eGenix pyOpenSSL Distribution 0.13.8 GA

eGenix pyOpenSSL Distribution 0.13.8 GA

eGenix is pleased to announce the eGenix pyOpenSSL Distribution 0.13.8 for Python 2.4 - 2.7, with source and binaries for Windows, Linux, Mac OS X and now FreeBSD.

Introduction

The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy to use installer that includes the most recent OpenSSL library versions in pre-compiled
form, making your application independent of OS provided OpenSSL libraries:

>>>   eGenix pyOpenSSL Distribution Page

pyOpenSSL is an open-source Python add-on that allows writing SSL-aware networking applications as as certificate managment tools. It uses the OpenSSL library as performant and robust SSL engine.

OpenSSL is an open-source implementation of the SSL/TLS protocol.

News

This new release of the eGenix.com pyOpenSSL Distribution includes the following updates:

New in eGenix pyOpenSSL

  • Added FreeBSD as supported platform.
  • Updated the Mozilla CA root bundle to version 2015-02-19

New in OpenSSL

  • Updated included OpenSSL libraries from OpenSSL 1.0.1k to 1.0.1m. We had skipped OpenSSL 1.0.1l, since the 1.0.1l release only included a patch for Windows we had already included in our 0.13.7 release. See ​https://www.openssl.org/news/secadv_20150319.txt for a complete list of changes. The following fixes are relevant for pyOpenSSL applications:
    • CVE-2015-0286: Segmentation fault in ASN1_TYPE_cmp.
    • CVE-2015-0287: ASN.1 structure reuse memory corruption.
    • CVE-2015-0289: PKCS#7 NULL pointer dereference.
    • CVE-2015-0292: A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Already fixed in OpenSSL 1.0.1h, but wasn't listed, so repeated here for completeness.
    • CVE-2015-0293: Denial-of-Service (DoS) via reachable assert in SSLv2 servers.
    • CVE-2015-0209: Use After Free following d2i_ECPrivatekey error. A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition.
  • The FREAK Attack (CVE-2015-0204) patch was already available in our last release with OpenSSL 1.0.1k.
Please see the product changelog for the full set of changes.

pyOpenSSL / OpenSSL Binaries Included

In addition to providing sources, we make binaries available that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows, Linux, Mac OS X and now FreeBSD, for x86 and x64.

To simplify installation, we have uploaded a web installer to PyPI which will automatically choose the right binary for your platform, so a simple

pip install egenix-pyopenssl

will get you the package with OpenSSL libraries installed. Please see our installation instructions for details.

We have also added .egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier.

Downloads

Please visit the eGenix pyOpenSSL Distribution page for downloads, instructions on installation and documentation of the package.

Upgrading

Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs.

More Information

For more information on the eGenix pyOpenSSL Distribution, licensing and download instructions, please write to sales@egenix.com.

Enjoy !

Marc-Andre Lemburg, eGenix.com

Published: 2015-03-24