From 4a73fb1991ce0ae0f5f3736554d6e9f92a8e2cf9 Mon Sep 17 00:00:00 2001
From: dumol <dumol@gnome.org>
Date: Fri, 16 Aug 2024 09:04:12 +0000
Subject: [PATCH] More changes after own review.

---
 chevah_build       |  2 +-
 src/openssl/README | 14 ++++++++------
 src/python/README  |  2 +-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/chevah_build b/chevah_build
index 6b8d86aad..7cf2f6325 100755
--- a/chevah_build
+++ b/chevah_build
@@ -21,7 +21,7 @@ BZIP2_VERSION="1.0.8"
 LIBEDIT_VERSION="20170329-3.1"
 # As of November 2023, security patches for OpenSSL 1.1.1 are private.
 # More at https://openssl-library.org/news/vulnerabilities-1.1.1/index.html.
-# Some fixes can still be found in the OpenSSL 1.1.1f sources from Ubuntu 20.04.
+# See src/openssl/README for details on where to get them anyway.
 OPENSSL_VERSION="1.1.1w-chevah2"
 SQLITE_VERSION="3.46.0"
 
diff --git a/src/openssl/README b/src/openssl/README
index 581259c5d..446ab4e87 100644
--- a/src/openssl/README
+++ b/src/openssl/README
@@ -1,9 +1,11 @@
-# OpenSSL 1.0.2 sources are patched with latest security fixes from the
+# OpenSSL 1.1.1 tree is patched with security fixes for the 1.1.1f sources in
+# Ubuntu 20.04 at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/.
+# E.g. see debian/patches in openssl_1.1.1f-1ubuntu2.23.debian.tar.xz.
+
+# OpenSSL 1.0.2 tree is patched with the security fixes from the
 # CentOS 7 sources at https://git.centos.org/rpms/openssl/blob/c7/f/SOURCES.
 # Latest patches are at https://git.centos.org/rpms/openssl/commits/c7.
-# If not found above, latest patches for OpenSSL 1.1.1 are in 1.1.1f sources for
-# Ubuntu 20.04 at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/. E.g.
-# http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.23.debian.tar.xz
+
 # Until 2023, Ubuntu Server 16.04 source updates for OpenSSL 1.0.2 were
-# available at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/. E.g.
-# http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.19.debian.tar.xz
+# available at http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/.
+# E.g. see debian/patches in openssl_1.0.2g-1ubuntu4.19.debian.tar.xz.
diff --git a/src/python/README b/src/python/README
index f3d5a7602..8f46bd496 100644
--- a/src/python/README
+++ b/src/python/README
@@ -15,7 +15,7 @@ to apply to our Python sources tree, then issue something like:
     patch -p1 < ~/Downloads/CVE-2020-10735.diff
 
 Python sources are currently patched from upstream Active State branch up to and
-including fixes from Aug 9, 2024 for ActiveState Python version 2.7.18.10.
+including fixes from Aug 13, 2024 for ActiveState Python version 2.7.18.10.
 
 Patches that can be applied on Windows as hot fixes (see below for more details)
 are saved as diff files in the current directory. They are also applied on