The NetBSD Project

CVS log for pkgsrc/security/py-OpenSSL/distinfo

[BACK] Up to [] / pkgsrc / security / py-OpenSSL

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.32 / (download) - annotate - [select for diffs], Thu Oct 26 06:32:57 2023 UTC (5 weeks ago) by adam
Branch: MAIN
Changes since 1.31: +5 -5 lines
Diff to previous 1.31 (colored)

py-OpenSSL: updated to 23.3.0

23.3.0 (2023-10-25)

Backward-incompatible changes:

- Dropped support for Python 3.6.
- The minimum ``cryptography`` version is now 41.0.5.
- Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for 3 years.
- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.


- Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``).
- Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
- Deprecated ``OpenSSL.crypto.CRL``
- Deprecated ``OpenSSL.crypto.Revoked``
- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``
- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``
- Deprecated ``OpenSSL.crypto.X509Extension``


- Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
  ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition
  to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
- Fixed ``test_set_default_verify_paths`` test so that it is skipped if no
  network connection is available.

Revision 1.31 / (download) - annotate - [select for diffs], Wed May 31 12:58:48 2023 UTC (6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)

py-OpenSSL: updated to 23.2.0

23.2.0 (2023-05-30)

Backward-incompatible changes:
- Removed ``X509StoreFlags.NOTIFY_POLICY``.

- ``cryptography`` maximum version has been increased to 41.0.x.
- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``.
- Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.

Revision 1.30 / (download) - annotate - [select for diffs], Tue Apr 18 17:17:39 2023 UTC (7 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)

py-OpenSSL: updated to 23.1.1

23.1.1 (2023-03-28)

- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL.

23.1.0 (2023-03-24)

- ``cryptography`` maximum version has been increased to 40.0.x.
- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
  to support DTLS timeouts

Revision 1.29 / (download) - annotate - [select for diffs], Sun Jan 15 19:40:14 2023 UTC (10 months, 2 weeks ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1
Changes since 1.28: +4 -4 lines
Diff to previous 1.28 (colored)

Updated security/py-OpenSSL to 23.0.0

The previous py-OpenSSL-22.1.0 would abort at runtime against
py-cryptography-39.0.x which broke py-certbot and similar.

- Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow
  for users to perform certificate verification on partial certificate
  chains. #1166
- cryptography maximum version has been increased to 39.0.x.

Revision 1.28 / (download) - annotate - [select for diffs], Mon Sep 26 17:57:07 2022 UTC (14 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.27: +4 -4 lines
Diff to previous 1.27 (colored)

py-OpenSSL: updated to 22.1.0


Backward-incompatible changes:

Remove support for SSLv2 and SSLv3.
The minimum cryptography version is now 37.0.2.
The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes.


OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.


Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object„ŗ—‘ verification flags.
Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context)

Revision 1.27 / (download) - annotate - [select for diffs], Sun Sep 11 18:15:07 2022 UTC (14 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored)

py-OpenSSL: update to 22.0.0.

22.0.0 (2022-01-29)

Backward-incompatible changes:

- Drop support for Python 2.7.
  `#1047 <>`_
- The minimum ``cryptography`` version is now 35.0.



- Expose wrappers for some `DTLS
  primitives. `#1026 <>`_

Revision 1.26 / (download) - annotate - [select for diffs], Tue Nov 2 09:45:53 2021 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.25: +4 -4 lines
Diff to previous 1.25 (colored)

py-OpenSSL: updated to 21.0.0


Backward-incompatible changes:
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5

- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
  to set the minimum and maximum supported TLS version
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

Revision 1.25 / (download) - annotate - [select for diffs], Tue Oct 26 11:17:40 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2

Revision 1.24 / (download) - annotate - [select for diffs], Thu Oct 7 14:54:24 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.23: +1 -2 lines
Diff to previous 1.23 (colored)

security: Remove SHA1 hashes for distfiles

Revision 1.23 / (download) - annotate - [select for diffs], Sat Dec 19 11:52:26 2020 UTC (2 years, 11 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.22: +6 -6 lines
Diff to previous 1.22 (colored)

py-OpenSSL: Update to 20.0.1

20.0.1 (2020-12-15)
Backward-incompatible changes:

- Fixed compatibility with OpenSSL 1.1.0.

20.0.0 (2020-11-27)
Backward-incompatible changes:
- The minimum ``cryptography`` version is now 3.2.
- Remove deprecated ``OpenSSL.tsafe`` module.
- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2

- Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``.

- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
  where additional untrusted certificates can be specified to help chain building.
  `#948 <>`_
- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted
  certificate file bundles and/or directories for verification.
  `#943 <>`_
- Added ``Context.set_keylog_callback`` to log key material.
  `#910 <>`_
- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the
  verified certificate chain of the peer.
  `#894 <>`_.
- Make verification callback optional in ``Context.set_verify``.
  If omitted, OpenSSL's default verification is used.
  `#933 <>`_
- Fixed a bug that could truncate or cause a zero-length key error due to a
  null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``
  and ``OpenSSL.crypto.dump_privatekey``.
  `#947 <>`_

Revision 1.22 / (download) - annotate - [select for diffs], Mon Nov 18 10:51:31 2019 UTC (4 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.21: +5 -5 lines
Diff to previous 1.21 (colored)

py-OpenSSL: updated to 19.1.0

Backward-incompatible changes:
- Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases.
  Use the classes without the Type suffix instead.
- The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency.

- Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
  ALPN should be used instead.

- Support bytearray in SSL.Connection.send() by using cffi's from_buffer.
- The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value
  to allow a TLS handshake to complete without an application protocol.

Revision 1.21 / (download) - annotate - [select for diffs], Tue Jan 22 09:12:09 2019 UTC (4 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)

py-OpenSSL: updated to 19.0.0


Backward-incompatible changes:
- X509Store.add_cert no longer raises an error if you add a duplicate cert.

- pyOpenSSL now works with OpenSSL 1.1.1.
- pyOpenSSL now handles NUL bytes in X509Name.get_components()

Revision 1.20 / (download) - annotate - [select for diffs], Wed May 23 09:40:52 2018 UTC (5 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.19: +5 -5 lines
Diff to previous 1.19 (colored)

py-OpenSSL: updated to 18.0.0

Backward-incompatible changes:
- The minimum cryptography version is now 2.2.1.
- Support for Python 2.6 has been dropped.

- Added Connection.get_certificate to retrieve the local certificate.
- OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default.
- Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material.

Revision 1.19 / (download) - annotate - [select for diffs], Fri Dec 1 08:53:17 2017 UTC (6 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.18: +5 -5 lines
Diff to previous 1.18 (colored)

pyOpenSSL: updated to 17.5.0

Backward-incompatible changes:
* The minimum cryptography version is now 2.1.4.

* Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts.
* Added Connection.export_keying_material for RFC 5705 compatible export of keying material.

Revision 1.18 / (download) - annotate - [select for diffs], Thu Nov 23 10:12:33 2017 UTC (6 years ago) by adam
Branch: MAIN
Changes since 1.17: +5 -5 lines
Diff to previous 1.17 (colored)

py-OpenSSL: updated to 17.4.0

Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated.

Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 16 06:47:52 2017 UTC (6 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.16: +5 -5 lines
Diff to previous 1.16 (colored)

py-OpenSSL: update to 17.3.0

Backward-incompatible changes:
* Dropped support for Python 3.3.
* Removed the deprecated OpenSSL.rand module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. os.urandom() should be used instead.

* Deprecated OpenSSL.tsafe.

* Fixed a memory leak in OpenSSL.crypto.CRL.
* Fixed a memory leak when verifying certificates with OpenSSL.crypto.X509StoreContext.

Revision 1.16 / (download) - annotate - [select for diffs], Thu Jul 20 16:52:16 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.15: +5 -5 lines
Diff to previous 1.15 (colored)


- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.

- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.

Revision 1.15 / (download) - annotate - [select for diffs], Mon Jul 3 19:37:52 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.14: +5 -5 lines
Diff to previous 1.14 (colored)


Backward-incompatible changes:
- Removed the deprecated OpenSSL.rand.egd() function.
  Applications should prefer os.urandom() for random number generation.
- Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export().
  Callers must now always pass an explicit digest.
- Fixed a bug with ASN1_TIME casting in X509.set_notBefore(),
  X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(),
  and Revoked.set_lastUpdate(). You must now pass times in the form
  YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm
  will no longer work.

- Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType.
  The names without the "Type"-suffix should be used instead.

- Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects.
- Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug.
- Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels.

Revision 1.14 / (download) - annotate - [select for diffs], Tue May 9 16:49:07 2017 UTC (6 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.13: +6 -6 lines
Diff to previous 1.13 (colored)

Changes 17.0.0:
- Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains.
- Added a collection of functions for working with OCSP stapling.
  None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided.
  Users will need to write their own code to handle OCSP assertions.
  We specifically added: ``Context.set_ocsp_server_callback``, ``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``.
- Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary.
  This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation.
  For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements.
- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.

Revision 1.13 / (download) - annotate - [select for diffs], Sat Jan 28 12:09:14 2017 UTC (6 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.12: +6 -5 lines
Diff to previous 1.12 (colored)

Updated py-OpenSSL to 16.2.0.

Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See

16.2.0 (2016-10-15)


- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
  `#552 <>`_

16.1.0 (2016-08-26)


- Dropped support for OpenSSL 0.9.8.


- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
  `#496 <>`_
- Enable use of CRL (and more) in verify context.
  `#483 <>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such.
  `#439 <>`_
- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.

Revision 1.12 / (download) - annotate - [select for diffs], Wed Apr 20 16:05:57 2016 UTC (7 years, 7 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)

Update security/py-OpenSSL to 16.0.0.

16.0.0 (2016-03-19)
This is the first release under full stewardship of PyCA.
We have made *many* changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8,
1.0.1, and 1.0.2.  It has been moved to `py.test <>`_,
all CI test runs are part of `tox <>`_ and
the source code has been made fully `flake8
<>`_ compliant.

We hope to have lowered the barrier for contributions significantly
but are open to hear about any remaining frustrations.

Backward-incompatible changes:
- Python 3.2 support has been dropped.
  It never had significant real world usage and has been dropped
  by our main dependency ``cryptography``.  Affected users should
  upgrade to Python 3.3 or later.

- The support for EGD has been removed.
  The only affected function ``OpenSSL.rand.egd()`` now uses
  ``os.urandom()`` to seed the internal PRNG instead.  Please see
  <>`_ for more
  background information on this decision.  In accordance with our
  backward compatibility policy ``OpenSSL.rand.egd()`` will be
  *removed* no sooner than a year from the release of 16.0.0.
  Please note that you should `use urandom
  for all your secure random number needs.
- Python 2.6 support has been deprecated.
  Our main dependency ``cryptography`` deprecated 2.6 in version
  0.9 (2015-05-14) with no time table for actually dropping it.
  pyOpenSSL will drop Python 2.6 support once ``cryptography``

- Fixed ``OpenSSL.SSL.Context.set_session_id``,
  ``OpenSSL.SSL.Connection.renegotiate_pending``, and
  They were lacking an implementation since 0.14.  `#422
- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
  `#428 <>`_
- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()``
  was called before setting any app data.
  `#304 <>`_
- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey``
  objects that represent public keys, and ``OpenSSL.crypto.load_publickey()``
  to load such objects from serialized representations.
  `#382 <>`_
- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation
  list out to a string buffer.
  `#368 <>`_
- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the
  OpenSSL binding ``state_string_long``.
  `#358 <>`_
- Added support for the ``socket.MSG_PEEK`` flag to
  ``OpenSSL.SSL.Connection.recv()`` and
  `#294 <>`_
- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and
  `#244 <>`_
- Switched to ``utf8string`` mask by default.
  OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8
  characters present.  This was changed to default to ``UTF8String``
  in the config around 2005, but the actual code didn't change it
  until late last year.  This will default us to the setting that
  actually works.  To revert this you can call
  `#234 <>`_

Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 4 01:18:03 2015 UTC (8 years ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)

Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 23 10:10:26 2015 UTC (8 years, 3 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)

Update security/py-OpenSSL to py-OpenSSL-0.15.1.

pkgsrc changes:
 * Update HOMEPAGE

 * OpenSSL/, OpenSSL/test/ Fix a regression
   present in 0.15, where when an error occurs and no errno() is set,
   a KeyError is raised.  This happens, for example, if
   Connection.shutdown() is called when the underlying transport has
   gone away.

 * OpenSSL/, OpenSSL/ APIs which previously accepted
   filenames only as bytes now accept them as either bytes or
   unicode (and respect sys.getfilesystemencoding()).
 * OpenSSL/ Add Cory Benfield's next-protocol-negotiation
   (NPN) bindings.
 * OpenSSL/ Add ``Connection.recv_into``, mirroring the
   builtin ``socket.recv_into``.  Based on work from Cory Benfield.
 * OpenSSL/test/ Add tests for ``recv_into``.
 * OpenSSL/ Expose ``X509StoreContext`` for verifying certificates.
 * OpenSSL/test/ Add intermediate certificates for
 * OpenSSL/ ``Connection.shutdown`` now propagates errors from the
   underlying socket.
 * OpenSSL/ Fixed a regression ``Context.check_privatekey``
   causing it to always succeed - even if it should fail.
 * OpenSSL/ Fixed a regression where calling ``load_pkcs7_data``
   with ``FILETYPE_ASN1`` would fail with a ``NameError``.
 * OpenSSL/ Fix a regression in which the first argument of
   the "verify" callback was incorrectly passed a ``Context`` instance
   instead of the ``Connection`` instance.
 * OpenSSL/test/ Add a test for the value passed as the
   first argument of the "verify" callback.
 * OpenSSL/ Based on work from Alex Gaynor, Andrew
   Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
   Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
   to support TLS ECDHE modes.
 * OpenSSL/ Add ``Context.set_tmp_ecdh`` to configure a TLS
   context with a particular elliptic curve for ECDHE modes.
 * OpenSSL/ ``Connection.send`` and ``Connection.sendall``
   now also accept the ``buffer`` type as data.
 * OpenSSL/ Make ``load_pkcs12`` backwards compatible with
   pyOpenSSL 0.13 by making passphrase optional.
 * OpenSSL/ Add ``get_finished``, ``get_peer_finished``
   methods to ``Connection``. If you use these methods to
   implement TLS channel binding (RFC 5929) disable session
   resumption because triple handshake attacks against TLS.
 * OpenSSL/ Add ``get_cipher_name``, ``get_cipher_bits``,
   and ``get_cipher_version`` to ``Connection``.
 * OpenSSL/ Replace the use of ``apply`` (which has been
   removed in Python 3) with the equivalent syntax.
 * OpenSSL/ Fix memory leak in _X509_REVOKED_dup.
 * leakcheck/ Add checks for _X509_REVOKED_dup, CRL.add_revoked
   and CRL.get_revoked.
 * Require cryptography 0.3 to have the ASN1_TIME_free binding.
 * OpenSSL/ Add ``get_extensions`` method to ``X509Req``.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Feb 24 11:47:03 2014 UTC (9 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

Update to 0.14:

2014-01-09  Jean-Paul Calderone  <>

	* OpenSSL: Port to the cffi-based OpenSSL bindings provided by

2013-10-06  Jean-Paul Calderone  <>

	* OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or

2013-10-03  Christian Heimes  <>

	* OpenSSL/crypto/x509.c: Fix an inconsistency in memory management
	  in X509.get_serial_number which leads to crashes on some runtimes
	  (certain Windows/Python 3.3 environments, at least).

Revision 1.8 / (download) - annotate - [select for diffs], Mon Sep 9 17:49:08 2013 UTC (10 years, 2 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

update to 0.13.1
This fixes a hostname check bypassing vulnerability (truncation on
NULL-bytes, as seen in other implementations) (CVE-2013-4314)

Revision 1.7 / (download) - annotate - [select for diffs], Sat Feb 18 20:40:40 2012 UTC (11 years, 9 months ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)

Update security/py-OpenSSL to 0.13.

Upstream changes:

2011-09-02  Jean-Paul Calderone  <>

        * Release 0.13

2011-06-12  Jean-Paul Calderone  <>

        * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
          implemented by Rick Dean, to verify the internal consistency of a
          PKey instance.

2011-06-12  Jean-Paul Calderone  <>

        * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
          they handle data with embedded NULs.  Fix by David Brodsky

2011-05-20  Jean-Paul Calderone  <>

        * OpenSSL/ssl/connection.c, OpenSSL/test/ Add a new
          method to the Connection type, get_peer_cert_chain, for retrieving
          the peer's certificate chain.

2011-05-19  Jean-Paul Calderone  <>

        * OpenSSL/crypto/x509.c, OpenSSL/test/ Add a new
          method to the X509 type, get_signature_algorithm, for inspecting
          the signature algorithm field of the certificate.  Based on a
          patch from <lp:~okuda>.

2011-05-10  Jean-Paul Calderone  <>

        * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
          explicitly including a Windows header before any OpenSSL headers.

        * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
          explicitly flushing errors known to be uninteresting after calling

        * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
          OpenSSL library does not provide it.

        * OpenSSL/test/ Support an OpenSSL 1.0 change from
          MD5 to SHA1 by allowing either hash algorithm's result as the
          return value of X509.subject_name_hash.

        * OpenSSL/test/ Support an OpenSSL 1.0 change from MD5
          to SHA1 by constructing certificate files named using both hash
          algorithms' results when testing Context.load_verify_locations.

        * Support OpenSSL 1.0.0a.

2011-04-15  Jean-Paul Calderone  <>

        * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
          and related constants for retrieving version information about the
          underlying OpenSSL library.

Revision 1.6 / (download) - annotate - [select for diffs], Fri May 20 11:05:33 2011 UTC (12 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.5: +4 -4 lines
Diff to previous 1.5 (colored)

Changes 0.12:
* OpenSSL/crypto/x509.c: Add get_extension_count and get_extension
  to the X509 type, allowing read access to certificate extensions.
* OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the
  X509Extension type, allowing read access to the contents of an
* OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for
  values passed to the connection "info" callback.
* OpenSSL/ssl/ Add support for new-style
  buffers (primarily memoryviews) to Connection.send and

Revision 1.5 / (download) - annotate - [select for diffs], Mon Jul 19 16:46:48 2010 UTC (13 years, 4 months ago) by ver
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)

Upgrade py-OpenSSL to 0.10 from 0.7 for feature enhancements.

Revision 1.4 / (download) - annotate - [select for diffs], Thu Aug 21 10:29:32 2008 UTC (15 years, 3 months ago) by tonnerre
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, cube-native-xorg-base, cube-native-xorg
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)

Push new Python OpenSSL module. Changes since version 0.6:
 - Removed some unused variables.
 - Improved Python 2.3 compatibility.
 - Fixed various threading bugs.
 - Some improvements in the test suite.

Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 24 13:10:12 2005 UTC (18 years, 9 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base, pkgsrc-2008Q2, pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1, pkgsrc-2005Q4-base, pkgsrc-2005Q4, pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2, pkgsrc-2005Q1-base, pkgsrc-2005Q1, cwrapper
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)

Add RMD160 digests.

Revision 1.2 / (download) - annotate - [select for diffs], Mon Dec 27 23:35:54 2004 UTC (18 years, 11 months ago) by minskim
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)

Update py-OpenSSL to 0.6.  Patch provided by Rui Paulo.

	* doc/pyOpenSSL.tex: Updates to the docs.
	* src/crypto/x509.c: Add X509.add_extensions based on a patch
	  from Han S. Lee.
	* src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai
	* src/crypto/: Add support for Netscape SPKI extensions
	  based on a patch from Tollef Fog Heen.
	* src/crypto/crypto.c: Add support for python passphrase callbacks
	  based on a patch from Robert Olson.
	* src/ssl/context.c: Applied patch from Frederic Peters to add
	* src/crypto/x509.c: Applid patch from Tollef Fog Heen to add
	  X509.subject_name_hash and X509.digest.
	* src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian
	  Kleineidam to fix full names of exceptions.
	* doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names.
	* examples/ Fixed wrong attributes in doc string, thanks
	  Remy. (SFbug#913315)
	*,, Add __version__, as suggested by
	  Ronald Oussoren in SFbug#888729.
	* examples/ Fix typos, thanks Mihai Ibanescu. (SFpatch#895820)
	* Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12
	  and crypto.X509Name.
	* Add some missing methods.
	* Import tsafe too!
	* src/crypto/x509name.c: Use unicode strings instead of ordinary
	  strings in getattr/setattr. Note that plain ascii strings should
	  still work.

Revision / (download) - annotate - [select for diffs] (vendor branch), Thu Feb 19 01:18:52 2004 UTC (19 years, 9 months ago) by minskim
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-2004Q3-base, pkgsrc-2004Q3, pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Import py-OpenSSL from pkgsrc-wip.  Packaged by mjasm at users dot
sourceforge dot net, cleaned by cjep@, and modified by me.

pyOpenSSL is a Python module that is a rather think wrapper around (a
subset of) the OpenSSL library.  A lot of the object methods do
nothing more than call a corresponding function in the OpenSSL

Revision 1.1 / (download) - annotate - [select for diffs], Thu Feb 19 01:18:52 2004 UTC (19 years, 9 months ago) by minskim
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>