You have to keep in mind that OpenSSL runs several Perl scripts as part of its build process. And it's one of these scripts that generates a header which defines the cflags variable:
I can compile the previous versions. I've used the same script for several years, and its not until this version today I have an issue. When seeing the issue, I actually tried compiling the old versions again and those still worked.
It would seem odd if they actually change the build process in a security patch, right? The instructions on how to build OpenSSL on Windows has not been changed in 2 years.
> It would seem odd if they actually change the build process in a security patch, right?
No release of OpenSSL has ever been "the previous release plus the minimal patches for a security fix". This isn't a security patch. It's a new release that happens to include some security patches.
It's a security patch in the sense that the only way to get the security patches is to install the new version.
But thanks for the info. That seems like a pretty bad practice when it comes to a lib such as OpenSSL. Having to do changes to the build process to integrate an urgent security fix seems less than optimal.
It would seem odd if they actually change the build process in a security patch, right? The instructions on how to build OpenSSL on Windows has not been changed in 2 years.