On Tue, 24 Jul 2018, R P Herrold wrote: > form, as it locks in potentially vulnerable library decisions > (I see some compression / decompression libraries which have > had CVE type vulnerabilities in them, so this matters -- a > stale 'carried in the tarball' lzo [YIKES], a stale 'carried > in the tarball' l4 [YIKES], zlib, more with unpackaged perl
heh -- one of the holes is well enough known, and the code stale and unfixed, that the GCC suite and glibc, know to warn during a build: + make V=1 PKGBUILD=1 client compression.c: In function 'compress_message_to_strbuffer': compression.c:352:3: warning: 'LZ4_compressHC' is deprecated (declared at /usr/include/lz4hc.h:203): use LZ4_compress_HC() instead [-Wdeprecated-declarations] newsize = LZ4_compressHC(datasrc, STRBUFEND(deststrbuffer), datasz); ^ compression.c:364:3: warning: 'LZ4_compress' is deprecated (declared at /usr/include/lz4.h:431): use LZ4_compress_default() instead [-Wdeprecated-declarations] newsize = LZ4_compress(datasrc, STRBUFEND(deststrbuffer), datasz); ^ -- Russ herrold ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
