[erlang-questions] Using system's zlib

Christian Faulhammer opfer@REDACTED
Sat Jul 7 12:16:23 CEST 2007


Gaspar Chilingarov <nm@REDACTED>:

>   >> About patches -- it took me about 1-2 day to merge in new
>   >> version of
>  >> zlib to erlang sources :)
>  >
>  >  Still, are those patches very special or could upstream provide
>  > your needed features?
> Well, I've refreshed my knowledge about this :)
> They only differ by memory allocation functions. Erlang version uses 
> internal [mc]alloc functions and not the system wide ones.

 Gnah.  So no chance to have a configure switch --with-system-zlib?
 
>  >  As I am maintainer of erlang in Gentoo Linux, I have a bug open
>  > asking for using system's zlib, but that is not important to
>  > you. :)
> Well, I've tried to force it use freebsd's system library, but it
> seems not that easy.

 That's what I noticed, too.  And before I heavily patch everything I
just went to ask upstream.

>  >  Take it that there is a security flaw in zlib.  zlib in Gentoo is
>  > updated, stabled and done.  Nobody thinks of erlang (or any other
>  > package shipping a custom version of zlib instead of linking
>  > against the system one), so we have a possibly vulnerable version
>  > in the tree. Which is baaaaad.  Backporting patches from vanilla
>  > zlib to erlang is just needless work in my eyes, and I have to be
>  > aware of these fixes or even of an included library (there may be
>  > more I don't know about).
> Zlib core patches are really small -- about 5-10 lines of code, but 
> makefiles and etc are adopted from erlang's distribution and not
> zlib's. So in practice one can patch zlib easily in case of any
> errors. (In freebsd it's possible to have port's sources patched
> after extract phase and before configure/make).

 Gentoo is source based, and Portage is similar to ports...but I need
to know about a vulnerability in zlib and then check erlang.  In my
eyes double work if one could benefit from the zlib everyone uses.

V-Li

-- 
http://www.gentoo.org/
http://www.faulhammer.org/
http://www.gnupg.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20070707/6a034b20/attachment.bin>


More information about the erlang-questions mailing list