Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Sun, 23 Aug 2015 10:10:27 +0000
From: "Leonardo Taccari" <leot@netbsd.org>
Subject: CVS commit: pkgsrc/security/py-OpenSSL
To: pkgsrc-changes@NetBSD.org
Reply-To: leot@netbsd.org
Message-Id: <20150823101027.1038898@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	leot
Date:		Sun Aug 23 10:10:27 UTC 2015

Modified Files:
	pkgsrc/security/py-OpenSSL: Makefile PLIST distinfo

Log Message:
Update security/py-OpenSSL to py-OpenSSL-0.15.1.

pkgsrc changes:
 * Update HOMEPAGE

Changes:
0.15.1:
 * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
   present in 0.15, where when an error occurs and no errno() is set,
   a KeyError is raised.  This happens, for example, if
   Connection.shutdown() is called when the underlying transport has
   gone away.

0.15:
 * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
   filenames only as bytes now accept them as either bytes or
   unicode (and respect sys.getfilesystemencoding()).
 * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
   (NPN) bindings.
 * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
   builtin ``socket.recv_into``.  Based on work from Cory Benfield.
 * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
 * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
 * OpenSSL/test/test_crypto.py: Add intermediate certificates for
 * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
   underlying socket.
 * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
   causing it to always succeed - even if it should fail.
 * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
   with ``FILETYPE_ASN1`` would fail with a ``NameError``.
 * OpenSSL/SSL.py: Fix a regression in which the first argument of
   the "verify" callback was incorrectly passed a ``Context`` instance
   instead of the ``Connection`` instance.
 * OpenSSL/test/test_ssl.py: Add a test for the value passed as the
   first argument of the "verify" callback.
 * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
   Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
   Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
   to support TLS ECDHE modes.
 * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS
   context with a particular elliptic curve for ECDHE modes.
 * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall``
   now also accept the ``buffer`` type as data.
 * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with
   pyOpenSSL 0.13 by making passphrase optional.
 * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished``
   methods to ``Connection``. If you use these methods to
   implement TLS channel binding (RFC 5929) disable session
   resumption because triple handshake attacks against TLS.
   <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html>
   <https://secure-resumption.com/tlsauth.pdf>
 * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
   and ``get_cipher_version`` to ``Connection``.
 * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
   removed in Python 3) with the equivalent syntax.
 * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup.
 * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked
   and CRL.get_revoked.
 * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding.
 * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/py-OpenSSL/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/py-OpenSSL/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/py-OpenSSL/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.