CVS commit: pkgsrc/security/py-cryptography

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/py-cryptography
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 19 Oct 2015 09:37:29 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Oct 19 09:37:29 UTC 2015

Modified Files:
        pkgsrc/security/py-cryptography: Makefile distinfo

Log Message:
Update py-cryptography to 1.0.2:

1.0.2 - 2015-09-27
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
  of assertions to check response codes where our tests could not trigger a
  failure.  However, when Python is run with ``-O`` these asserts are optimized
  away.  If a user ran Python with this flag and got an invalid response code
  this could result in undefined behavior or worse. Accordingly, all response
  checks from the OpenSSL backend have been converted from ``assert``
  to a true function call. Credit **Emilia Käsper (Google Security Team)**
  for the report.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/py-cryptography/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/py-cryptography/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index