CVS commit: pkgsrc/net/py-twisted

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/py-twisted
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Wed, 17 Sep 2014 22:41:06 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed Sep 17 22:41:06 UTC 2014

Modified Files:
        pkgsrc/net/py-twisted: Makefile.common distinfo

Log Message:
Update to 14.0.1 -- security update:

On behalf of Twisted Matrix Laboratories, I�m releasing Twisted
14.0.1, a security release for Twisted 14.0. It is strongly suggested
that users of 14.0.0 upgrade to this release.

This patches a bug in Twisted Web�s Agent, where BrowserLikePolicyForHTTPS
would not honour the trust root given, and would use the system
trust root instead. This would have broken, for example, attempting
to pin the issuer for your HTTPS application because you only trust
one issuer.

Note: on OS X, with the system OpenSSL, you still can't fully rely
on this API for issuer pinning, due to modifications by Apple �
please see https://hynek.me/articles/apple-openssl-verification-surprises/
for more details.


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/net/py-twisted/Makefile.common
cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/py-twisted/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index