On Sunday 12 January 2003 8:16 pm, Guido van Rossum wrote:
On Saturday 11 January 2003 4:06 pm, Jamie Heilman wrote:
Guido van Rossum wrote:
Without python 2.2 zope will continue to harbor remotely exploitable zlib-based memory exhaustion attacks. FWIW
There are workarounds that work in 2.1.x, and I dont think any uses in Zope are performance-critical. I will be happy to push through any patches for any other Zopes uses.
I expect I'll be releasing Python 2.1.4 in the next month or so. Can you submit a patch and assign it to me?
The fix in python 2.2 is in rev 2.44 of zlibmodule.c. It involves an API addition to the zlib module, which I understand is discouraged for a Python bug fix release? I think the workarounds in Zope are a better solution for Zope 2.6.x. We can gradually migrate these to the new zlib API once Zope has other dependencies on Python 2.2 -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson