classification
Title: Upgrade installers to OpenSSL 1.1.0g and 1.0.2n
Type: enhancement Stage: patch review
Components: macOS, SSL, Windows Versions: Python 3.7, Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, vstinner, zach.ware
Priority: normal Keywords: patch

Created on 2017-09-08 02:52 by steve.dower, last changed 2017-12-09 21:18 by ned.deily.

Pull Requests
URL Status Linked Edit
PR 3448 merged steve.dower, 2017-09-08 02:53
PR 3466 merged christian.heimes, 2017-09-08 22:19
PR 4715 merged ned.deily, 2017-12-05 03:10
PR 4716 merged python-dev, 2017-12-05 03:25
Messages (11)
msg301673 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2017-09-08 02:52
As per usual
msg301744 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-08 22:16
New changeset e6eb48c10dc389d1d70657593de6a6cb3087d3d1 by Christian Heimes (Steve Dower) in branch 'master':
bpo-31400: Improve SSL error handling on Windows (#3463)
https://github.com/python/cpython/commit/e6eb48c10dc389d1d70657593de6a6cb3087d3d1
msg301770 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2017-09-09 13:13
New changeset b84bcc48ae31c385fe480c08c05d95212ef7fcdc by Steve Dower in branch 'master':
bpo-31392: Update SSL build for 1.1.0 (#3448)
https://github.com/python/cpython/commit/b84bcc48ae31c385fe480c08c05d95212ef7fcdc
msg301776 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-09 15:22
New changeset 16f16dbd0ed02cd1a7b270eb6dd80d9bd179902e by Christian Heimes in branch '3.6':
[3.6] bpo-31400: Improve SSL error handling on Windows (GH-3463) (#3466)
https://github.com/python/cpython/commit/16f16dbd0ed02cd1a7b270eb6dd80d9bd179902e
msg302160 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-14 09:37
Ned, can you take care of macOS? Victor noted that master still builds with 1.0.2k.
msg302161 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-09-14 09:39
FYI I wrote a script to get the version of all library copies embedded in CPython:
https://github.com/haypo/misc/blob/master/cpython/external_versions.py

This is how I noticed the OpenSSL version inconsistency.
msg307519 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017-12-03 18:13
1.1.0g and 1.0.2m are out as of 2017-11-02 so both Windows and Mac installer builds for 3.7 and 3.6 should be updated.  (I'll take care of the Mac ones.)
msg307627 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017-12-05 03:24
New changeset 24e046987b8e34bb4f1f3fd9bd31f1d605e347dc by Ned Deily in branch 'master':
bpo-31392: Update macOS installer to use OpenSSL 1.0.2m (#4715)
https://github.com/python/cpython/commit/24e046987b8e34bb4f1f3fd9bd31f1d605e347dc
msg307633 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017-12-05 03:54
New changeset 0bec5e147a6c0f62517df8e7033a38087451d5d4 by Ned Deily (Miss Islington (bot)) in branch '3.6':
[3.6] bpo-31392: Update macOS installer to use OpenSSL 1.0.2m (GH-4715) (#4716)
https://github.com/python/cpython/commit/0bec5e147a6c0f62517df8e7033a38087451d5d4
msg307635 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017-12-05 04:02
Updated the 3.7.0a3 and 3.6.4 macOS installer builds to 1.0.2m; I'll get 3.7.x to 1.1.0 before 3.7.0a4.
msg307917 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2017-12-09 21:18
And now 1.0.2n is out. I'm not sure how vulnerable Python is to the main problem fixed (see https://www.openssl.org/news/secadv/20171207.txt) which only impacts 1.0.2.x but I'd be willing to pull it into 3.6.4 final for the Windows and macOS installers.
History
Date User Action Args
2017-12-09 21:18:21ned.deilysetmessages: + msg307917
title: Upgrade installers to OpenSSL 1.1.0g and 1.0.2m -> Upgrade installers to OpenSSL 1.1.0g and 1.0.2n
2017-12-05 04:02:20ned.deilysetmessages: + msg307635
2017-12-05 03:54:46ned.deilysetmessages: + msg307633
2017-12-05 03:25:48python-devsetpull_requests: + pull_request4626
2017-12-05 03:24:43ned.deilysetmessages: + msg307627
2017-12-05 03:10:15ned.deilysetstage: needs patch -> patch review
pull_requests: + pull_request4625
2017-12-03 18:13:32ned.deilysetversions: + Python 3.6
title: Upgrade installers to OpenSSL 1.1.0f -> Upgrade installers to OpenSSL 1.1.0g and 1.0.2m
messages: + msg307519

assignee: ned.deily ->
stage: patch review -> needs patch
2017-09-14 09:39:29vstinnersetnosy: + vstinner
messages: + msg302161
2017-09-14 09:37:40christian.heimessetassignee: christian.heimes -> ned.deily
messages: + msg302160
2017-09-09 15:22:13christian.heimessetmessages: + msg301776
2017-09-09 13:13:09steve.dowersetmessages: + msg301770
2017-09-08 22:19:40christian.heimessetpull_requests: + pull_request3459
2017-09-08 22:16:17christian.heimessetmessages: + msg301744
2017-09-08 02:53:17steve.dowersetkeywords: + patch
stage: patch review
pull_requests: + pull_request3448
2017-09-08 02:52:49steve.dowercreate