On Sun, 2005-05-08 at 17:23, Robert Hanson wrote: > -}Behalf Of Johnny Hughes > -}Sent: Sunday, May 08, 2005 9:07 AM > -}Do you really need 1.2.2 or just the latest security patches ... if you > -}must really have 1.2.2 or greater, you should probably download the > -}latest SRPM from the Fedora Rawhide project (it, or an RPM like it, will > -}be in newer versions of RHEL and FC). > > http://mirror.linux.duke.edu/pub/fedora/linux/core/development/SRPMS/zlib-1. > 2.2.2-3.src.rpm > > -}Then use it to make zlib and zlib-devel on your platform. I just > -}verified that it builds on CentOS-3.4 and 4.0 with the command: > -} > -}rpmbuild --rebuild zlib-1.2.2.2-3.src.rpm > -} > -}(must have gcc, make, rpm-build as a minimum installed on the > -}machine ... maybe some other packages) > -} > -}I can provide those files for daonload if you can't get them to > -}build ... are you on CentOS-3.x or CentOS-4.x. > -} > > Thanks for the quick reply. > > I am on CentOS 4 and this is in relation to the security fix. So I really > need 1.2.2: or later as when I do a "configure" for clamav-0.84 it complains > about zlib and directs me to www.zlib.net No, not really. The security fixes should be in the CentOS 4 zlib already. On these Redhat/RPM-based systems, going on the pure version number alone is not a good method of working out what is secure and what isn't. > now, it did that on clamav-0.83 yet it still allowed the "configure" to > finish yet with clamav-0.84 it dies and i had to insert an > > --disable-zlib-vcheck > > to get it to finish the configure. The problem is clamav is using the version number as the check rather than assuming a distribution might backport the security fixes to older versions. Looking at that zlib src.rpm URL you posted, the changelog mentions no fixes to security problems that aren't found in the native CentOS version already, unless you can point to what these exact security vulnerabilities are? Otherwise, IMHO using --disable-zlib-vcheck is the correct fix. Checking the clamav package in the `dag' repository shows this configure switch is indeed used. Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos/attachments/20050508/00715bd6/attachment.bin