~brown121407/st

Link everything with pkg-config.
Make the theme a bit more laserwavy.
Change zoom keybindings.
Add scrollback patches.
f1fb502f — Michael Buch 1 year, 6 months ago
Highlight selected urls
Make "make clean" delete config.h.
Make guix-install executable.
Add Guix install script.
fa253f07 — Hiltjo Posthuma a month ago
bump version to 0.8.4
b27a383a — Hiltjo Posthuma a month ago
config.mk: use PKG_CONFIG in commented OpenBSD section
81067c65 — Hiltjo Posthuma a month ago
LICENSE: bump years
f74a9df6 — Hiltjo Posthuma a month ago
remove sixel stub code

Remove stub code that was used for an experiment of adding sixel code to st
from the commit f7398434.
818ec746 — Hiltjo Posthuma a month ago
fix unicode glitch in DCS strings, patch by Tim Allen

Reported on the mailinglist:

"
I discovered recently that if an application running inside st tries to
send a DCS string, subsequent Unicode characters get messed up. For
example, consider the following test-case:

    printf '\303\277\033P\033\\\303\277'

...where:

  - \303\277 is the UTF-8 encoding of U+00FF LATIN SMALL LETTER Y WITH
    DIAERESIS (ÿ).
  - \033P is ESC P, the token that begins a DCS string.
  - \033\\ is ESC \, a token that ends a DCS string.
  - \303\277 is the same ÿ character again.

If I run the above command in a VTE-based terminal, or xterm, or
QTerminal, or pterm (PuTTY), I get the output:

    ÿÿ

...which is to say, the empty DCS string is ignored. However, if I run
that command inside st (as of commit 9ba7ecf), I get:

    ÿÿ

...where those last two characters are \303\277 interpreted as ISO8859-1
characters, instead of UTF-8.

I spent some time tracing through the state machines in st.c, and so far
as I can tell, this is how it works currently:

  - ESC P sets the "ESC_DCS" and "ESC_STR" flags, indicating that
    incoming bytes should be collected into the strescseq buffer, rather
    than being interpreted.
  - ESC \ sets the "ESC_STR_END" flag (when ESC is received), and then
    calls strhandle() (when \ is received) to interpret the collected
    bytes.
  - If the collected bytes begin with 'P' (i.e. if this was a DCS
    string) strhandle() sets the "ESC_DCS" flag again, confusing the
    state machine.

If my understanding is correct, fixing the problem should be as easy as
removing the line that sets ESC_DCS from strhandle():

diff --git a/st.c b/st.c
index ef8abd5..b5b805a 100644
--- a/st.c
+++ b/st.c
@@ -1897,7 +1897,6 @@ strhandle(void)
		xsettitle(strescseq.args[0]);
		return;
	case 'P': /* DCS -- Device Control String */
-		term.mode |= ESC_DCS;
	case '_': /* APC -- Application Program Command */
	case '^': /* PM -- Privacy Message */
		return;

I've tried the above patch and it fixes my problem, but I don't know if
it introduces any others.
"
9ba7ecf7 — Hiltjo Posthuma 2 months ago
FAQ: fix single-buffer patch

rebase against master
a2a70449 — Hiltjo Posthuma 2 months ago
config.def.h: add an option allowwindowops, by default off (secure)

Similar to the xterm AllowWindowOps option, this is an option to allow or
disallow certain (non-interactive) operations that can be insecure or
exploited.

NOTE: xsettitle() is not guarded by this because st does not support printing
the window title. Else this could be exploitable (arbitrary code execution).
Similar problems have been found in the past in other terminal emulators.

The sequence for base64-encoded clipboard copy is now guarded because it allows
a sequence written to the terminal to manipulate the clipboard of the running
user non-interactively, for example:

printf '\x1b]52;0;ZWNobyBoaQ0=\a'
0f8b4065 — Hiltjo Posthuma 2 months ago
FAQ: add some details about the w3m img hack

... and an example patch to switch from double-buffering to a single buffer.
Next