hi,
fyi
fc3 has zlib-1.2.1.2-1 development has zlib-1.2.2.2-1
$ rpm -q zlib zlib-1.2.1.2-1
$ pwd /usr/local/clamav-0.81
$ ./configure [...] checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
hi,
fyi
fc3 has zlib-1.2.1.2-1 development has zlib-1.2.2.2-1
$ rpm -q zlib zlib-1.2.1.2-1
$ pwd /usr/local/clamav-0.81
$ ./configure [...] checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
-- shrek-m
Oh dear. The changelog for zlib shows a last entry of Sep 13 2004. The fixed zlib 1.2.2 was released more than two weeks later, on October 3rd, 2004
Time to get those security auditors in! :)
You should bugzilla this as "security".
On Thu, 2005-01-27 at 14:36, nodata wrote:
Oh dear. The changelog for zlib shows a last entry of Sep 13 2004. The fixed zlib 1.2.2 was released more than two weeks later, on October 3rd, 2004
Looking at the changelog, bugzilla entry (referenced in the changelog), and the zlib site, it seems the 1.2.1.2 release was to fix the same security problem as 1.2.2. I can't seem to find a 1.2.1.anything release on zlib's web site, so I suspect it's an "internal" (to Fedora/Red Hat) release that contained the back-ported security fix.