Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Nov 2005 16:38:59 GMT
From:      "Jukka A. Ukkonen" <jau@iki.fi>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/89012: FreeBSD-6.0 is still using zlib-1.2.2
Message-ID:  <200511141638.jAEGcx85024129@www.freebsd.org>
Resent-Message-ID: <200511141640.jAEGePOZ036759@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         89012
>Category:       misc
>Synopsis:       FreeBSD-6.0 is still using zlib-1.2.2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 14 16:40:25 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jukka A. Ukkonen
>Release:        FreeBSD-6.0-STABLE
>Organization:
private citizen
>Environment:
This report does not refer to an installed FreeBSD-6.0 but to
plain source code review.


>Description:
              The ZLIB origin site (www.zlib.net) states this...
------
Current release:
zlib 1.2.3

July 18, 2005

Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2: 
------

For some odd reason FreeBSD-6.0 seems to be using zlib-1.2.2 though it is claimed
to carry security issues.

>How-To-Repeat:
              Either look into the source tree /usr/src/lib/libz/zlib.h or
on systems with FreeBSD-6.0 already installed look into /usr/include/zlib.h.

There are lines like...

#define ZLIB_VERSION "1.2.2"
#define ZLIB_VERNUM 0x1220

though for zlib-1.2.3 they should be ...

#define ZLIB_VERSION "1.2.3"
#define ZLIB_VERNUM 0x1230


>Fix:
              AFAIK zlib-1.2.3 should be a drop in replacement for 1.2.2
unless the original source files have been mutilated while imported to the
FreeBSD source tree.
Simply replace the 1.2.2 source files using the current 1.2.3 source files,
re-compile, and re-install.


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511141638.jAEGcx85024129>