[erlang-questions] Using system's zlib
Gaspar Chilingarov
nm@REDACTED
Sat Jul 7 10:04:52 CEST 2007
>> About patches -- it took me about 1-2 day to merge in new version of
>> zlib to erlang sources :)
>
> Still, are those patches very special or could upstream provide your
> needed features?
Well, I've refreshed my knowledge about this :)
They only differ by memory allocation functions. Erlang version uses
internal [mc]alloc functions and not the system wide ones.
>> In other hand -- what's the reason to include system zlib, if now
>> it's shipped with latest version of zlib?
Well, erlang also runs on platforms, which have too many windows but no
zlib ;)
>
> As I am maintainer of erlang in Gentoo Linux, I have a bug open asking
> for using system's zlib, but that is not important to you. :)
Well, I've tried to force it use freebsd's system library, but it seems
not that easy.
> Take it that there is a security flaw in zlib. zlib in Gentoo is
> updated, stabled and done. Nobody thinks of erlang (or any other
> package shipping a custom version of zlib instead of linking against
> the system one), so we have a possibly vulnerable version in the tree.
> Which is baaaaad. Backporting patches from vanilla zlib to erlang is
> just needless work in my eyes, and I have to be aware of these fixes
> or even of an included library (there may be more I don't know about).
Zlib core patches are really small -- about 5-10 lines of code, but
makefiles and etc are adopted from erlang's distribution and not zlib's.
So in practice one can patch zlib easily in case of any errors.
(In freebsd it's possible to have port's sources patched after extract
phase and before configure/make).
/Gaspar
--
Gaspar Chilingarov
System Administrator,
Network security consulting
t +37493 419763 (mob)
i 63174784
e nm@REDACTED
w http://zanazan.am/
More information about the erlang-questions
mailing list