diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-09-27 08:41:09 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-09-27 08:41:09 -0400 |
| commit | 612e72e2d794c58bc413a3062e664dcc1a1259ee (patch) | |
| tree | d7f2d749c78c239d3b7c69e51bfb4949d403ece1 | |
| parent | 1e5c2efd04074de0b33c5f5fb4023b4dead471e5 (diff) | |
| parent | 6466727e53cf5c14f2f10453ea6a7fb1569d1cce (diff) | |
| download | cryptography-1.0.x.tar.gz | |
bump version to 1.0.2 and add changelog entry
| -rw-r--r-- | CHANGELOG.rst | 11 | ||||
| -rw-r--r-- | docs/spelling_wordlist.txt | 1 | ||||
| -rw-r--r-- | src/cryptography/__about__.py | 2 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/__about__.py | 2 |
4 files changed, 14 insertions, 2 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d306f9cc7..ee736db8b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,17 @@ Changelog ========= +1.0.2 - 2015-09-27 +~~~~~~~~~~~~~~~~~~ +* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use + of assertions to check response codes where our tests could not trigger a + failure. However, when Python is run with ``-O`` these asserts are optimized + away. If a user ran Python with this flag and got an invalid response code + this could result in undefined behavior or worse. Accordingly, all response + checks from the OpenSSL backend have been converted from ``assert`` + to a true function call. Credit **Emilia Käsper (Google Security Team)** + for the report. + 1.0.1 - 2015-09-05 ~~~~~~~~~~~~~~~~~~ diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 1eed7c7a7..50da4a4fc 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -26,6 +26,7 @@ Encodings fernet Fernet hazmat +Käsper indistinguishability initialisms interoperable diff --git a/src/cryptography/__about__.py b/src/cryptography/__about__.py index 55e2aa20c..9ca44eb40 100644 --- a/src/cryptography/__about__.py +++ b/src/cryptography/__about__.py @@ -14,7 +14,7 @@ __summary__ = ("cryptography is a package which provides cryptographic recipes" " and primitives to Python developers.") __uri__ = "https://github.com/pyca/cryptography" -__version__ = "1.0.1" +__version__ = "1.0.2" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" diff --git a/vectors/cryptography_vectors/__about__.py b/vectors/cryptography_vectors/__about__.py index 1e030d360..dbf588ec1 100644 --- a/vectors/cryptography_vectors/__about__.py +++ b/vectors/cryptography_vectors/__about__.py @@ -14,7 +14,7 @@ __summary__ = "Test vectors for the cryptography package." __uri__ = "https://github.com/pyca/cryptography" -__version__ = "1.0.1" +__version__ = "1.0.2" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" |