diff options
| author | Peter Hutterer <peter.hutterer@who-t.net> | 2023-01-16 19:44:52 +1000 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-01-16 10:30:39 -0800 |
| commit | 8178eb0834d82242e1edbc7d4fb0d1b397569c68 (patch) | |
| tree | 98082a6ff7c1ac4124fb0a10c6cecd5e939edf79 /configure.ac | |
| parent | c5ab17bcc34914c0b0707d2135dbebe9a367c5f0 (diff) | |
| download | xorg-lib-libXpm-8178eb0834d82242e1edbc7d4fb0d1b397569c68.tar.gz | |
Use gzip -d instead of gunzip
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
/usr/bin/gunzip with the correct built-in path, the actual gzip call
will use whichever gzip it finds first, making our patch pointless.
Fix this by explicitly calling gzip -d instead.
https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
[Part of the fix for CVE-2022-4883]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index e6b6509..6cd165f 100644 --- a/configure.ac +++ b/configure.ac @@ -58,7 +58,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2]) ]) dnl End of AC_DEFUN([XPM_PATH_PROG]... # Optional feature: When a filename ending in .Z or .gz is requested, -# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to +# open a pipe to a newly forked compress/uncompress/gzip command to # handle it. AC_MSG_CHECKING([whether to handle compressed pixmaps]) case $host_os in @@ -77,7 +77,6 @@ else XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress]) XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress]) XPM_PATH_PROG([XPM_PATH_GZIP], [gzip]) - XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip]) AC_CHECK_FUNCS([closefrom close_range], [break]) fi |