The Zlib package contains compression and decompression routines used by some programs.
Zlib has a buffer overflow vulnerability that can lead to a Denial of Service attack. The following patch fixes the problem:
patch -Np1 -i ../zlib-1.2.2-security_fix-1.patch
Zlib is known to build its shared library incorrectly if CFLAGS is specified in the environment. If using a specified CFLAGS variable, be sure to add the -fPIC directive to the CFLAGS variable for the duration of the configure command below, then remove it afterwards.
Prepare Zlib for compilation:
./configure --prefix=/usr --shared --libdir=/lib
Compile the package:
make
To test the results, issue: make check.
Install the shared library:
make install
The previous command installed a .so file in /lib. We will remove it and relink it into /usr/lib:
rm /lib/libz.so ln -sf ../../lib/libz.so.1.2.2 /usr/lib/libz.so
Build the static library:
make clean ./configure --prefix=/usr make
To test the results again, issue: make check.
Install the static library:
make install
Fix the permissions on the static library:
chmod 644 /usr/lib/libz.a