 12:49:13.000000000 +0100
+@@ -598,7 +598,7 @@
+ #endif
+ 
+ #ifndef OPT_SHIFT_FONTS
+-#define OPT_SHIFT_FONTS 1 /* true if xterm interprets fontsize-shifting */
++#define OPT_SHIFT_FONTS 0 /* true if xterm interprets fontsize-shifting */
+ #endif
+ 
+ #ifndef OPT_SUNPC_KBD
diff --git a/debian/patches/disable-udk b/debian/patches/disable-udk
new file mode 100644
index 0000000..247d58e
--- /dev/null
+++ b/debian/patches/disable-udk
@@ -0,0 +1,12 @@
+Index: git/misc.c
+===================================================================
+--- git.orig/misc.c    2008-12-29 13:27:11.000000000 +0100
++++ git/misc.c 2008-12-29 13:28:09.000000000 +0100
+@@ -2326,7 +2326,6 @@
+       case '|':               /* DECUDK */
+           if (params.a_param[0] == 0)
+               reset_decudk();
+-          parse_decudk(cp);
+           break;
+       case '{':               /* DECDLD (no '}' case though) */
+           parse_decdld(&params, cp);
diff --git a/debian/patches/fix-decrqss b/debian/patches/fix-decrqss
new file mode 100644
index 0000000..912100b
--- /dev/null
+++ b/debian/patches/fix-decrqss
@@ -0,0 +1,17 @@
+Index: git/misc.c
+===================================================================
+--- git.orig/misc.c    2008-12-29 13:10:25.000000000 +0100
++++ git/misc.c 2008-12-29 13:10:39.000000000 +0100
+@@ -2256,9 +2256,10 @@
+           unparseputc(xw, okay ? '1' : '0');
+           unparseputc(xw, '$');
+           unparseputc(xw, 'r');
+-          if (okay)
++          if (okay) {
+               cp = reply;
+-          unparseputs(xw, cp);
++              unparseputs(xw, cp);
++          }
+           unparseputc1(xw, ST);
+       } else {
+           unparseputc(xw, CAN);
diff --git a/debian/patches/series b/debian/patches/series
index 6964f1b..8d4bab5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,7 @@
 900_debian_xterm.diff -p0
 901_xterm_manpage.diff -p0
 902_disallowWindowOps
+disable-font-shifting
+disable-changexprop
+fix-decrqss
+disable-udk


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

xterm: Changes to 'debian-etch'

Reply via email to