[erlang-questions] Using system's zlib
Christian Faulhammer
opfer@REDACTED
Sat Jul 7 12:16:23 CEST 2007
Gaspar Chilingarov <nm@REDACTED>:
> >> About patches -- it took me about 1-2 day to merge in new
> >> version of
> >> zlib to erlang sources :)
> >
> > Still, are those patches very special or could upstream provide
> > your needed features?
> Well, I've refreshed my knowledge about this :)
> They only differ by memory allocation functions. Erlang version uses
> internal [mc]alloc functions and not the system wide ones.
Gnah. So no chance to have a configure switch --with-system-zlib?
> > As I am maintainer of erlang in Gentoo Linux, I have a bug open
> > asking for using system's zlib, but that is not important to
> > you. :)
> Well, I've tried to force it use freebsd's system library, but it
> seems not that easy.
That's what I noticed, too. And before I heavily patch everything I
just went to ask upstream.
> > Take it that there is a security flaw in zlib. zlib in Gentoo is
> > updated, stabled and done. Nobody thinks of erlang (or any other
> > package shipping a custom version of zlib instead of linking
> > against the system one), so we have a possibly vulnerable version
> > in the tree. Which is baaaaad. Backporting patches from vanilla
> > zlib to erlang is just needless work in my eyes, and I have to be
> > aware of these fixes or even of an included library (there may be
> > more I don't know about).
> Zlib core patches are really small -- about 5-10 lines of code, but
> makefiles and etc are adopted from erlang's distribution and not
> zlib's. So in practice one can patch zlib easily in case of any
> errors. (In freebsd it's possible to have port's sources patched
> after extract phase and before configure/make).
Gentoo is source based, and Portage is similar to ports...but I need
to know about a vulnerability in zlib and then check erlang. In my
eyes double work if one could benefit from the zlib everyone uses.
V-Li
--
http://www.gentoo.org/
http://www.faulhammer.org/
http://www.gnupg.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20070707/6a034b20/attachment.bin>
More information about the erlang-questions
mailing list