From 259b1e18b4b5f8acca8366efa3a06e7d489d1045 Mon Sep 17 00:00:00 2001
From: Barry Warsaw <barry@python.org>
Date: Tue, 13 Aug 2002 20:09:26 +0000
Subject: [PATCH] Regress Guido's change of 2002/08/06 to check for the zlib
 version 1.1.4.  Redhat hasn't upgraded but does provide a patched 1.1.3
 package, so checking for 1.1.4 just makes life difficult.

---
 setup.py | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/setup.py b/setup.py
index 5f101f47ac..bad5130417 100644
--- a/setup.py
+++ b/setup.py
@@ -652,14 +652,23 @@ class PyBuildExt(build_ext):
             exts.append( Extension('fpectl', ['fpectlmodule.c']) )
 
 
-        # Andrew Kuchling's zlib module.
-        # This requires zlib 1.1.4 (1.1.3 has a security problem).
-        # See http://www.gzip.org/zlib/
+        # Andrew Kuchling's zlib module.  Note that some versions of zlib
+        # 1.1.3 have security problems.  See CERT Advisory CA-2002-07:
+        # http://www.cert.org/advisories/CA-2002-07.html
+        #
+        # zlib 1.1.4 is fixed, but at least one vendor (RedHat) has decided to
+        # patch its zlib 1.1.3 package instead of upgrading to 1.1.4.  For
+        # now, we still accept 1.1.3, because we think it's difficult to
+        # exploit this in Python, and we'd rather make it RedHat's problem
+        # than our problem <wink>.
+        #
+        # You can upgrade zlib to version 1.1.4 yourself by going to
+        # http://www.gzip.org/zlib/
         zlib_inc = find_file('zlib.h', [], inc_dirs)
         if zlib_inc is not None:
             zlib_h = zlib_inc[0] + '/zlib.h'
             version = '"0.0.0"'
-            version_req = '"1.1.4"'
+            version_req = '"1.1.3"'
             fp = open(zlib_h)
             while 1:
                 line = fp.readline()
-- 
2.50.1