Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32k
gh-131423: Update OpenSSL data to 3.4.1 on Linux#131618
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Since mnemonics from 3.4.1 are different (renumbered) from 3.4.0.To ease future updates, we assume the following:`_ssl_data_<MAJOR><PATCH>.h` contains the latest OpenSSL data. If theprevious `_ssl_data_<MAJOR><PATCH>.h` file is incompatible with thenewest one (e.g., because some mnemonics were renamed or removed), theold one is renamed to `_ssl_data_<MAJOR><MINOR><PATCH>.h` where <PATCH>is the patch number it was based upon.In this commit, OpenSSL 3.4.1 mnemonics are not compatible with OpenSSL3.4.0 mnemonics as they were renumbered. Therefore, `_ssl_data_34.h` isrenamed to `_ssl_data_340.h` and `_ssl_data_34x.h` now contains OpenSSL3.4.1 mnemonics.We also refined the mnemonics that are selected, discarding those thatare mnemonics-like but should not be used as such (e.g., ERR_LIB_MASKand ERR_LIB_OFFSET for OpenSSL 1.1.1).
05ee142 to5bbc702CompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
arf, I'm not on my Linux so I can't regen :< I'm leaving tomorrow morning so I'm not really sure I'll be able to commit before leaving, but otherwise, just take over the PR and regen the data! |
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The macOS build-installer.py changes LGTM, thanks!
bedevere-bot commentedApr 5, 2025
🤖 New build scheduled with the buildbot fleet by@picnixz for commit905f1a5 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F131618%2Fmerge If you want to schedule another build, you need to add the🔨 test-with-buildbots label again. |
To avoid surprises, I'm running the build bots. If they pass, I'll merge this one so that we can close the other issue. I think the Windows-related failures were recently solved as well |
picnixz commentedApr 5, 2025 • edited by hugovk
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by hugovk
Uh oh!
There was an error while loading.Please reload this page.
The iOS failure is known (PR#132050) |
I want to think about something. Mnenmonics were updated in 3.4.1 compared to 3.4.0, but that's only because Iknew that they were changed. However, we're actually having a #if (OPENSSL_VERSION_NUMBER >=0x30100000L)#include"_ssl_data_34.h" So I think I'll need a way to check first that when OpenSSL mnemonics changed so that we regenerate the correct files per version. |
@picnixz, with the 3.14.a7, 3.13.3, and 3.12.10 releases approaching in two days, I plan to update the macOS installers for those releases to use 3.0.16. If you don't expect to be able to merge this PR before then, I can pull out the build-installer.py change into a separate PR since it has no relation to any of the other changes in this PR. (And that's why I prefer to keep changes like this separate.) |
To be on the safe side, please do so. I don't want to block the macOS side with my interrogations. Hopefully I'll be able to merge this before the release. |
Uh oh!
There was an error while loading.Please reload this page.
Misc/NEWS.d/next/macOS/2025-03-23-11-32-09.gh-issue-131423.s1Lvli.rst OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
picnixz commentedApr 7, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Note: 3.4.1 includes CVE patchesbut since we're still in alpha, we can say that those security patches are not really necessarynow (in addition, they affect components that are not directly exposed by Python IIRC). So, I'll postpone this until after the release (I don't want to have surprises where a mnemonic change would be actually annoying for a user) |
I'll merge this one and work on#132745. |
6a9bfee intopython:mainUh oh!
There was an error while loading.Please reload this page.
Rationale for not backporting:#131423 (comment). |
Uh oh!
There was an error while loading.Please reload this page.
I've also updated the
make_ssl_data.pyscript that@encukou has recently updated as well. I completed with instructions that I thought usefull for future maintainers.📚 Documentation preview 📚:https://cpython-previews--131618.org.readthedocs.build/