rsync statically linked to zlib 1.1.4?
Ted Mittelstaedt
tedm at toybox.placo.com
Mon Jan 31 01:45:47 PST 2005
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Timothy Luoma
> Sent: Sunday, January 30, 2005 9:39 PM
> To: FreeBSD Mailing List
> Subject: rsync statically linked to zlib 1.1.4?
>
>
>
> OK, so since I have updated 'zlib' to 1.2.2 I decided that I ought to
> check for other programs which use it.
>
> I installed 'find-zlib' (from ports :-) and ran it like this:
>
> $ for i in `echo $PATH | tr ':' ' '`
> for> do
> for> sudo find-zlib $i/*
> for> done
> /usr/local/sbin/lpadmin: inflate version: "1.2.2 Copyright 1995-2004
> Mark Adler"
> /usr/local/bin/espgs: inflate version: "1.2.2 Copyright 1995-2004 Mark
> Adler"
> /usr/local/bin/gs: inflate version: "1.2.2 Copyright 1995-2004 Mark
> Adler"
> /usr/local/bin/rsync: inflate version: "1.1.4 Copyright 1995-2002 Mark
> Adler"
> /usr/local/bin/rsync: zlib cplens table, little endian
> /usr/local/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4)
> $
>
> OK, so the only one that looks like trouble is 'rsync'
>
> I did 'cd /usr/ports/net/rsync; sudo make deinstall; sudo
> make install
> clean' but when I ran 'find-zlib' again, it still reported "1.1.4"
>
> Am I missing something?
>
it's either statically linked or it's using the 1.1.4 shared library.
1.1.4 is not vulnerable, only 1.2.0, 1.2.1 are. You can leave it be.
the other programs are linked to the shared lib, and when you updated the
libz.so
file those got updated.
Ted
More information about the freebsd-questions
mailing list