Navigation:
Browse pkgsrc
(this page)
security py-OpenS..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2026-03-21 13:03:19 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: py-OpenSSL: update to 26.0.0. Security fix release. 26.0.0 (2026-03-15) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Dropped support for Python 3.7. - The minimum ``cryptography`` version is now 46.0.0. Deprecations: ^^^^^^^^^^^^^ Changes: ^^^^^^^^ - Added support for using aws-lc instead of OpenSSL. - Properly raise an error if a DTLS cookie callback returned a cookie longer \ than ``DTLS1_COOKIE_LENGTH`` bytes. Previously this would result in a \ buffer-overflow. Credit to **dark_haxor** for reporting the issue. \ **CVE-2026-27459** - Added ``OpenSSL.SSL.Connection.get_group_name`` to determine which group name \ was negotiated. - ``Context.set_tlsext_servername_callback`` now handles exceptions raised in \ the callback by calling ``sys.excepthook`` and returning a fatal TLS alert. \ Previously, exceptions were silently swallowed and the handshake would proceed \ as if the callback had succeeded. Credit to **Leury Castillo** for reporting \ this issue. **CVE-2026-27448** |
| 2025-09-21 17:14:01 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-OpenSSL: update to 25.3.0. 25.3.0 (2025-09-16) ------------------- Changes: ^^^^^^^^ - Maximum supported ``cryptography`` version is now 46.x. 25.2.0 (2025-09-14) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - The minimum ``cryptography`` version is now 45.0.7. Changes: ^^^^^^^^ - pyOpenSSL now sets ``SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`` on connections by \ default, matching CPython's behavior. - Added ``OpenSSL.SSL.Context.clear_mode``. - Added ``OpenSSL.SSL.Context.set_tls13_ciphersuites`` to set the allowed TLS \ 1.3 ciphers. - Added ``OpenSSL.SSL.Connection.set_info_callback`` |
| 2025-05-18 11:58:37 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-OpenSSL: update to 25.1.0. 25.1.0 (2025-05-17) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Deprecations: ^^^^^^^^^^^^^ - Attempting using any methods that mutate an ``OpenSSL.SSL.Context`` after it has been used to create an ``OpenSSL.SSL.Connection`` will emit a warning. In a future release, this will raise an exception. Changes: ^^^^^^^^ * ``cryptography`` maximum version has been increased to 45.0.x. |
| 2025-04-13 13:04:06 by Thomas Klausner | Files touched by this commit (2) |
Log message: py-OpenSSL: fix for setuptools>=78 |
| 2025-03-03 07:46:11 by Thomas Klausner | Files touched by this commit (1) |
Log message: py-OpenSSL: fix wheel name for latest setuptools and depend on it Bump PKGREVISION. |
| 2025-01-13 09:41:20 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-OpenSSL: updated to 25.0.0 25.0.0 (2025-01-12) Changes: - Corrected type annotations on ``Context.set_alpn_select_callback``, \ ``Context.set_session_cache_mode``, ``Context.set_options``, \ ``Context.set_mode``, ``X509.subject_name_hash``, and \ ``X509Store.load_locations``. - Deprecated APIs are now marked using ``warnings.deprecated``. ``mypy`` will \ emit deprecation notices for them when used with ``--enable-error-code \ deprecated``. |
| 2024-11-28 14:23:11 by Adam Ciarcinski | Files touched by this commit (1) |
Log message: py-OpenSSL: remove unused patch |
| 2024-11-28 14:21:55 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-OpenSSL: updated to 24.3.0 24.3.0 (2024-11-27) Backward-incompatible changes: - Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, \ ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. \ ``cryptography.x509``'s CRL functionality should be used instead. - Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. \ ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used \ instead. Deprecations: - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. - Deprecated ``add_extensions`` and ``get_extensions`` on \ ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been \ deprecated at the same time ``X509Extension`` was. Users should use \ pyca/cryptography's X.509 APIs instead. - Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and \ ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to \ ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from \ ``cryptography``. - Deprecated passing ``X509`` objects to \ ``OpenSSL.SSL.Context.use_certificate``, \ ``OpenSSL.SSL.Connection.use_certificate``, \ ``OpenSSL.SSL.Context.add_extra_chain_cert``, and \ ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass \ ``cryptography.x509.Certificate`` instances. This is in preparation for \ deprecating pyOpenSSL's ``X509`` entirely. - Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` \ and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass \ ``cryptography`` priate key instances. This is in preparation for deprecating \ pyOpenSSL's ``PKey`` entirely. Changes: * ``cryptography`` maximum version has been increased to 44.0.x. * ``OpenSSL.SSL.Connection.get_certificate``, \ ``OpenSSL.SSL.Connection.get_peer_certificate``, \ ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and \ ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` \ keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` \ are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing \ ``False`` (the default) will be deprecated. |
New packages: