[web] master update
The branch master has been updated via cbf57da0fc9ef2a5842f6a9dd3f4ed7d4a2e47a0 (commit) from acbb83e4accab58fab385371c8835316a33fb21c (commit) - Log - commit cbf57da0fc9ef2a5842f6a9dd3f4ed7d4a2e47a0 Author: Richard Levitte Date: Mon Nov 1 09:47:45 2021 +0100 Make sure to create missing directories The source/old directory tree isn't guaranteed to be there any more, now that we have removed that copy of the tarball archive. However, HTML files are still produced there, so we must ensure that those directories exist, or we'd get a build break. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/276) --- Summary of changes: Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 0f79120..38b5738 100644 --- a/Makefile +++ b/Makefile @@ -350,9 +350,11 @@ source/index.inc: $(wildcard $(RELEASEDIR)/openssl-*.tar.gz) bin/mk-filelist # $(1) = release, $(2) = release title define mkoldsourceindex source/old/$(1)/index.inc: $(wildcard $(RELEASEDIR)/old/$(1)/*.gz) bin/mk-filelist + @mkdir -p `dirname $$@` @rm -f $$@ ./bin/mk-filelist $(RELEASEDIR)/old/$(1) '' '*.gz' > $$@ source/old/$(1)/index.html: source/old/sub-index.html.tt bin/from-tt + @mkdir -p `dirname $$@` @rm -f $$@ ./bin/from-tt -d source/old/$(1) \ release='$(1)' releasetitle='Old $(2) Releases' \ @@ -367,6 +369,7 @@ endef $(foreach S,fips $(SERIES) $(OLDSERIES2),$(eval $(call mkoldsourceindex,$(S),$(patsubst fips,FIPS,$(S) source/old/index.html: source/old/index.html.tt Makefile bin/from-tt + @mkdir -p `dirname $@` @rm -f $@ ./bin/from-tt releases='$(SERIES) $(OLDSERIES2) fips' $<
[web] master update
The branch master has been updated via acbb83e4accab58fab385371c8835316a33fb21c (commit) from 469d1a406bf21372d301396c66b8aec97bd8a32a (commit) - Log - commit acbb83e4accab58fab385371c8835316a33fb21c Author: Mark J. Cox Date: Mon Nov 1 10:14:50 2021 + Update to match reality, our sources of income are sponsorship and support contracts. --- Summary of changes: support/donations.html | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/support/donations.html b/support/donations.html index 0228569..7de3620 100644 --- a/support/donations.html +++ b/support/donations.html @@ -13,11 +13,10 @@ OpenSSL. You can support the OpenSSL project financially with the -purchase of a support contract, by a -sponsorship donation, or by hiring OSF for consulting services or -custom software development. +purchase of a support contract, or by a +sponsorship donation. -We can also accept smaller donations +We can accept smaller sponsorship donations via https://github.com/sponsors/openssl;>GitHub Sponsors. We do not have a PayPal account. Please do not donate to any
[web] master update
The branch master has been updated via 469d1a406bf21372d301396c66b8aec97bd8a32a (commit) from ce9c342932ae133329d227d9b317da85f82478ab (commit) - Log - commit 469d1a406bf21372d301396c66b8aec97bd8a32a Author: Richard Levitte Date: Thu Oct 28 09:40:27 2021 +0200 Drop source/snapshot/README This file isn't used any more, since source/snapshot is now aliased to $ftp/snapshot. This README has been copied to $ftp/snapshot/.message, which is configured as HeaderName in the system Apache configuration, and is thus shown directly in the snapshot directory listing. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/275) --- Summary of changes: source/snapshot/README | 4 1 file changed, 4 deletions(-) delete mode 100644 source/snapshot/README diff --git a/source/snapshot/README b/source/snapshot/README deleted file mode 100644 index c8fddfb..000 --- a/source/snapshot/README +++ /dev/null @@ -1,4 +0,0 @@ -These daily snapshots of the source tree are provided for convenience -only and not even guaranteed to compile. Note that keeping a git local -repository and updating it every 24 hours is equivalent and will often be -faster and more efficient.
[web] master update
The branch master has been updated via ce9c342932ae133329d227d9b317da85f82478ab (commit) from 688c06be52c1a5ea53fa91f9132ac47db37a6e41 (commit) - Log - commit ce9c342932ae133329d227d9b317da85f82478ab Author: Pauli Date: Thu Oct 28 08:01:05 2021 +1000 trivial update to kick web magic Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/274) --- Summary of changes: index.html | 1 - 1 file changed, 1 deletion(-) diff --git a/index.html b/index.html index 222906e..f218ad6 100644 --- a/index.html +++ b/index.html @@ -65,5 +65,4 @@ -
[web] master update
The branch master has been updated via 688c06be52c1a5ea53fa91f9132ac47db37a6e41 (commit) from 1e46759248df528e3e0245443d08194c7f3c90cb (commit) - Log - commit 688c06be52c1a5ea53fa91f9132ac47db37a6e41 Author: Matt Caswell Date: Wed Sep 15 08:16:16 2021 +0100 Update the release schedule following 3.0 release As per OMC vote Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/263) --- Summary of changes: policies/releasestrat.html | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 5db0a0b..6b7f8af 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -70,7 +70,7 @@ project has adopted the following policy: - The next version of OpenSSL will be 3.0.0. + Version 3.0 will be supported until 2023-09-07. Version 1.1.1 will be supported until 2023-09-11 (LTS). Version 1.0.2 is no longer supported. Extended support for 1.0.2 to gain access to security fixes for that version is @@ -110,10 +110,6 @@ Feature complete/Feature freeze Bug fixes only - - The OpenSSL 3.0 release schedule is documented on the - https://wiki.openssl.org/index.php/OpenSSL_3.0_Release_Schedule;>OpenSSL 3.0 Release Schedule - wiki page. We expect the final release to be in early Q4 2020. For any major or minor release, we have defined the following
[web] master update
The branch master has been updated via 1e46759248df528e3e0245443d08194c7f3c90cb (commit) from 74867be941560c563f86ab901d89f124e183e31c (commit) - Log - commit 1e46759248df528e3e0245443d08194c7f3c90cb Author: Pauli Date: Wed Oct 27 19:24:48 2021 +1000 Reword the landing page as per OMC vote. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/273) --- Summary of changes: index.html | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/index.html b/index.html index 4722101..222906e 100644 --- a/index.html +++ b/index.html @@ -12,16 +12,23 @@ Welcome to OpenSSL! - OpenSSL is a - robust, commercial-grade, and full-featured toolkit - for the Transport Layer Security (TLS) and Secure - Sockets Layer (SSL) protocols. It is also a general-purpose - cryptography library. For more information about the - team and community around the project, or to start making - your own contributions, start with the - community page. To get the - latest news, download the source, and so on, please see - the sidebar or the buttons at the top of every page. + The OpenSSL Project develops and maintains the OpenSSL + software - a robust, commercial-grade, full-featured toolkit + for general-purpose cryptography and secure communication. The + project's technical decision making is managed by the + OpenSSL Technical Committee (OTC) + and the project governance is managed by the + OpenSSL Management Committee (OMC). + The project operates under formal + Bylaws. + + + + For more information about the team and community around the + project, or to start making your own contributions, start + with the community page. To get the + latest news, download the source, and so on, please see + the sidebar or the buttons at the top of every page.
[web] master update
The branch master has been updated
via 74867be941560c563f86ab901d89f124e183e31c (commit)
via 18e3d3119a4c74dcf50ed0d3418efd40bf811c28 (commit)
from 47a7a6de93b5fd3f1fd73b638d4119d2ca55a61f (commit)
- Log -
commit 74867be941560c563f86ab901d89f124e183e31c
Author: Richard Levitte
Date: Fri Oct 22 14:50:57 2021 +0200
Reduce bin/mk-latest to only redirect latest
We rely on the system apache configuration for aliasing to /srv/ftp
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/272)
commit 18e3d3119a4c74dcf50ed0d3418efd40bf811c28
Author: Richard Levitte
Date: Fri Oct 22 14:49:58 2021 +0200
Switch the release directory to /srv/ftp/source
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/272)
---
Summary of changes:
Makefile | 2 +-
bin/mk-latest | 38 +++---
2 files changed, 4 insertions(+), 36 deletions(-)
diff --git a/Makefile b/Makefile
index 83d8e53..0f79120 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ CHECKOUTS = /var/cache/openssl/checkouts
## Snapshot directory
SNAP = $(CHECKOUTS)/openssl
## Where releases are found.
-RELEASEDIR = /var/www/openssl/source
+RELEASEDIR = /srv/ftp/source
## The OMC repository checkout can be used for dependencies.
## By default, we don't assume it, as not everyone has access to it.
diff --git a/bin/mk-latest b/bin/mk-latest
index 8a43268..88ef087 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -24,41 +24,9 @@ print <<"EOF";
# Instead, edit bin/mk-latest in the master branch of openssl-web.git
#
-RewriteEngine on
-RewriteBase /source
-# First, rewrite all the 'latest' URLs
-RewriteRule ^latest.tar.gz\$ $latest [L,R=302,NC]
+Redirect "/source/latest.tar.gz" "/source/$latest"
EOF
-foreach (sort keys %series) {
- my $rule = "openssl-$_-latest.tar.gz";
- #don't bother: $rule =~ s|\.|\\.|g;
- my $target = $series{$_};
- print "RewriteRule ^$rule\$ $target [L,R=302,NC]\n";
-}
-
-print <<\EOF;
-
-# Old distro's are in subdirs.
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-3\.(\d+).*) old/3.$2/$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-(\d+\.\d+\.\d+).*) old/$2/$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L]
-
-
-RemoveEncoding .gz
-
-
-RemoveEncoding .gz
-
-
-RemoveEncoding .gz
-
-
-RemoveEncoding .gz
-
+print <<"EOF" foreach (sort keys %series);
+Redirect "/source/openssl-$_-latest.tar.gz" "/source/$series{$_}"
EOF
[web] master update
The branch master has been updated
via 47a7a6de93b5fd3f1fd73b638d4119d2ca55a61f (commit)
from 08d5ca8ee5e497a78944ceacd9df305d1773a811 (commit)
- Log -
commit 47a7a6de93b5fd3f1fd73b638d4119d2ca55a61f
Author: Richard Levitte
Date: Fri Oct 22 13:05:00 2021 +0200
bin/mk-latest: Treat post 1.x.x releases right
The currently produced .htaccess has this RewriteRule
RewriteRule ^openssl-3.0.0-latest.tar.gz$ openssl-3.0.0.tar.gz
[L,R=302,NC]
It should really be this:
RewriteRule ^openssl-3.0-latest.tar.gz$ openssl-3.0.0.tar.gz
[L,R=302,NC]
Also, since all other scripts that handle our tarballs are passed
$(RELEASEDIR), not just 'source', so should this one.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/271)
---
Summary of changes:
Makefile | 2 +-
bin/mk-latest | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index a271213..83d8e53 100644
--- a/Makefile
+++ b/Makefile
@@ -332,7 +332,7 @@ $(eval $(call mknews_vulnerability,-$(S),-b $(S
source/.htaccess: $(wildcard source/openssl-*.tar.gz) bin/mk-latest
@rm -f @?
- ./bin/mk-latest source >$@
+ ./bin/mk-latest $(RELEASEDIR) >$@
source/index.inc: $(wildcard $(RELEASEDIR)/openssl-*.tar.gz) bin/mk-filelist
@rm -f $@
./bin/mk-filelist $(RELEASEDIR) '' 'openssl-*.tar.gz' >$@
diff --git a/bin/mk-latest b/bin/mk-latest
index 7a57fdd..8a43268 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -12,7 +12,8 @@ my @tarballs =
my %series = ();
foreach(@tarballs) {
- my ($version, $serie) = /^openssl-((\d+\.\d+\.\d+)[a-z]*)\./;
+my ($version, $serie) =
+/^openssl-(?|(([01]\.\d+\.\d+)[a-z]*)|((\d+\.\d+)\.\d+))\./;
$series{$serie} = $_;
}
my $latest = $series{ (reverse sort keys %series)[0] };
[web] master update
The branch master has been updated via 08d5ca8ee5e497a78944ceacd9df305d1773a811 (commit) from bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 (commit) - Log - commit 08d5ca8ee5e497a78944ceacd9df305d1773a811 Author: Randall S. Becker Date: Thu Oct 21 10:41:22 2021 -0400 Add NonStop OSS platform community maintainer. GUARDIAN builds are left as unadopted. Signed-off-by: Randall S. Becker --- Summary of changes: policies/platformpolicy.html | 260 --- 1 file changed, 143 insertions(+), 117 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index e73dcb3..3713e0b 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -275,6 +275,149 @@ @levitte + +nonstop-nsx + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nsx_put + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nsx_64 + +NonStop OSS L19.08 + +x86_64 lp64 + +c99 + +@rsbeckerca + + +nonstop-nsx_64_put + +NonStop OSS L19.08 + +x86_64 lp64 PUT + +c99 + +@rsbeckerca + + +nonstop-nsx_spt + +NonStop OSS L19.08 + +x86_64 ilp32 SPT + +c99 + +@rsbeckerca + + +nonstop-nsx_spt_floss + +NonStop OSS L19.08 + +x86_64 ilp32 SPT FLOSS + +c99 + +@rsbeckerca + + +nonstop-nsv + +NonStop OSS L19.08 + +x86_64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nse + +NonStop OSS J06.22 + +ia64 ilp32 + +c99 + +@rsbeckerca + + +nonstop-nse_put + +NonStop OSS J06.22 + +ia64 ilp32 PUT + +c99 + +@rsbeckerca + + +nonstop-nse_64 + +NonStop OSS J06.22 + +ia64 lp64 + +c99 + +@rsbeckerca + + +nonstop-nse_64_put + +NonStop OSS J06.22 + +ia64 lp64 PUT + +c99 + +@rsbeckerca + + +nonstop-nse_spt + +NonStop OSS J06.22 + +ia64 ipl32 SPT + +c99 + +@rsbeckerca + + +nonstop-nse_spt_floss + +NonStop OSS J06.22 + +ia64 ipl32 SPT FLOSS + +c99 + +@rsbeckerca + @@ -1289,60 +1432,6 @@ gcc?
[web] master update
The branch master has been updated via bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 (commit) from 6209ad7fe143d48712822e7ce0e592d870f168b0 (commit) - Log - commit bbdf2efdd4fabdd8ebd8d166b1763a9deeb05ef4 Author: Richard Levitte Date: Thu Oct 21 10:14:29 2021 +0200 Remove duplicated toolchain --- Summary of changes: policies/platformpolicy.html | 2 -- 1 file changed, 2 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index 00201af..e73dcb3 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -225,8 +225,6 @@ VSI C 7.4 (64 bit pointer build) -VSI C 7.4 - @levitte
[web] master update
The branch master has been updated via 6209ad7fe143d48712822e7ce0e592d870f168b0 (commit) from 4ed858ce02d41753b78629e0b908660593f082b6 (commit) - Log - commit 6209ad7fe143d48712822e7ce0e592d870f168b0 Author: Richard Levitte Date: Wed Oct 20 10:19:11 2021 +0200 Update the details of VMS support Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/269) --- Summary of changes: policies/platformpolicy.html | 132 +-- 1 file changed, 76 insertions(+), 56 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index be1b00f..00201af 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -193,13 +193,87 @@ Nominated Community Member(s) -vms-ia64? +vms-alpha + +OpenVMS 8.4 + +alpha + +VSI C 7.4 + +@levitte + + +vms-alpha-p32 OpenVMS 8.4 +alpha + +VSI C 7.4 +(32 bit pointer build) + +@levitte + + +vms-alpha-p64 + +OpenVMS 8.4 + +alpha + +VSI C 7.4 +(64 bit pointer build) + +VSI C 7.4 + +@levitte + + +vms-ia64 + +OpenVMS 8.4 8.4 + ia64 -?? +VSI C 7.4 + +@levitte + + +vms-ia64-p32 + +OpenVMS 8.4 + +ia64 + +VSI C 7.4 +(32 bit pointer build) + +@levitte + + +vms-ia64-p64 + +OpenVMS 8.4 + +ia64 + +VSI C 7.4 +(64 bit pointer build) + +@levitte + + +vms-x86_64 + +OpenVMS 8.4 + +x86_64 + +VSI C X7.4 +(cross compile on ia64, +currently build only) @levitte @@ -1073,60 +1147,6 @@ gcc - -vms-alpha - -VMS - -alpha - -? - - -vms-alpha-p32 - -VMS - -alpha 32 bit pointers? - -? - - -vms-alpha-p64 - -VMS - -alpha 64 bit pointers? - -? - - -vms-ia64-p32 - -VMS - -ia64 32 bit pointers? - -? - - -vms-ia64-p64 - -VMS - -ia64 64 bit pointers? - -? - - -vms-x86_64 - -VMS - -x86_64 - -? - android-arm
[web] master update
The branch master has been updated via 4ed858ce02d41753b78629e0b908660593f082b6 (commit) via 825e40e042c3eb67f7c8f865cff7f21a669f989b (commit) from 4d8357b7e6fb544f0a618e65d98a9206a2df05f6 (commit) - Log - commit 4ed858ce02d41753b78629e0b908660593f082b6 Author: Kurt Roeckx Date: Wed Oct 20 09:40:16 2021 +0200 Fix table summary title Reviewed-by: Tim Hudson GH: #268 commit 825e40e042c3eb67f7c8f865cff7f21a669f989b Author: Kurt Roeckx Date: Wed Oct 20 09:50:47 2021 +0200 Remove duplicate Reviewed-by: Tim Hudson GH: #268 --- Summary of changes: policies/platformpolicy.html | 11 +-- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index abf1ac7..be1b00f 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -208,7 +208,7 @@ The current unadopted platforms are: - + Target @@ -902,15 +902,6 @@ gcc - -mingw64 - -Windows 10? - -x86_64 - -gcc - UEFI-x86
[web] master update
The branch master has been updated via 4d8357b7e6fb544f0a618e65d98a9206a2df05f6 (commit) via 1628f0f455848c12f365c9bac03bfc30b50e2d86 (commit) via f50ade47ca53ad5c6757bb4afe5dfa51cf261475 (commit) from 03e84f49907d92dda63a9360090781fc8ed96910 (commit) - Log - commit 4d8357b7e6fb544f0a618e65d98a9206a2df05f6 Author: Kurt Roeckx Date: Wed Oct 20 09:31:44 2021 +0200 Update info about FreeBSD and VMS commit 1628f0f455848c12f365c9bac03bfc30b50e2d86 Author: Kurt Roeckx Date: Wed Oct 20 09:11:50 2021 +0200 Fix spelling error commit f50ade47ca53ad5c6757bb4afe5dfa51cf261475 Author: Kurt Roeckx Date: Wed Oct 20 09:10:20 2021 +0200 Add platforms for which we have a configuartion --- Summary of changes: policies/platformpolicy.html | 1321 +- 1 file changed, 1316 insertions(+), 5 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index cdf2db4..abf1ac7 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -59,7 +59,7 @@ stable version or master) on a community platform breaks, then an attempt should be made to contact the community maintainer to request a fix. In the event that a community platform is - broken in CI for a protacted period then it may be dropped + broken in CI for a protracted period then it may be dropped from CI. If defects are raised that are specific to a community @@ -109,7 +109,7 @@ x86_64 -?? +Clang 11 VC-WIN64A @@ -193,11 +193,11 @@ Nominated Community Member(s) -?? +vms-ia64? -OpenVMS 9.1 +OpenVMS 8.4 -Itanium +ia64 ?? @@ -205,6 +205,1317 @@ + +The current unadopted platforms are: + + + +Target + +O/S + +Architecture + +Toolchain + + +vos-gcc + +VOS + +?? + +gcc + + +solaris-x86-gcc + +Solaris + +x86 + +gcc + + +solaris64-x86_64-gcc + +Solaris + +x86_64 + +gcc + + +solaris64-x86_64-cc + +Solaris + +x86_64 + +Sun C + + +solaris-sparcv7-gcc + +Solaris + +Sparc V7 + +gcc + + +solaris-sparcv8-gcc + +Solaris + +Sparc V8 + +gcc + + +solaris-sparcv9-gcc + +Solaris + +Sparc V9 32 bit + +gcc + + +solaris64-sparcv9-gcc + +Solaris + +Sparc V9 64 bit + +gcc + + +solaris-sparcv7-cc + +Solaris + +Sparc V7 + +Sun C + + +solaris-sparcv8-cc + +Solaris + +Sparc V8 + +
[web] master update
The branch master has been updated via 03e84f49907d92dda63a9360090781fc8ed96910 (commit) from 95646d33a713dd67de6aef668fb717aca07fa11a (commit) - Log - commit 03e84f49907d92dda63a9360090781fc8ed96910 Author: Matt Caswell Date: Wed Oct 13 11:24:10 2021 +0100 Update the platform policy as per OMC decision Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/266) --- Summary of changes: policies/platformpolicy.html | 247 +++ 1 file changed, 202 insertions(+), 45 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index 24b4829..cdf2db4 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -7,59 +7,216 @@ - - - - Platform Policy - + + + + Platform Policy + + + Platforms are classified as "primary", "secondary", "community" + and "unadopted". Support for a new platform should only be + added if it is being adopted as a primary, secondary or + community platform. + +Primary + + Definition: A platform that is regularly tested + through project CI on a project owned and managed system + - + New Pull Requests (PRs) should not be merged unless the + primary platforms are showing as "green" in CI. If the CI + breaks for a branch (such as for a stable version or master) + then it should be fixed as a priority. + +Secondary + + Definition: A platform that is regularly tested + through project CI on a system that is not owned or managed by + the project. At least one project committer must have access + to the system and be able and willing to support it. - NOTE: Work In Progress + New Pull Requests (PRs) should avoid introducing new breaks to + CI in secondary platforms where possible but may still be + merged where a resolution is not easily achievable without + access to the platform. If the CI for a branch (such as for a + stable version or master) on a secondary platform breaks, then + a resolution should be sought as soon as is practically + possible and before a release is made from the branch. + +Community + + Definition: Platforms that one or more members of the + OpenSSL community have volunteered to support. May or may not + be in project CI. Members of the community providing support + do not have to be committers. - Each platform is classified as: - - Primary - - Target(s) on which the majority of OpenSSL - development occurs + Where a community platform is in project CI then new Pull + Requests (PRs) should avoid introducing new breaks to CI on + such platforms where possible but may still be merged where a + resolution is not easily achievable without access to the + platform. If the CI for a branch (such as for a + stable version or master) on a community platform breaks, then + an attempt should be made to contact the community maintainer + to request a fix. In the event that a community platform is + broken in CI for a protacted period then it may be dropped + from CI. - The current primary development platform is - Linux. - - Secondary - - Targets which at least one team member actively supports, or the - platform is covered by CI and at least one team member has access to - the platform. + If defects are raised that are specific to a community + platform then the community maintainer may be contacted to + help find a resolution. If a community maintainer is + unresponsive, or unable to provide fixes then the platform may + be moved to "unadopted". + +Unadopted + + Definition: Platforms that no one has volunteered to + support. +
[web] master update
The branch master has been updated via 95646d33a713dd67de6aef668fb717aca07fa11a (commit) from 78a40cab4af1807c6530546557a93303b2505f40 (commit) - Log - commit 95646d33a713dd67de6aef668fb717aca07fa11a Author: Mark J. Cox Date: Mon Sep 27 13:15:14 2021 +0100 Add note of third party bug bounty program --- Summary of changes: community/index.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/community/index.html b/community/index.html index 72587ad..19e5397 100644 --- a/community/index.html +++ b/community/index.html @@ -62,9 +62,9 @@ Please note that we do not run a Bug Bounty program, although third parties -may reward confirmed security issues reported in the OpenSSL codebase. We -do not consider -the https://github.com/openssl/openssl/issues/6077;>lack of SPF records for openssl.org a security issue. +(such as the https://hackerone.com/ibb;>HackerOne Internet +Bug Bounty) +may reward correctly reported and confirmed security issues in the OpenSSL codebase.
[web] master update
The branch master has been updated via 78a40cab4af1807c6530546557a93303b2505f40 (commit) from 598d9806bc701a208da5506fcba59cd629e21f21 (commit) - Log - commit 78a40cab4af1807c6530546557a93303b2505f40 Author: Tomáš Mráz Date: Mon Sep 13 12:07:30 2021 +0200 newsflash.txt: Add link to blog about Let's encrypt root expiration Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/262) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 7c8a166..dc25841 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +13-Sep-2021: New Blog post: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/;>Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 07-Sep-2021: Final version of OpenSSL 3.0.0 is now available: please download and upgrade! 24-Aug-2021: Security Advisory: two security fixes 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes
[web] master update
The branch master has been updated via 598d9806bc701a208da5506fcba59cd629e21f21 (commit) from 6850835feb4bc989b2e5465163b065c44bed644a (commit) - Log - commit 598d9806bc701a208da5506fcba59cd629e21f21 Author: Pauli Date: Sat Sep 11 16:44:56 2021 +1000 Update copyright footer. Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/261) --- Summary of changes: inc/footer.shtml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inc/footer.shtml b/inc/footer.shtml index 65be9f1..588fbab 100644 --- a/inc/footer.shtml +++ b/inc/footer.shtml @@ -4,7 +4,8 @@ Please report problems with this website to webmaster at openssl.org. -Copyright 1999-2018, OpenSSL Software Foundation. +Copyright 1999-2021 The OpenSSL Project Authors. +All Rights Reserved.
[web] master update
The branch master has been updated via 6850835feb4bc989b2e5465163b065c44bed644a (commit) from 79ff40e1b146b57350bbcafa7f245eb8254436b4 (commit) - Log - commit 6850835feb4bc989b2e5465163b065c44bed644a Author: Matt Caswell Date: Wed Sep 8 12:46:23 2021 +0100 Update the secondary platform definition Updates to the definition as per an OMC vote Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/260) --- Summary of changes: policies/platformpolicy.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/policies/platformpolicy.html b/policies/platformpolicy.html index 5d59af8..24b4829 100644 --- a/policies/platformpolicy.html +++ b/policies/platformpolicy.html @@ -29,8 +29,9 @@ Secondary - Targets which at least one team member actively - supports. + Targets which at least one team member actively supports, or the + platform is covered by CI and at least one team member has access to + the platform. The current secondary development platforms are: FreeBSD, Windows (Visual Studio, MinGW), MacOS
[web] master update
The branch master has been updated discards 4c6dea4a88da460e9bc58b24b13b0e4133465334 (commit) via 79ff40e1b146b57350bbcafa7f245eb8254436b4 (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (4c6dea4a88da460e9bc58b24b13b0e4133465334) \ N -- N -- N (79ff40e1b146b57350bbcafa7f245eb8254436b4) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log - commit 79ff40e1b146b57350bbcafa7f245eb8254436b4 Author: Richard Levitte Date: Tue Sep 7 22:38:28 2021 +0200 Correct mansidebar.html reference --- Summary of changes: docs/sub-index.html.tt | 2 +- docs/sub-man1-index.html.tt | 2 +- docs/sub-man3-index.html.tt | 2 +- docs/sub-man5-index.html.tt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sub-index.html.tt b/docs/sub-index.html.tt index f1ade79..0b02457 100644 --- a/docs/sub-index.html.tt +++ b/docs/sub-index.html.tt @@ -31,7 +31,7 @@ - + diff --git a/docs/sub-man1-index.html.tt b/docs/sub-man1-index.html.tt index e6a4b5d..2894fcf 100644 --- a/docs/sub-man1-index.html.tt +++ b/docs/sub-man1-index.html.tt @@ -34,7 +34,7 @@ - + diff --git a/docs/sub-man3-index.html.tt b/docs/sub-man3-index.html.tt index 57cfd04..48b21c7 100644 --- a/docs/sub-man3-index.html.tt +++ b/docs/sub-man3-index.html.tt @@ -36,7 +36,7 @@ - + diff --git a/docs/sub-man5-index.html.tt b/docs/sub-man5-index.html.tt index 2517295..28ebb0f 100644 --- a/docs/sub-man5-index.html.tt +++ b/docs/sub-man5-index.html.tt @@ -29,7 +29,7 @@ - +
[web] master update
The branch master has been updated discards 72f1e7fb3cd96308b336baf78b325d088652f426 (commit) via 4c6dea4a88da460e9bc58b24b13b0e4133465334 (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (72f1e7fb3cd96308b336baf78b325d088652f426) \ N -- N -- N (4c6dea4a88da460e9bc58b24b13b0e4133465334) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log - commit 4c6dea4a88da460e9bc58b24b13b0e4133465334 Author: Richard Levitte Date: Tue Sep 7 22:38:28 2021 +0200 Correct mansidebar.html reference --- Summary of changes: docs/sub-index.html.tt | 2 +- docs/sub-man1-index.html.tt | 2 +- docs/sub-man3-index.html.tt | 2 +- docs/sub-man5-index.html.tt | 2 +- docs/sub-man7-index.html.tt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sub-index.html.tt b/docs/sub-index.html.tt index b0b3bb3..f1ade79 100644 --- a/docs/sub-index.html.tt +++ b/docs/sub-index.html.tt @@ -31,7 +31,7 @@ - + diff --git a/docs/sub-man1-index.html.tt b/docs/sub-man1-index.html.tt index d213130..e6a4b5d 100644 --- a/docs/sub-man1-index.html.tt +++ b/docs/sub-man1-index.html.tt @@ -34,7 +34,7 @@ - + diff --git a/docs/sub-man3-index.html.tt b/docs/sub-man3-index.html.tt index 03aee4f..57cfd04 100644 --- a/docs/sub-man3-index.html.tt +++ b/docs/sub-man3-index.html.tt @@ -36,7 +36,7 @@ - + diff --git a/docs/sub-man5-index.html.tt b/docs/sub-man5-index.html.tt index 9cc6826..2517295 100644 --- a/docs/sub-man5-index.html.tt +++ b/docs/sub-man5-index.html.tt @@ -29,7 +29,7 @@ - + diff --git a/docs/sub-man7-index.html.tt b/docs/sub-man7-index.html.tt index 74c6119..799772a 100644 --- a/docs/sub-man7-index.html.tt +++ b/docs/sub-man7-index.html.tt @@ -29,7 +29,7 @@ - +
[web] master update
The branch master has been updated via 72f1e7fb3cd96308b336baf78b325d088652f426 (commit) from 0d901a188206337f6b05aaa8030d077ce2cba6a7 (commit) - Log - commit 72f1e7fb3cd96308b336baf78b325d088652f426 Author: Richard Levitte Date: Tue Sep 7 22:38:28 2021 +0200 Correct mansidebar.html reference --- Summary of changes: Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b9b0d4d..a271213 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ SIMPLE = newsflash.inc sitemap.txt \ docs/OpenSSLStrategicArchitecture.html \ docs/OpenSSL300Design.html \ docs/manpages.html \ -docs/mansidebar.shtml \ +docs/mansidebar.html \ news/changelog.html \ $(foreach S,$(SERIES),news/openssl-$(S)-notes.inc) \ $(foreach S,$(SERIES),news/openssl-$(S)-notes.html) \
[web] master update
The branch master has been updated
via 0d901a188206337f6b05aaa8030d077ce2cba6a7 (commit)
via 47495e47d7291a0aeb8f47d1dbbad044b61f3b84 (commit)
from 773282bef044fc98ba75b0f7626eb765b0177b90 (commit)
- Log -
commit 0d901a188206337f6b05aaa8030d077ce2cba6a7
Author: Richard Levitte
Date: Fri Sep 3 17:14:50 2021 +0200
Add dependency on Makefile on all other targets that use |releases|
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/web/pull/258)
commit 47495e47d7291a0aeb8f47d1dbbad044b61f3b84
Author: Richard Levitte
Date: Fri Sep 3 17:08:51 2021 +0200
Make the manpage sidebar generated from template
Since this is another file where the contents depend on what we release,
we make this a template alongside all other templates, which do their
thing from the definition of |releases|.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/web/pull/258)
---
Summary of changes:
Makefile| 13 +
inc/mansidebar.shtml => docs/mansidebar.html.tt | 5 +++--
2 files changed, 12 insertions(+), 6 deletions(-)
rename inc/mansidebar.shtml => docs/mansidebar.html.tt (57%)
diff --git a/Makefile b/Makefile
index 6aba02c..b9b0d4d 100644
--- a/Makefile
+++ b/Makefile
@@ -60,6 +60,7 @@ SIMPLE = newsflash.inc sitemap.txt \
docs/OpenSSLStrategicArchitecture.html \
docs/OpenSSL300Design.html \
docs/manpages.html \
+docs/mansidebar.shtml \
news/changelog.html \
$(foreach S,$(SERIES),news/openssl-$(S)-notes.inc) \
$(foreach S,$(SERIES),news/openssl-$(S)-notes.html) \
@@ -195,9 +196,13 @@ manpages: $(foreach S,$(MANSERIES),man-apropos-$(S)
man-index-$(S))
mancross:
./bin/mk-mancross master $(SERIES)
-docs/manpages.html: docs/manpages.html.tt
+docs/manpages.html: docs/manpages.html.tt Makefile bin/from-tt
@rm -f $@
- ./bin/from-tt releases='master $(SERIES)' docs/manpages.html.tt
+ ./bin/from-tt releases='master $(SERIES)' $<
+
+docs/mansidebar.html: docs/mansidebar.html.tt Makefile bin/from-tt
+ @rm -f $@
+ ./bin/from-tt releases='master $(SERIES)' $<
##
##
@@ -235,7 +240,7 @@ news/changelog.inc: news/changelog.md bin/mk-changelog
@rm -f $@
(echo 'Table of contents'; sed -e '1,/^OpenSSL Releases$$/d' < $<) \
| pandoc -t html5 -f commonmark | ./bin/post-process-html5 >$@
-news/changelog.html: news/changelog.html.tt news/changelog.inc
+news/changelog.html: news/changelog.html.tt news/changelog.inc Makefile
bin/from-tt
@rm -f $@
./bin/from-tt 'releases=$(SERIES)' $<
# Additionally, make news/changelog.html depend on clxy[z].txt, where xy[z]
@@ -361,7 +366,7 @@ endef
# remains named 'fips'
$(foreach S,fips $(SERIES) $(OLDSERIES2),$(eval $(call
mkoldsourceindex,$(S),$(patsubst fips,FIPS,$(S)
-source/old/index.html: source/old/index.html.tt bin/from-tt
+source/old/index.html: source/old/index.html.tt Makefile bin/from-tt
@rm -f $@
./bin/from-tt releases='$(SERIES) $(OLDSERIES2) fips' $<
diff --git a/inc/mansidebar.shtml b/docs/mansidebar.html.tt
similarity index 57%
rename from inc/mansidebar.shtml
rename to docs/mansidebar.html.tt
index b6c4293..6237fb8 100644
--- a/inc/mansidebar.shtml
+++ b/docs/mansidebar.html.tt
@@ -3,8 +3,9 @@
Manpages
- master
- 1.1.1
+[% FOREACH release IN releases.split('\s+') -%]
+ [% release %]
+[% END -%]
[web] master update
The branch master has been updated via 773282bef044fc98ba75b0f7626eb765b0177b90 (commit) from 69a1d25579c6a8a5787ac30969caf9f69909c89f (commit) - Log - commit 773282bef044fc98ba75b0f7626eb765b0177b90 Author: Richard Levitte Date: Tue Sep 7 14:16:54 2021 +0200 Update newsflash for OpenSSL 3.0.0 --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e8718a1..7c8a166 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +07-Sep-2021: Final version of OpenSSL 3.0.0 is now available: please download and upgrade! 24-Aug-2021: Security Advisory: two security fixes 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes 29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it
[web] master update
The branch master has been updated via 69a1d25579c6a8a5787ac30969caf9f69909c89f (commit) from d0614db41e68ab5e2a739cf01436a01ea3f96d7a (commit) - Log - commit 69a1d25579c6a8a5787ac30969caf9f69909c89f Author: Matt Caswell Date: Thu Sep 2 14:05:19 2021 +0100 Miscellaneous updates for the 3.0 release Update various pieces of text on the website to refer to 3.0 correctly. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/257) --- Summary of changes: docs/fips.html | 15 +- docs/index.html | 79 + docs/sidebar.shtml | 2 +- source/index.html | 36 +--- source/license.html | 6 ++-- 5 files changed, 69 insertions(+), 69 deletions(-) diff --git a/docs/fips.html b/docs/fips.html index 7bbce9c..1a8cd38 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,8 +10,13 @@ FIPS-140 - The current validation of a cryptographic - module (Module) compatible with the OpenSSL 1.0.2 +Note that this page contains historic information about our legacy + OpenSSL FIPS Object Module (FOM) 2.0. For information about the OpenSSL + FOM 3.0 refer to + https://www.openssl.org/docs/man3.0/man7/fips_module.html;>the FIPS module manual page + + The most recent validation of a cryptographic + module (Module) compatible with OpenSSL 1.0.2 is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747. This Module is documented in the @@ -32,10 +37,6 @@ The OpenSSL project is no longer maintaining either the 1747 or the 2398 module. This includes adding platforms to those validations. -We are starting work on a new validation, after the 1.1.1 -release completes. -That module will have a small set of validated operational -environments. The OpenSSL project is no longer involved in private label validations nor adding platforms to the existing certificates. @@ -69,7 +70,7 @@ API can be converted to use validated cryptography with minimal effort. - The OpenSSL FIPS Object Module validation is "delivered" in + The OpenSSL FIPS Object Module 2.0 validation is "delivered" in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented instructions) for your platform, then you can use it as diff --git a/docs/index.html b/docs/index.html index 16b7bf4..501b1fb 100644 --- a/docs/index.html +++ b/docs/index.html @@ -8,48 +8,43 @@ - - Documentation - - - We have a - Strategic - Architecture for the development of OpenSSL from - 3.0.0 and going forward, as well as a - design for 3.0.0 (draft) - specifically. - - - The - frequently-asked questions (FAQ) -is available. - - Information about the first-ever open source - FIPS-140 validation is also - available. - -The manual pages for all -supported -releases are available. There are still problems with some -of the links; thanks for your understanding. - - Ivan Risti, the creator of - https://ssllabs.com;>https://ssllabs.com, - has a free download of his OpenSSL Cookbook - that covers the most frequently used OpenSSL features - and commands. It is updated often, and is available - at - https://www.feistyduck.com/books/openssl-cookbook/;>https://www.feistyduck.com/books/openssl-cookbook/. - It is highly recommended. - - - - You are here: Home - : Documentation - Sitemap - - + + Documentation + +The +frequently-asked questions (FAQ) page is +available. + +A good starting point for understanding some of the key +concepts in OpenSSL 3.0 is the libcrypto +https://www.openssl.org/docs/man3.0/man7/crypto.html;>manual page. +Information and notes about migrating existing applications to OpenSSL +3.0 are available in the +https://www.openssl.org/docs/man3.0/man7/migration_guide.html;>OpenSSL 3.0 Migration Guide + +The manual pages for all supported +releases are available.
[web] master update
The branch master has been updated via d0614db41e68ab5e2a739cf01436a01ea3f96d7a (commit) from 7a653503fe9891b570cc6bc0ca07c7edf0b5 (commit) - Log - commit d0614db41e68ab5e2a739cf01436a01ea3f96d7a Author: Richard Levitte Date: Thu Sep 2 15:47:20 2021 +0200 Correct missing parenthesis --- Summary of changes: Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 72eaf43..6aba02c 100644 --- a/Makefile +++ b/Makefile @@ -260,7 +260,7 @@ $(eval $(call mknews_changelogtxt,changelog.md,openssl/CHANGES.md)) # Create the target 'news/clxy.md' for all releases from 3.0 and on, taking # the source from $(CHECKOUTS)/openssl-x.y/CHANGES.md $(foreach S,$(SERIES3),\ -$(eval $(call mknews_changelogtxt,cl$(subst .,,$(S)).txt,openssl-$(S)/CHANGES.md)) +$(eval $(call mknews_changelogtxt,cl$(subst .,,$(S)).txt,openssl-$(S)/CHANGES.md))) # Create the targets 'news/clxyz.txt' for all current pre-3.0 releases, # taking the source from $(CHECKOUTS)/openssl-x.y.z-stable/CHANGES
[web] master update
The branch master has been updated via 7a653503fe9891b570cc6bc0ca07c7edf0b5 (commit) from 1353aad58c10c84ca4cc09250ca72179b58fe8a8 (commit) - Log - commit 7a653503fe9891b570cc6bc0ca07c7edf0b5 Author: Richard Levitte Date: Tue Aug 31 12:40:36 2021 +0200 Take into account the OpenSSL 3.0 branch This does the necessary modifications to the Makefile to do what's needed with a 3.0 branch. The 3.0 branch is expected to be named 'openssl-3.0' and to be checked out in /var/cache/openssl/checkouts/openssl-3.0 on the appropriate machine. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/255) --- Summary of changes: Makefile | 71 +--- 1 file changed, 50 insertions(+), 21 deletions(-) diff --git a/Makefile b/Makefile index 27d99ae..72eaf43 100644 --- a/Makefile +++ b/Makefile @@ -24,19 +24,33 @@ PERSONDB=FORCE ## The numbers given here RULE ## -## Current series -SERIES=1.1.1 +## Current series. Variable names are numbered to indicate: +## +## SERIES1OpenSSL pre-3.0 +## SERIES3OpenSSL 3.0 and on +## SERIES The concatenation of the above, for ease of use +## +## We mostly use $(SERIES) further down, but there are places where we +## need to make the distinction, because certain files are produced +## differently. +SERIES1=1.1.1 +SERIES3=3.0 +SERIES=$(SERIES3) $(SERIES1) ## Older series. The second type is for source listings OLDSERIES=1.1.0 1.0.2 1.0.1 1.0.0 0.9.8 0.9.7 0.9.6 OLDSERIES2=1.1.0 1.0.2 1.0.1 1.0.0 0.9.x -## Series for manual layouts +## Series for manual layouts, named similar to SERIES1, SERIES3, SERIES MANSERIES1=1.1.1 MANSERIES3=3.0 +MANSERIES=$(MANSERIES3) $(MANSERIES1) ## Future series, i.e. a series that hasn't had any final release yet. +## This would typically be a major or minor version that's still only +## on the master branch, but that has come far enough for us to start +## to make alpha and beta releases. ## We distinguish them to avoid having to produce notes, vulnerability -## documents, ... -FUTURESERIES=3.0 +## documents, ... but still being able to present tarballs. +FUTURESERIES= # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ @@ -166,14 +180,17 @@ endef # Start off with creating the 'manpages-master' target, taking the # source from $(CHECKOUTS)/openssl/doc $(eval $(call makemanuals3,openssl,master)) -#$(foreach S,$(MANSERIES3),$(eval $(call makemanuals3,openssl-$(S),$(S -# Next, create 'manpages-x.y.z' for all current releases, taking the +# Next, create 'manpages-x.y' for all current releases from 3.0 and on, +# taking the source from $(CHECKOUTS)/openssl-x.y/doc +$(foreach S,$(MANSERIES3),$(eval $(call makemanuals3,openssl-$(S),$(S + +# Next, create 'manpages-x.y.z' for all current pre-3.0 releases, taking the # source from $(CHECKOUTS)/openssl-x.y.z-stable/doc $(foreach S,$(MANSERIES1),$(eval $(call makemanuals1,openssl-$(S)-stable,$(S manmaster: man-apropos-master man-index-master -manpages: $(foreach S,$(MANSERIES1),man-apropos-$(S) man-index-$(S)) +manpages: $(foreach S,$(MANSERIES),man-apropos-$(S) man-index-$(S)) mancross: ./bin/mk-mancross master $(SERIES) @@ -221,8 +238,8 @@ news/changelog.inc: news/changelog.md bin/mk-changelog news/changelog.html: news/changelog.html.tt news/changelog.inc @rm -f $@ ./bin/from-tt 'releases=$(SERIES)' $< -# Additionally, make news/changelog.html depend on clxyz.txt, where xyz -# comes from the release number x.y.z. This permits it to be automatically +# Additionally, make news/changelog.html depend on clxy[z].txt, where xy[z] +# comes from the release number x.y[.z]. This permits it to be automatically # recreated whenever there's a new major release. news/changelog.html: $(foreach S,$(SERIES),news/cl$(subst .,,$(S)).txt) @@ -240,9 +257,14 @@ endef # $(CHECKOUTS)/openssl/CHANGES.md $(eval $(call mknews_changelogtxt,changelog.md,openssl/CHANGES.md)) -# Create the targets 'news/clxyz.txt' for all current releases, taking the -# source from $(CHECKOUTS)/openssl-x.y.z-stable/CHANGES -$(foreach S,$(SERIES),\ +# Create the target 'news/clxy.md' for all releases from 3.0 and on, taking +# the source from $(CHECKOUTS)/openssl-x.y/CHANGES.md +$(foreach S,$(SERIES3),\ +$(eval $(call mknews_changelogtxt,cl$(subst .,,$(S)).txt,openssl-$(S)/CHANGES.md)) + +# Create the targets 'news/clxyz.txt' for all current pre-3.0 releases, +# taking the source from $(CHECKOUTS)/openssl-x.y.z-stable/CHANGES +$(foreach S,$(SERIES1),\ $(eval $(call mknews_changelogtxt,cl$(subst .,,$(S)).txt,openssl-$(S)-stable/CHANGES))) # mknews_noteshtml creates two targets and rulesets for creating notes from @@ -260,10 +282,16 @@ news/openssl-$(1)-notes.inc:
[web] master update
The branch master has been updated via 1353aad58c10c84ca4cc09250ca72179b58fe8a8 (commit) via 7027987f060c25f61c8217cd26479f9b4af56bf6 (commit) from 30a512b2e4a02e643216a163af87db97ccbf00d2 (commit) - Log - commit 1353aad58c10c84ca4cc09250ca72179b58fe8a8 Merge: 30a512b 7027987 Author: Mark J. Cox Date: Thu Sep 2 12:22:25 2021 +0100 Merge pull request #256 from iamamoose/20210902 Add Activision Silver Sponsorship commit 7027987f060c25f61c8217cd26479f9b4af56bf6 Author: Mark J. Cox Date: Thu Sep 2 11:22:18 2021 +0100 Add Activision Silver sponsorship --- Summary of changes: support/acks.html | 1 + 1 file changed, 1 insertion(+) diff --git a/support/acks.html b/support/acks.html index 0b70d47..63f2366 100644 --- a/support/acks.html +++ b/support/acks.html @@ -46,6 +46,7 @@ Silver: +https://activision.com/;>Activision https://cargurus.com/;>CarGurus https://shiguredo.jp/;>Shiguredo Inc.
[web] master update
The branch master has been updated via 30a512b2e4a02e643216a163af87db97ccbf00d2 (commit) via d3f3bf5b0d8ef336acb45a3e8077436001be82f9 (commit) from 0374f7e7bd8802894fee0c15c474bd20e04f5731 (commit) - Log - commit 30a512b2e4a02e643216a163af87db97ccbf00d2 Merge: 0374f7e d3f3bf5 Author: Mark J. Cox Date: Tue Aug 31 10:55:38 2021 +0100 Merge pull request #254 from iamamoose/20210831sponsors Add CarGurus sponsorship (silver) commit d3f3bf5b0d8ef336acb45a3e8077436001be82f9 Author: Mark J. Cox Date: Tue Aug 31 10:20:05 2021 +0100 Add CarGurus sponsorship (silver) --- Summary of changes: support/acks.html | 1 + 1 file changed, 1 insertion(+) diff --git a/support/acks.html b/support/acks.html index 8a81815..0b70d47 100644 --- a/support/acks.html +++ b/support/acks.html @@ -46,6 +46,7 @@ Silver: +https://cargurus.com/;>CarGurus https://shiguredo.jp/;>Shiguredo Inc.
[web] master update
The branch master has been updated via 0374f7e7bd8802894fee0c15c474bd20e04f5731 (commit) from bac471c10fd4ed7b906de2a525ccd14e88bb15fb (commit) - Log - commit 0374f7e7bd8802894fee0c15c474bd20e04f5731 Author: Oleg Pekar Date: Fri Aug 27 00:15:52 2021 +0300 Update vulnerabilities.xml CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/253) --- Summary of changes: news/vulnerabilities.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index bc380b1..a4211ca 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -94,7 +94,7 @@ heap allocated. - +
[web] master update
The branch master has been updated via bac471c10fd4ed7b906de2a525ccd14e88bb15fb (commit) from 06ad477ee26f9e15dd8bc87d6bce6017ceec2342 (commit) - Log - commit bac471c10fd4ed7b906de2a525ccd14e88bb15fb Author: Matt Caswell Date: Tue Aug 24 14:59:46 2021 +0100 Add link to security advisory from newsflash Reviewed-by: Richard Levitte --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index f1feacc..e8718a1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +24-Aug-2021: Security Advisory: two security fixes 24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes 29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 17-Jun-2021: New Blog post: OpenSSL 3.0 Release Candidate
[web] master update
The branch master has been updated via 06ad477ee26f9e15dd8bc87d6bce6017ceec2342 (commit) from e2ba17260f0cc0a1fd1b0c20bf5238a4795076df (commit) - Log - commit 06ad477ee26f9e15dd8bc87d6bce6017ceec2342 Author: Matt Caswell Date: Tue Aug 24 13:54:40 2021 +0100 Updates for the new release Reviewed-by: Richard Levitte --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20210824.txt | 118 + news/vulnerabilities.xml | 134 ++- 3 files changed, 252 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20210824.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index a756e6e..f1feacc 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +24-Aug-2021: OpenSSL 1.1.1l is now available, including bug and security fixes 29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 17-Jun-2021: New Blog post: OpenSSL 3.0 Release Candidate 17-Jun-2021: Beta 1 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it diff --git a/news/secadv/20210824.txt b/news/secadv/20210824.txt new file mode 100644 index 000..f15ecd6 --- /dev/null +++ b/news/secadv/20210824.txt @@ -0,0 +1,118 @@ +OpenSSL Security Advisory [24 August 2021] +== + +SM2 Decryption Buffer Overflow (CVE-2021-3711) +== + +Severity: High + +In order to decrypt SM2 encrypted data an application is expected to call the +API function EVP_PKEY_decrypt(). Typically an application will call this +function twice. The first time, on entry, the "out" parameter can be NULL and, +on exit, the "outlen" parameter is populated with the buffer size required to +hold the decrypted plaintext. The application can then allocate a sufficiently +sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL +value for the "out" parameter. + +A bug in the implementation of the SM2 decryption code means that the +calculation of the buffer size required to hold the plaintext returned by the +first call to EVP_PKEY_decrypt() can be smaller than the actual size required by +the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is +called by the application a second time with a buffer that is too small. + +A malicious attacker who is able present SM2 content for decryption to an +application could cause attacker chosen data to overflow the buffer by up to a +maximum of 62 bytes altering the contents of other data held after the +buffer, possibly changing application behaviour or causing the application to +crash. The location of the buffer is application dependent but is typically +heap allocated. + +OpenSSL versions 1.1.1k and below are affected by this issue. Users of these +versions should upgrade to OpenSSL 1.1.1l. + +OpenSSL 1.0.2 is not impacted by this issue. + +OpenSSL 3.0 alpha/beta releases are also affected but this issue will be +addressed before the final release. + +This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix +was developed by Matt Caswell. + +Read buffer overruns processing ASN.1 strings (CVE-2021-3712) += + +Severity: Moderate + +ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING +structure which contains a buffer holding the string data and a field holding +the buffer length. This contrasts with normal C strings which are repesented as +a buffer for the string data which is terminated with a NUL (0) byte. + +Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's +own "d2i" functions (and other similar parsing functions) as well as any string +whose value has been set with the ASN1_STRING_set() function will additionally +NUL terminate the byte array in the ASN1_STRING structure. + +However, it is possible for applications to directly construct valid ASN1_STRING +structures which do not NUL terminate the byte array by directly setting the +"data" and "length" fields in the ASN1_STRING array. This can also happen by +using the ASN1_STRING_set0() function. + +Numerous OpenSSL functions that print ASN.1 data have been found to assume that +the ASN1_STRING byte array will be NUL terminated, even though this is not +guaranteed for strings that have been directly constructed. Where an application +requests an ASN.1 structure to be printed, and where that ASN.1 structure +contains ASN1_STRINGs that have been directly constructed by the application +without NUL terminating the "data" field, then a read buffer overrun can occur. + +The same thing can also occur
[web] master update
The branch master has been updated via e2ba17260f0cc0a1fd1b0c20bf5238a4795076df (commit) from ac35d06e77a972cafbebc4ec233d3fd9525206e6 (commit) - Log - commit e2ba17260f0cc0a1fd1b0c20bf5238a4795076df Author: Richard Levitte Date: Fri Jul 30 12:28:54 2021 +0200 Force the production of .inc files that are produced from the personel DB We have the option to also make this depend on that database, but the diverse scripts need to be adapted to make use of that instead of querying the data through our REST API. That's another piece of work. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/252) --- Summary of changes: Makefile | 18 +- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 9eedcec..27d99ae 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,14 @@ SNAP = $(CHECKOUTS)/openssl ## Where releases are found. RELEASEDIR = /var/www/openssl/source +## The OMC repository checkout can be used for dependencies. +## By default, we don't assume it, as not everyone has access to it. +## If you have it, do 'make PERSONDB=PATH/TO/omc/persondb.yaml' where +## PATH/TO/omc is the checked out OMC repository. +## We let it be FORCE by default... This forces the production of files +## that depend on this database, instead of just conditionally. +PERSONDB=FORCE + ## ## ## Release series. These represent our release branches, and are @@ -186,17 +194,17 @@ sitemap sitemap.txt: @rm -f sitemap.txt ./bin/mk-sitemap master $(SERIES) > sitemap.txt -community/committers.inc: +community/committers.inc: $(PERSONDB) @rm -f $@ wget -q https://api.openssl.org/0/Group/commit/Members ./bin/mk-committers $@ @rm -f Members -community/otc.inc: +community/otc.inc: $(PERSONDB) ./bin/mk-omc -n -t 'OTC Members' otc otc-inactive > $@ -community/omc.inc: +community/omc.inc: $(PERSONDB) ./bin/mk-omc -n -e -l -p -t 'OMC Members' omc omc-inactive > $@ -community/omc-alumni.inc: +community/omc-alumni.inc: $(PERSONDB) ./bin/mk-omc -n -l -t 'OMC Alumni' omc-alumni omc-emeritus > $@ docs/faq.inc: $(wildcard docs/faq-[0-9]-*.txt) bin/mk-faq @@ -332,4 +340,4 @@ source/old/index.html: source/old/index.html.tt bin/from-tt # than the tarballs that are moved into their respective directory, # we must declare them phony, or they will not be regenerated when # they should. -.PHONY : $(SRCLISTS) +.PHONY : $(SRCLISTS) FORCE
[web] master update
The branch master has been updated via ac35d06e77a972cafbebc4ec233d3fd9525206e6 (commit) from 9ce1784ce87906832ed14a6b3b5055e0a7a4ce45 (commit) - Log - commit ac35d06e77a972cafbebc4ec233d3fd9525206e6 Author: Matt Caswell Date: Thu Jul 29 16:11:36 2021 +0100 Updates newsflash for 3.0 beta2 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/251) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index cb959e3..a756e6e 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +29-Jul-2021: Beta 2 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 17-Jun-2021: New Blog post: OpenSSL 3.0 Release Candidate 17-Jun-2021: Beta 1 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 20-May-2021: Alpha 17 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 9ce1784ce87906832ed14a6b3b5055e0a7a4ce45 (commit) from 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4 (commit) - Log - commit 9ce1784ce87906832ed14a6b3b5055e0a7a4ce45 Author: Richard Levitte Date: Tue Jul 27 17:57:14 2021 +0200 Fix generation of community .inc files For some reason, these files were excempt from automatic generation. I cannot see a reason why we did this, so we restore the automatic generation as originally planned. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/250) --- Summary of changes: Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fb15dad..9eedcec 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,8 @@ FUTURESERIES=3.0 # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ +community/committers.inc community/otc.inc \ +community/omc.inc community/omc-alumni.inc \ docs/faq.inc docs/fips.inc \ docs/OpenSSLStrategicArchitecture.html \ docs/OpenSSL300Design.html \ @@ -176,7 +178,7 @@ docs/manpages.html: docs/manpages.html.tt ## ## $(SIMPLE) -- SIMPLE GENERATED FILES ## -.PHONY: sitemap community/committers.inc community/otc.inc community/omc.inc community/omc-alumni.inc +.PHONY: sitemap newsflash.inc: news/newsflash.inc @rm -f $@ head -7 $? >$@
[web] master update
The branch master has been updated
via 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4 (commit)
via 6340022c20721b8cde5817dc5a9caa39e2d7b232 (commit)
from 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit)
- Log -
commit 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4
Merge: 61f4881 6340022
Author: Mark J. Cox
Date: Tue Jul 27 13:06:17 2021 +0100
Merge pull request #249 from iamamoose/fixpgp
SKS keyservers have been offline for a while, so switch to OpenPGP
commit 6340022c20721b8cde5817dc5a9caa39e2d7b232
Author: Mark J. Cox
Date: Tue Jul 27 12:07:40 2021 +0100
SKS keyservers have been offline for a while, so switch to
keys.openpgp.org
---
Summary of changes:
bin/mk-omc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-omc b/bin/mk-omc
index e6dee11..24144df 100755
--- a/bin/mk-omc
+++ b/bin/mk-omc
@@ -60,7 +60,7 @@ foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) }
keys %data) {
my $pgpurl = $data{$key}->{pgpid} if $options{pgp};
$pgpurl =~ s|\s+||g if $pgpurl;
$pgpurl =
-
"http://pool.sks-keyservers.net:11371/pks/lookup?op=get=0x$pgpurl;
+ "https://keys.openpgp.org/search?q=$pgpurl;
if $pgpurl;
my @columndata = ();
[web] master update
The branch master has been updated
via 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit)
from 539bea014de78db5ff5b0785a46bfd7647b0b589 (commit)
- Log -
commit 61f488185e0736cf5196efc9d5f4f4b3370b3f8e
Author: Richard Levitte
Date: Tue Jul 27 09:55:07 2021 +0200
Simplify the CDN purge
Our CDN (Akamai) purge script was run as a standalone automation, in
parallell with the automatic 'make' run. The consequence was that the
CDN could catch a copy of our original web pages in a semi built state,
as demonstrated by openssl/openssl#16152.
The solution is the ensure that the purge is run in sequence after
everything is built. We simplify this further by moving the actual
script into the web source.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/web/pull/248)
---
Summary of changes:
Makefile | 7 +++--
bin/purge-one-hour | 90 --
2 files changed, 93 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 32b9244..fb15dad 100644
--- a/Makefile
+++ b/Makefile
@@ -56,15 +56,18 @@ SRCLISTS = $(foreach S,$(FUTURESERIES) $(SERIES)
$(OLDSERIES2) fips,source/old/$
@rm -f $@
./bin/md-to-html5 $<
-all: suball manmaster mancross
+all: suball manmaster mancross akamai-purge
suball: $(SIMPLE) $(SRCLISTS)
-relupd: suball manpages mancross
+relupd: suball manpages mancross akamai-purge
clean:
rm -f $(SIMPLE) $(SRCLISTS)
+akamai-purge:
+ ./bin/purge-one-hour
+
# Legacy targets
hack-source_htaccess: all
simple: all
diff --git a/bin/purge-one-hour b/bin/purge-one-hour
index 5e10e49..895967f 100755
--- a/bin/purge-one-hour
+++ b/bin/purge-one-hour
@@ -1,3 +1,89 @@
-#! /bin/sh
+#! /usr/bin/perl
+#
+# script to purge the Akamai cache.
+#
+# Notes:
+#
+# - we limit the purging to files newer than an hour
+# - there must be a file ~openssl/.edgerc with our Akamai credentials
+# - the Akamai supplied program 'akamai-purge' must be installed in
+# /usr/local/bin
-/opt/openssl/maker/triggered-makers/akamai-purge
+use strict;
+use warnings;
+
+# Find all .html files that include a .inc file, and create a map
+my %inc2html = ();
+
+my $debug = $ENV{DEBUG};
+my $dryrun = $ENV{DRYRUN};
+
+my $base = '/var/www/openssl'; # MUST NOT end with a slash
+
+foreach ( `find $base -type f -name '*.html'` ) {
+chomp;
+my $file = $_;
+my ($dn, $fn) = $_ =~ m/^(?:(.*)\/)?([^\/]*)$/;
+my @incs = ();
+
+open HTML, $_;
+foreach ( ) {
+ if (//) {
+ my $vf = $1;
+ $vf = ($vf =~ m|^/|) ? "$base$vf" : "$dn/$vf";
+ push @incs, "$vf";
+ }
+}
+close HTML;
+
+foreach ( @incs ) {
+ push @{$inc2html{$_}}, $file;
+}
+}
+
+if ($debug) {
+for ( sort keys %inc2html ) {
+ print STDERR "DEBUG: $_ => ", join(", ", @{$inc2html{$_}}), "\n";
+}
+}
+
+# Find all files younger than an hour
+# Discard those in .git/ and bin/
+# Discard any .ht*
+# For any virtually included file, use the corresponding .html file instead
+# For all remaining files, turn it into a valid URL
+# For any valid index file, duplicate into two URLs without the file,
+#one with an ending slash and one without.
+my %files = ();
+
+foreach ( `find $base -type f -mtime -2` ) {
+chomp;
+next if /^\Q$base\E\/(\.git|bin)/;
+next if /\/\.ht\w+$/;
+my $x = $_;
+my @files = defined $inc2html{$x} ? @{$inc2html{$x}} : ( $x );
+foreach ( @files ) {
+ s/^\Q$base\E\//https:\/\/www.openssl.org\//;
+ $files{$_} = 1;
+ if ( /^(.*)\/index.(html|cgi|pl|php|xhtml|htm)$/ ) {
+ $files{"$1/"} = $files{"$1"} = 1;
+ }
+}
+}
+
+# Finally, output the result to the akamai-purge program
+my @files = sort keys %files;
+while ( @files ) {
+my $count = 500; # Try not to overwhelm Akamai
+if ( $dryrun || open PURGE, '| /usr/local/bin/akamai-purge invalidate' ) {
+ printf STDERR
+ "DEBUG: Invoking '/usr/local/bin/akamai-purge invalidate' with:\n"
+ if $debug;
+ while ( @files && $count-- > 0 ) {
+ my $file = pop @files;
+ print STDERR " ",$file,"\n" if $debug;
+ print PURGE $file,"\n" unless $dryrun;
+ }
+ close PURGE unless $dryrun;
+}
+}
[web] master update
The branch master has been updated via 539bea014de78db5ff5b0785a46bfd7647b0b589 (commit) via f975a6468b54079ffad293492d9c42e006f65794 (commit) from 1570fc29ed21a46e7a7a3dd7c64f58a8ff976c29 (commit) - Log - commit 539bea014de78db5ff5b0785a46bfd7647b0b589 Merge: 1570fc2 f975a64 Author: Mark J. Cox Date: Thu Jul 15 08:58:51 2021 +0100 Merge pull request #246 from iamamoose/shiguredosponsor Add sponsor Shiguredo Inc commit f975a6468b54079ffad293492d9c42e006f65794 Author: Mark J. Cox Date: Thu Jul 15 08:54:51 2021 +0100 Add sponsor Shiguredo Inc --- Summary of changes: support/acks.html | 5 + 1 file changed, 5 insertions(+) diff --git a/support/acks.html b/support/acks.html index 418652c..8a81815 100644 --- a/support/acks.html +++ b/support/acks.html @@ -43,6 +43,11 @@ https://www.nginx.com/;> + + Silver: + +https://shiguredo.jp/;>Shiguredo Inc. + Bronze:
[web] master update
The branch master has been updated via 1570fc29ed21a46e7a7a3dd7c64f58a8ff976c29 (commit) from 9076297127056a7f2127e1040fb35bbefb7f8611 (commit) - Log - commit 1570fc29ed21a46e7a7a3dd7c64f58a8ff976c29 Author: Pauli Date: Wed Jun 9 12:53:31 2021 +1000 platform policy: add new targets Allow platforms that add but do not otherwise modify configuration to be added to LTS releases. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/243) --- Summary of changes: policies/releasestrat.html | 4 1 file changed, 4 insertions(+) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 4b3f4f0..5db0a0b 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -88,6 +88,10 @@ fixes. Before that, bug and security fixes will be applied as appropriate. + The addition of new platforms to LTS branches is acceptable so + long as the required changes consist solely of additions to + configuration. +
[web] master update
The branch master has been updated via 9076297127056a7f2127e1040fb35bbefb7f8611 (commit) from f0be824328dc1cbbe56c1adb943d180c86aa4642 (commit) - Log - commit 9076297127056a7f2127e1040fb35bbefb7f8611 Author: Matt Caswell Date: Thu Jun 17 11:10:58 2021 +0100 Website updates for the 3.0 beta1 release Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/244) --- Summary of changes: news/newsflash.txt | 2 ++ source/index.html | 9 ++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 6c1f2dc..cb959e3 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,8 @@ # headings. URL paths must all be absolute. Date: Item +17-Jun-2021: New Blog post: OpenSSL 3.0 Release Candidate +17-Jun-2021: Beta 1 of OpenSSL 3.0 is now available. This is a release candidate: please download and test it 20-May-2021: Alpha 17 of OpenSSL 3.0 is now available: please download and test it 06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it diff --git a/source/index.html b/source/index.html index a45310c..bde4983 100644 --- a/source/index.html +++ b/source/index.html @@ -46,9 +46,12 @@ OpenSSL 3.0 is the next major version of OpenSSL that is currently in development and includes the new FIPS Object Module. A pre-release version of this is available below. This is for testing only. It should -not be used in production. Information and notes about OpenSSL 3.0 are -available on the OpenSSL -https://wiki.openssl.org/index.php/OpenSSL_3.0;>Wiki +not be used in production. For an overview of some of the key concepts +in OpenSSL 3.0 see the libcrypto +https://www.openssl.org/docs/manmaster/man7/crypto.html;>manual page. +Information and notes about migrating existing applications to OpenSSL +3.0 are available in the +https://www.openssl.org/docs/manmaster/man7/migration_guide.html;>OpenSSL 3.0 Migration Guide KBytes
[web] master update
The branch master has been updated via f0be824328dc1cbbe56c1adb943d180c86aa4642 (commit) via db238e8d834b6775edcda71f30ca73ba54824872 (commit) from 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 (commit) - Log - commit f0be824328dc1cbbe56c1adb943d180c86aa4642 Merge: 2e8cfad db238e8 Author: Mark J. Cox Date: Tue Jun 8 10:25:55 2021 +0100 Merge pull request #242 from iamamoose/f5sponsor Add NGINX sponsorship logo commit db238e8d834b6775edcda71f30ca73ba54824872 Author: Mark J. Cox Date: Tue Jun 8 10:22:49 2021 +0100 Add NGINX sponsorship logo --- Summary of changes: img/nginx-logo-med.png | Bin 0 -> 7253 bytes support/acks.html | 7 +++ 2 files changed, 7 insertions(+) create mode 100644 img/nginx-logo-med.png diff --git a/img/nginx-logo-med.png b/img/nginx-logo-med.png new file mode 100644 index 000..d850df4 Binary files /dev/null and b/img/nginx-logo-med.png differ diff --git a/support/acks.html b/support/acks.html index 3bce679..418652c 100644 --- a/support/acks.html +++ b/support/acks.html @@ -37,6 +37,13 @@ } + Gold: + + +https://www.nginx.com/;> + + Bronze: https://beslist.nl/;>beslist.nl
[web] master update
The branch master has been updated via 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 (commit) from e39973455eaed0265573f24ce0eb6e5544757169 (commit) - Log - commit 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 Author: Richard Levitte Date: Fri Jun 4 11:31:45 2021 +0200 bin/mk-manpages3: install more than just HTML files OpenSSL 3.0 now sports images as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/241) --- Summary of changes: bin/mk-manpages3 | 55 +++ 1 file changed, 35 insertions(+), 20 deletions(-) diff --git a/bin/mk-manpages3 b/bin/mk-manpages3 index 5c83583..dda2be5 100755 --- a/bin/mk-manpages3 +++ b/bin/mk-manpages3 @@ -5,30 +5,45 @@ checkoutdir=$1 series=$2 destdir=$3 -rm -rf tmp -mkdir tmp +rm -rf tmp-build +rm -rf tmp-install +mkdir tmp-build +mkdir tmp-install +install=$(cd tmp-install; pwd) -(cd tmp; $checkoutdir/Configure cc && make build_html_docs) +( +cd tmp-build +$checkoutdir/Configure --prefix=$install && make install_html_docs +) -srcdir=tmp/doc/html +srcdir=tmp-install/share/doc/openssl/html (cd $srcdir; find -type f) | while read F; do Dn=$(dirname $F) Fn=$(basename $F .html) -G=$Dn/$Fn.inc -$HERE/strip-man-html < $srcdir/$F > $destdir/$G -section=$(basename $Dn | sed -e 's|^man||') -description="$($HERE/all-html-man-names < $destdir/$G | sed -e 's|^.* - ||' -e 's|\&|\\\&|g')" -names="$($HERE/all-html-man-names < $destdir/$G | sed -e 's| - .*||' -e 's|, *| |g' -e 's|/|-|g')" -for name in $names; do -G=$Dn/$name.html - cat $HERE/../inc/manpage-template.html5 \ -| sed -E \ - -e "s|\\\$release\\\$|$series|g" \ - -e "s|\\\$sectnum\\\$|$section|g" \ - -e "s|\\\$description\\\$|$description|g" \ - -e "s|\\\$name\\\$|$name|g" \ - -e "s|\\\$origname\\\$|$Fn|g" \ - > $destdir/$G -done +if [ "$F" != "$Dn/$Fn" ]; then +# HTML file, which we treat specially +G=$Dn/$Fn.inc +$HERE/strip-man-html < $srcdir/$F > $destdir/$G + +section=$(basename $Dn | sed -e 's|^man||') +description="$($HERE/all-html-man-names < $destdir/$G | sed -e 's|^.* - ||' -e 's|\&|\\\&|g')" +names="$($HERE/all-html-man-names < $destdir/$G | sed -e 's| - .*||' -e 's|, *| |g' -e 's|/|-|g')" +for name in $names; do +G=$Dn/$name.html + cat $HERE/../inc/manpage-template.html5 \ +| sed -E \ + -e "s|\\\$release\\\$|$series|g" \ + -e "s|\\\$sectnum\\\$|$section|g" \ + -e "s|\\\$description\\\$|$description|g" \ + -e "s|\\\$name\\\$|$name|g" \ + -e "s|\\\$origname\\\$|$Fn|g" \ + > $destdir/$G +done +else +# Other file types, such as images. We simply copy those +G=$Dn/$Fn +mkdir -p $destdir/$Dn +cp $srcdir/$F $destdir/$G +fi done
[web] master update
The branch master has been updated via e39973455eaed0265573f24ce0eb6e5544757169 (commit) from fd0743669f8f47f638b9ad5822d893fb94a1a89d (commit) - Log - commit e39973455eaed0265573f24ce0eb6e5544757169 Author: Matt Caswell Date: Thu May 20 14:37:15 2021 +0100 Update newsflash alpha17 for new release Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/239) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 44e8272..6c1f2dc 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +20-May-2021: Alpha 17 of OpenSSL 3.0 is now available: please download and test it 06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via fd0743669f8f47f638b9ad5822d893fb94a1a89d (commit) from 4fab73cc1edf551a6ade144dfcae1223fa2aa120 (commit) - Log - commit fd0743669f8f47f638b9ad5822d893fb94a1a89d Author: Matt Caswell Date: Thu May 6 12:58:22 2021 +0100 Updates to newsflash for the alpha16 release Reviewed-by: Mark J. Cox Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/238) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1c80d9c..44e8272 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes
[web] master update
The branch master has been updated via 4fab73cc1edf551a6ade144dfcae1223fa2aa120 (commit) via a56110d2a6791f92040bcd9ba6239a86916024ac (commit) via 6cea194f8dacf63ea52758c8e2a7bc2452918ca7 (commit) from be9a59e85c1be6992ed7f61737bcf630d6cad0f6 (commit) - Log - commit 4fab73cc1edf551a6ade144dfcae1223fa2aa120 Merge: be9a59e a56110d Author: Mark J. Cox Date: Wed Apr 28 14:07:16 2021 +0100 Merge pull request #237 from iamamoose/fixrt Fix security advisory links to rt.openssl.org commit a56110d2a6791f92040bcd9ba6239a86916024ac Author: Mark J. Cox Date: Wed Apr 28 13:54:47 2021 +0100 Remember we're in XML so escape & commit 6cea194f8dacf63ea52758c8e2a7bc2452918ca7 Author: Mark J. Cox Date: Wed Apr 28 13:52:47 2021 +0100 We have some old links to rt.openssl.org as advisories, just link those to the archive version for now, we could dump these to txt files later --- Summary of changes: news/vulnerabilities.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index c1b47e2..ba187fd 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -6391,7 +6391,7 @@ Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation. -https://rt.openssl.org/Ticket/Display.html?id=1838user=guestpass=guest"/> +https://web.archive.org/web/20100710092848/https://rt.openssl.org/Ticket/Display.html?id=1838"/> @@ -6415,7 +6415,7 @@ remote attacker could use this flaw to cause a DTLS server to crash. -https://rt.openssl.org/Ticket/Display.html?id=1930user=guestpass=guest"/> +https://web.archive.org/web/20120306065500/http://rt.openssl.org/Ticket/Display.html?id=1930user=guestpass=guest"/> @@ -6445,7 +6445,7 @@ memory left. -https://rt.openssl.org/Ticket/Display.html?id=1931user=guestpass=guest"/> +https://web.archive.org/web/20101120211136/http://rt.openssl.org/Ticket/Display.html?id=1931user=guestpass=guest"/> @@ -6475,7 +6475,7 @@ left. -https://rt.openssl.org/Ticket/Display.html?id=1923user=guestpass=guest"/> +https://web.archive.org/web/20100824233642/http://rt.openssl.org/Ticket/Display.html?id=1923user=guestpass=guest"/>
[web] master update
The branch master has been updated
via be9a59e85c1be6992ed7f61737bcf630d6cad0f6 (commit)
from 595141eef7fd28c41ab414573d05266ece47d814 (commit)
- Log -
commit be9a59e85c1be6992ed7f61737bcf630d6cad0f6
Author: Richard Levitte
Date: Mon Apr 26 14:02:36 2021 +0200
Reorder the old source directory list in source/old/
Change the template source/old/index.html.tt to not reverse the
received list of releases.
Change the order of releases to that template to be from newest to
oldest, and fips (the old FOM) last.
Fixes #235
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/236)
---
Summary of changes:
Makefile | 2 +-
source/old/index.html.tt | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index c8721b4..32b9244 100644
--- a/Makefile
+++ b/Makefile
@@ -321,7 +321,7 @@ $(foreach S,fips $(FUTURESERIES) $(SERIES)
$(OLDSERIES2),$(eval $(call mkoldsour
source/old/index.html: source/old/index.html.tt bin/from-tt
@rm -f $@
- ./bin/from-tt releases='fips $(FUTURESERIES) $(SERIES) $(OLDSERIES2)' $<
+ ./bin/from-tt releases='$(FUTURESERIES) $(SERIES) $(OLDSERIES2) fips' $<
# Because these the indexes of old tarballs will inevitably be newer
# than the tarballs that are moved into their respective directory,
diff --git a/source/old/index.html.tt b/source/old/index.html.tt
index 9ff2913..88674e9 100644
--- a/source/old/index.html.tt
+++ b/source/old/index.html.tt
@@ -11,7 +11,7 @@
Here are the old releases.
-[% FOREACH release IN releases.split('\s+').reverse -%]
+[% FOREACH release IN releases.split('\s+') -%]
[% release %]
[% END -%]
[web] master update
The branch master has been updated via 595141eef7fd28c41ab414573d05266ece47d814 (commit) from d75862e89e153138b64119bf4f88d5b1013a928f (commit) - Log - commit 595141eef7fd28c41ab414573d05266ece47d814 Author: Richard Levitte Date: Mon Apr 26 12:04:00 2021 +0200 Makefile: Missed a spot! (FUTURESERIES missing in one place) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/234) --- Summary of changes: Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1fe5423..c8721b4 100644 --- a/Makefile +++ b/Makefile @@ -321,7 +321,7 @@ $(foreach S,fips $(FUTURESERIES) $(SERIES) $(OLDSERIES2),$(eval $(call mkoldsour source/old/index.html: source/old/index.html.tt bin/from-tt @rm -f $@ - ./bin/from-tt releases='fips $(SERIES) $(OLDSERIES2)' $< + ./bin/from-tt releases='fips $(FUTURESERIES) $(SERIES) $(OLDSERIES2)' $< # Because these the indexes of old tarballs will inevitably be newer # than the tarballs that are moved into their respective directory,
[web] master update
The branch master has been updated via d75862e89e153138b64119bf4f88d5b1013a928f (commit) from 86a7e16d191918cf6bc87764d66c166985bec04e (commit) - Log - commit d75862e89e153138b64119bf4f88d5b1013a928f Author: Richard Levitte Date: Mon Apr 26 11:01:06 2021 +0200 Makefile: Add FUTURESERIES, for series that have no final release yet Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/233) --- Summary of changes: Makefile | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 741be51..1fe5423 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,11 @@ OLDSERIES2=1.1.0 1.0.2 1.0.1 1.0.0 0.9.x MANSERIES1=1.1.1 MANSERIES3=3.0 +## Future series, i.e. a series that hasn't had any final release yet. +## We distinguish them to avoid having to produce notes, vulnerability +## documents, ... +FUTURESERIES=3.0 + # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ docs/faq.inc docs/fips.inc \ @@ -42,7 +47,7 @@ SIMPLE = newsflash.inc sitemap.txt \ source/.htaccess \ source/index.inc \ source/old/index.html -SRCLISTS = $(foreach S,$(SERIES) $(OLDSERIES2) fips,source/old/$(S)/index.inc source/old/$(S)/index.html) +SRCLISTS = $(foreach S,$(FUTURESERIES) $(SERIES) $(OLDSERIES2) fips,source/old/$(S)/index.inc source/old/$(S)/index.html) .SUFFIXES: .md .html @@ -312,7 +317,7 @@ endef # We also create a list specifically for the old FIPS module, carefully # crafting an HTML title with an uppercase 'FIPS' while the subdirectory # remains named 'fips' -$(foreach S,fips $(SERIES) $(OLDSERIES2),$(eval $(call mkoldsourceindex,$(S),$(patsubst fips,FIPS,$(S) +$(foreach S,fips $(FUTURESERIES) $(SERIES) $(OLDSERIES2),$(eval $(call mkoldsourceindex,$(S),$(patsubst fips,FIPS,$(S) source/old/index.html: source/old/index.html.tt bin/from-tt @rm -f $@
[web] master update
The branch master has been updated
via 86a7e16d191918cf6bc87764d66c166985bec04e (commit)
from 650e079c69473944f2731e6a964d260a2a6dff61 (commit)
- Log -
commit 86a7e16d191918cf6bc87764d66c166985bec04e
Author: Richard Levitte
Date: Mon Apr 26 10:51:53 2021 +0200
bin/mk-latest: Make the adapation for the OpenSSL 3.0 version scheme work
The attempt done in the previous commit didn't quite work out.
Current fix is to hard code 3.x series.
Fixes #229
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/232)
---
Summary of changes:
bin/mk-latest | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/mk-latest b/bin/mk-latest
index 1ac1c46..7a57fdd 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -42,9 +42,9 @@ print <<\EOF;
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-(\d+\.\d+\.\d+).*) old/$2/$1 [L]
+RewriteRule ^(openssl-3\.(\d+).*) old/3.$2/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-(\d+\.\d+).*) old/$2/$1 [L]
+RewriteRule ^(openssl-(\d+\.\d+\.\d+).*) old/$2/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L]
[web] master update
The branch master has been updated
via 650e079c69473944f2731e6a964d260a2a6dff61 (commit)
from 0ab77d020743d9f6aadc2b1110ab44cfae9d8d0a (commit)
- Log -
commit 650e079c69473944f2731e6a964d260a2a6dff61
Author: Richard Levitte
Date: Mon Apr 26 09:39:26 2021 +0200
bin/mk-latest: Adapt .htaccess for the version scheme of OpenSSL 3.0
Fixes #229
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/230)
---
Summary of changes:
bin/mk-latest | 2 ++
1 file changed, 2 insertions(+)
diff --git a/bin/mk-latest b/bin/mk-latest
index aa4432a..1ac1c46 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -44,6 +44,8 @@ RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(openssl-(\d+\.\d+\.\d+).*) old/$2/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^(openssl-(\d+\.\d+).*) old/$2/$1 [L]
+RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L]
[web] master update
The branch master has been updated via 0ab77d020743d9f6aadc2b1110ab44cfae9d8d0a (commit) from 7135e80333b10c803607c06d971730f252ded023 (commit) - Log - commit 0ab77d020743d9f6aadc2b1110ab44cfae9d8d0a Author: Matt Caswell Date: Thu Apr 22 14:45:44 2021 +0100 Add newsflash entry for the 3.0 alpha15 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/228) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 73a64e5..1c80d9c 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes 11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 7135e80333b10c803607c06d971730f252ded023 (commit) from 8885c3556f04cd221ebdbf80313b0b75d61cdf58 (commit) - Log - commit 7135e80333b10c803607c06d971730f252ded023 Author: Paul Menzel Date: Wed Apr 21 07:12:45 2021 +0200 source: Fix typo in *are encouraged* Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/227) --- Summary of changes: source/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/index.html b/source/index.html index d0ae87b..a45310c 100644 --- a/source/index.html +++ b/source/index.html @@ -34,7 +34,7 @@ also our Long Term Support (LTS) version, supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions -are encourage to upgrade to 1.1.1 as soon as possible. Extended support +are encouraged to upgrade to 1.1.1 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is available.
[web] master update
The branch master has been updated via 8885c3556f04cd221ebdbf80313b0b75d61cdf58 (commit) from b36cb385405c057a5cab931fc59b1a771ccc1e44 (commit) - Log - commit 8885c3556f04cd221ebdbf80313b0b75d61cdf58 Author: Matt Caswell Date: Thu Apr 8 10:04:43 2021 +0100 Update newsflash for alpha14 release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/225) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 648a68a..73a64e5 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes 11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it 18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated
via b36cb385405c057a5cab931fc59b1a771ccc1e44 (commit)
from dd5f38e589cf996a273ab78b9ef741e7d78f2eb7 (commit)
- Log -
commit b36cb385405c057a5cab931fc59b1a771ccc1e44
Author: Dr. Matthias St. Pierre
Date: Tue Feb 16 20:13:29 2021 +0100
bin/mk-notes: adjust regular expression for CVE IDs
According to [1], the CVE ID can now have more than four digits,
which actually happened for the CVEs fixed by 1.1.1j.
[1] https://cve.mitre.org/about/faqs.html#cve_id_syntax_change
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/219)
---
Summary of changes:
bin/mk-notes | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-notes b/bin/mk-notes
index a268fbc..352cb8e 100755
--- a/bin/mk-notes
+++ b/bin/mk-notes
@@ -41,7 +41,7 @@ while ( ) {
print "\n";
$in_ul = 1;
}
- s/CVE-\d{4}-\d{4}/$&<\/a>/g;
+ s/CVE-\d{4}-\d{4,}/$&<\/a>/g;
print;
}
}
[web] master update
The branch master has been updated via dd5f38e589cf996a273ab78b9ef741e7d78f2eb7 (commit) from 15064d72540a2d5405d749acd74caeb8683ae886 (commit) - Log - commit dd5f38e589cf996a273ab78b9ef741e7d78f2eb7 Author: Matt Caswell Date: Thu Mar 25 10:53:37 2021 + Updates for the 1.1.1k release Reviewed-by: Tim Hudson --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20210325.txt | 90 news/vulnerabilities.xml | 86 - 3 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20210325.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 1bbcaf2..648a68a 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes 11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it 18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it 16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes diff --git a/news/secadv/20210325.txt b/news/secadv/20210325.txt new file mode 100644 index 000..2ffb50c --- /dev/null +++ b/news/secadv/20210325.txt @@ -0,0 +1,90 @@ +OpenSSL Security Advisory [25 March 2021] += + +CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) + + +Severity: High + +The X509_V_FLAG_X509_STRICT flag enables additional security checks of the +certificates present in a certificate chain. It is not set by default. + +Starting from OpenSSL version 1.1.1h a check to disallow certificates in +the chain that have explicitly encoded elliptic curve parameters was added +as an additional strict check. + +An error in the implementation of this check meant that the result of a +previous check to confirm that certificates in the chain are valid CA +certificates was overwritten. This effectively bypasses the check +that non-CA certificates must not be able to issue other certificates. + +If a "purpose" has been configured then there is a subsequent opportunity +for checks that the certificate is a valid CA. All of the named "purpose" +values implemented in libcrypto perform this check. Therefore, where +a purpose is set the certificate chain will still be rejected even when the +strict flag has been used. A purpose is set by default in libssl client and +server certificate verification routines, but it can be overridden or +removed by an application. + +In order to be affected, an application must explicitly set the +X509_V_FLAG_X509_STRICT verification flag and either not set a purpose +for the certificate verification or, in the case of TLS client or server +applications, override the default purpose. + +OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these +versions should upgrade to OpenSSL 1.1.1k. + +OpenSSL 1.0.2 is not impacted by this issue. + +This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk +from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was +developed by Tomáš Mráz. + + +NULL pointer deref in signature_algorithms processing (CVE-2021-3449) += + +Severity: High + +An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation +ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits +the signature_algorithms extension (where it was present in the initial +ClientHello), but includes a signature_algorithms_cert extension then a NULL +pointer dereference will result, leading to a crash and a denial of service +attack. + +A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which +is the default configuration). OpenSSL TLS clients are not impacted by this +issue. + +All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions +should upgrade to OpenSSL 1.1.1k. + +OpenSSL 1.0.2 is not impacted by this issue. + +This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was +developed by Peter Kästle and Samuel Sapalski from Nokia. + +Note + + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of these issues on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +== + +URL for this Security Advisory:
[web] master update
The branch master has been updated via 15064d72540a2d5405d749acd74caeb8683ae886 (commit) via 866c7caa7a09f7f56be99d7cb750be9c901503e0 (commit) via f37be0806125a21d7107327a97cc0d7cdc9275e8 (commit) via f4faa3d32216b9a47c6103400659e8f274c36052 (commit) from abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit) - Log - commit 15064d72540a2d5405d749acd74caeb8683ae886 Merge: abbb2d4 866c7ca Author: Mark J. Cox Date: Tue Mar 16 10:48:55 2021 + Merge pull request #222 from iamamoose/securitypolicychange Update security policy to note we prenotify projects like LibreSSL and BoringSSL commit 866c7caa7a09f7f56be99d7cb750be9c901503e0 Author: Mark J. Cox Date: Tue Mar 16 10:47:33 2021 + Vote passed, update the change date commit f37be0806125a21d7107327a97cc0d7cdc9275e8 Author: Mark J. Cox Date: Thu Mar 4 11:07:25 2021 + "based on" could be misinterpreted as projects that simply use OpenSSL but the intent of this change is for projects that are derived from OpenSSL commit f4faa3d32216b9a47c6103400659e8f274c36052 Author: Mark J. Cox Date: Tue Mar 2 11:18:48 2021 + For many years we have notified LibreSSL and BoringSSL, but we should be clear that we do so in the policy --- Summary of changes: policies/secpolicy.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 54fb592..ff4eb5f 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 12th May 2020 + Last modified 16th March 2021 @@ -126,6 +126,8 @@ that uses OpenSSL as included on http://oss-security.openwall.org/wiki/mailing-lists/distros;>this list of Operating System distribution security contacts. +We also include other open source projects that are derived from OpenSSL which +have a significant user base and a reciprocal arrangement. We may also include other organisations that are not listed but would otherwise qualify for list membership. We may also include organisations with which we have a
[web] master update
The branch master has been updated via abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit) from a12160447e27f7fd9dd1d84441d527de2545a4a8 (commit) - Log - commit abbb2d45bbd7db0f8733a2ca997300b572d19061 Author: Richard Levitte Date: Thu Mar 11 16:27:33 2021 +0100 Complete the transition changelog.txt -> changelog.md Almost a year ago, in 4b0220368e888aab29972537aff8602a45b724e9, changelog.txt was renamed to changelog.md. It seems, however, that we didn't make that change complete. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/224) --- Summary of changes: .gitignore | 2 +- Makefile | 2 +- news/changelog.html.tt | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 83f4641..e2cf52a 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,7 @@ docs/fips.inc docs/man*/ news/changelog.html news/changelog.inc -news/changelog.txt +news/changelog.md news/cl*.txt news/newsflash.inc news/openssl-*-notes.html diff --git a/Makefile b/Makefile index 4b1bd1f..741be51 100644 --- a/Makefile +++ b/Makefile @@ -218,7 +218,7 @@ news/$(1): $(CHECKOUTS)/$(2) cp $$? $$@ endef -# Create the target 'news/changelog.txt', taking the source from +# Create the target 'news/changelog.md', taking the source from # $(CHECKOUTS)/openssl/CHANGES.md $(eval $(call mknews_changelogtxt,changelog.md,openssl/CHANGES.md)) diff --git a/news/changelog.html.tt b/news/changelog.html.tt index 95097b7..2b7a510 100644 --- a/news/changelog.html.tt +++ b/news/changelog.html.tt @@ -22,8 +22,8 @@ This is the changelog for the master branch, the one that is currently in active development. - The plain-text version of this document is available - here: changelog.txt + The plain-text / markdown version of this document is available + here: changelog.md For other branches, the changelogs are distributed with
[web] master update
The branch master has been updated via a12160447e27f7fd9dd1d84441d527de2545a4a8 (commit) from 534023923c6dc5b0d26ea9a1fd28456f80afd311 (commit) - Log - commit a12160447e27f7fd9dd1d84441d527de2545a4a8 Author: Matt Caswell Date: Thu Mar 11 13:55:44 2021 + Update newsflash for the 3.0 alpha13 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/223) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 89e7ae8..1bbcaf2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it 18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it 16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes 28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 534023923c6dc5b0d26ea9a1fd28456f80afd311 (commit) from 5db03e20c8e936a62f1ee71b7178b4844c5ad838 (commit) - Log - commit 534023923c6dc5b0d26ea9a1fd28456f80afd311 Author: Matt Caswell Date: Thu Feb 18 15:16:04 2021 + Update newsflash for 3.0 alpha 12 release Reviewed-by: Mark J. Cox Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/web/pull/220) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 16f4f7c..89e7ae8 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it 16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes 28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it 07-Jan-2021: Alpha 10 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 5db03e20c8e936a62f1ee71b7178b4844c5ad838 (commit) from 96fab6a7b7406a9d4334c7b8d76c9da02dc35a62 (commit) - Log - commit 5db03e20c8e936a62f1ee71b7178b4844c5ad838 Author: Matt Caswell Date: Tue Feb 16 16:56:36 2021 + Fix a typo in vulnerabilities.xml Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/218) --- Summary of changes: news/vulnerabilities.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 5ac7dc8..255c8e2 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -136,7 +136,7 @@ upgrade to 1.1.1j. - +
[web] master update
The branch master has been updated via 96fab6a7b7406a9d4334c7b8d76c9da02dc35a62 (commit) from 3529993430cd665987db1ade8fa5e6f17fd9fdc7 (commit) - Log - commit 96fab6a7b7406a9d4334c7b8d76c9da02dc35a62 Author: Matt Caswell Date: Tue Feb 16 15:47:12 2021 + Updates for the new release Reviewed-by: Richard Levitte --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20210216.txt | 123 ++ news/vulnerabilities.xml | 193 ++- 3 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20210216.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 176275b..16f4f7c 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes 28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it 07-Jan-2021: Alpha 10 of OpenSSL 3.0 is now available: please download and test it 08-Dec-2020: OpenSSL 1.1.1i is now available, including bug and security fixes diff --git a/news/secadv/20210216.txt b/news/secadv/20210216.txt new file mode 100644 index 000..bac4b39 --- /dev/null +++ b/news/secadv/20210216.txt @@ -0,0 +1,123 @@ +OpenSSL Security Advisory [16 February 2021] + + +Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) + + +Severity: Moderate + +The OpenSSL public API function X509_issuer_and_serial_hash() attempts to +create a unique hash value based on the issuer and serial number data contained +within an X509 certificate. However it fails to correctly handle any errors +that may occur while parsing the issuer field (which might occur if the issuer +field is maliciously constructed). This may subsequently result in a NULL +pointer deref and a crash leading to a potential denial of service attack. + +The function X509_issuer_and_serial_hash() is never directly called by OpenSSL +itself so applications are only vulnerable if they use this function directly +and they use it on certificates that may have been obtained from untrusted +sources. + +OpenSSL versions 1.1.1i and below are affected by this issue. Users of these +versions should upgrade to OpenSSL 1.1.1j. + +OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL +1.0.2 is out of support and no longer receiving public updates. Premium support +customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade +to 1.1.1j. + +This issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from +Google. The fix was developed by Matt Caswell. + +Incorrect SSLv2 rollback protection (CVE-2021-23839) + + +Severity: Low + +OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a +server that is configured to support both SSLv2 and more recent SSL and TLS +versions then a check is made for a version rollback attack when unpadding an +RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are +supposed to use a special form of padding. A server that supports greater than +SSLv2 is supposed to reject connection attempts from a client where this special +form of padding is present, because this indicates that a version rollback has +occurred (i.e. both client and server support greater than SSLv2, and yet this +is the version that is being requested). + +The implementation of this padding check inverted the logic so that the +connection attempt is accepted if the padding is present, and rejected if it +is absent. This means that such as server will accept a connection if a version +rollback attack has occurred. Further the server will erroneously reject a +connection if a normal SSLv2 connection attempt is made. + +Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this +issue. In order to be vulnerable a 1.0.2 server must: + +1) have configured SSLv2 support at compile time (this is off by default), +2) have configured SSLv2 support at runtime (this is off by default), +3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite + list) + +OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to +this issue. The underlying error is in the implementation of the +RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING +padding mode used by various other functions. Although 1.1.1 does not support +SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the +RSA_SSLV23_PADDING padding mode. Applications that directly call that function +or use that
[web] master update
The branch master has been updated via 3529993430cd665987db1ade8fa5e6f17fd9fdc7 (commit) via 0c8d22bbae92c7e78477d4dadadc2bc18c3cfbbf (commit) via c6cf36f015984e82e43de865b8f8103066a77c66 (commit) via 90bc2ffebb6e01e9a7820c13402a8249193e6448 (commit) via 628bbe846b437aba16656c25124294ae90196f53 (commit) via bc3baf2162d6eef8641c165eb70a9586c10a8020 (commit) via 3c797992c0d01f715efe0054c7ef7231fb292591 (commit) via 88a68140e52e169a828a5ef3f6ad6dbcd4f7f70b (commit) via f560958e29b058b606d3a3d665d564ad8a62f751 (commit) via a142c42643d6e8730a8c5948e19940677ee29b77 (commit) via c3555349fb3e1ca3c75e9677a05ece12f2ff644f (commit) via 5a4fd513a1e740b94dff9e051d2fd4e8110f997c (commit) via 635083bad80b21081f78fd0c5acef55afe87d73f (commit) via 3525d32ba43b960dda576cc55e0161ba773b3ec5 (commit) via 96fc8427dab3f7cdfe5175e6422e0c6c9339b308 (commit) via fa82509a79ae0b7c6b6b3aa4834fea358740e135 (commit) via a03ba3426aeae4e9fd7a9abfabba38e90bfe2cfe (commit) via c04f0bfc85bb789d66f9a8f2d4729a148088db4d (commit) via 704484cedfcc60d48b42d28ed8aa3f0464193ee0 (commit) via 5080a36b15ca1a0bd2ebfafbc288fb87422dfc09 (commit) via 9b1da3db16d5e0691137750c8f6850b02068cff0 (commit) via b9af396e59d0832d0e3523a38ce16c16ee3b8940 (commit) via 59c90242b6bf73f9f2c463389258e13dfa120595 (commit) via 30177d15c80f2170bfed542f131edd56397ed03a (commit) via e4f869c1b2d97b1efb9bfbb4e38ff9e7762a61d0 (commit) via cee36dc9d608462c45fff3ad7f280a301c02b34d (commit) from d2b610bc453351c8b9dd50a7da2c2fcbe03c58d5 (commit) - Log - commit 3529993430cd665987db1ade8fa5e6f17fd9fdc7 Merge: 0c8d22b c6cf36f Author: Mark J. Cox Date: Tue Feb 16 15:15:10 2021 + Merge pull request #217 from iamamoose/sponsor Add new bronze level github sponsor commit 0c8d22bbae92c7e78477d4dadadc2bc18c3cfbbf Merge: d2b610b 90bc2ff Author: Mark J. Cox Date: Tue Feb 16 14:57:14 2021 + Merge branch 'master' of github.com:iamamoose/openssl-web commit c6cf36f015984e82e43de865b8f8103066a77c66 Author: Mark J. Cox Date: Tue Feb 16 14:51:33 2021 + Add new bronze level github sponsor commit 90bc2ffebb6e01e9a7820c13402a8249193e6448 Merge: 628bbe8 32ac25c Author: Mark J. Cox Date: Mon Jan 4 15:53:49 2021 + Merge remote-tracking branch 'gh/master' commit 628bbe846b437aba16656c25124294ae90196f53 Merge: bc3baf2 0689c52 Author: Mark J. Cox Date: Mon Jan 4 15:51:30 2021 + Merge remote-tracking branch 'site/master' commit bc3baf2162d6eef8641c165eb70a9586c10a8020 Author: Mark J. Cox Date: Mon Jan 4 15:29:11 2021 + Update the Sponsorship page to remove sponsorships that have lapsed and add a link to recognise the GitHub Sponsors commit 3c797992c0d01f715efe0054c7ef7231fb292591 Author: Matt Caswell Date: Tue Dec 8 13:45:19 2020 + Commits for new releases Reviewed-by: Richard Levitte commit 88a68140e52e169a828a5ef3f6ad6dbcd4f7f70b Author: Matt Caswell Date: Thu Nov 26 15:03:27 2020 + Update newsflash for new release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/208) commit f560958e29b058b606d3a3d665d564ad8a62f751 Author: Pauli Date: Fri Nov 6 22:52:00 2020 +1000 by laws: remove the necessity for the OMC to invite committers and OTC members. It would be better if these invitations come from the OTC which does the nominations. Reviewed-by: Matt Caswell Reviewed-by: Mark J. Cox Reviewed-by: Tim Hudson Reviewed-by: Kurt Roeckx Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/207) commit a142c42643d6e8730a8c5948e19940677ee29b77 Author: Dr. Matthias St. Pierre Date: Thu Oct 1 18:13:22 2020 +0200 policies/sidebar: add link to OpenSSL Technical Policies Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/199) commit c3555349fb3e1ca3c75e9677a05ece12f2ff644f Author: Pauli Date: Thu Nov 5 09:54:17 2020 +1000 Merge SHA2 entries in FIPS table Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) commit 5a4fd513a1e740b94dff9e051d2fd4e8110f997c Author: Pauli Date: Thu Nov 5 09:30:22 2020 +1000 3.0 design: remove the SP 800-90 entropy testing entry. Due to rules changes, this will not be happening. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) commit 635083bad80b21081f78fd0c5acef55afe87d73f Author: Pauli Date: Thu Nov 5 09:29:45 2020 +1000 3.0 design: remove the compliance column. Reviewed-by: Matt Caswell (Merged from
[web] master update
The branch master has been updated via d2b610bc453351c8b9dd50a7da2c2fcbe03c58d5 (commit) from 15c3d9188ef04d9d3d4b98088d641163390a5e03 (commit) - Log - commit d2b610bc453351c8b9dd50a7da2c2fcbe03c58d5 Author: Richard Levitte Date: Mon Jan 25 14:11:13 2021 +0100 Fix bin/mk-manpages3 to handle spurious & in the description We have some pages that emit and in the NAMES description in the HTML output. However, we're using sed to massage a template with that description, and & happens to be significant. Therefore, it needs being explicitly escaped. Partially fixes openssl/openssl#13949 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/214) --- Summary of changes: bin/mk-manpages3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/mk-manpages3 b/bin/mk-manpages3 index dba2772..5c83583 100755 --- a/bin/mk-manpages3 +++ b/bin/mk-manpages3 @@ -18,7 +18,7 @@ srcdir=tmp/doc/html $HERE/strip-man-html < $srcdir/$F > $destdir/$G section=$(basename $Dn | sed -e 's|^man||') -description="$($HERE/all-html-man-names < $destdir/$G | sed 's|^.* - ||')" +description="$($HERE/all-html-man-names < $destdir/$G | sed -e 's|^.* - ||' -e 's|\&|\\\&|g')" names="$($HERE/all-html-man-names < $destdir/$G | sed -e 's| - .*||' -e 's|, *| |g' -e 's|/|-|g')" for name in $names; do G=$Dn/$name.html
[web] master update
The branch master has been updated via 15c3d9188ef04d9d3d4b98088d641163390a5e03 (commit) from ea1add5b56b63293c22ed6e374f13c9e8a56aa90 (commit) - Log - commit 15c3d9188ef04d9d3d4b98088d641163390a5e03 Author: Richard Levitte Date: Thu Jan 28 14:21:50 2021 +0100 Add newsflash about the release of OpenSSL 3.0 alpha11 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/web/pull/216) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1d842c7..176275b 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +28-Jan-2021: Alpha 11 of OpenSSL 3.0 is now available: please download and test it 07-Jan-2021: Alpha 10 of OpenSSL 3.0 is now available: please download and test it 08-Dec-2020: OpenSSL 1.1.1i is now available, including bug and security fixes 26-Nov-2020: Alpha 9 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated
via ea1add5b56b63293c22ed6e374f13c9e8a56aa90 (commit)
from dac25f4cbc9703f3338ef39df97dc5e7f9dd186f (commit)
- Log -
commit ea1add5b56b63293c22ed6e374f13c9e8a56aa90
Author: Dr. Matthias St. Pierre
Date: Tue Dec 8 16:31:10 2020 +0100
bin/mk-notes: correct the anchor links to the CVE descriptions
from `...#-` to `...#CVE--`.
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/web/pull/209)
---
Summary of changes:
bin/mk-notes | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-notes b/bin/mk-notes
index 75562ef..a268fbc 100755
--- a/bin/mk-notes
+++ b/bin/mk-notes
@@ -41,7 +41,7 @@ while ( ) {
print "\n";
$in_ul = 1;
}
- s/CVE-(\d{4}-\d{4})/CVE-$1<\/a>/g;
+ s/CVE-\d{4}-\d{4}/$&<\/a>/g;
print;
}
}
[web] master update
The branch master has been updated
via dac25f4cbc9703f3338ef39df97dc5e7f9dd186f (commit)
from 3d9c535a7ca836b670bec4680763d70c42f50e19 (commit)
- Log -
commit dac25f4cbc9703f3338ef39df97dc5e7f9dd186f
Author: Etienne Millon
Date: Mon Jan 4 15:50:58 2021 +0100
Fix style for links containing "raw"
The stylesheet contains rules that applies to all links to urls
containing "raw". This applies to links to documentation for function
that contain this word, in such as `EVP_PKEY_new_raw_private_key`.
These rules seems to be otherwise unused, so removing them fixes the
problem.
CLA: Trivial
Reviewed-by: Paul Dale
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/web/pull/210)
---
Summary of changes:
inc/screen.css | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/inc/screen.css b/inc/screen.css
index 29b74b9..9a5d29a 100644
--- a/inc/screen.css
+++ b/inc/screen.css
@@ -1369,7 +1369,7 @@ figure.code .highlight {
border-bottom: 0;
}
-.download-source, html a[href*=raw], figure.code figcaption a {
+.download-source, figure.code figcaption a {
position: absolute;
right: .8em;
text-decoration: none;
@@ -1379,7 +1379,7 @@ figure.code .highlight {
text-shadow: #cb 0 1px 0;
padding-left: 3em;
}
-.download-source:hover, html a[href*=raw]:hover, figure.code figcaption
a:hover {
+.download-source:hover, figure.code figcaption a:hover {
text-decoration: underline;
}
[web] master update
The branch master has been updated via 8bbe05eafe1a554259e527f9ba3dd18e4b2e3a9a (commit) from 89d554f676bdacf8497b41c8f2eae3b395bb2ff9 (commit) - Log - commit 8bbe05eafe1a554259e527f9ba3dd18e4b2e3a9a Author: Kurt Roeckx Date: Fri Jan 15 18:49:59 2021 +0100 Update expiration date --- Summary of changes: news/openssl-security.asc | 80 +++ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 2b32a4b..8e6c0cc 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -11,33 +11,33 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz -bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck -Z9YTy4PH7W0w2JTizos9efUFAl3n9TkFCQvHY5oACgkQ2JTizos9efVbRQ//aItr -wyVa5j+OtrMaIJI9x835ES4bBaEIY1YVwGzoKzj+MOxdai0spUR6KZ9TYnEC5R4b -yFac7H9g+R4V5rv3+HogMBTYaCTmbFmZ4Y8viD7YaDsHHMcbHQymyV55l7ZfzyNt -pw3D3acvS3nOij9JQqRTOHuIOtS5FtJh1/+pig5sEk1TigOemJ7cnC7uWmfkzDzx -ywz29EBFZXeFV7Dg+hjkUuVtMqcbhouvjJlwvx7cgcAPwFRZcu7UoirVoq0+sSJj -kxxohVekpc+daZK9ge6qpHi7LObgM64fVPjR4FizuTmHU+f7ptUaI7BEGxmPtmBa -skj1Wi4lkSgQ4SfS7PpnlPphM2Tms7mG4gPO4f0cZ/qZriCoaU5DZ8kPx0xgY7Yf -Uol3NyRxAXJZi7voSWsj/YM1rsyd8Q7bYFW0Rx/hcjbT2AwZcqruqAuYEM6+M3Sb -JzOm28w+lnS7urnog8MBSSX9wsFzwHEXKBiqY2Qp+jU/fmSebqiDrRaAXJPvidCM -gsPNrK6HrQOjemZTG7dReIxqIjWuguhcN4aoellXwJYuR0NOo0uRK79IGbjFU8Vy -UBuv5AMCWgpblLaDyVHkhnQbNjnpvJnVoCqvTU4R0ttmjKQV4aWwgdryuc/a564J -PKcfr4pmeb+4Lfh1SxpNP3O2pzI1OY1zSj5nFRm0JU9wZW5TU0wgT01DIDxvcGVu -c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCXef1QQUJC8djmgAKCRDY -lOLOiz159UcFD/9XdBn0wKmEwBO2KyM/zfHLpTysV3A1QM98C3Oy2/jPI/wcWmIN -1PoXbDEUGTBCKAEYhcnQKb5E7FsD+68i/07S5eBP65R24G182f6Qofy8Hy/Kbed/ -GmQEoprDaYqpUp6qFoPxBExW8bwEzkSRWTz4d/ptjDREOF3d4oJS3CE/HOr3l9Jy -0Jgvg1iAw2uiRSNb5/miUZM7wa/wGYmJmtbGomr3/suyyLeRh4UwoOAZulB6crql -ITxoyv9M7IF+YAYIdRQB1/zbE6d+i+5AKeyGmBxhXyYlIIFHjmFpMmz+HbHZ31tr -FodE/1EK9kxGcOOv9jSxiplLdgl0d4XqAb2wsNYygNb2n6uj/7Vz+iZwWnCDfNEo -UPazufcFh4KMPV6ZzqguXWpV6aV40rEjqWWwXfwXiSL7Yc1TYdnj+koCy2sXoiLd -d2VlCX/wWhl38KsAN69OgYlDNVne5ctQ2zpdYyYrQZlL9yk164evBroZGOrJSTl4 -5ZNSmsbX/alNQRTCVuPmICY6KOEE0CylvhcZtXbDvT9OTm0wNg99jj0Hpd3r8I6d -zGlsBfnipSWVnXtg4ozzvsIKdHy/1kfbiojwBwhD3QyIheQuA1MfmbItw60olEHH -iGqEzcztmQBTSXtyZ2ZhhPN9ZYGAxFmDmju3alqOqRIwu3C86WN3XCl/urQnT3Bl +tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+ +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9 +efUFAmAB1NUFCQ2zHrYACgkQ2JTizos9efUHgxAAjTBfDLtetgRSnmNMTtgLOIGj +hFpE+eAKoc8xGT0FFmSPFPi2FQ51SjhJlk9PnoRGJC41vECdWY2dpXOVTCQL4ZPv +koVOUmf2979HjVGK1Z5dMnAFZP3bKxFR4KfuhH1rgIkcAoDghyl6w3ONlbBvH9Cx +Mrw36nOYFdRHjJZPVB6/BSZZL2AQE8n/Bwtp9Ea7mqi71ExLSBkPkwlMJ35tbq0e +hAL40r1I2GobcqyntB+K4Kqm891AEHLxRAymvucoxv3Y1yJXpET6GuSKQ9yKsDKK +fTwfbsDuKsLq4dCTcXmluBEKgA0Ni1XzygEh79o957J988WacJDsthhJ5YDjdyK8 +fu6Ie5C2b/hzZZ5oECuEYBsti3hP/WSVsvGDhkI8tvFr071MIk6mHzi0Wxlxyk6F +uO8WeqPkf9cPrWCzTdjAvCmiQe5X4lipOWkysQm/NEc6DKfiYmjfoVuebZmg6Br8 +oypIDJIzy3AK+2sNt5CjvODZ/w7uAHQrFBDAoTLmQL9e5e/fQmgoTFMjn8yzOuiU +BBiw6uGMmhb35OBegzk5ov/1EOQxnMVWLTdLe3xUG6RSGEW8Vy4jgaGWquXhLxeV +bWBTE5DacbCOqGyDoFG/Ehe2eFOOspkL3jPoQN5XqEsqcdiLWRMhH5m/ZISeqI3j +495QYZlxN8HDsjLWK7G0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z +ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID +AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCYAHU4wUJDbMetgAKCRDY +lOLOiz159U7NEACQFr0PgsoNl+/dCdzWN7JrkddTSfY0bEhak8fOwTIb/7ybxzS/ +8qXaso2K5/D+w2RDLyl+faFxuvYIdySOAomxZTeorXpxnba8p13cwEEXgH6wIShi +o22bz9EH/qrsWqwXa22CkYzhWJQTED703+i5Rm+eO9oeOq6inx3ceCAKNfEDhfKC +dSAP08Mo41mMPf6+2CM/dPiN1LaouZVg/stQ/FPnuEZOetOtXZH/nEgPHAaVDhaF +FQQ6JlxvXzC+BCrJ0eJgJuhuU8K/y5SahEKqRbcHxBB7MBIH1ZqBhmMJ1eWxYX2S +PFJaTNgjVJ82vpLstHdSE6boamtEEtkeYEzNnaOOiebNwyIHlrsCaPKNXAuISKe/ +pD91maFDcXPF/4IP+juegnNjdFi1g8mmIwEvJnb1ZqoY0+ay+zH2q1ZshRixsCG5 +5afQCM+nwXhuAVhUqxOC7FG0f+/geTBJnXWw4C1QiiJjXYQhKH9g+R6vj/ODskOY +dFqe7uZQZzcd1DNmvNYfQVWMyW6hYDNgbFqqshsPaZaQicaa4rAWfyenWBSlR/yH +xqbfZJW+31MvFk5auz8Rv96W4/nOppUmUqEZ0xhAgPhmBUKgvVnyfg6RR9Il/rUU +kZUvwN45CtSdKQZWhrEHIEWzp3PdooTHDKeuTczCrdRvsSsFx1pMG1NcIbQnT3Bl blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr @@ -63,17 +63,17 @@ ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g
[web] master update
The branch master has been updated via 32ac25c3dc11364b8854de9e91303951f6ba406d (commit) via 9720d7fff327192e2d845f4e4d305c32cc0fe8b9 (commit) from 0689c523b599d89f0ce5caedab4f7d66bee1efb6 (commit) - Log - commit 32ac25c3dc11364b8854de9e91303951f6ba406d Merge: 0689c52 9720d7f Author: Mark J. Cox Date: Mon Jan 4 15:49:15 2021 + Merge pull request #211 from iamamoose/sponsorupdate Update the Sponsorship page to remove sponsorships that have lapsed commit 9720d7fff327192e2d845f4e4d305c32cc0fe8b9 Author: Mark J. Cox Date: Mon Jan 4 15:29:11 2021 + Update the Sponsorship page to remove sponsorships that have lapsed and add a link to recognise the GitHub Sponsors --- Summary of changes: support/acks.html | 22 -- 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/support/acks.html b/support/acks.html index 419924e..f3c75d2 100644 --- a/support/acks.html +++ b/support/acks.html @@ -15,10 +15,9 @@ Sponsorship Donations - We would like to identify and thank the following sponsors for their donations which give significant support to the OpenSSL project. - Please note some sponsors remain anonymous. + Please note sponsors may choose to remain anonymous. @@ -38,24 +37,9 @@ } - Exceptional: - - - https://www.smartisan.com/;> - - - Platinum: - - - https://www.huawei.com/;> - - Bronze: https://beslist.nl/;>beslist.nl -https://cargurus.com/;>CarGurus @@ -63,7 +47,9 @@ Other Donations - We also identify and thank organizations who contribute + We also would like to thank those who contribute + via https://github.com/sponsors/openssl;>GitHub Sponsors, + as well as the organizations who contribute in-kind donations to the project.
[web] master update
The branch master has been updated via 0689c523b599d89f0ce5caedab4f7d66bee1efb6 (commit) from f0a6320b5394fb6be437d7ea800aa75bb9eabbbe (commit) - Log - commit 0689c523b599d89f0ce5caedab4f7d66bee1efb6 Author: Matt Caswell Date: Tue Dec 8 13:45:19 2020 + Commits for new releases Reviewed-by: Richard Levitte --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20201208.txt | 73 ++ news/vulnerabilities.xml | 82 +++- 3 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20201208.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index c945172..6b39413 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +08-Dec-2020: OpenSSL 1.1.1i is now available, including bug and security fixes 26-Nov-2020: Alpha 9 of OpenSSL 3.0 is now available: please download and test it 05-Nov-2020: Alpha 8 of OpenSSL 3.0 is now available: please download and test it 21-Oct-2020: New Blog post: OpenSSL 3.0 Alpha7 Release diff --git a/news/secadv/20201208.txt b/news/secadv/20201208.txt new file mode 100644 index 000..bda8317 --- /dev/null +++ b/news/secadv/20201208.txt @@ -0,0 +1,73 @@ +OpenSSL Security Advisory [08 December 2020] + + +EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) +== + +Severity: High + +The X.509 GeneralName type is a generic type for representing different types +of names. One of those name types is known as EDIPartyName. OpenSSL provides a +function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME +to see if they are equal or not. This function behaves incorrectly when both +GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash +may occur leading to a possible denial of service attack. + +OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: +1) Comparing CRL distribution point names between an available CRL and a CRL + distribution point embedded in an X509 certificate +2) When verifying that a timestamp response token signer matches the timestamp + authority name (exposed via the API functions TS_RESP_verify_response and + TS_RESP_verify_token) + +If an attacker can control both items being compared then that attacker could +trigger a crash. For example if the attacker can trick a client or server into +checking a malicious certificate against a malicious CRL then this may occur. +Note that some applications automatically download CRLs based on a URL embedded +in a certificate. This checking happens prior to the signatures on the +certificate and CRL being verified. OpenSSL's s_server, s_client and verify +tools have support for the "-crl_download" option which implements automatic +CRL downloading and this attack has been demonstrated to work against those +tools. + +Note that an unrelated bug means that affected versions of OpenSSL cannot parse +or construct correct encodings of EDIPARTYNAME. However it is possible to +construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence +trigger this attack. + +All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL +releases are out of support and have not been checked. + +OpenSSL 1.1.1 users should upgrade to 1.1.1i. + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium +support customers of OpenSSL 1.0.2 should upgrade to 1.0.2x. Other users should +upgrade to OpenSSL 1.1.1i. + +This issue was reported to OpenSSL on 9th November 2020 by David Benjamin +(Google). Initial analysis was performed by David Benjamin with additional +analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. + +Note + + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of this issue on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20201208.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 9b7dcb6..93543ac 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,87 @@ - + + + + + + + + + +
[web] master update
The branch master has been updated via f0a6320b5394fb6be437d7ea800aa75bb9eabbbe (commit) from c726cc2bd5f0cc426a2197227a73a61a74844585 (commit) - Log - commit f0a6320b5394fb6be437d7ea800aa75bb9eabbbe Author: Matt Caswell Date: Thu Nov 26 15:03:27 2020 + Update newsflash for new release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/208) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index ced5478..c945172 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +26-Nov-2020: Alpha 9 of OpenSSL 3.0 is now available: please download and test it 05-Nov-2020: Alpha 8 of OpenSSL 3.0 is now available: please download and test it 21-Oct-2020: New Blog post: OpenSSL 3.0 Alpha7 Release 15-Oct-2020: Alpha 7 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via c726cc2bd5f0cc426a2197227a73a61a74844585 (commit) from 81c4fc716d3ebe0b1c0454a652d319d4bfeae49b (commit) - Log - commit c726cc2bd5f0cc426a2197227a73a61a74844585 Author: Pauli Date: Fri Nov 6 22:52:00 2020 +1000 by laws: remove the necessity for the OMC to invite committers and OTC members. It would be better if these invitations come from the OTC which does the nominations. Reviewed-by: Matt Caswell Reviewed-by: Mark J. Cox Reviewed-by: Tim Hudson Reviewed-by: Kurt Roeckx Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/207) --- Summary of changes: policies/omc-bylaws.html | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/policies/omc-bylaws.html b/policies/omc-bylaws.html index c351999..8296f60 100644 --- a/policies/omc-bylaws.html +++ b/policies/omc-bylaws.html @@ -49,8 +49,9 @@ Committers also have a responsibility to review code submissions in accordance with OpenSSL project policies and procedures. - Commit access is granted as a result of a vote by the OMC. It may - be withdrawn at any time by a vote of the OMC. + Commit access is granted by invitation from the OTC and requires + a prior OMC vote of acceptance. It may be withdrawn at any time by + a vote of the OMC. A condition of commit access is that the committer has signed an Individual Contributor Licence Agreement (ICLA). If contributions may @@ -221,10 +222,11 @@ manner; - Membership of the OTC is by invitation only from the OMC. - OTC members must be committers and hence all rules that apply to committers also apply. - OTC members may be OMC members and in which case all rules that apply to OMC members - also apply. + Membership of the OTC is by invitation from the OTC and requires + a prior OMC vote of acceptance. OTC members must be committers and + hence all rules that apply to committers also apply. + OTC members may be OMC members and in which case all rules that apply + to OMC members also apply. The OTC makes technical decisions on behalf of the project based on requirements specified by the OMC. In order to have
[web] master update
The branch master has been updated via 81c4fc716d3ebe0b1c0454a652d319d4bfeae49b (commit) from f261cc8536b90413e7434e00f6f0815f9557f14c (commit) - Log - commit 81c4fc716d3ebe0b1c0454a652d319d4bfeae49b Author: Dr. Matthias St. Pierre Date: Thu Oct 1 18:13:22 2020 +0200 policies/sidebar: add link to OpenSSL Technical Policies Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/199) --- Summary of changes: policies/sidebar.shtml | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/policies/sidebar.shtml b/policies/sidebar.shtml index a7abcf5..f1a599c 100644 --- a/policies/sidebar.shtml +++ b/policies/sidebar.shtml @@ -4,7 +4,7 @@ Policies - Roadmap +Roadmap Trademark Policy @@ -13,22 +13,25 @@ Platform Policy - Release Strategy +Release Strategy Travel Reimbursement Policy. - Security Policy +Security Policy - OpenSSL Bylaws +OpenSSL Bylaws + + +OpenSSL Technical Policies Policy for Committers - Coding Style +Coding Style Contributor Agreements
[web] master update
The branch master has been updated via f261cc8536b90413e7434e00f6f0815f9557f14c (commit) via 1a9ccdeb95839cb6d90f634526db82130ef9d30f (commit) via c4649934a2149bd28a58db52e5351e41b293390c (commit) from 3c4254de41ee0213b2a269162bb1f347323865eb (commit) - Log - commit f261cc8536b90413e7434e00f6f0815f9557f14c Author: Pauli Date: Thu Nov 5 09:54:17 2020 +1000 Merge SHA2 entries in FIPS table Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) commit 1a9ccdeb95839cb6d90f634526db82130ef9d30f Author: Pauli Date: Thu Nov 5 09:30:22 2020 +1000 3.0 design: remove the SP 800-90 entropy testing entry. Due to rules changes, this will not be happening. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) commit c4649934a2149bd28a58db52e5351e41b293390c Author: Pauli Date: Thu Nov 5 09:29:45 2020 +1000 3.0 design: remove the compliance column. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) --- Summary of changes: docs/OpenSSL300Design.md | 176 +-- 1 file changed, 2 insertions(+), 174 deletions(-) diff --git a/docs/OpenSSL300Design.md b/docs/OpenSSL300Design.md index 6aab23a..9246e44 100644 --- a/docs/OpenSSL300Design.md +++ b/docs/OpenSSL300Design.md @@ -2756,8 +2756,6 @@ The algorithms which are to be included in the FIPS module are: Standard - Compliant[^7] - Notes @@ -2768,8 +2766,6 @@ The algorithms which are to be included in the FIPS module are: https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02;>FIPS 81 - ✓ - Refer also to https://csrc.nist.gov/publications/detail/sp/800-67/rev-2/final;>SP 800-67rev2. \ \ TDES support being decryption only (from 2020) and banned (from 2025). \ @@ -2786,8 +2782,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02;>FIPS 81 - ✓ - AES @@ -2796,8 +2790,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A - ✓ - All AES cipher modes supporting 128, 192 and 256 bits. @@ -2808,8 +2800,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati - ✓ - @@ -2820,8 +2810,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38c/final;>SP 800-38C - ✓ - @@ -2832,8 +2820,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A - ✓ - @@ -2844,8 +2830,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A - ✓ - @@ -2856,8 +2840,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A - ✓ - @@ -2868,10 +2850,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38d/final;>SP 800-38D - ✓ - - Changes in IV. Module must generate the IV. - @@ -2880,10 +2858,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38d/final;>SP 800-38D - ✓ - - - @@ -2892,10 +2866,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A - ✓ - - - @@ -2904,8 +2874,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38e/final;>SP 800-38E - ✓ - See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf;>FIPS 140-2 I.G. A.9. Needs key check added. This mode does not support 192 bits. Check added by https://github.com/openssl/openssl/pull/7120;>#7120. @@ -2916,8 +2884,6 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38f/final;>SP 800-38F - ✓ - Differences from standard but within it. @@ -2928,8 +2894,6 @@ Security Policy statement regarding the
[web] master update
The branch master has been updated via 3c4254de41ee0213b2a269162bb1f347323865eb (commit) from 96d7bc5229d5b350756a63878e5c38a683a26016 (commit) - Log - commit 3c4254de41ee0213b2a269162bb1f347323865eb Author: Matt Caswell Date: Thu Nov 5 14:18:34 2020 + Update newsflash for alpha 8 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/206) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index a6bb492..ced5478 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +05-Nov-2020: Alpha 8 of OpenSSL 3.0 is now available: please download and test it 21-Oct-2020: New Blog post: OpenSSL 3.0 Alpha7 Release 15-Oct-2020: Alpha 7 of OpenSSL 3.0 is now available: please download and test it 22-Sep-2020: OpenSSL 1.1.1h is now available, including bug fixes
[web] master update
The branch master has been updated via 96d7bc5229d5b350756a63878e5c38a683a26016 (commit) via 981f70449c60812d9fef4106755ec637b6b868b4 (commit) via 7fb9357ff70ce58df6c4e13ceb0e9a4dead77cc4 (commit) from 7c84bf7db927de5a6676a0fad2e88546e7e6e7ed (commit) - Log - commit 96d7bc5229d5b350756a63878e5c38a683a26016 Author: Pauli Date: Wed Nov 4 10:50:24 2020 +1000 Remove the TLS fixes items for CBC and key agreement. Both of these have been completed and are no longer relevant FIPS related work. Neither is a FIPS algorithm in of itself. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/204) commit 981f70449c60812d9fef4106755ec637b6b868b4 Author: Pauli Date: Wed Nov 4 10:49:25 2020 +1000 Update FIPS algorithm list to indicate compliance. The algorithms are now compliant, indicate this in the table. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/204) commit 7fb9357ff70ce58df6c4e13ceb0e9a4dead77cc4 Author: Pauli Date: Wed Nov 4 10:43:21 2020 +1000 Update FIPS algorithm list. Some additional algorithms have been added to the FIPS validation. Reflect this in the appendix. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/204) --- Summary of changes: docs/OpenSSL300Design.md | 184 --- 1 file changed, 159 insertions(+), 25 deletions(-) diff --git a/docs/OpenSSL300Design.md b/docs/OpenSSL300Design.md index e552692..6aab23a 100644 --- a/docs/OpenSSL300Design.md +++ b/docs/OpenSSL300Design.md @@ -1,7 +1,7 @@ --- title: OpenSSL 3.0.0 Design author: OpenSSL Management Committee (OMC) -date: January, 2019 +date: November, 2020 state: DRAFT header-includes: - | @@ -2801,6 +2801,18 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati All AES cipher modes supporting 128, 192 and 256 bits. + + + + CBC CTS + + + + ✓ + + + + @@ -2810,7 +2822,19 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati ✓ - It's likely easier to include all of these than to remove some of them. + + + + + + + CFB + + https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A + + ✓ + + @@ -2844,7 +2868,7 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38d/final;>SP 800-38D - ✗ + ✓ Changes in IV. Module must generate the IV. @@ -2861,6 +2885,18 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati + + + + OFB + + https://csrc.nist.gov/publications/detail/sp/800-38a/final;>SP 800-38A + + ✓ + + + + @@ -2868,7 +2904,7 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-38e/final;>SP 800-38E - ✗ + ✓ See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf;>FIPS 140-2 I.G. A.9. Needs key check added. This mode does not support 192 bits. Check added by https://github.com/openssl/openssl/pull/7120;>#7120. @@ -2979,6 +3015,42 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati + + CMAC + + + + + + ✓ + + + + + + GMAC + + + + + + ✓ + + + + + + KMAC + + + + + + ✓ + + + + DRBG @@ -2986,7 +3058,7 @@ Security Policy statement regarding the https://csrc.nist.gov/publicati https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final;>SP 800-90A - ✗ + ✓ Issues with https://csrc.nist.gov/publications/detail/sp/800-90c/draft;>SP 800-90C. @@ -3000,7 +3072,7 @@ All comply with https://csrc.nist.gov/publications/detail/sp/800-90a/re https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final;>SP 800-90A - ✗ + ✓ @@ -3010,7 +3082,7 @@ All comply with https://csrc.nist.gov/publications/detail/sp/800-90a/re https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final;>SP 800-90A - ✗ + ✓ @@ -3032,7 +3104,7 @@ All comply with https://csrc.nist.gov/publications/detail/sp/800-90a/re https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf;>FIPS 186-4 - ✗ + ✓ Refer also to https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/draft;>SP 800-56B. PKCS#1.5, PSS, Key pair generation. Modulus size changes. @@ -3044,7 +3116,7 @@ All comply with
[web] master update
The branch master has been updated via 7c84bf7db927de5a6676a0fad2e88546e7e6e7ed (commit) from 6353e2de0800ad057bf5d9abb1fb82955d3144da (commit) - Log - commit 7c84bf7db927de5a6676a0fad2e88546e7e6e7ed Author: Matt Caswell Date: Wed Oct 21 11:49:29 2020 +0100 Add link to blog post about alpha7 Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/203) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 79dda77..a6bb492 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +21-Oct-2020: New Blog post: OpenSSL 3.0 Alpha7 Release 15-Oct-2020: Alpha 7 of OpenSSL 3.0 is now available: please download and test it 22-Sep-2020: OpenSSL 1.1.1h is now available, including bug fixes 09-Sep-2020: Security Advisory: Raccoon attack
[web] master update
The branch master has been updated via 6353e2de0800ad057bf5d9abb1fb82955d3144da (commit) from ccf53c574247ac38f8ebfa956c0dee6d9501ed62 (commit) - Log - commit 6353e2de0800ad057bf5d9abb1fb82955d3144da Author: Matt Caswell Date: Thu Oct 15 14:23:01 2020 +0100 Update newsflash for alpha7 release Reviewed-by: Mark J. Cox Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/202) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 25cb6db..79dda77 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +15-Oct-2020: Alpha 7 of OpenSSL 3.0 is now available: please download and test it 22-Sep-2020: OpenSSL 1.1.1h is now available, including bug fixes 09-Sep-2020: Security Advisory: Raccoon attack 05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager
[web] master update
The branch master has been updated via ccf53c574247ac38f8ebfa956c0dee6d9501ed62 (commit) from b4cd56044d440553a1fe8273faac204d26be97ff (commit) - Log - commit ccf53c574247ac38f8ebfa956c0dee6d9501ed62 Author: Pauli Date: Fri Oct 9 07:52:12 2020 +1000 Add Siemens to the list of companies that support the project by donating employee time. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/200) --- Summary of changes: community/thanks.html | 1 + 1 file changed, 1 insertion(+) diff --git a/community/thanks.html b/community/thanks.html index 2ee75d3..0a734d0 100644 --- a/community/thanks.html +++ b/community/thanks.html @@ -30,6 +30,7 @@ Google, Oracle, Red Hat, +Siemens, and Softing.
[web] master update
The branch master has been updated via b4cd56044d440553a1fe8273faac204d26be97ff (commit) via c60f518bfb9aeb8bb8ed6ebc5338022139d1bb12 (commit) from 5fdc4406e53ff3af0a5e5c4db55a9565fcd29015 (commit) - Log - commit b4cd56044d440553a1fe8273faac204d26be97ff Author: Dr. Matthias St. Pierre Date: Tue Sep 29 22:56:43 2020 +0200 otc-policies: Add 'Voting Procedure' section Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/198) commit c60f518bfb9aeb8bb8ed6ebc5338022139d1bb12 Author: Dr. Matthias St. Pierre Date: Tue Sep 29 22:46:41 2020 +0200 otc-policies: Add an 'OpenSSL Technical Polices' page This document lists the technical policies and procedures established by the OTC based on the project bylaws and the requirements specified by the OMC. --- Summary of changes: policies/index.html| 7 + policies/omc-bylaws.html | 6 ++-- policies/otc-policies.html | 68 ++ 3 files changed, 78 insertions(+), 3 deletions(-) create mode 100644 policies/otc-policies.html diff --git a/policies/index.html b/policies/index.html index 71607df..3de5fc5 100644 --- a/policies/index.html +++ b/policies/index.html @@ -61,6 +61,13 @@ Signing one of our CLA's grants certain rights to OSF. + +The technical aspects of the OpenSSL project are managed by the +OpenSSL Technical Committee (OTC) which establishes and maintains +the technical policies based on the +project bylaws and the requirements specified by the OMC. + + We are pleased to mention that https://bestpractices.coreinfrastructure.org/projects/54;>we follow the diff --git a/policies/omc-bylaws.html b/policies/omc-bylaws.html index 88704a8..c351999 100644 --- a/policies/omc-bylaws.html +++ b/policies/omc-bylaws.html @@ -152,7 +152,7 @@ to vote on and participate in discussions. They retain access to OMC internal resources. - OMC Voting Procedures + OMC Voting Procedures A vote to change these bylaws will pass if it obtains an in favour vote by more than two thirds of the active OMC members and less than @@ -262,7 +262,7 @@ to vote on and participate in discussions. They retain access to OTC internal resources. - OTC Voting Procedures + OTC Voting Procedures A vote will pass if it has had a vote registered from a majority of active OTC members and has had more votes registered in @@ -294,7 +294,7 @@ All votes and their outcomes should be recorded and available to all OTC and OMC members. - OTC Transparency + OTC Transparency The majority of the activity of the OTC will take place in public. Non-public discussions or votes shall only occur for issues such as: diff --git a/policies/otc-policies.html b/policies/otc-policies.html new file mode 100644 index 000..b773882 --- /dev/null +++ b/policies/otc-policies.html @@ -0,0 +1,68 @@ + + + + + + + + + + + + + OpenSSL Technical Policies + +First issued 30th September 2020 +Last modified 30th September 2020 + + + + + + This document lists the technical policies and procedures established + by the OTC in accordance with the project bylaws + and the requirements specified by the OMC. + + Voting Procedure + + The following regulations complement the + OTC Voting Procedures + stated in the project bylaws: + + The proposer of a vote is ultimately responsible for updating the + https://git.openssl.org/?p=otc.git;f=votes.txt;hb=HEAD;>votes.txt + file in the https://git.openssl.org/?p=otc.git;>OTC Git repository. + Outside of a face to face meeting, voters MUST reply to the vote email indicating + their preference and optionally their reasoning. Voters MAY update the votes.txt + file in addition. + + The proposed vote text SHOULD be raised for discussion before calling the vote. + + Public votes MUST be called on the project list, not the OTC list and the + subject MUST begin with “VOTE:”. Private votes MUST be called on the + OTC list with “PRIVATE VOTE:” beginning subject. + + Update History + +30-September-2020. +Initial revision. + + + + + You are here: Home + : Policies + : Technical Policies + Sitemap + + + +
[web] master update
The branch master has been updated via 5fdc4406e53ff3af0a5e5c4db55a9565fcd29015 (commit) from 1a99da7d86438c88211a32f48d5627ec2aa77f87 (commit) - Log - commit 5fdc4406e53ff3af0a5e5c4db55a9565fcd29015 Author: Matt Caswell Date: Tue Jun 16 10:33:46 2020 +0100 Update the Release schedule in the release strategy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/184) --- Summary of changes: policies/releasestrat.html | 17 +++-- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 2fd9ad9..4b3f4f0 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -107,20 +107,9 @@ Bug fixes only - The following alpha and beta releases for OpenSSL 3.0 are currently - scheduled. Note that these dates are subject to change and alpha or beta - releases may be inserted or removed as required: - - alpha1, 2020-03-31: Basic functionality plus basic FIPS module - alpha2, 2020-04-21: Complete external provider support (serialization, - support for new algs, support for providers which only include - operations in a class) - alpha3, 2020-05-21: Aiming to test the API completeness before beta1 - freezes it) - beta1, 2020-06-02: Code complete (API stable, feature freeze) - betaN: Other beta releases TBD - Final: 2020 early Q4 - + The OpenSSL 3.0 release schedule is documented on the + https://wiki.openssl.org/index.php/OpenSSL_3.0_Release_Schedule;>OpenSSL 3.0 Release Schedule + wiki page. We expect the final release to be in early Q4 2020. For any major or minor release, we have defined the following
[web] master update
The branch master has been updated via 1a99da7d86438c88211a32f48d5627ec2aa77f87 (commit) from 73e69696a67ccd706dae5b8359bb423febde25aa (commit) - Log - commit 1a99da7d86438c88211a32f48d5627ec2aa77f87 Author: Matt Caswell Date: Wed Jun 10 09:18:01 2020 +0100 CLA page clarifications Fix a typo and clarify we require CLAs from all original authors. Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/183) --- Summary of changes: policies/cla.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policies/cla.html b/policies/cla.html index e29cf7d..cdbd592 100644 --- a/policies/cla.html +++ b/policies/cla.html @@ -12,9 +12,9 @@ Contributor Agreements -Every non-trivial contribution to be +Every non-trivial contribution needs to be covered by a signed - Contributor License Agreement (CLA). +Contributor License Agreement (CLA) from all original authors. We have modelled our policy based on the practice of https://www.apache.org;>the Apache Software Foundation. You can see their CLA policy
[web] master update
The branch master has been updated via 73e69696a67ccd706dae5b8359bb423febde25aa (commit) from 272b74db20a3cec1c9882f58161efa93accad094 (commit) - Log - commit 73e69696a67ccd706dae5b8359bb423febde25aa Author: Matt Caswell Date: Mon Sep 14 11:26:49 2020 +0100 Add a new section to the Coding Style about argument ordering We also add a section about how to extend existing functions. Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/195) --- Summary of changes: policies/codingstyle.txt | 17 + 1 file changed, 17 insertions(+) diff --git a/policies/codingstyle.txt b/policies/codingstyle.txt index db21c44..a9958f1 100644 --- a/policies/codingstyle.txt +++ b/policies/codingstyle.txt @@ -295,6 +295,23 @@ because it is a simple way to add valuable information for the reader. The name in the prototype declaration should match the name in the function definition. +Chapter 6.1: Extending existing functions + +From time to time it is necessary to extend an existing function. Typically this +will mean adding additional arguments, but it may also include removal of some. + +Where an extended function should be added the original function should be kept +and a new version created with the same name and an "_ex" suffix. For example, +the "RAND_bytes" function has an extended form called "RAND_bytes_ex". + +Where an extended version of a function already exists and a second extended +version needs to be created then it should have an "_ex2" suffix, and so on for +further extensions. + +When an extended version of a function is created the order of existing +parameters from the original function should be retained. However new parameters +may be inserted at any point (they do not have to be at the end), and no longer +required parameters may be removed. Chapter 7: Centralized exiting of functions
[web] master update
The branch master has been updated via 272b74db20a3cec1c9882f58161efa93accad094 (commit) from 4a2dac4738e42fc30f7f38d9292a9391f715757e (commit) - Log - commit 272b74db20a3cec1c9882f58161efa93accad094 Author: Matt Caswell Date: Tue Sep 22 14:05:56 2020 +0100 Updates for the 1.1.1h release Reviewed-by: Mark J. Cox Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/web/pull/196) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index c1820fa..25cb6db 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +22-Sep-2020: OpenSSL 1.1.1h is now available, including bug fixes 09-Sep-2020: Security Advisory: Raccoon attack 05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 4a2dac4738e42fc30f7f38d9292a9391f715757e (commit) from 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 (commit) - Log - commit 4a2dac4738e42fc30f7f38d9292a9391f715757e Author: Mark J. Cox Date: Wed Sep 9 12:59:40 2020 +0100 Add Racoon advisory, vulnerability db entry, and newsflash pointing to the advisory --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20200909.txt | 76 news/vulnerabilities.xml | 47 +- 3 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20200909.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index edc8cc8..c1820fa 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +09-Sep-2020: Security Advisory: Raccoon attack 05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it diff --git a/news/secadv/20200909.txt b/news/secadv/20200909.txt new file mode 100644 index 000..bbe32dd --- /dev/null +++ b/news/secadv/20200909.txt @@ -0,0 +1,76 @@ +OpenSSL Security Advisory [09 September 2020] += + +Raccoon Attack (CVE-2020-1968) +== + +Severity: Low + +The Raccoon attack exploits a flaw in the TLS specification which can lead to +an attacker being able to compute the pre-master secret in connections which +have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would +result in the attacker being able to eavesdrop on all encrypted communications +sent over that TLS connection. The attack can only be exploited if an +implementation re-uses a DH secret across multiple TLS connections. Note that +this issue only impacts DH ciphersuites and not ECDH ciphersuites. + +OpenSSL 1.1.1 is not vulnerable to this issue: it never reuses a DH secret and +does not implement any "static" DH ciphersuites. + +OpenSSL 1.0.2f and above will only reuse a DH secret if a "static" DH +ciphersuite is used. These static "DH" ciphersuites are ones that start with the +text "DH-" (for example "DH-RSA-AES256-SHA"). The standard IANA names for these +ciphersuites all start with "TLS_DH_" but excludes those that start with +"TLS_DH_anon_". + +OpenSSL 1.0.2e and below would reuse the DH secret across multiple TLS +connections in server processes unless the SSL_OP_SINGLE_DH_USE option was +explicitly configured. Therefore all ciphersuites that use DH in servers +(including ephemeral DH) are vulnerable in these versions. In OpenSSL 1.0.2f +SSL_OP_SINGLE_DH_USE was made the default and it could not be turned off as a +response to CVE-2016-0701. + +Since the vulnerability lies in the TLS specification, fixing the affected +ciphersuites is not viable. For this reason 1.0.2w moves the affected +ciphersuites into the "weak-ssl-ciphers" list. Support for the +"weak-ssl-ciphers" is not compiled in by default. This is unlikely to cause +interoperability problems in most cases since use of these ciphersuites is rare. +Support for the "weak-ssl-ciphers" can be added back by configuring OpenSSL at +compile time with the "enable-weak-ssl-ciphers" option. This is not recommended. + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. + +Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2w. If +upgrading is not viable then users of OpenSSL 1.0.2v or below should ensure +that affected ciphersuites are disabled through runtime configuration. Also +note that the affected ciphersuites are only available on the server side if a +DH certificate has been configured. These certificates are very rarely used and +for this reason this issue has been classified as LOW severity. + +This issue was found by Robert Merget, Marcus Brinkmann, Nimrod Aviram and Juraj +Somorovsky and reported to OpenSSL on 28th May 2020 under embargo in order to +allow co-ordinated disclosure with other implementations. + +Note + + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of this issue on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20200909.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL
[web] master update
The branch master has been updated via 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 (commit) from aa5a6394fe82d072ca491cc4054b00cbf624358e (commit) - Log - commit 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 Author: Matt Caswell Date: Sat Sep 5 10:09:25 2020 +0100 Publish project admin blog post Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/192) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index a1094b9..edc8cc8 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release
[web] master update
The branch master has been updated via aa5a6394fe82d072ca491cc4054b00cbf624358e (commit) from 1ee0b6a74934e813ae26995ae59cab209127da03 (commit) - Log - commit aa5a6394fe82d072ca491cc4054b00cbf624358e Author: Mark J. Cox Date: Sun Aug 16 08:23:38 2020 +0100 Add beslist.nl to the sponsor list for the bronze equivalent github level. Remove the list of past sponsors, this would be better served perhaps as a yearly blog post giving details of the health of the project. --- Summary of changes: support/acks.html | 28 ++-- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/support/acks.html b/support/acks.html index 1f5714c..419924e 100644 --- a/support/acks.html +++ b/support/acks.html @@ -54,34 +54,10 @@ Bronze: - https://cargurus.com/;>CarGurus +https://beslist.nl/;>beslist.nl +https://cargurus.com/;>CarGurus - Past sponsors include: - -2018: https://www.akamai.com/;>Akamai, - https://www.bluecedar.com/;>Blue Cedar, - https://www.handshake.org/;>Handshake, - https://www.huawei.com/;>Huawei, - https://levchinprize.com/;>Levchin Prize, - https://www.netapp.com/;>NetApp, - https://www.smartisan.com/;>Smartisan, - and - https://vmware.com/;>VMWare. - -2017: https://www.akamai.com/;>Akamai, - https://www.huawei.com/;>Huawei, - https://www.oracle.com/;>Oracle, - and - https://www.smartisan.com/;>Smartisan. - -2016: https://www.huawei.com/;>Huawei, - https://www.coreinfrastructure.org/;>Linux Foundation -Core Infrastructure Initiative, - and - https://www.smartisan.com/;>Smartisan. - - Other Donations
[web] master update
The branch master has been updated via 1ee0b6a74934e813ae26995ae59cab209127da03 (commit) from 352c7424739f080133f1309e1dff033cd66f2c4a (commit) - Log - commit 1ee0b6a74934e813ae26995ae59cab209127da03 Author: Matt Caswell Date: Thu Aug 6 14:18:45 2020 +0100 Update newsflash.txt for the alpha6 release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/190) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 163dd21..a1094b9 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 352c7424739f080133f1309e1dff033cd66f2c4a (commit) from 4a137483e0f38397a1da6d9213f3c460147e42cf (commit) - Log - commit 352c7424739f080133f1309e1dff033cd66f2c4a Author: Richard Levitte Date: Thu Jul 16 15:39:04 2020 +0200 Add note about Alpha 5 in newsflash.txt Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/web/pull/189) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e10835a..163dd21 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it 25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it 05-Jun-2020: New Blog post: OpenSSL 3.0 Alpha3 Release
[web] master update
The branch master has been updated via 4a137483e0f38397a1da6d9213f3c460147e42cf (commit) from 63c2bf948a0aeb516d8a92b282fc52584f678c09 (commit) - Log - commit 4a137483e0f38397a1da6d9213f3c460147e42cf Author: Matt Caswell Date: Tue Jun 30 12:54:10 2020 +0100 Add Alpha4 blog post link Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/188) --- Summary of changes: news/newsflash.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index a1dbb7f..e10835a 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,7 +5,9 @@ # headings. URL paths must all be absolute. Date: Item +25-Jun-2020: New Blog post: OpenSSL 3.0 Alpha4 Release 25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it +05-Jun-2020: New Blog post: OpenSSL 3.0 Alpha3 Release 04-Jun-2020: Alpha 3 of OpenSSL 3.0 is now available: please download and test it 16-May-2020: New Blog post: https://www.openssl.org/blog/blog/2020/05/16/OpenSSL3.0Alpha2/;>OpenSSL 3.0 Alpha2 Release 15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via 63c2bf948a0aeb516d8a92b282fc52584f678c09 (commit) from e9ed65c8a2ec4544a9830d904c0804a9ad527922 (commit) - Log - commit 63c2bf948a0aeb516d8a92b282fc52584f678c09 Author: Matt Caswell Date: Thu Jun 25 15:05:37 2020 +0100 Add note about Alpha 4 in newsflash.txt Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/186) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 8a0ad60..a1dbb7f 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +25-Jun-2020: Alpha 4 of OpenSSL 3.0 is now available: please download and test it 04-Jun-2020: Alpha 3 of OpenSSL 3.0 is now available: please download and test it 16-May-2020: New Blog post: https://www.openssl.org/blog/blog/2020/05/16/OpenSSL3.0Alpha2/;>OpenSSL 3.0 Alpha2 Release 15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it
[web] master update
The branch master has been updated via e9ed65c8a2ec4544a9830d904c0804a9ad527922 (commit) from cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 (commit) - Log - commit e9ed65c8a2ec4544a9830d904c0804a9ad527922 Author: Matt Caswell Date: Thu Jun 4 15:14:20 2020 +0100 Updates for Alpha 3 release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/180) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 6986755..8a0ad60 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +04-Jun-2020: Alpha 3 of OpenSSL 3.0 is now available: please download and test it 16-May-2020: New Blog post: https://www.openssl.org/blog/blog/2020/05/16/OpenSSL3.0Alpha2/;>OpenSSL 3.0 Alpha2 Release 15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it 12-May-2020: New Blog post: https://www.openssl.org/blog/blog/2020/05/12/security-prenotifications/;>Security Policy Update on Prenotifications
[web] master update
The branch master has been updated via cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 (commit) via 67e47e8ba8c4b28604817c1b1be8756b1e894e21 (commit) from 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f (commit) - Log - commit cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 Merge: 320f9a2 67e47e8 Author: Mark J. Cox Date: Thu Jun 4 09:29:20 2020 +0100 Merge pull request #171 from t8m/master Mention the CLA: trivial marker commit 67e47e8ba8c4b28604817c1b1be8756b1e894e21 Author: Tomáš Mráz Date: Thu Apr 16 12:22:26 2020 +0200 Mention the CLA: trivial marker --- Summary of changes: policies/cla.html | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/policies/cla.html b/policies/cla.html index 51876e4..e29cf7d 100644 --- a/policies/cla.html +++ b/policies/cla.html @@ -46,8 +46,10 @@ In practice, it is required that the author (in the git commit message) and all approving team members (in the pull request thread) - agree that a change is trivial. The reviewers will normally post - a statement to the effect of "I agree that it is a trivial change." + agree that a change is trivial. The author has to add "CLA: trivial" + in the commit message separated by an empty line from the rest of the + message. The reviewers will normally post a statement to the effect + of "I agree that it is a trivial change."
[web] master update
The branch master has been updated via 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f (commit) via fdfbad68adcdcdd09533b493a22113408a568249 (commit) from 99682759ed4de5f994e486e6bc6ca0f8617c8c5b (commit) - Log - commit 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f Merge: 9968275 fdfbad6 Author: Mark J. Cox Date: Thu Jun 4 09:27:32 2020 +0100 Merge pull request #165 from iamamoose/nostandards Remove the docs/standards.html page commit fdfbad68adcdcdd09533b493a22113408a568249 Author: Mark J. Cox Date: Fri Mar 20 14:19:56 2020 + The standards page is out of date and we don't want to maintain it going forward, so best to remove it fixes #155 #106 --- Summary of changes: docs/index.html | 4 +- docs/sidebar.shtml | 3 - docs/standards.html | 200 3 files changed, 1 insertion(+), 206 deletions(-) delete mode 100644 docs/standards.html diff --git a/docs/index.html b/docs/index.html index a0297d0..16b7bf4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -22,9 +22,7 @@ The frequently-asked questions (FAQ) -is available. So is an incomplete list of -what standards (RFC's) are relevant. - +is available. Information about the first-ever open source FIPS-140 validation is also diff --git a/docs/sidebar.shtml b/docs/sidebar.shtml index e017bad..a603a43 100644 --- a/docs/sidebar.shtml +++ b/docs/sidebar.shtml @@ -6,9 +6,6 @@ FAQ - -Relevant standards - Manpages diff --git a/docs/standards.html b/docs/standards.html deleted file mode 100644 index c9e612e..000 --- a/docs/standards.html +++ /dev/null @@ -1,200 +0,0 @@ - - - - - - - - - - Standards - - This page is a partial list of the specifications -that are relevant to OpenSSL. Sometimes a document is useful -because OpenSSL provides an implementation; and sometimes it is -useful just for background knowledge. This list is maintained -on a casual basis. If you have updates, please let us know. - -Note that we do not claim to have completely implemented every -part of any specification. And also that some algorithms are -disabled by default. - - - https://tools.ietf.org/html/rfc1319;>RFC 1319: - The MD2 Message-Digest Algorithm - https://tools.ietf.org/html/rfc1320;>RFC 1320: - The MD4 Message-Digest Algorithm - https://tools.ietf.org/html/rfc1321;>RFC 1321: - The MD5 Message-Digest Algorithm - https://tools.ietf.org/html/rfc1421;>RFC 1421: - Privacy Enhancement for Internet Electronic Mail: Part - I: Message Encryption and Authentication Procedures - https://tools.ietf.org/html/rfc1422;>RFC 1422: - Privacy Enhancement for Internet Electronic Mail: Part - II: Certificate-Based Key Management - https://tools.ietf.org/html/rfc1423;>RFC 1423: - Privacy Enhancement for Internet Electronic Mail: Part - III: Algorithms, Modes, and Identifiers - https://tools.ietf.org/html/rfc1424;>RFC 1424: - Privacy Enhancement for Internet Electronic Mail: Part - IV: Key Certification and Related Services - https://tools.ietf.org/html/rfc2246;>RFC 2246: - The TLS Protocol Version 1 - https://tools.ietf.org/html/rfc2268;>RFC 2268: - A Description of the RC2(r) Encryption - Algorithm - https://tools.ietf.org/html/rfc2315;>RFC 2315: - PKCS 7: Cryptographic Message Syntax Version 1.5 - https://tools.ietf.org/html/rfc2510;>RFC 2510: - Internet X.509 Public Key Infrastructure Certificate - Management Protocols - https://tools.ietf.org/html/rfc2511;>RFC 2511: - Internet X.509 Certificate Request Message Format - https://tools.ietf.org/html/rfc2527;>RFC 2527: - Internet X.509 Public Key Infrastructure Certificate - Policy and Certification Practices Framework - https://tools.ietf.org/html/rfc2538;>RFC 2538: - Storing Certificates in the Domain Name System - (DNS) - https://tools.ietf.org/html/rfc2539;>RFC 2539: - Storage of Diffie-Hellman Keys in the Domain Name - System (DNS) - https://tools.ietf.org/html/rfc2559;>RFC 2559: - Internet X.509 Public Key Infrastructure Operational -
[web] master update
The branch master has been updated via 99682759ed4de5f994e486e6bc6ca0f8617c8c5b (commit) via 2fa2bb62190deb3c45df3b691a414246d87d9fe4 (commit) via 3beefff3e6a58d2796eba2ef9944404b3d706c48 (commit) from ea973d250e311c51c91217c2e6edf93370be0e43 (commit) - Log - commit 99682759ed4de5f994e486e6bc6ca0f8617c8c5b Merge: ea973d2 2fa2bb6 Author: Mark J. Cox Date: Thu Jun 4 09:22:17 2020 +0100 Merge pull request #179 from iamamoose/sponsors Add a link to our GitHub sponsors page commit 2fa2bb62190deb3c45df3b691a414246d87d9fe4 Author: Mark J. Cox Date: Thu Jun 4 08:01:11 2020 +0100 Closing tag commit 3beefff3e6a58d2796eba2ef9944404b3d706c48 Author: Mark J. Cox Date: Thu Jun 4 07:58:51 2020 +0100 Add a link to our GitHub sponsors page; we do need to rework all these pages in the future so don't worry about the "and one more thing" style for now. --- Summary of changes: support/donations.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/support/donations.html b/support/donations.html index 731ac19..0228569 100644 --- a/support/donations.html +++ b/support/donations.html @@ -17,6 +17,9 @@ sponsorship donation, or by hiring OSF for consulting services or custom software development. +We can also accept smaller donations +via https://github.com/sponsors/openssl;>GitHub Sponsors. + We do not have a PayPal account. Please do not donate to any PayPal account claiming to be associated with us!
[web] master update
The branch master has been updated via ea973d250e311c51c91217c2e6edf93370be0e43 (commit) from b8cbeb50101d646908769827e8b03cc7c382 (commit) - Log - commit ea973d250e311c51c91217c2e6edf93370be0e43 Author: Richard Levitte Date: Thu Apr 23 19:44:05 2020 +0200 Adapt man-page making for OpenSSL master / 3.0 We use OpenSSL's rendering instead of our own, and just lightly strip the result to fit in our page layout. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/175) --- Summary of changes: Makefile | 63 +++--- bin/all-html-man-names | 16 bin/from-tt| 6 ++--- bin/mk-manpages| 2 +- bin/mk-manpages3 | 34 + bin/strip-man-html | 17 + inc/manpage-template.html5 | 46 + 7 files changed, 166 insertions(+), 18 deletions(-) create mode 100755 bin/all-html-man-names create mode 100755 bin/mk-manpages3 create mode 100755 bin/strip-man-html create mode 100644 inc/manpage-template.html5 diff --git a/Makefile b/Makefile index d31a473..4b1bd1f 100644 --- a/Makefile +++ b/Makefile @@ -21,11 +21,12 @@ SERIES=1.1.1 ## Older series. The second type is for source listings OLDSERIES=1.1.0 1.0.2 1.0.1 1.0.0 0.9.8 0.9.7 0.9.6 OLDSERIES2=1.1.0 1.0.2 1.0.1 1.0.0 0.9.x +## Series for manual layouts +MANSERIES1=1.1.1 +MANSERIES3=3.0 # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ -community/committers.inc \ -community/otc.inc community/omc.inc community/omc-alumni.inc \ docs/faq.inc docs/fips.inc \ docs/OpenSSLStrategicArchitecture.html \ docs/OpenSSL300Design.html \ @@ -79,13 +80,19 @@ rebuild: all ## ## A lot of the work is made with generated rules. -# makemanpages creates rules for targets like manpages-1.1.1, to -# build the set of man-pages and indexes of man-pages for the given -# OpenSSL release (such as 1.1.1) +# makemanpages1 and makemanpages3 creates rules for targets like man-pages-1.1.1, +# to build the set of man-pages. makemanpages1 is used for pre-3.0 OpenSSL, +# while makemanpages3 is used for OpenSSL 3.0 and on. +# makemanapropos creates rules for targets like man-apropos-1.1.1, to build +# 'apropos' like indexes for all the manpages. +# makemanindexes creates rules for targets like man-index-1.1.1, to build the +# main HTML index for a set of man-pages. # # $(1) = input directory in CHECKOUTS, $(2) = release version -define makemanpages -manpages-$(2): + +# This variant is for pre-3.0 documentation +define makemanpages1 +man-pages-$(2): @rm -rf docs/man$(2) @mkdir -p docs/man$(2) \ docs/man$(2)/man1 \ @@ -93,34 +100,62 @@ manpages-$(2): docs/man$(2)/man5 \ docs/man$(2)/man7 ./bin/mk-manpages $(CHECKOUTS)/$(1)/doc $(2) docs/man$(2) +endef +# This variant is for 3.0 documentation +define makemanpages3 +man-pages-$(2): + @rm -rf docs/man$(2) + @mkdir -p docs/man$(2) \ + docs/man$(2)/man1 \ + docs/man$(2)/man3 \ + docs/man$(2)/man5 \ + docs/man$(2)/man7 + ./bin/mk-manpages3 $(CHECKOUTS)/$(1) $(2) docs/man$(2) +endef +define makemanapropos +man-apropos-$(2): man-pages-$(2) ./bin/mk-apropos docs/man$(2)/man1 > docs/man$(2)/man1/index.inc ./bin/mk-apropos docs/man$(2)/man3 > docs/man$(2)/man3/index.inc ./bin/mk-apropos docs/man$(2)/man5 > docs/man$(2)/man5/index.inc ./bin/mk-apropos docs/man$(2)/man7 > docs/man$(2)/man7/index.inc +endef +define makemanindexes +man-index-$(2): ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ < docs/sub-man1-index.html.tt > docs/man$(2)/man1/index.html - ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ + ./bin/from-tt -d docs/man$(2)/man3 releases='$(SERIES)' release='$(2)' \ < docs/sub-man3-index.html.tt > docs/man$(2)/man3/index.html - ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ + ./bin/from-tt -d docs/man$(2)/man5 releases='$(SERIES)' release='$(2)' \ < docs/sub-man5-index.html.tt > docs/man$(2)/man5/index.html - ./bin/from-tt -d docs/man$(2)/man1 releases='$(SERIES)' release='$(2)' \ + ./bin/from-tt -d docs/man$(2)/man7 releases='$(SERIES)' release='$(2)' \ < docs/sub-man7-index.html.tt > docs/man$(2)/man7/index.html ./bin/from-tt -d docs/man$(2) releases='$(SERIES)' release='$(2)' \ < docs/sub-index.html.tt > docs/man$(2)/index.html endef +define makemanuals1 +$(eval
[web] master update
The branch master has been updated via b8cbeb50101d646908769827e8b03cc7c382 (commit) from a31146714fc598622c0439b595047fa782f0 (commit) - Log - commit b8cbeb50101d646908769827e8b03cc7c382 Author: Matt Caswell Date: Tue May 19 08:40:11 2020 +0100 Mention some blog posts in the newsflash file Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/178) --- Summary of changes: news/newsflash.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 91573a2..6986755 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,7 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item + +16-May-2020: New Blog post: https://www.openssl.org/blog/blog/2020/05/16/OpenSSL3.0Alpha2/;>OpenSSL 3.0 Alpha2 Release 15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it +12-May-2020: New Blog post: https://www.openssl.org/blog/blog/2020/05/12/security-prenotifications/;>Security Policy Update on Prenotifications 23-Apr-2020: New Blog post: https://www.openssl.org/blog/blog/2020/04/23/OpenSSL3.0Alpha1/;>OpenSSL 3.0 Alpha1 Release 23-Apr-2020: Alpha 1 of OpenSSL 3.0 is now available: please download and test it 21-Apr-2020: Security Advisory: one high severity fix in SSL_check_chain()
[web] master update
The branch master has been updated via a31146714fc598622c0439b595047fa782f0 (commit) from a3ca66fc68fce2216fa885db22706d0396bf8cfc (commit) - Log - commit a31146714fc598622c0439b595047fa782f0 Author: Matt Caswell Date: Thu Apr 23 16:22:08 2020 +0100 Add some notes about 3.0 on the download page Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/174) --- Summary of changes: source/index.html | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source/index.html b/source/index.html index b617cfe..d0ae87b 100644 --- a/source/index.html +++ b/source/index.html @@ -32,7 +32,7 @@ Note: The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September -2023. All other versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are +2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encourage to upgrade to 1.1.1 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is @@ -43,6 +43,12 @@ conjunction with a FIPS capable version of OpenSSL (1.0.2 series). A new FIPS module is currently in development. +OpenSSL 3.0 is the next major version of OpenSSL that is currently +in development and includes the new FIPS Object Module. A pre-release +version of this is available below. This is for testing only. It should +not be used in production. Information and notes about OpenSSL 3.0 are +available on the OpenSSL +https://wiki.openssl.org/index.php/OpenSSL_3.0;>Wiki KBytes
[web] master update
The branch master has been updated via a3ca66fc68fce2216fa885db22706d0396bf8cfc (commit) from d874d260ef2e325c946ae152ea0d09c640c73d8b (commit) - Log - commit a3ca66fc68fce2216fa885db22706d0396bf8cfc Author: Matt Caswell Date: Fri May 15 14:53:08 2020 +0100 Update newsflash for alpha2 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/177) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 5267af2..91573a2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it 23-Apr-2020: New Blog post: https://www.openssl.org/blog/blog/2020/04/23/OpenSSL3.0Alpha1/;>OpenSSL 3.0 Alpha1 Release 23-Apr-2020: Alpha 1 of OpenSSL 3.0 is now available: please download and test it 21-Apr-2020: Security Advisory: one high severity fix in SSL_check_chain()
[web] master update
The branch master has been updated via d874d260ef2e325c946ae152ea0d09c640c73d8b (commit) from 2c56e98a493d3739cdf292ff3d3c70de77e5efa9 (commit) - Log - commit d874d260ef2e325c946ae152ea0d09c640c73d8b Author: Mark J. Cox Date: Tue May 12 09:40:58 2020 +0100 Update policy to add to prenotifications as per OMC vote --- Summary of changes: policies/secpolicy.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 67d91d1..54fb592 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 12th May 2019 + Last modified 12th May 2020 @@ -128,6 +128,8 @@ href="http://oss-security.openwall.org/wiki/mailing-lists/distros;>this list of Operating System distribution security contacts. We may also include other organisations that are not listed but would otherwise qualify for list membership. +We may also include organisations with which we have a +commercial relationship. We may withdraw notifying certain organisations from future prenotifications if they leak issues before they are public
[web] master update
The branch master has been updated via 2c56e98a493d3739cdf292ff3d3c70de77e5efa9 (commit) from 8b89d4009750e75be8cc9ced269234c34290a775 (commit) - Log - commit 2c56e98a493d3739cdf292ff3d3c70de77e5efa9 Author: Matt Caswell Date: Thu Apr 23 16:13:06 2020 +0100 Add a link to the Alpha 1 blog post Reviewed-by: Mark J. Cox Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/173) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 38bf5e2..5267af2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +23-Apr-2020: New Blog post: https://www.openssl.org/blog/blog/2020/04/23/OpenSSL3.0Alpha1/;>OpenSSL 3.0 Alpha1 Release 23-Apr-2020: Alpha 1 of OpenSSL 3.0 is now available: please download and test it 21-Apr-2020: Security Advisory: one high severity fix in SSL_check_chain() 21-Apr-2020: OpenSSL 1.1.1g is now available, including a security fix
[web] master update
The branch master has been updated via 8b89d4009750e75be8cc9ced269234c34290a775 (commit) from fb2c1de49360a78822fcd5c5a2ad0a1f0fd94220 (commit) - Log - commit 8b89d4009750e75be8cc9ced269234c34290a775 Author: Matt Caswell Date: Thu Apr 23 14:30:29 2020 +0100 Update newsflash for 3.0 alpha 1 release Reviewed-by: Richard Levitte --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 43ad814..38bf5e2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +23-Apr-2020: Alpha 1 of OpenSSL 3.0 is now available: please download and test it 21-Apr-2020: Security Advisory: one high severity fix in SSL_check_chain() 21-Apr-2020: OpenSSL 1.1.1g is now available, including a security fix 31-Mar-2020: OpenSSL 1.1.1f is now available, including bug fixes
