| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
AC_PROG_LIBTOOL was replaced by LT_INIT in libtool 2 in 2008,
so it's time to rely on it.
configure.ac:14: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
configure.ac:14: You should run autoupdate.
m4/libtool.m4:100: AC_PROG_LIBTOOL is expanded from...
configure.ac:14: the top level
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
| |
If compress is not found, we disable writing to .Z files,
but leave the rest of the compression code active.
If uncompress is not found, we use gzip to read .Z files.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When one of the compression helper programs is not found, the message
suggesting how to compile without it should say --disable-open-zfile,
not --disable-stat-zfile.
Fixes: 515294b ("Fix CVE-2022-4883: compression commands depend on $PATH")
Closes: #4
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
/usr/bin/gunzip with the correct built-in path, the actual gzip call
will use whichever gzip it finds first, making our patch pointless.
Fix this by explicitly calling gzip -d instead.
https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
[Part of the fix for CVE-2022-4883]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, on all platforms except MinGW, libXpm will detect if a
filename ends in .Z or .gz, and will when reading such a file fork off
an uncompress or gunzip command to read from via a pipe, and when
writing such a file will fork off a compress or gzip command to write
to via a pipe.
In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
to find the commands. If libXpm is called from a program running with
raised privileges, such as via setuid, then a malicious user could set
$PATH to include programs of their choosing to be run with those
privileges.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes rudimentary tests for XpmReadFileToXpmImage, XpmReadFileToData,
XpmReadFileToBuffer, XpmCreateXpmImageFromData, XpmCreateXpmImageFromBuffer,
XpmWriteFileFromXpmImage, XpmWriteFileFromData, XpmWriteFileFromBuffer,
XpmAttributesSize, XpmGetErrorString, XpmLibraryVersion
Includes test cases for CVE-2004-0687
Tests .Z and .gz files if --enable-open-zfile is active
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
|
| |
Documents the two compression options in the README, makes their
configure options reflect the interdependency of their implementation,
and makes the configure script report their configuration.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When fork() is not available, we need to define NO_ZPIPE so that
libXpm doesn't try to fork/exec to use a pipe to uncompress compressed
.xpm files. There is obviously a loss of functionality, but loading
uncompressed .xpm files should continue to work.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/x11r7/xlib_libXpm/0001-fork-check.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
Remove extra bogus return added to avoid warnings when calling Punt()
since gcc didn't know it would never return.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
| |
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Define NO_ZPIPE when building for MinGW, decompressing via a pipe isn't implemented.
(since xpmPipeThrough() is only written in terms of fork() currently...)
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
Reviewed-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Ángel González <ingenit@zoho.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
| |
It calls various Xlib functions so should link with -lX11 directly.
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
|
|
|
|
|
| |
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
|
| |
As per X.Org guidelines.
Fix whitespace issues.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
|
|
|
| |
Group statements per section as per Autoconf standard layout
Quote statements where appropriate.
No functional configuration changes
This helps automated maintenance and release activities.
Details can be found in http://wiki.x.org/wiki/NewModuleGuidelines
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
|
|
| |
As per guidelines for all xorg modules.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
| |
Reduce some complexity in the src makefile as it should not
handle sibling directories.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
|
| |
Fix some m4 quoting
Fix some autoconf warnings
Regroup statements per section
Add comments
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
| |
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
| |
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
| |
This macro is called by PKG_CHECK_MODULES
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
| |
XORG_STRICT_OPTION from XORG_DEFAULT_OPTIONS calls
AC_PROG_C_C99. This sets gcc with -std=gnu99.
If AC_PROG_CC macro is called afterwards, it resets CC to gcc.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
| |
Autoconf says:
"This macro is obsolescent, as current systems have conforming
header files. New programs need not use this macro".
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
| |
Regroup AC statements at the top.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
| |
It depends on util-macros 1.8
The LT_AC_PROG_SED macro was never released by libtool.
Neither man makefile actually used $SED anyway.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
| |
Use MAN_SUBST now supplied in XORG_MANPAGE_SECTIONS
The value of MAN_SUBST is the same for all X.Org packages.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
|
|
| |
Unrelated to the previous patches, the new value simply reflects
the reality that the minimum level for autoconf to configure
all x.org modules is 2.60 dated June 2006.
ftp://ftp.gnu.org/gnu/autoconf/autoconf-2.60.tar.gz
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
|
|
| |
Remove deprecated acinclude.m4 macro container file
Use separate macro files as per autoconf recommendation
Use the latest version of the macro from GNU
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
|
|
|
|
| |
This macro aggregate a number of existing macros that sets commmon
X.Org components configuration options. It shields the configuration file from
future changes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Wed, 2009-10-21 at 13:36 +1000, Peter Hutterer wrote:
> On Tue, Oct 20, 2009 at 08:23:55PM -0700, Jeremy Huddleston wrote:
> > I noticed an INSTALL file in xlsclients and libXvMC today, and it
> > was quite annoying to work around since 'autoreconf -fvi' replaces
> > it and git wants to commit it. Should these files even be in git?
> > Can I nuke them for the betterment of humanity and since they get
> > created by autoreconf anyways?
>
> See https://bugs.freedesktop.org/show_bug.cgi?id=24206
As an interim measure, replace AM_INIT_AUTOMAKE([dist-bzip2]) with
AM_INIT_AUTOMAKE([foreign dist-bzip2]). This will prevent the generation
of the INSTALL file. It is also part of the 24206 solution.
Signed-off-by: Jeremy Huddleston <jeremyhu@freedesktop.org>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
|
| |
|
|
|
|
|
|
| |
The ansification code is minor edit of the patch (by me) at
https://bugs.freedesktop.org/show_bug.cgi?id=14727
as it would not apply cleanly anymore.
|
| |
|
|
|
|
|
|
|
| |
AC_PROG_SED required autoconf 2.60, libtool's should work
regardless. This keeps us supporting 2.57 of autoconf
Found by: Tinderbox (1.4.1 compile)
|
|
|
|
| |
<http://bugs.freedesktop.org/show_bug.cgi?id=14171>
|
| |
|
|
|
|
|
|
| |
<http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4486226>
Use gettext() to allow translated messages in sxpm & cxpm
(cherry picked from bcda4f17ab3fa9f0572f876dbeb09b45fbc23f3d commit)
|