variables:
testRunTitle: '$(build.sourceBranchName)-linux'
testRunPlatform: linux
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1t
steps:
- template: ./posix-steps.yml
variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1t
steps:
- template: ./posix-steps.yml
variables:
testRunTitle: '$(system.pullRequest.TargetBranch)-linux'
testRunPlatform: linux
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1t
steps:
- template: ./posix-steps.yml
variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1t
steps:
- template: ./posix-steps.yml
needs: check_source
if: needs.check_source.outputs.run_tests == 'true'
env:
- OPENSSL_VER: 1.1.1n
+ OPENSSL_VER: 1.1.1t
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- uses: actions/checkout@v3
strategy:
fail-fast: false
matrix:
- openssl_ver: [1.0.2u, 1.1.0l, 1.1.1n, 3.0.2]
+ openssl_ver: [1.0.2u, 1.1.0l, 1.1.1t, 3.0.8, 3.1.0-beta1]
env:
OPENSSL_VER: ${{ matrix.openssl_ver }}
MULTISSL_DIR: ${{ github.workspace }}/multissl
result.extend([
dict(
- name="OpenSSL 1.1.1n",
- url="https://www.openssl.org/source/openssl-1.1.1n.tar.gz",
- checksum='2aad5635f9bb338bc2c6b7d19cbc9676',
+ name="OpenSSL 1.1.1t",
+ url="https://www.openssl.org/source/openssl-1.1.1t.tar.gz",
+ checksum='1cfee919e0eac6be62c88c5ae8bcd91e',
buildrecipe=build_universal_openssl,
configure=None,
install=None,
--- /dev/null
+Updated the OpenSSL version used in Windows and macOS binary release builds
+to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per
+`the OpenSSL 2023-02-07 security advisory
+<https://www.openssl.org/news/secadv/20230207.txt>`_.
set libraries=
set libraries=%libraries% bzip2-1.0.8
if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.3.0
-if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1s
+if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1t
set libraries=%libraries% sqlite-3.37.2.0
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.12.0
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.12.0
set binaries=
if NOT "%IncludeLibffi%"=="false" set binaries=%binaries% libffi-3.3.0
-if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1s
+if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1t
if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.12.0
if NOT "%IncludeSSLSrc%"=="false" set binaries=%binaries% nasm-2.11.06
<ExternalsDir>$(EXTERNALS_DIR)</ExternalsDir>
<ExternalsDir Condition="$(ExternalsDir) == ''">$([System.IO.Path]::GetFullPath(`$(PySourcePath)externals`))</ExternalsDir>
<ExternalsDir Condition="!HasTrailingSlash($(ExternalsDir))">$(ExternalsDir)\</ExternalsDir>
- <sqlite3Dir>$(ExternalsDir)sqlite-3.37.2.0\</sqlite3Dir>
- <bz2Dir>$(ExternalsDir)bzip2-1.0.8\</bz2Dir>
- <lzmaDir>$(ExternalsDir)xz-5.2.5\</lzmaDir>
- <libffiDir>$(ExternalsDir)libffi-3.3.0\</libffiDir>
- <libffiOutDir>$(ExternalsDir)libffi-3.3.0\$(ArchName)\</libffiOutDir>
- <libffiIncludeDir>$(libffiOutDir)include</libffiIncludeDir>
- <opensslDir>$(ExternalsDir)openssl-1.1.1s\</opensslDir>
- <opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1s\$(ArchName)\</opensslOutDir>
- <opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir>
- <nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir>
- <zlibDir>$(ExternalsDir)\zlib-1.2.12\</zlibDir>
-
+ </PropertyGroup>
+
+ <Import Project="$(ExternalProps)" Condition="$(ExternalProps) != '' and Exists('$(ExternalProps)')" />
+
+ <PropertyGroup>
+ <sqlite3Dir Condition="$(sqlite3Dir) == ''">$(ExternalsDir)sqlite-3.37.2.0\</sqlite3Dir>
+ <bz2Dir Condition="$(bz2Dir) == ''">$(ExternalsDir)bzip2-1.0.8\</bz2Dir>
+ <lzmaDir Condition="$(lzmaDir) == ''">$(ExternalsDir)xz-5.2.5\</lzmaDir>
+ <libffiDir Condition="$(libffiDir) == ''">$(ExternalsDir)libffi-3.3.0\</libffiDir>
+ <libffiOutDir Condition="$(libffiOutDir) == ''">$(libffiDir)$(ArchName)\</libffiOutDir>
+ <libffiIncludeDir Condition="$(libffiIncludeDir) == ''">$(libffiOutDir)include</libffiIncludeDir>
+ <opensslDir Condition="$(opensslDir) == ''">$(ExternalsDir)openssl-1.1.1t\</opensslDir>
+ <opensslOutDir Condition="$(opensslOutDir) == ''">$(ExternalsDir)openssl-bin-1.1.1t\$(ArchName)\</opensslOutDir>
+ <opensslIncludeDir Condition="$(opensslIncludeDir) == ''">$(opensslOutDir)include</opensslIncludeDir>
+ <nasmDir Condition="$(nasmDir) == ''">$(ExternalsDir)\nasm-2.11.06\</nasmDir>
+ <zlibDir Condition="$(zlibDir) == ''">$(ExternalsDir)\zlib-1.2.12\</zlibDir>
+ </PropertyGroup>
+
+ <PropertyGroup>
<!-- Suffix for all binaries when building for debug -->
<PyDebugExt Condition="'$(PyDebugExt)' == '' and $(Configuration) == 'Debug'">_d</PyDebugExt>
Homepage:
https://tukaani.org/xz/
_ssl
- Python wrapper for version 1.1.1k of the OpenSSL secure sockets
+ Python wrapper for version 1.1.1t of the OpenSSL secure sockets
library, which is downloaded from our binaries repository at
https://github.com/python/cpython-bin-deps.
]
OPENSSL_RECENT_VERSIONS = [
- "1.1.1n",
- "3.0.2"
+ "1.1.1t",
+ "3.0.8"
]
LIBRESSL_OLD_VERSIONS = [
projects / thirdparty / Python / cpython.git / commitdiff
