From 9696dc057ba2faa038d3f48a9137b3b9c1d0482d Mon Sep 17 00:00:00 2001 From: Russell Keith-Magee Date: Sat, 2 May 2026 16:23:00 +0800 Subject: [PATCH 1/2] Bump OpenSSL versions for iOS an Android. --- Android/android.py | 10 ++++++++-- Apple/__main__.py | 2 +- .../2026-05-02-16-22-20.gh-issue-149254.9ozXB9.rst | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2026-05-02-16-22-20.gh-issue-149254.9ozXB9.rst diff --git a/Android/android.py b/Android/android.py index c421576d99a968..d5241f61214e27 100755 --- a/Android/android.py +++ b/Android/android.py @@ -213,8 +213,14 @@ def make_build_python(context): def unpack_deps(host, prefix_dir, cache_dir): os.chdir(prefix_dir) deps_url = "https://github.com/beeware/cpython-android-source-deps/releases/download" - for name_ver in ["bzip2-1.0.8-3", "libffi-3.4.4-3", "openssl-3.0.19-1", - "sqlite-3.50.4-0", "xz-5.4.6-1", "zstd-1.5.7-2"]: + for name_ver in [ + "bzip2-1.0.8-3", + "libffi-3.4.4-3", + "openssl-3.0.20-1", + "sqlite-3.50.4-0", + "xz-5.4.6-1", + "zstd-1.5.7-2" + ]: filename = f"{name_ver}-{host}.tar.gz" out_path = download(f"{deps_url}/{name_ver}/{filename}", cache_dir) shutil.unpack_archive(out_path) diff --git a/Apple/__main__.py b/Apple/__main__.py index af20fce67daee1..555cf2b26b67ee 100644 --- a/Apple/__main__.py +++ b/Apple/__main__.py @@ -319,7 +319,7 @@ def unpack_deps( for name_ver in [ "BZip2-1.0.8-2", "libFFI-3.4.7-2", - "OpenSSL-3.0.19-1", + "OpenSSL-3.0.20-1", "XZ-5.6.4-2", "mpdecimal-4.0.0-2", "zstd-1.5.7-1", diff --git a/Misc/NEWS.d/next/Security/2026-05-02-16-22-20.gh-issue-149254.9ozXB9.rst b/Misc/NEWS.d/next/Security/2026-05-02-16-22-20.gh-issue-149254.9ozXB9.rst new file mode 100644 index 00000000000000..f89f84790ca0f7 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2026-05-02-16-22-20.gh-issue-149254.9ozXB9.rst @@ -0,0 +1 @@ +Update Android and iOS installer to use OpenSSL 3.0.20. From 6b705881c4cff075be2e7bd2a44529c3b7de576f Mon Sep 17 00:00:00 2001 From: Russell Keith-Magee Date: Sat, 2 May 2026 16:31:13 +0800 Subject: [PATCH 2/2] Correct the build number in the OpenSSL package. --- Android/android.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Android/android.py b/Android/android.py index d5241f61214e27..ec4d28bbaad84d 100755 --- a/Android/android.py +++ b/Android/android.py @@ -216,7 +216,7 @@ def unpack_deps(host, prefix_dir, cache_dir): for name_ver in [ "bzip2-1.0.8-3", "libffi-3.4.4-3", - "openssl-3.0.20-1", + "openssl-3.0.20-0", "sqlite-3.50.4-0", "xz-5.4.6-1", "zstd-1.5.7-2"