Message 274739 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	scw
Recipients	paul.moore, scw, steve.dower, tim.golden, zach.ware
Date	2016-09-07.03:21:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1473218507.98.0.0291056472337.issue27995@psf.upfronthosting.co.za>
In-reply-to

Content
From the release notes of Python 3.4.5, I see that 3.4 is now in "security fixes only" mode, and no new installers will be created. That said, OpenSSL should be kept up to date so third-parties who build binaries from source will receive upstream patches (there are 18 CVEs against OpenSSL 1.0.2d). This patch upgrades OpenSSL to 1.0.2h for Windows builds. I initially used the same fix applied in #26930 here, but the relevant intermediate OpenSSL headers (crypto/buildinf_amd64.h, crypto/buildinf_x86.h, crypto/opensslconf_amd64.h, crypto/opensslconf_x86.h) aren't included in the openssl-1.0.2h externals repository [1]. The included patch fixes this by forcing the intermediate configuration files to be written, which doesn't seem to add much to the compilation time and avoided deeper changes to the OpenSSL build process, but there likely is a more elegant solution to this issue. With this patch applied, Python 3.4.5 compiled and tests ran cleanly locally both the x64 and Win32 targets, compiled using Visual Studio 2010. 1. http://svn.python.org/projects/external/openssl-1.0.2h/

From the release notes of Python 3.4.5, I see that 3.4 is now in "security fixes only" mode, and no new installers will be created. That said, OpenSSL should be kept up to date so third-parties who build binaries from source will receive upstream patches (there are 18 CVEs against OpenSSL 1.0.2d). This patch upgrades OpenSSL to 1.0.2h for Windows builds.

I initially used the same fix applied in #26930 here, but the relevant intermediate OpenSSL headers (crypto/buildinf_amd64.h, crypto/buildinf_x86.h, crypto/opensslconf_amd64.h, crypto/opensslconf_x86.h) aren't included in the openssl-1.0.2h externals repository [1]. The included patch fixes this by forcing the intermediate configuration files to be written, which doesn't seem to add much to the compilation time and avoided deeper changes to the OpenSSL build process, but there likely is a more elegant solution to this issue.

With this patch applied, Python 3.4.5 compiled and tests ran cleanly locally both the x64 and Win32 targets, compiled using Visual Studio 2010. 


1. http://svn.python.org/projects/external/openssl-1.0.2h/

History
Date	User	Action	Args
2016-09-07 03:21:48	scw	set	recipients: + scw, paul.moore, tim.golden, zach.ware, steve.dower
2016-09-07 03:21:47	scw	set	messageid: <1473218507.98.0.0291056472337.issue27995@psf.upfronthosting.co.za>
2016-09-07 03:21:47	scw	link	issue27995 messages
2016-09-07 03:21:47	scw	create