From info at egenix.com Wed May 16 09:48:16 2012 From: info at egenix.com (eGenix Team: M.-A. Lemburg) Date: Wed, 16 May 2012 09:48:16 +0200 Subject: [python-crypto] ANN: eGenix pyOpenSSL Distribution 0.13.0-1.0.0j Message-ID: <4FB35BC0.3030005@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.13.0-1.0.0j An easy-to-install and easy-to-use distribution of the pyOpenSSL Python interface for OpenSSL - available for Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.0-1.0.0j-1.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy-to-use installer that includes the most recent OpenSSL library versions in pre-compiled form, making your application independent of OS provided OpenSSL libraries: http://www.egenix.com/products/python/pyOpenSSL/ pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS- aware network applications as well as certificate management tools: https://launchpad.net/pyopenssl/ OpenSSL is an open-source implementation of the SSL/TLS protocol: http://www.openssl.org/ ________________________________________________________________________ NEWS This new release of the eGenix.com pyOpenSSL Distribution updates the included included OpenSSL version to 1.0.0g. New features in OpenSSL 1.0.0j since 1.0.0g ------------------------------------------- OpenSSL 1.0.0j fixes several vulnerabilities relative to 1.0.0g: http://openssl.org/news/vulnerabilities.html and includes a number of stability enhancements as well as extra protection against attacks: http://openssl.org/news/changelog.html New features in the eGenix pyOpenSSL Distribution ------------------------------------------------- * Fixed a compatibility problem with Python 2.7's distutils that was introduced in Python 2.7.3 As always, we provide binaries that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64. We've also added egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. ________________________________________________________________________ MORE INFORMATION For more information about the eGenix pyOpenSSL Distributon, licensing and download instructions, please visit our web-site or write to sales at egenix.com. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, May 16 2012) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2012-07-02: EuroPython 2012, Florence, Italy 47 days to go 2012-04-26: Released mxODBC 3.1.2 http://egenix.com/go28 2012-04-25: Released eGenix mx Base 3.2.4 http://egenix.com/go27 ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From dlitz at dlitz.net Fri May 25 01:07:32 2012 From: dlitz at dlitz.net (Dwayne C. Litzenberger) Date: Thu, 24 May 2012 19:07:32 -0400 Subject: [python-crypto] ANN: PyCrypto 2.6 released Message-ID: <20120524230732.GB5809@rivest.dlitz.net> PyCrypto 2.6 has been released! You can download this release from http://www.pycrypto.org/. It has the following SHA256 sums: 7293c9d7e8af2e44a82f86eb9c3b058880f4bcc884bf3ad6c8a34b64986edde8 *pycrypto-2.6.tar.gz 9b64854f69dd7daf06aa8865d6a9699f00687640d77784d4ccc489080637d6f3 *pycrypto-2.6.tar.gz.asc The git repository is here: https://github.com/dlitz/pycrypto/ The v2.6 commit id is: 373ea760f21701b162e8c4912a66928ee30d401a Please test it and post your experiences to the PyCrypto mailing list: pycrypto at lists.dlitz.net and/or file bug reports on Launchpad: https://bugs.launchpad.net/pycrypto Here is the changelog: * [CVE-2012-2417] Fix LP#985164: insecure ElGamal key generation. (thanks: Legrandin) In the ElGamal schemes (for both encryption and signatures), g is supposed to be the generator of the entire Z^*_p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^*_p. The result is that the signature space (when the key is used for signing) or the public key space (when the key is used for encryption) may be greatly reduced from its expected size of log(p) bits, possibly down to 1 bit (the worst case if the order of g is 2). While it has not been confirmed, it has also been suggested that an attacker might be able to use this fact to determine the private key. Anyone using ElGamal keys should generate new keys as soon as practical. Any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164 * Huge documentation cleanup (thanks: Legrandin). * Added more tests, including test vectors from NIST 800-38A (thanks: Legrandin) * Remove broken MODE_PGP, which never actually worked properly. A new mode, MODE_OPENPGP, has been added for people wishing to write OpenPGP implementations. Note that this does not implement the full OpenPGP specification, only the "OpenPGP CFB mode" part of that specification. https://bugs.launchpad.net/pycrypto/+bug/996814 * Fix: getPrime with invalid input causes Python to abort with fatal error https://bugs.launchpad.net/pycrypto/+bug/988431 * Fix: Segfaults within error-handling paths (thanks: Paul Howarth & Dave Malcolm) https://bugs.launchpad.net/pycrypto/+bug/934294 * Fix: Block ciphers allow empty string as IV https://bugs.launchpad.net/pycrypto/+bug/997464 * Fix DevURandomRNG to work with Python3's new I/O stack. (thanks: Sebastian Ramacher) * Remove automagic dependencies on libgmp and libmpir, let the caller disable them using args. * Many other minor bug fixes and improvements (mostly thanks to Legrandin) Thanks to everyone who helped make this release possible, especially to Legrandin, who again did most of the work. Cheers, - Dwayne -- Dwayne C. Litzenberger OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 222 bytes Desc: Digital signature URL: