Commit Graph

72 Commits

Author SHA1 Message Date
Gregory P. Smith
ede89af605
gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (#105174)
Upgrade builds to OpenSSL 1.1.1u.

This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t.

The Mac/BuildScript/build-installer.py was already updated.

Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9, and adds a new _ssl_data_31.h file from 3.1.1 along with the ssl.c code to use it.

Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting).

backports of this prior to 3.12 will not include the openssl 3.1 header.
2023-06-01 09:42:18 -07:00
Gregory P. Smith
b41c47cd06
gh-101726: Update the OpenSSL version to 1.1.1t (GH-101727)
Fixes CVE-2023-0286 (High) and a couple of Medium security issues.
https://www.openssl.org/news/secadv/20230207.txt
2023-02-09 17:40:51 +00:00
Hugo van Kemenade
c22a55c8b4
Bump Azure Pipelines to ubuntu-22.04 (#101089) 2023-01-21 14:31:31 +05:30
Steve Dower
5ff029f7a3
Skip py.exe launcher tests in full layout CI test (GH-100948)
These tests become flaky when py.exe exists on the test machine but isn't the one that was just built. They also don't provide any useful information for this scenario, so easiest to just skip them.
2023-01-11 17:25:46 +00:00
Victor Stinner
0895c2a066
gh-97669: Create Tools/patchcheck/ directory (#98186)
Move patchcheck.py, reindent.py and untabify.py scripts to a new
Tools/patchcheck/ directory.
2022-10-12 10:09:21 +02:00
Christian Heimes
873554ef84
gh-94682: Build and test with OpenSSL 1.1.1q (gh-94683) 2022-08-29 18:19:15 +02:00
Steve Dower
22a95cb511
Remove manual build scripts for Windows dependencies and put them in the release-tools repository instead (GH-96088) 2022-08-18 21:48:09 +01:00
Steve Dower
3fa023721b
Remove Windows release build script (GH-92908)
The scripts have been migrated to the release-tools repository
2022-05-18 14:26:36 +01:00
Pablo Galindo
9478b263a3
Add the 3.11 branch to the CI files 2022-05-08 04:01:20 +01:00
Steve Dower
35bcf9f3c1
Fix generation of MD5 table at end of Windows release build (GH-32345) 2022-04-06 11:55:47 +01:00
Steve Dower
366c54633e
Fix GPG signing in Windows release build (GH-32089) 2022-03-23 23:36:26 +00:00
Steve Dower
3751b6b030
bpo-47086: Remove .chm from Windows installer and add HTML docs (GH-32038) 2022-03-22 01:08:37 +00:00
Steve Dower
d56a237e16
Fix some Windows release build script issues (GH-31931)
* Fix the condition used when excluding ARM64 packages from publish
* Do not publish anything unless the traditional installer works
* Fix disabling of MSI build
* Add override conditions for publish steps
* Allow overriding the Nuget version number during build
2022-03-16 15:23:35 +00:00
Steve Dower
cb495a1e9f
In Windows release builds, do not attempt to copy Tcl/Tk for ARM64 when it is not being published (GH-31918) 2022-03-16 00:44:17 +00:00
Christian Heimes
af0a50de4b
bpo-47024: Update OpenSSL to 1.1.1n (GH-31895)
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
2022-03-15 21:03:04 +01:00
Hugo van Kemenade
23abae621f
CI: Fix patchcheck (GH-31708) 2022-03-14 15:28:57 +02:00
Steve Dower
da7d99a4de
bpo-46567: Add Tcl/Tk build for Windows ARM64 (GH-31574) 2022-02-28 12:06:43 +00:00
Steve Dower
45faf151c6
bpo-33125: Enables building traditional installer for Windows ARM64 (GH-30885)
Also makes a few general improvements to the build process and removes some dead code.
2022-01-28 16:48:06 +00:00
Steve Dower
70c16468de
Improve the Windows release build scripts (GH-30771)
Update to windows-2022 image
Promote queue variables to parameters for better UI
Structure build steps using parameters instead of conditions for simpler status display
2022-01-22 01:13:16 +00:00
Steve Dower
9e20ec4d43
Restore MSIX signing and ensure expired certificates are not selected (GH-30649)
Reverts the change in d6c6e6b and applies a better fix.
2022-01-17 20:22:52 +00:00
Steve Dower
d6c6e6ba73
Skip signing side-loadable MSIX for Windows (GH-30644)
We currently do not release these files, and so there's nothing lost by signing them.
Our code signing certificate is somehow incompatible with signing MSIX files. We may be able to re-enable this when we next renew, or if Microsoft updates their signing tool to work with our certificate.
2022-01-17 18:05:16 +00:00
Hugo van Kemenade
2cf7d02b99
bpo-46178: Remove/rename redundant Travis CI code (#30309) 2021-12-30 16:16:27 -08:00
Kumar Aditya
fc54e722a2
bpo-46106: Update OpenSSL to 1.1.1m (GH-30211)
Co-authored-by: Ned Deily <nad@python.org>
2021-12-21 21:20:16 -05:00
Steve Dower
cfc9154121
Add third-party Windows build definitions (GH-29476)
These definition files are for OpenSSL, libffi and Tcl/Tk, which we build and sign ourselves.
2021-11-08 22:16:53 +00:00
Steve Dower
d3bdbbf9a4
bpo-45007: Update to OpenSSL 1.1.1l in Windows build and CI (GH-28009) 2021-08-29 16:18:57 +02:00
Pablo Galindo
2fc857a572
Update CI files to account for the master -> main rename (GH-25860) 2021-05-03 23:36:55 +01:00
Victor Stinner
f7be26a8f2
bpo-43774: Doc job of Azure Pipelines uses Doc/requirements.txt (GH-25296)
Don't hardcode the Sphinx version but use Doc/requirements.txt.
2021-04-09 03:36:47 -07:00
Christian Heimes
a54fc683f2
bpo-43631: Update to OpenSSL 1.1.1k (GH-25024)
- [x] Build OpenSSL 1.1.1k for macOS
- [x] Build OpenSSL 1.1.1k for Windows

I have also updated multissl tester and various CI configurations to use latest OpenSSL. The versions were all over the place.

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: GH:tiran
2021-03-29 17:00:34 -07:00
Julien Palard
5c1f15b4b1
bpo-42843: Keep Sphinx 1.8 and Sphinx 2 compatibility (GH-24282) 2021-01-25 15:46:06 +01:00
Julien Palard
c8a10d2fab
bpo-36675: Doc: Reveal doctest directives (GH-23620) 2020-12-15 17:23:03 +01:00
Julien Palard
c9c6e9f89a
bpo-42238: Doc: Remove make suspicious from the CI and docs builds. (GH-23313)
It probably helped a lot a while back, but may not be as usefull
today.  We'll continue monitoring it before deletion, so true
positives can be migrated to rstlint.
2020-11-25 10:18:00 +01:00
Steve Dower
2156d964a1
bpo-42336: Improve PCbuild batch files (GH-23275) 2020-11-18 17:24:36 +00:00
Steve Dower
db6434c474
Enable signing of nuget.org packages and update to supported timestamp server (GH-23132) 2020-11-03 22:31:49 +00:00
Steve Dower
102b4988b1
Update Azure Pipelines build to use Ubuntu 18.04 and move triggers into YAML files (GH-21776) 2020-08-07 23:22:02 +01:00
Steve Dower
777b611c8c
bpo-41492: Fixes the description appearing in UAC prompts on Windows (GH-21754) 2020-08-06 17:36:22 +01:00
Srinivas Reddy Thatiparthy (శ్రీనివాస్ రెడ్డి తాటిపర్తి)
80d827c3cb
bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834) 2020-06-12 21:46:36 +01:00
Victor Stinner
224e1c34d6
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19288) 2020-04-02 02:53:33 +02:00
Steve Dower
31350f9af0
bpo-39837: Disable macOS tests on Azure Pipelines (GH-18818) 2020-03-07 00:11:47 +00:00
Steve Dower
03153dd145
bpo-39789: Update Windows release build machines to VS 2019 (GH-18695)
Also fixes some potential Nuget build issues.
2020-02-29 00:21:46 +00:00
Ammar Askar
766b7546a5
bpo-39704: Explicitly pass the path to codecov config (GH-18680) 2020-02-27 15:08:30 -08:00
Ammar Askar
6aa1f1ecf7
bpo-39699: Don't silence make on Azure and Github CIs (GH-18583) 2020-02-26 19:21:41 +00:00
Steve Dower
b138dd296a
Fix ordering issue in Windows release upload script (GH-18465)
Automerge-Triggered-By: @zooba
2020-02-11 09:32:52 -08:00
Steve Dower
abdeb57a21
Fix Windows release builds (GH-17550) 2019-12-09 21:10:22 -08:00
Steve Dower
44ea525ca5
Fix unquoted YAML in Windows release build (GH-17479) 2019-12-05 15:32:04 -08:00
Steve Dower
de148f263f
bpo-33125: Add support for building and releasing Windows ARM64 packages (GH-16828)
Note that the support is not actually enabled yet, and so we won't be publishing these packages. However, for those who want to build it themselves (even by reusing the Azure Pipelines definition), it's now relatively easy to enable.
2019-11-20 09:30:47 -08:00
Julien Palard
c987090c73
Bump Sphinx to 2.2.0. (GH-16532) 2019-10-22 18:13:41 +02:00
Christian Heimes
58ab13479d bpo-38117: Test with OpenSSL 1.1.1d (GH-15983)
Signed-off-by: Christian Heimes <christian@python.org>
2019-09-11 18:45:52 +02:00
Steve Dower
801f925998 bpo-38089: Move Azure Pipelines to latest VM versions and make macOS tests optional (GH-15851) 2019-09-10 16:53:03 +01:00
Greg Price
9ece4a5057 Unmark files as executable that can't actually be executed. (GH-15353)
There are plenty of legitimate scripts in the tree that begin with a
`#!`, but also a few that seem to be marked executable by mistake.

Found them with this command -- it gets executable files known to Git,
filters to the ones that don't start with a `#!`, and then unmarks
them as executable:

    $ git ls-files --stage \
      | perl -lane 'print $F[3] if (!/^100644/)' \
      | while read f; do
          head -c2 "$f" | grep -qxF '#!' \
          || chmod a-x "$f"; \
        done

Looking at the list by hand confirms that we didn't sweep up any
files that should have the executable bit after all.  In particular

 * The `.psd` files are images from Photoshop.

 * The `.bat` files sure look like things that can be run.
   But we have lots of other `.bat` files, and they don't have
   this bit set, so it must not be needed for them.



Automerge-Triggered-By: @benjaminp
2019-08-20 21:53:59 -07:00
Steve Dower
3e34a25a7a
bpo-37354: Sign Activate.ps1 for release (GH-15235) 2019-08-12 14:09:36 -07:00