Date: Thu, 08 Dec 2016 17:09:49 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 214915] security/py-cryptography: Update to 1.6 (security fixes) Message-ID: <bug-214915-21822-msVcLKmgou@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-214915-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-214915-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214915 --- Comment #13 from commit-hook@freebsd.org --- A commit references this bug: Author: feld Date: Thu Dec 8 17:08:55 UTC 2016 New revision: 428139 URL: https://svnweb.freebsd.org/changeset/ports/428139 Log: MFH: r428138 security/py-pycryptography: Fix build on FreeBSD 9.3 Modern py-cryptography requires a more modern OpenSSL. This switch to requiring OpenSSL from ports is a disruptive change, but it will protect these users from the recently patched vulnerabilites. Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4. The last release to support OpenSSL 0.9.8 was 1.3.4 which is still vulnerable to the HDKF key generation bug. It appears that version 1.4 did build successfully on FreeBSD 9.3, but upstream had abandoned support for OpenSSL 0.9.8 at that point so it is unclear if it was fully functional. PR: 214915 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q4/ branches/2016Q4/security/py-cryptography/Makefile --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214915-21822-msVcLKmgou>