Log message:
Restored bug-report comments

Log message:
17.1.0:

Backward-incompatible changes:
- Removed the deprecated OpenSSL.rand.egd() function.
  Applications should prefer os.urandom() for random number generation.
- Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export().
  Callers must now always pass an explicit digest.
- Fixed a bug with ASN1_TIME casting in X509.set_notBefore(),
  X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(),
  and Revoked.set_lastUpdate(). You must now pass times in the form
  YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm
  will no longer work.

Deprecations:
- Deprecated the legacy "Type" aliases: ContextType, ConnectionType, \ 
PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, \ 
CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType.
  The names without the "Type"-suffix should be used instead.

Changes:
- Added OpenSSL.crypto.X509.from_cryptography() and \ 
OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and \ 
from pyca/cryptography objects.
- Added OpenSSL.crypto.X509Req.from_cryptography(), \ 
OpenSSL.crypto.X509Req.to_cryptography(), \ 
OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() \ 
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added OpenSSL.debug that allows to get an overview of used library versions \ 
(including linked OpenSSL) and other useful runtime information using python -m \ 
OpenSSL.debug.
- Added a fallback path to Context.set_default_verify_paths() to accommodate the \ 
upcoming release of cryptography manylinux1 wheels.

Log message:
Do not run tests that core dump on NetBSD, add upstream bug report URLs.

Log message:
Changes 17.0.0:
- Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when \ 
verifying certificate chains.
- Added a collection of functions for working with OCSP stapling.
  None of these functions make it possible to validate OCSP assertions, only to \ 
staple them into the handshake and to retrieve the stapled assertion if \ 
provided.
  Users will need to write their own code to handle OCSP assertions.
  We specifically added: ``Context.set_ocsp_server_callback``, \ 
``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``.
- Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory \ 
it allocates when unnecessary.
  This reduces CPU usage and memory allocation time by an amount proportional to \ 
the size of the allocation.
  For applications that process a lot of TLS data or that use very lage \ 
allocations this can provide considerable performance improvements.
- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.

Log message:
Updated py-OpenSSL to 16.2.0.

Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See
https://github.com/pyca/pyopenssl/issues/596

16.2.0 (2016-10-15)
-------------------

Changes:
^^^^^^^^

- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
  `#552 <https://github.com/pyca/pyopenssl/pull/552>`_

16.1.0 (2016-08-26)
-------------------

Deprecations:
^^^^^^^^^^^^^

- Dropped support for OpenSSL 0.9.8.

Changes:
^^^^^^^^

- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
  `#496 <https://github.com/pyca/pyopenssl/pull/496>`_
- Enable use of CRL (and more) in verify context.
  `#483 <https://github.com/pyca/pyopenssl/pull/483>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects \ 
and also exported as such.
  `#439 <https://github.com/pyca/pyopenssl/pull/439>`_
- Support newer versions of ``cryptography`` which use opaque structs for \ 
OpenSSL 1.1.0 compatibility.

Log message:
Switch to MASTER_SITES_PYPI.

Log message:
Update security/py-OpenSSL to 16.0.0.

Changes:
16.0.0 (2016-03-19)
-------------------
This is the first release under full stewardship of PyCA.
We have made *many* changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8,
1.0.1, and 1.0.2.  It has been moved to `py.test <https://pytest.org/>`_,
all CI test runs are part of `tox <https://testrun.org/tox/>`_ and
the source code has been made fully `flake8
<https://flake8.readthedocs.org/>`_ compliant.

We hope to have lowered the barrier for contributions significantly
but are open to hear about any remaining frustrations.

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.2 support has been dropped.
  It never had significant real world usage and has been dropped
  by our main dependency ``cryptography``.  Affected users should
  upgrade to Python 3.3 or later.

Deprecations:
^^^^^^^^^^^^^
- The support for EGD has been removed.
  The only affected function ``OpenSSL.rand.egd()`` now uses
  ``os.urandom()`` to seed the internal PRNG instead.  Please see
  `pyca/cryptography#1636
  <https://github.com/pyca/cryptography/pull/1636>`_ for more
  background information on this decision.  In accordance with our
  backward compatibility policy ``OpenSSL.rand.egd()`` will be
  *removed* no sooner than a year from the release of 16.0.0.
  Please note that you should `use urandom
  <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_
  for all your secure random number needs.
- Python 2.6 support has been deprecated.
  Our main dependency ``cryptography`` deprecated 2.6 in version
  0.9 (2015-05-14) with no time table for actually dropping it.
  pyOpenSSL will drop Python 2.6 support once ``cryptography``
  does.

Changes:
^^^^^^^^
- Fixed ``OpenSSL.SSL.Context.set_session_id``,
  ``OpenSSL.SSL.Connection.renegotiate``,
  ``OpenSSL.SSL.Connection.renegotiate_pending``, and
  ``OpenSSL.SSL.Context.load_client_ca``.
  They were lacking an implementation since 0.14.  `#422
  <https://github.com/pyca/pyopenssl/pull/422>`_
- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
  `#428 <https://github.com/pyca/pyopenssl/pull/428>`_
- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()``
  was called before setting any app data.
  `#304 <https://github.com/pyca/pyopenssl/pull/304>`_
- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey``
  objects that represent public keys, and ``OpenSSL.crypto.load_publickey()``
  to load such objects from serialized representations.
  `#382 <https://github.com/pyca/pyopenssl/pull/382>`_
- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation
  list out to a string buffer.
  `#368 <https://github.com/pyca/pyopenssl/pull/368>`_
- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the
  OpenSSL binding ``state_string_long``.
  `#358 <https://github.com/pyca/pyopenssl/pull/358>`_
- Added support for the ``socket.MSG_PEEK`` flag to
  ``OpenSSL.SSL.Connection.recv()`` and
  ``OpenSSL.SSL.Connection.recv_into()``.
  `#294 <https://github.com/pyca/pyopenssl/pull/294>`_
- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and
  ``OpenSSL.SSL.Connection.get_protocol_version_name()``.
  `#244 <https://github.com/pyca/pyopenssl/pull/244>`_
- Switched to ``utf8string`` mask by default.
  OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8
  characters present.  This was changed to default to ``UTF8String``
  in the config around 2005, but the actual code didn't change it
  until late last year.  This will default us to the setting that
  actually works.  To revert this you can call
  ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
  `#234 <https://github.com/pyca/pyopenssl/pull/234>`_

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Log message:
Update security/py-OpenSSL to py-OpenSSL-0.15.1.

pkgsrc changes:
 * Update HOMEPAGE

Changes:
0.15.1:
 * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
   present in 0.15, where when an error occurs and no errno() is set,
   a KeyError is raised.  This happens, for example, if
   Connection.shutdown() is called when the underlying transport has
   gone away.

0.15:
 * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
   filenames only as bytes now accept them as either bytes or
   unicode (and respect sys.getfilesystemencoding()).
 * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
   (NPN) bindings.
 * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
   builtin ``socket.recv_into``.  Based on work from Cory Benfield.
 * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
 * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
 * OpenSSL/test/test_crypto.py: Add intermediate certificates for
 * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
   underlying socket.
 * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
   causing it to always succeed - even if it should fail.
 * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
   with ``FILETYPE_ASN1`` would fail with a ``NameError``.
 * OpenSSL/SSL.py: Fix a regression in which the first argument of
   the "verify" callback was incorrectly passed a ``Context`` instance
   instead of the ``Connection`` instance.
 * OpenSSL/test/test_ssl.py: Add a test for the value passed as the
   first argument of the "verify" callback.
 * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
   Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
   Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
   to support TLS ECDHE modes.
 * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS
   context with a particular elliptic curve for ECDHE modes.
 * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall``
   now also accept the ``buffer`` type as data.
 * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with
   pyOpenSSL 0.13 by making passphrase optional.
 * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished``
   methods to ``Connection``. If you use these methods to
   implement TLS channel binding (RFC 5929) disable session
   resumption because triple handshake attacks against TLS.
   <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html>
   <https://secure-resumption.com/tlsauth.pdf>
 * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
   and ``get_cipher_version`` to ``Connection``.
 * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
   removed in Python 3) with the equivalent syntax.
 * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup.
 * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked
   and CRL.get_revoked.
 * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding.
 * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.