[New-bugs-announce] [issue27995] Upgrade Python 3.4 to OpenSSL 1.0.2h

Shaun Walbridge report at bugs.python.org
Tue Sep 6 23:21:47 EDT 2016

New submission from Shaun Walbridge:

>From the release notes of Python 3.4.5, I see that 3.4 is now in "security fixes only" mode, and no new installers will be created. That said, OpenSSL should be kept up to date so third-parties who build binaries from source will receive upstream patches (there are 18 CVEs against OpenSSL 1.0.2d). This patch upgrades OpenSSL to 1.0.2h for Windows builds.

I initially used the same fix applied in #26930 here, but the relevant intermediate OpenSSL headers (crypto/buildinf_amd64.h, crypto/buildinf_x86.h, crypto/opensslconf_amd64.h, crypto/opensslconf_x86.h) aren't included in the openssl-1.0.2h externals repository [1]. The included patch fixes this by forcing the intermediate configuration files to be written, which doesn't seem to add much to the compilation time and avoided deeper changes to the OpenSSL build process, but there likely is a more elegant solution to this issue.

With this patch applied, Python 3.4.5 compiled and tests ran cleanly locally both the x64 and Win32 targets, compiled using Visual Studio 2010. 

1. http://svn.python.org/projects/external/openssl-1.0.2h/

components: Build, Windows
files: openssl-upgrade.patch
keywords: patch
messages: 274739
nosy: paul.moore, scw, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Upgrade Python 3.4 to OpenSSL 1.0.2h
type: security
versions: Python 3.4
Added file: http://bugs.python.org/file44422/openssl-upgrade.patch

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list