Malte Gell wrote:
Hello,
when doing ldd /usr/bin/gpg I get
libz.so.1 => /lib/libz.so.1 (0x40026000)
so GnuPG (on SuSE 7.3 at least) seems to be linked dynamically against libz, so it should be enough to update libz, but why offers SuSE a new gpg package although it's linked dynamically against libz ?
gnupg-1.0.4/zlib$ ls ChangeLog Makefile.in algorithm.doc deflate.c infblock.h inffast.c inflate.c infutil.c trees.h zlib.h Makefile README compress.c deflate.h infcodes.c inffast.h inftrees.c infutil.h uncompr.c zutil.c Makefile.am adler32.c crc32.c infblock.c infcodes.h inffixed.h inftrees.h trees.c zconf.h zutil.h
Questions? ;)
:-)
No, but Malte is right. In _most_ platforms, it's linked dynamically. If
the configure script determines that dynamically linking isn't possible,
then the own source is used. This shouldn't happen, but it _can_.
In such a case it may be better to fix the source, even though it's not
used. gpg is one of the most critical security applications on the
product, and it's good to have it fixed in all respect. When I was digging
through several gigs of build logs, I've just seen gpg and didn't think
any further, it was a must. I agree that there was a lack of
communication, though.
Better safe than sorry.
Roman.
--
- -
| Roman Drahtmüller