[eGenix.com] ANN: eGenix pyOpenSSL Distribution 0.13.8

egenix-announcements at egenix.com egenix-announcements at egenix.com
Tue Mar 24 09:36:08 CET 2015 

________________________________________________________________________
ANNOUNCING

                   eGenix.com pyOpenSSL Distribution

                            Version 0.13.8

            An easy-to-install and easy-to-use distribution
            of the pyOpenSSL Python interface for OpenSSL -
           available for Windows, Mac OS X and Unix platforms


This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.8.html

________________________________________________________________________
INTRODUCTION

The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.

It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:

    http://www.egenix.com/products/python/pyOpenSSL/

pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:

    https://launchpad.net/pyopenssl/

OpenSSL is an open-source implementation of the SSL/TLS protocol:

    http://www.openssl.org/

________________________________________________________________________
NEWS

This new release of the eGenix.com pyOpenSSL Distribution includes the
following updates:


New in eGenix pyOpenSSL
-----------------------

 * Added FreeBSD as supported platform.

 * Updated the Mozilla CA root bundle to version 2015-02-19.


New in OpenSSL
--------------

 * Updated included OpenSSL libraries from OpenSSL 1.0.1k to
   1.0.1m.

   We had skipped OpenSSL 1.0.1l, since the 1.0.1l release
   only included a patch for Windows we had already included in our
   0.13.7 release. See https://www.openssl.org/news/secadv_20150319.txt
   for a complete list of changes. The following fixes are relevant for
   pyOpenSSL applications:

   - CVE-2015-0286: Segmentation fault in ASN1_TYPE_cmp.

   - CVE-2015-0287: ASN.1 structure reuse memory corruption.

   - CVE-2015-0289: PKCS#7 NULL pointer dereference.

   - CVE-2015-0292: A vulnerability existed in previous versions of
     OpenSSL related to the processing of base64 encoded data. Any
     code path that reads base64 data from an untrusted source could
     be affected (such as the PEM processing routines). Already fixed
     in OpenSSL 1.0.1h, but wasn't listed, so repeated here for
     completeness.

   - CVE-2015-0293: Denial-of-Service (DoS) via reachable assert in
     SSLv2 servers.

   - CVE-2015-0209: Use After Free following d2i_ECPrivatekey error. A
     malformed EC private key file consumed via the d2i_ECPrivateKey
     function could cause a use after free condition.

 * The FREAK Attack (CVE-2015-0204) patch was already available in our
   last release with OpenSSL 1.0.1k.

Please see the product changelog for the full set of changes:

    http://www.egenix.com/products/python/pyOpenSSL/changelog.html


pyOpenSSL / OpenSSL Binaries Included
-------------------------------------

In addition to providing sources, we make binaries available that
include both pyOpenSSL and the necessary OpenSSL libraries for all
supported platforms: Windows, Linux, Mac OS X and now FreeBSD, for x86
and x64.

To simplify installation, we have uploaded a web installer to PyPI
which will automatically choose the right binary for your platform, so
a simple

    pip install egenix-pyopenssl

will get you the package with OpenSSL libraries installed. Please see
our installation instructions for details:

    http://www.egenix.com/products/python/pyOpenSSL/#Installation

We have also added .egg-file distribution versions of our eGenix.com
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.

________________________________________________________________________
DOWNLOADS

The download archives and instructions for installing the package can
be found at:

    http://www.egenix.com/products/python/pyOpenSSL/

________________________________________________________________________
UPGRADING

Before installing this version of pyOpenSSL, please make sure that
you uninstall any previously installed pyOpenSSL version. Otherwise,
you could end up not using the included OpenSSL libs.

_______________________________________________________________________
SUPPORT

Commercial support for these packages is available from eGenix.com.
Please see

    http://www.egenix.com/services/support/

for details about our support offerings.

________________________________________________________________________
MORE INFORMATION

For more information about the eGenix pyOpenSSL Distribution, licensing
and download instructions, please visit our web-site or write to
sales at egenix.com.

Enjoy,
-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Mar 24 2015)
>>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>>> mxODBC Plone/Zope Database Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2015-03-12: Released mxODBC 3.3.2 ...             http://egenix.com/go71

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the egenix-announcements mailing list