From owner-freebsd-questions@FreeBSD.ORG Mon Jan 31 09:45:47 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8896516A4CE for ; Mon, 31 Jan 2005 09:45:47 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 125F343D2F for ; Mon, 31 Jan 2005 09:45:47 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j0V9jmj64352; Mon, 31 Jan 2005 01:45:48 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Timothy Luoma" , "FreeBSD Mailing List" Date: Mon, 31 Jan 2005 01:45:46 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <50436a9e0451e1fdd6aab587283bc69a@tntluoma.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Subject: RE: rsync statically linked to zlib 1.1.4? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 09:45:47 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Timothy Luoma > Sent: Sunday, January 30, 2005 9:39 PM > To: FreeBSD Mailing List > Subject: rsync statically linked to zlib 1.1.4? > > > > OK, so since I have updated 'zlib' to 1.2.2 I decided that I ought to > check for other programs which use it. > > I installed 'find-zlib' (from ports :-) and ran it like this: > > $ for i in `echo $PATH | tr ':' ' '` > for> do > for> sudo find-zlib $i/* > for> done > /usr/local/sbin/lpadmin: inflate version: "1.2.2 Copyright 1995-2004 > Mark Adler" > /usr/local/bin/espgs: inflate version: "1.2.2 Copyright 1995-2004 Mark > Adler" > /usr/local/bin/gs: inflate version: "1.2.2 Copyright 1995-2004 Mark > Adler" > /usr/local/bin/rsync: inflate version: "1.1.4 Copyright 1995-2002 Mark > Adler" > /usr/local/bin/rsync: zlib cplens table, little endian > /usr/local/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4) > $ > > OK, so the only one that looks like trouble is 'rsync' > > I did 'cd /usr/ports/net/rsync; sudo make deinstall; sudo > make install > clean' but when I ran 'find-zlib' again, it still reported "1.1.4" > > Am I missing something? > it's either statically linked or it's using the 1.1.4 shared library. 1.1.4 is not vulnerable, only 1.2.0, 1.2.1 are. You can leave it be. the other programs are linked to the shared lib, and when you updated the libz.so file those got updated. Ted