[erlang-questions] Using system's zlib
Sat Jul 7 12:16:23 CEST 2007
Gaspar Chilingarov <nm@REDACTED>:
> >> About patches -- it took me about 1-2 day to merge in new
> >> version of
> >> zlib to erlang sources :)
> > Still, are those patches very special or could upstream provide
> > your needed features?
> Well, I've refreshed my knowledge about this :)
> They only differ by memory allocation functions. Erlang version uses
> internal [mc]alloc functions and not the system wide ones.
Gnah. So no chance to have a configure switch --with-system-zlib?
> > As I am maintainer of erlang in Gentoo Linux, I have a bug open
> > asking for using system's zlib, but that is not important to
> > you. :)
> Well, I've tried to force it use freebsd's system library, but it
> seems not that easy.
That's what I noticed, too. And before I heavily patch everything I
just went to ask upstream.
> > Take it that there is a security flaw in zlib. zlib in Gentoo is
> > updated, stabled and done. Nobody thinks of erlang (or any other
> > package shipping a custom version of zlib instead of linking
> > against the system one), so we have a possibly vulnerable version
> > in the tree. Which is baaaaad. Backporting patches from vanilla
> > zlib to erlang is just needless work in my eyes, and I have to be
> > aware of these fixes or even of an included library (there may be
> > more I don't know about).
> Zlib core patches are really small -- about 5-10 lines of code, but
> makefiles and etc are adopted from erlang's distribution and not
> zlib's. So in practice one can patch zlib easily in case of any
> errors. (In freebsd it's possible to have port's sources patched
> after extract phase and before configure/make).
Gentoo is source based, and Portage is similar to ports...but I need
to know about a vulnerability in zlib and then check erlang. In my
eyes double work if one could benefit from the zlib everyone uses.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: not available
More information about the erlang-questions