On Sunday 12 January 2003 8:16 pm, Guido van Rossum wrote: > > On Saturday 11 January 2003 4:06 pm, Jamie Heilman wrote: > > > Guido van Rossum wrote: > > > > > Without python 2.2 zope will continue to harbor remotely > > > > > exploitable zlib-based memory exhaustion attacks. FWIW > > > > There are workarounds that work in 2.1.x, and I dont think any uses in > > Zope are performance-critical. I will be happy to push through any > > patches for any other Zopes uses. > > I expect I'll be releasing Python 2.1.4 in the next month or so. Can > you submit a patch and assign it to me?
The fix in python 2.2 is in rev 2.44 of zlibmodule.c. It involves an API addition to the zlib module, which I understand is discouraged for a Python bug fix release? I think the workarounds in Zope are a better solution for Zope 2.6.x. We can gradually migrate these to the new zlib API once Zope has other dependencies on Python 2.2 -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )