classification
Title: Upgrade Azure Pipelines to OpenSSL 1.1.1f
Type: Stage: resolved
Components: Tests Versions: Python 3.9, Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: miss-islington, steve.dower, vstinner
Priority: normal Keywords: patch

Created on 2020-04-02 00:13 by vstinner, last changed 2020-04-03 01:45 by vstinner. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 19288 merged vstinner, 2020-04-02 00:15
PR 19293 merged miss-islington, 2020-04-02 01:06
PR 19294 merged miss-islington, 2020-04-02 01:06
PR 19320 merged vstinner, 2020-04-03 00:44
PR 19323 merged miss-islington, 2020-04-03 01:05
PR 19324 merged miss-islington, 2020-04-03 01:05
Messages (11)
msg365534 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-02 00:13
The "Install Dependencies" step of the Ubuntu PR Tests job of Azure Pipelines failed with:
---
*** INFO /home/vsts/work/1/s/multissl/openssl/1.1.1d/bin/openssl
*** INFO Downloading from https://www.openssl.org/source/openssl-1.1.1d.tar.gz
Traceback (most recent call last):
(...)
urllib.error.HTTPError: HTTP Error 404: Not Found
---

The problem is that the tarball of OpenSSL 1.1.1d moved from /source/ to /source/old/ directory.

bpo-40125 updated multissl to OpenSSL 1.1.1f.

I propose to use the same OpenSSL version for Azure Pipelines.

By the way, PCbuild/get_externals.bat and Mac/BuildScript/build-installer.py still use OpenSSL 1.1.1d (released at 2019-Sep-10). It's maybe time to upgrade these as well.
msg365536 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-02 00:22
Because of this issue, "Azure Pipelines PR" fails on pull requests and so it's no longer possible to merge any pull request.
msg365544 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-02 00:53
New changeset 224e1c34d677ef42fe665ac008a000d4dcec1398 by Victor Stinner in branch 'master':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288)
https://github.com/python/cpython/commit/224e1c34d677ef42fe665ac008a000d4dcec1398
msg365548 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-02 01:05
Hum, right now 3.7 and 3.8 still work because they use a cache:

"Cache restored from key: Linux-multissl-openssl-1.1.1d"

But I think that the fix should be backported to 3.7 and 3.8 as well.
msg365550 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-02 01:12
> But I think that the fix should be backported to 3.7 and 3.8 as well.

Alright, it's required. Azure Pipelines now fails on 3.7 as well which prevents me to merge PR 19292 security fix.
msg365551 - (view) Author: miss-islington (miss-islington) Date: 2020-04-02 01:23
New changeset 8e069fc2ee19f40ce97e61e880bb409ed415d98c by Miss Islington (bot) in branch '3.7':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288)
https://github.com/python/cpython/commit/8e069fc2ee19f40ce97e61e880bb409ed415d98c
msg365552 - (view) Author: miss-islington (miss-islington) Date: 2020-04-02 01:26
New changeset 40fff1ff04aa5bc2cf1b965d573b87c48e4da8cc by Miss Islington (bot) in branch '3.8':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288)
https://github.com/python/cpython/commit/40fff1ff04aa5bc2cf1b965d573b87c48e4da8cc
msg365554 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-02 01:39
Ok, the issue should now be fixed.
msg365662 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-03 01:05
New changeset 1767a0490f80c7b90d81051db24ef2b82cd9434f by Victor Stinner in branch 'master':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320)
https://github.com/python/cpython/commit/1767a0490f80c7b90d81051db24ef2b82cd9434f
msg365666 - (view) Author: miss-islington (miss-islington) Date: 2020-04-03 01:25
New changeset f2296ef9ce586bf2f51c125b085c2b080768040c by Miss Islington (bot) in branch '3.8':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320)
https://github.com/python/cpython/commit/f2296ef9ce586bf2f51c125b085c2b080768040c
msg365669 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2020-04-03 01:45
New changeset 7ed2acc6e89cea07f140fc374a77e8b36442df2e by Miss Islington (bot) in branch '3.7':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320) (GH-19324)
https://github.com/python/cpython/commit/7ed2acc6e89cea07f140fc374a77e8b36442df2e
History
Date User Action Args
2020-04-03 01:45:43vstinnersetmessages: + msg365669
2020-04-03 01:25:57miss-islingtonsetmessages: + msg365666
2020-04-03 01:05:31miss-islingtonsetpull_requests: + pull_request18689
2020-04-03 01:05:24miss-islingtonsetpull_requests: + pull_request18688
2020-04-03 01:05:13vstinnersetmessages: + msg365662
2020-04-03 00:44:10vstinnersetpull_requests: + pull_request18685
2020-04-02 01:39:51vstinnersetstatus: open -> closed
versions: + Python 3.7, Python 3.8
messages: + msg365554

resolution: fixed
stage: patch review -> resolved
2020-04-02 01:26:16miss-islingtonsetmessages: + msg365552
2020-04-02 01:23:18miss-islingtonsetmessages: + msg365551
2020-04-02 01:12:16vstinnersetmessages: + msg365550
2020-04-02 01:06:16miss-islingtonsetpull_requests: + pull_request18653
2020-04-02 01:06:08miss-islingtonsetnosy: + miss-islington
pull_requests: + pull_request18652
2020-04-02 01:05:42vstinnersetnosy: + steve.dower
messages: + msg365548
2020-04-02 00:53:37vstinnersetmessages: + msg365544
2020-04-02 00:22:15vstinnersetmessages: + msg365536
2020-04-02 00:15:11vstinnersetkeywords: + patch
stage: patch review
pull_requests: + pull_request18647
2020-04-02 00:13:47vstinnercreate