Author scw
Recipients paul.moore, scw, steve.dower, tim.golden, zach.ware
Date 2016-09-07.03:21:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1473218507.98.0.0291056472337.issue27995@psf.upfronthosting.co.za>
In-reply-to
Content
From the release notes of Python 3.4.5, I see that 3.4 is now in "security fixes only" mode, and no new installers will be created. That said, OpenSSL should be kept up to date so third-parties who build binaries from source will receive upstream patches (there are 18 CVEs against OpenSSL 1.0.2d). This patch upgrades OpenSSL to 1.0.2h for Windows builds.

I initially used the same fix applied in #26930 here, but the relevant intermediate OpenSSL headers (crypto/buildinf_amd64.h, crypto/buildinf_x86.h, crypto/opensslconf_amd64.h, crypto/opensslconf_x86.h) aren't included in the openssl-1.0.2h externals repository [1]. The included patch fixes this by forcing the intermediate configuration files to be written, which doesn't seem to add much to the compilation time and avoided deeper changes to the OpenSSL build process, but there likely is a more elegant solution to this issue.

With this patch applied, Python 3.4.5 compiled and tests ran cleanly locally both the x64 and Win32 targets, compiled using Visual Studio 2010. 


1. http://svn.python.org/projects/external/openssl-1.0.2h/
History
Date User Action Args
2016-09-07 03:21:48scwsetrecipients: + scw, paul.moore, tim.golden, zach.ware, steve.dower
2016-09-07 03:21:47scwsetmessageid: <1473218507.98.0.0291056472337.issue27995@psf.upfronthosting.co.za>
2016-09-07 03:21:47scwlinkissue27995 messages
2016-09-07 03:21:47scwcreate