From owner-freebsd-questions@FreeBSD.ORG Thu Sep 8 17:39:59 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26B3116A41F for ; Thu, 8 Sep 2005 17:39:59 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from fileserver.fields.utoronto.ca (fileserver.fields.utoronto.ca [128.100.216.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 512A943D53 for ; Thu, 8 Sep 2005 17:39:58 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from fields.fields.utoronto.ca (fields.localdomain [192.168.216.11]) by fileserver.fields.utoronto.ca (8.12.8/8.12.8/Fields 6.0) with ESMTP id j88Hdn0r013903 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Sep 2005 13:39:49 -0400 Received: from obsecurity.dyndns.org (localhost.localdomain [127.0.0.1]) by fields.fields.utoronto.ca (8.12.8/8.12.8/Fields WS 6.0) with ESMTP id j88Hdn6P005713; Thu, 8 Sep 2005 13:39:49 -0400 Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id DD417511FD; Thu, 8 Sep 2005 13:39:48 -0400 (EDT) Date: Thu, 8 Sep 2005 13:39:48 -0400 From: Kris Kennaway To: Yuan Jue Message-ID: <20050908173948.GE49084@xor.obsecurity.org> References: <4320494D.6030503@antenna.nl> <200509082234.50571.yuanjue122@gmail.com> <43204E22.1010807@antenna.nl> <200509082309.43229.yuanjue122@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JBi0ZxuS5uaEhkUZ" Content-Disposition: inline In-Reply-To: <200509082309.43229.yuanjue122@gmail.com> User-Agent: Mutt/1.4.2.1i Cc: Chantal Rosmuller , freebsd-questions@freebsd.org Subject: Re: question about zlib security patch X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Sep 2005 17:39:59 -0000 --JBi0ZxuS5uaEhkUZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 08, 2005 at 11:09:43PM +0800, Yuan Jue wrote: > On Thursday 08 September 2005 22:43, Chantal Rosmuller wrote: >=20 > > >>I was installing clamav 0.83 on a freebsd 5.4 system and I got the > > >>following error: > > >>clamav configure: error: The installed zlib version may contain a > > >>security bug > > >> > > >>I want to upgrade zlib to solve this but: > > >>- I don't know how I can see what version of zlib I have at the momen= t? > > > > > >use pkg_info|grep zlib > > > > > >>- I found the following advice on the freebsd site: > > >> > > >>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zl= ib.a > > >>sc > > >> > > >>according to this I have to do the following: > > >> > > >># cd /usr/src > > >># patch < /path/to/patch > > >># cd /usr/src/lib/libz/ > > >># make obj && make depend && make && make install > > >> > > >>but I have no /usr/src/lib/libz/ > > > > > >maybe you didn't install source code when you installed your FreeBSD. = You > > >still can do it using sysinstall now. >=20 >=20 > > You are right I didn't install the sourcecode, the instructions make a > > lot more sense now :) > > one other small question, pkg_info | grep zlib > > gave me the following output; > > > > jzlib-1.0.5_1 A re-implementation of zlib in pure Java > > php4-zlib-4.3.10_2 The zlib shared extension for php > > > > > > so no zlib? Why is that ? because I didn't install it with pkg_add? > sorry, I never try clamav, so I am not sure the exact reason for that err= or.=20 > Maybe when you install the source code, there is no error anymore :) The advice was bogus, zlib is not a package on FreeBSD. > Or, you may need to install this port find_zlib-1.9, which can be found= =20 > in /usr/ports/security/. That does something else again..please try not to give bad advice :-) Kris --JBi0ZxuS5uaEhkUZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDIHdkWry0BWjoQKURAk9kAJ43gPA36avnKc7RoWL+yP/OmZwXVACfZ300 pwjH8wWdWkXVU4C9fpJg1AI= =pOtV -----END PGP SIGNATURE----- --JBi0ZxuS5uaEhkUZ--