On Sat, 9 Jul 2005, [ISO-8859-1] José Carlos Carrión Plaza wrote: > Dear list members: > > Anyone knows about the gentoo linux security advisor labeled «GLSA > 200507-05 / zlib»? > Hopefully, that's the same one that archaic posted a patch for on lfs-security earlier this week (i.e. fixed in 6.1-pre2).
> > The zlib library is compiled in static and shared forms. Once it will be > updated, the shared versions will be accessible inmediately. But, the > programs compiled against the static version of this library remained > with the old (and vulnerable) version of the zlib library and must be > recompiled. But which are the programs of LFS and BLFS that are been > compiled against the static version of zlib library? > An interesting question. Looking for 'static' in my build logs suggests gettext, libtool, e2fsprogs build static versions. I'm fairly happy to have a static e2fsck, but less happy about the others. The good news is that these packages don't appear on the list containing 'lz' so they seem to be ok on this occasion. For blfs, most non-kde stuff will benefit from '--enable-shared --disable-static' although in theory nothing normal will be statically linked (in my case, I had to reinstate some statically linked stuff to get escputil working, but that's quite beyond what is in the blfs book) Of course, nobody builds _all_ of blfs, and many people change some of it, so YMMV. Ken -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
