Issue 40164: Upgrade Windows and macOS installer builds to OpenSSL 1.1.1g

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/84345

classification

Title:	Upgrade Windows and macOS installer builds to OpenSSL 1.1.1g
Type:		Stage:	resolved
Components:	macOS, Windows	Versions:	Python 3.10, Python 3.9, Python 3.8, Python 3.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	christian.heimes, lukasz.langa, miss-islington, ned.deily, paul.moore, ronaldoussoren, steve.dower, thatiparthy, tim.golden, zach.ware
Priority:		Keywords:	patch

Created on 2020-04-03 00:56 by ned.deily, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 19359	merged	steve.dower, 2020-04-04 12:14
PR 19361	merged	steve.dower, 2020-04-04 14:22
PR 19362	merged	steve.dower, 2020-04-04 14:24
PR 19642	merged	ned.deily, 2020-04-22 02:14
PR 19643	merged	miss-islington, 2020-04-22 02:41
PR 19644	merged	miss-islington, 2020-04-22 02:41
PR 20834	merged	thatiparthy, 2020-06-12 18:05
PR 20839	merged	miss-islington, 2020-06-12 20:46
PR 20840	merged	steve.dower, 2020-06-12 20:57
PR 20841	merged	steve.dower, 2020-06-12 20:57

Messages (23)
msg365657 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-04-03 00:56
1.1.1f released 2020-03-31 Reminder to Windows team to update Windows build. Reminder to macOS team to update macOS installer build. (note: please don't submit a PR or patch for this!) https://www.openssl.org/source/
msg365727 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-04-03 21:50
I've pushed new binaries for OpenSSL 1.1.1f on Windows. I'll try and to the rest over the weekend, but if someone else wants to do the PCbuild PR feel free.
msg365764 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-04-04 14:19
New changeset a1d4dbdfc78e3aed4c245e1810ef24eaa4e744c2 by Steve Dower in branch 'master': bpo-40164: Update Windows to OpenSSL 1.1.1f (GH-19359) https://github.com/python/cpython/commit/a1d4dbdfc78e3aed4c245e1810ef24eaa4e744c2
msg365766 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-04-04 14:47
New changeset 37126e7bd242bce03f3c4f208d8871edd3febcbe by Steve Dower in branch '3.8': bpo-40164: Update Windows to OpenSSL 1.1.1f (GH-19359) https://github.com/python/cpython/commit/37126e7bd242bce03f3c4f208d8871edd3febcbe
msg365767 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-04-04 14:47
New changeset e7a47c23dd25a144ec4afc2db46393818694926f by Steve Dower in branch '3.7': bpo-40164: Update Windows to OpenSSL 1.1.1f (GH-19359) https://github.com/python/cpython/commit/e7a47c23dd25a144ec4afc2db46393818694926f
msg366932 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-04-21 17:34
And today (2020-04-21) 1.1.1g is released with a high severity fix.
msg366940 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-04-21 21:02
That'll teach me for being so quick on this... Are we even impacted by the issue though? I don't see any calls to SSL_check_chain() in our code or the SSL sources. Advisory: https://www.openssl.org/news/secadv/20200421.txt Full diff: https://github.com/openssl/openssl/compare/OpenSSL_1_1_1f...OpenSSL_1_1_1g
msg366955 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-04-21 23:43
> Are we even impacted by the issue though? Certainly we use a check_chain function at least indirectly but, whether that path is vulnerable, dunno. But, in any case, we will no doubt be pinged about it so best to be ahead of the curve, I think.
msg366970 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-04-22 02:41
New changeset 783a673f23c5e9ffafe12fe172e119dc0fa2abda by Ned Deily in branch 'master': bpo-40164: Update macOS installer builds to use OpenSSL 1.1.1g. (GH-19642) https://github.com/python/cpython/commit/783a673f23c5e9ffafe12fe172e119dc0fa2abda
msg366971 - (view)	Author: miss-islington (miss-islington)	Date: 2020-04-22 03:00
New changeset 9e51aab37e9af6fa0fe406fd56184a0aded28e11 by Miss Islington (bot) in branch '3.8': bpo-40164: Update macOS installer builds to use OpenSSL 1.1.1g. (GH-19642) https://github.com/python/cpython/commit/9e51aab37e9af6fa0fe406fd56184a0aded28e11
msg366972 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-04-22 03:04
New changeset 7ad3adda9bff8a9055eaf0b66489e8204f1e7cc6 by Miss Islington (bot) in branch '3.7': bpo-40164: Update macOS installer builds to use OpenSSL 1.1.1g. (GH-19642) (GH-19644) https://github.com/python/cpython/commit/7ad3adda9bff8a9055eaf0b66489e8204f1e7cc6
msg369244 - (view)	Author: Łukasz Langa (lukasz.langa) *	Date: 2020-05-18 15:24
Should this still be open?
msg369245 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-05-18 15:28
I believe the Windows builds are still using 1.1.1f.
msg371343 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-06-12 08:37
Any chance of getting the Windows builds using 1.1.1g for the upcoming 3.7.8?
msg371401 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-12 17:43
Yeah, I'll get onto it now.
msg371402 - (view)	Author: Srinivas Reddy Thatiparthy(శ్రీనివాస్ రెడ్డి తాటిపర్తి) (thatiparthy) *	Date: 2020-06-12 18:12
Steve, I have done it. And I didn't see your reply.
msg371404 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-12 18:46
Thanks. Your PR will start to work once I've done the updated build, so don't worry about the failure right now. OpenSSL updates require build manager involvement, so it's blocked on me :)
msg371414 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-12 20:03
Okay, new sources and build are up, so I retriggered the PR. If it's all good, I'll merge and backport.
msg371417 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-12 20:46
New changeset 80d827c3cb041ae72b9b0572981c50bdd1fe2cab by Srinivas Reddy Thatiparthy (శ్రీనివాస్ రెడ్డి తాటిపర్తి) in branch 'master': bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834) https://github.com/python/cpython/commit/80d827c3cb041ae72b9b0572981c50bdd1fe2cab
msg371419 - (view)	Author: miss-islington (miss-islington)	Date: 2020-06-12 21:06
New changeset 166d7234b5ae07f78feb5ddfb3026fbd2a1a36e2 by Miss Islington (bot) in branch '3.9': bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834) https://github.com/python/cpython/commit/166d7234b5ae07f78feb5ddfb3026fbd2a1a36e2
msg371421 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-12 21:15
New changeset 7e57c367d65f3d0219978b465dc00da15ae3724c by Steve Dower in branch '3.8': bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834) https://github.com/python/cpython/commit/7e57c367d65f3d0219978b465dc00da15ae3724c
msg371422 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-12 21:15
New changeset 617af99312ca36ad5a08db764858caf11c92a2c0 by Steve Dower in branch '3.7': bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834) https://github.com/python/cpython/commit/617af99312ca36ad5a08db764858caf11c92a2c0
msg371426 - (view)	Author: Ned Deily (ned.deily) *	Date: 2020-06-12 22:35
Thanks, Steve and Srinivas!

History
Date	User	Action	Args
2022-04-11 14:59:29	admin	set	github: 84345
2020-06-12 22:35:11	ned.deily	set	priority: deferred blocker -> messages: + msg371426 versions: + Python 3.10
2020-06-12 21:22:14	steve.dower	set	status: open -> closed resolution: fixed stage: patch review -> resolved
2020-06-12 21:15:31	steve.dower	set	messages: + msg371422
2020-06-12 21:15:00	steve.dower	set	messages: + msg371421
2020-06-12 21:06:56	miss-islington	set	messages: + msg371419
2020-06-12 20:57:27	steve.dower	set	pull_requests: + pull_request20034
2020-06-12 20:57:26	steve.dower	set	pull_requests: + pull_request20033
2020-06-12 20:46:53	miss-islington	set	pull_requests: + pull_request20032
2020-06-12 20:46:45	steve.dower	set	messages: + msg371417
2020-06-12 20:03:23	steve.dower	set	messages: + msg371414
2020-06-12 18:46:58	steve.dower	set	messages: + msg371404
2020-06-12 18:12:22	thatiparthy	set	messages: + msg371402
2020-06-12 18:05:47	thatiparthy	set	nosy: + thatiparthy pull_requests: + pull_request20028
2020-06-12 17:43:04	steve.dower	set	messages: + msg371401
2020-06-12 08:37:44	ned.deily	set	messages: + msg371343
2020-05-18 15:28:33	ned.deily	set	messages: + msg369245
2020-05-18 15:24:36	lukasz.langa	set	nosy: + lukasz.langa messages: + msg369244
2020-04-22 03:04:19	ned.deily	set	messages: + msg366972
2020-04-22 03:00:34	miss-islington	set	messages: + msg366971
2020-04-22 02:41:56	miss-islington	set	pull_requests: + pull_request18968
2020-04-22 02:41:48	miss-islington	set	nosy: + miss-islington pull_requests: + pull_request18967
2020-04-22 02:41:40	ned.deily	set	messages: + msg366970
2020-04-22 02:14:17	ned.deily	set	pull_requests: + pull_request18966
2020-04-21 23:43:26	ned.deily	set	messages: + msg366955
2020-04-21 21:02:35	steve.dower	set	nosy: + christian.heimes messages: + msg366940
2020-04-21 17:34:05	ned.deily	set	messages: + msg366932 title: Upgrade Windows and macOS installer builds to OpenSSL 1.1.1f -> Upgrade Windows and macOS installer builds to OpenSSL 1.1.1g
2020-04-04 14:47:50	steve.dower	set	messages: + msg365767
2020-04-04 14:47:46	steve.dower	set	messages: + msg365766
2020-04-04 14:24:34	steve.dower	set	pull_requests: + pull_request18724
2020-04-04 14:22:24	steve.dower	set	pull_requests: + pull_request18723
2020-04-04 14:19:15	steve.dower	set	messages: + msg365764
2020-04-04 12:14:36	steve.dower	set	keywords: + patch stage: needs patch -> patch review pull_requests: + pull_request18721
2020-04-03 21:50:15	steve.dower	set	messages: + msg365727
2020-04-03 00:56:28	ned.deily	create