[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] snapshot 2008-11-14 zlib version is too old




Hi, Henrik !

Well - a "1.2.1.2" version really *is* older than 1.2.3.


... indeed, that is clear  :-)

But unfortunatley on Scientific Linux 4, RHEL4 ..

there is no zlib-version 1.2.3 available ...

only 1.2.2

and this version should be secure

http://rhn.redhat.com/errata/RHSA-2005-584.html

2005-07-21

http://www.zlib.net/
zlib 1.2.3
July 18, 2005

Hmm, have i to patch test-zlib.c to compile hobbit-snapshots
on Scientific Linux 4/ RHEL4 System for myself, or is there any other chance ?

Thanks & Cheers,

	Martin

On Tue, 18 Nov 2008, Henrik Størner wrote:

In <Pine.LNX.4.64.0811141609310.23310 (at) pal31.desy.de> Martin Flemming <martin.flemming (at) desy.de> writes:

checking for zlib ...
Found ZLIB include files in /usr/include
Found ZLIB libraries in /usr/lib
zlib version 1.2.1.2
Your zlib version is too old, requires version 1.2.3 or later
ZLIB version too old, must be at least version 1.2.x

Well - a "1.2.1.2" version really *is* older than 1.2.3.

According to www.zlib.net "Version 1.2.3 eliminates potential
security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users
of those versions should upgrade immediately."


The reason you didn't see the problem with the April snapshots
was that zlib wasn't used back then.


... i remember a  problem from September

Different problem, the zlib test in Hobbit back then used
some non-standard ZLIB macros.


Regards,
Henrik


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk




Gruss

       Martin Flemming


______________________________________________________
Martin Flemming
DESY / IT          office : Building 2b / 008a
Notkestr. 85       phone  : 040 - 8998 - 4667
22603 Hamburg      mail   : martin.flemming (at) desy.de
______________________________________________________