[eGenix.com] ANN: eGenix pyOpenSSL Distribution 0.13.9

egenix-announcements at egenix.com egenix-announcements at egenix.com
Fri Jun 12 11:25:42 CEST 2015


________________________________________________________________________
ANNOUNCING

                   eGenix.com pyOpenSSL Distribution

                            Version 0.13.9

            An easy-to-install and easy-to-use distribution
            of the pyOpenSSL Python interface for OpenSSL -
           available for Windows, Mac OS X and Unix platforms


This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.9.html

________________________________________________________________________
INTRODUCTION

The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.

It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:

    http://www.egenix.com/products/python/pyOpenSSL/

pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:

    https://launchpad.net/pyopenssl/

OpenSSL is an open-source implementation of the SSL/TLS protocol:

    http://www.openssl.org/

________________________________________________________________________
NEWS

This new release of the eGenix.com pyOpenSSL Distribution includes the
following updates:

New in eGenix pyOpenSSL
-----------------------

 * Fixed a bug in the build process which resulted in the CA bundle
   files not get installed in the OpenSSL/ package dir.

 * Added a work-around for recent pip versions not showing the
   installer output, causing an apparently hanging installation
   process. The installer will now use a timeout when entering the
   crypto confirmation and report how to fix the problem (by using an
   environment variable EGENIX_CRYPTO_CONFIRM for confirmation).

 * Updated the Mozilla CA root bundle to version 2015-04-22.

 * Various minor fixes to the web installer to make installations on
   Linux and FreeBSD more robust, having pip uninstall not remove the
   .pyc/.pyo files, intermittent error causing a source installation
   in some rare cases.

New in OpenSSL
--------------

 * Updated included OpenSSL libraries from OpenSSL 1.0.1m to
   1.0.1n. See https://www.openssl.org/news/secadv_20150611.txt ​for a
   complete list of changes. The following fixes are relevant for
   pyOpenSSL applications:

   - CVE-2015-1788: Possible infinite loop during client
     authentication, which can be used for Denial of Service (DoS)
     attacks.

   - CVE-2015-1789: X509_cmp_time does not properly check the length
     of the ASN1_TIME string and can read a few bytes out of bounds,
     which can lead to a segmentation fault.

   - CVE-2015-1790: The PKCS#7 parsing code does not handle missing
     inner EncryptedContent correctly, which can lead to a NULL
     pointer dereference on parsing.

   - CVE-2015-1792: When verifying a signedData message the CMS code
     can enter an infinite loop if presented with an unknown hash
     function OID.

   - CVE-2015-1791: If a NewSessionTicket is received by a
     multi-threaded client when attempting to reuse a previous ticket
     then a race condition can occur potentially leading to a double
     free of the ticket data.

Please see the product changelog for the full set of changes.

    http://www.egenix.com/products/python/pyOpenSSL/changelog.html


pyOpenSSL / OpenSSL Binaries Included
-------------------------------------

In addition to providing sources, we make binaries available that
include both pyOpenSSL and the necessary OpenSSL libraries for all
supported platforms: Windows, Linux, Mac OS X and FreeBSD, for x86 and
x64.

To simplify installation, we have uploaded a web installer to PyPI
which will automatically choose the right binary for your platform, so
a simple

    pip install egenix-pyopenssl

will get you the package with OpenSSL libraries installed. Please see
our installation instructions for details:

    http://www.egenix.com/products/python/pyOpenSSL/#Installation

We have also added .egg-file distribution versions of our eGenix.com
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.

________________________________________________________________________
DOWNLOADS

The download archives and instructions for installing the package can
be found at:

    http://www.egenix.com/products/python/pyOpenSSL/

________________________________________________________________________
UPGRADING

Before installing this version of pyOpenSSL, please make sure that
you uninstall any previously installed pyOpenSSL version. Otherwise,
you could end up not using the included OpenSSL libs.

_______________________________________________________________________
SUPPORT

Commercial support for these packages is available from eGenix.com.
Please see

    http://www.egenix.com/services/support/

for details about our support offerings.

________________________________________________________________________
MORE INFORMATION

For more information about the eGenix pyOpenSSL Distribution, licensing
and download instructions, please visit our web-site or write to
sales at egenix.com.

About eGenix (http://www.egenix.com/):

    eGenix is a software project, consulting and product company
    focusing on expert project services and professional quality
    products for companies, Python users and developers.

Enjoy,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jun 12 2015)
>>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>>> mxODBC Plone/Zope Database Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2015-07-20: EuroPython 2015, Bilbao, Spain ...             38 days to go

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/



More information about the egenix-announcements mailing list