From a3d81e0677713ae9e0bac594679e13277d74ec4d Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@gmail.com>
Date: Tue, 17 Jan 2017 19:36:04 +1100
Subject: [PATCH 1/2] Updated zlib to 1.2.11

---
 winbuild/config.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/winbuild/config.py b/winbuild/config.py
index efe36810b..6e927d2fb 100644
--- a/winbuild/config.py
+++ b/winbuild/config.py
@@ -19,10 +19,10 @@ libs = {
     #     'version': '2.0'
     # },
     'zlib': {
-        'url': 'http://zlib.net/zlib1210.zip',
-        'filename': PILLOW_DEPENDS_DIR + 'zlib1210.zip',
-        'hash': 'md5:5327bdff96926cf9c479008bae983bc0',
-        'dir': 'zlib-1.2.10',
+        'url': 'http://zlib.net/zlib1211.zip',
+        'filename': PILLOW_DEPENDS_DIR + 'zlib1211.zip',
+        'hash': 'md5:16b41357b2cd81bca5e1947238e64465',
+        'dir': 'zlib-1.2.11',
     },
     'jpeg': {
         'url': 'http://www.ijg.org/files/jpegsr9b.zip',

From a46ce022e72e4b93e7ed4a7ce3d169bbe9e3cfda Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@gmail.com>
Date: Thu, 19 Jan 2017 19:45:49 +1100
Subject: [PATCH 2/2] Removed warning about zlib 1.2.2 security vulnerability

---
 setup.py | 36 +++---------------------------------
 1 file changed, 3 insertions(+), 33 deletions(-)

diff --git a/setup.py b/setup.py
index b0209a399..b967926eb 100755
--- a/setup.py
+++ b/setup.py
@@ -631,16 +631,11 @@ class pil_build_ext(build_ext):
         build_ext.build_extensions(self)
 
         #
-        # sanity and security checks
+        # sanity checks
 
-        unsafe_zlib = None
+        self.summary_report(feature)
 
-        if feature.zlib:
-            unsafe_zlib = self.check_zlib_version(self.compiler.include_dirs)
-
-        self.summary_report(feature, unsafe_zlib)
-
-    def summary_report(self, feature, unsafe_zlib):
+    def summary_report(self, feature):
 
         print("-" * 68)
         print("PIL SETUP SUMMARY")
@@ -676,16 +671,6 @@ class pil_build_ext(build_ext):
                 print("*** %s support not available" % option[1])
                 all = 0
 
-        if feature.zlib and unsafe_zlib:
-            print("")
-            print("*** Warning: zlib", unsafe_zlib)
-            print("may contain a security vulnerability.")
-            print("*** Consider upgrading to zlib 1.2.3 or newer.")
-            print("*** See: http://www.kb.cert.org/vuls/id/238678")
-            print(" http://www.kb.cert.org/vuls/id/680620")
-            print(" http://www.gzip.org/zlib/advisory-2002-03-11.txt")
-            print("")
-
         print("-" * 68)
 
         if not all:
@@ -697,21 +682,6 @@ class pil_build_ext(build_ext):
         print("To check the build, run the selftest.py script.")
         print("")
 
-    def check_zlib_version(self, include_dirs):
-        # look for unsafe versions of zlib
-        for subdir in include_dirs:
-            zlibfile = os.path.join(subdir, "zlib.h")
-            if os.path.isfile(zlibfile):
-                break
-        else:
-            return
-        for line in open(zlibfile).readlines():
-            m = re.match(r'#define\s+ZLIB_VERSION\s+"([^"]*)"', line)
-            if not m:
-                continue
-            if m.group(1) < "1.2.3":
-                return m.group(1)
-
     # https://hg.python.org/users/barry/rev/7e8deab93d5a
     def add_multiarch_paths(self):
         # Debian/Ubuntu multiarch support.