|
 |
682ea0 |
From 2065cf056f47c95bda237d8d700d9d24a893716d Mon Sep 17 00:00:00 2001
|
|
|
682ea0 |
From: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
682ea0 |
Date: Mon, 16 Jan 2023 19:44:52 +1000
|
|
|
682ea0 |
Subject: [PATCH libXpm 3/3] Use gzip -d instead of gunzip
|
|
|
682ea0 |
|
|
|
682ea0 |
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
|
|
|
682ea0 |
/usr/bin/gunzip with the correct built-in path, the actual gzip call
|
|
|
682ea0 |
will use whichever gzip it finds first, making our patch pointless.
|
|
|
682ea0 |
|
|
|
682ea0 |
Fix this by explicitly calling gzip -d instead.
|
|
|
682ea0 |
|
|
|
682ea0 |
https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
|
|
|
682ea0 |
|
|
|
682ea0 |
[Part of the fix for CVE-2022-4883]
|
|
|
682ea0 |
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
682ea0 |
(cherry picked from commit 8178eb0834d82242e1edbc7d4fb0d1b397569c68)
|
|
|
682ea0 |
---
|
|
|
682ea0 |
README | 2 +-
|
|
|
682ea0 |
configure.ac | 3 +--
|
|
|
682ea0 |
src/RdFToI.c | 2 +-
|
|
|
682ea0 |
3 files changed, 3 insertions(+), 4 deletions(-)
|
|
|
682ea0 |
|
|
|
682ea0 |
diff --git a/README b/README
|
|
|
682ea0 |
index c7d6dbf..d4c7212 100644
|
|
|
682ea0 |
--- a/README
|
|
|
682ea0 |
+++ b/README
|
|
|
682ea0 |
@@ -48,5 +48,5 @@ the first version found in the PATH used to run configure, and do not depend
|
|
|
682ea0 |
on the PATH environment variable set at runtime.
|
|
|
682ea0 |
|
|
|
682ea0 |
To specify paths to be used for these commands instead of searching $PATH, pass
|
|
|
682ea0 |
-the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, XPM_PATH_GZIP, and XPM_PATH_GUNZIP
|
|
|
682ea0 |
+the XPM_PATH_COMPRESS, XPM_PATH_UNCOMPRESS, and XPM_PATH_GZIP
|
|
|
682ea0 |
variables to the configure command.
|
|
|
682ea0 |
diff --git a/configure.ac b/configure.ac
|
|
|
682ea0 |
index c1da348..74d9856 100644
|
|
|
682ea0 |
--- a/configure.ac
|
|
|
682ea0 |
+++ b/configure.ac
|
|
|
682ea0 |
@@ -57,7 +57,7 @@ AC_DEFINE_UNQUOTED([$1], ["$$1"], [Path to $2])
|
|
|
682ea0 |
]) dnl End of AC_DEFUN([XPM_PATH_PROG]...
|
|
|
682ea0 |
|
|
|
682ea0 |
# Optional feature: When a filename ending in .Z or .gz is requested,
|
|
|
682ea0 |
-# open a pipe to a newly forked compress/uncompress/gzip/gunzip command to
|
|
|
682ea0 |
+# open a pipe to a newly forked compress/uncompress/gzip command to
|
|
|
682ea0 |
# handle it.
|
|
|
682ea0 |
AC_MSG_CHECKING([whether to handle compressed pixmaps])
|
|
|
682ea0 |
case $host_os in
|
|
|
682ea0 |
@@ -75,7 +75,6 @@ else
|
|
|
682ea0 |
XPM_PATH_PROG([XPM_PATH_COMPRESS], [compress])
|
|
|
682ea0 |
XPM_PATH_PROG([XPM_PATH_UNCOMPRESS], [uncompress])
|
|
|
682ea0 |
XPM_PATH_PROG([XPM_PATH_GZIP], [gzip])
|
|
|
682ea0 |
- XPM_PATH_PROG([XPM_PATH_GUNZIP], [gunzip])
|
|
|
682ea0 |
AC_CHECK_FUNCS([closefrom close_range], [break])
|
|
|
682ea0 |
fi
|
|
|
682ea0 |
|
|
|
682ea0 |
diff --git a/src/RdFToI.c b/src/RdFToI.c
|
|
|
682ea0 |
index a91d337..141c485 100644
|
|
|
682ea0 |
--- a/src/RdFToI.c
|
|
|
682ea0 |
+++ b/src/RdFToI.c
|
|
|
682ea0 |
@@ -251,7 +251,7 @@ OpenReadFile(
|
|
|
682ea0 |
else if ( ext && !strcmp(ext, ".gz") )
|
|
|
682ea0 |
{
|
|
|
682ea0 |
mdata->type = XPMPIPE;
|
|
|
682ea0 |
- mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GUNZIP, "-qc", "r");
|
|
|
682ea0 |
+ mdata->stream.file = xpmPipeThrough(fd, XPM_PATH_GZIP, "-dqc", "r");
|
|
|
682ea0 |
}
|
|
|
682ea0 |
else
|
|
|
682ea0 |
#endif /* z-files */
|
|
|
682ea0 |
--
|
|
|
682ea0 |
2.39.0
|
|
|
682ea0 |
|