OpenSSL 2023.02 security updates.

[dumol]

Scope

Patch latest OpenSSL known vulnerabilities, as published at https://www.openssl.org/news/vulnerabilities.html#y2023.

Changes

Updated OpenSSL 1.1.1s sources to version 1.1.1t.

Can't patch OpenSSL 1.0.2 sources yet, nothing at https://git.centos.org/rpms/openssl/commits/c7 for now…

Drive-by fixes:

• Fixed CVE-2020-10735 and CVE-2015-20107 for Python from ActiveState's fork (only the latter is fixed on Windows, being Python-only code). More at Address CVE-2020-10735 for long objects ActiveState/cpython#18 and Address CVE-2015-20107 for mailcap ActiveState/cpython#19.
• Updated SQLite sources and DLLs to version 3.40.1.

How to try and test the changes

reviewers: @adiroiban

No code changes to review, only version numbers are changed in our scripts. And a bit of documentation:

git diff cleanup-ssl-subdir chevah_build python-modules/ src/*/README*

Automatic tests should all pass.

[dumol]

As discussed today on #chevah, let's do a release without the OpenSSL 1.0.2 patches.

@adiroiban, beware this is on top of #173 (also a minor PR, not much to review).

Thanks!

[dumol]

All fine on AIX as well. Build, own tests and compat tests. Resulting binary uploaded at https://bin.chevah.com:20443/testing/2.7.18.3ff2ddf/python-2.7.18.3ff2ddf-aix71-ppc.tar.gz.

(Note that on AIX we don't have yet a patch for OpenSSL 1.0.2. But there are some other fixes there too.)

[adiroiban]

Thanks. Let's merge this and have it included into chevah/server

[dumol]

For the record, all required server tests have passed for current python-package testing version at https://github.com/chevah/server/pull/6063/commits/336348d2cc8cc9ea6649712c5aa3cad7f20c8948.

Merging…