My question exactly - how can one tell which apps in a src rpm are staticly linked against zlib once installed. Ones such as zebedee (not a Mandrake rpm) I know about as I set it up before install, but I think someone mentioned mozilla (which I have not checked yet) - any other sleepers?
BillK On Wed, 2002-03-13 at 21:51, Nick Thompson wrote: > [EMAIL PROTECTED] wrote: > > >On 13 Mar 2002, Bill Kenworthy wrote: > > > >>Hi, > >>is it possible to use rpm to get a list of files/packages from the rpm > >>database that were built using zlib? I have a lot built from src.rpm > >>and would like to check ... > >> > >It could be a start to help find packages. However, many packages may > >link statically against the library and will be vulnerable even if you > >upgrade zlib. To fix these you'll need to download the src rpm and > >rebuild against the fixed library. > > > > That is what Bill was asking I think. I don't think rpm can help you > find out which packges use zlib statically as there is no external > dependancy or provide that marks this. If executables are not stripped, > then you might be able to dump symbol information from them using 'find' > to track them down, see which ones have zlib symbols in and then use rpm > to track those executables back to packages, but even this won't work if > some or all of your executables (and libs) are stripped. > > Having said that you only need to worry about packages that are using > untrusted zlib compressed data (e.g. ppp). You only need to prevent > yourself from an exploit. Trusted data can be fixed, if and when you > find a problem. > > > Nick. > > > ---- > > This message has been 'sanitized'. This means that potentially > dangerous content has been rewritten or removed. The following > log describes which actions were taken. > > Sanitizer (start="1016027967"): > Part (pos="2912"): > SanitizeFile (filename="unnamed.txt", mimetype="text/plain"): > Match (rule="2"): > Enforced policy: accept > > Part (pos="4273"): > SanitizeFile (filename="message.footer", mimetype="text/plain"): > Match (rule="default"): > Enforced policy: defang > > Replaced mime type with: application/DEFANGED-84279 > Replaced file name with: message_footer.DEFANGED-84279 > > Total modifications so far: 1 > > > Anomy 0.0.0 : Sanitizer.pm > $Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
