ANN: eGenix pyOpenSSL Distribution 0.13.5

[eGenix Team: M.-A. Lemburg]

ANNOUNCING

   eGenix.com pyOpenSSL Distribution

 Version 0.13.5


 An easy-to-install and easy-to-use distribution
 of the pyOpenSSL Python interface for OpenSSL -
available for Windows, Mac OS X and Unix platforms


This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.5.html


INTRODUCTION

The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.

It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:

http://www.egenix.com/products/python/pyOpenSSL/

pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:

https://launchpad.net/pyopenssl/

OpenSSL is an open-source implementation of the SSL/TLS protocol:

http://www.openssl.org/


NEWS

This new release of the eGenix.com pyOpenSSL Distribution updates the
included OpenSSL version to the latest OpenSSL 1.0.1h version and adds
a few more context options:

New in OpenSSL
--

 * Updated included OpenSSL libraries from OpenSSL 1.0.1i to
   1.0.1j. See https://www.openssl.org/news/secadv_20141015.txt for a
   complete list of changes. The following fixes are relevant for
   pyOpenSSL applications:

   - CVE-2014-3567: Memory leak in OpenSSL session ticket management.

   - OpenSSL has added support for TLS_FALLBACK_SCSV to allow
 applications to block the ability for a MITM attacker to force a
 protocol downgrade, e.g. to enable a POODLE (CVE-2014-3566)
 attack by forcing a downgrade to SSLv3. This is enabled
 automatically for servers.

   - CVE-2014-3568: OpenSSL configured with no-ssl3 would still
 allow a complete SSL 3.0 handshake to run.

New in pyOpenSSL


 * Dropped zlib support from OpenSSL builds to more easily prevent the
   CRIME attack without having to use special SSL context options.

 * Disabled the SSLv2 support in OpenSSL builds. SSLv2 has long been
   broken and this simplifies writing secure servers/clients.

 * Updated the included CA root certificate bundles to Mozilla's
   2014-08-26 update.

 * Improved cipher list in https_client.py example which prefers the
   newer AES128-GCM and elliptic curve DH over over ciphers.

 * Added new context flag MODE_SEND_FALLBACK_SCSV. Documented
   previously undocumented MODE_RELEASE_BUFFERS and removed
   non-existing MODE_NO_COMPRESSION from the documentation.

 * Added web installer package to the Python Package Index (PyPI)
   which simplifies installation.

 * In addition to the usual ways of installing eGenix pyOpenSSL, we
   have uploaded a web installer to PyPI, so that it is now also
   possible to use one of these installation methods on all supported
   platforms (Windows, Linux, Mac OS X):

   - easy_install egenix-pyopenssl via PyPI
   - pip install egenix-pyopenssl via PyPI
   - egg reference in zc.buildout via PyPI
   - running python setup.py install in the unzipped web installer
 archive directory

   The web installer will automatically detect the platform and choose
   the right binary download package for you. All downloads are
   verified before installation.

 * Resolved a problem with a pyOpenSSL test for certificate
   extensions: OpenSSL 1.0.1i+ wants a signature algorithm to be
   defined when loading PEM certificates.

 * Moved eGenix additions to pyOpenSSL to a new extras/ dir in the
   source distribution.

 * In previous releases, we also added the OpenSSL version number to
   the package version. Since this causes very long version numbers,
   we have dropped the OpenSSL version starting with 0.13.5 and will
   only increase the main version number from now on. In the future,
   we plan to switch to a new version scheme that is compatible with
   our normal version number scheme for products.

pyOpenSSL / OpenSSL Binaries Included
-

In addition to providing sources, we make binaries available that
include both pyOpenSSL and the necessary OpenSSL libraries for all
supported platforms: Windows x86 and x64, Linux x86 and x64, Mac OS X
PPC, x86 and x64.

We've also added egg-file distribution versions of our eGenix.com
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.


DOWNLOADS

The download archives and instructions for installing the 

pytest-2.6.4: bugfix release

[holger krekel]

Hi all,

just pushed pytest-2.6.4 to pypi, a small bug fix release.  pytest is a
popular and mature Python testing tool with more than a 1100 tests
against itself, passing on many different interpreters and platforms.
This release is drop-in compatible to 2.5.2 and 2.6.X.  See below for
the changes and see docs at:

http://pytest.org

Thanks to all who contributed, among them:

Bruno Oliveira
Floris Bruynooghe
Dinu Gherman
Anatoly Bubenkoff

best,
holger krekel, merlinux GmbH


2.6.4
--

- Improve assertion failure reporting on iterables, by using ndiff and pprint.

- removed outdated japanese docs from source tree.

- docs for pytest_addhooks hook.  Thanks Bruno Oliveira.

- updated plugin index docs.  Thanks Bruno Oliveira.

- fix issue557: with -k we only allow the old style - for negation
  at the beginning of strings and even that is deprecated.  Use not instead.
  This should allow to pick parametrized tests where - appeared in the 
parameter.

- fix issue604: Escape % character in the assertion message.

- fix issue620: add explanation in the --genscript target about what
  the binary blob means. Thanks Dinu Gherman.

- fix issue614: fixed pastebin support.

-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

devpi-{server-2.1.2,web-2.2.1}: bugfixes, streamlined web templates

[holger krekel]

devpi-server-2.1.2 and devpi-web-2.2.1 bring a host of fixes to
the private pypi server system.  You can upgrade without migrating
your data if you run already with devpi-server-2.1.X. 

Find docs as usual at:

http://doc.devpi.net

Many thanks to Florian Schulze who did most of the changes in devpi-web.

Have fun,

holger krekel, merlinux GmbH

devpi-server-2.1.2
--

- fix issue172: avoid traceback when user/index/name/version is accessed.

- fix issue170: ensure that we parse the prospective pip-6.0 user agent
  string properly so that using the username/index url works with pip.
  Thanks Donald Stufft and Florian Schulze.

- fix issue158: redirect to normalized projectname for all GET views.

- fix issue169: change /+status to expose event_serial as the last
  event serial that was processed.  document serial and
  event-serial and also refine internals wrt to event-serial so that
  it means the last serial for which events have been processed


devpi-web-2.2.1
---

- require devpi-server=2.1.2

- fix issue175: use normalized name of projects, so redirects from unnormalized
  names works.  NOTE that if you had issues with documentation uploads
  not appearing because of normalization issues (- or _ appearing 
  in the name for example) you need to re-upload the docs or 
  do a full export/import cycle.  

- fix view when tox results can not be parsed. 

- version.pt: removed code tag around overwrite count.

- macros.pt: added footer tag around the whole footer part.

- version.pt: moved file type, python version and size info from their own
  columns into the file column.

- version.pt: moved history column from before the tox results column to behind
  the tox results.

- version.pt: removed last modified from history column

- version.pt: removed timestamp from replaced action in history column

- version.pt: add link to PyPI page if applicable.

- fix project page view if there are downloads with filenames which can't be
  parsed as packages with version number

- fix notfound-redirect when serving under an outside URL with a sub path


-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/