Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcb37100

Browse files
authored
[3.10]gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) (#105204)
Upgrade builds to OpenSSL 1.1.1u.This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t.The Mac/BuildScript/build-installer.py was already updated.Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9.Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting).(cherry picked from commitede89af).(cherry picked from commita5d2b54)(cherry picked from commitf90d3f6)Co-authored-by: Gregory P. Smith <greg@krypto.org>
1 parentf12502b commitcb37100

File tree

11 files changed

+186
-18
lines changed

11 files changed

+186
-18
lines changed

‎.azure-pipelines/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ jobs:
5757
variables:
5858
testRunTitle:'$(build.sourceBranchName)-linux'
5959
testRunPlatform:linux
60-
openssl_version:1.1.1t
60+
openssl_version:1.1.1u
6161

6262
steps:
6363
-template:./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
8383
variables:
8484
testRunTitle:'$(Build.SourceBranchName)-linux-coverage'
8585
testRunPlatform:linux-coverage
86-
openssl_version:1.1.1t
86+
openssl_version:1.1.1u
8787

8888
steps:
8989
-template:./posix-steps.yml

‎.azure-pipelines/pr.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ jobs:
5757
variables:
5858
testRunTitle:'$(system.pullRequest.TargetBranch)-linux'
5959
testRunPlatform:linux
60-
openssl_version:1.1.1t
60+
openssl_version:1.1.1u
6161

6262
steps:
6363
-template:./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
8383
variables:
8484
testRunTitle:'$(Build.SourceBranchName)-linux-coverage'
8585
testRunPlatform:linux-coverage
86-
openssl_version:1.1.1t
86+
openssl_version:1.1.1u
8787

8888
steps:
8989
-template:./posix-steps.yml

‎.github/workflows/build.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ jobs:
203203
needs:check_source
204204
if:needs.check_source.outputs.run_tests == 'true'
205205
env:
206-
OPENSSL_VER:1.1.1t
206+
OPENSSL_VER:1.1.1u
207207
PYTHONSTRICTEXTENSIONBUILD:1
208208
steps:
209209
-uses:actions/checkout@v3
@@ -247,7 +247,7 @@ jobs:
247247
strategy:
248248
fail-fast:false
249249
matrix:
250-
openssl_ver:[1.1.1t, 3.0.8, 3.1.0-beta1]
250+
openssl_ver:[1.1.1u, 3.0.9, 3.1.1]
251251
env:
252252
OPENSSL_VER:${{ matrix.openssl_ver }}
253253
MULTISSL_DIR:${{ github.workspace }}/multissl

‎Mac/BuildScript/build-installer.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -246,9 +246,9 @@ def library_recipes():
246246

247247
result.extend([
248248
dict(
249-
name="OpenSSL 1.1.1t",
250-
url="https://www.openssl.org/source/openssl-1.1.1t.tar.gz",
251-
checksum='8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b',
249+
name="OpenSSL 1.1.1u",
250+
url="https://www.openssl.org/source/openssl-1.1.1u.tar.gz",
251+
checksum='e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6',
252252
buildrecipe=build_universal_openssl,
253253
configure=None,
254254
install=None,
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u
2+
to address several CVEs.

‎Modules/_ssl_data_111.h

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* File generated by Tools/ssl/make_ssl_data.py *//* Generated on2021-04-09T09:36:21.493286 */
1+
/* File generated by Tools/ssl/make_ssl_data.py *//* Generated on2023-06-01T02:58:04.081473 */
22
staticstructpy_ssl_library_codelibrary_codes[]= {
33
#ifdefERR_LIB_ASN1
44
{"ASN1",ERR_LIB_ASN1},
@@ -1375,6 +1375,11 @@ static struct py_ssl_error_code error_codes[] = {
13751375
#else
13761376
{"UNSUPPORTED_COMPRESSION_ALGORITHM",46,151},
13771377
#endif
1378+
#ifdefCMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM
1379+
{"UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM",ERR_LIB_CMS,CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM},
1380+
#else
1381+
{"UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM",46,194},
1382+
#endif
13781383
#ifdefCMS_R_UNSUPPORTED_CONTENT_TYPE
13791384
{"UNSUPPORTED_CONTENT_TYPE",ERR_LIB_CMS,CMS_R_UNSUPPORTED_CONTENT_TYPE},
13801385
#else
@@ -4860,6 +4865,11 @@ static struct py_ssl_error_code error_codes[] = {
48604865
#else
48614866
{"MISSING_PARAMETERS",20,290},
48624867
#endif
4868+
#ifdefSSL_R_MISSING_PSK_KEX_MODES_EXTENSION
4869+
{"MISSING_PSK_KEX_MODES_EXTENSION",ERR_LIB_SSL,SSL_R_MISSING_PSK_KEX_MODES_EXTENSION},
4870+
#else
4871+
{"MISSING_PSK_KEX_MODES_EXTENSION",20,310},
4872+
#endif
48634873
#ifdefSSL_R_MISSING_RSA_CERTIFICATE
48644874
{"MISSING_RSA_CERTIFICATE",ERR_LIB_SSL,SSL_R_MISSING_RSA_CERTIFICATE},
48654875
#else
@@ -5065,6 +5075,11 @@ static struct py_ssl_error_code error_codes[] = {
50655075
#else
50665076
{"NULL_SSL_METHOD_PASSED",20,196},
50675077
#endif
5078+
#ifdefSSL_R_OCSP_CALLBACK_FAILURE
5079+
{"OCSP_CALLBACK_FAILURE",ERR_LIB_SSL,SSL_R_OCSP_CALLBACK_FAILURE},
5080+
#else
5081+
{"OCSP_CALLBACK_FAILURE",20,294},
5082+
#endif
50685083
#ifdefSSL_R_OLD_SESSION_CIPHER_NOT_RETURNED
50695084
{"OLD_SESSION_CIPHER_NOT_RETURNED",ERR_LIB_SSL,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED},
50705085
#else

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp