[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: zlib/libz security problem in cvs?

From: Adrian Pepper
Subject: Re: zlib/libz security problem in cvs?
Date: Tue, 26 Mar 2002 18:04:05 -0500 (EST)

> From bug-cvs-admin@gnu.org Tue Mar 26 17:54:17 2002
> From: Adrian Pepper <arpepper@mfcf.math.uwaterloo.ca>
> Does anyone know about the forward compatiblity of zlib/libz
> routines?  Would I be able to simply replace the use of
> ../zlib/libz.a with my own static or shared version and rebuild?
> Would I need to be careful to also use the zlib.h file corresponding to
> the newer one, or have all changes been internal and not to the
> external subroutine interface as used by cvs?  (This might help
> avoid me "changing versions of cvs mid-term").

Duh.  The version id comes from the header file, apparently, so
even if I did create a version working with a fixed version of the
library that way, it wouldn't "appear to be fixed".

Oh well.  Should be easy enough to replace the header file
and link against a common library, or even perhaps replace all
zlib source.

As long as the old interface assumed by the rest of cvs still
works with newer versions.

While looking for old messages from this list I didn't see mention of
zlib or libz.  So I feel this was worth bringing up, even if newester
versions (which I haven't had a chance to check yet) search for an
appropriate zlib/libz to use in prefernce to their own.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]