gh-123418: Update OpenSSL to 3.0.15 on Windows

[zware]

• Issue: OpenSSL vulnerability CVE-2024-2511 #123418

[sethmlarson]

@zware These tags don't exist yet in the source-deps and bin-deps repositories, shall I create pull requests updating those places?

[zware]

@zware These tags don't exist yet in the source-deps and bin-deps repositories, shall I create pull requests updating those places?

Right; I probably should have marked this as a draft :). Those updates will need to happen first; @zooba has historically been the only one able to update the binary builds, but if you have that capability now please go ahead!

[zooba]

Theoretically any of the release managers can do the builds now, but I'm on, so I'll do it.

[zooba]

The tag is updated so I restarted the CI checks.

[sethmlarson]

@zware Since the dependency was updated the SBOM also needs to be regenerated, either run make regen-sbom locally or apply this diff to Misc/externals.spdx.json:

diff --git a/Misc/externals.spdx.json b/Misc/externals.spdx.json
index 758d4191005..f7aea9e8f99 100644
--- a/Misc/externals.spdx.json
+++ b/Misc/externals.spdx.json
@@ -70,21 +70,21 @@
       "checksums": [
         {
           "algorithm": "SHA256",
-          "checksumValue": "e6a77c273ebb284fedd8ea19b081fce74a9455936ffd47215f7c24713e2614b2"
+          "checksumValue": "1550c87996a0858474a9dd179deab2c55eb73726b9a140b32865b02fd3d8a86b"
         }
       ],
-      "downloadLocation": "https://github.com/python/cpython-source-deps/archive/refs/tags/openssl-3.0.13.tar.gz",
+      "downloadLocation": "https://github.com/python/cpython-source-deps/archive/refs/tags/openssl-3.0.15.tar.gz",
       "externalRefs": [
         {
           "referenceCategory": "SECURITY",
-          "referenceLocator": "cpe:2.3:a:openssl:openssl:3.0.13:*:*:*:*:*:*:*",
+          "referenceLocator": "cpe:2.3:a:openssl:openssl:3.0.15:*:*:*:*:*:*:*",
           "referenceType": "cpe23Type"
         }
       ],
       "licenseConcluded": "NOASSERTION",
       "name": "openssl",
       "primaryPackagePurpose": "SOURCE",
-      "versionInfo": "3.0.13"
+      "versionInfo": "3.0.15"
     },
     {
       "SPDXID": "SPDXRef-PACKAGE-sqlite",

[miss-islington-app]

Thanks @zware for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11, 3.12, 3.13.
🐍🍒⛏🤖

[miss-islington-app]

Sorry, @zware, I could not cleanly backport this to 3.12 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker d2eafe2f48aac31aa8a152620bdfd0f2a274ee1d 3.12

[bedevere-app]

GH-123686 is a backport of this pull request to the 3.13 branch.

[miss-islington-app]

Sorry, @zware, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker d2eafe2f48aac31aa8a152620bdfd0f2a274ee1d 3.11

[bedevere-app]

GH-123691 is a backport of this pull request to the 3.12 branch.

[bedevere-app]

GH-123692 is a backport of this pull request to the 3.11 branch.