| msg189018 - (view) |
Author: Antoine Pitrou (pitrou) *  |
Date: 2013-05-12 11:24 |
| 3.3 and default are currently fetching OpenSSL 1.0.1d for the Windows builds. It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures). Following is their description of the fix: “Changes between 1.0.1d and 1.0.1e [11 Feb 2013] *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI supporting platforms or when small records were transferred. [Andy Polyakov, Steve Henson]” |
|
|
| msg189039 - (view) |
Author: Yogesh Chaudhari (Yogesh.Chaudhari) * |
Date: 2013-05-12 14:44 |
| The following patch will make use of 1.0.1e version of OpenSSL |
|
|
| msg189052 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2013-05-12 17:55 |
| New changeset d047928ae3f6 by Georg Brandl in branch '3.3': Closes #17962: Build with OpenSSL 1.0.1e on Windows. http://hg.python.org/cpython/rev/d047928ae3f6 |
|
|
| msg189073 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2013-05-12 23:25 |
| Apparently it lacks the required SVN addition: The system cannot find the file specified. svn: E170000: URL 'http://svn.python.org/projects/external/openssl-1.0.1e' doesn't exist |
|
|
| msg189077 - (view) |
Author: Yogesh Chaudhari (Yogesh.Chaudhari) * |
Date: 2013-05-12 23:56 |
| I am not sure how http://www.openssl.org/source/openssl-1.0.1e.tar.gz can be provided to python svn. Doesn't that require svn credentials to check-out/add/check-in? |
|
|
| msg189100 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2013-05-13 05:58 |
| Yes, someone with SVN write access (Georg?) will have to do it. |
|
|
| msg189101 - (view) |
Author: Georg Brandl (georg.brandl) * |
Date: 2013-05-13 06:13 |
| I could, but the checked-in 1.0.1d is different from the tarball in some respects, so it's better for Martin to do this. |
|
|
| msg189106 - (view) |
Author: Yogesh Chaudhari (Yogesh.Chaudhari) * |
Date: 2013-05-13 08:25 |
| I would like to take a crack at it. Would it be possible(I mean permission wise)? How can I proceed? |
|
|
| msg189108 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2013-05-13 08:49 |
| I don't know how much work there is. Perhaps you want to produce a diff between the current "external" 1.0.1d and the upstream version. Otherwise just let Georg or Martin handle it ;) |
|
|
| msg189125 - (view) |
Author: Georg Brandl (georg.brandl) * |
Date: 2013-05-13 12:02 |
| I don't know what there is to do, so I can give no instructions. It's best to let Martin handle it. |
|
|
| msg189128 - (view) |
Author: Yogesh Chaudhari (Yogesh.Chaudhari) * |
Date: 2013-05-13 13:24 |
| @Antoine and @Georg: You are right. There is nothing much to be done. The only difference is those of auto-generated files like Makefile and other config files created after running ./config script. This just needs a simple add/commit from the openssl site. It seems there is nothing else AFAICS |
|
|
| msg189316 - (view) |
Author: Martin v. Löwis (loewis) * |
Date: 2013-05-15 22:27 |
| I have now updated the code. Yogesh: It is somewhat more that just committing the source; the assembler files need to be generated. The objective is to not require Perl on the build machines. |
|
|