On Mon, Dec 29, 2008 at 13:39:19 +0100, Florian Weimer wrote:
> * Paul Szabo:
>
> > Ubuntu still allows window title reporting, and is vulnerable to
> > perl -e 'print "\e\]0;;bad-command;\a\e\[21t"'
>
> Thanks for reporting this.
>
> The sid version is also affected because allowWindowOps is not set to
> false in the configuration.
>
> I plan to fix this for etch by disabling UDKs, font shifting, X
> property changes, and applying Paul's patch. Any objections?
>
Hi,
I'm considering the below diff for lenny, please review and tell me
whether this is ok for testing-security.
Cheers,
Julien
diff --git a/debian/changelog b/debian/changelog
index 2205844..58c0684 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+xterm (235-2) UNRELEASED; urgency=high
+
+ * Backport changes from xterm 238:
+ - make OSC 3 (change X property) subject to allowWindowOps resource
+ - make VT220 DSR responses inactive in VT100-mode
+ - make DECUDK feature inactive in VT100-mode
+ - respond to incorrectly formatted DECRQSS with a cancel (CVE-2008-2383;
+ closes: #510030)
+ - add allowFontOps resource to allow the fontsize-switching and font
+ query/set control sequences to be enabled/disabled
+ * Additionally, change the default values for allowFontOps and
+ allowWindowOps to false.
+
+ -- Julien Cristau <jcris...@debian.org> Sat, 03 Jan 2009 18:47:43 +0100
+
xterm (235-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/patches/000_backport_from_238.diff
b/debian/patches/000_backport_from_238.diff
new file mode 100644
index 0000000..c3e0eda
--- /dev/null
+++ b/debian/patches/000_backport_from_238.diff
@@ -0,0 +1,227 @@
+From xterm #238:
+* make OSC 3 (change X property) subject to allowWindowOps resource
+* make VT220 DSR responses inactive in VT100-mode
+* make DECUDK feature inactive in VT100-mode
+* respond to incorrectly formatted DECRQSS with a cancel
+* add allowFontOps resource to allow the fontsize-switching and font query/set
+ control sequences to be enabled/disabled
+
+Index: xterm/charproc.c
+===================================================================
+--- xterm.orig/charproc.c
++++ xterm/charproc.c
+@@ -389,6 +389,7 @@
+ static XtResource resources[] =
+ {
+ Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0,
False),
++ Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, True),
+ Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, True),
+ Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, True),
+ Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False),
+@@ -2144,28 +2145,38 @@
+ break;
+ case 15:
+ /* printer status */
+- reply.a_param[count++] = 13; /* implement printer */
++ if (screen->terminal_id >= 200) { /* VT220 */
++ reply.a_param[count++] = 13; /* implement printer */
++ }
+ break;
+ case 25:
+ /* UDK status */
+- reply.a_param[count++] = 20; /* UDK always unlocked */
++ if (screen->terminal_id >= 200) { /* VT220 */
++ reply.a_param[count++] = 20; /* UDK always unlocked
*/
++ }
+ break;
+ case 26:
+ /* keyboard status */
+- reply.a_param[count++] = 27;
+- reply.a_param[count++] = 1; /* North American */
+- if (screen->terminal_id >= 400) {
+- reply.a_param[count++] = 0; /* ready */
+- reply.a_param[count++] = 0; /* LK201 */
++ if (screen->terminal_id >= 200) { /* VT220 */
++ reply.a_param[count++] = 27;
++ reply.a_param[count++] = 1; /* North American */
++ if (screen->terminal_id >= 400) {
++ reply.a_param[count++] = 0; /* ready */
++ reply.a_param[count++] = 0; /* LK201 */
++ }
+ }
+ break;
+ case 53:
+ /* Locator status */
++ if (screen->terminal_id >= 200) { /* VT220 */
+ #if OPT_DEC_LOCATOR
+- reply.a_param[count++] = 50; /* locator ready */
++ reply.a_param[count++] = 50; /* locator ready */
+ #else
+- reply.a_param[count++] = 53; /* no locator */
++ reply.a_param[count++] = 53; /* no locator */
+ #endif
++ }
++ break;
++ default:
+ break;
+ }
+
+@@ -5525,11 +5536,13 @@
+ init_Bres(screen.meta_sends_esc);
+
+ init_Bres(screen.allowSendEvent0);
++ init_Bres(screen.allowFontOp0);
+ init_Bres(screen.allowTitleOp0);
+ init_Bres(screen.allowWindowOp0);
+
+ /* make a copy so that editres cannot change the resource after startup */
+ wnew->screen.allowSendEvents = wnew->screen.allowSendEvent0;
++ wnew->screen.allowFontOps = wnew->screen.allowFontOp0;
+ wnew->screen.allowTitleOps = wnew->screen.allowTitleOp0;
+ wnew->screen.allowWindowOps = wnew->screen.allowWindowOp0;
+
+Index: xterm/misc.c
+===================================================================
+--- xterm.orig/misc.c
++++ xterm/misc.c
+@@ -2348,7 +2348,8 @@
+ break;
+
+ case 3: /* change X property */
+- ChangeXprop(buf);
++ if (screen->allowWindowOps)
++ ChangeXprop(buf);
+ break;
+ #if OPT_ISO_COLORS
+ case 4:
+@@ -2401,7 +2402,9 @@
+
+ case 50:
+ #if OPT_SHIFT_FONTS
+- if (buf != 0 && !strcmp(buf, "?")) {
++ if (!screen->allowFontOps && xw->misc.shift_fonts) {
++ ; /* disabled via resource or control-sequence */
++ } else if (buf != 0 && !strcmp(buf, "?")) {
+ int num = screen->menu_font_number;
+
+ unparseputc1(xw, ANSI_OSC);
+@@ -2472,7 +2475,7 @@
+
+ #if OPT_PASTE64
+ case 52:
+- if (screen->allowWindowOps && (buf != 0))
++ if (screen->allowWindowOps)
+ ManipulateSelectionData(xw, screen, buf, final);
+ break;
+ #endif
+@@ -2813,14 +2816,17 @@
+ } else
+ okay = False;
+
+- unparseputc1(xw, ANSI_DCS);
+- unparseputc(xw, okay ? '1' : '0');
+- unparseputc(xw, '$');
+- unparseputc(xw, 'r');
+- if (okay)
++ if (okay) {
++ unparseputc1(xw, ANSI_DCS);
++ unparseputc(xw, okay ? '1' : '0');
++ unparseputc(xw, '$');
++ unparseputc(xw, 'r');
+ cp = reply;
+- unparseputs(xw, cp);
+- unparseputc1(xw, ANSI_ST);
++ unparseputs(xw, cp);
++ unparseputc1(xw, ANSI_ST);
++ } else {
++ unparseputc(xw, ANSI_CAN);
++ }
+ } else {
+ unparseputc(xw, ANSI_CAN);
+ }
+@@ -2892,16 +2898,18 @@
+ break;
+ #endif
+ default:
+- parse_ansi_params(¶ms, &cp);
+- switch (params.a_final) {
+- case '|': /* DECUDK */
+- if (params.a_param[0] == 0)
+- reset_decudk();
+- parse_decudk(cp);
+- break;
+- case '{': /* DECDLD (no '}' case though) */
+- parse_decdld(¶ms, cp);
+- break;
++ if (screen->terminal_id >= 200) { /* VT220 */
++ parse_ansi_params(¶ms, &cp);
++ switch (params.a_final) {
++ case '|': /* DECUDK */
++ if (params.a_param[0] == 0)
++ reset_decudk();
++ parse_decudk(cp);
++ break;
++ case '{': /* DECDLD (no '}' case though) */
++ parse_decdld(¶ms, cp);
++ break;
++ }
+ }
+ break;
+ }
+Index: xterm/ptyx.h
+===================================================================
+--- xterm.orig/ptyx.h
++++ xterm/ptyx.h
+@@ -1405,12 +1405,17 @@
+ Boolean bellOnReset; /* bellOnReset */
+ Boolean visualbell; /* visual bell mode */
+ Boolean poponbell; /* pop on bell mode */
++
++ Boolean allowFontOps; /* FontOps mode */
+ Boolean allowSendEvents;/* SendEvent mode */
+ Boolean allowTitleOps; /* TitleOps mode */
+ Boolean allowWindowOps; /* WindowOps mode */
++
++ Boolean allowFontOp0; /* initial FontOps mode */
+ Boolean allowSendEvent0;/* initial SendEvent mode */
+ Boolean allowTitleOp0; /* initial TitleOps mode */
+ Boolean allowWindowOp0; /* initial WindowOps mode */
++
+ Boolean awaitInput; /* select-timeout mode */
+ Boolean grabbedKbd; /* keyboard is grabbed */
+ #ifdef ALLOWLOGGING
+Index: xterm/xterm.h
+===================================================================
+--- xterm.orig/xterm.h
++++ xterm/xterm.h
+@@ -331,6 +331,7 @@
+ /***====================================================================***/
+
+ #define XtNallowC1Printable "allowC1Printable"
++#define XtNallowFontOps "allowFontOps"
+ #define XtNallowSendEvents "allowSendEvents"
+ #define XtNallowTitleOps "allowTitleOps"
+ #define XtNallowWindowOps "allowWindowOps"
+@@ -485,6 +486,7 @@
+ #define XtNxmcMoveSGR "xmcMoveSGR"
+
+ #define XtCAllowC1Printable "AllowC1Printable"
++#define XtCAllowFontOps "AllowFontOps"
+ #define XtCAllowSendEvents "AllowSendEvents"
+ #define XtCAllowTitleOps "AllowTitleOps"
+ #define XtCAllowWindowOps "AllowWindowOps"
+Index: xterm/xterm.man
+===================================================================
+--- xterm.orig/xterm.man
++++ xterm/xterm.man
+@@ -1439,6 +1439,10 @@
+ Although this corresponds to no particular standard,
+ some users insist it is a VT100.
+ The default is ``false.''
++.TP
++.B "allowFontOps (\fPclass\fB AllowFontOps)"
++Specifies whether control sequences that set/query the font should be allowed.
++The default is ``true.''
+ .TP 8
+ .B "allowSendEvents (\fPclass\fB AllowSendEvents)"
+ Specifies whether or not synthetic key and button events (generated using
diff --git a/debian/patches/903_windowops.diff
b/debian/patches/903_windowops.diff
new file mode 100644
index 0000000..e7d08ac
--- /dev/null
+++ b/debian/patches/903_windowops.diff
@@ -0,0 +1,26 @@
+Index: xterm/charproc.c
+===================================================================
+--- xterm.orig/charproc.c
++++ xterm/charproc.c
+@@ -391,7 +391,7 @@
+ Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0,
False),
+ Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, True),
+ Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, True),
+- Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, True),
++ Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, False),
+ Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False),
+ Bres(XtNaltSendsEscape, XtCAltSendsEscape, screen.alt_sends_esc, False),
+ Bres(XtNalwaysBoldMode, XtCAlwaysBoldMode, screen.always_bold_mode,
False),
+Index: xterm/xterm.man
+===================================================================
+--- xterm.orig/xterm.man
++++ xterm/xterm.man
+@@ -1460,7 +1460,7 @@
+ .B "allowWindowOps (\fPclass\fB AllowWindowOps)"
+ Specifies whether extended window control sequences (as used in dtterm)
+ should be allowed.
+-The default is ``true.''
++The default is ``false.''
+ .TP 8
+ .B "altIsNotMeta (\fPclass\fB AltIsNotMeta\fP)"
+ If ``true'', treat the Alt-key as if it were the Meta-key.
diff --git a/debian/patches/904_fontops.diff b/debian/patches/904_fontops.diff
new file mode 100644
index 0000000..909135f
--- /dev/null
+++ b/debian/patches/904_fontops.diff
@@ -0,0 +1,26 @@
+Index: xterm/charproc.c
+===================================================================
+--- xterm.orig/charproc.c
++++ xterm/charproc.c
+@@ -389,7 +389,7 @@
+ static XtResource resources[] =
+ {
+ Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0,
False),
+- Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, True),
++ Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, False),
+ Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, True),
+ Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, False),
+ Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False),
+Index: xterm/xterm.man
+===================================================================
+--- xterm.orig/xterm.man
++++ xterm/xterm.man
+@@ -1442,7 +1442,7 @@
+ .TP
+ .B "allowFontOps (\fPclass\fB AllowFontOps)"
+ Specifies whether control sequences that set/query the font should be allowed.
+-The default is ``true.''
++The default is ``false.''
+ .TP 8
+ .B "allowSendEvents (\fPclass\fB AllowSendEvents)"
+ Specifies whether or not synthetic key and button events (generated using
diff --git a/debian/patches/series b/debian/patches/series
index d8267b7..0c62317 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,6 @@
+000_backport_from_238.diff
900_debian_xterm.diff -p0
901_xterm_manpage.diff -p0
902_pointermode_never.diff -p0
+903_windowops.diff
+904_fontops.diff
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
