X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:subject:to:references:from:message-id :date:mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=dcoN0u0murXu85sc H6O7r/iqYWKA5SsvYuEOMIkwAn0Dth3cpBsoQ+66oYx2pWplOqNDK2lq/wHVi2ic 4HSq9QPW7G5RN97ktW/bb/6+83beiQvtQf0aSWn+ce9ICGYDsSn6Hy+OCvwUwHdD zgkRGh173n6JHWlYEy5NRuNObRM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:subject:to:references:from:message-id :date:mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=fGZj6lOJbXZlAOYGA18SSc Jj+LE=; b=n/zRtP/XsIeRHeepSRJsefHAActBkYRp7+3VyJsu00HT0/yK9vmVdJ zyHKlHMd+6R+DJ6/48O6D6+ARHgktfBtDEKKQo374S5ROYFVAQFrH7nM75aF2r+d gsVj9/kXXXzVH5pC0LJkCaAt3nVQNOgd420d+KLh5jtMbYikYC3MQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=sk:invisib, cygwin-apps, cygwinapps X-HELO: smtp-out-so.shaw.ca Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca Subject: Re: [ANNOUNCEMENT] xterm 348-1 To: cygwin AT cygwin DOT com References: <20191106211318 DOT 263462ceb47f01f6fd63c64e AT nifty DOT ne DOT jp> <420cec84-46a7-c55c-f723-dfd96d39d39b AT SystematicSw DOT ab DOT ca> <20191107004841 DOT 33764763bbb1ba364347c46c AT nifty DOT ne DOT jp> <20191107113936 DOT 129b5b6f0c1879dbd5be7ed7 AT nifty DOT ne DOT jp> From: Brian Inglis Openpgp: preference=signencrypt Message-ID: Date: Thu, 7 Nov 2019 10:03:39 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes On 2019-11-07 01:31, Thomas Wolff wrote: > Am 07.11.2019 um 03:39 schrieb Takashi Yano: >> ... >> Wait. I have just found /etc/X11/app-defaults/XTerm has a entry >> *VT100*eightBitInput: false >> which is added from cygwin xterm 348-1. >> >> Removing this line or changing the value to true solves this issue. >> >> Katsumi, could you please check if this solves the issue? > The option value of eightBitInput must not be set to false nowadays, it's a > relic of ASCII times. > There are a number of further questionable changes in /etc/X11/app-defaults/XTerm > (not checked to other XTerm default entries there): > > < *backarrowKeyIsErase: true > < *metaSendsEscape: true > < *ptyInitialErase: true > > ! Cygwin Defaults > > +*backarrowKeyIsErase: true > > +*metaSendsEscape: true > > +*ptyInitialErase: true > Using the obscure "+" prefix here seems to reset the option to its default, > regardless of the given value. Clearer configuration would be preferrable. Normal practice is to set the default value and comment out the entry. Is this an obscure comment convention rather than !? > Changing backarrowKeyIsErase and ptyInitialErase consistently may go unnoticed > for most users, but it effectively switches away from the Linux habit to use DEL > for the backarrow key, just to note. > Setting metaSendsEscape to false make input inconsistent. Alt+x will still enter > ESC x (for whatever reason) but Alt+ö will enter only ö (again, for whatever > reason). Option value true makes this consistent. > > > ! Red Hat Defaults: > > *allowFontOps: false > > *allowTcapOps: false > The "allow*" options are meant to provide security but I see no security problem > with these two, particularly not TcapOps (which seems to be used by vim to > fine-tune terminal feature usage). In a malicious script, font size could be set to tiny, text made invisible, or foreground set to match background, to hide or obscure execution of malicious commands, such as those exploited using bashdoor/shellshock vulnerabilities, plus xterm *ops exec code and shell vulnerabilities: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030? https://www.cvedetails.com/vulnerability-list/vendor_id-5838/product_id-9872/Invisible-island-Xterm.html https://www.cvedetails.com/vulnerability-list/vendor_id-88/product_id-170/X.org-Xterm.html https://www.cvedetails.com/vulnerability-list/vendor_id-7100/product_id-11978/Xterm-Xterm.html > > *VT100*eightBitInput: false > Must be true! > > *VT100*scrollBar: true > Why not, but it's a change that users may dislike. > > *VT100*utf8Title: true > Probably a good idea. > > *termName: xterm-256color > For applications that make a difference in colour usage depending on the TERM > setting, this updates mega-legacy 16 colours to legacy 256 colours. > Note that xterm also supplies a terminfo entry "xterm-direct" to reflect true > colour support. Using it would require an update of the terminfo package, too, > though, to get the xterm-direct entry included. You may submit a patch to the package/file(s) on the cygwin-apps list, and perhaps also upstream to Thomas E. Dickey, with links to the issue and discussion, if only for info. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple