diff options
author | Peter Hutterer <peter.hutterer@who-t.net> | 2023-01-16 19:44:52 +1000 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-01-16 10:30:39 -0800 |
commit | 8178eb0834d82242e1edbc7d4fb0d1b397569c68 (patch) | |
tree | 98082a6ff7c1ac4124fb0a10c6cecd5e939edf79 /README.md | |
parent | c5ab17bcc34914c0b0707d2135dbebe9a367c5f0 (diff) | |
download | xorg-lib-libXpm-8178eb0834d82242e1edbc7d4fb0d1b397569c68.tar.gz |
Use gzip -d instead of gunzip
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
/usr/bin/gunzip with the correct built-in path, the actual gzip call
will use whichever gzip it finds first, making our patch pointless.
Fix this by explicitly calling gzip -d instead.
https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
[Part of the fix for CVE-2022-4883]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -41,5 +41,5 @@ the first version found in the PATH used to run configure, and do not depend on the PATH environment variable set at runtime. To specify paths to be used for these commands instead of searching $PATH, pass -the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP +the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP variables to the configure command. |