[issue8569] Upgrade OpenSSL in Windows builds
Martin v. Löwis
report at bugs.python.org
Thu Apr 29 22:32:32 CEST 2010
Martin v. Löwis <martin at v.loewis.de> added the comment:
IIUC, Python is not affected by this security issue. 'short' is a 16-bit integer, so it only affects 0.9.8m, which isn't being used by Python. Therefore, from a security point of view, no action needs to be taken.
I don't think upgrading OpenSSL is appropriate for 2.7 at this point, so removing it from the version list.
For updating OpenSSL for 3.2, multiple occurrences must be changed; external-common is not the only place. At a minimum, PCbuild/pyproject.vsprops and PCbuild/readme.txt need to change as well. The OpenSSL tree needs to be imported into the externals repository, and our custom changes need to be reapplied. Whether further changes need to be applied to the source, can only be determined in testing. As all of this is a rather tedious procedure, we should be certain to only perform it once before the release of 3.2 (i.e. if we upgrade now, we shouldn't upgrade again three months from now).
----------
versions: -Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8569>
_______________________________________
More information about the Python-bugs-list
mailing list