Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update OpenSSL to 1.0.2d in Windows and OS X installer #68791

Closed
FriedrichSpeevonLangenfeld mannequin opened this issue Jul 10, 2015 · 5 comments
Closed

Update OpenSSL to 1.0.2d in Windows and OS X installer #68791

FriedrichSpeevonLangenfeld mannequin opened this issue Jul 10, 2015 · 5 comments
Labels
build The build process and cross-build OS-mac OS-windows release-blocker type-security A security issue

Comments

@FriedrichSpeevonLangenfeld
Copy link
Mannequin

BPO 24603
Nosy @pfmoore, @ronaldoussoren, @vstinner, @larryhastings, @tjguk, @benjaminp, @ned-deily, @zware, @zooba

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2015-07-24.23:27:50.699>
created_at = <Date 2015-07-10.09:38:54.749>
labels = ['type-security', 'OS-mac', 'build', 'OS-windows', 'release-blocker']
title = 'Update OpenSSL to 1.0.2d in Windows and OS X installer'
updated_at = <Date 2015-07-24.23:27:50.698>
user = 'https://bugs.python.org/FriedrichSpeevonLangenfeld'

bugs.python.org fields:

activity = <Date 2015-07-24.23:27:50.698>
actor = 'ned.deily'
assignee = 'none'
closed = True
closed_date = <Date 2015-07-24.23:27:50.699>
closer = 'ned.deily'
components = ['Build', 'macOS', 'Windows']
creation = <Date 2015-07-10.09:38:54.749>
creator = 'Friedrich.Spee.von.Langenfeld'
dependencies = []
files = []
hgrepos = []
issue_num = 24603
keywords = []
message_count = 5.0
messages = ['246552', '246553', '246564', '247089', '247304']
nosy_count = 11.0
nosy_names = ['paul.moore', 'ronaldoussoren', 'vstinner', 'larry', 'tim.golden', 'benjamin.peterson', 'ned.deily', 'python-dev', 'zach.ware', 'steve.dower', 'Friedrich.Spee.von.Langenfeld']
pr_nums = []
priority = 'release blocker'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue24603'
versions = ['Python 2.7', 'Python 3.4', 'Python 3.5', 'Python 3.6']
@FriedrichSpeevonLangenfeld
Copy link
Mannequin Author

The developers of OpenSSL have published a new update. It fixes a bug marked as severe (https://www.openssl.org/news/secadv_20150709.txt). It seems that we are using a vulnerable version. Could someone who knows the relevant files' locations update our repository? Many thanks in advance.

@FriedrichSpeevonLangenfeld FriedrichSpeevonLangenfeld mannequin added build The build process and cross-build type-security A security issue labels Jul 10, 2015
@vstinner
Copy link
Member

Yes, read the discussion on python-dev:
https://mail.python.org/pipermail/python-dev/2015-July/140706.html

Christian Heimes wrote:

"1.0.2c is only used in 3.5b3. The production builds are either using
1.0.2a or 1.0.1j."

Should I understand that only Windows installers of the beta version of Python 3.5 are vulnerable?

@ned-deily
Copy link
Member

The Windows installer and the 32-bit-only OS X installer both have local copies of OpenSSL. At the moment, only the 3.5.0 betas have been released with 1.0.2. Setting to release blocker priority for 3.5.0b4.

@ned-deily ned-deily changed the title New update of OpenSSL Update OpenSSL to 1.0.2d in Windows and OS X installer Jul 10, 2015
@python-dev
Copy link
Mannequin

python-dev mannequin commented Jul 22, 2015

New changeset 53c0c8914ad0 by Zachary Ware in branch '2.7':
Issue bpo-24603: Update Windows build to use OpenSSL 1.0.2d
https://hg.python.org/cpython/rev/53c0c8914ad0

New changeset f4cd9ac378d7 by Zachary Ware in branch '3.4':
Issue bpo-24603: Update the Windows build to use OpenSSL 1.0.2d
https://hg.python.org/cpython/rev/f4cd9ac378d7

New changeset 2930e23d729f by Zachary Ware in branch '3.5':
Issue bpo-24603: Update the Windows build to use OpenSSL 1.0.2d
https://hg.python.org/cpython/rev/2930e23d729f

New changeset 310613b993d4 by Zachary Ware in branch 'default':
Issue bpo-24603: Merge with 3.5
https://hg.python.org/cpython/rev/310613b993d4

@python-dev
Copy link
Mannequin

python-dev mannequin commented Jul 24, 2015

New changeset 7ba239d4efbb by Ned Deily in branch '2.7':
Issue bpo-24603: Update the OS X 32-bit installer build to use OpenSSL 1.0.2d.
https://hg.python.org/cpython/rev/7ba239d4efbb

New changeset 436b8902b305 by Ned Deily in branch '3.4':
Issue bpo-24603: Update the OS X 32-bit installer build to use OpenSSL 1.0.2d.
https://hg.python.org/cpython/rev/436b8902b305

New changeset 78254d483573 by Ned Deily in branch '3.5':
Issue bpo-24603: merge from 3.4
https://hg.python.org/cpython/rev/78254d483573

New changeset d205e7e5f9aa by Ned Deily in branch 'default':
Issue bpo-24603: merge from 3.5
https://hg.python.org/cpython/rev/d205e7e5f9aa

@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build The build process and cross-build OS-mac OS-windows release-blocker type-security A security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vstinner @ned-deily