From info at egenix.com Fri Jan 9 13:32:08 2015 From: info at egenix.com (eGenix Team: M.-A. Lemburg) Date: Fri Jan 9 13:32:25 2015 Subject: [egenix-users] ANN: eGenix pyOpenSSL Distribution 0.13.7 Message-ID: <54AFCA48.50204@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.13.7 An easy-to-install and easy-to-use distribution of the pyOpenSSL Python interface for OpenSSL - available for Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.7.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy-to-use installer that includes the most recent OpenSSL library versions in pre-compiled form, making your application independent of OS provided OpenSSL libraries: http://www.egenix.com/products/python/pyOpenSSL/ pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS- aware network applications as well as certificate management tools: https://launchpad.net/pyopenssl/ OpenSSL is an open-source implementation of the SSL/TLS protocol: http://www.openssl.org/ ________________________________________________________________________ NEWS This new release of the eGenix.com pyOpenSSL Distribution updates the included OpenSSL version to the latest OpenSSL 1.0.1h version and adds a few more context options: New in OpenSSL -------------- * Updated included OpenSSL libraries from OpenSSL 1.0.1j to 1.0.1k. See https://www.openssl.org/news/secadv_20150108.txt for a complete list of changes. The following fixes are relevant for pyOpenSSL applications: - CVE-2014-8275: OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. - CVE-2014-3572: An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite. - CVE-2015-0204: An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session. - CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. - CVE-2015-0205: An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. Please see the product changelog for the full set of changes: http://www.egenix.com/products/python/pyOpenSSL/changelog.html pyOpenSSL / OpenSSL Binaries Included ------------------------------------- In addition to providing sources, we make binaries available that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64. We've also added egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. ________________________________________________________________________ MORE INFORMATION For more information about the eGenix pyOpenSSL Distribution, licensing and download instructions, please visit our web-site or write to sales@egenix.com. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 09 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From mal at egenix.com Fri Jan 16 19:16:59 2015 From: mal at egenix.com (M.-A. Lemburg) Date: Fri Jan 16 19:17:04 2015 Subject: [egenix-users] Fwd: [openssl-announce] OpenSSL version 1.0.1l released In-Reply-To: <20150115155352.GA31300@openssl.org> References: <20150115155352.GA31300@openssl.org> Message-ID: <54B9559B.30005@egenix.com> Just FYI: We won't be releasing a version of egenix-pyopenssl for this version of OpenSSL, because it doesn't fix anything we had not already fixed (on the Windows builds) :-) Best Regards, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 16 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2015-01-09: Released eGenix pyOpenSSL 0.13.7 ... http://egenix.com/go68 2015-01-20: Python Meeting Duesseldorf ... http://egenix.com/go69 ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ -------- Forwarded Message -------- Subject: [openssl-announce] OpenSSL version 1.0.1l released Date: Thu, 15 Jan 2015 16:53:52 +0100 From: OpenSSL Reply-To: openssl-users@openssl.org, openssl@openssl.org Organization: OpenSSL Project To: OpenSSL Developer ML , OpenSSL User Support ML , OpenSSL Announce ML OpenSSL version 1.0.1l released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1l of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1l.tar.gz Size: 4429979 MD5 checksum: cdb22925fc9bc97ccbf1e007661f2aa6 SHA1 checksum: 4547a0b4269acf76b1f9e7d188896867d6fc8c18 The checksums were calculated using the following commands: openssl md5 openssl-1.0.1l.tar.gz openssl sha1 openssl-1.0.1l.tar.gz Yours, The OpenSSL Project Team. _______________________________________________ openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce From info at egenix.com Mon Jan 19 11:37:37 2015 From: info at egenix.com (eGenix Team: M.-A. Lemburg) Date: Mon Jan 19 11:37:46 2015 Subject: [egenix-users] ANN: eGenix Talks & Videos: Advanced Database Programming Message-ID: <54BCDE71.1010704@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix Talks & Videos "Advanced Database Programming" This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/EuroPython-2014-Advanced-Database-Programming.html ________________________________________________________________________ eGenix Talk "Advanced Database Programming" At last year's EuroPython 2014 conference in Berlin, Marc-Andr? Lemburg, CEO of eGenix, gave the following talk on database programming in Python. We have now turned the talk into video presentation for easy viewing and also released the presentation slides: EuroPython 2014 - Advanced Database Programming ----------------------------------------------- Advanced concepts in Python database programming. The Python DB-API 2.0 provides a direct interface to many popular database backends. It makes interaction with relational database very straight forward and allows tapping into the full set of features these databases provide. This talk covers advanced database topics which are relevant in production environments such as locks, distributed transactions and transaction isolation. We also give advice on how to deal with common problems you face when working with complex database systems. http://www.egenix.com/library/presentations/EuroPython-2014-Advanced-Database-Programming/ Related Python Coaching and Consulting -------------------------------------- If you are interested in learning more about these advanced techniques, eGenix now offers Python project coaching and consulting services to give your project teams advice on how to implement complex database architectures in Python. Please contact our eGenix Sales Team (sales@egenix.com) for information. http://www.egenix.com/services/coaching/ More interesting eGenix presentations are available in the presentations and talks section of the library on our website: http://www.egenix.com/library/presentations/ Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 19 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2015-01-09: Released eGenix pyOpenSSL 0.13.7 ... http://egenix.com/go68 2015-01-20: Python Meeting Duesseldorf ... http://egenix.com/go69 ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From info at egenix.com Thu Jan 29 10:13:59 2015 From: info at egenix.com (eGenix Team: M.-A. Lemburg) Date: Thu Jan 29 10:14:24 2015 Subject: [egenix-users] =?utf-8?q?ANN=3A_Python_Meeting_D=C3=BCsseldorf_-_New_Videos_online?= Message-ID: <54C9F9D7.3080700@egenix.com> [This announcement is in German since it targets a local user group meeting in D?sseldorf, Germany] ________________________________________________________________________ WAS IST DAS PYTHON MEETING D?SSELDORF ? Das Python Meeting D?sseldorf ist eine Veranstaltung, die alle drei Monate in D?sseldorf stattfindet und sich an Python Begeisterte aus der Region wendet: http://pyddf.de/ Bei jedem Treffen werden Vortr?ge gehalten und anschlie?end in Diskussionen vertieft. Die Meetings dauern ?blicherweise ca. 2 Stunden und m?nden anschlie?end in eine Restaurant-Session. Teilnehmer kommen aus ganz Nordrhein-Westfalen, haupts?chlich allerdings aus der n?heren Umgebung. Diese Nachricht ist auch online verf?gbar: http://www.egenix.com/company/news/Python-Meeting-Duesseldorf-Videos ________________________________________________________________________ NEUE VIDEOS Um die Vortr?ge auch f?r andere Python Enthusiasten zug?nglich zu machen, nehmen wir die Vortr?ge auf, produzieren daraus Videos und laden diese auf unseren PyDDF YouTube Channel hoch: https://youtube.com/pyddf/ In den letzten Tagen haben wir die Videos der letzten Treffen aufgearbeitet. Insgesamt sind 34 neue Videos dazugekommen. Viel Spa? damit: Python Meeting D?sseldorf 2015-01-20 https://www.youtube.com/watch?v=z_o6L5RkaiU&list=PLu2a6axgqUTzh81DNhnV2rTL6oCaKlZQr Python Meeting D?sseldorf 2014-09-30 https://www.youtube.com/watch?v=AHUKRoJwPCE&list=PLu2a6axgqUTylZtifjbOhvP0z1zIh7n_1 Python Meeting D?sseldorf Sprint 2014 (2014-09-27/28) https://www.youtube.com/watch?v=y3BH9OBAn88&list=PLu2a6axgqUTwD7U3nFLhNiArHVLb17Y1Q Python Meeting D?sseldorf 2014-07-02 https://www.youtube.com/watch?v=1uJgXl4p9_I&list=PLu2a6axgqUTyDzIjWvz3NYQsqj8jT-G4J Python Meeting D?sseldorf 2014-04-29 https://www.youtube.com/watch?v=P3oD9EswbN8&list=PLu2a6axgqUTzRO1bUn62cUAwMkIxw8UrM Python Meeting D?sseldorf 2014-01-21 https://www.youtube.com/watch?v=Sd_fw8Ae49M&list=PLu2a6axgqUTz3PZfZowvKsZT3rTY2x7WO Python Meeting D?sseldorf 2013-11-19 https://www.youtube.com/watch?v=6pryEma7Ams&list=PLu2a6axgqUTyykq74j4ARFDfCMp7d3YsP Die vollst?ndige Liste aller mehr als 70 Python Meeting Videos ist ?ber unsere Video Liste verf?gbar: http://www.egenix.com/library/pyddf/videos.html ________________________________________________________________________ WEITERE INFORMATIONEN Weitere Informationen und Termine rund um das Python Meeting D?sseldorf stehen auf unserer Webseite: http://pyddf.de/ Mit freundlichen Gr??en, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 29 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/