[gdal-dev] CMake: add a GDAL_USE_INTERNAL_LIBS=ON/OFF/WHEN_NO_EXTERNAL variable [was Re: zlib vulnerability CVE-2018-25032 affecting GAL]
Even Rouault
even.rouault at spatialys.com
Thu Apr 7 09:57:47 PDT 2022
https://github.com/OSGeo/gdal/pull/5594 should hopefully make everybody
happy (if such a thing is possible)
Le 07/04/2022 à 15:08, Greg Troxel a écrit :
> Even Rouault <even.rouault at spatialys.com> writes:
>
>> Most GDAL binary distributions don't use that internal copy but the
>> external zlib library provided by the operating system / distribution
>> channel.
> I realize you are accomodating people who can somehow get and build gdal
> sources but can't first install zlib, but from the packaging viewpoint
> having included copies is a bad thing. Yes, it shouldn't get used, but
> if a dependency isn't declared it would be hidden or not provided and
> then be used anyway.
>
> I therefore think it would be good to consider removing the vendored
> copies, or at least requiring explicit config to turn them on. (I just
> looked in the sources for how to build and didn't find it in README. I
> know I have figured out how to build and this isn't a request for help,
> but in terms of the cmake migration the instructions are missing.) It
> looks like internal will just be used if zlib is not found.
>
> I wonder if it's still really necessary/helpful to have included libs
> like zlib.
--
http://www.spatialys.com
My software is free, but my time generally not.
More information about the gdal-dev
mailing list