New submission from Shaun Walbridge: >From the release notes of Python 3.4.5, I see that 3.4 is now in "security >fixes only" mode, and no new installers will be created. That said, OpenSSL >should be kept up to date so third-parties who build binaries from source will >receive upstream patches (there are 18 CVEs against OpenSSL 1.0.2d). This >patch upgrades OpenSSL to 1.0.2h for Windows builds.
I initially used the same fix applied in #26930 here, but the relevant intermediate OpenSSL headers (crypto/buildinf_amd64.h, crypto/buildinf_x86.h, crypto/opensslconf_amd64.h, crypto/opensslconf_x86.h) aren't included in the openssl-1.0.2h externals repository [1]. The included patch fixes this by forcing the intermediate configuration files to be written, which doesn't seem to add much to the compilation time and avoided deeper changes to the OpenSSL build process, but there likely is a more elegant solution to this issue. With this patch applied, Python 3.4.5 compiled and tests ran cleanly locally both the x64 and Win32 targets, compiled using Visual Studio 2010. 1. http://svn.python.org/projects/external/openssl-1.0.2h/ ---------- components: Build, Windows files: openssl-upgrade.patch keywords: patch messages: 274739 nosy: paul.moore, scw, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Upgrade Python 3.4 to OpenSSL 1.0.2h type: security versions: Python 3.4 Added file: http://bugs.python.org/file44422/openssl-upgrade.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27995> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
