From a46ce022e72e4b93e7ed4a7ce3d169bbe9e3cfda Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Thu, 19 Jan 2017 19:45:49 +1100 Subject: [PATCH] Removed warning about zlib 1.2.2 security vulnerability --- setup.py | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-) diff --git a/setup.py b/setup.py index b0209a399..b967926eb 100755 --- a/setup.py +++ b/setup.py @@ -631,16 +631,11 @@ class pil_build_ext(build_ext): build_ext.build_extensions(self) # - # sanity and security checks + # sanity checks - unsafe_zlib = None + self.summary_report(feature) - if feature.zlib: - unsafe_zlib = self.check_zlib_version(self.compiler.include_dirs) - - self.summary_report(feature, unsafe_zlib) - - def summary_report(self, feature, unsafe_zlib): + def summary_report(self, feature): print("-" * 68) print("PIL SETUP SUMMARY") @@ -676,16 +671,6 @@ class pil_build_ext(build_ext): print("*** %s support not available" % option[1]) all = 0 - if feature.zlib and unsafe_zlib: - print("") - print("*** Warning: zlib", unsafe_zlib) - print("may contain a security vulnerability.") - print("*** Consider upgrading to zlib 1.2.3 or newer.") - print("*** See: http://www.kb.cert.org/vuls/id/238678") - print(" http://www.kb.cert.org/vuls/id/680620") - print(" http://www.gzip.org/zlib/advisory-2002-03-11.txt") - print("") - print("-" * 68) if not all: @@ -697,21 +682,6 @@ class pil_build_ext(build_ext): print("To check the build, run the selftest.py script.") print("") - def check_zlib_version(self, include_dirs): - # look for unsafe versions of zlib - for subdir in include_dirs: - zlibfile = os.path.join(subdir, "zlib.h") - if os.path.isfile(zlibfile): - break - else: - return - for line in open(zlibfile).readlines(): - m = re.match(r'#define\s+ZLIB_VERSION\s+"([^"]*)"', line) - if not m: - continue - if m.group(1) < "1.2.3": - return m.group(1) - # https://hg.python.org/users/barry/rev/7e8deab93d5a def add_multiarch_paths(self): # Debian/Ubuntu multiarch support.