61406 – rsync links statically with zlib

Bug 61406 - rsync links statically with zlib

Summary: rsync links statically with zlib

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	rsync
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-03-19 10:14 UTC by Henning Schmiedehausen
Modified:	2014-03-17 02:26 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2002-03-19 10:14:45 UTC
Embargoed:

Attachments	(Terms of Use)

Description Henning Schmiedehausen 2002-03-19 10:14:41 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The zlib-scanner from Florian Weimer shows

/tmp/scanner.pl /usr/bin/rsync 
/usr/bin/rsync: inflate version: "1.1.2 Copyright 1995-1998 Mark Adler"
/usr/bin/rsync: zlib cplens table, little endian
/usr/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4)

rpm -qf /usr/bin/rsync
rsync-2.4.6-3.6

which is the current release for RH 6.2

so this binary is vulnerable to the zlib problem 

Version-Release number of selected component (if applicable):
rsync-2.4.6-3.6


How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner
2. run it on /usr/bin/rsync
3.
	

Actual Results:  rsync is linked statically to zlib 

Expected Results:  should be linked to a non-vulnerable version 

Additional info:

Comment 1 Bill Nottingham 2002-03-19 15:59:44 UTC

Um, that's *why* rsync was part of the zlib errata. It contains the fix.

Comment 2 Bill Nottingham 2002-03-19 16:41:25 UTC

FWIW, rsync uses a specially modified version of zlib; that's why it doesn't
link against the system one.

Note You need to log in before you can comment on or make changes to this bug.