> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Timothy Luoma > Sent: Sunday, January 30, 2005 9:39 PM > To: FreeBSD Mailing List > Subject: rsync statically linked to zlib 1.1.4? > > > > OK, so since I have updated 'zlib' to 1.2.2 I decided that I ought to > check for other programs which use it. > > I installed 'find-zlib' (from ports :-) and ran it like this: > > $ for i in `echo $PATH | tr ':' ' '` > for> do > for> sudo find-zlib $i/* > for> done > /usr/local/sbin/lpadmin: inflate version: "1.2.2 Copyright 1995-2004 > Mark Adler" > /usr/local/bin/espgs: inflate version: "1.2.2 Copyright 1995-2004 Mark > Adler" > /usr/local/bin/gs: inflate version: "1.2.2 Copyright 1995-2004 Mark > Adler" > /usr/local/bin/rsync: inflate version: "1.1.4 Copyright 1995-2002 Mark > Adler" > /usr/local/bin/rsync: zlib cplens table, little endian > /usr/local/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4) > $ > > OK, so the only one that looks like trouble is 'rsync' > > I did 'cd /usr/ports/net/rsync; sudo make deinstall; sudo > make install > clean' but when I ran 'find-zlib' again, it still reported "1.1.4" > > Am I missing something? >
it's either statically linked or it's using the 1.1.4 shared library. 1.1.4 is not vulnerable, only 1.2.0, 1.2.1 are. You can leave it be. the other programs are linked to the shared lib, and when you updated the libz.so file those got updated. Ted _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
