Update to OpenSSL 3.0.13 (& 1.1.1w) in our binary release build process. #109991

gpshead · 2023-09-27T22:15:03Z

Bug report

Bug description:

We need to upgrade the OpenSSL versions we build & bundle into our binary releases before the next release. More security fixes as usual. In particular https://nvd.nist.gov/vuln/detail/CVE-2023-4807 applies to our 64-bit Windows binaries.

Pick the latest 3.0.x and 1.1.1 releases at the time the work is done. 3.0.11 today, and if we build binaries for older shipping-with-1.1 branches, 1.1.1w. We should update the binary build tooling in older release branches for those to at least reference and pull in 1.1.1w even if we aren't shipping new binary releases on those ourselves.

CPython versions tested on:

3.8, 3.9, 3.10, 3.11, 3.12

Operating systems tested on:

macOS, Windows

Linked PRs

zooba · 2023-09-27T23:08:01Z

I just pushed updated Windows builds of OpenSSL to the cpython-bin-deps for OpenSSL 1.1.1w and 3.0.11.

(cherry picked from commit 884cd18)

…ssltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002)

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002) (cherry picked from commit c88037d) Co-authored-by: Ned Deily <nad@python.org>

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002) (cherry picked from commit c88037d)

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (cherry picked from commit c88037d)

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

…d multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (#110006) (cherry picked from commit c88037d)

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

…nGH-110003) (cherry picked from commit 98c0c1d) Co-authored-by: Ned Deily <nad@python.org>

…nGH-115052) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.

…ythonGH-115050) Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. (cherry picked from commit 299e16c) Co-authored-by: Ned Deily <nad@python.org>

…15053) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

…15054) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

…H-115055) Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. (cherry picked from commit 299e16c) Co-authored-by: Ned Deily <nad@python.org>

…H-115057) Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.

Yhg1s · 2024-02-06T07:46:30Z

Is there anything left to do before the next 3.12 release (scheduled for today)?

ned-deily · 2024-02-06T07:50:26Z

Is there anything left to do before the next 3.12 release (scheduled for today)?

I think we are good to go for 3.12 and 3.11. There could be backports needed for 3.10, 3.9, and 3.8 at the discretion of their release managers.

zware · 2024-02-06T16:39:31Z

The 3.8-3.10 Windows builds are still on 1.1.1w and would require a larger-than-usual backport to jump up to 3.0. I'm not sure it's worthwhile since we're no longer producing binaries for those versions. If we do decide to do that backport I think it's worth a new issue, so I'm closing this one.

…15043)

…nGH-115052)

…ython#115050) Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002)

…nGH-110003)

…-110054)

…honGH-110055)

gpshead added type-bug An unexpected behavior, bug, or error type-security A security issue release-blocker 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.8 (EOL) end of life 3.12 bugs and security fixes labels Sep 27, 2023

ezio-melotti added this to Release and Deferred blockers 🚫 Sep 27, 2023

github-project-automation bot moved this to Todo in Release and Deferred blockers 🚫 Sep 27, 2023

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10.

9e474ee

(cherry picked from commit 884cd18)

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10.

884cd18

ned-deily added a commit that referenced this issue Sep 28, 2023

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multi…

c88037d

…ssltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.12] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002) #110005

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

71b5e28

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002) (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110006

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

f61c97a

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.10] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110007

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

0055be1

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

ned-deily added a commit that referenced this issue Sep 28, 2023

[3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 an…

1fd6a73

…d multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (#110006) (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.9] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11. #110008

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

7e84a0b

… multissltests to use 1.1.1w and 3.0.11. (cherry picked from commit c88037d)

bedevere-app bot mentioned this issue Sep 28, 2023

[3.8] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11. #110009

Closed

ned-deily added a commit that referenced this issue Sep 28, 2023

gh-109991: Update macOS installer to use OpenSSL 3.0.10. (GH-110003)

98c0c1d

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 28, 2023

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10. (pytho…

44f15da

…nGH-110003) (cherry picked from commit 98c0c1d) Co-authored-by: Ned Deily <nad@python.org>

ned-deily added a commit to ned-deily/cpython that referenced this issue Feb 6, 2024

pythongh-109991: Update macOS installer to use OpenSSL 3.0.13.

cbd7b0b

bedevere-app bot mentioned this issue Feb 6, 2024

gh-109991: Update macOS installer to use OpenSSL 3.0.13. #115052

Merged

ned-deily added a commit that referenced this issue Feb 6, 2024

gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-115052)

638e811

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Feb 6, 2024

pythongh-109991: Update macOS installer to use OpenSSL 3.0.13. (pytho…

1019541

…nGH-115052) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

miss-islington pushed a commit to miss-islington/cpython that referenced this issue Feb 6, 2024

pythongh-109991: Update macOS installer to use OpenSSL 3.0.13. (pytho…

f695913

…nGH-115052) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

This was referenced Feb 6, 2024

[3.12] gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-115052) #115053

Merged

[3.11] gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-115052) #115054

Merged

ned-deily added a commit that referenced this issue Feb 6, 2024

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (#115050)

299e16c

Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.

bedevere-app bot mentioned this issue Feb 6, 2024

[3.12] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (GH-115050) #115055

Merged

ned-deily added a commit that referenced this issue Feb 6, 2024

[3.12] gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-1…

51f8c04

…15053) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

ned-deily added a commit that referenced this issue Feb 6, 2024

[3.11] gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-1…

753d0d5

…15054) (cherry picked from commit 638e811) Co-authored-by: Ned Deily <nad@python.org>

bedevere-app bot mentioned this issue Feb 6, 2024

[3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (GH-115050) #115057

Merged

ned-deily added a commit to ned-deily/cpython that referenced this issue Feb 6, 2024

Merge branch '3.11' into pythongh-109991-openssll3013-tests-311

da0c986

ned-deily added a commit that referenced this issue Feb 6, 2024

[3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (G…

319e695

…H-115057) Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.

zware closed this as completed Feb 6, 2024

github-project-automation bot moved this from Todo to Done in Release and Deferred blockers 🚫 Feb 6, 2024

zware added 3.13 bugs and security fixes and removed release-blocker labels Feb 6, 2024

fsc-eriker pushed a commit to fsc-eriker/cpython that referenced this issue Feb 14, 2024

pythongh-109991: Update Windows build to use OpenSSL 3.0.13 (python#1…

168b617

…15043)

fsc-eriker pushed a commit to fsc-eriker/cpython that referenced this issue Feb 14, 2024

pythongh-109991: Update macOS installer to use OpenSSL 3.0.13. (pytho…

7f2f30e

…nGH-115052)

fsc-eriker pushed a commit to fsc-eriker/cpython that referenced this issue Feb 14, 2024

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (p…

51ab7b1

…ython#115050) Also update multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.

Glyphack pushed a commit to Glyphack/cpython that referenced this issue Sep 2, 2024

pythongh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and…

c020aee

… multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (pythongh-110002)

Glyphack pushed a commit to Glyphack/cpython that referenced this issue Sep 2, 2024

pythongh-109991: Update macOS installer to use OpenSSL 3.0.10. (pytho…

b1ba422

…nGH-110003)

Glyphack pushed a commit to Glyphack/cpython that referenced this issue Sep 2, 2024

pythongh-109991: Update Windows build to use OpenSSL 3.0.11 (pythonGH…

8d51c73

…-110054)

Glyphack pushed a commit to Glyphack/cpython that referenced this issue Sep 2, 2024

pythongh-109991: Remove obsolete NEWS entries for OpenSSL 3.0.10 (pyt…

965f377

…honGH-110055)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to OpenSSL 3.0.13 (& 1.1.1w) in our binary release build process. #109991

Update to OpenSSL 3.0.13 (& 1.1.1w) in our binary release build process. #109991

gpshead commented Sep 27, 2023 •

edited by bedevere-app bot

Loading

zooba commented Sep 27, 2023

Yhg1s commented Feb 6, 2024

ned-deily commented Feb 6, 2024

zware commented Feb 6, 2024

Update to OpenSSL 3.0.13 (& 1.1.1w) in our binary release build process. #109991

Update to OpenSSL 3.0.13 (& 1.1.1w) in our binary release build process. #109991

Comments

gpshead commented Sep 27, 2023 • edited by bedevere-app bot Loading

Bug report

Bug description:

CPython versions tested on:

Operating systems tested on:

Linked PRs

zooba commented Sep 27, 2023

Yhg1s commented Feb 6, 2024

ned-deily commented Feb 6, 2024

zware commented Feb 6, 2024

gpshead commented Sep 27, 2023 •

edited by bedevere-app bot

Loading