classification
Title: Update python.org installers to use OpenSSL 1.0.2f
Type: security Stage: resolved
Components: Build, macOS, Windows Versions: Python 3.6, Python 3.5, Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder: Upgrade OpenSSL shipped with python installers
View: 26465
Assigned To: Nosy List: ned.deily, paul.moore, python-dev, ronaldoussoren, steve.dower, tim.golden, zach.ware
Priority: normal Keywords:

Created on 2016-02-02 19:24 by zach.ware, last changed 2017-09-08 02:35 by vstinner. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3447 closed vstinner, 2017-09-08 02:35
Messages (5)
msg259422 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2016-02-02 19:24
http://openssl.org/news/secadv/20160128.txt
msg260296 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-02-15 05:47
New changeset 1ceb431e1876 by Ned Deily in branch '2.7':
Issue #26268: Update OS X 10.5+ installer build to use OpenSSL 1.0.2f.
https://hg.python.org/cpython/rev/1ceb431e1876

New changeset 3c3eae72dd04 by Ned Deily in branch '3.5':
Issue #26268: Update OS X 10.5+ installer build to use OpenSSL 1.0.2f.
https://hg.python.org/cpython/rev/3c3eae72dd04

New changeset 6759581f9fd3 by Ned Deily in branch 'default':
Issue #26268: merge from 3.5
https://hg.python.org/cpython/rev/6759581f9fd3
msg260667 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-02-22 10:17
New changeset 3be29e684ccf by Zachary Ware in branch '2.7':
Issue #26268: Update Windows builds to use OpenSSL 1.0.2f
https://hg.python.org/cpython/rev/3be29e684ccf

New changeset e1187d3204e9 by Zachary Ware in branch '3.5':
Issue #26268: Update the prepare_ssl.py script
https://hg.python.org/cpython/rev/e1187d3204e9

New changeset 82afdf5a8c7b by Zachary Ware in branch '3.5':
Issue #26268: Update Windows builds to use OpenSSL 1.0.2f
https://hg.python.org/cpython/rev/82afdf5a8c7b

New changeset 365ab6287783 by Zachary Ware in branch 'default':
Issue #26268: Merge with 3.5
https://hg.python.org/cpython/rev/365ab6287783
msg260668 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2016-02-22 10:25
OpenSSL seems to have FUBARed their release process, such that the include/ directory no longer includes anything.  As such I had to update prepare_ssl.py to handle creating include directories for 32 and 64 bit.  This is somewhat wasteful since the only thing really different between the two is opensslconf.h, but this is the simplest approach.

With that update, builds of 2.7 using the old project files in PC/VS9.0 now require Perl to be available to create the makefile.  I don't think this is an undue burden; on the other hand, making prepare_ssl.py handle the requirements of the old build_ssl.py is far more effort than I want to invest.

Steve, would you mind double-checking my work if you get a chance?  I committed in a bit of a hurry at the request of Intel.
msg261179 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2016-03-03 22:26
Doesn't really matter, since we get to do it all again with #26465.
History
Date User Action Args
2017-09-08 02:35:36vstinnersetpull_requests: + pull_request3444
2016-03-03 22:26:43steve.dowersetstatus: pending -> closed
superseder: Upgrade OpenSSL shipped with python installers
messages: + msg261179

resolution: fixed -> out of date
stage: commit review -> resolved
2016-02-22 10:25:46zach.waresetstatus: open -> pending
type: security
messages: + msg260668

resolution: fixed
stage: needs patch -> commit review
2016-02-22 10:17:27python-devsetmessages: + msg260667
2016-02-15 05:47:49python-devsetnosy: + python-dev
messages: + msg260296
2016-02-02 19:24:17zach.warecreate