More changes after own review.

chevah · Aug 16, 2024 · 4a73fb1 · 4a73fb1
1 parent c01cfef
commit 4a73fb1
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/chevah_build b/chevah_build
@@ -21,7 +21,7 @@ BZIP2_VERSION="1.0.8"
 LIBEDIT_VERSION="20170329-3.1"
 # As of November 2023, security patches for OpenSSL 1.1.1 are private.
 # More at https://openssl-library.org/news/vulnerabilities-1.1.1/index.html.
-# Some fixes can still be found in the OpenSSL 1.1.1f sources from Ubuntu 20.04.
+# See src/openssl/README for details on where to get them anyway.
 OPENSSL_VERSION="1.1.1w-chevah2"
 SQLITE_VERSION="3.46.0"
 

diff --git a/src/openssl/README b/src/openssl/README
@@ -1,9 +1,11 @@
-# OpenSSL 1.0.2 sources are patched with latest security fixes from the
+# OpenSSL 1.1.1 tree is patched with security fixes for the 1.1.1f sources in
+# Ubuntu 20.04 at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/.
+# E.g. see debian/patches in openssl_1.1.1f-1ubuntu2.23.debian.tar.xz.
+
+# OpenSSL 1.0.2 tree is patched with the security fixes from the
 # CentOS 7 sources at https://git.centos.org/rpms/openssl/blob/c7/f/SOURCES.
 # Latest patches are at https://git.centos.org/rpms/openssl/commits/c7.
-# If not found above, latest patches for OpenSSL 1.1.1 are in 1.1.1f sources for
-# Ubuntu 20.04 at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/. E.g.
-# http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.23.debian.tar.xz
+
 # Until 2023, Ubuntu Server 16.04 source updates for OpenSSL 1.0.2 were
-# available at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/. E.g.
-# http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.19.debian.tar.xz
+# available at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/.
+# E.g. see debian/patches in openssl_1.0.2g-1ubuntu4.19.debian.tar.xz.
diff --git a/src/python/README b/src/python/README
@@ -15,7 +15,7 @@ to apply to our Python sources tree, then issue something like:
     patch -p1 < ~/Downloads/CVE-2020-10735.diff
 
 Python sources are currently patched from upstream Active State branch up to and
-including fixes from Aug 9, 2024 for ActiveState Python version 2.7.18.10.
+including fixes from Aug 13, 2024 for ActiveState Python version 2.7.18.10.
 
 Patches that can be applied on Windows as hot fixes (see below for more details)
 are saved as diff files in the current directory. They are also applied on