Upgrade Windows and macOS installer builds to OpenSSL 1.1.1g #84345
Comments
|
1.1.1f released 2020-03-31 Reminder to Windows team to update Windows build. Reminder to macOS team to update macOS installer build. |
ned-deily
added
deferred-blocker
3.7 (EOL)
|
I've pushed new binaries for OpenSSL 1.1.1f on Windows. I'll try and to the rest over the weekend, but if someone else wants to do the PCbuild PR feel free. |
|
And today (2020-04-21) 1.1.1g is released with a high severity fix. |
ned-deily
changed the title
ned-deily
changed the title
|
That'll teach me for being so quick on this... Are we even impacted by the issue though? I don't see any calls to SSL_check_chain() in our code or the SSL sources. Advisory: https://www.openssl.org/news/secadv/20200421.txt |
Certainly we use a check_chain function at least indirectly but, whether that path is vulnerable, dunno. But, in any case, we will no doubt be pinged about it so best to be ahead of the curve, I think. |
|
Should this still be open? |
|
I believe the Windows builds are still using 1.1.1f. |
|
Any chance of getting the Windows builds using 1.1.1g for the upcoming 3.7.8? |
|
Yeah, I'll get onto it now. |
|
Steve, |
|
Thanks. Your PR will start to work once I've done the updated build, so don't worry about the failure right now. OpenSSL updates require build manager involvement, so it's blocked on me :) |
|
Okay, new sources and build are up, so I retriggered the PR. If it's all good, I'll merge and backport. |
|
Thanks, Steve and Srinivas! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: