[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required (original) (raw)
Ned Deily nad at acm.org
Tue Jun 17 21:03:40 CEST 2014
- Previous message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Next message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In article <81f84430ce0242e5bfa5b2264777df56 at BLUPR03MB389.namprd03.prod.outlook.com
, Steve Dower <Steve.Dower at microsoft.com> wrote: You'll only need to rebuild the ssl and hashlib extension modules with the new OpenSSL version. The easiest way to do this is to build from source (which has already been updated for 1.0.1h if you use the externals scripts in Tools\buildbot), and you should just be able to drop ssl.pyd and hashlib.pyd on top of a normal install.
Should we consider doing a re-spin of the Windows installers for 2.7.7 with 1.0.1h? Or consider doing a 2.7.8 in the near future to address this and various 2.7.7 regressions that have been identified so far (Issues 21652 and 21672)?
Aside: I wonder if it's worth changing to dynamically linking to OpenSSL? It would make this kind of in-place upgrade easier when people need to do it. Any thoughts? (Does OpenSSL even support it?)
OpenSSL is often dynamically linked in Python builds on various other platforms, for example, on Linux or OS X.
-- Ned Deily, nad at acm.org
- Previous message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Next message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]