| Age | Commit message (Collapse) | Author |
|---|
|
Removes all the "FOR_MSW" code added back in 1994, which hasn't been
buildable in the automake builds.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Hides private API from external linkage
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Relies on platforms with O_CLOEXEC support following POSIX requirement
to not copy the close-on-exec flag to the new fd in dup2(), but to leave
it unset instead, since that's how fd's are passed to child processes
to handled compressed files.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If compress is not found, we disable writing to .Z files,
but leave the rest of the compression code active.
If uncompress is not found, we use gzip to read .Z files.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
GNU gunzip [1] is a shell script that exec's `gzip -d`. Even if we call
/usr/bin/gunzip with the correct built-in path, the actual gzip call
will use whichever gzip it finds first, making our patch pointless.
Fix this by explicitly calling gzip -d instead.
https://git.savannah.gnu.org/cgit/gzip.git/tree/gunzip.in
[Part of the fix for CVE-2022-4883]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
By default, on all platforms except MinGW, libXpm will detect if a
filename ends in .Z or .gz, and will when reading such a file fork off
an uncompress or gunzip command to read from via a pipe, and when
writing such a file will fork off a compress or gzip command to write
to via a pipe.
In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
to find the commands. If libXpm is called from a program running with
raised privileges, such as via setuid, then a malicious user could set
$PATH to include programs of their choosing to be run with those
privileges.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
The filename is always a read-only argument, so it is a good idea
to let the caller now about it.
This patch does not change active code; the place where the attribute
is added will not break source-level compatibility because it adds
no restriction on caller side, just adds information; because the
lib code behaved the same way it will not break the binary interface
either.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
The ansification code is minor edit of the patch (by me) at
https://bugs.freedesktop.org/show_bug.cgi?id=14727
as it would not apply cleanly anymore.
|
|
* src/XpmI.h [FOR_MSW]: Include simx.h instead of real X headers.
* src/simx.h (_XFUNCPROTOBEGIN, _XFUNCPROTOEND, NO_ZPIPE): Define.
(XAllocColor): Fix arg list in prototype.
(bzero, close, fdopen, index, rindex, open, strdup, O_RDONLY):
Map to W32 equivalents.
* src/RdFToI.c [FOR_MSW]: Include fcntl.h.
|
|
type.
|
|
- Add Xpm to symlink.sh
- Conditionally include config.h in xc/extras/Xpm
|
|
|
|
|
|
in the pipe. Remove extraneous tests on file names that broke some
applications. From Alex Reisen in Bugzilla #1920.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
