[Python-checkins] bpo-45743: Remove workaround for zlib CVE from 2002 (GH-29457)

tiran webhook-mailer at python.org
Tue Nov 9 03:56:25 EST 2021 

https://github.com/python/cpython/commit/6a1cc8bf8a0d88af9c7891c6577508ae9f70e3ef
commit: 6a1cc8bf8a0d88af9c7891c6577508ae9f70e3ef
branch: main
author: Christian Heimes <christian at python.org>
committer: tiran <christian at python.org>
date: 2021-11-09T09:56:05+01:00
summary:

bpo-45743: Remove workaround for zlib CVE from 2002 (GH-29457)

files:
M setup.py

diff --git a/setup.py b/setup.py
index fa7abef95b054..b125c51f6488b 100644
--- a/setup.py
+++ b/setup.py
@@ -1633,56 +1633,27 @@ def detect_platform_specific_exts(self):
                                    '-framework', 'CoreFoundation']))
 
     def detect_compress_exts(self):
-        # Andrew Kuchling's zlib module.  Note that some versions of zlib
-        # 1.1.3 have security problems.  See CERT Advisory CA-2002-07:
-        # http://www.cert.org/advisories/CA-2002-07.html
-        #
-        # zlib 1.1.4 is fixed, but at least one vendor (RedHat) has decided to
-        # patch its zlib 1.1.3 package instead of upgrading to 1.1.4.  For
-        # now, we still accept 1.1.3, because we think it's difficult to
-        # exploit this in Python, and we'd rather make it RedHat's problem
-        # than our problem <wink>.
-        #
-        # You can upgrade zlib to version 1.1.4 yourself by going to
-        # http://www.gzip.org/zlib/
-        zlib_inc = find_file('zlib.h', [], self.inc_dirs)
-        have_zlib = False
-        if zlib_inc is not None:
-            zlib_h = zlib_inc[0] + '/zlib.h'
-            version = '"0.0.0"'
-            version_req = '"1.1.3"'
-            if MACOS and is_macosx_sdk_path(zlib_h):
-                zlib_h = os.path.join(macosx_sdk_root(), zlib_h[1:])
-            with open(zlib_h) as fp:
-                while 1:
-                    line = fp.readline()
-                    if not line:
-                        break
-                    if line.startswith('#define ZLIB_VERSION'):
-                        version = line.split()[2]
-                        break
-            if version >= version_req:
-                if (self.compiler.find_library_file(self.lib_dirs, 'z')):
-                    self.add(Extension('zlib', ['zlibmodule.c'],
-                                       libraries=['z']))
-                    have_zlib = True
-                else:
-                    self.missing.append('zlib')
-            else:
-                self.missing.append('zlib')
+        # Andrew Kuchling's zlib module.
+        have_zlib = (
+            find_file('zlib.h', self.inc_dirs, []) is not None and
+            self.compiler.find_library_file(self.lib_dirs, 'z')
+        )
+        if have_zlib:
+            self.add(Extension('zlib', ['zlibmodule.c'],
+                                libraries=['z']))
         else:
             self.missing.append('zlib')
 
         # Helper module for various ascii-encoders.  Uses zlib for an optimized
         # crc32 if we have it.  Otherwise binascii uses its own.
-        extra_compile_args = []
         if have_zlib:
-            extra_compile_args.append('-DUSE_ZLIB_CRC32')
+            define_macros = [('USE_ZLIB_CRC32', None)]
             libraries = ['z']
         else:
+            define_macros = None
             libraries = []
         self.add(Extension('binascii', ['binascii.c'],
-                           extra_compile_args=extra_compile_args,
+                           define_macros=define_macros,
                            libraries=libraries))
 
         # Gustavo Niemeyer's bz2 module.

More information about the Python-checkins mailing list