[EMAIL PROTECTED] wrote: >On 13 Mar 2002, Bill Kenworthy wrote: > >>Hi, >>is it possible to use rpm to get a list of files/packages from the rpm >>database that were built using zlib? I have a lot built from src.rpm >>and would like to check ... >> >It could be a start to help find packages. However, many packages may >link statically against the library and will be vulnerable even if you >upgrade zlib. To fix these you'll need to download the src rpm and >rebuild against the fixed library. >
That is what Bill was asking I think. I don't think rpm can help you find out which packges use zlib statically as there is no external dependancy or provide that marks this. If executables are not stripped, then you might be able to dump symbol information from them using 'find' to track them down, see which ones have zlib symbols in and then use rpm to track those executables back to packages, but even this won't work if some or all of your executables (and libs) are stripped. Having said that you only need to worry about packages that are using untrusted zlib compressed data (e.g. ppp). You only need to prevent yourself from an exploit. Trusted data can be fixed, if and when you find a problem. Nick.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
