Added a patch which links CVS against system zlib library.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2778 af4574ff-66df-0310-9fd7-8a98e5e911e0

basicnet/netprogs/cvs.xml

@@ -38,6 +38,13 @@ repository, creation of a repository is covered at <xref linkend="cvsserver"/>.
 <listitem><para>Estimated build time: &cvs-time;</para></listitem></itemizedlist>
 </sect3>
 
+<sect3><title>Additional downloads</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Recommended patch: <ulink
+url="&patch-root;/cvs-&cvs-version;-zlib-1.patch"/>
+</para></listitem>
+</itemizedlist></sect3>
+
 <sect3><title><application>CVS</application> dependencies</title>
 <sect4><title>Optional</title>
 <para>
@@ -55,6 +62,14 @@ repository, creation of a repository is covered at <xref linkend="cvsserver"/>.
 <sect2>
 <title>Installation of <application><acronym>CVS</acronym></application></title>
 
+<para>By default <application><acronym>CVS</acronym></application>
+is statically linked against the zlib library included in its source
+tree. This makes it exposed to possible security vulnerabilities in that
+library. If you want to modify CVS to use the newest system shared zlib
+library apply the following patch:</para>
+
+<screen><userinput><command>patch -Np1 -i ../cvs-&cvs-version;-zlib-1.patch</command></userinput></screen>
+
 <para>Install <application><acronym>cvs</acronym></application> by running the following commands:</para>
 
 <screen><userinput><command>./configure --prefix=/usr &amp;&amp;

introduction/welcome/changelog.xml

@@ -22,6 +22,9 @@ who wrote what.</para>
 
 <itemizedlist>
 
+<listitem><para>October 7th, 2004 [igor]: Added a patch which links
+CVS against system zlib library.</para></listitem>
+
 <listitem><para>October 7th, 2004 [randy]: Updated Zip and Unzip HTTP
 download URL's as suggested by Stefan Morrell.</para></listitem>