Date: Mon, 31 Jan 2005 01:45:46 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Timothy Luoma" <lists@tntluoma.com>, "FreeBSD Mailing List" <freebsd-questions@freebsd.org> Subject: RE: rsync statically linked to zlib 1.1.4? Message-ID: <LOBBIFDAGNMAMLGJJCKNCEDDFAAA.tedm@toybox.placo.com> In-Reply-To: <50436a9e0451e1fdd6aab587283bc69a@tntluoma.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Timothy Luoma > Sent: Sunday, January 30, 2005 9:39 PM > To: FreeBSD Mailing List > Subject: rsync statically linked to zlib 1.1.4? > > > > OK, so since I have updated 'zlib' to 1.2.2 I decided that I ought to > check for other programs which use it. > > I installed 'find-zlib' (from ports :-) and ran it like this: > > $ for i in `echo $PATH | tr ':' ' '` > for> do > for> sudo find-zlib $i/* > for> done > /usr/local/sbin/lpadmin: inflate version: "1.2.2 Copyright 1995-2004 > Mark Adler" > /usr/local/bin/espgs: inflate version: "1.2.2 Copyright 1995-2004 Mark > Adler" > /usr/local/bin/gs: inflate version: "1.2.2 Copyright 1995-2004 Mark > Adler" > /usr/local/bin/rsync: inflate version: "1.1.4 Copyright 1995-2002 Mark > Adler" > /usr/local/bin/rsync: zlib cplens table, little endian > /usr/local/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4) > $ > > OK, so the only one that looks like trouble is 'rsync' > > I did 'cd /usr/ports/net/rsync; sudo make deinstall; sudo > make install > clean' but when I ran 'find-zlib' again, it still reported "1.1.4" > > Am I missing something? > it's either statically linked or it's using the 1.1.4 shared library. 1.1.4 is not vulnerable, only 1.2.0, 1.2.1 are. You can leave it be. the other programs are linked to the shared lib, and when you updated the libz.so file those got updated. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNCEDDFAAA.tedm>