Update to OpenSSL 3.0.11+ (& 1.1.1w+) in our binary release build process. #109991

gpshead · 2023-09-27T22:15:03Z

Bug report

Bug description:

We need to upgrade the OpenSSL versions we build & bundle into our binary releases before the next release. More security fixes as usual. In particular https://nvd.nist.gov/vuln/detail/CVE-2023-4807 applies to our 64-bit Windows binaries.

Pick the latest 3.0.x and 1.1.1 releases at the time the work is done. 3.0.11 today, and if we build binaries for older shipping-with-1.1 branches, 1.1.1w. We should update the binary build tooling in older release branches for those to at least reference and pull in 1.1.1w even if we aren't shipping new binary releases on those ourselves.

CPython versions tested on:

3.8, 3.9, 3.10, 3.11, 3.12

Operating systems tested on:

macOS, Windows

Linked PRs

zooba · 2023-09-27T23:08:01Z

I just pushed updated Windows builds of OpenSSL to the cpython-bin-deps for OpenSSL 1.1.1w and 3.0.11.

(cherry picked from commit 884cd18)

…ssltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002)

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002) (cherry picked from commit c88037d) Co-authored-by: Ned Deily <nad@python.org>

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002) (cherry picked from commit c88037d)

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (cherry picked from commit c88037d)

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

…d multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (#110006) (cherry picked from commit c88037d)

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

…nGH-110003) (cherry picked from commit 98c0c1d) Co-authored-by: Ned Deily <nad@python.org>

ned-deily · 2023-09-28T06:22:50Z

PRs submitted and/or merged to update OpenSSL in GHA CI for main/3.13, 3.12, 3.11, 3.10, 3.9, and 3.9.
PRs submitted and/or merged to update to OpenSSL 3.0.11 in macOS installer builds for main, 3.12, and 3.11.

…10010) (cherry picked from commit 98c0c1d) Co-authored-by: Ned Deily <nad@python.org>

…d multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (#110007) gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (cherry picked from commit c88037d)

) gh-109991: Update macOS installer to use OpenSSL 3.0.10. (cherry picked from commit 884cd18)

…d multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002) (#110005) gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002) (cherry picked from commit c88037d) Co-authored-by: Ned Deily <nad@python.org>

…-110054) (cherry picked from commit cf4c297) Co-authored-by: Zachary Ware <zach@python.org>

…ythonGH-110054) (cherry picked from commit cf4c297)

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002)

…nGH-110003)

…-110054)

…honGH-110055)

(cherry picked from commit cf4c297)

…) (#110056) gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110054) (cherry picked from commit cf4c297) Co-authored-by: Zachary Ware <zach@python.org>

Yhg1s · 2023-10-02T11:17:45Z

Are all the necessary changes in for 3.12 to be released? (I think they are, just double-checking.)

ned-deily · 2023-10-02T12:05:21Z

Yes, they are now.

Co-authored-by: Zachary Ware <zachary.ware@gmail.com>

gpshead added type-bug An unexpected behavior, bug, or error type-security A security issue release-blocker 3.11 bug and security fixes 3.10 only security fixes 3.9 only security fixes 3.8 only security fixes 3.12 bugs and security fixes labels Sep 27, 2023

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10.

9e474ee

(cherry picked from commit 884cd18)

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10.

884cd18

ned-deily added a commit that referenced this issue Sep 28, 2023

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multi…

c88037d

…ssltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.12] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002) #110005

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

71b5e28

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002) (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110006

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

f61c97a

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.10] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110007

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

0055be1

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

ned-deily added a commit that referenced this issue Sep 28, 2023

[3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 an…

1fd6a73

…d multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (#110006) (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.9] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11. #110008

Open

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

7e84a0b

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.8] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11. #110009

Open

ned-deily added a commit that referenced this issue Sep 28, 2023

gh-109991: Update macOS installer to use OpenSSL 3.0.10. (GH-110003)

98c0c1d

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10. (pytho…

44f15da

…nGH-110003) (cherry picked from commit 98c0c1d) Co-authored-by: Ned Deily <nad@python.org>

bedevere-app bot mentioned this issue Sep 28, 2023

[3.11] gh-109991: Update macOS installer to use OpenSSL 3.0.10. (GH-110003) #110010

Merged

ned-deily added a commit that referenced this issue Sep 28, 2023

[3.11] gh-109991: Update macOS installer to use OpenSSL 3.0.10. (GH-1…

82dea84

…10010) (cherry picked from commit 98c0c1d) Co-authored-by: Ned Deily <nad@python.org>

Yhg1s pushed a commit that referenced this issue Sep 28, 2023

[3.12] gh-109991: Update macOS installer to use OpenSSL 3.0.10. (#110004

f3b6185

) gh-109991: Update macOS installer to use OpenSSL 3.0.10. (cherry picked from commit 884cd18)

zware mentioned this issue Sep 28, 2023

Openssl 1.1.1w support in cpython-bin-deps and cpython-source-deps #109820

Closed

zware added a commit to zware/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update Windows build to use OpenSSL 3.0.11

393d3b5

bedevere-app bot mentioned this issue Sep 28, 2023

gh-109991: Update Windows build to use OpenSSL 3.0.11 #110054

Merged

zware added a commit to zware/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Remove obsolete NEWS entries for OpenSSL 3.0.10

24371e7

bedevere-app bot mentioned this issue Sep 28, 2023

gh-109991: Remove obsolete NEWS entries for OpenSSL 3.0.10 #110055

Merged

zware added a commit that referenced this issue Sep 28, 2023

gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110054)

cf4c297

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update Windows build to use OpenSSL 3.0.11 (pythonGH…

27b4f99

…-110054) (cherry picked from commit cf4c297) Co-authored-by: Zachary Ware <zach@python.org>

bedevere-app bot mentioned this issue Sep 28, 2023

[3.12] gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110054) #110056

Merged

zware added a commit that referenced this issue Sep 28, 2023

gh-109991: Remove obsolete NEWS entries for OpenSSL 3.0.10 (GH-110055)

b488c0d

bedevere-app bot mentioned this issue Sep 28, 2023

[3.11] gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110054) #110059

Merged

zware added a commit to zware/cpython that referenced this issue Sep 28, 2023

[3.11] pythongh-109991: Update Windows build to use OpenSSL 3.0.11 (p…

b8ea25e

…ythonGH-110054) (cherry picked from commit cf4c297)

csm10495 pushed a commit to csm10495/cpython that referenced this issue Sep 29, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

cfca8f0

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002)

csm10495 pushed a commit to csm10495/cpython that referenced this issue Sep 29, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10. (pytho…

2924a41

…nGH-110003)

csm10495 pushed a commit to csm10495/cpython that referenced this issue Sep 29, 2023

pythongh-109991: Update Windows build to use OpenSSL 3.0.11 (pythonGH…

98387b0

…-110054)

csm10495 pushed a commit to csm10495/cpython that referenced this issue Sep 29, 2023

pythongh-109991: Remove obsolete NEWS entries for OpenSSL 3.0.10 (pyt…

ffe2712

…honGH-110055)

zooba added a commit to zooba/cpython that referenced this issue Sep 29, 2023

pythongh-109991: Update Windows build to use OpenSSL 1.1.1w

05a837b

bedevere-app bot mentioned this issue Sep 29, 2023

[3.10] gh-109991: Update Windows build to use OpenSSL 1.1.1w #110090

Merged

zware added a commit that referenced this issue Sep 29, 2023

[3.11] gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110059)

d87217f

(cherry picked from commit cf4c297)

Bizordec mentioned this issue Oct 5, 2023

Add support for "scope" option jbms/sphinx-immaterial#284

Open

ambv pushed a commit that referenced this issue Oct 10, 2023

[3.10] gh-109991: Update Windows build to use OpenSSL 1.1.1w (GH-110090)

dcb16c9

Co-authored-by: Zachary Ware <zachary.ware@gmail.com>

Update to OpenSSL 3.0.11+ (& 1.1.1w+) in our binary release build process. #109991

Update to OpenSSL 3.0.11+ (& 1.1.1w+) in our binary release build process. #109991

gpshead commented Sep 27, 2023 •

edited by bedevere-app bot

zooba commented Sep 27, 2023

ned-deily commented Sep 28, 2023

Yhg1s commented Oct 2, 2023

ned-deily commented Oct 2, 2023

Update to OpenSSL 3.0.11+ (& 1.1.1w+) in our binary release build process. #109991

Update to OpenSSL 3.0.11+ (& 1.1.1w+) in our binary release build process. #109991

Comments

gpshead commented Sep 27, 2023 • edited by bedevere-app bot

Bug report

Bug description:

CPython versions tested on:

Operating systems tested on:

Linked PRs

zooba commented Sep 27, 2023

ned-deily commented Sep 28, 2023

Yhg1s commented Oct 2, 2023

ned-deily commented Oct 2, 2023

gpshead commented Sep 27, 2023 •

edited by bedevere-app bot