ZLIB and Cygwin (was: Re: ZLIB vulnerability)
Sun Mar 17 12:37:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Anton Stiglic firstname.lastname@example.org wrote:
> > "AthlonRob" <email@example.com> writes:
> > > Does GnuPG actually include zlib itself, or does it just require you have
> > > zlib on your system, and then utilize that?
> > The source code includes a copy of zlib, but the build process uses
> > the system zlib if available.
> I happen to compile GnuPG under Windows (using Cygwin) where
> I don't have a system zlib, so it uses the one that comes with gnupg.
> The latest version of gnupg, 1.0.6, comes with zlib version 1.1.3
> (which has the vulnerability). So I replaced the zlib library with
> zlib version 1.1.4 and recompiled my gnupg.
actually you may be wrong:
Cygwin have zlib - cygz.dll
and GPG compiled with Cygwin uses it (I just checked with depends.exe)
so you need newer cygz.dll.
(unless you compile GPG with --with-included-zlib switch)
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
-----END PGP SIGNATURE-----