----- Original Message ----- > On 19/07/2012 14:20, Andrew Hughes wrote: > > : > > > > Hmmm... this is interesting as we've been shipping OpenJDK with > > system zlib the whole time. > > > > Are some of the issues resolved in newer versions? My system copy > > is 1.2.7. > > > > Not only is it generally against GNU/Linux distribution policy to > > bundle libraries without good reason, but it also means > > we then have to rebuild OpenJDK for any security issues in those > > dependencies. > > > I think using the system zlib (or libz as it seems to shipped as on > Solaris and MacOSX) would have been okay with jdk6, it's just that > the > zip64 support in jdk7 changed total_in/out to "long long". > > The copy that we have in the jdk repository at this time is 1.2.5. > I'm > not aware of any updates that avoid this patch but I think the right > thing is to change the java.util.zip code so that it works with an > unmodified zlib. I think Sherman has ideas on this, just hasn't got > to > it yet. If you have cycles to look at it that would be great (and I > understand that distributions would frown on attempts to bundle a > private copy with OpenJDK). >
I've started looking at this and it seems 7 still has 1.2.3, 1.2.5 is only in 8. I also can't see any obvious changes which change zlib. Are you sure this change was introduced in 7 and not 8? Do you happen to know the bug ID for it? > -Alan. > Thanks, -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
