[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
use of AC_TRY_EVAL broken
From: |
Eric Blake |
Subject: |
use of AC_TRY_EVAL broken |
Date: |
Thu, 23 Oct 2008 06:30:50 -0600 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following gnulib files use an undocumented autoconf macro AC_TRY_EVAL,
which is buggy because it does not prevent against shell glob expansion
and could end up invoking arbitrary commands according to the contents of
the current directory. We need to switch these over to using documented
commands, particularly since I'm thinking of removing AC_TRY_EVAL from the
next version of autoconf because of its security risks.
locale-fr.m4
locale-tr.m4
locale-zh.m4
printf.m4
- --
Don't work too hard, make some time for fun as well!
Eric Blake address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkAbnoACgkQ84KuGfSFAYDJqQCgynEDW8UECvxiqXFTAPlIkCkw
+XEAoNWx9KZdVy5wTq4QPBl+TjXx84tL
=EC1G
-----END PGP SIGNATURE-----
- use of AC_TRY_EVAL broken,
Eric Blake <=