[openssl-commits] [web] master update
The branch master has been updated via d58a4110c94ead1c72693c86e1d5841620209660 (commit) from 5c98cb9a57ad617454a721aa640cb096e09b5e7b (commit) - Log - commit d58a4110c94ead1c72693c86e1d5841620209660 Author: Richard Levitte Date: Fri Feb 15 10:16:46 2019 +0100 Typo --- Summary of changes: news/newsflash.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index d5d6e56..5ded4d4 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,7 +5,7 @@ # headings. URL paths must all be absolute. Date: Item 11-Feb-2019: 3.0.0 Design (draft) is now available -11-Feb-2019: Strategic Architecture for OpenSSL 3.0.0 and beyond is now available +11-Feb-2019: Strategic Architecture for OpenSSL 3.0.0 and beyond is now available 20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes 20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes 20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5c98cb9a57ad617454a721aa640cb096e09b5e7b (commit) from f758bad1d2241ae88a3065b974313d78a8978200 (commit) - Log - commit 5c98cb9a57ad617454a721aa640cb096e09b5e7b Author: Richard Levitte Date: Mon Feb 11 23:59:21 2019 +0100 Fix CSS props for code color The 'pre' CSS is enough, we have no need for variants for 'p code', 'li code', 'p pre code' and 'li pre code'... Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/116) --- Summary of changes: inc/screen.css | 42 +- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/inc/screen.css b/inc/screen.css index 9938bcc..29b74b9 100644 --- a/inc/screen.css +++ b/inc/screen.css @@ -1084,27 +1084,27 @@ h3.filename + pre { border-top-right-radius: 0px; } -p code, li code { - display: inline-block; - white-space: no-wrap; - background: #fff; - font-size: .8em; - line-height: 1.5em; - color: #555; - border: 1px solid #ddd; - -webkit-border-radius: 0.4em; - -moz-border-radius: 0.4em; - -ms-border-radius: 0.4em; - -o-border-radius: 0.4em; - border-radius: 0.4em; - padding: 0 .3em; - margin: -1px 0; -} -p pre code, li pre code { - font-size: 1em !important; - background: none; - border: none; -} +//p code, li code { +// display: inline-block; +// white-space: no-wrap; +// background: #fff; +// font-size: .8em; +// line-height: 1.5em; +// color: #555; +// border: 1px solid #ddd; +// -webkit-border-radius: 0.4em; +// -moz-border-radius: 0.4em; +// -ms-border-radius: 0.4em; +// -o-border-radius: 0.4em; +// border-radius: 0.4em; +// padding: 0 .3em; +// margin: -1px 0; +//} +//p pre code, li pre code { +// font-size: 1em !important; +// background: none; +// border: none; +//} .pre-code, html .highlight pre, .highlight code { font-family: Menlo, Monaco, "Andale Mono", "lucida console", "Courier New", monospace !important; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f758bad1d2241ae88a3065b974313d78a8978200 (commit) from 2377ab72410b9c117e9a88cecbad83c6a2827220 (commit) - Log - commit f758bad1d2241ae88a3065b974313d78a8978200 Author: Richard Levitte Date: Mon Feb 11 22:41:12 2019 +0100 Stray 'q' begone! Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/115) --- Summary of changes: docs/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.html b/docs/index.html index 1279b6d..a0297d0 100644 --- a/docs/index.html +++ b/docs/index.html @@ -46,7 +46,7 @@ It is highly recommended. -q + You are here: Home : Documentation Sitemap _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2377ab72410b9c117e9a88cecbad83c6a2827220 (commit) via e9ab2edffc56f8a840347ef7c35cc55cc6879744 (commit) from e56baa71b5cc8028e08e8a3027ea9ecf3f27dbd0 (commit) - Log - commit 2377ab72410b9c117e9a88cecbad83c6a2827220 Author: Richard Levitte Date: Mon Feb 11 20:49:51 2019 +0100 Make a general rule for converting markdown to html5 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/114) commit e9ab2edffc56f8a840347ef7c35cc55cc6879744 Author: Richard Levitte Date: Mon Feb 11 20:49:13 2019 +0100 Publish the Strategic Architecture and 3.0.0 Design (draft) documents Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/114) --- Summary of changes: Makefile | 13 ++--- docs/index.html| 11 ++- news/newsflash.txt | 2 ++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index a8dbae6..37ffb75 100644 --- a/Makefile +++ b/Makefile @@ -43,6 +43,12 @@ SRCLISTS = \ source/old/fips/index.inc \ +.SUFFIXES: .md .html + +.md.html: + @rm -f $@ + ./bin/md-to-html5 $< + all: suball manmaster mancross suball: $(SIMPLE) $(SRCLISTS) @@ -108,13 +114,6 @@ docs/fips.inc: $(wildcard docs/fips/*) bin/mk-filelist @rm -f $@ ./bin/mk-filelist docs/fips fips/ '*' >$@ -docs/OpenSSLStrategicArchitecture.html: docs/OpenSSLStrategicArchitecture.md - @rm -f $@ - ./bin/md-to-html5 $< -docs/OpenSSL300Design.html: docs/OpenSSL300Design.md - @rm -f $@ - ./bin/md-to-html5 $< - news/changelog.inc: news/changelog.txt bin/mk-changelog @rm -f $@ ./bin/mk-changelog $@ diff --git a/docs/index.html b/docs/index.html index 7fcbc9a..1279b6d 100644 --- a/docs/index.html +++ b/docs/index.html @@ -11,6 +11,15 @@ Documentation + + We have a + Strategic + Architecture for the development of OpenSSL from + 3.0.0 and going forward, as well as a + design for 3.0.0 (draft) + specifically. + + The frequently-asked questions (FAQ) is available. So is an incomplete list of @@ -37,7 +46,7 @@ It is highly recommended. - +q You are here: Home : Documentation Sitemap diff --git a/news/newsflash.txt b/news/newsflash.txt index 07229f2..d5d6e56 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +11-Feb-2019: 3.0.0 Design (draft) is now available +11-Feb-2019: Strategic Architecture for OpenSSL 3.0.0 and beyond is now available 20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes 20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes 20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 86790fc138e335918125ccd51941958785e840d5 (commit) via b36b544b878c13b91109743220590fa7e9af5508 (commit) from 1763c4db685b43c58b33d2ace0435da1a067ba24 (commit) - Log - commit 86790fc138e335918125ccd51941958785e840d5 Author: Richard Levitte Date: Tue Jan 29 14:10:00 2019 +0100 Add the OpenSSL Strategic Architecture document Includes notes on how to convert documents from Google Docs to Markdown. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/110) commit b36b544b878c13b91109743220590fa7e9af5508 Author: Richard Levitte Date: Wed Jan 30 13:50:48 2019 +0100 bin/md-to-html5: change output directory The output directory should be the same as for the input file Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/111) --- Summary of changes: Makefile | 5 + bin/md-to-html5 | 6 +- docs/OpenSSLStrategicArchitecture.md | 290 +++ docs/README.googledocs.md| 77 ++ docs/images/AsIsComponent.png| Bin 0 -> 52562 bytes docs/images/AsIsPackaging.png| Bin 0 -> 36348 bytes docs/images/ToBeComponent.png| Bin 0 -> 73449 bytes docs/images/ToBePackaging.png| Bin 0 -> 65063 bytes 8 files changed, 375 insertions(+), 3 deletions(-) create mode 100644 docs/OpenSSLStrategicArchitecture.md create mode 100644 docs/README.googledocs.md create mode 100644 docs/images/AsIsComponent.png create mode 100644 docs/images/AsIsPackaging.png create mode 100644 docs/images/ToBeComponent.png create mode 100644 docs/images/ToBePackaging.png diff --git a/Makefile b/Makefile index d1a8651..f799e85 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,7 @@ SIMPLE = newsflash.inc sitemap.txt \ community/committers.inc \ community/omc.inc community/omc-alumni.inc \ docs/faq.inc docs/fips.inc \ +docs/OpenSSLStrategicArchitecture.html \ news/changelog.inc news/changelog.txt \ news/cl102.txt news/cl110.txt news/cl111.txt \ news/openssl-1.0.2-notes.inc \ @@ -106,6 +107,10 @@ docs/fips.inc: $(wildcard docs/fips/*) bin/mk-filelist @rm -f $@ ./bin/mk-filelist docs/fips fips/ '*' >$@ +docs/OpenSSLStrategicArchitecture.html: docs/OpenSSLStrategicArchitecture.md + @rm -f $@ + ./bin/md-to-html5 $< + news/changelog.inc: news/changelog.txt bin/mk-changelog @rm -f $@ ./bin/mk-changelog $@ diff --git a/bin/md-to-html5 b/bin/md-to-html5 index 7bb815b..08aac34 100755 --- a/bin/md-to-html5 +++ b/bin/md-to-html5 @@ -4,12 +4,12 @@ template="$0.tmpl.html5" for f in "$@"; do b=`basename "$f" .md` +d=`dirname "$f"` if [ "$f" != "$b" ]; then - bns=`echo "$b" | sed -e 's| *||g'` - t=`dirname "$b"`.tmpl.html5 + t="$d/$b.tmpl.html5" if [ ! -f "$t" ]; then t="$template" fi - pandoc -t html5 --template="$t" "$f" > "$bns.html" + pandoc -t html5 --template="$t" "$f" > "$d/$b.html" fi done diff --git a/docs/OpenSSLStrategicArchitecture.md b/docs/OpenSSLStrategicArchitecture.md new file mode 100644 index 000..ecc8fd1 --- /dev/null +++ b/docs/OpenSSLStrategicArchitecture.md @@ -0,0 +1,290 @@ +--- +title: OpenSSL Strategic Architecture +author: OpenSSL Management Committee (OMC) +date: January, 2019 +--- +## Introduction + +This document outlines the OpenSSL strategic architecture. It will take +multiple releases, starting from 3.0.0, to move the architecture from +the current "as-is" (1.1.1), to the future "to-be" architecture. + +Numerous changes are anticipated in the to-be architecture. A migration +path for handling the eventual transition will be provided. The OpenSSL +3.0.0 release will have minimal impact to the vast majority of existing +applications, almost all well-behaved applications will just need to be +recompiled. + +The current functionality provided by the engine interface will be +replaced over time via a provider interface. OpenSSL 3.0.0 will continue +to support engines. The to-be architecture will not be fully realised +until OpenSSL 4.0.0 at the earliest. + +## As-is architecture + +Currently, OpenSSL is split into four principal components: + +1. libcrypto. This is the core library for providing implementations of +numerous cryptographic primitives. In addition it provides a set of +supporting services which are used by libssl and libcrypto, as well +as implementations of protocols such as CMS and OCSP. + +2. Engine. The functionality of libcrypto can be extended through the +Engine API. + +Typically engines are dynamically loadable modules that are registered +with libcrypto and use the
[openssl-commits] [web] master update
The branch master has been updated via 1763c4db685b43c58b33d2ace0435da1a067ba24 (commit) via 8e80d7699c38ef890cc62da9fd713bcfc49152db (commit) via 98d1be0a1bcd7ae582753e54b523faf6b4bd1360 (commit) from 04c0cb565a81ed4357722dcce70c50b3575e2863 (commit) - Log - commit 1763c4db685b43c58b33d2ace0435da1a067ba24 Author: Richard Levitte Date: Tue Jan 29 22:21:39 2019 +0100 bin/mk-mancross: new manpage cross reference script Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/107) commit 8e80d7699c38ef890cc62da9fd713bcfc49152db Author: Richard Levitte Date: Tue Jan 29 21:33:30 2019 +0100 bin/mk-manpages: refactor to allow cross references between releases So far, we created one HTML file for each POD file, and then made hard links to it for other names that are in the POD file's NAMES section. However, this came with the assumption that cross referencing between releases would work simply be linking to the same name on other releases. This, however, did not take into account that manuals in newer releases don't necessarily exist in older releases, or that some files may have changed names. Names in NAMES sections are, however, fairly constant, and are therefore much safer to link to. At the same time, it's safe to say that if a particular name doesn't exist in some other releases, there should simply not be a link. A conclusion to draw from is that cross referencing must be made on a per NAMES section name basis, rather than on POD file name basis. To allow this to happen and still not have to rewrite the same Pod2Html result for every name in a specific POD file's NAMES section, the structure of the rendered man pages are changed to this: - POD files are rendered into a .inc file with the exact same basename as the POD file. - For every name in the NAMES section, am HTML file is created. It contains the standard header and footer stuff, and includes the generated .inc file in the middle. It also includes a .cross file with the same basename as the HTML file as part of the sidebar. In another commit, there will be a script for cross referencing, which will generate the .cross files mentioned above. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/107) commit 98d1be0a1bcd7ae582753e54b523faf6b4bd1360 Author: Richard Levitte Date: Thu Jan 3 16:37:24 2019 +0100 Handle document sectioning correctly Gone are the apps/, crypto/ and ssl/ directories. We move to a Unix manpage structure for older releases as well as new ones. With that, there's no more need for a separate bin/mk-newmanpages, bin/mk-manpages can handle both the old and the new POD directory structure. For a document tree that previously had apps/, crypto/ and ssl/, we provide a .htaccess that accepts the old URLs and maps them correctly to man1/ or man3/. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/107) --- Summary of changes: .gitignore | 1 + Makefile | 26 +- bin/mk-mancross | 54 bin/mk-manmap| 27 ++ bin/mk-manpages | 300 ++--- bin/mk-newmanpages | 315 --- docs/man1.0.2/crypto/index.html | 43 docs/man1.0.2/index.html | 7 +- docs/{man1.1.0/apps => man1.0.2/man1}/index.html | 5 +- docs/{man1.1.0/ssl => man1.0.2/man3}/index.html | 17 +- docs/{man1.1.1/man7 => man1.0.2/man5}/index.html | 8 +- docs/{man1.1.1 => man1.0.2}/man7/index.html | 8 +- docs/man1.1.0/crypto/index.html | 43 docs/man1.1.0/index.html | 7 +- docs/{man1.0.2/apps => man1.1.0/man1}/index.html | 4 +- docs/{man1.0.2/ssl => man1.1.0/man3}/index.html | 16 +- docs/{man1.1.1/man7 => man1.1.0/man5}/index.html | 8 +- docs/{man1.1.1/man1 => man1.1.0/man7}/index.html | 5 +- docs/man1.1.1/man3/index.html| 6 + docs/manmaster/man3/index.html | 6 + 20 files changed, 306 insertions(+), 600 deletions(-) create mode 100755 bin/mk-mancross create mode 100755 bin/mk-manmap delete mode 100755 bin/mk-newmanpages delete mode 100644 docs/man1.0.2/crypto/index.html rename docs/{man1.1.0/apps => man1.0.2/man1}/index.html (91%) rename docs/{man1.1.0/ssl => man1.0.2/man3}/index.html (68%) copy docs/{man1.1.1/man7 => man1.0.2/man5}/index.html (83%) copy docs/{man1.1.1 =>
[openssl-commits] [web] master update
The branch master has been updated via 04c0cb565a81ed4357722dcce70c50b3575e2863 (commit) from 895ee9dcaa50a72637b907dd3ab62723e23863f9 (commit) - Log - commit 04c0cb565a81ed4357722dcce70c50b3575e2863 Author: Richard Levitte Date: Tue Jan 29 13:29:23 2019 +0100 mk-apropos: don't include non-manpage files mk-apropos looks at all HTML files in a given directory, but failed to recognise files that aren't rendered manpage, such as index.html. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/109) --- Summary of changes: bin/mk-apropos | 5 + 1 file changed, 5 insertions(+) diff --git a/bin/mk-apropos b/bin/mk-apropos index a9dd5b6..64899a4 100755 --- a/bin/mk-apropos +++ b/bin/mk-apropos @@ -6,6 +6,11 @@ cd $dir for m in `find . -name '*.html' | sort`; do description=`grep -F '||'` +# If there isn't a description, it isn't a manpage and should not be +# included +if [ "$description" = "" ]; then + continue +fi manfile=`echo $m | sed -e 's|\./||'` manname=`basename $manfile .html` origmanfile=`echo $manfile | sed -e "s|^$subdir|$origsubdir|"` _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 895ee9dcaa50a72637b907dd3ab62723e23863f9 (commit) from 8557dd2bb3cebee18ec35347250271322b09d5da (commit) - Log - commit 895ee9dcaa50a72637b907dd3ab62723e23863f9 Author: Richard Levitte Date: Tue Jan 29 12:43:41 2019 +0100 Markdown to OpenSSL HTML5 pages Markdown is a popular format for text files, and some documents are easier to read in this form than in HTML. For future purposes, this is the scripts we need to process markdown files into HTML5. This script is based on pandoc, which is a pretty good translator between a range of different document formats. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/108) --- Summary of changes: bin/md-to-html5| 15 +++ bin/md-to-html5.tmpl.html5 | 34 ++ 2 files changed, 49 insertions(+) create mode 100755 bin/md-to-html5 create mode 100644 bin/md-to-html5.tmpl.html5 diff --git a/bin/md-to-html5 b/bin/md-to-html5 new file mode 100755 index 000..7bb815b --- /dev/null +++ b/bin/md-to-html5 @@ -0,0 +1,15 @@ +#! /bin/sh + +template="$0.tmpl.html5" + +for f in "$@"; do +b=`basename "$f" .md` +if [ "$f" != "$b" ]; then + bns=`echo "$b" | sed -e 's| *||g'` + t=`dirname "$b"`.tmpl.html5 + if [ ! -f "$t" ]; then + t="$template" + fi + pandoc -t html5 --template="$t" "$f" > "$bns.html" +fi +done diff --git a/bin/md-to-html5.tmpl.html5 b/bin/md-to-html5.tmpl.html5 new file mode 100644 index 000..b1fbe38 --- /dev/null +++ b/bin/md-to-html5.tmpl.html5 @@ -0,0 +1,34 @@ + + + + + + + + + + + +$if(title)$ + +$title$ +$if(subtitle)$ +$subtitle$ +$endif$ +$for(author)$ +$author$ +$endfor$ +$if(date)$ +$date$ +$endif$ + +$endif$ +$body$ + + + + + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8557dd2bb3cebee18ec35347250271322b09d5da (commit) from 0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit) - Log - commit 8557dd2bb3cebee18ec35347250271322b09d5da Author: Richard Levitte Date: Tue Dec 25 15:53:29 2018 +0100 Reformat FAQ files Make them correct Markdown, and then use pandoc to create the FAQ HTML. We then use CSS and a bit of Javascript to make it an accordion style FAQ. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/103) --- Summary of changes: bin/mk-faq | 110 +++-- docs/faq-1-legal.txt | 42 ++-- docs/faq-2-user.txt | 373 +++ docs/faq-3-prog.txt | 614 +-- docs/faq-4-build.txt | 397 - docs/faq-5-misc.txt | 177 --- docs/faq-6-old.txt | 18 +- docs/faq.html| 9 +- inc/screen.css | 121 ++ 9 files changed, 951 insertions(+), 910 deletions(-) diff --git a/bin/mk-faq b/bin/mk-faq index 531a6c6..0f92d2e 100755 --- a/bin/mk-faq +++ b/bin/mk-faq @@ -1,88 +1,30 @@ -#! /usr/bin/perl -use strict; -use warnings; +#! /bin/sh -# Filename->anchor name -my %anchors; -foreach my $f ( @ARGV ) { -next unless $f =~ /faq-[0-9]-(.*).txt/; -$anchors{$f} = uc($1); -} +cat/>/' \ + | sed -E -e 's/<([^<>]*)>\|([A-Z]*[0-9]*)\|/<\1 id="\2">/' +done diff --git a/docs/faq-1-legal.txt b/docs/faq-1-legal.txt index dc69809..1dfc067 100644 --- a/docs/faq-1-legal.txt +++ b/docs/faq-1-legal.txt @@ -1,28 +1,28 @@ -Legal Questions + Legal Questions -* Do I need patent licenses to use OpenSSL? +* Do I need patent licenses to use OpenSSL? -For information on intellectual property rights, please consult a lawyer. -The OpenSSL team does not offer legal advice. +For information on intellectual property rights, please consult a lawyer. +The OpenSSL team does not offer legal advice. -You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using - -./config no-idea no-mdc2 no-rc5 - +You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using -* Can I use OpenSSL with GPL software? +./config no-idea no-mdc2 no-rc5 -On many systems
[openssl-commits] [web] master update
The branch master has been updated via 0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit) via d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b (commit) from c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit) - Log - commit 0ef1cccd789aa8434f9ef8e3783df637d506b53f Merge: c49be85 d5d657a Author: Mark J. Cox Date: Tue Jan 15 12:02:31 2019 + Merge pull request #105 from iamamoose/vulns Add severities that were in the advisories but missing from the vulnerability pages, also found a missing vulnerability commit d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b Author: Mark J. Cox Date: Tue Jan 15 11:37:51 2019 + Add severities that were in the advisories but missing from the vulnerability pages, also found a missing vulnerability --- Summary of changes: news/vulnerabilities.xml | 80 1 file changed, 80 insertions(+) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 2142ade..d9b42bd 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -3629,6 +3629,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3671,6 +3672,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3689,6 +3691,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3757,8 +3760,79 @@ the certificate key is invalid. This function is rarely used in practice. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due + to a NULL pointer dereference. This could lead to a Denial Of Service attack. + + + + + + @@ -3829,6 +3903,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3872,6 +3947,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3951,6 +4027,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -4040,6 +4117,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -4066,6 +4144,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -4201,6 +4280,7 @@ the certificate key is invalid. This function is rarely used in practice. + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit) via 064a3b32b4890eff85cb8c905d91cf361673e485 (commit) via 6869d8b6065b187af840f29a574dace73d05f3c4 (commit) from 025f5f461ca3a67091aac0690de2496c03d3ba7f (commit) - Log - commit c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf Author: Richard Levitte Date: Thu Jan 3 17:23:54 2019 +0100 Generate apropos-like tables instead of filelists for manpages This works together with bin/mk-manpages' generation of description comment. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/102) commit 064a3b32b4890eff85cb8c905d91cf361673e485 Author: Richard Levitte Date: Thu Jan 3 17:17:32 2019 +0100 Have bin/mk-manpages and bin/mk-newmanpages add a description comment Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/102) commit 6869d8b6065b187af840f29a574dace73d05f3c4 Author: Richard Levitte Date: Thu Jan 3 17:11:47 2019 +0100 Change getnames() to getdata(), for generic data retrieval from POD files Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/102) --- Summary of changes: Makefile| 14 +++--- bin/mk-apropos | 13 + bin/mk-manpages | 43 - bin/mk-newmanpages | 43 - docs/man1.0.2/apps/index.html | 7 +++ docs/man1.0.2/crypto/index.html | 7 +++ docs/man1.0.2/ssl/index.html| 7 +++ docs/man1.1.0/apps/index.html | 7 +++ docs/man1.1.0/crypto/index.html | 7 +++ docs/man1.1.0/ssl/index.html| 7 +++ docs/man1.1.1/man1/index.html | 7 +++ docs/man1.1.1/man3/index.html | 7 +++ docs/man1.1.1/man5/index.html | 7 +++ docs/man1.1.1/man7/index.html | 7 +++ docs/manmaster/man1/index.html | 7 +++ docs/manmaster/man3/index.html | 7 +++ docs/manmaster/man5/index.html | 7 +++ docs/manmaster/man7/index.html | 7 +++ 18 files changed, 112 insertions(+), 99 deletions(-) create mode 100755 bin/mk-apropos diff --git a/Makefile b/Makefile index c6c54bb..2418e5e 100644 --- a/Makefile +++ b/Makefile @@ -58,16 +58,16 @@ rebuild: all define makemanpages ./bin/mk-manpages $(1) $(2) docs - ./bin/mk-filelist -a docs/man$(2)/apps '' '*.html' >docs/man$(2)/apps/index.inc - ./bin/mk-filelist -a docs/man$(2)/crypto '' '*.html' >docs/man$(2)/crypto/index.inc - ./bin/mk-filelist -a docs/man$(2)/ssl '' '*.html' >docs/man$(2)/ssl/index.inc + ./bin/mk-apropos docs/man$(2)/apps > docs/man$(2)/apps/index.inc + ./bin/mk-apropos docs/man$(2)/crypto > docs/man$(2)/crypto/index.inc + ./bin/mk-apropos docs/man$(2)/ssl> docs/man$(2)/ssl/index.inc endef define newmakemanpages ./bin/mk-newmanpages $(1) $(2) docs - ./bin/mk-filelist -a docs/man$(2)/man1 '' '*.html' >docs/man$(2)/man1/index.inc - ./bin/mk-filelist -a docs/man$(2)/man3 '' '*.html' >docs/man$(2)/man3/index.inc - ./bin/mk-filelist -a docs/man$(2)/man5 '' '*.html' >docs/man$(2)/man5/index.inc - ./bin/mk-filelist -a docs/man$(2)/man7 '' '*.html' >docs/man$(2)/man7/index.inc + ./bin/mk-apropos docs/man$(2)/man1 > docs/man$(2)/man1/index.inc + ./bin/mk-apropos docs/man$(2)/man3 > docs/man$(2)/man3/index.inc + ./bin/mk-apropos docs/man$(2)/man5 > docs/man$(2)/man5/index.inc + ./bin/mk-apropos docs/man$(2)/man7 > docs/man$(2)/man7/index.inc endef manpages: manmaster $(call newmakemanpages,$(CHECKOUTS)/openssl-1.1.1-stable,1.1.1) diff --git a/bin/mk-apropos b/bin/mk-apropos new file mode 100755 index 000..a9dd5b6 --- /dev/null +++ b/bin/mk-apropos @@ -0,0 +1,13 @@ +#! /bin/sh +# $1 is the top of the manual page tree to look through + +dir=$1 +cd $dir + +for m in `find . -name '*.html' | sort`; do +description=`grep -F '||'` +manfile=`echo $m | sed -e 's|\./||'` +manname=`basename $manfile .html` +origmanfile=`echo $manfile | sed -e "s|^$subdir|$origsubdir|"` +echo "$manname$description" +done diff --git a/bin/mk-manpages b/bin/mk-manpages index f177f3f..0096ec2 100755 --- a/bin/mk-manpages +++ b/bin/mk-manpages @@ -56,17 +56,18 @@ sub main { my $filename = File::Spec->catfile( $dir, $ent ); my $basename = basename( $ent, ".pod" ); my $title = $basename; +my %data = $class->getdata( $filename ); my $out = - $class->genhtml( $release, $sect, $filename, $title, $basename ); +$class->genhtml( $release, $sect, $filename, $title, $basename, + $data{description}); my
[openssl-commits] [web] master update
The branch master has been updated via 025f5f461ca3a67091aac0690de2496c03d3ba7f (commit) from 2ee3b78b0e20e1e2e9fc3830813a843567ea94a2 (commit) - Log - commit 025f5f461ca3a67091aac0690de2496c03d3ba7f Author: Dr. Matthias St. Pierre Date: Thu Dec 27 18:33:03 2018 +0100 Add 1.1.1 to manual sidebar Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/100) --- Summary of changes: inc/mansidebar.shtml | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/mansidebar.shtml b/inc/mansidebar.shtml index 64fd0e9..c794b16 100644 --- a/inc/mansidebar.shtml +++ b/inc/mansidebar.shtml @@ -4,6 +4,7 @@ Manpages master + 1.1.1 1.1.0 1.0.2 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2ee3b78b0e20e1e2e9fc3830813a843567ea94a2 (commit) from ad8f7120bad64bcc43861c36eedcf29fc2728f13 (commit) - Log - commit 2ee3b78b0e20e1e2e9fc3830813a843567ea94a2 Author: Matt Caswell Date: Wed Dec 5 13:00:13 2018 + Update CLA templates Update the address in the CLA templates Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/97) --- Summary of changes: policies/openssl_ccla.pdf | Bin 32971 -> 38288 bytes policies/openssl_icla.pdf | Bin 32488 -> 37641 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/policies/openssl_ccla.pdf b/policies/openssl_ccla.pdf index 814c2f7..f341c27 100644 Binary files a/policies/openssl_ccla.pdf and b/policies/openssl_ccla.pdf differ diff --git a/policies/openssl_icla.pdf b/policies/openssl_icla.pdf index 25d1b96..cb24818 100644 Binary files a/policies/openssl_icla.pdf and b/policies/openssl_icla.pdf differ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ad8f7120bad64bcc43861c36eedcf29fc2728f13 (commit) from 0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit) - Log - commit ad8f7120bad64bcc43861c36eedcf29fc2728f13 Author: Rich Salz Date: Mon Mar 19 18:20:32 2018 -0400 Switch to new (ASF) license Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/98) --- Summary of changes: .gitignore| 1 - Makefile | 4 - source/apache-license-2.0.txt | 177 ++ source/license-openssl-ssleay.txt | 125 +++ source/license.html | 35 +--- 5 files changed, 327 insertions(+), 15 deletions(-) create mode 100644 source/apache-license-2.0.txt create mode 100644 source/license-openssl-ssleay.txt diff --git a/.gitignore b/.gitignore index be23066..86cadae 100644 --- a/.gitignore +++ b/.gitignore @@ -31,7 +31,6 @@ source/*.gz* source/*.patch source/.htaccess source/index.inc -source/license.txt source/old/*/*.patch source/old/*/*.tar.gz* source/old/*/*.txt.asc diff --git a/Makefile b/Makefile index a495e0c..c6c54bb 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,6 @@ SIMPLE = newsflash.inc sitemap.txt \ news/vulnerabilities-0.9.7.inc \ news/vulnerabilities-0.9.6.inc \ source/.htaccess \ -source/license.txt \ source/index.inc SRCLISTS = \ source/old/0.9.x/index.inc \ @@ -174,9 +173,6 @@ news/vulnerabilities-0.9.6.inc: bin/mk-cvepage news/vulnerabilities.xml source/.htaccess: $(wildcard source/openssl-*.tar.gz) bin/mk-latest @rm -f @? ./bin/mk-latest source >$@ -source/license.txt: $(SNAP)/LICENSE - @rm -f $@ - cp $? $@ source/index.inc: $(wildcard $(RELEASEDIR)/openssl-*.tar.gz) bin/mk-filelist @rm -f $@ ./bin/mk-filelist $(RELEASEDIR) '' 'openssl-*.tar.gz' >$@ diff --git a/source/apache-license-2.0.txt b/source/apache-license-2.0.txt new file mode 100644 index 000..49cc83d --- /dev/null +++ b/source/apache-license-2.0.txt @@ -0,0 +1,177 @@ + + Apache License + Version 2.0, January 2004 +https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner
[openssl-commits] [web] master update
The branch master has been updated via 0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit) from be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit) - Log - commit 0d92547742c3da2f066f4babaacf8a51bb2f5e3c Author: Kurt Roeckx Date: Wed Dec 5 22:22:04 2018 +0100 Update PGP key --- Summary of changes: news/openssl-security.asc | 80 +++ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index fb0482f..9dddc89 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -11,33 +11,33 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+ -AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9 -efUFAlvEwBgFCQmW/3kACgkQ2JTizos9efV3tBAAg/XTimvGMtCvMawu+ymbXshC -W+PTt3tH2oI7parnm8F0DY3c70rwKN1uu28Cds0QOpAUR8wsYe9HbXXfT7w+4JG6 -qJm3mfAin9QA49D99SN3TgSTOK7qU1p88nCpEs0dib4aF5gO2zaqRiIEbTkiQSjQ -lTzLS0kfznNmfynJI25XWNddLM2munn9ZS7XPQqzZ0G/RkDbuIayG0axRRcr8iG/ -uOkfFz3Iwk58MnzKVqPf+n7ZPTG6Z7EEcLF92Lo58x+s9tJ5afr0bTRG1wn5L8+I -++OEIn32CwPQ0B6FeI42jeXGdd4rGjgzZyBbqvUD2zei85Sa306ZUOLoD5iuSAXt -VkyK2rRRqfGy8m+R0TV1TQ25SkQadUf1fz1gS+QtyA4MhuM4f9PYR6kNUzjHkGAw -w6KTG+bHiiQdAOKCEDYZgz9bY9wSD53fQTh8r5DhQ9edgFQAZsJ5R5jouZu+5beG -8VP1OuvgKA478y/VWX6xnKLCqAfiF+p4ae0WDTm2cQiZyskTLQ2NaC0xEmAg9DgT -d0v9NteVVMKeVppaGsE21vaX7s228Pj2sf8EAwl5iqtcJZMVVMHdmMerojd0HnmW -PplbBVowaTTxLcMz/Xqlrxl7ylh6NqA3hFK1BwhFkAH6IEvXYmuAZNEtzFl+t4m5 -lsGHrlH+lstQuSl25v+0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z -ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAJwUJCZb/eQAKCRDY -lOLOiz159bbcEACpio13Jc6porVHoi5izZ9w9xCYiv6whrhgjdBCPm+JP6bPb0aN -T0EkhQ4oBsOh3iCtVrBXjeagXK1NR1Sze/PH/kxARg9Nx6rafv9jRF2irO0E8+fY -U2nV2z8Sjuej2uAIfMEJW0GnOJsR/pnn+a6P2Na8qwuwoEoWW2rTwqgCNOPwTWAW -qgB5sYrt5M8RhmSZXW0v6NmCAQVrnGbEsqgCuBLo0WqyPszW6BEQqUsvj4aAAucS -IZr2vaN4TnXhg0VdlI1f1E32ms2lSkNXECdSYWeT1eWVn2nPKibpePrJXuHHEP1G -qM9z70+otqNn7qbIIr2aCu9aoAkcqbNCM6WN6FgZb0BH/XLByZM6ksLjO5OD1BHS -PkK7HDTLDaTQFYbzH1ItpuWWvVh+l95a5Amm3Ic4JZyTbw0I7S4n0lo+JG4l89Wr -WsYwAJsj1Chn0TitF/VTMG7JOtFHKBKzNvXOY7H85zU8AxvC5lis5vLepSc41NXw -JoR7l+Cwi1hFIJIRO6RSVp3BwI+mASRZAn9ZaCqNyfDHhFQntpn607pRl2eHvO57 -KN1r1fJOZBx8P9p4S0sqBs9QXF4wNlBM2v/Te4MGq+wzQQFtofJuBSEpN0jHpVup -HGZRWkCSydM4ToCRrwEhclv3GvUmi1WAzy25SBbaR408/BgEAT2Xr6TUXLQnT3Bl +tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz +bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck +Z9YTy4PH7W0w2JTizos9efUFAlvEwCcFCQmW/3kACgkQ2JTizos9efW23BAAqYqN +dyXOqaK1R6IuYs2fcPcQmIr+sIa4YI3QQj5viT+mz29GjU9BJIUOKAbDod4grVaw +V43moFytTUdUs3vzx/5MQEYPTceq2n7/Y0RdoqztBPPn2FNp1ds/Eo7no9rgCHzB +CVtBpzibEf6Z5/muj9jWvKsLsKBKFltq08KoAjTj8E1gFqoAebGK7eTPEYZkmV1t +L+jZggEFa5xmxLKoArgS6NFqsj7M1ugREKlLL4+GgALnEiGa9r2jeE514YNFXZSN +X9RN9prNpUpDVxAnUmFnk9XllZ9pzyom6Xj6yV7hxxD9RqjPc+9PqLajZ+6myCK9 +mgrvWqAJHKmzQjOljehYGW9AR/1ywcmTOpLC4zuTg9QR0j5Cuxw0yw2k0BWG8x9S +Labllr1YfpfeWuQJptyHOCWck28NCO0uJ9JaPiRuJfPVq1rGMACbI9QoZ9E4rRf1 +UzBuyTrRRygSszb1zmOx/Oc1PAMbwuZYrOby3qUnONTV8CaEe5fgsItYRSCSETuk +UladwcCPpgEkWQJ/WWgqjcnwx4RUJ7aZ+tO6UZdnh7zueyjda9XyTmQcfD/aeEtL +KgbPUFxeMDZQTNr/03uDBqvsM0EBbaHybgUhKTdIx6VbqRxmUVpAksnTOE6Aka8B +IXJb9xr1JotVgM8tuUgW2keNPPwYBAE9l6+k1Fy0JU9wZW5TU0wgT01DIDxvcGVu +c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID +AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAGAUJCZb/eQAKCRDY +lOLOiz159Xe0EACD9dOKa8Yy0K8xrC77KZteyEJb49O3e0fagjulquebwXQNjdzv +SvAo3W67bwJ2zRA6kBRHzCxh70dtdd9PvD7gkbqombeZ8CKf1ADj0P31I3dOBJM4 +rupTWnzycKkSzR2JvhoXmA7bNqpGIgRtOSJBKNCVPMtLSR/Oc2Z/KckjbldY110s +zaa6ef1lLtc9CrNnQb9GQNu4hrIbRrFFFyvyIb+46R8XPcjCTnwyfMpWo9/6ftk9 +MbpnsQRwsX3YujnzH6z20nlp+vRtNEbXCfkvz4j744QiffYLA9DQHoV4jjaN5cZ1 +3isaODNnIFuq9QPbN6LzlJrfTplQ4ugPmK5IBe1WTIratFGp8bLyb5HRNXVNDblK +RBp1R/V/PWBL5C3IDgyG4zh/09hHqQ1TOMeQYDDDopMb5seKJB0A4oIQNhmDP1tj +3BIPnd9BOHyvkOFD152AVABmwnlHmOi5m77lt4bxU/U66+AoDjvzL9VZfrGcosKo +B+IX6nhp7RYNObZxCJnKyRMtDY1oLTESYCD0OBN3S/0215VUwp5WmloawTbW9pfu +zbbw+Pax/wQDCXmKq1wlkxVUwd2Yx6uiN3QeeZY+mVsFWjBpNPEtwzP9eqWvGXvK +WHo2oDeEUrUHCEWQAfogS9dia4Bk0S3MWX63ibmWwYeuUf6Wy1C5KXbm/7QnT3Bl blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr @@ -63,17 +63,17 @@ ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g
[openssl-commits] [web] master update
The branch master has been updated via be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit) from af5e14f2df748257775c39faa63fcc755b81b1b9 (commit) - Log - commit be4639ae76f20fccfd718dea2aaa7def1dbe8a55 Author: Dr. Matthias St. Pierre Date: Tue Nov 6 12:12:26 2018 +0100 cla.html: make CLA download links and email address more prominent Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/92) --- Summary of changes: policies/cla.html | 28 +--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/policies/cla.html b/policies/cla.html index f234dde..efe0445 100644 --- a/policies/cla.html +++ b/policies/cla.html @@ -25,7 +25,8 @@ OpenSSL requires that all non-trivial contributors of ideas, code, or documentation complete, sign, and submit (via postal mail, fax - or email) an Individual CLA [PDF]. + or email) an + Individual Contributor License Agreement (ICLA). The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OpenSSL and thereby allow us to defend the project should @@ -39,8 +40,8 @@ - For a corporation that has assigned employees to work on OpenSSL, - a Corporate CLA [PDF] + For a corporation that has assigned employees to work on OpenSSL, a + Corporate Contributor License Agreement (CCLA) is available for contributing intellectual property via the corporation, that may have been assigned as part of an employment agreement. Note that a Corporate CLA does not @@ -49,6 +50,27 @@ + If you have not already done so, please complete and sign a printout of the above + ICLA (and CCLA if necessary), then scan and email a pdf file of the Agreement(s) to + mailto:le...@opensslfoundation.org;>le...@opensslfoundation.org. + + + + If you prefer snail mail, send an original signed Agreement to the + + + + OpenSSL Software Foundation + 40 East Main Street + Suite 744 + Newark, DE 19711 + United States + + + Please read the document(s) carefully before signing and keep a copy for your records. + + + Your Full name will be published unless you provide an alternative Public name. For example if your full name is Andrew Bernard Charles Dickens, but you wish to be known as Andrew Dickens, please enter _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via af5e14f2df748257775c39faa63fcc755b81b1b9 (commit) from 28c43932d579cd6ba18ec411bb828a2512c3419e (commit) - Log - commit af5e14f2df748257775c39faa63fcc755b81b1b9 Author: Matt Caswell Date: Tue Nov 20 13:55:56 2018 + Updates for new release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/95) --- Summary of changes: news/newsflash.txt | 4 news/vulnerabilities.xml | 12 ++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 2c05c1a..07229f2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes +20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes +20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes +12-Nov-2018: Security Advisory: one low severity fix in ECC scalar multiplication 29-Oct-2018: Security Advisory: one low severity fix in DSA 29-Oct-2018: Security Advisory: one low severity fix in ECDSA 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 46cdcff..2142ade 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -40,7 +40,7 @@ - + Side Channel Attack @@ -85,13 +85,13 @@ - + - + - + Constant time issue @@ -118,10 +118,10 @@ - + - + Constant time issue _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 28c43932d579cd6ba18ec411bb828a2512c3419e (commit) from a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b (commit) - Log - commit 28c43932d579cd6ba18ec411bb828a2512c3419e Author: Matt Caswell Date: Mon Nov 12 15:02:14 2018 + Updates for CVE-2018-5407 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/93) --- Summary of changes: news/secadv/20181112.txt | 41 + news/vulnerabilities.xml | 48 +++- 2 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20181112.txt diff --git a/news/secadv/20181112.txt b/news/secadv/20181112.txt new file mode 100644 index 000..764520e --- /dev/null +++ b/news/secadv/20181112.txt @@ -0,0 +1,41 @@ +OpenSSL Security Advisory [12 November 2018] + + +Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) +=== + +Severity: Low + +OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown +to be vulnerable to a microarchitecture timing side channel attack. An attacker +with sufficient access to mount local timing attacks during ECDSA signature +generation could recover the private key. + +This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest +version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low +severity of this issue we are not creating a new release at this time. The 1.0.2 +mitigation for this issue can be found in commit b18162a7c. + +OpenSSL 1.1.0 users should upgrade to 1.1.0i. + +This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera +Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. + +Note + + +OpenSSL 1.1.0 is currently only receiving security updates. Support for this +version will end on 11th September 2019. Users of this version should upgrade to +OpenSSL 1.1.1. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20181112.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 86b18c0..46cdcff 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,53 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Side Channel Attack +Microarchitecture timing vulnerability in ECC scalar multiplication + + OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown + to be vulnerable to a microarchitecture timing side channel attack. An attacker + with sufficient access to mount local timing attacks during ECDSA signature + generation could recover the private key. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b (commit) via 93507ac9b3d6cd013b2148f83c0726817cf71576 (commit) via 92a7bda034e49e626bf933f9e61b82a2cefe308c (commit) from b78d963402ca83b6ede75f1a5d42d64ca61c2c49 (commit) - Log - commit a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b Merge: b78d963 93507ac Author: Mark J. Cox Date: Mon Nov 12 16:09:29 2018 + Merge pull request #94 from iamamoose/master trivial changes - CVE-2015-1788 was missing severity tag, fix bad website includes commit 93507ac9b3d6cd013b2148f83c0726817cf71576 Author: Mark J. Cox Date: Mon Nov 12 16:01:40 2018 + CVE-2015-1788 was missing the severity tag commit 92a7bda034e49e626bf933f9e61b82a2cefe308c Author: Mark J. Cox Date: Sat Oct 13 10:29:45 2018 +0100 Remove broken include --- Summary of changes: news/vulnerabilities.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 97ec427..86b18c0 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -2482,6 +2482,7 @@ + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b78d963402ca83b6ede75f1a5d42d64ca61c2c49 (commit) from ec4583cb047f1dd56918b38f5a36941747d50d28 (commit) - Log - commit b78d963402ca83b6ede75f1a5d42d64ca61c2c49 Author: Pauli Date: Fri Nov 2 08:40:27 2018 +1000 Update advisory for CVE-2018-0734 indicating that it introduced a new issue and that this has been fixed. Git commit versions are included. --- Summary of changes: news/secadv/20181030.txt | 5 + 1 file changed, 5 insertions(+) diff --git a/news/secadv/20181030.txt b/news/secadv/20181030.txt index b33ac41..7569b56 100644 --- a/news/secadv/20181030.txt +++ b/news/secadv/20181030.txt @@ -19,6 +19,11 @@ git repository. This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. +As a result of the changes made to mitigate this vulnerability, a new +side channel attack was created. The mitigation for this new vulnerability +can be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0) +and 880d1c76ed (for 1.0.2) + References == _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ec4583cb047f1dd56918b38f5a36941747d50d28 (commit) from 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit) - Log - commit ec4583cb047f1dd56918b38f5a36941747d50d28 Author: Matt Caswell Date: Mon Oct 29 21:52:29 2018 + Correct the security advisory name Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/91) --- Summary of changes: news/secadv/{20181030.pdf => 20181030.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename news/secadv/{20181030.pdf => 20181030.txt} (100%) diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.txt similarity index 100% rename from news/secadv/20181030.pdf rename to news/secadv/20181030.txt _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit) via c84f2126b736207c23b1984cbc07d496c22ca85d (commit) from 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit) - Log - commit 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 Merge: c84f212 43a3ec6 Author: Pauli Date: Tue Oct 30 07:00:24 2018 +1000 Merge branch 'master' of git.openssl.org:openssl-web commit c84f2126b736207c23b1984cbc07d496c22ca85d Author: Pauli Date: Tue Oct 30 07:00:08 2018 +1000 Add CVE-2018-0734 --- Summary of changes: news/newsflash.txt | 3 ++- news/secadv/20181030.pdf | 32 + news/vulnerabilities.xml | 52 +++- 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 news/secadv/20181030.pdf diff --git a/news/newsflash.txt b/news/newsflash.txt index 311c39b..2c05c1a 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,7 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item -29-Oct-2018: Security Advisory: one low severity fix +29-Oct-2018: Security Advisory: one low severity fix in DSA +29-Oct-2018: Security Advisory: one low severity fix in ECDSA 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please download and test it 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.pdf new file mode 100644 index 000..b33ac41 --- /dev/null +++ b/news/secadv/20181030.pdf @@ -0,0 +1,32 @@ +OpenSSL Security Advisory [30 October 2018] +=== + +Timing vulnerability in DSA signature generation (CVE-2018-0734) + + +Severity: Low + +The OpenSSL DSA signature algorithm has been shown to be vulnerable to a +timing side channel attack. An attacker could use variations in the signing +algorithm to recover the private key. + +Due to the low severity of this issue we are not issuing a new release +of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix will be included +in OpenSSL 1.1.1a, OpenSSL 1.1.0j and OpenSSL 1.0.2q when they become +available. The fix is also available in commit 8abfe72e8c (for 1.1.1), +ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL +git repository. + +This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20181030.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 52cc185..97ec427 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,57 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Constant time issue +Timing attack against DSA + + The OpenSSL DSA signature algorithm has been shown to be vulnerable + to a timing side channel attack. An attacker could use variations + in the signing algorithm to recover the private key. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit) from ecf0f6ced3b30e616932d3ccd7609e7e63520c8c (commit) - Log - commit 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb Author: Matt Caswell Date: Mon Oct 29 12:09:44 2018 + Update vulnerabilities.xml The new CVE is only fixed in the dev version. 1.1.1a and 1.1.0j are not yet released. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/90) --- Summary of changes: news/vulnerabilities.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 6067c1e..52cc185 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -22,10 +22,10 @@ - + - + Constant time issue _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ecf0f6ced3b30e616932d3ccd7609e7e63520c8c (commit) from 61572af57041195c7654c0485f8f323baec0ab66 (commit) - Log - commit ecf0f6ced3b30e616932d3ccd7609e7e63520c8c Author: Pauli Date: Mon Oct 29 10:54:02 2018 +1000 update vulnerability information again, this is the published version --- Summary of changes: news/vulnerabilities.xml | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index b2979db..6067c1e 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -10,7 +10,7 @@ - + @@ -22,6 +22,12 @@ + + + + + + Constant time issue Timing attack against ECDSA signature generation _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 61572af57041195c7654c0485f8f323baec0ab66 (commit) from c35854b022239196048f9bbd5418fb77dd4f7ee0 (commit) - Log - commit 61572af57041195c7654c0485f8f323baec0ab66 Author: Pauli Date: Mon Oct 29 10:01:23 2018 +1000 fix vulnerability entry --- Summary of changes: news/vulnerabilities.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 605f354..b2979db 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -10,7 +10,7 @@ - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c35854b022239196048f9bbd5418fb77dd4f7ee0 (commit) from 6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 (commit) - Log - commit c35854b022239196048f9bbd5418fb77dd4f7ee0 Author: Pauli Date: Mon Oct 29 09:58:52 2018 +1000 fix vulnerability entry --- Summary of changes: news/vulnerabilities.xml | 50 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index a2a2de0..605f354 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,31 @@ - + + + + + + + + + + + + + + + +Constant time issue +Timing attack against ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be + vulnerable to a timing side channel attack. An attacker could use + variations in the signing algorithm to recover the private key. + + + + @@ -54,30 +78,6 @@ - - - - - - - - - - - - - - -Constant time issue -Timing attack against ECDSA signature generation - - The OpenSSL ECDSA signature algorithm has been shown to be - vulnerable to a timing side channel attack. An attacker could use - variations in the signing algorithm to recover the private key. - - - - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 (commit) via 911cdb11d835a00d901d3e9c1a728ed2613f84a6 (commit) from fbf24147cb7b9e04c40ef0d14f76dc85d59a8413 (commit) - Log - commit 6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 Merge: 911cdb1 fbf2414 Author: Pauli Date: Mon Oct 29 09:06:01 2018 +1000 Merge branch 'master' of git.openssl.org:openssl-web commit 911cdb11d835a00d901d3e9c1a728ed2613f84a6 Author: Pauli Date: Mon Oct 29 09:03:42 2018 +1000 Update for ECDSA vulnerability CVS-2018-0735 --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20181029.txt | 31 +++ news/vulnerabilities.xml | 24 3 files changed, 56 insertions(+) create mode 100644 news/secadv/20181029.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 1a0f0fb..311c39b 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +29-Oct-2018: Security Advisory: one low severity fix 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please download and test it 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes diff --git a/news/secadv/20181029.txt b/news/secadv/20181029.txt new file mode 100644 index 000..2194ef0 --- /dev/null +++ b/news/secadv/20181029.txt @@ -0,0 +1,31 @@ +OpenSSL Security Advisory [29 October 2018] +=== + +Timing vulnerability in ECDSA signature generation (CVE-2018-0735) +== + +Severity: Low + +The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a +timing side channel attack. An attacker could use variations in the signing +algorithm to recover the private key. + +Due to the low severity of this issue we are not issuing a new release +of OpenSSL 1.1.1 or 1.1.0 at this time. The fix will be included in +OpenSSL 1.1.1a and OpenSSL 1.1.0j when they become available. The fix +is also available in commit b1d6d55ece (for 1.1.1) and commit 56fb454d28 +(for 1.1.0) in the OpenSSL git repository. + +This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20181029.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 6ef9c56..a2a2de0 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -54,6 +54,30 @@ + + + + + + + + + + + + + + +Constant time issue +Timing attack against ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be + vulnerable to a timing side channel attack. An attacker could use + variations in the signing algorithm to recover the private key. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via fbf24147cb7b9e04c40ef0d14f76dc85d59a8413 (commit) from 3b07e5291b0df2cef8469ab0494d1c787e84af87 (commit) - Log - commit fbf24147cb7b9e04c40ef0d14f76dc85d59a8413 Author: Joe Date: Fri Oct 26 08:22:17 2018 + Small typo fix CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/89) --- Summary of changes: source/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/index.html b/source/index.html index a4a98ce..605c009 100644 --- a/source/index.html +++ b/source/index.html @@ -17,7 +17,7 @@ at https://github.com/openssl/openssl;>https://github.com/openssl/openssl. Bugs and pull patches (issues and pull requests) should be -file on the GitHub repo. +filed on the GitHub repo. Please familiarize yourself with the license. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 3b07e5291b0df2cef8469ab0494d1c787e84af87 (commit) from 72c1892c6630fe39a3ba99980876a4e7e983a2d8 (commit) - Log - commit 3b07e5291b0df2cef8469ab0494d1c787e84af87 Author: Kurt Roeckx Date: Mon Oct 15 18:32:18 2018 +0200 Update PGP key --- Summary of changes: news/openssl-security.asc | 128 +++--- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 217cbe7..fb0482f 100644 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -12,68 +12,68 @@ Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+ -FiEE78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ8x0CGwMFCQefA0oFCwkIBwMFFQoJ -CAsFFgIDAQACHgECF4AACgkQ2JTizos9efVNnw/9GHSauODL8PCSRcobbVm8/3tl -ejky6YVmjBjpbKKLVCAyK6sM7ns1RDSoHSQfKdClZbD+n2ZLZFVbvdDbu873ntsE -WdMZUk5dTW0a8mtaUFV5nkZiWbNn5Yr+gtUiqOtIDR6wbXOd4RtpaKawllqN0JX/ -oZdVUcV60tekt92rUe3J/KbFptACvZNkvm1c2zEWdNemEWIqYOierjaeNhqdgAbA -kKA7EAYP53bursxTDfhQQZWzPOFXcl4ElHKHvVED2ZyGamRnuwD5F2YyjOCNlvt2 -si1mzTsvyjuNJv0OeK0rdPqX00OXWCuOb96rlGiSeaK3WFSTHeDiaFiCahwf9VJT -I9kGA/FF6is8UW2SJEGzYHGnY/lsUL697XTuLEgWU2qHlYXExLY1cuz+pTLB0vsB -suCGTe18BgjKF2und7z7+kDPB4uECXCwgPKjxLNM/JFhJswt3KTzDbcXz0/lg0+5 -3r1NsBV3JW0DxoRsmqWAn6anyCRDxN8GHzEymRkc88wacEt38JeyPuLiz6ejbpFR -EYNHDrVVB9gDkkxafL7csKH/J69v1GAujzyXPcTsT08YyKgf7kOc5e26jyNq9KYs -YJhE7yr/qcqcbcQTgntaFCas+1nBm/SM26xKLF4MkS8KEeGRUuCwQhDXPNORAsNj -EIOh6s4v5T9Py3lpJNu0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z -ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlMEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCWdny6QUJB58DSgAKCRDY -lOLOiz159XxmD/dSmuPL95utayr83urce6FibwqWZeA7LldBiaKEn8ShxhVgb/HG -EGfQKxF1cWXOe1NF3NEhmZD/JTYoMlqEyGARZMDR4klDPP0jhPWVcfnw8HoUjufE -QptCagLhitZzfb0GEzvAOG63tFwit4bM6gT2po3VZH8o62j2PcBtcSmjHVqtaKwI -i5MMXFRTaJnLQmLHg+W2nunw+CgTNdUgvn/oB0RPHXU+TlfPiuC7tAluZC+xYnIA -nspHRRbge3H1R07JP5LZW8fu60VMj/o7t/0rCupjjra/qE2KScF1MsFI7eiv1I/Q -68lgvtHLCpSqV/qqVmrdgGhV2pHQaEeB7sh/8E5+G0Yi6sYwztl/OeUUpdiGhXxU -OPWPYExIwDrh1guIi/yva/78wksbi/ZQffZTR//OIwdGmMVxYfdCQ16PfqXpKJlW -OcaH0Kbom13lha0Am0pXnqRnupOp5XrcrHJUcdFoS2df3wOh6aFejimjBWnvAajh -rzNnXedY9rtxDlA5O/D1Yx0j8ZfAMrmqxFTc+XyT5gBwxYc2wCQ3ch20MfDpJ9/s -eA4WS7dPGyOkziIcszT4vNCAtDnIs4Hr0uNb/1wF5R1UFq464Ghyqpt6SE2xfxsP -Uty+iyvCYfrbL7ILwHmpgYUARL51ovSxVRQA7osSg8qrf6U26pIDXD63tCdPcGVu -U1NMIHRlYW0gPG9wZW5zc2wtdGVhbUBvcGVuc3NsLm9yZz6JAlkEMAEKAEMWIQTv -wKRn1hPLg8ftbTDYlOLOiz159QUCWdn2NSUdIFJlcGxhY2VkIGJ5IG9wZW5zc2wt -b21jQG9wZW5zc2wub3JnAAoJENiU4s6LPXn1UCIP/AtXPwoTzjP6I8FwNclHiGuK -w+gV5Sw3rRNyiKg9TL0dudcVfDsdtdxmBR1vughH0PNsYstNggflbGIefLTIuNTQ -1qun5GTluLxZyWxcf6WJPMRTJdJpdy5BrIfXFaHrEohAQLBeL0P25gjXzOvA7C7Y -wCuxkKG3FuQKyKr4HNy5WF1LKZIBPcjHEHD6sjLDaxD4KxQnHd31s1xdarDvEbXe -G8MmiQApKUJ2fN9sGPdbrjBs1nBtgPksZHThT7g5FpuZfIWwOvg6XRaf2Ig538AG -aq+rqKnZHE9HvCEbBqidhSe6h3hkr5BY5Bh2jj5CTOvZSSBBTAq47wUFTeG/B4XK -m5yW561lRhQ8YEnYzb16swQyYA6jIRjeWRyYRoYmQ4tNrs6idKfjlMytQohKNPzH -OzW+bFX72Kz+C6KikXHjXj4MGafCcDpwuVPOE1muqR2Jt64o36wTzzBXsfTQ0EPy -hBSDYQDEFTFLY9osuQDT6arH7TiI7EX1lp/u0CIuBLmEQA3JZUWhyWkwQMyOep4J -A2gOeaMmjJ0lJ7tH44Fk4g+AhFW7Eq0dJ1iSoQoOQ21cKv3SJqDdYiu/M4kenCXX -kIXtxmPgHVnuwovu+U4mMvGZYfUs+JqZfNcUc/XmHDv4NMRusKTxP36rmvPwIHig -KxCiVjdbrygghWc0Qe7quQINBFQv6Z8BEADAd7PvHauU/H1vm9znBroxHG4coLnO -g+bIZTVrLgld1u/os7FVHvtIQ9WMA99Aus49vgiazMT0PwQd7t0m8hzAz+Xyi+xk -IgP59fdoV9g7h8b0MJwzZB8WIIbaxSjpVwMrXtmsANHwvntKPJR2tWHdmWTapQwt -t6ibSzCR/G1/AiK+fSnJDcr+uGxfoVTyDd3r54dQI5+APOfOPBGTEHI3nYO9jLAN -01tg+KJmsmO3lxObrrexWHGOkjOKU4SAdl/QzN/UYMt6guDm7xJBH2lpyXx8cl4g -PFxfhWbpF3P4jOvD9FUv7DJpfUD7GDFpzB3BpTnLs0CUQGpamScLitGSL6G4f2Pa -2C8ax7TQoEo2hbkjfSv2IaQMbPNB+pVWuxgkgEk0a0tzr5mPvn07FD80jr4rdJKk -H4ps4mMe0HCSGoBvdpr1Jrn9jxH870ouomiKjIWk2iauasTkdKuN9CmpEJLTT1+d -x35Vi+2Hpwz2MNaxMkBcRqo2gWNV/Dbbs2dD+HGoYLARXPB4GLtrt2LHecJr0k7D -l5XfELJ7NSiFDqc4FsOegCencUt5SuEElBcI822VvR9IyePXgTAGgPoQo7/HP+AR -bmavRr7Gn5+NuS8dVf9zxSZT7ueVfu6lo3jpEszXLTJZgqj0FXrW2f6RywCTuSFD -t0qE7OZJemwEcwARAQABiQI8BBgBCgAmAhsMFiEE78CkZ9YTy4PH7W0w2JTizos9 -efUFAlnZ9v8FCQefB2AACgkQ2JTizos9efVBOA/+ObcOrEGwKPI3KFaxKdkfbl/K -UoTTC8L6F/AJTd9JREXgic/CKZRfa64S+RvRqH8kY1DEUCi6v6o/57kS6o1BS+6a -PMeg/xi8nBmC5o+fqgOdIdFyUkJbwq/jWcHZ7Sjf89LCh0gtVqxsRYT3yZicCNJi -8qrWe4I2iv6OHOjZbHeF3RKM7IKaqcUCI6jklJSge3MoCR74gOEpAAA/eUQ2YfVx -pS1kMaJXLpa0gbkaylZALmt2uTvacOc5uipmZBzQRoVna9scM9+Fy0taus4TA+54 -8EMzjK7LUcgkgndXUf1hE29UGgZyOLBkLfXRZMl9hnOrurTnfUqthbpvZwQ892ba -ZW0NDkk2nlGFOCJQsfrLQdwxKm0oeH/eJoXaSSZuzn1hL2+EzfMNwpAP03l7xagI -sYkuyTUDyVGKwyT036yro9yqP0Iaa7CIgJ+DaxsyWthtG/NbJoRkmaJFKyu0pNa8 -dt04jmfMODToNAU7Ji8Ctan4gacGevYItgE8q30+kr1PPQD18DNXw6u36BLfjvPj
[openssl-commits] [web] master update
The branch master has been updated via 72c1892c6630fe39a3ba99980876a4e7e983a2d8 (commit) from e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 (commit) - Log - commit 72c1892c6630fe39a3ba99980876a4e7e983a2d8 Author: Mark J. Cox Date: Sat Oct 13 10:30:33 2018 +0100 Remove broken link --- Summary of changes: docs/fips/verifycd.html | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html index da76889..e02e28b 100644 --- a/docs/fips/verifycd.html +++ b/docs/fips/verifycd.html @@ -73,7 +73,6 @@ - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 (commit) via fc3a76a7b2d8cfa3de18408ce1428785f4a9678e (commit) from 0fdc26a3da6206efb38025e5f2d94a97760f0614 (commit) - Log - commit e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 Merge: 0fdc26a fc3a76a Author: Mark J. Cox Date: Sat Oct 13 10:26:44 2018 +0100 Merge pull request #88 from iamamoose/fipscd Link to KeyPair arrangement for FIPS CD provision commit fc3a76a7b2d8cfa3de18408ce1428785f4a9678e Author: Mark J. Cox Date: Sat Oct 13 09:35:14 2018 +0100 Link to KeyPair arrangement for FIPS CD provision --- Summary of changes: docs/fips/verifycd.html | 26 +- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html index a30a9c1..da76889 100644 --- a/docs/fips/verifycd.html +++ b/docs/fips/verifycd.html @@ -40,20 +40,20 @@ The requirement for this verification with an independently acquired FIPS 140-2 validated cryptographic module does not apply when the distribution file is distributed using a "secure" means. Distribution -on physical media is considered secure in this context, so as a -convenience a copy of the distribution files can be obtained from -OSS as a CD-ROM disks via postal mail. - -The fee for this is $100 in US Dollars. At this time we are only able - to accept US wire transfers. -Email us at mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org -and we will send you our ABA and account information. -We cannot do credit cards, purchase orders, or anything other - than a US-based bank transfer at this time. -We can mail internationally (the CD contains only open source code -and so may be exported under the TSU exception of EAR ECCN 5D002). -It will take a week or two to process your order. +on physical media is considered secure in this context so you can +verify by obtaining a copy of the distribution files on CD-ROM disks via +postal mail. +OpenSSL are not providing disks directly at this time. However we have +an arrangement with KeyPair Consulting who will +https://keypair.us/2018/05/cd/;>send a disk to you at no + charge. + +Important Disclaimer: The listing of these third party products does not + imply any endorsement by the OpenSSL project, and these organizations are not + affiliated in any way with OpenSSL other than by the reference to their + independent web sites here. + Note that the files you will receive on these CDs will be identical in every respect (except for formal FIPS 140-2 compliance) with the files you can download from https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0fdc26a3da6206efb38025e5f2d94a97760f0614 (commit) from 39045b9f57b5ff168bb646f44119bf4dc55ba37c (commit) - Log - commit 0fdc26a3da6206efb38025e5f2d94a97760f0614 Author: Matt Caswell Date: Wed Oct 10 17:19:54 2018 +0100 Correct the contact email on the trademark page Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/87) --- Summary of changes: policies/trademark.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policies/trademark.html b/policies/trademark.html index f669e46..39ecab7 100644 --- a/policies/trademark.html +++ b/policies/trademark.html @@ -134,7 +134,7 @@ When in doubt about the use of OpenSSL trademarks, or to request permission for uses not allowed by this policy, please send an email to -mailto:cont...@openssl.org;>cont...@openssl.org. +mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org. Be sure to include the following information in the body of your message: @@ -160,7 +160,7 @@ For any queries with respect to these guidelines, please send an email to -mailto:cont...@openssl.org;>cont...@openssl.org. +mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org. Organisations Licensed to Use OpenSSL Trademarks _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 39045b9f57b5ff168bb646f44119bf4dc55ba37c (commit) from 2c0a67c87382d0e10d4ee02921e4d59358906039 (commit) - Log - commit 39045b9f57b5ff168bb646f44119bf4dc55ba37c Author: Beat Bolli Date: Sat Sep 29 00:20:38 2018 +0200 inc/screen.css: style and like and pod2html emits the deprecated visual tags instead of the semantic ones, so we have to style the visual tags as well. Fixes #74 Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/85) --- Summary of changes: inc/screen.css | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/screen.css b/inc/screen.css index 9a5b157..e3d672c 100644 --- a/inc/screen.css +++ b/inc/screen.css @@ -239,11 +239,11 @@ ul ul, ul ol, ol ul, ol ol { margin-bottom: 0em; } -strong { +strong, b { font-weight: bold; } -em { +em, i { font-style: italic; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2c0a67c87382d0e10d4ee02921e4d59358906039 (commit) via 14964aea93f2691734f6f40a3207e810349b9c2c (commit) via e5d4e54cc90c3c5756e03b32b5490a2cbf26b42a (commit) from d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22 (commit) - Log - commit 2c0a67c87382d0e10d4ee02921e4d59358906039 Merge: d7b78dd 14964ae Author: Mark J. Cox Date: Mon Sep 24 10:42:11 2018 +0100 Merge pull request #84 from iamamoose/vulns111 Missing the 1.1.1 vulns page which will be needed when any issues get fixed commit 14964aea93f2691734f6f40a3207e810349b9c2c Author: Mark J. Cox Date: Mon Sep 24 10:36:15 2018 +0100 Add page for 1.1.1 vulnerabilities, this will get automatically updated when there are any (the breadcrumbs will get updated automatically at that time) commit e5d4e54cc90c3c5756e03b32b5490a2cbf26b42a Author: Mark J. Cox Date: Mon Sep 24 10:35:14 2018 +0100 Don't imply there are no vulnerabilities at all, just that we've not released fixes for any yet --- Summary of changes: bin/mk-cvepage | 2 +- news/{vulnerabilities-1.0.2.html => vulnerabilities-1.1.1.html} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) copy news/{vulnerabilities-1.0.2.html => vulnerabilities-1.1.1.html} (92%) diff --git a/bin/mk-cvepage b/bin/mk-cvepage index 8dbb864..10654b6 100755 --- a/bin/mk-cvepage +++ b/bin/mk-cvepage @@ -147,7 +147,7 @@ preface += "" if allissues != "": preface += allissues + "" else: -preface += "No vulnerabilities" +preface += "No vulnerabilities fixed" sys.stdout.write(preface.encode('utf-8')) diff --git a/news/vulnerabilities-1.0.2.html b/news/vulnerabilities-1.1.1.html similarity index 92% copy from news/vulnerabilities-1.0.2.html copy to news/vulnerabilities-1.1.1.html index 0f1ac3b..db54fa1 100644 --- a/news/vulnerabilities-1.0.2.html +++ b/news/vulnerabilities-1.1.1.html @@ -15,7 +15,7 @@ If you think you have found a security bug in OpenSSL, please report it to us. - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22 (commit) from 256ea23dae5b675ded6823625d6a966a353c2f5d (commit) - Log - commit d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22 Author: Dr. Matthias St. Pierre Date: Sat Sep 22 16:42:58 2018 +0200 Remove pre-release from 1.1.1 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/83) --- Summary of changes: docs/manpages.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manpages.html b/docs/manpages.html index 91623d9..d75fec0 100644 --- a/docs/manpages.html +++ b/docs/manpages.html @@ -14,7 +14,7 @@ master - 1.1.1 (pre-release) + 1.1.1 1.1.0 1.0.2 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 256ea23dae5b675ded6823625d6a966a353c2f5d (commit) from 2b448f5a972d0f89e4b141d0568984dc1d37d489 (commit) - Log - commit 256ea23dae5b675ded6823625d6a966a353c2f5d Author: Richard Levitte Date: Wed Sep 19 02:20:27 2018 +0200 inc/screen.css: no pre-wrap There's no reason why the contents of element should be wrapped on line breaks. Set white-space to 'normal' instead. This property is useful in case we happen to inherit some other setting of that property and want to get back to a normal setting. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/79) --- Summary of changes: inc/screen.css | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/inc/screen.css b/inc/screen.css index c526275..9a5b157 100644 --- a/inc/screen.css +++ b/inc/screen.css @@ -362,10 +362,7 @@ article blockquote cite:before { /* @extend this to force long lines of continuous text to wrap */ .force-wrap, article a, aside.sidebar a { - white-space: -moz-pre-wrap; - white-space: -pre-wrap; - white-space: -o-pre-wrap; - white-space: pre-wrap; + white-space: normal; word-wrap: break-word; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2b448f5a972d0f89e4b141d0568984dc1d37d489 (commit) from 8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 (commit) - Log - commit 2b448f5a972d0f89e4b141d0568984dc1d37d489 Author: Richard Levitte Date: Wed Sep 19 02:47:10 2018 +0200 Fix openssl.com htaccess Redirect works with prefixes. If only / should be redirected and not any sub-path, use RedirectMatch Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/81) --- Summary of changes: .htaccess.openssl.com | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.htaccess.openssl.com b/.htaccess.openssl.com index 90b3e57..2af9a82 100644 --- a/.htaccess.openssl.com +++ b/.htaccess.openssl.com @@ -1,4 +1,5 @@ # -*- Apache -*- -Redirect permanent / https://www.openssl.org/community/contacts.html Redirect permanent /verifycd.html https://www.openssl.org/docs/fips/verifycd.html + +RedirectMatch permanent "^/$" https://www.openssl.org/community/contacts.html RedirectMatch permanent "^(.*)$" "https://www.openssl.org$1; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 (commit) from 53cc720aa09a60463d62d184ab6e23baccef5e71 (commit) - Log - commit 8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 Author: Richard Levitte Date: Wed Sep 19 02:25:26 2018 +0200 Add a openssl.com specific .htaccess This allows us to redirect whatever openssl.com URLs we want freely. The setup in the openssl.com site configuration will include this line: AccessFileName .htaccess.openssl.com .htaccess Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/80) --- Summary of changes: .htaccess.openssl.com | 4 1 file changed, 4 insertions(+) create mode 100644 .htaccess.openssl.com diff --git a/.htaccess.openssl.com b/.htaccess.openssl.com new file mode 100644 index 000..90b3e57 --- /dev/null +++ b/.htaccess.openssl.com @@ -0,0 +1,4 @@ +# -*- Apache -*- +Redirect permanent / https://www.openssl.org/community/contacts.html +Redirect permanent /verifycd.html https://www.openssl.org/docs/fips/verifycd.html +RedirectMatch permanent "^(.*)$" "https://www.openssl.org$1; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 53cc720aa09a60463d62d184ab6e23baccef5e71 (commit) via 7c369dac41a2f5a25d3533932686c860958b2643 (commit) via fb942af17ae8fff1e18939d57676678931e9b7e4 (commit) via a1a3195d8d9abdbc5238618b23f73cb774262d09 (commit) via 91ca9441703a779d4c065dc181653410914ee6f2 (commit) from 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit) - Log - commit 53cc720aa09a60463d62d184ab6e23baccef5e71 Merge: 50ac168 7c369da Author: Mark J. Cox Date: Tue Sep 18 14:07:12 2018 +0100 Merge pull request #77 from iamamoose/oss Merge information from openssl.com and about OSS into main site commit 7c369dac41a2f5a25d3533932686c860958b2643 Author: Mark J. Cox Date: Tue Sep 18 13:09:05 2018 +0100 Update to the latest OSS bylaws commit fb942af17ae8fff1e18939d57676678931e9b7e4 Author: Mark J. Cox Date: Tue Sep 18 11:04:31 2018 +0100 Add verify CD image commit a1a3195d8d9abdbc5238618b23f73cb774262d09 Author: Mark J. Cox Date: Tue Sep 18 11:03:45 2018 +0100 Add the page from http://openssl.com/verifycd.html but update to show we do not accept US cheques/checks at this time. commit 91ca9441703a779d4c065dc181653410914ee6f2 Author: Mark J. Cox Date: Tue Sep 18 10:49:41 2018 +0100 Add OSS bylaws and details of OSS to the contact page rather than using openssl.com which we should deprecate. Bring wording for FIPS in line with what we used on openssl.com --- Summary of changes: community/contacts.html | 19 docs/fips/verifycd.html | 81 docs/fips/verifycd.jpg | Bin 0 -> 20887 bytes policies/oss-bylaws.pdf | Bin 0 -> 38884 bytes 4 files changed, 94 insertions(+), 6 deletions(-) create mode 100644 docs/fips/verifycd.html create mode 100644 docs/fips/verifycd.jpg create mode 100644 policies/oss-bylaws.pdf diff --git a/community/contacts.html b/community/contacts.html index 5c6f6a6..8c0820e 100644 --- a/community/contacts.html +++ b/community/contacts.html @@ -17,10 +17,21 @@ (US) non-profit corporation with its own bylaws. + OpenSSL Software Services + (OSS) also represents the OpenSSL project, for +Support Contracts, and +as the + Vendor of Record for NIST Cryptographic Module +https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747 +(This is an open-source validation of FIPS-140 based on OpenSSL). +It is a Delaware (US) corporation with its own bylaws. + - The best way to contact OSF is by sending an email to + The best way to contact OSF or OSS is by sending an email to mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org. - For postal or telephone contact, use the following: + For postal contact, use the following: 40 E Main St, Suite 744 @@ -29,10 +40,6 @@ - https://www.openssl.com;>OpenSSL Software Services - (OSS) also represents the OpenSSL project, most notably as the - Vendor of Record for the FIPS validation. - You are here: Home diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html new file mode 100644 index 000..a30a9c1 --- /dev/null +++ b/docs/fips/verifycd.html @@ -0,0 +1,81 @@ + + + + + + + + + + FIPS 140-2 verification of the OpenSSL FIPS Object Module source distribution file + + + + +The latest of the OpenSSL FIPS Object Module ("FIPS module") +FIPS 140-2 validations saw the introduction of a new requirement +by the CMVP: + + The distribution tar file, shall be verified using an +independently acquired FIPS 140-2 validated cryptographic +module... + +Some prospective users of the OpenSSL FIPS Object Module 2.0 already +have ready access to an existing securely-installed software product +using FIPS 140-2 validated cryptography that is capable of calculating +the HMAC-SHA-1 digest of a file on disk, in which case satisfying this +requirement is easy (simply calculate the HMAC-SHA-1 digest of the +source distribution file using the key "etaonrishdlcupfm" +and confirm it is that same as documented in the http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm;>Security Policy +document (e.g., "2cdd29913c6523df8ad38da11c342b80ed3f1dae" for +openssl-fips-2.0.tar.gz). + + +For most prospective users the identification, acquisition, +installation, and configuration of a suitable product may be a challenge. +(See Section 6.6 of our FIPS +User + Guide) +The requirement for this verification with an
[openssl-commits] [web] master update
The branch master has been updated via 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit) via 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee (commit) from a9e5da9e4698a64397f1f564337f13207518f3ee (commit) - Log - commit 50ac168c298eedf5aced96da0b6eff5aee57b9fd Merge: a9e5da9 6bde6d6 Author: Mark J. Cox Date: Tue Sep 18 13:24:11 2018 +0100 Merge pull request #78 from iamamoose/osf Update to latest OSF bylaws commit 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee Author: Mark J. Cox Date: Tue Sep 18 13:11:56 2018 +0100 Update to latest OSF bylaws --- Summary of changes: policies/osf-bylaws.pdf | Bin 44509 -> 45594 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/policies/osf-bylaws.pdf b/policies/osf-bylaws.pdf index ed4810c..b0a3994 100644 Binary files a/policies/osf-bylaws.pdf and b/policies/osf-bylaws.pdf differ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via a9e5da9e4698a64397f1f564337f13207518f3ee (commit) from b0d67bb874e71cd8708f374a0111b95fe76ffc87 (commit) - Log - commit a9e5da9e4698a64397f1f564337f13207518f3ee Author: Matt Caswell Date: Tue Sep 11 14:16:04 2018 +0100 Updates for the 1.1.1 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/76) --- Summary of changes: news/newsflash.txt | 1 + source/index.html | 28 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index f1001bd..1a0f0fb 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please download and test it 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes 14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes diff --git a/source/index.html b/source/index.html index 6c6c066..a4a98ce 100644 --- a/source/index.html +++ b/source/index.html @@ -30,11 +30,20 @@ A list of mirror sites can be found here. - Note: The latest stable version is the 1.1.0 series. -The 1.0.2 series is our Long Term - Support (LTS) release, supported until 31st December 2019. -The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and - should not be used. + Note: The latest stable version is the 1.1.1 series. This is +also our Long Term Support (LTS) version, supported until 11th September +2023. Our previous LTS version (1.0.2 series) will continue to be +supported until 31st December 2019 (security fixes only during the last +year of support). The 1.1.0 series is currently only receiving security +fixes and will go out of support on 11th September 2019. All users of +1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as possible. +The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should +not be used. + +The OpenSSL FIPS Object Module 2.0 (FOM) is also available for +download. It is no longer receiving updates. It must be used in +conjunction with a FIPS capable version of OpenSSL (1.0.2 series). A +new FIPS module is currently in development. @@ -47,9 +56,12 @@ When building a release for the first time, please make sure - to look at the README and INSTALL files in the distribution. - If you have problems, look at the FAQ, which can be - found online. + to look at the INSTALL file in the distribution along with any NOTES +file applicable to your platform. If you have problems, look at the FAQ, +which can be found online. If you +still need more help, then join the +openssl-users email list and +post a question there. PGP keys for the signatures are available from the https://www.openssl.org/community/omc.html;>OMC page. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b0d67bb874e71cd8708f374a0111b95fe76ffc87 (commit) via 963878785a6afbb5bbc714cc38a0cea7358e19cc (commit) from 6c27271343534942a6fee6fa97302072bde93e67 (commit) - Log - commit b0d67bb874e71cd8708f374a0111b95fe76ffc87 Merge: 6c27271 9638787 Author: Mark J. Cox Date: Thu Aug 30 14:34:35 2018 +0100 Merge pull request #75 from iamamoose/mirrors remove broken mirrors commit 963878785a6afbb5bbc714cc38a0cea7358e19cc Author: Mark J. Cox Date: Thu Aug 30 14:21:26 2018 +0100 remove broken mirrors --- Summary of changes: source/mirror.html | 4 1 file changed, 4 deletions(-) diff --git a/source/mirror.html b/source/mirror.html index 0e2419b..96c7386 100644 --- a/source/mirror.html +++ b/source/mirror.html @@ -16,10 +16,6 @@ LocaleURL - ATftp://gd.tuwien.ac.at/infosys/security/openssl/;>ftp://gd.tuwien.ac.at/infosys/security/openssl/ - CAhttp://openssl.skazkaforyou.com/;>http://openssl.skazkaforyou.com/ CZftp://ftp.fi.muni.cz/pub/openssl/;>ftp://ftp.fi.muni.cz/pub/openssl/ DEhttps://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6c27271343534942a6fee6fa97302072bde93e67 (commit) from 60246d07484ce72139483e7bbcc52c7b45a3b408 (commit) - Log - commit 6c27271343534942a6fee6fa97302072bde93e67 Author: Richard Levitte Date: Wed Aug 22 13:01:20 2018 +0200 Update the end copyright year Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/72) --- Summary of changes: inc/footer.shtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/footer.shtml b/inc/footer.shtml index 89f8e84..65be9f1 100644 --- a/inc/footer.shtml +++ b/inc/footer.shtml @@ -4,7 +4,7 @@ Please report problems with this website to webmaster at openssl.org. -Copyright 1999-2017, OpenSSL Software Foundation. +Copyright 1999-2018, OpenSSL Software Foundation. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 60246d07484ce72139483e7bbcc52c7b45a3b408 (commit) from 46b7dc43cbd00b4d6cf275afb544a770a991a2ec (commit) - Log - commit 60246d07484ce72139483e7bbcc52c7b45a3b408 Author: Matt Caswell Date: Tue Aug 21 15:30:13 2018 +0100 Update the support contracts page In accordance with an OMC vote Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/71) --- Summary of changes: support/contracts.html | 93 +++--- 1 file changed, 20 insertions(+), 73 deletions(-) diff --git a/support/contracts.html b/support/contracts.html index 0651184..7f35804 100644 --- a/support/contracts.html +++ b/support/contracts.html @@ -15,7 +15,9 @@ OpenSSL Software Services offers three different types of support contract. If you have specific requirements not addressed by any of these plans, - or for more information, discuss custom arrangements. + or for more information, please contact us at + mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org to + discuss custom arrangements. Please see the list of definitions at the bottom of the page for the definitions used below. @@ -25,11 +27,11 @@ Enterprise Level Support Designed for the large enterprise utilising OpenSSL extensively in product lines or critical infrastructure. - Vendor Support + Vendor Support Designed for organisations requiring support of product lines using OpenSSL or for customised in-house versions of OpenSSL. - Basic Support + Basic Support Basic technical support for application development shops or end users. @@ -38,102 +40,47 @@ Premium Level Support US$50,000 annually - All technical support requests handled directly by a Designated Responder - 24x7x365 availability - Four Support Administrators - Unlimited Service Requests - Custom patch preparation and creation - OpenSSL FIPS Object Module support included - FIPS validation support + A custom support contract designed to meet the needs of a specific Enterprise customer + Exact costs will depend on the terms of the agreed support contract - The premium support plan is designed for the large enterprise + The premium support plan is intended for the large enterprise using OpenSSL as an essential component of multiple products or product lines or in support of in-house or commercially provided - services. Many prospective Premium Level customers have already - hired individual OpenSSL team members for specific tasks. The - typical large enterprise customer has a capable in-house technical - staff but still finds it cost-effective to engage the world class - talent of OpenSSL authors and maintainers. Customisation of - OpenSSL by prospective Schedule A customers is common, as are - "private label" FIPS 140-2 validations. - Note we don't expect to sell very many of the premium support - plans, but those few customers will receive careful attention for - both immediate problems and long range strategic interests. + services. The typical large enterprise customer has a capable in-house + technical staff but still finds it cost-effective to engage OpenSSL + authors and maintainers directly. Vendor Level Support - US$20,000 annually + US$25,000 annually - Institutional Response with escalation to Designated Responder as appropriate. - 12x5 availability - Two Support Administrators + Email response Limit of four Service Requests per month - Custom patch preparation - OpenSSL FIPS Object Module support included - FIPS validation support excluded + Patch preparation + Two Support Administrators This plan is designed for the medium enterprise using OpenSSL for a single product or product line. The prospective Vendor Level Support customer has a proficient technical staff but no specific - expertise in cryptography or OpenSSL. Technical support is - provided for use of the unmodified OpenSSL FIPS Object Module, but - not for validations of derivative software. + expertise in cryptography or
[openssl-commits] [web] master update
The branch master has been updated via 46b7dc43cbd00b4d6cf275afb544a770a991a2ec (commit) from b966818f2cf7a74e2535e6717f53a603f684fc89 (commit) - Log - commit 46b7dc43cbd00b4d6cf275afb544a770a991a2ec Author: Matt Caswell Date: Tue Aug 21 13:23:58 2018 +0100 Updates to newsflash for the pre9 release Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/70) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 6913436..f1001bd 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please download and test it 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes 14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes 20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please download and test it _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b966818f2cf7a74e2535e6717f53a603f684fc89 (commit) via 75e2b7a51f0c104ebfbfecdc49d24e3f5b017581 (commit) from 69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd (commit) - Log - commit b966818f2cf7a74e2535e6717f53a603f684fc89 Merge: 75e2b7a 69f29ba Author: Mark J. Cox Date: Fri Aug 17 10:21:51 2018 +0100 Merge branch 'master' of git.openssl.org:openssl-web commit 75e2b7a51f0c104ebfbfecdc49d24e3f5b017581 Author: Mark J. Cox Date: Fri Aug 17 10:21:21 2018 +0100 Rearrange to alphabetical order which makes more sense (ack'd by Tim) --- Summary of changes: support/acks.html | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/support/acks.html b/support/acks.html index 4094177..eea4919 100644 --- a/support/acks.html +++ b/support/acks.html @@ -15,7 +15,7 @@ We would like to identify and thank the following such sponsors for their significant support of the OpenSSL project. Sponsors are - listed chronologically within categories. Please note that we ask + listed alphabetically within categories. Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. @@ -53,15 +53,15 @@ Platinum support: - https://www.netapp.com/;> https://www.bluecedar.com/;> - https://www.vmware.com/;>https://www.huawei.com/;> + https://www.netapp.com/;> https://www.oracle.com/;> - https://www.huawei.com/;>https://www.vmware.com/;> _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd (commit) from 22fe269070986cdb68933423044f4d126a154d0c (commit) - Log - commit 69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd Author: Matt Caswell Date: Tue Aug 14 13:43:06 2018 +0100 Updates for the new releases Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/68) --- Summary of changes: news/newsflash.txt | 2 ++ news/vulnerabilities.xml | 10 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index dabc4fa..6913436 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes +14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes 20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please download and test it 12-Jun-2018: Security Advisory: one low severity fix 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 97f818b..6ef9c56 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,7 @@ - + @@ -36,10 +36,10 @@ - + - + Client side Denial of Service @@ -82,10 +82,10 @@ - + - + Constant time issue _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 22fe269070986cdb68933423044f4d126a154d0c (commit) from 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 (commit) - Log - commit 22fe269070986cdb68933423044f4d126a154d0c Author: Rich Salz Date: Tue Aug 14 07:59:18 2018 -0400 Add FIPS FAQ, update FIPS status. --- Summary of changes: docs/faq-5-misc.txt | 7 +++ docs/fips.html | 21 ++--- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt index f2810e5..006b323 100644 --- a/docs/faq-5-misc.txt +++ b/docs/faq-5-misc.txt @@ -33,6 +33,13 @@ that came with the version of OpenSSL you are using. The pod format documentation is included in each OpenSSL distribution under the docs directory. +* I need a FIPS validated offering + +Please see +@@@https://www.openssl.org/docs/fips.html@@@; the OpenSSL project is no longer +involved in private label validations nor adding platforms to the existing +certificates. + * How can I contact the OpenSSL developers? The README file describes how to submit bug reports and patches to diff --git a/docs/fips.html b/docs/fips.html index 5c9b3ec..7bbce9c 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,7 +10,7 @@ FIPS-140 - The most recent open source based validation of a cryptographic + The current validation of a cryptographic module (Module) compatible with the OpenSSL 1.0.2 is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747. @@ -28,6 +28,19 @@ +Neither validation will work with any release other than 1.0.2. +The OpenSSL project is no longer maintaining either the 1747 +or the 2398 module. This includes adding platforms to those +validations. +We are starting work on a new validation, after the 1.1.1 +release completes. +That module will have a small set of validated operational +environments. +The OpenSSL project is no longer involved in private label +validations nor adding platforms to the existing certificates. + + + Here is the complete set of files. Note that if you are interested in the "1747" validation, you only need the three files mentioned above. @@ -68,12 +81,6 @@ source based validated module directly. You must obtain your own validation. - None of the validations will work with OpenSSL 1.1.0 or - later. - - We are starting work on a new validation based on the - upcoming 1.1.1 release. - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 (commit) from 556c539ce00cf8242a2d63018638942a21ef2319 (commit) - Log - commit 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 Author: Mark J. Cox Date: Tue Aug 14 12:21:00 2018 +0100 Another try at table spacing for donations page --- Summary of changes: support/donations.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/donations.html b/support/donations.html index aa5c8c6..1e6d56e 100644 --- a/support/donations.html +++ b/support/donations.html @@ -30,7 +30,7 @@ We provide Acknowledgements for sponsors depending on the level of funding: - + LevelAcknowledgement Exceptional$75,000+/yr _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 556c539ce00cf8242a2d63018638942a21ef2319 (commit) from a696660505f56a54173bb0cf400fd22f0458bc77 (commit) - Log - commit 556c539ce00cf8242a2d63018638942a21ef2319 Author: Mark J. Cox Date: Tue Aug 14 12:19:26 2018 +0100 Make the table look a tiny bit better --- Summary of changes: support/donations.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/donations.html b/support/donations.html index 9acfb51..aa5c8c6 100644 --- a/support/donations.html +++ b/support/donations.html @@ -30,7 +30,7 @@ We provide Acknowledgements for sponsors depending on the level of funding: - + LevelAcknowledgement Exceptional$75,000+/yr _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via a696660505f56a54173bb0cf400fd22f0458bc77 (commit) from eb318b531e5f84572847a0cd6e3620396b43dc99 (commit) - Log - commit a696660505f56a54173bb0cf400fd22f0458bc77 Author: Mark J. Cox Date: Tue Aug 14 12:15:30 2018 +0100 Update sponsros and acks page to match reality --- Summary of changes: support/acks.html | 69 +- support/donations.html | 39 ++-- 2 files changed, 71 insertions(+), 37 deletions(-) diff --git a/support/acks.html b/support/acks.html index 5c60a0c..4094177 100644 --- a/support/acks.html +++ b/support/acks.html @@ -11,37 +11,70 @@ The OpenSSL project depends on volunteer efforts and financial support from the end user community. That support comes - in the form of donations, contracts, and volunteer contributions. - Since all of these activities support the continued development - and improvement of OpenSSL, we consider all of them to be - sponsors of the OpenSSL project. + in many forms. We would like to identify and thank the following such sponsors - for their past or current significant support of the OpenSSL - project. Except as noted sponsors are listed within categories in - order of overall contribution value. Please note that we ask + for their significant support of the OpenSSL project. Sponsors are + listed chronologically within categories. Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. + Current Sponsors: + + +.sponsorlogo { +height: 100px !important; +width: 210px !important; +object-fit: contain !important; +object-position: 50% 50% !important; +padding-left: 15px !important; +padding-top: 10px !important; +padding-bottom: 10px !important; +padding-right: 15px !important; +} +.sponsorsection { +background-color: #ff !important; +text-align: center !important; +} + + Exceptional support: - http://www.smartisan.com/;> + + https://www.akamai.com/;> + https://www.smartisan.com/;> + + - Platinum sponsors (listed chronologically). The - sustainable funding provided by these sponsorships allows long term - planning: - http://www.huawei.com/;> - https://www.oracle.com/;> + Platinum support: - - Major support: - https://www.akamai.com/;> + + https://www.netapp.com/;> + https://www.bluecedar.com/;> + https://www.vmware.com/;> + https://www.oracle.com/;> + https://www.huawei.com/;> + + + + + + + diff --git a/support/donations.html b/support/donations.html index 7c320e9..9acfb51 100644 --- a/support/donations.html +++ b/support/donations.html @@ -7,11 +7,19 @@ - Donations + Sponsorship and Donations - Your donation to the OpenSSL team will support the ongoing - development activities of the team members. +The OpenSSL project relies on funding to maintain and improve +OpenSSL. +You can support the OpenSSL project financially with the +purchase of a support contract, by a +sponsorship donation, or by hiring OSF for consulting services or +custom software development. + +We do not have a PayPal account. Please do not donate to any +PayPal account claiming to be associated with us! + Please note that the OpenSSL Software Foundation (OSF) is incorporated in the the state of Delaware, United States, @@ -19,20 +27,18 @@ charitable organisation under Section 501(c)(3) of the U.S. Internal Revenue Code. - In addition to direct financial contributions in the form of - donations or sponsorship you may also support the OpenSSL project - financially with the purchase of a -support contract, or by hiring OSF - for consulting services or custom software development. We - consider all sources of funding to be sponsors, because we use all - such funding, whether donations or pay for services rendered, for - the same purpose -- to improve and
[openssl-commits] [web] master update
The branch master has been updated via eb318b531e5f84572847a0cd6e3620396b43dc99 (commit) from 521b74a4bd4f20cf9955c50199c760876a339edb (commit) - Log - commit eb318b531e5f84572847a0cd6e3620396b43dc99 Author: Mark J. Cox Date: Tue Aug 14 12:10:26 2018 +0100 Update donations and acknowledgements page to match reality and add in new sponsors --- Summary of changes: img/bluecedar-logo-med.png | Bin 0 -> 2993 bytes img/netapp-logo-med.jpg| Bin 0 -> 61513 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 img/bluecedar-logo-med.png create mode 100644 img/netapp-logo-med.jpg diff --git a/img/bluecedar-logo-med.png b/img/bluecedar-logo-med.png new file mode 100644 index 000..baa8655 Binary files /dev/null and b/img/bluecedar-logo-med.png differ diff --git a/img/netapp-logo-med.jpg b/img/netapp-logo-med.jpg new file mode 100644 index 000..723e053 Binary files /dev/null and b/img/netapp-logo-med.jpg differ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 521b74a4bd4f20cf9955c50199c760876a339edb (commit) from 45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit) - Log - commit 521b74a4bd4f20cf9955c50199c760876a339edb Author: Rich Salz Date: Mon Aug 13 22:41:34 2018 -0400 Fix date for when travel policy was approved --- Summary of changes: policies/travel.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policies/travel.html b/policies/travel.html index 5d0f1db..7eda596 100644 --- a/policies/travel.html +++ b/policies/travel.html @@ -12,7 +12,7 @@ Travel Reimbursement Policy - First issued 28th February 2014 + First issued 28th February 2018 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit) from 3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit) - Log - commit 45331ed59e3bd3c16808ceed54e35a98a3fea79b Author: Rich Salz Date: Thu Jul 26 15:00:58 2018 -0400 Add GeneralName question Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/64) --- Summary of changes: docs/faq-3-prog.txt | 19 +++ 1 file changed, 19 insertions(+) diff --git a/docs/faq-3-prog.txt b/docs/faq-3-prog.txt index a471f5e..bb6790a 100644 --- a/docs/faq-3-prog.txt +++ b/docs/faq-3-prog.txt @@ -154,6 +154,25 @@ Rules (DER): these uniquely specify how a given structure is encoded. Therefore, because DER is a special case of BER, DER is an acceptable encoding for BER. +* The encoding for GeneralName is wrong; why is the SEQUENCE tag missing? + +In RFC 5280 GeneralName is defined in the module in Appendix A.2, and that +module specifies the use of IMPLICIT tagging. This means that there is not an +explicit SEQUENCE (30) tag following the A0 tag (you just know from the ASN.1 +that what follows the A1 tag is a SEQUENCE). This is in contrast to the value +field within OtherName (test@kerberose-domain.internal), where the tag for +UTF8String (0C) follows the A0 tag, since EXPLICIT tagging is specified for +that particular field. + +You will notice the same thing if you look at other choices within +GeneralName. If you look at the DNS names encoded in the subjectAltName +extension, the 82 tag (corresponding to [2]) is not followed by a tag for +IA5String (22). It is not needed since the ASN.1 indicates that what follows +the 82 tag is an IA5String. However, if the module specified EXPLICIT +encoding, then there would be a 16 tag after the 82 tag. + +(Thanks to David Cooper for this text.) + * I tried to set a cipher list with a valid cipher, but the call fails, why? OpenSSL 1.1.0 introduced the concept of a security level, allowing _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit) from 108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit) - Log - commit 3c0d5cabf30bc2367a5574b3b9bfd5639396533f Author: Rich Salz Date: Tue Jul 3 11:35:17 2018 -0400 Fix NIST links, remove 2473. Also remove some "political" content. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/63) --- Summary of changes: docs/fips.html | 29 + 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/docs/fips.html b/docs/fips.html index 8c67a04..5c9b3ec 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,15 +10,10 @@ FIPS-140 - For a basic introduction, - see below. Thanks to multiple platform - sponsorships, the 2.0 validations include the largest number of - formally tested platforms for any validated module. - The most recent open source based validation of a cryptographic - module (Module) compatible with the OpenSSL 1.0.1 and 1.0.2 - libraries is v2.0.16, FIPS 140-2 certificate http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747;>#1747. + module (Module) compatible with the OpenSSL 1.0.2 + is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747. This Module is documented in the 2.0 User Guide; the source code, @@ -26,12 +21,10 @@ are also available. - For convoluted bureaucratic reasons, the same module is also - available under the validations http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398;>#2398 - (revision 2.0.16) and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473;>#2473 - (revision 2.0.10). + For various bureaucratic reasons, the same module is also + available as validation https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2398;>#2398 + (revision 2.0.16). @@ -69,14 +62,18 @@ instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis. - If even the tiniest source code or build process changes are - required for your intended application, you cannot use the open + If even a single line of the source code or build process + has to be changed + for your intended application, you cannot use the open source based validated module directly. You must obtain your own validation. None of the validations will work with OpenSSL 1.1.0 or later. + We are starting work on a new validation based on the + upcoming 1.1.1 release. + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit) from 59e4ff330c6ff27e71c040f65d2918f4fb5c0692 (commit) - Log - commit 108c503eb0e909259ef0f1f68a07e74752c2f9a3 Author: Matt Caswell Date: Wed Jun 20 15:54:49 2018 +0100 Update newsflash for pre 8 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/62) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index ce931be..dabc4fa 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please download and test it 12-Jun-2018: Security Advisory: one low severity fix 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 59e4ff330c6ff27e71c040f65d2918f4fb5c0692 (commit) via 6e56f7d522fa01f454e88a2ffd9c1df4527dad16 (commit) from 574a269efd409a480d1eef665dddb7362156d70a (commit) - Log - commit 59e4ff330c6ff27e71c040f65d2918f4fb5c0692 Author: Richard Levitte Date: Thu Jun 14 10:02:01 2018 +0200 OMC generation: account for titles when sorting names This moves the process of making names sortable to a separate function. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/61) commit 6e56f7d522fa01f454e88a2ffd9c1df4527dad16 Author: Richard Levitte Date: Thu Jun 14 10:01:10 2018 +0200 OMC generation: Make sure non-ASCII characters are made into entities Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/61) --- Summary of changes: bin/mk-omc | 27 ++- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/bin/mk-omc b/bin/mk-omc index 5832710..e6dee11 100755 --- a/bin/mk-omc +++ b/bin/mk-omc @@ -6,6 +6,7 @@ use warnings; use Getopt::Long; use Pod::Usage; use OpenSSL::Query::REST; +use HTML::Entities; my %options = (); GetOptions( @@ -55,14 +56,7 @@ print join("\n", map { "$_\n" } @columns); print " \n"; -foreach my $key (sort { my $sortablename_a = - ($a =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, -"$2, $1"); - my $sortablename_b = - ($b =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, -"$2, $1"); - $sortablename_a cmp $sortablename_b } -keys %data) { +foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) } keys %data) { my $pgpurl = $data{$key}->{pgpid} if $options{pgp}; $pgpurl =~ s|\s+||g if $pgpurl; $pgpurl = @@ -73,7 +67,7 @@ foreach my $key (sort { my $sortablename_a = push @columndata, join('', $data{$key}->{active} ? "" : "", -"$key", +encode_entities($key), $data{$key}->{active} ? "" : " (I)", $data{$key}->{emeritus} ? " (OMC Emeritus)" : "") if $options{name}; @@ -93,3 +87,18 @@ foreach my $key (sort { my $sortablename_a = } print "\n"; + +sub mk_sortable { +my $name = shift; + +# Peel off any title +$name =~ s/(Dr|Mr|Mrs|Miss)\.?\s+//; + +# Split into first+middle name and last names and flip them over with +# a comma between. +# We work with the assumption that the middle name, if included, is +# given as a single letter followed by a possible period. +$name = ($name =~ m|^(\S+(?:\s\S\.?)?)\s+(.*)$|, "$2, $1"); + +return $name; +} _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 574a269efd409a480d1eef665dddb7362156d70a (commit) from b89fd121a046015bb70865060d6cf7f3268b36f0 (commit) - Log - commit 574a269efd409a480d1eef665dddb7362156d70a Author: Richard Levitte Date: Wed Jun 13 19:19:13 2018 +0200 Generate OMC Members and OMC Alumni This simplifies our lives when we need to do changes, since we already have a personell database. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/60) --- Summary of changes: Makefile | 8 +++- bin/mk-omc| 95 +++ community/omc-alumni.html | 67 + community/omc.html| 63 +-- 4 files changed, 104 insertions(+), 129 deletions(-) create mode 100755 bin/mk-omc diff --git a/Makefile b/Makefile index d53b50c..a495e0c 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,7 @@ RELEASEDIR = /var/www/openssl/source # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ community/committers.inc \ +community/omc.inc community/omc-alumni.inc \ docs/faq.inc docs/fips.inc \ news/changelog.inc news/changelog.txt \ news/cl102.txt news/cl110.txt news/cl111.txt \ @@ -78,7 +79,7 @@ manmaster: $(call newmakemanpages,$(CHECKOUTS)/openssl,master) ## $(SIMPLE) -- SIMPLE GENERATED FILES -.PHONY: sitemap community/committers.inc +.PHONY: sitemap community/committers.inc community/omc.inc community/omc-alumni.inc newsflash.inc: news/newsflash.inc @rm -f $@ head -7 $? >$@ @@ -92,6 +93,11 @@ community/committers.inc: ./bin/mk-committers $@ @rm -f Members +community/omc.inc: + ./bin/mk-omc -n -e -l -p -t 'OMC Members' omc omc-inactive > $@ +community/omc-alumni.inc: + ./bin/mk-omc -n -l -t 'OMC Alumni' omc-alumni omc-emeritus > $@ + docs/faq.inc: $(wildcard docs/faq-[0-9]-*.txt) bin/mk-faq @rm -f $@ ./bin/mk-faq docs/faq-[0-9]-*txt >$@ diff --git a/bin/mk-omc b/bin/mk-omc new file mode 100755 index 000..5832710 --- /dev/null +++ b/bin/mk-omc @@ -0,0 +1,95 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use Getopt::Long; +use Pod::Usage; +use OpenSSL::Query::REST; + +my %options = (); +GetOptions( +\%options, +'name|n', # Show name +'email|e', # Show email +'locale|l',# Show locale +'pgp|p', # Show PGP key ID +'activity|a', # Show whether person is active +'title|t=s', # Title of the resulting table +'help|?', # Help +'man', # Full manual + ) or pod2usage(2); + +pod2usage(1) unless $options{title}; +pod2usage(1) +unless ($options{name} || $options{email} || $options{locale} + || $options{activity} || $options{pgp}); +pod2usage(1) if $options{help}; +pod2usage(-exitval => 0, -verbose => 2) if $options{man}; + +my $query = OpenSSL::Query->new(); + +my %data = (); # Indexed by name, value is a hash table of vals +foreach my $groupname (@ARGV) { +my @members = $query->members_of($groupname); +foreach my $ids (@members) { + my $name = (grep m|\s|, @$ids)[0]; + my $email = (grep m|\@openssl\.org$|, @$ids)[0]; + my $locale = $query->find_person_tag($email, 'country'); + my $pgpid = $query->find_person_tag($email, 'pgp'); + $data{$name} = { email => $email, locale => $locale, pgpid => $pgpid, +active => !!($groupname !~ m|-inactive$|), +emeritus => !!($groupname =~ m|-emeritus$|) }; +} +} + +my @columns = (); +push @columns, 'Name' if $options{name}; +push @columns, 'Email' if $options{email}; +push @columns, 'Locale' if $options{locale}; +push @columns, 'PGP Key ID' if $options{pgp}; + +print "\n"; +print " \n"; +print join("\n", + map { "$_\n" } @columns); +print " \n"; + +foreach my $key (sort { my $sortablename_a = + ($a =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, +"$2, $1"); + my $sortablename_b = + ($b =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, +"$2, $1"); + $sortablename_a cmp $sortablename_b } +keys %data) { +my $pgpurl = $data{$key}->{pgpid} if $options{pgp}; +$pgpurl =~ s|\s+||g if $pgpurl; +$pgpurl = + "http://pool.sks-keyservers.net:11371/pks/lookup?op=get=0x$pgpurl; + if $pgpurl; + +my @columndata = (); +push @columndata, + join('', +$data{$key}->{active} ? "" : "", +"$key", +$data{$key}->{active} ? "" : "
[openssl-commits] [web] master update
The branch master has been updated via b89fd121a046015bb70865060d6cf7f3268b36f0 (commit) from 81d4522dd877e11b558579fdb89b447cf95606bb (commit) - Log - commit b89fd121a046015bb70865060d6cf7f3268b36f0 Author: Matt Caswell Date: Tue Jun 12 13:10:13 2018 +0100 Fix advisory link Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/59) --- Summary of changes: news/vulnerabilities.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 145e1ef..97f818b 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -51,7 +51,7 @@ generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 81d4522dd877e11b558579fdb89b447cf95606bb (commit) from d04d28a092b7489bfe3831aa69e20ddc87b28bfa (commit) - Log - commit 81d4522dd877e11b558579fdb89b447cf95606bb Author: Matt Caswell Date: Tue Jun 12 10:25:31 2018 +0100 Updates for CVE-2018-0732 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/58) --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20180612.txt | 35 +++ news/vulnerabilities.xml | 48 +++- 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20180612.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index cba57e2..ce931be 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +12-Jun-2018: Security Advisory: one low severity fix 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it diff --git a/news/secadv/20180612.txt b/news/secadv/20180612.txt new file mode 100644 index 000..1864ace --- /dev/null +++ b/news/secadv/20180612.txt @@ -0,0 +1,35 @@ + +OpenSSL Security Advisory [12 June 2018] + + +Client DoS due to large DH parameter (CVE-2018-0732) + + +Severity: Low + +During key agreement in a TLS handshake using a DH(E) based ciphersuite a +malicious server can send a very large prime value to the client. This will +cause the client to spend an unreasonably long period of time generating a key +for this prime resulting in a hang until the client has finished. This could be +exploited in a Denial Of Service attack. + +Due to the low severity of this issue we are not issuing a new release of +OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i +and OpenSSL 1.0.2p when they become available. The fix is also available in +commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2) in the OpenSSL git +repository. + +This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who also +developed the fix. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20180612.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index bb13b7f..145e1ef 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,53 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Client side Denial of Service +Client DoS due to large DH parameter + +During key agreement in a TLS handshake using a DH(E) based ciphersuite +a malicious server can send a very large prime value to the client. This +will cause the client to spend an unreasonably long period of time +generating a key for this prime resulting in a hang until the client has +finished. This could be exploited in a Denial Of Service attack. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via d04d28a092b7489bfe3831aa69e20ddc87b28bfa (commit) from 8241c47b948d2213e8cead94844fd23207716499 (commit) - Log - commit d04d28a092b7489bfe3831aa69e20ddc87b28bfa Author: Richard Levitte Date: Tue Jun 12 09:19:01 2018 +0200 Emilia Käsper has left us --- Summary of changes: community/omc-alumni.html | 5 + community/omc.html| 7 --- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/community/omc-alumni.html b/community/omc-alumni.html index 2f1fbd7..0581a62 100644 --- a/community/omc-alumni.html +++ b/community/omc-alumni.html @@ -38,6 +38,11 @@ + Emilia Ksper + CH + + + Nils Larsch DE diff --git a/community/omc.html b/community/omc.html index 6678dc7..dd78706 100644 --- a/community/omc.html +++ b/community/omc.html @@ -59,13 +59,6 @@ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get=0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD;>C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD - - Emilia Ksper - mailto:emi...@openssl.org;>emi...@openssl.org - CH - - - Richard Levitte mailto:levi...@openssl.org;>levi...@openssl.org _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8241c47b948d2213e8cead94844fd23207716499 (commit) from 62df8cc9ba93dd099b4f5622e331f935643b6790 (commit) - Log - commit 8241c47b948d2213e8cead94844fd23207716499 Author: Rich Salz Date: Tue May 29 11:18:24 2018 -0400 Remove rationale paragraph Reviewed-by: OMC Vote --- Summary of changes: policies/releasestrat.html | 16 +--- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 9d0e3c3..0bb80f5 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,20 +34,6 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features. - Binary compatibility also allows other possibilities. For - example, consider an application that wishes to utilize - a new cipher provided in a specific 1.0.x release, but it - is also desirable to maintain the application in a 1.0.0 - context. Customarily this would be resolved at compile time - resulting in two binary packages targeting different OpenSSL - versions. However, depending on the feature, it might be - possible to check for its availability at run-time, thus cutting - down on the maintenance of multiple binary packages. Admittedly - it takes a certain discipline and some extra coding, but we - would like to encourage such practice. This is because we - want to see later releases being adopted faster, because new - features can improve security. - With regards to current and future releases the OpenSSL project has adopted the following policy: @@ -64,7 +50,7 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. - As implied by the above paragraphs, during the final year + During the final year of support, we do not commit to anything other than security fixes. Before that, bug and security fixes will be applied as appropriate. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 62df8cc9ba93dd099b4f5622e331f935643b6790 (commit) from 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit) - Log - commit 62df8cc9ba93dd099b4f5622e331f935643b6790 Author: Matt Caswell Date: Tue May 29 09:21:53 2018 +0100 Update the release strategy Updates in line with the following votes: "The next LTS release will be 1.1.1 and the LTS expiry date for 1.0.2 will not be changed." and "1.1.1 beta release schedule changed so that the next two beta releases are now 29th May, 19 June and we will re-review release readiness after that. We will also ensure that there is at least one beta release post TLS-1.3 RFC publication prior to the final release." Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/55) --- Summary of changes: policies/releasestrat.html | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 3f37936..9d0e3c3 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -13,7 +13,7 @@ Release Strategy First issued 23rd December 2014 - Last modified 6th February 2018 + Last modified 29th May 2018 @@ -69,10 +69,10 @@ fixes. Before that, bug and security fixes will be applied as appropriate. - The next version of OpenSSL will be 1.1.1. This is currently in - development and has a primary focus of implementing TLSv1.3. The - RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened. + The next version of OpenSSL will be 1.1.1 which will be an LTS release. + This is currently in development and has a primary focus of implementing + TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. + OpenSSL 1.1.1 will not have its final release until that has happened. The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises. @@ -88,9 +88,10 @@ 3rd April 2018, beta release 2 (pre4) 17th April 2018, beta release 3 (pre5) 1st May 2018, beta release 4 (pre6) - 8th May 2018, release readiness check (new release - cycles added if required, first possible final release date: - 15th May 2018) + 29th May 2018, beta release 5 (pre7) + 19th June 2018, beta release 6 (pre8) + Release readiness check following pre8 release (new release + cycles added if required) An alpha release means: @@ -113,7 +114,7 @@ Clean builds in Travis and Appveyor for two days run-checker.sh to be showing as clean 2 days before release No open Coverity issues (not flagged as "False Positive" or "Ignore") - TLSv1.3 RFC published + TLSv1.3 RFC published (with at least one beta release after the publicaction) Valid reasons for closing an issue/PR with a 1.1.1 milestone might be: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit) from c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit) - Log - commit 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 Author: Matt Caswell Date: Tue May 29 13:26:20 2018 +0100 Updates to newsflash for pre7 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/56) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 202f95c..cba57e2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL 1747 Validation not moved to historical _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit) from ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit) - Log - commit c9f50cbf963b7d9949332c17e614ad0a6e97d431 Author: Rich SalzDate: Wed May 23 19:57:47 2018 -0400 Revert "Remove rationale, clarify language." This reverts commit ac5eb58ddc24db122c494b4cb13de3adff366e48. --- Summary of changes: policies/releasestrat.html | 28 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 83b85d2..3f37936 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,6 +34,20 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features. + Binary compatibility also allows other possibilities. For + example, consider an application that wishes to utilize + a new cipher provided in a specific 1.0.x release, but it + is also desirable to maintain the application in a 1.0.0 + context. Customarily this would be resolved at compile time + resulting in two binary packages targeting different OpenSSL + versions. However, depending on the feature, it might be + possible to check for its availability at run-time, thus cutting + down on the maintenance of multiple binary packages. Admittedly + it takes a certain discipline and some extra coding, but we + would like to encourage such practice. This is because we + want to see later releases being adopted faster, because new + features can improve security. + With regards to current and future releases the OpenSSL project has adopted the following policy: @@ -50,18 +64,15 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. - During the final year + As implied by the above paragraphs, during the final year of support, we do not commit to anything other than security - fixes. Before then, bug and security fixes will be applied + fixes. Before that, bug and security fixes will be applied as appropriate. The next version of OpenSSL will be 1.1.1. This is currently in development and has a primary focus of implementing TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened; - we want to have at least one beta release after TLS 1.3 is - officially published as an RFC. The next LTS release will be - 1.1.1. + will not have its final release until that has happened. The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises. @@ -77,8 +88,9 @@ 3rd April 2018, beta release 2 (pre4) 17th April 2018, beta release 3 (pre5) 1st May 2018, beta release 4 (pre6) -29th May 2018, beta release 5 (pre7) -19th June 2018, beta release 6 (pre8) + 8th May 2018, release readiness check (new release + cycles added if required, first possible final release date: + 15th May 2018) An alpha release means: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit) from 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit) - Log - commit ac5eb58ddc24db122c494b4cb13de3adff366e48 Author: Rich SalzDate: Mon May 14 16:29:47 2018 -0400 Remove rationale, clarify language. Add 1.1.1 release/LTS details. Remove paragraph justifying binary compatibility. Also remove phrase "as implied by the above" beause, well, it ACTUALY ISN'T implied by the above. :) Reviewed-by: Matt Caswell Reviewed-by: Mark Cox (Merged from https://github.com/openssl/web/pull/52) --- Summary of changes: policies/releasestrat.html | 28 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 3f37936..83b85d2 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,20 +34,6 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features. - Binary compatibility also allows other possibilities. For - example, consider an application that wishes to utilize - a new cipher provided in a specific 1.0.x release, but it - is also desirable to maintain the application in a 1.0.0 - context. Customarily this would be resolved at compile time - resulting in two binary packages targeting different OpenSSL - versions. However, depending on the feature, it might be - possible to check for its availability at run-time, thus cutting - down on the maintenance of multiple binary packages. Admittedly - it takes a certain discipline and some extra coding, but we - would like to encourage such practice. This is because we - want to see later releases being adopted faster, because new - features can improve security. - With regards to current and future releases the OpenSSL project has adopted the following policy: @@ -64,15 +50,18 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years. - As implied by the above paragraphs, during the final year + During the final year of support, we do not commit to anything other than security - fixes. Before that, bug and security fixes will be applied + fixes. Before then, bug and security fixes will be applied as appropriate. The next version of OpenSSL will be 1.1.1. This is currently in development and has a primary focus of implementing TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened. + will not have its final release until that has happened; + we want to have at least one beta release after TLS 1.3 is + officially published as an RFC. The next LTS release will be + 1.1.1. The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises. @@ -88,9 +77,8 @@ 3rd April 2018, beta release 2 (pre4) 17th April 2018, beta release 3 (pre5) 1st May 2018, beta release 4 (pre6) - 8th May 2018, release readiness check (new release - cycles added if required, first possible final release date: - 15th May 2018) +29th May 2018, beta release 5 (pre7) +19th June 2018, beta release 6 (pre8) An alpha release means: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit) from e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit) - Log - commit 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 Author: Matt CaswellDate: Wed May 23 10:01:41 2018 +0100 Remove the Forthcoming Features section as per OMC vote Issues have been created for the outstanding features, also as per the vote. Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/54) --- Summary of changes: policies/roadmap.html | 21 - 1 file changed, 21 deletions(-) diff --git a/policies/roadmap.html b/policies/roadmap.html index 58d9812..e2b9479 100644 --- a/policies/roadmap.html +++ b/policies/roadmap.html @@ -86,27 +86,6 @@ Publish the build and test status for each platform (Timescale: Next feature release) - - Forthcoming Features - The primary focus of the next feature release (1.1.1) is - TLS 1.3. - The primary focus of the immediately following feature - release (after 1.1.1) is FIPS. - - We are also evaluating the following new features. - - - New AEAD API - SHA3 - X25519 performance improvements - New IETF signature algorithms - PKCS#11 - PRNG replacement - ASN.1 encoder/decoder replacement - STORE (certificate, crl, key storage API) - Replace CAPI with newer API engine - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit) from 6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit) - Log - commit e4458ac28cde9545944b3eb8fe6193ca1c33cd18 Author: Mark J. CoxDate: Wed May 16 21:40:33 2018 +0100 Update policy to remove a guiding principle as per vote at Ottawa f2f --- Summary of changes: policies/secpolicy.html | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 7af2965..3a298d4 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 23rd January 2018 + Last modified 16th May 2018 @@ -120,10 +120,6 @@ The policy above is guided by our security principles: - We strongly believe that the right to advance patches/info - should not be based in any way on paid membership to some forum. - You can not pay us to get security patches in advance. - It's in the best interests of the Internet as a whole to get fixes for OpenSSL security issues out quickly. OpenSSL embargoes should be measured in days and weeks, not months or years. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit) from c1af450066654ac208edbb73f954fcf32d6330f7 (commit) - Log - commit 6d2d64dcea7f89da419eafb2e860b0f0f164458f Author: Rich SalzDate: Wed May 16 16:09:43 2018 -0400 Broken link to pgpkey.html Also fix indent of #include'd file Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/53) --- Summary of changes: community/index.html | 2 +- news/pgpkey.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 82374b6..e204c4b 100644 --- a/community/index.html +++ b/community/index.html @@ -50,7 +50,7 @@ please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org. Encryption is not required, but if you want to encrypt the mail, you can use our -team's PGP Key. Or you can +team's PGP Key. Or you can send mail to one or more individual OMC Members, encrypted or plaintext. diff --git a/news/pgpkey.html b/news/pgpkey.html index 492a80d..5c996a5 100644 --- a/news/pgpkey.html +++ b/news/pgpkey.html @@ -18,7 +18,7 @@ openssl-security.asc - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via c1af450066654ac208edbb73f954fcf32d6330f7 (commit) from 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit) - Log - commit c1af450066654ac208edbb73f954fcf32d6330f7 Author: Rich SalzDate: Fri Apr 6 12:08:26 2018 -0400 Remove NSA license and mention of it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/51) --- Summary of changes: source/NSA-PLA.pdf | Bin 2276088 -> 0 bytes source/sidebar.shtml | 3 --- 2 files changed, 3 deletions(-) delete mode 100644 source/NSA-PLA.pdf diff --git a/source/NSA-PLA.pdf b/source/NSA-PLA.pdf deleted file mode 100644 index 88514df..000 Binary files a/source/NSA-PLA.pdf and /dev/null differ diff --git a/source/sidebar.shtml b/source/sidebar.shtml index 233e092..6862589 100644 --- a/source/sidebar.shtml +++ b/source/sidebar.shtml @@ -17,9 +17,6 @@ OCB License -NSA ECC License - - Old Releases _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit) from 52717d01f543385642f385407e52b1eb35283f21 (commit) - Log - commit 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d Author: Rich SalzDate: Sat May 5 10:10:44 2018 -0400 Tweak wording based on F2F --- Summary of changes: community/getting-started.html | 26 +- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/community/getting-started.html b/community/getting-started.html index 0bbc175..c7c9626 100644 --- a/community/getting-started.html +++ b/community/getting-started.html @@ -14,11 +14,21 @@ the information on this page, and the links to the side. In particular, you should look at the Mailing Lists page and join -the openssl-dev or openssl-users list, or both. +the openssl-project or openssl-users list, or both. After that, here are some ideas: + Review and comment on the pull requests on GitHub. + + You can find pull requests -- patches that people have + suggested -- at + https://github.com/openssl/openssl/pulls;>https://github.com/openssl/openssl/pulls + Reviewing and commenting on these is helpful and can be a good + way to learn your way around the code. + + Look through the OpenSSL issues on GitHub. You can find issues that people have opened at @@ -31,22 +41,12 @@ very useful! - Look at the pull requests on GitHub. - - You can find pull requests -- patches that people have - suggested -- at - https://github.com/openssl/openssl/pulls;>https://github.com/openssl/openssl/pulls - Reviewing and commenting on these is helpful, like with - the issues mentioned above. - - Help update the documentation. The documentation has gotten better, but there are still many API's that are not documented. Write a POD page, or report - bugs in existing pages. It's probably better to get a whole - bunch of minor edits done one once. + bugs in existing pages. It's probably better to do a whole + bunch of minor edits in one submission. Write some test cases. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 52717d01f543385642f385407e52b1eb35283f21 (commit) from 7d8bb2e70f7b294ba633eb550626fe2ae11c9055 (commit) - Log - commit 52717d01f543385642f385407e52b1eb35283f21 Author: Matt CaswellDate: Tue May 1 13:30:50 2018 +0100 Update newsflash for new release --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 00f1aff..202f95c 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL 1747 Validation not moved to historical 16-Apr-2018: Security Advisory: one low severity fix _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 7d8bb2e70f7b294ba633eb550626fe2ae11c9055 (commit) from 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 (commit) - Log - commit 7d8bb2e70f7b294ba633eb550626fe2ae11c9055 Author: Mark J. CoxDate: Wed Apr 25 15:26:35 2018 +0100 What we probably meant to do here is create anchors, so let's do that --- Summary of changes: community/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 82ea6bb..82374b6 100644 --- a/community/index.html +++ b/community/index.html @@ -44,7 +44,7 @@ several groups for help with the project infrastructure over time. -Reporting Security Bugs +Reporting Security Bugs If you think you have found a security bug in OpenSSL, please send mail to vulnerabilities page -Reporting Bugs +Reporting Bugs To report a bug or make an enhancement request, please open an issue on GitHub, by clicking "new issue" on this page: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 (commit) from f6eb108b46978392e0f3187af1b24ece5fc2cdda (commit) - Log - commit 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 Author: Mark J. CoxDate: Wed Apr 25 15:23:27 2018 +0100 Update the URL to save having to click through twice to the new location; this is a trivial change for which we do not need to vote on a policy change or update the policy change date. --- Summary of changes: policies/secpolicy.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 24b7b25..7af2965 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -21,7 +21,7 @@ If you wish to report a possible security issue in OpenSSL -please notify us. +please notify us. Issue triage _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f6eb108b46978392e0f3187af1b24ece5fc2cdda (commit) from 0a533713bb32d0e21b2a44d0ebdf666988db4ee6 (commit) - Log - commit f6eb108b46978392e0f3187af1b24ece5fc2cdda Author: Mark J. CoxDate: Wed Apr 25 10:44:57 2018 +0100 Fix emacs autowrap I didn't notice --- Summary of changes: community/index.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 06e5861..82ea6bb 100644 --- a/community/index.html +++ b/community/index.html @@ -62,8 +62,7 @@ Please note that we do not run a Bug Bounty program, although third parties may reward confirmed security issues reported in the OpenSSL codebase. We do not consider -the https://github.com/openssl/openssl/issues/6077;>lack -of SPF records for openssl.org a security issue. +the https://github.com/openssl/openssl/issues/6077;>lack of SPF records for openssl.org a security issue. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0a533713bb32d0e21b2a44d0ebdf666988db4ee6 (commit) from 9ff40f37a3cdab765451353163477290698248c2 (commit) - Log - commit 0a533713bb32d0e21b2a44d0ebdf666988db4ee6 Author: Mark J. CoxDate: Wed Apr 25 10:43:04 2018 +0100 Note the questions we get asked frequently about bug bounties and lack of a SPF record. We could add more here for the other frequently reported issues (like an open ftp server, open directory listings etc) --- Summary of changes: community/index.html | 8 1 file changed, 8 insertions(+) diff --git a/community/index.html b/community/index.html index c2bce5c..06e5861 100644 --- a/community/index.html +++ b/community/index.html @@ -59,6 +59,14 @@ Security Policy. +Please note that we do not run a Bug Bounty program, although third parties +may reward confirmed security issues reported in the OpenSSL codebase. We +do not consider +the https://github.com/openssl/openssl/issues/6077;>lack +of SPF records for openssl.org a security issue. + + + All fixed security bugs are listed on our vulnerabilities page _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 9ff40f37a3cdab765451353163477290698248c2 (commit) from 56be59c9b561ac2d3183723c35fbc3d530c5bbca (commit) - Log - commit 9ff40f37a3cdab765451353163477290698248c2 Author: Mark J. CoxDate: Wed Apr 25 10:11:30 2018 +0100 Remove duplicated text and refer to report a security issue section --- Summary of changes: news/vulnerabilities-0.9.6.html | 13 ++--- news/vulnerabilities-0.9.7.html | 13 ++--- news/vulnerabilities-0.9.8.html | 13 ++--- news/vulnerabilities-1.0.0.html | 13 ++--- news/vulnerabilities-1.0.1.html | 13 ++--- news/vulnerabilities-1.0.2.html | 13 ++--- news/vulnerabilities-1.1.0.html | 13 ++--- news/vulnerabilities.html | 13 ++--- 8 files changed, 16 insertions(+), 88 deletions(-) diff --git a/news/vulnerabilities-0.9.6.html b/news/vulnerabilities-0.9.6.html index 97932bd..34d4b20 100644 --- a/news/vulnerabilities-0.9.6.html +++ b/news/vulnerabilities-0.9.6.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 0.9.6 ended and is no longer receiving security updates diff --git a/news/vulnerabilities-0.9.7.html b/news/vulnerabilities-0.9.7.html index fe0e5af..829 100644 --- a/news/vulnerabilities-0.9.7.html +++ b/news/vulnerabilities-0.9.7.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 0.9.7 ended and is no longer receiving security updates diff --git a/news/vulnerabilities-0.9.8.html b/news/vulnerabilities-0.9.8.html index 0cabef2..127624f 100644 --- a/news/vulnerabilities-0.9.8.html +++ b/news/vulnerabilities-0.9.8.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 0.9.8 ended on 31st December 2015 and is no longer receiving security updates diff --git a/news/vulnerabilities-1.0.0.html b/news/vulnerabilities-1.0.0.html index d40c7cb..f0c375d 100644 --- a/news/vulnerabilities-1.0.0.html +++ b/news/vulnerabilities-1.0.0.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 1.0.0 ended on 31st December 2015 and is no longer receiving security updates diff --git
[openssl-commits] [web] master update
The branch master has been updated via 56be59c9b561ac2d3183723c35fbc3d530c5bbca (commit) from 5f9833f853d1fd6eb25d485b309ae540b09cf796 (commit) - Log - commit 56be59c9b561ac2d3183723c35fbc3d530c5bbca Author: Mark J. CoxDate: Wed Apr 25 10:06:48 2018 +0100 Move the details of reporting security issues here, that way we can remove the duplication from each vulnerability page and we can add more details about reports we will reject --- Summary of changes: community/index.html | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/community/index.html b/community/index.html index 45c0210..c2bce5c 100644 --- a/community/index.html +++ b/community/index.html @@ -44,11 +44,25 @@ several groups for help with the project infrastructure over time. -Reporting Bugs +Reporting Security Bugs + +If you think you have found a security bug in OpenSSL, +please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org. +Encryption is not required, but if you want to encrypt the mail, you can use our +team's PGP Key. Or you can +send mail to one or more individual OMC Members, +encrypted or plaintext. +We will work with you to assess and fix the flaw, +as discussed in our +Security Policy. + + +All fixed security bugs are listed on our vulnerabilities page + - If you think have found a security bug, please see our - vulnerabilities page - for information on how to report it. +Reporting Bugs To report a bug or make an enhancement request, please open an issue on GitHub, by clicking "new issue" on this page: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5f9833f853d1fd6eb25d485b309ae540b09cf796 (commit) from f8a362841bcc696786c5faa1dcfc8d0c274f92e7 (commit) - Log - commit 5f9833f853d1fd6eb25d485b309ae540b09cf796 Author: Matt CaswellDate: Tue Apr 24 08:21:54 2018 +0100 Fix error for CVE-2018-0737 vulnerabilities.xml erroneously did not list 1.0.2a and 1.0.2 as affected. --- Summary of changes: news/vulnerabilities.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 684eb33..bb13b7f 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -20,6 +20,8 @@ + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f8a362841bcc696786c5faa1dcfc8d0c274f92e7 (commit) from fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 (commit) - Log - commit f8a362841bcc696786c5faa1dcfc8d0c274f92e7 Author: Rich SalzDate: Wed Apr 18 08:50:48 2018 -0400 Add bug bounty reference --- Summary of changes: docs/faq-5-misc.txt | 10 ++ 1 file changed, 10 insertions(+) diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt index b84b595..f2810e5 100644 --- a/docs/faq-5-misc.txt +++ b/docs/faq-5-misc.txt @@ -103,3 +103,13 @@ in the next minor release. It was decided after the release of OpenSSL 0.9.8y the next version should be 0.9.8za then 0.9.8zb and so on. + +* Do you have a bug bounty program? + +The project does not. Google runs a program +@@@https://www.google.com/about/appsecurity/patch-rewards/@@@; so does +HackerOne, @@@https://hackerone.com/ibb-openssl@@@. In general, if you +have found a security issue, send email to openssl-secur...@openssl.org. +Please note that we do not consider DNS configurations or Website +configuration to be security issues. + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 (commit) from 168a9472b41c33b508d82a167ec169482b854664 (commit) - Log - commit fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 Author: Richard LevitteDate: Tue Apr 17 15:46:22 2018 +0200 Update newsflash for release of OpenSSL 1.1.1-pre5 (beta 3) --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index b0b7cf1..00f1aff 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL 1747 Validation not moved to historical 16-Apr-2018: Security Advisory: one low severity fix 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 168a9472b41c33b508d82a167ec169482b854664 (commit) from 58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit) - Log - commit 168a9472b41c33b508d82a167ec169482b854664 Author: Rich SalzDate: Mon Apr 16 11:47:44 2018 -0400 1747 newsflash --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e4ecaef..b0b7cf1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL 1747 Validation not moved to historical 16-Apr-2018: Security Advisory: one low severity fix 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it 27-Mar-2018: Security Advisory: several security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit) from 5d178ddbeb5943d800ecf261449b139971d6743a (commit) - Log - commit 58fdfb2faa17a780294c693bc5c8f08149bd3d2c Author: Matt CaswellDate: Mon Apr 16 16:33:11 2018 +0100 Update newsflash for security advisory --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index fe25c29..e4ecaef 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Apr-2018: Security Advisory: one low severity fix 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it 27-Mar-2018: Security Advisory: several security fixes 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5d178ddbeb5943d800ecf261449b139971d6743a (commit) from e73e4460aa47e8cb6c694625584c26e9298d0bb5 (commit) - Log - commit 5d178ddbeb5943d800ecf261449b139971d6743a Author: Matt CaswellDate: Mon Apr 16 16:30:00 2018 +0100 Updates for CVE-2018-0737 --- Summary of changes: news/secadv/20180416.txt | 35 +++ news/vulnerabilities.xml | 43 +++ 2 files changed, 78 insertions(+) create mode 100644 news/secadv/20180416.txt diff --git a/news/secadv/20180416.txt b/news/secadv/20180416.txt new file mode 100644 index 000..700beb6 --- /dev/null +++ b/news/secadv/20180416.txt @@ -0,0 +1,35 @@ + +OpenSSL Security Advisory [16 Apr 2018] + + +Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) + + +Severity: Low + +The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a +cache timing side channel attack. An attacker with sufficient access to mount +cache timing attacks during the RSA key generation process could recover the +private key. + +Due to the low severity of this issue we are not issuing a new release of +OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i +and OpenSSL 1.0.2p when they become available. The fix is also available in +commit 6939eab03 (for 1.1.0) and commit 349a41da1 (for 1.0.2) in the OpenSSL git +repository. + +This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera +Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. +The fix was developed by Billy Brumley. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20180416.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index b565e18..684eb33 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -8,6 +8,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Constant time issue +Cache timing vulnerability in RSA Key Generation + + The OpenSSL RSA Key generation algorithm has been shown to be vulnerable + to a cache timing side channel attack. An attacker with sufficient access + to mount cache timing attacks during the RSA key generation process could + recover the private key. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e73e4460aa47e8cb6c694625584c26e9298d0bb5 (commit) from a2e614d7f5554b477dedd0066709df3cd3e14990 (commit) - Log - commit e73e4460aa47e8cb6c694625584c26e9298d0bb5 Author: Mark J. CoxDate: Thu Apr 12 15:46:30 2018 +0100 Use a unified converter tool with Apache by making it handle both formats and abstracting the differences --- Summary of changes: bin/vulnxml2json.py| 137 - bin/vulnxml2jsonproject.py | 43 ++ 2 files changed, 117 insertions(+), 63 deletions(-) create mode 100644 bin/vulnxml2jsonproject.py diff --git a/bin/vulnxml2json.py b/bin/vulnxml2json.py index b905da1..cffa29f 100755 --- a/bin/vulnxml2json.py +++ b/bin/vulnxml2json.py @@ -3,8 +3,11 @@ # Convert our XML file to a JSON file as accepted by Mitre for CNA purposes # as per https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md # +# ASF httpd and OpenSSL use quite similar files, so this script is designed to work with either +# from xml.dom import minidom +import HTMLParser import simplejson as json import codecs import re @@ -17,45 +20,15 @@ from jsonschema import validate from jsonschema import Draft4Validator import urllib -# Versions of OpenSSL we never released, to allow us to display ranges -neverreleased = "1.0.0h,"; +# Specific project stuff is here +import vulnxml2jsonproject as cfg # Location of CVE JSON schema (default, can use local file etc) default_cve_schema = "https://raw.githubusercontent.com/CVEProject/automation-working-group/master/cve_json_schema/CVE_JSON_4.0_min_public.schema; -def merge_affects(issue,base): -# let's merge the affects into a nice list which is better for Mitre text but we have to take into account our stange lettering scheme -prev = "" -anext = "" -alist = list() -vlist = list() -for affects in issue.getElementsByTagName('affects'): # so we can sort them - version = affects.getAttribute("version") - if (not base or base in version): - vlist.append(version) -for ver in sorted(vlist): - # print "version %s (last was %s, next was %s)" %(ver,prev,anext) - if (ver != anext): - alist.append([ver]) - elif len(alist[-1]) > 1: - alist[-1][-1] = ver - else: - alist[-1].append(ver) - prev = ver - if (unicode.isdigit(ver[-1])): # First version after 1.0.1 is 1.0.1a - anext = ver + "a" - elif (ver[-1] == "y"): - anext = ver[:-1] + "za"# We ran out of letters once so y->za->zb - else: - anext = ver[:-1]+chr(ord(ver[-1])+1) # otherwise after 1.0.1a is 1.0.1b - while (anext in neverreleased): # skip unreleased versions - anext = anext[:-1]+chr(ord(anext[-1])+1) - -return ",".join(['-'.join(map(str,aff)) for aff in alist]) - parser = OptionParser() parser.add_option("-s", "--schema", help="location of schema to check (default "+default_cve_schema+")", default=default_cve_schema,dest="schema") -parser.add_option("-i", "--input", help="input vulnerability file live openssl-web/news/vulnerabilities.xml", dest="input") +parser.add_option("-i", "--input", help="input vulnerability file vulnerabilities.xml", dest="input") parser.add_option("-c", "--cve", help="comma separated list of cve names to generate a json file for (or all)", dest="cves") parser.add_option("-o", "--outputdir", help="output directory for json file (default ./)", default=".", dest="outputdir") (options, args) = parser.parse_args() @@ -74,61 +47,99 @@ cvej = list() with codecs.open(options.input,"r","utf-8") as vulnfile: vulns = vulnfile.read() dom = minidom.parseString(vulns.encode("utf-8")) -issues = dom.getElementsByTagName('issue') -for issue in issues: -cve = issue.getElementsByTagName('cve')[0].getAttribute('name') -if (cve == ""): + +for issue in dom.getElementsByTagName('issue'): +if not issue.getElementsByTagName('cve'): +continue +# ASF httpd has CVE- prefix, but OpenSSL does not, make either work +cvename = issue.getElementsByTagName('cve')[0].getAttribute('name').replace('CVE-','') +if (cvename == ""): continue -if (options.cves): - if (not cve in options.cves): +if (options.cves): # If we only want a certain list of CVEs, skip the rest + if (not cvename in options.cves): continue + cve = dict() cve['data_type']="CVE" cve['data_format']="MITRE" cve['data_version']="4.0" -cve['CVE_data_meta']= { "ID": "CVE-"+issue.getElementsByTagName('cve')[0].getAttribute('name'), "ASSIGNER": "openssl-secur...@openssl.org", "STATE":"PUBLIC" } +cve['CVE_data_meta']= { "ID": "CVE-"+cvename,
[openssl-commits] [web] master update
The branch master has been updated via a2e614d7f5554b477dedd0066709df3cd3e14990 (commit) from f0dd77fca46f3d630d5a47d3bb93e8d50c66f7df (commit) - Log - commit a2e614d7f5554b477dedd0066709df3cd3e14990 Author: Richard LevitteDate: Wed Apr 4 11:14:44 2018 +0200 Generalise the rewrites of older tarballs We enumerated every series when we could as simply handle them all with one simple regexp. --- Summary of changes: bin/mk-latest | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/bin/mk-latest b/bin/mk-latest index 2307837..8c2d3a7 100755 --- a/bin/mk-latest +++ b/bin/mk-latest @@ -43,15 +43,7 @@ print <<\EOF; RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.0\.2.*) old/1.0.2/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.1\.0.*) old/1.1.0/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.1\.1.*) old/1.1.1/openssl-$1 [L] +RewriteRule ^(openssl-(\d+\.\d+\.\d+).*) old/$2/$1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f0dd77fca46f3d630d5a47d3bb93e8d50c66f7df (commit) via 4fc0fbf43218d56c669b1b426687e8797c3dfaa1 (commit) from 1a509e9e5395e713e42d4e5f334aec68cf43d146 (commit) - Log - commit f0dd77fca46f3d630d5a47d3bb93e8d50c66f7df Author: Richard LevitteDate: Tue Apr 3 15:42:54 2018 +0200 bin/mk-latest: Allow for 1.1.1 URLs commit 4fc0fbf43218d56c669b1b426687e8797c3dfaa1 Author: Richard Levitte Date: Tue Apr 3 15:42:14 2018 +0200 source/.htaccess: I forgot it's autogenerated --- Summary of changes: bin/mk-latest| 4 +++- source/.htaccess | 3 --- 2 files changed, 3 insertions(+), 4 deletions(-) delete mode 100644 source/.htaccess diff --git a/bin/mk-latest b/bin/mk-latest index 122d950..2307837 100755 --- a/bin/mk-latest +++ b/bin/mk-latest @@ -41,7 +41,7 @@ print <<\EOF; # Old distro's are in subdirs. RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^(openssl-0\.9\.8.*) old/0.9.x/$1 [L] +RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f @@ -51,6 +51,8 @@ RewriteRule ^openssl-(1\.0\.2.*) old/1.0.2/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^openssl-(1\.1\.0.*) old/1.1.0/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^openssl-(1\.1\.1.*) old/1.1.1/openssl-$1 [L] +RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L] diff --git a/source/.htaccess b/source/.htaccess deleted file mode 100644 index 1bbeac9..000 --- a/source/.htaccess +++ /dev/null @@ -1,3 +0,0 @@ -RewriteEngine on -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz) /source/old/$2/$1 [L,R=301,NC] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 1a509e9e5395e713e42d4e5f334aec68cf43d146 (commit) from a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a (commit) - Log - commit 1a509e9e5395e713e42d4e5f334aec68cf43d146 Author: Matt CaswellDate: Tue Apr 3 14:30:42 2018 +0100 Update newsflash for new release --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index c48a7e4..fe25c29 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it 27-Mar-2018: Security Advisory: several security fixes 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes 27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated discards eeb7c341f09ec323bcaaafeee1c56c977565b116 (commit) via a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (eeb7c341f09ec323bcaaafeee1c56c977565b116) \ N -- N -- N (a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log - commit a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a Author: Richard LevitteDate: Thu Mar 29 14:15:27 2018 +0200 source/: translate /source/openssl-x.y.z*.tar.gz -> /source/old/x.y.z/... Some people try to access older archive through their original position. Help them along. --- Summary of changes: source/.htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/.htaccess b/source/.htaccess index 97cefb5..1bbeac9 100644 --- a/source/.htaccess +++ b/source/.htaccess @@ -1,3 +1,3 @@ RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz) old/$2/$1 [L,R=301,NC] +RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz) /source/old/$2/$1 [L,R=301,NC] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via eeb7c341f09ec323bcaaafeee1c56c977565b116 (commit) from 4ac275863a6dc09118532264420face062534d74 (commit) - Log - commit eeb7c341f09ec323bcaaafeee1c56c977565b116 Author: Richard LevitteDate: Thu Mar 29 14:15:27 2018 +0200 source/: translate /source/openssl-x.y.z*.tar.gz -> /source/old/x.y.z/... Some people try to access older archive through their original position. Help them along. --- Summary of changes: source/.htaccess | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 source/.htaccess diff --git a/source/.htaccess b/source/.htaccess new file mode 100644 index 000..97cefb5 --- /dev/null +++ b/source/.htaccess @@ -0,0 +1,3 @@ +RewriteEngine on +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz) old/$2/$1 [L,R=301,NC] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 4ac275863a6dc09118532264420face062534d74 (commit) from b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit) - Log - commit 4ac275863a6dc09118532264420face062534d74 Author: Matt CaswellDate: Wed Mar 28 10:37:47 2018 +0100 Add a link to the advisory --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index f7fd9a1..c48a7e4 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +27-Mar-2018: Security Advisory: several security fixes 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes 27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security release due on 27th March 2018 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit) via 8af698d4de2c19b45f702d03560c8045fc1bbec5 (commit) from ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit) - Log - commit b142b6fc2b1787bac79b0823c7a1cc37c301c68c Author: Matt CaswellDate: Tue Mar 27 14:25:09 2018 +0100 Publish security advisory commit 8af698d4de2c19b45f702d03560c8045fc1bbec5 Author: Matt Caswell Date: Tue Mar 27 14:10:47 2018 +0100 Update news for new release --- Summary of changes: news/newsflash.txt | 2 ++ news/secadv/20180327.txt | 82 news/vulnerabilities.xml | 73 -- 3 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 news/secadv/20180327.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 572c8db..f7fd9a1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes +27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security release due on 27th March 2018 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and test it 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last Group of Contributors diff --git a/news/secadv/20180327.txt b/news/secadv/20180327.txt new file mode 100644 index 000..bddf0a6 --- /dev/null +++ b/news/secadv/20180327.txt @@ -0,0 +1,82 @@ + +OpenSSL Security Advisory [27 Mar 2018] + + +Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) +== + +Severity: Moderate + +Constructed ASN.1 types with a recursive definition (such as can be found in +PKCS7) could eventually exceed the stack given malicious input with +excessive recursion. This could result in a Denial Of Service attack. There are +no such structures used within SSL/TLS that come from untrusted sources so this +is considered safe. + +OpenSSL 1.1.0 users should upgrade to 1.1.0h +OpenSSL 1.0.2 users should upgrade to 1.0.2o + +This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project. +The fix was developed by Matt Caswell of the OpenSSL development team. + +Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) + + +Severity: Moderate + +Because of an implementation bug the PA-RISC CRYPTO_memcmp function is +effectively reduced to only comparing the least significant bit of each byte. +This allows an attacker to forge messages that would be considered as +authenticated in an amount of tries lower than that guaranteed by the security +claims of the scheme. The module can only be compiled by the HP-UX assembler, so +that only HP-UX PA-RISC targets are affected. + +OpenSSL 1.1.0 users should upgrade to 1.1.0h + +This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM). +The fix was developed by Andy Polyakov of the OpenSSL development team. + +rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) += + +Severity: Low + +This issue has been reported in a previous OpenSSL security advisory and a fix +was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at +that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h. + +There is an overflow bug in the AVX2 Montgomery multiplication procedure +used in exponentiation with 1024-bit moduli. No EC algorithms are affected. +Analysis suggests that attacks against RSA and DSA as a result of this defect +would be very difficult to perform and are not believed likely. Attacks +against DH1024 are considered just feasible, because most of the work +necessary to deduce information about a private key may be performed offline. +The amount of resources required for such an attack would be significant. +However, for an attack on TLS to be meaningful, the server would have to share +the DH1024 private key among multiple clients, which is no longer an option +since CVE-2016-0701. + +This only affects processors that support the AVX2 but not ADX extensions +like Intel Haswell (4th generation). + +Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 +and CVE-2015-3193. + +OpenSSL 1.1.0 users should upgrade to 1.1.0h +OpenSSL 1.0.2 users should upgrade
[openssl-commits] [web] master update
The branch master has been updated via ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit) via 52f4b4da8deb49a0c4229951265f40223a286c7f (commit) via b11a6c4a822ce76e1061fdf2626fc20c673c4676 (commit) via 860c1786061372ffe7225e5a1a9e89d90630b802 (commit) from d1915ac75ca02f62e91e72d530515df030103253 (commit) - Log - commit ba28d8470fba25cac99a94b7b9fa27bddbd1622a Author: Richard LevitteDate: Sat Mar 24 16:27:49 2018 +0100 mk-notes: slight change to include unreleased stuff from other branches commit 52f4b4da8deb49a0c4229951265f40223a286c7f Author: Jonathan Champ Date: Fri Mar 23 18:49:18 2018 -0400 mk-notes: Find all sections; only print released commit b11a6c4a822ce76e1061fdf2626fc20c673c4676 Author: Jonathan Champ Date: Fri Mar 23 17:08:54 2018 -0400 mk-notes: Allow 'under development' version commit 860c1786061372ffe7225e5a1a9e89d90630b802 Author: Richard Levitte Date: Sat Mar 24 16:15:25 2018 +0100 Make news/cl111.txt as well --- Summary of changes: Makefile | 2 +- bin/mk-notes | 18 +++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 27e4609..d53b50c 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ SIMPLE = newsflash.inc sitemap.txt \ community/committers.inc \ docs/faq.inc docs/fips.inc \ news/changelog.inc news/changelog.txt \ - news/cl102.txt news/cl110.txt \ + news/cl102.txt news/cl110.txt news/cl111.txt \ news/openssl-1.0.2-notes.inc \ news/openssl-1.1.0-notes.inc \ news/openssl-1.1.1-notes.inc \ diff --git a/bin/mk-notes b/bin/mk-notes index 66c5937..75562ef 100755 --- a/bin/mk-notes +++ b/bin/mk-notes @@ -8,12 +8,21 @@ my $copy = 0; my $in_ul = 0; while ( ) { chomp; -if (/^\s*(Major changes between|Known issues in).*(\d+\.\d+\.\d+)\D.*\[(in pre-release|\d+\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s\d+)\]:?$/) { +if (/^\s*(Major changes between|Known issues in).*(\d+\.\d+\.\d+)\D.*\[(.*)\]:?$/) { + my $release_series = $2; + my $release_date = $3; + if ($release_date !~ /^in pre-release|\d+\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s\d+$/) { + # The rationale to not simply stop when encountering another title + # line is that it's unreleased stuff that also exist in another + # series, but is also part of this one and should therefore be + # included. + next; + } if ($in_ul) { print "\n"; $in_ul = 0; } - if ($2 eq $SERIES) { + if ($release_series eq $SERIES) { print ""; print; print "\n"; @@ -36,4 +45,7 @@ while ( ) { print; } } -print ""; +if ($in_ul) { +print "\n"; +$in_ul = 0; +} _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via d1915ac75ca02f62e91e72d530515df030103253 (commit) from 3519dc1324f73e6d902f46ccb3685cef98ef78c8 (commit) - Log - commit d1915ac75ca02f62e91e72d530515df030103253 Author: Matt CaswellDate: Wed Mar 21 23:02:15 2018 + Update newsflash with pre-announcement for next release --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index b812aa0..572c8db 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security release due on 27th March 2018 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and test it 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last Group of Contributors 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and test it _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 3519dc1324f73e6d902f46ccb3685cef98ef78c8 (commit) from 89540fdb4b0aecc7dcd8a544a97d6a41aec6384e (commit) - Log - commit 3519dc1324f73e6d902f46ccb3685cef98ef78c8 Author: Matt CaswellDate: Tue Mar 20 13:53:52 2018 + Updates for beta 1 release --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 9a4e602..b812aa0 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and test it 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last Group of Contributors 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and test it 13-Feb-2018: Alpha 1 of OpenSSL 1.1.1 is now available: please download and test it _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 89540fdb4b0aecc7dcd8a544a97d6a41aec6384e (commit) from a9dd578755eba45264f092b5371dae89b1be7172 (commit) - Log - commit 89540fdb4b0aecc7dcd8a544a97d6a41aec6384e Author: Richard LevitteDate: Mon Mar 12 21:23:40 2018 +0100 Update the release dates according to OMC vote OMC vote has the following text: topic: Push the release of 1.1.1 beta1 (pre3) forward one week Reason: we have a number of unreviewed PRs on github marked 1.1.1 and time is getting short. All other current future release dates will be pushed one week as well. https://www.openssl.org/policies/releasestrat.html will be updated. An official announcement should be made. Proposed by Richard Levitte The votes are 6 +1's, no -1's and one not voted --- Summary of changes: policies/releasestrat.html | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 36eb4b2..3f37936 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -80,16 +80,17 @@ 13th February 2018, alpha release 1 (pre1) 27th February 2018, alpha release 2 (pre2) - 13th March 2018, beta release 1 (pre3) + 20th March 2018, beta release 1 (pre3) OpenSSL_1_1_1-stable created (feature freeze) master becomes basis for 1.1.2 or 1.2.0 (TBD) - 27th March 2018, beta release 2 (pre4) - 10th April 2018, beta release 3 (pre5) - 24th April 2018, beta release 4 (pre6) - 1st May 2018, release readiness check (new release cycles added if - required, first possible final release date: 8th May 2018) + 3rd April 2018, beta release 2 (pre4) + 17th April 2018, beta release 3 (pre5) + 1st May 2018, beta release 4 (pre6) + 8th May 2018, release readiness check (new release + cycles added if required, first possible final release date: + 15th May 2018) An alpha release means: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via a9dd578755eba45264f092b5371dae89b1be7172 (commit) via 9fd41a7f8e5d101e68f48a5b245082ca036b3216 (commit) from 4b5b982b8b057792ce7d206e4faaebaf02b60685 (commit) - Log - commit a9dd578755eba45264f092b5371dae89b1be7172 Author: Mark J. CoxDate: Fri Mar 2 16:02:58 2018 + Give full hash commit 9fd41a7f8e5d101e68f48a5b245082ca036b3216 Author: Mark J. Cox Date: Fri Mar 2 16:02:52 2018 + Add missing blog posts --- Summary of changes: news/newsflash.txt | 2 ++ news/vulnerabilities.xml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index abc5ab0..9a4e602 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,8 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last Group of Contributors 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and test it 13-Feb-2018: Alpha 1 of OpenSSL 1.1.1 is now available: please download and test it +18-Jan-2018: New Blog post: https://www.openssl.org/blog/blog/2018/01/18/f2f-london/;>Another Face to Face: Email Changes and Crypto Policy 10-Jan-2018: New Blog post: https://www.openssl.org/blog/blog/2018/01/10/levchin/;>OpenSSL wins the Levchin prize 07-Dec-2017: Security Advisory: one security fix 07-Dec-2017: OpenSSL 1.0.2n is now available, including bug and security fixes diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index c81332c..026afc0 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -266,7 +266,7 @@ - + NULL pointer deference Bad (EC)DHE parameters cause a client crash _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 4b5b982b8b057792ce7d206e4faaebaf02b60685 (commit) from 46a84819a178b76996e0ddbe4b6d72b3197153e7 (commit) - Log - commit 4b5b982b8b057792ce7d206e4faaebaf02b60685 Author: Rich SalzDate: Thu Mar 1 17:14:28 2018 -0500 Address issue 44 --- Summary of changes: policies/committers.html | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/policies/committers.html b/policies/committers.html index af0564c..80e31c8 100644 --- a/policies/committers.html +++ b/policies/committers.html @@ -91,11 +91,13 @@ If you have trouble finding consensus on a difficult review, reach out to the OMC at - mailto:openssl-t...@openssl.org;>openssl-t...@openssl.org - (private, moderated) or committers at - mailto:openssl-...@openssl.org;>openssl-...@openssl.org - (public). On GitHub, you can reach OMC members at @openssl/team, - and committers can be found at @openssl/dev. + mailto:openssl-...@openssl.org;>openssl-...@openssl.org + (private, moderated) or the project at + mailto:openssl-proj...@openssl.org;>openssl-proj...@openssl.org + (public, moderated). + On GitHub, you can target the OMC members with @openssl/omc, + and committers with @openssl/committers. Commit workflow We do code reviews on GitHub. The _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 46a84819a178b76996e0ddbe4b6d72b3197153e7 (commit) from 8e971cf5d3256e7a1ca7bbb04c28926f36505eb8 (commit) - Log - commit 46a84819a178b76996e0ddbe4b6d72b3197153e7 Author: Rich SalzDate: Wed Feb 28 10:23:36 2018 -0500 Add Travel Reimbursement policy --- Summary of changes: policies/index.html| 6 +++-- policies/sidebar.shtml | 3 +++ policies/travel.html | 60 ++ 3 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 policies/travel.html diff --git a/policies/index.html b/policies/index.html index e12703d..71607df 100644 --- a/policies/index.html +++ b/policies/index.html @@ -29,10 +29,12 @@ supported. - Put another way, by being as transparent as possible, + By being as transparent as possible, we hope to reduce the chance that people are surprised by what we do, and we hope to help maintain predictable - behavior within the project. + behavior within the project. This includes how spend some +money, as detailed in the +travel reimbursement policy. The Roadmap describes our overall diff --git a/policies/sidebar.shtml b/policies/sidebar.shtml index f7cd8c1..389cc51 100644 --- a/policies/sidebar.shtml +++ b/policies/sidebar.shtml @@ -16,6 +16,9 @@ Release Strategy +Travel Reimbursement Policy. + + Security Policy diff --git a/policies/travel.html b/policies/travel.html new file mode 100644 index 000..5d0f1db --- /dev/null +++ b/policies/travel.html @@ -0,0 +1,60 @@ + + + + + + + + + + + + + Travel Reimbursement Policy + + First issued 28th February 2014 + + + + + + The OpenSSL project may pay travel expenses for OMC members when + pre-approved by the OMC or when it is an official OMC meeting (as + determined by vote). Project members may seek to be reimbursed if + their employer is not covering the expense. The requirements for + reimbursement are: + + +An email sent to openssl-omc, including scanned attachments of + all receipts over 30 Euros. +Barring exceptional circumstances, for an all-day meeting the + project will pay for arrival the day before and departure the + following morning. +When presenting at a conference, the project will pay the + expenses for the entire conference provided the attendee agrees + to act as representative of the project during that time. +Reasonable lodging and meal expenses during the travel time + will be covered. +Barring exceptional circumstances, room service, minibar, + in-room movies, and other similar amenities are not + covered. + + + + + You are here: Home + : Policies + : Travel Reimbursement Policy + Sitemap + + + + + + + + + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8e971cf5d3256e7a1ca7bbb04c28926f36505eb8 (commit) from 998aec751cf4da874a5ca07e4252729c477c0f70 (commit) - Log - commit 8e971cf5d3256e7a1ca7bbb04c28926f36505eb8 Author: Richard LevitteDate: Tue Feb 27 15:27:24 2018 +0100 Include source/old/1.1.1 --- Summary of changes: Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 2ba6f57..27e4609 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ SRCLISTS = \ source/old/1.0.1/index.inc \ source/old/1.0.2/index.inc \ source/old/1.1.0/index.inc \ + source/old/1.1.1/index.inc \ source/old/fips/index.inc \ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
1 2 3 4 5 >