gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u #105174
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py file appears to have already been updated.
|
#105129 does more of this, so anything missing can probably just be moved over into that. @ned-deily |
|
@gpshead Sorry I didn't ping you earlier. I did not attempt to do the Windows changes. I figured that should be in a separate PR since the versions don't always match up. But feel free to use either PR. |
|
I'm doing updated binaries for Windows now. I'll let you know when they're done |
|
Binaries are up now. I'll hit rerun |
gpshead
commented
Jun 1, 2023
There was a problem hiding this comment.
vs https://github.com/python/cpython/pull/105129/files I manually reverted edits that removed definitions from this file as for the purposes of backporting, I don't want names to disappear. some were FIPS related and I'm blindly guessing that those may be special to some vendor openssl builds without digging into the history? regardless there is no harm in keeping names, everything is #ifdef based.
There was a problem hiding this comment.
I'm adding this, generated from 3.1.1 but do not intend to backport it beyond 3.12 (and if it causes anyone trouble in 3.12-land, we can just revert it there or re-add whatever is missing).
diff it vs the _300 file, you'll see the things missing that I avoided removing from the _300 one.
|
many backport labels removed as older backports will be generated from the 3.11 backport PR and successively chained ones as many backport edits will be the same. |
ned-deily
approved these changes
Jun 1, 2023
|
Thanks @gpshead for the PR |
|
Sorry, @gpshead, I could not cleanly backport this to |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jun 1, 2023
…onGH-105174) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9, and adds a new _ssl_data_31.h file from 3.1.1 along with the ssl.c code to use it. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). backports of this prior to 3.12 will not include the openssl 3.1 header. (cherry picked from commit ede89af) Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
GH-105199 is a backport of this pull request to the 3.12 branch. |
gpshead
added a commit
that referenced
this pull request
Jun 1, 2023
…105174) (#105199) gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9, and adds a new _ssl_data_31.h file from 3.1.1 along with the ssl.c code to use it. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). backports of this prior to 3.12 will not include the openssl 3.1 header. (cherry picked from commit ede89af) Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
gpshead
added a commit
to gpshead/cpython
that referenced
this pull request
Jun 1, 2023
pythonGH-105174) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9, and adds a new _ssl_data_31.h file from 3.1.1 along with the ssl.c code to use it. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). backports of this prior to 3.12 will not include the openssl 3.1 header.. (cherry picked from commit ede89af) Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
GH-105200 is a backport of this pull request to the 3.11 branch. |
gpshead
added a commit
that referenced
this pull request
Jun 1, 2023
…105174) (#105200) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af)
gpshead
added a commit
to gpshead/cpython
that referenced
this pull request
Jun 1, 2023
…L 1.1.1u (pythonGH-105174) (pythonGH-105200) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af). (cherry picked from commit a5d2b54) Co-authored-by: Gregory P. Smith <greg@krypto.org>
gpshead
added a commit
to gpshead/cpython
that referenced
this pull request
Jun 1, 2023
…pythonGH-105174) (python#105200) Upgrade builds to OpenSSL 1.1.1u. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af)
ambv
pushed a commit
that referenced
this pull request
Jun 5, 2023
…05174) (GH-105200) (#105205) Upgrade builds to OpenSSL 1.1.1u. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af) Co-authored-by: Ned Deily <nad@python.org>
ambv
pushed a commit
that referenced
this pull request
Jun 5, 2023
…105174) (GH-105200) (#105204) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af). (cherry picked from commit a5d2b54) (cherry picked from commit f90d3f6) Co-authored-by: Gregory P. Smith <greg@krypto.org>
ambv
pushed a commit
to ambv/cpython
that referenced
this pull request
Jun 6, 2023
…1.1.1u (pythonGH-105174) (pythonGH-105200) (pythonGH-105205) Upgrade builds to OpenSSL 1.1.1u. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af) (cherry picked from commit e15de14) Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Ned Deily <nad@python.org>
ambv
added a commit
that referenced
this pull request
Jun 6, 2023
…05174) (GH-105200) (GH-105205) (#105370) Upgrade builds to OpenSSL 1.1.1u. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af) (cherry picked from commit e15de14) Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Ned Deily <nad@python.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t.
The
Mac/BuildScript/build-installer.pyfile appears to have already been updated.