From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 56375 invoked by alias); 7 Nov 2019 17:03:44 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 56367 invoked by uid 89); 7 Nov 2019 17:03:44 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=sk:invisib, cygwin-apps, cygwinapps X-HELO: smtp-out-so.shaw.ca Received: from smtp-out-so.shaw.ca (HELO smtp-out-so.shaw.ca) (64.59.136.137) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 07 Nov 2019 17:03:42 +0000 Received: from [192.168.1.114] ([24.64.172.44]) by shaw.ca with ESMTP id SlC7ir4yN17ZDSlC8i1wJy; Thu, 07 Nov 2019 10:03:40 -0700 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: [ANNOUNCEMENT] xterm 348-1 To: cygwin@cygwin.com References: <20191106211318.263462ceb47f01f6fd63c64e@nifty.ne.jp> <420cec84-46a7-c55c-f723-dfd96d39d39b@SystematicSw.ab.ca> <20191107004841.33764763bbb1ba364347c46c@nifty.ne.jp> <20191107113936.129b5b6f0c1879dbd5be7ed7@nifty.ne.jp> From: Brian Inglis Openpgp: preference=signencrypt Message-ID: Date: Thu, 07 Nov 2019 17:03:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2019-11/txt/msg00037.txt.bz2 On 2019-11-07 01:31, Thomas Wolff wrote: > Am 07.11.2019 um 03:39 schrieb Takashi Yano: >> ... >> Wait. I have just found /etc/X11/app-defaults/XTerm has a entry >> *VT100*eightBitInput: false >> which is added from cygwin xterm 348-1. >> >> Removing this line or changing the value to true solves this issue. >> >> Katsumi, could you please check if this solves the issue? > The option value of eightBitInput must not be set to false nowadays, it's a > relic of ASCII times. > There are a number of further questionable changes in /etc/X11/app-defaults/XTerm > (not checked to other XTerm default entries there): > >  < *backarrowKeyIsErase: true >  < *metaSendsEscape: true >  < *ptyInitialErase: true >  > ! Cygwin Defaults >  > +*backarrowKeyIsErase: true >  > +*metaSendsEscape: true >  > +*ptyInitialErase: true > Using the obscure "+" prefix here seems to reset the option to its default, > regardless of the given value. Clearer configuration would be preferrable. Normal practice is to set the default value and comment out the entry. Is this an obscure comment convention rather than !? > Changing backarrowKeyIsErase and ptyInitialErase consistently may go unnoticed > for most users, but it effectively switches away from the Linux habit to use DEL > for the backarrow key, just to note. > Setting metaSendsEscape to false make input inconsistent. Alt+x will still enter > ESC x (for whatever reason) but Alt+ö will enter only ö (again, for whatever > reason). Option value true makes this consistent. > >  > ! Red Hat Defaults: >  > *allowFontOps: false >  > *allowTcapOps: false > The "allow*" options are meant to provide security but I see no security problem > with these two, particularly not TcapOps (which seems to be used by vim to > fine-tune terminal feature usage). In a malicious script, font size could be set to tiny, text made invisible, or foreground set to match background, to hide or obscure execution of malicious commands, such as those exploited using bashdoor/shellshock vulnerabilities, plus xterm *ops exec code and shell vulnerabilities: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030? https://www.cvedetails.com/vulnerability-list/vendor_id-5838/product_id-9872/Invisible-island-Xterm.html https://www.cvedetails.com/vulnerability-list/vendor_id-88/product_id-170/X.org-Xterm.html https://www.cvedetails.com/vulnerability-list/vendor_id-7100/product_id-11978/Xterm-Xterm.html >  > *VT100*eightBitInput: false > Must be true! >  > *VT100*scrollBar: true > Why not, but it's a change that users may dislike. >  > *VT100*utf8Title: true > Probably a good idea. >  > *termName: xterm-256color > For applications that make a difference in colour usage depending on the TERM > setting, this updates mega-legacy 16 colours to legacy 256 colours. > Note that xterm also supplies a terminfo entry "xterm-direct" to reflect true > colour support. Using it would require an update of the terminfo package, too, > though, to get the xterm-direct entry included. You may submit a patch to the package/file(s) on the cygwin-apps list, and perhaps also upstream to Thomas E. Dickey, with links to the issue and discussion, if only for info. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple