ambv
diff --git a/‎.azure-pipelines/ci.yml
Lines changed: 2 additions & 2 deletions b/‎.azure-pipelines/ci.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.azure-pipelines/pr.yml
Lines changed: 2 additions & 2 deletions b/‎.azure-pipelines/pr.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/build.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎Mac/BuildScript/build-installer.py
Lines changed: 3 additions & 3 deletions b/‎Mac/BuildScript/build-installer.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎Misc/NEWS.d/next/Security/2023-06-01-03-24-58.gh-issue-103142.GLWDMX.rst
Lines changed: 2 additions & 0 deletions b/‎Misc/NEWS.d/next/Security/2023-06-01-03-24-58.gh-issue-103142.GLWDMX.rst
Lines changed: 2 additions & 0 deletions
diff --git a/‎Misc/NEWS.d/next/macOS/2023-05-30-23-30-46.gh-issue-103142.55lMXQ.rst
Lines changed: 1 addition & 0 deletions b/‎Misc/NEWS.d/next/macOS/2023-05-30-23-30-46.gh-issue-103142.55lMXQ.rst
Lines changed: 1 addition & 0 deletions
diff --git a/‎Modules/_ssl_data_111.h
Lines changed: 16 additions & 1 deletion b/‎Modules/_ssl_data_111.h
Lines changed: 16 additions & 1 deletion
@@ -57,7 +57,7 @@ jobs:
   variables:
     testRunTitle: '$(build.sourceBranchName)-linux'
     testRunPlatform: linux
-    openssl_version: 1.1.1t
+    openssl_version: 1.1.1u
 
   steps:
   - template: ./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
   variables:
     testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
     testRunPlatform: linux-coverage
-    openssl_version: 1.1.1t
+    openssl_version: 1.1.1u
 
   steps:
   - template: ./posix-steps.yml
 
@@ -57,7 +57,7 @@ jobs:
   variables:
     testRunTitle: '$(system.pullRequest.TargetBranch)-linux'
     testRunPlatform: linux
-    openssl_version: 1.1.1t
+    openssl_version: 1.1.1u
 
   steps:
   - template: ./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
   variables:
     testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
     testRunPlatform: linux-coverage
-    openssl_version: 1.1.1t
+    openssl_version: 1.1.1u
 
   steps:
   - template: ./posix-steps.yml
 
@@ -177,7 +177,7 @@ jobs:
     needs: check_source
     if: needs.check_source.outputs.run_tests == 'true'
     env:
-      OPENSSL_VER: 1.1.1t
+      OPENSSL_VER: 1.1.1u
       PYTHONSTRICTEXTENSIONBUILD: 1
     steps:
     - uses: actions/checkout@v3
@@ -219,7 +219,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        openssl_ver: [1.0.2u, 1.1.0l, 1.1.1t, 3.0.8, 3.1.0-beta1]
+        openssl_ver: [1.0.2u, 1.1.0l, 1.1.1u, 3.0.9, 3.1.1]
     env:
       OPENSSL_VER: ${{ matrix.openssl_ver }}
       MULTISSL_DIR: ${{ github.workspace }}/multissl
 
@@ -244,9 +244,9 @@ def library_recipes():
 
     result.extend([
           dict(
-              name="OpenSSL 1.1.1t",
-              url="https://www.openssl.org/source/openssl-1.1.1t.tar.gz",
-              checksum='1cfee919e0eac6be62c88c5ae8bcd91e',
+              name="OpenSSL 1.1.1u",
+              url="https://www.openssl.org/source/openssl-1.1.1u.tar.gz",
+              checksum='72f7ba7395f0f0652783ba1089aa0dcc',
               buildrecipe=build_universal_openssl,
               configure=None,
               install=None,
 
@@ -0,0 +1,2 @@
+The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u
+to address several CVEs.
@@ -0,0 +1 @@
+Update macOS installer to use OpenSSL 1.1.1u.
@@ -1,4 +1,4 @@
-/* File generated by Tools/ssl/make_ssl_data.py *//* Generated on 2021-04-09T09:36:21.493286 */
+/* File generated by Tools/ssl/make_ssl_data.py *//* Generated on 2023-06-01T02:58:04.081473 */
 static struct py_ssl_library_code library_codes[] = {
 #ifdef ERR_LIB_ASN1
     {"ASN1", ERR_LIB_ASN1},
@@ -1375,6 +1375,11 @@ static struct py_ssl_error_code error_codes[] = {
   #else
     {"UNSUPPORTED_COMPRESSION_ALGORITHM", 46, 151},
   #endif
+  #ifdef CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM
+    {"UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM", ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM},
+  #else
+    {"UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM", 46, 194},
+  #endif
   #ifdef CMS_R_UNSUPPORTED_CONTENT_TYPE
     {"UNSUPPORTED_CONTENT_TYPE", ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE},
   #else
@@ -4860,6 +4865,11 @@ static struct py_ssl_error_code error_codes[] = {
   #else
     {"MISSING_PARAMETERS", 20, 290},
   #endif
+  #ifdef SSL_R_MISSING_PSK_KEX_MODES_EXTENSION
+    {"MISSING_PSK_KEX_MODES_EXTENSION", ERR_LIB_SSL, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION},
+  #else
+    {"MISSING_PSK_KEX_MODES_EXTENSION", 20, 310},
+  #endif
   #ifdef SSL_R_MISSING_RSA_CERTIFICATE
     {"MISSING_RSA_CERTIFICATE", ERR_LIB_SSL, SSL_R_MISSING_RSA_CERTIFICATE},
   #else
@@ -5065,6 +5075,11 @@ static struct py_ssl_error_code error_codes[] = {
   #else
     {"NULL_SSL_METHOD_PASSED", 20, 196},
   #endif
+  #ifdef SSL_R_OCSP_CALLBACK_FAILURE
+    {"OCSP_CALLBACK_FAILURE", ERR_LIB_SSL, SSL_R_OCSP_CALLBACK_FAILURE},
+  #else
+    {"OCSP_CALLBACK_FAILURE", 20, 294},
+  #endif
   #ifdef SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED
     {"OLD_SESSION_CIPHER_NOT_RETURNED", ERR_LIB_SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED},
   #else
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u`
	`2`	`+to address several CVEs.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Update macOS installer to use OpenSSL 1.1.1u.`