Upgrade Azure Pipelines to OpenSSL 1.1.1f #84327

vstinner · 2020-04-02T00:13:47Z

BPO	40146
Nosy	@vstinner, @zooba, @miss-islington
PRs	bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines #19288 [3.8] bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288) #19293 [3.7] bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288) #19294 bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines #19320 [3.8] bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320) #19323 [3.7] bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320) #19324

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2020-04-02.01:39:51.762>
created_at = <Date 2020-04-02.00:13:47.289>
labels = ['3.8', '3.7', 'tests', '3.9']
title = 'Upgrade Azure Pipelines to OpenSSL 1.1.1f'
updated_at = <Date 2020-04-03.01:45:43.806>
user = 'https://github.com/vstinner'

bugs.python.org fields:

activity = <Date 2020-04-03.01:45:43.806>
actor = 'vstinner'
assignee = 'none'
closed = True
closed_date = <Date 2020-04-02.01:39:51.762>
closer = 'vstinner'
components = ['Tests']
creation = <Date 2020-04-02.00:13:47.289>
creator = 'vstinner'
dependencies = []
files = []
hgrepos = []
issue_num = 40146
keywords = ['patch']
message_count = 11.0
messages = ['365534', '365536', '365544', '365548', '365550', '365551', '365552', '365554', '365662', '365666', '365669']
nosy_count = 3.0
nosy_names = ['vstinner', 'steve.dower', 'miss-islington']
pr_nums = ['19288', '19293', '19294', '19320', '19323', '19324']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue40146'
versions = ['Python 3.7', 'Python 3.8', 'Python 3.9']

vstinner · 2020-04-02T00:13:47Z

The "Install Dependencies" step of the Ubuntu PR Tests job of Azure Pipelines failed with:
---

*** INFO /home/vsts/work/1/s/multissl/openssl/1.1.1d/bin/openssl
*** INFO Downloading from https://www.openssl.org/source/openssl-1.1.1d.tar.gz
Traceback (most recent call last):
(...)
urllib.error.HTTPError: HTTP Error 404: Not Found

The problem is that the tarball of OpenSSL 1.1.1d moved from /source/ to /source/old/ directory.

bpo-40125 updated multissl to OpenSSL 1.1.1f.

I propose to use the same OpenSSL version for Azure Pipelines.

By the way, PCbuild/get_externals.bat and Mac/BuildScript/build-installer.py still use OpenSSL 1.1.1d (released at 2019-Sep-10). It's maybe time to upgrade these as well.

vstinner · 2020-04-02T00:22:15Z

Because of this issue, "Azure Pipelines PR" fails on pull requests and so it's no longer possible to merge any pull request.

vstinner · 2020-04-02T00:53:37Z

New changeset 224e1c3 by Victor Stinner in branch 'master':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288)
224e1c3

vstinner · 2020-04-02T01:05:43Z

Hum, right now 3.7 and 3.8 still work because they use a cache:

"Cache restored from key: Linux-multissl-openssl-1.1.1d"

But I think that the fix should be backported to 3.7 and 3.8 as well.

vstinner · 2020-04-02T01:12:17Z

But I think that the fix should be backported to 3.7 and 3.8 as well.

Alright, it's required. Azure Pipelines now fails on 3.7 as well which prevents me to merge PR 19292 security fix.

miss-islington · 2020-04-02T01:23:19Z

New changeset 8e069fc by Miss Islington (bot) in branch '3.7':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288)
8e069fc

miss-islington · 2020-04-02T01:26:16Z

New changeset 40fff1f by Miss Islington (bot) in branch '3.8':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288)
40fff1f

vstinner · 2020-04-02T01:39:52Z

Ok, the issue should now be fixed.

vstinner · 2020-04-03T01:05:14Z

New changeset 1767a04 by Victor Stinner in branch 'master':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320)
1767a04

miss-islington · 2020-04-03T01:25:57Z

New changeset f2296ef by Miss Islington (bot) in branch '3.8':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320)
f2296ef

vstinner · 2020-04-03T01:45:44Z

New changeset 7ed2acc by Miss Islington (bot) in branch '3.7':
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320) (GH-19324)
7ed2acc

vstinner added 3.9 only security fixes tests Tests in the Lib/test dir labels Apr 2, 2020

vstinner added 3.7 (EOL) end of life 3.8 only security fixes labels Apr 2, 2020

vstinner closed this as completed Apr 2, 2020

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade Azure Pipelines to OpenSSL 1.1.1f #84327

Upgrade Azure Pipelines to OpenSSL 1.1.1f #84327

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

miss-islington commented Apr 2, 2020

miss-islington commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 3, 2020

miss-islington commented Apr 3, 2020

vstinner commented Apr 3, 2020

Upgrade Azure Pipelines to OpenSSL 1.1.1f #84327

Upgrade Azure Pipelines to OpenSSL 1.1.1f #84327

Comments

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 2, 2020

miss-islington commented Apr 2, 2020

miss-islington commented Apr 2, 2020

vstinner commented Apr 2, 2020

vstinner commented Apr 3, 2020

miss-islington commented Apr 3, 2020

vstinner commented Apr 3, 2020