| View Issue Details [ Jump to Notes ] | [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0003473 | CMake | CMake | public | 2006-07-03 07:34 | 2007-09-17 14:17 | ||||
| Reporter | Marc Espie | ||||||||
| Assigned To | Bill Hoffman | ||||||||
| Priority | high | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | |||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0003473: zlib bundled version is too old | ||||||||
| Description | I've just checked, it is the generic zlib 1.1.4. This version is several years old, and has gone through several revisions to fix quite a few vulnerabilities. Since there are test beds using cmake (and cmtar), this means that all of them are vulnerable. Please answer this concern shortly. This is an actual security hole. I suggest using a current zlib, and at least providing a way to link with the system library. The cm_zlib prefix makes very little sense: every one out there is using zlib, and thus the gzopen/gzread interface is standard. Moreover some OSes | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
| Relationships | |||||||
|
|||||||
| Relationships |
| Notes | |
|
(0008791) Bill Hoffman (manager) 2007-08-31 12:37 |
You can set the variable CMAKE_USE_SYSTEM_ZLIB when you build cmake, and it will use the system zlib. The cm_zlib allows for multiple versions of zlib to be in one application, the zlib that cmake uses is shared by VTK and ITK I think. I will look into an upgrade, but if you want to use a system one you can very easily. |
|
(0008792) Sean McBride (reporter) 2007-08-31 13:25 |
This is a dupe of bug 5445. |
|
(0008917) David Cole (manager) 2007-09-11 11:24 |
Utilities/cmzlib updated to 1.2.3 |
| Notes |
| Issue History | |||
| Date Modified | Username | Field | Change |
| 2007-08-31 11:28 | Alex Neundorf | Assigned To | System Admin => Bill Hoffman |
| 2007-08-31 12:37 | Bill Hoffman | Note Added: 0008791 | |
| 2007-08-31 13:25 | Sean McBride | Note Added: 0008792 | |
| 2007-08-31 13:28 | Sean McBride | Relationship added | duplicate of 0005445 |
| 2007-09-11 11:24 | David Cole | Status | assigned => resolved |
| 2007-09-11 11:24 | David Cole | Resolution | open => fixed |
| 2007-09-11 11:24 | David Cole | Note Added: 0008917 | |
| 2007-09-17 14:17 | Alex Neundorf | Status | resolved => closed |
| Issue History |
| Copyright © 2000 - 2018 MantisBT Team |