[openssl-commits] [web] master update

2019-02-15 Thread Richard Levitte 
The branch master has been updated
   via  d58a4110c94ead1c72693c86e1d5841620209660 (commit)
  from  5c98cb9a57ad617454a721aa640cb096e09b5e7b (commit)


- Log -
commit d58a4110c94ead1c72693c86e1d5841620209660
Author: Richard Levitte 
Date:   Fri Feb 15 10:16:46 2019 +0100

Typo

---

Summary of changes:
 news/newsflash.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index d5d6e56..5ded4d4 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,7 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 11-Feb-2019: 3.0.0 Design (draft) is 
now available
-11-Feb-2019: Strategic 
Architecture for OpenSSL 3.0.0 and beyond is now available
+11-Feb-2019: Strategic 
Architecture for OpenSSL 3.0.0 and beyond is now available
 20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes
 20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes
 20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2019-02-11 Thread Richard Levitte 
The branch master has been updated
   via  5c98cb9a57ad617454a721aa640cb096e09b5e7b (commit)
  from  f758bad1d2241ae88a3065b974313d78a8978200 (commit)


- Log -
commit 5c98cb9a57ad617454a721aa640cb096e09b5e7b
Author: Richard Levitte 
Date:   Mon Feb 11 23:59:21 2019 +0100

Fix CSS props for code color

The 'pre' CSS is enough, we have no need for variants for 'p code',
'li code', 'p pre code' and 'li pre code'...

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/116)

---

Summary of changes:
 inc/screen.css | 42 +-
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/inc/screen.css b/inc/screen.css
index 9938bcc..29b74b9 100644
--- a/inc/screen.css
+++ b/inc/screen.css
@@ -1084,27 +1084,27 @@ h3.filename + pre {
   border-top-right-radius: 0px;
 }
 
-p code, li code {
-  display: inline-block;
-  white-space: no-wrap;
-  background: #fff;
-  font-size: .8em;
-  line-height: 1.5em;
-  color: #555;
-  border: 1px solid #ddd;
-  -webkit-border-radius: 0.4em;
-  -moz-border-radius: 0.4em;
-  -ms-border-radius: 0.4em;
-  -o-border-radius: 0.4em;
-  border-radius: 0.4em;
-  padding: 0 .3em;
-  margin: -1px 0;
-}
-p pre code, li pre code {
-  font-size: 1em !important;
-  background: none;
-  border: none;
-}
+//p code, li code {
+//  display: inline-block;
+//  white-space: no-wrap;
+//  background: #fff;
+//  font-size: .8em;
+//  line-height: 1.5em;
+//  color: #555;
+//  border: 1px solid #ddd;
+//  -webkit-border-radius: 0.4em;
+//  -moz-border-radius: 0.4em;
+//  -ms-border-radius: 0.4em;
+//  -o-border-radius: 0.4em;
+//  border-radius: 0.4em;
+//  padding: 0 .3em;
+//  margin: -1px 0;
+//}
+//p pre code, li pre code {
+//  font-size: 1em !important;
+//  background: none;
+//  border: none;
+//}
 
 .pre-code, html .highlight pre, .highlight code {
   font-family: Menlo, Monaco, "Andale Mono", "lucida console", "Courier New", 
monospace !important;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2019-02-11 Thread Richard Levitte 
The branch master has been updated
   via  f758bad1d2241ae88a3065b974313d78a8978200 (commit)
  from  2377ab72410b9c117e9a88cecbad83c6a2827220 (commit)


- Log -
commit f758bad1d2241ae88a3065b974313d78a8978200
Author: Richard Levitte 
Date:   Mon Feb 11 22:41:12 2019 +0100

Stray 'q' begone!

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/115)

---

Summary of changes:
 docs/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/index.html b/docs/index.html
index 1279b6d..a0297d0 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -46,7 +46,7 @@
It is highly recommended.

  
-q
+ 
You are here: Home
: Documentation
Sitemap
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2019-02-11 Thread Richard Levitte 
The branch master has been updated
   via  2377ab72410b9c117e9a88cecbad83c6a2827220 (commit)
   via  e9ab2edffc56f8a840347ef7c35cc55cc6879744 (commit)
  from  e56baa71b5cc8028e08e8a3027ea9ecf3f27dbd0 (commit)


- Log -
commit 2377ab72410b9c117e9a88cecbad83c6a2827220
Author: Richard Levitte 
Date:   Mon Feb 11 20:49:51 2019 +0100

Make a general rule for converting markdown to html5

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/114)

commit e9ab2edffc56f8a840347ef7c35cc55cc6879744
Author: Richard Levitte 
Date:   Mon Feb 11 20:49:13 2019 +0100

Publish  the Strategic Architecture and 3.0.0 Design (draft) documents

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/114)

---

Summary of changes:
 Makefile   | 13 ++---
 docs/index.html| 11 ++-
 news/newsflash.txt |  2 ++
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index a8dbae6..37ffb75 100644
--- a/Makefile
+++ b/Makefile
@@ -43,6 +43,12 @@ SRCLISTS = \
   source/old/fips/index.inc \
 
 
+.SUFFIXES: .md .html
+
+.md.html:
+   @rm -f $@
+   ./bin/md-to-html5 $<
+
 all: suball manmaster mancross
 
 suball: $(SIMPLE) $(SRCLISTS)
@@ -108,13 +114,6 @@ docs/fips.inc: $(wildcard docs/fips/*) bin/mk-filelist
@rm -f $@
./bin/mk-filelist docs/fips fips/ '*' >$@
 
-docs/OpenSSLStrategicArchitecture.html: docs/OpenSSLStrategicArchitecture.md
-   @rm -f $@
-   ./bin/md-to-html5 $<
-docs/OpenSSL300Design.html: docs/OpenSSL300Design.md
-   @rm -f $@
-   ./bin/md-to-html5 $<
-
 news/changelog.inc: news/changelog.txt bin/mk-changelog
@rm -f $@
./bin/mk-changelog $@
diff --git a/docs/index.html b/docs/index.html
index 7fcbc9a..1279b6d 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -11,6 +11,15 @@

  Documentation
  
+   
+ We have a
+ Strategic
+ Architecture for the development of OpenSSL from
+ 3.0.0 and going forward, as well as a
+ design for 3.0.0 (draft)
+ specifically.
+   
+
The
frequently-asked questions (FAQ)
 is available.  So is an incomplete list of
@@ -37,7 +46,7 @@
It is highly recommended.

  
- 
+q
You are here: Home
: Documentation
Sitemap
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 07229f2..d5d6e56 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+11-Feb-2019: 3.0.0 Design (draft) is 
now available
+11-Feb-2019: Strategic 
Architecture for OpenSSL 3.0.0 and beyond is now available
 20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes
 20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes
 20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2019-01-31 Thread Richard Levitte 
The branch master has been updated
   via  86790fc138e335918125ccd51941958785e840d5 (commit)
   via  b36b544b878c13b91109743220590fa7e9af5508 (commit)
  from  1763c4db685b43c58b33d2ace0435da1a067ba24 (commit)


- Log -
commit 86790fc138e335918125ccd51941958785e840d5
Author: Richard Levitte 
Date:   Tue Jan 29 14:10:00 2019 +0100

Add the OpenSSL Strategic Architecture document

Includes notes on how to convert documents from Google Docs to Markdown.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/110)

commit b36b544b878c13b91109743220590fa7e9af5508
Author: Richard Levitte 
Date:   Wed Jan 30 13:50:48 2019 +0100

bin/md-to-html5: change output directory

The output directory should be the same as for the input file

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/111)

---

Summary of changes:
 Makefile |   5 +
 bin/md-to-html5  |   6 +-
 docs/OpenSSLStrategicArchitecture.md | 290 +++
 docs/README.googledocs.md|  77 ++
 docs/images/AsIsComponent.png| Bin 0 -> 52562 bytes
 docs/images/AsIsPackaging.png| Bin 0 -> 36348 bytes
 docs/images/ToBeComponent.png| Bin 0 -> 73449 bytes
 docs/images/ToBePackaging.png| Bin 0 -> 65063 bytes
 8 files changed, 375 insertions(+), 3 deletions(-)
 create mode 100644 docs/OpenSSLStrategicArchitecture.md
 create mode 100644 docs/README.googledocs.md
 create mode 100644 docs/images/AsIsComponent.png
 create mode 100644 docs/images/AsIsPackaging.png
 create mode 100644 docs/images/ToBeComponent.png
 create mode 100644 docs/images/ToBePackaging.png

diff --git a/Makefile b/Makefile
index d1a8651..f799e85 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,7 @@ SIMPLE = newsflash.inc sitemap.txt \
 community/committers.inc \
 community/omc.inc community/omc-alumni.inc \
 docs/faq.inc docs/fips.inc \
+docs/OpenSSLStrategicArchitecture.html \
  news/changelog.inc news/changelog.txt \
  news/cl102.txt news/cl110.txt news/cl111.txt \
  news/openssl-1.0.2-notes.inc \
@@ -106,6 +107,10 @@ docs/fips.inc: $(wildcard docs/fips/*) bin/mk-filelist
@rm -f $@
./bin/mk-filelist docs/fips fips/ '*' >$@
 
+docs/OpenSSLStrategicArchitecture.html: docs/OpenSSLStrategicArchitecture.md
+   @rm -f $@
+   ./bin/md-to-html5 $<
+
 news/changelog.inc: news/changelog.txt bin/mk-changelog
@rm -f $@
./bin/mk-changelog $@
diff --git a/bin/md-to-html5 b/bin/md-to-html5
index 7bb815b..08aac34 100755
--- a/bin/md-to-html5
+++ b/bin/md-to-html5
@@ -4,12 +4,12 @@ template="$0.tmpl.html5"
 
 for f in "$@"; do
 b=`basename "$f" .md`
+d=`dirname "$f"`
 if [ "$f" != "$b" ]; then
-   bns=`echo "$b" | sed -e 's|  *||g'`
-   t=`dirname "$b"`.tmpl.html5
+   t="$d/$b.tmpl.html5"
if [ ! -f "$t" ]; then
t="$template"
fi
-   pandoc -t html5 --template="$t" "$f" > "$bns.html"
+   pandoc -t html5 --template="$t" "$f" > "$d/$b.html"
 fi
 done
diff --git a/docs/OpenSSLStrategicArchitecture.md 
b/docs/OpenSSLStrategicArchitecture.md
new file mode 100644
index 000..ecc8fd1
--- /dev/null
+++ b/docs/OpenSSLStrategicArchitecture.md
@@ -0,0 +1,290 @@
+---
+title: OpenSSL Strategic Architecture
+author: OpenSSL Management Committee (OMC)
+date: January, 2019
+---
+## Introduction
+
+This document outlines the OpenSSL strategic architecture. It will take
+multiple releases, starting from 3.0.0, to move the architecture from
+the current "as-is" (1.1.1), to the future "to-be" architecture.
+
+Numerous changes are anticipated in the to-be architecture. A migration
+path for handling the eventual transition will be provided. The OpenSSL
+3.0.0 release will have minimal impact to the vast majority of existing
+applications, almost all well-behaved applications will just need to be
+recompiled.
+
+The current functionality provided by the engine interface will be
+replaced over time via a provider interface. OpenSSL 3.0.0 will continue
+to support engines. The to-be architecture will not be fully realised
+until OpenSSL 4.0.0 at the earliest.
+
+## As-is architecture
+
+Currently, OpenSSL is split into four principal components:
+
+1.  libcrypto. This is the core library for providing implementations of
+numerous cryptographic primitives. In addition it provides a set of
+supporting services which are used by libssl and libcrypto, as well
+as implementations of protocols such as CMS and OCSP.
+
+2.  Engine. The functionality of libcrypto can be extended through the
+Engine API.
+
+Typically engines are dynamically loadable modules that are registered
+with libcrypto and use the

[openssl-commits] [web] master update

2019-01-30 Thread Richard Levitte 
The branch master has been updated
   via  1763c4db685b43c58b33d2ace0435da1a067ba24 (commit)
   via  8e80d7699c38ef890cc62da9fd713bcfc49152db (commit)
   via  98d1be0a1bcd7ae582753e54b523faf6b4bd1360 (commit)
  from  04c0cb565a81ed4357722dcce70c50b3575e2863 (commit)


- Log -
commit 1763c4db685b43c58b33d2ace0435da1a067ba24
Author: Richard Levitte 
Date:   Tue Jan 29 22:21:39 2019 +0100

bin/mk-mancross: new manpage cross reference script

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/107)

commit 8e80d7699c38ef890cc62da9fd713bcfc49152db
Author: Richard Levitte 
Date:   Tue Jan 29 21:33:30 2019 +0100

bin/mk-manpages: refactor to allow cross references between releases

So far, we created one HTML file for each POD file, and then made hard
links to it for other names that are in the POD file's NAMES section.

However, this came with the assumption that cross referencing between
releases would work simply be linking to the same name on other
releases.  This, however, did not take into account that manuals in
newer releases don't necessarily exist in older releases, or that some
files may have changed names.

Names in NAMES sections are, however, fairly constant, and are
therefore much safer to link to.  At the same time, it's safe to say
that if a particular name doesn't exist in some other releases, there
should simply not be a link.  A conclusion to draw from is that cross
referencing must be made on a per NAMES section name basis, rather
than on POD file name basis.

To allow this to happen and still not have to rewrite the same
Pod2Html result for every name in a specific POD file's NAMES section,
the structure of the rendered man pages are changed to this:

-   POD files are rendered into a .inc file with the exact same
basename as the POD file.
-   For every name in the NAMES section, am HTML file is created.  It
contains the standard header and footer stuff, and includes the
generated .inc file in the middle.  It also includes a .cross file
with the same basename as the HTML file as part of the sidebar.

In another commit, there will be a script for cross referencing, which
will generate the .cross files mentioned above.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/107)

commit 98d1be0a1bcd7ae582753e54b523faf6b4bd1360
Author: Richard Levitte 
Date:   Thu Jan 3 16:37:24 2019 +0100

Handle document sectioning correctly

Gone are the apps/, crypto/ and ssl/ directories.  We move to a Unix
manpage structure for older releases as well as new ones.

With that, there's no more need for a separate bin/mk-newmanpages,
bin/mk-manpages can handle both the old and the new POD directory
structure.

For a document tree that previously had apps/, crypto/ and ssl/, we
provide a .htaccess that accepts the old URLs and maps them correctly
to man1/ or man3/.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/107)

---

Summary of changes:
 .gitignore   |   1 +
 Makefile |  26 +-
 bin/mk-mancross  |  54 
 bin/mk-manmap|  27 ++
 bin/mk-manpages  | 300 ++---
 bin/mk-newmanpages   | 315 ---
 docs/man1.0.2/crypto/index.html  |  43 
 docs/man1.0.2/index.html |   7 +-
 docs/{man1.1.0/apps => man1.0.2/man1}/index.html |   5 +-
 docs/{man1.1.0/ssl => man1.0.2/man3}/index.html  |  17 +-
 docs/{man1.1.1/man7 => man1.0.2/man5}/index.html |   8 +-
 docs/{man1.1.1 => man1.0.2}/man7/index.html  |   8 +-
 docs/man1.1.0/crypto/index.html  |  43 
 docs/man1.1.0/index.html |   7 +-
 docs/{man1.0.2/apps => man1.1.0/man1}/index.html |   4 +-
 docs/{man1.0.2/ssl => man1.1.0/man3}/index.html  |  16 +-
 docs/{man1.1.1/man7 => man1.1.0/man5}/index.html |   8 +-
 docs/{man1.1.1/man1 => man1.1.0/man7}/index.html |   5 +-
 docs/man1.1.1/man3/index.html|   6 +
 docs/manmaster/man3/index.html   |   6 +
 20 files changed, 306 insertions(+), 600 deletions(-)
 create mode 100755 bin/mk-mancross
 create mode 100755 bin/mk-manmap
 delete mode 100755 bin/mk-newmanpages
 delete mode 100644 docs/man1.0.2/crypto/index.html
 rename docs/{man1.1.0/apps => man1.0.2/man1}/index.html (91%)
 rename docs/{man1.1.0/ssl => man1.0.2/man3}/index.html (68%)
 copy docs/{man1.1.1/man7 => man1.0.2/man5}/index.html (83%)
 copy docs/{man1.1.1 =>

[openssl-commits] [web] master update

2019-01-29 Thread Richard Levitte 
The branch master has been updated
   via  04c0cb565a81ed4357722dcce70c50b3575e2863 (commit)
  from  895ee9dcaa50a72637b907dd3ab62723e23863f9 (commit)


- Log -
commit 04c0cb565a81ed4357722dcce70c50b3575e2863
Author: Richard Levitte 
Date:   Tue Jan 29 13:29:23 2019 +0100

mk-apropos: don't include non-manpage files

mk-apropos looks at all HTML files in a given directory, but failed to
recognise files that aren't rendered manpage, such as index.html.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/109)

---

Summary of changes:
 bin/mk-apropos | 5 +
 1 file changed, 5 insertions(+)

diff --git a/bin/mk-apropos b/bin/mk-apropos
index a9dd5b6..64899a4 100755
--- a/bin/mk-apropos
+++ b/bin/mk-apropos
@@ -6,6 +6,11 @@ cd $dir
 
 for m in `find . -name '*.html' | sort`; do
 description=`grep -F '||'`
+# If there isn't a description, it isn't a manpage and should not be
+# included
+if [ "$description" = "" ]; then
+   continue
+fi
 manfile=`echo $m | sed -e 's|\./||'`
 manname=`basename $manfile .html`
 origmanfile=`echo $manfile | sed -e "s|^$subdir|$origsubdir|"`
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2019-01-29 Thread Richard Levitte 
The branch master has been updated
   via  895ee9dcaa50a72637b907dd3ab62723e23863f9 (commit)
  from  8557dd2bb3cebee18ec35347250271322b09d5da (commit)


- Log -
commit 895ee9dcaa50a72637b907dd3ab62723e23863f9
Author: Richard Levitte 
Date:   Tue Jan 29 12:43:41 2019 +0100

Markdown to OpenSSL HTML5 pages

Markdown is a popular format for text files, and some documents are
easier to read in this form than in HTML.  For future purposes, this
is the scripts we need to process markdown files into HTML5.

This script is based on pandoc, which is a pretty good translator
between a range of different document formats.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/108)

---

Summary of changes:
 bin/md-to-html5| 15 +++
 bin/md-to-html5.tmpl.html5 | 34 ++
 2 files changed, 49 insertions(+)
 create mode 100755 bin/md-to-html5
 create mode 100644 bin/md-to-html5.tmpl.html5

diff --git a/bin/md-to-html5 b/bin/md-to-html5
new file mode 100755
index 000..7bb815b
--- /dev/null
+++ b/bin/md-to-html5
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+template="$0.tmpl.html5"
+
+for f in "$@"; do
+b=`basename "$f" .md`
+if [ "$f" != "$b" ]; then
+   bns=`echo "$b" | sed -e 's|  *||g'`
+   t=`dirname "$b"`.tmpl.html5
+   if [ ! -f "$t" ]; then
+   t="$template"
+   fi
+   pandoc -t html5 --template="$t" "$f" > "$bns.html"
+fi
+done
diff --git a/bin/md-to-html5.tmpl.html5 b/bin/md-to-html5.tmpl.html5
new file mode 100644
index 000..b1fbe38
--- /dev/null
+++ b/bin/md-to-html5.tmpl.html5
@@ -0,0 +1,34 @@
+
+
+
+
+
+
+
+  
+
+  
+
+$if(title)$
+
+$title$
+$if(subtitle)$
+$subtitle$
+$endif$
+$for(author)$
+$author$
+$endfor$
+$if(date)$
+$date$
+$endif$
+
+$endif$
+$body$
+
+  
+  
+
+  
+
+
+
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

2019-01-29 Thread Richard Levitte 
The branch master has been updated
   via  8557dd2bb3cebee18ec35347250271322b09d5da (commit)
  from  0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit)


- Log -
commit 8557dd2bb3cebee18ec35347250271322b09d5da
Author: Richard Levitte 
Date:   Tue Dec 25 15:53:29 2018 +0100

Reformat FAQ files

Make them correct Markdown, and then use pandoc to create the FAQ HTML.
We then use CSS and a bit of Javascript to make it an accordion style
FAQ.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/103)

---

Summary of changes:
 bin/mk-faq   | 110 +++--
 docs/faq-1-legal.txt |  42 ++--
 docs/faq-2-user.txt  | 373 +++
 docs/faq-3-prog.txt  | 614 +--
 docs/faq-4-build.txt | 397 -
 docs/faq-5-misc.txt  | 177 ---
 docs/faq-6-old.txt   |  18 +-
 docs/faq.html|   9 +-
 inc/screen.css   | 121 ++
 9 files changed, 951 insertions(+), 910 deletions(-)

diff --git a/bin/mk-faq b/bin/mk-faq
index 531a6c6..0f92d2e 100755
--- a/bin/mk-faq
+++ b/bin/mk-faq
@@ -1,88 +1,30 @@
-#! /usr/bin/perl
-use strict;
-use warnings;
+#! /bin/sh
 
-# Filename->anchor name
-my %anchors;
-foreach my $f ( @ARGV ) {
-next unless $f =~ /faq-[0-9]-(.*).txt/;
-$anchors{$f} = uc($1);
-}
+cat />/' \
+   | sed -E -e 's/<([^<>]*)>\|([A-Z]*[0-9]*)\|/<\1 id="\2">/'
+done
diff --git a/docs/faq-1-legal.txt b/docs/faq-1-legal.txt
index dc69809..1dfc067 100644
--- a/docs/faq-1-legal.txt
+++ b/docs/faq-1-legal.txt
@@ -1,28 +1,28 @@
-Legal Questions
+ Legal Questions
 
-* Do I need patent licenses to use OpenSSL?
+*   Do I need patent licenses to use OpenSSL?
 
-For information on intellectual property rights, please consult a lawyer.
-The OpenSSL team does not offer legal advice.
+For information on intellectual property rights, please consult a lawyer.
+The OpenSSL team does not offer legal advice.
 
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
-
-./config no-idea no-mdc2 no-rc5
-
+You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
 
-* Can I use OpenSSL with GPL software?
+./config no-idea no-mdc2 no-rc5
 
-On many systems 
[openssl-commits] [web]  master update


2019-01-15

Thread
Mark J . Cox

The branch master has been updated
   via  0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit)
   via  d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b (commit)
  from  c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit)


- Log -
commit 0ef1cccd789aa8434f9ef8e3783df637d506b53f
Merge: c49be85 d5d657a
Author: Mark J. Cox 
Date:   Tue Jan 15 12:02:31 2019 +

Merge pull request #105 from iamamoose/vulns

Add severities that were in the advisories but missing from the 
vulnerability pages, also found a missing vulnerability

commit d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b
Author: Mark J. Cox 
Date:   Tue Jan 15 11:37:51 2019 +

Add severities that were in the advisories but missing from the
vulnerability pages, also found a missing vulnerability

---

Summary of changes:
 news/vulnerabilities.xml | 80 
 1 file changed, 80 insertions(+)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 2142ade..d9b42bd 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -3629,6 +3629,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -3671,6 +3672,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -3689,6 +3691,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -3757,8 +3760,79 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  A carefully crafted DTLS message can cause a segmentation fault in 
OpenSSL due
+  to a NULL pointer dereference. This could lead to a Denial Of Service 
attack.
+
+
+
+
+
   
 
+
 
 
 
@@ -3829,6 +3903,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -3872,6 +3947,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -3951,6 +4027,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -4040,6 +4117,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -4066,6 +4144,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
@@ -4201,6 +4280,7 @@ the certificate key is invalid. This function is rarely 
used in practice.
 
   
 
+
 
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2019-01-03

Thread
Richard Levitte

The branch master has been updated
   via  c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit)
   via  064a3b32b4890eff85cb8c905d91cf361673e485 (commit)
   via  6869d8b6065b187af840f29a574dace73d05f3c4 (commit)
  from  025f5f461ca3a67091aac0690de2496c03d3ba7f (commit)


- Log -
commit c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf
Author: Richard Levitte 
Date:   Thu Jan 3 17:23:54 2019 +0100

Generate apropos-like tables instead of filelists for manpages

This works together with bin/mk-manpages' generation of description comment.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/102)

commit 064a3b32b4890eff85cb8c905d91cf361673e485
Author: Richard Levitte 
Date:   Thu Jan 3 17:17:32 2019 +0100

Have bin/mk-manpages and bin/mk-newmanpages add a description comment

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/102)

commit 6869d8b6065b187af840f29a574dace73d05f3c4
Author: Richard Levitte 
Date:   Thu Jan 3 17:11:47 2019 +0100

Change getnames() to getdata(), for generic data retrieval from POD files

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/102)

---

Summary of changes:
 Makefile| 14 +++---
 bin/mk-apropos  | 13 +
 bin/mk-manpages | 43 -
 bin/mk-newmanpages  | 43 -
 docs/man1.0.2/apps/index.html   |  7 +++
 docs/man1.0.2/crypto/index.html |  7 +++
 docs/man1.0.2/ssl/index.html|  7 +++
 docs/man1.1.0/apps/index.html   |  7 +++
 docs/man1.1.0/crypto/index.html |  7 +++
 docs/man1.1.0/ssl/index.html|  7 +++
 docs/man1.1.1/man1/index.html   |  7 +++
 docs/man1.1.1/man3/index.html   |  7 +++
 docs/man1.1.1/man5/index.html   |  7 +++
 docs/man1.1.1/man7/index.html   |  7 +++
 docs/manmaster/man1/index.html  |  7 +++
 docs/manmaster/man3/index.html  |  7 +++
 docs/manmaster/man5/index.html  |  7 +++
 docs/manmaster/man7/index.html  |  7 +++
 18 files changed, 112 insertions(+), 99 deletions(-)
 create mode 100755 bin/mk-apropos

diff --git a/Makefile b/Makefile
index c6c54bb..2418e5e 100644
--- a/Makefile
+++ b/Makefile
@@ -58,16 +58,16 @@ rebuild: all
 
 define makemanpages
./bin/mk-manpages $(1) $(2) docs
-   ./bin/mk-filelist -a docs/man$(2)/apps '' '*.html' 
>docs/man$(2)/apps/index.inc
-   ./bin/mk-filelist -a docs/man$(2)/crypto '' '*.html' 
>docs/man$(2)/crypto/index.inc
-   ./bin/mk-filelist -a docs/man$(2)/ssl '' '*.html' 
>docs/man$(2)/ssl/index.inc
+   ./bin/mk-apropos docs/man$(2)/apps   > docs/man$(2)/apps/index.inc
+   ./bin/mk-apropos docs/man$(2)/crypto > docs/man$(2)/crypto/index.inc
+   ./bin/mk-apropos docs/man$(2)/ssl> docs/man$(2)/ssl/index.inc
 endef
 define newmakemanpages
./bin/mk-newmanpages $(1) $(2) docs
-   ./bin/mk-filelist -a docs/man$(2)/man1 '' '*.html' 
>docs/man$(2)/man1/index.inc
-   ./bin/mk-filelist -a docs/man$(2)/man3 '' '*.html' 
>docs/man$(2)/man3/index.inc
-   ./bin/mk-filelist -a docs/man$(2)/man5 '' '*.html' 
>docs/man$(2)/man5/index.inc
-   ./bin/mk-filelist -a docs/man$(2)/man7 '' '*.html' 
>docs/man$(2)/man7/index.inc
+   ./bin/mk-apropos docs/man$(2)/man1 > docs/man$(2)/man1/index.inc
+   ./bin/mk-apropos docs/man$(2)/man3 > docs/man$(2)/man3/index.inc
+   ./bin/mk-apropos docs/man$(2)/man5 > docs/man$(2)/man5/index.inc
+   ./bin/mk-apropos docs/man$(2)/man7 > docs/man$(2)/man7/index.inc
 endef
 manpages: manmaster
$(call newmakemanpages,$(CHECKOUTS)/openssl-1.1.1-stable,1.1.1)
diff --git a/bin/mk-apropos b/bin/mk-apropos
new file mode 100755
index 000..a9dd5b6
--- /dev/null
+++ b/bin/mk-apropos
@@ -0,0 +1,13 @@
+#! /bin/sh
+# $1 is the top of the manual page tree to look through
+
+dir=$1
+cd $dir
+
+for m in `find . -name '*.html' | sort`; do
+description=`grep -F '||'`
+manfile=`echo $m | sed -e 's|\./||'`
+manname=`basename $manfile .html`
+origmanfile=`echo $manfile | sed -e "s|^$subdir|$origsubdir|"`
+echo "$manname$description"
+done
diff --git a/bin/mk-manpages b/bin/mk-manpages
index f177f3f..0096ec2 100755
--- a/bin/mk-manpages
+++ b/bin/mk-manpages
@@ -56,17 +56,18 @@ sub main {
 my $filename = File::Spec->catfile( $dir, $ent );
 my $basename = basename( $ent, ".pod" );
 my $title = $basename;
+my %data = $class->getdata( $filename );
 my $out =
-  $class->genhtml( $release, $sect, $filename, $title, $basename );
+$class->genhtml( $release, $sect, $filename, $title, $basename,
+ $data{description});
 my 



[openssl-commits] [web]  master update


2019-01-02

Thread
Matt Caswell

The branch master has been updated
   via  025f5f461ca3a67091aac0690de2496c03d3ba7f (commit)
  from  2ee3b78b0e20e1e2e9fc3830813a843567ea94a2 (commit)


- Log -
commit 025f5f461ca3a67091aac0690de2496c03d3ba7f
Author: Dr. Matthias St. Pierre 
Date:   Thu Dec 27 18:33:03 2018 +0100

Add 1.1.1 to manual sidebar

Reviewed-by: Tim Hudson 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/100)

---

Summary of changes:
 inc/mansidebar.shtml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/mansidebar.shtml b/inc/mansidebar.shtml
index 64fd0e9..c794b16 100644
--- a/inc/mansidebar.shtml
+++ b/inc/mansidebar.shtml
@@ -4,6 +4,7 @@
 Manpages
 
   master
+  1.1.1
   1.1.0
   1.0.2
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-12-06

Thread
Matt Caswell

The branch master has been updated
   via  2ee3b78b0e20e1e2e9fc3830813a843567ea94a2 (commit)
  from  ad8f7120bad64bcc43861c36eedcf29fc2728f13 (commit)


- Log -
commit 2ee3b78b0e20e1e2e9fc3830813a843567ea94a2
Author: Matt Caswell 
Date:   Wed Dec 5 13:00:13 2018 +

Update CLA templates

Update the address in the CLA templates

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/97)

---

Summary of changes:
 policies/openssl_ccla.pdf | Bin 32971 -> 38288 bytes
 policies/openssl_icla.pdf | Bin 32488 -> 37641 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/policies/openssl_ccla.pdf b/policies/openssl_ccla.pdf
index 814c2f7..f341c27 100644
Binary files a/policies/openssl_ccla.pdf and b/policies/openssl_ccla.pdf differ
diff --git a/policies/openssl_icla.pdf b/policies/openssl_icla.pdf
index 25d1b96..cb24818 100644
Binary files a/policies/openssl_icla.pdf and b/policies/openssl_icla.pdf differ
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-12-06

Thread
Richard Levitte

The branch master has been updated
   via  ad8f7120bad64bcc43861c36eedcf29fc2728f13 (commit)
  from  0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit)


- Log -
commit ad8f7120bad64bcc43861c36eedcf29fc2728f13
Author: Rich Salz 
Date:   Mon Mar 19 18:20:32 2018 -0400

Switch to new (ASF) license

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/98)

---

Summary of changes:
 .gitignore|   1 -
 Makefile  |   4 -
 source/apache-license-2.0.txt | 177 ++
 source/license-openssl-ssleay.txt | 125 +++
 source/license.html   |  35 +---
 5 files changed, 327 insertions(+), 15 deletions(-)
 create mode 100644 source/apache-license-2.0.txt
 create mode 100644 source/license-openssl-ssleay.txt

diff --git a/.gitignore b/.gitignore
index be23066..86cadae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,7 +31,6 @@ source/*.gz*
 source/*.patch
 source/.htaccess
 source/index.inc
-source/license.txt
 source/old/*/*.patch
 source/old/*/*.tar.gz*
 source/old/*/*.txt.asc
diff --git a/Makefile b/Makefile
index a495e0c..c6c54bb 100644
--- a/Makefile
+++ b/Makefile
@@ -30,7 +30,6 @@ SIMPLE = newsflash.inc sitemap.txt \
 news/vulnerabilities-0.9.7.inc \
 news/vulnerabilities-0.9.6.inc \
 source/.htaccess \
-source/license.txt \
 source/index.inc
 SRCLISTS = \
   source/old/0.9.x/index.inc \
@@ -174,9 +173,6 @@ news/vulnerabilities-0.9.6.inc: bin/mk-cvepage 
news/vulnerabilities.xml
 source/.htaccess: $(wildcard source/openssl-*.tar.gz) bin/mk-latest
@rm -f @?
./bin/mk-latest source >$@
-source/license.txt: $(SNAP)/LICENSE
-   @rm -f $@
-   cp $? $@
 source/index.inc: $(wildcard $(RELEASEDIR)/openssl-*.tar.gz) bin/mk-filelist
@rm -f $@
./bin/mk-filelist $(RELEASEDIR) '' 'openssl-*.tar.gz' >$@
diff --git a/source/apache-license-2.0.txt b/source/apache-license-2.0.txt
new file mode 100644
index 000..49cc83d
--- /dev/null
+++ b/source/apache-license-2.0.txt
@@ -0,0 +1,177 @@
+
+ Apache License
+   Version 2.0, January 2004
+https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+  "License" shall mean the terms and conditions for use, reproduction,
+  and distribution as defined by Sections 1 through 9 of this document.
+
+  "Licensor" shall mean the copyright owner or entity authorized by
+  the copyright owner that is granting the License.
+
+  "Legal Entity" shall mean the union of the acting entity and all
+  other entities that control, are controlled by, or are under common
+  control with that entity. For the purposes of this definition,
+  "control" means (i) the power, direct or indirect, to cause the
+  direction or management of such entity, whether by contract or
+  otherwise, or (ii) ownership of fifty percent (50%) or more of the
+  outstanding shares, or (iii) beneficial ownership of such entity.
+
+  "You" (or "Your") shall mean an individual or Legal Entity
+  exercising permissions granted by this License.
+
+  "Source" form shall mean the preferred form for making modifications,
+  including but not limited to software source code, documentation
+  source, and configuration files.
+
+  "Object" form shall mean any form resulting from mechanical
+  transformation or translation of a Source form, including but
+  not limited to compiled object code, generated documentation,
+  and conversions to other media types.
+
+  "Work" shall mean the work of authorship, whether in Source or
+  Object form, made available under the License, as indicated by a
+  copyright notice that is included in or attached to the work
+  (an example is provided in the Appendix below).
+
+  "Derivative Works" shall mean any work, whether in Source or Object
+  form, that is based on (or derived from) the Work and for which the
+  editorial revisions, annotations, elaborations, or other modifications
+  represent, as a whole, an original work of authorship. For the purposes
+  of this License, Derivative Works shall not include works that remain
+  separable from, or merely link (or bind by name) to the interfaces of,
+  the Work and Derivative Works thereof.
+
+  "Contribution" shall mean any work of authorship, including
+  the original version of the Work and any modifications or additions
+  to that Work or Derivative Works thereof, that is intentionally
+  submitted to Licensor for inclusion in the Work by the copyright owner




[openssl-commits] [web]  master update


2018-12-05

Thread
Kurt Roeckx

The branch master has been updated
   via  0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit)
  from  be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit)


- Log -
commit 0d92547742c3da2f066f4babaacf8a51bb2f5e3c
Author: Kurt Roeckx 
Date:   Wed Dec 5 22:22:04 2018 +0100

Update PGP key

---

Summary of changes:
 news/openssl-security.asc | 80 +++
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/news/openssl-security.asc b/news/openssl-security.asc
index fb0482f..9dddc89 100644
--- a/news/openssl-security.asc
+++ b/news/openssl-security.asc
@@ -11,33 +11,33 @@ 
Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO
 5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc
 zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK
 eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB
-tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+
-AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78CkZ9YTy4PH7W0w2JTizos9
-efUFAlvEwBgFCQmW/3kACgkQ2JTizos9efV3tBAAg/XTimvGMtCvMawu+ymbXshC
-W+PTt3tH2oI7parnm8F0DY3c70rwKN1uu28Cds0QOpAUR8wsYe9HbXXfT7w+4JG6
-qJm3mfAin9QA49D99SN3TgSTOK7qU1p88nCpEs0dib4aF5gO2zaqRiIEbTkiQSjQ
-lTzLS0kfznNmfynJI25XWNddLM2munn9ZS7XPQqzZ0G/RkDbuIayG0axRRcr8iG/
-uOkfFz3Iwk58MnzKVqPf+n7ZPTG6Z7EEcLF92Lo58x+s9tJ5afr0bTRG1wn5L8+I
-++OEIn32CwPQ0B6FeI42jeXGdd4rGjgzZyBbqvUD2zei85Sa306ZUOLoD5iuSAXt
-VkyK2rRRqfGy8m+R0TV1TQ25SkQadUf1fz1gS+QtyA4MhuM4f9PYR6kNUzjHkGAw
-w6KTG+bHiiQdAOKCEDYZgz9bY9wSD53fQTh8r5DhQ9edgFQAZsJ5R5jouZu+5beG
-8VP1OuvgKA478y/VWX6xnKLCqAfiF+p4ae0WDTm2cQiZyskTLQ2NaC0xEmAg9DgT
-d0v9NteVVMKeVppaGsE21vaX7s228Pj2sf8EAwl5iqtcJZMVVMHdmMerojd0HnmW
-PplbBVowaTTxLcMz/Xqlrxl7ylh6NqA3hFK1BwhFkAH6IEvXYmuAZNEtzFl+t4m5
-lsGHrlH+lstQuSl25v+0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z
-ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
-AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAJwUJCZb/eQAKCRDY
-lOLOiz159bbcEACpio13Jc6porVHoi5izZ9w9xCYiv6whrhgjdBCPm+JP6bPb0aN
-T0EkhQ4oBsOh3iCtVrBXjeagXK1NR1Sze/PH/kxARg9Nx6rafv9jRF2irO0E8+fY
-U2nV2z8Sjuej2uAIfMEJW0GnOJsR/pnn+a6P2Na8qwuwoEoWW2rTwqgCNOPwTWAW
-qgB5sYrt5M8RhmSZXW0v6NmCAQVrnGbEsqgCuBLo0WqyPszW6BEQqUsvj4aAAucS
-IZr2vaN4TnXhg0VdlI1f1E32ms2lSkNXECdSYWeT1eWVn2nPKibpePrJXuHHEP1G
-qM9z70+otqNn7qbIIr2aCu9aoAkcqbNCM6WN6FgZb0BH/XLByZM6ksLjO5OD1BHS
-PkK7HDTLDaTQFYbzH1ItpuWWvVh+l95a5Amm3Ic4JZyTbw0I7S4n0lo+JG4l89Wr
-WsYwAJsj1Chn0TitF/VTMG7JOtFHKBKzNvXOY7H85zU8AxvC5lis5vLepSc41NXw
-JoR7l+Cwi1hFIJIRO6RSVp3BwI+mASRZAn9ZaCqNyfDHhFQntpn607pRl2eHvO57
-KN1r1fJOZBx8P9p4S0sqBs9QXF4wNlBM2v/Te4MGq+wzQQFtofJuBSEpN0jHpVup
-HGZRWkCSydM4ToCRrwEhclv3GvUmi1WAzy25SBbaR408/BgEAT2Xr6TUXLQnT3Bl
+tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz
+bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck
+Z9YTy4PH7W0w2JTizos9efUFAlvEwCcFCQmW/3kACgkQ2JTizos9efW23BAAqYqN
+dyXOqaK1R6IuYs2fcPcQmIr+sIa4YI3QQj5viT+mz29GjU9BJIUOKAbDod4grVaw
+V43moFytTUdUs3vzx/5MQEYPTceq2n7/Y0RdoqztBPPn2FNp1ds/Eo7no9rgCHzB
+CVtBpzibEf6Z5/muj9jWvKsLsKBKFltq08KoAjTj8E1gFqoAebGK7eTPEYZkmV1t
+L+jZggEFa5xmxLKoArgS6NFqsj7M1ugREKlLL4+GgALnEiGa9r2jeE514YNFXZSN
+X9RN9prNpUpDVxAnUmFnk9XllZ9pzyom6Xj6yV7hxxD9RqjPc+9PqLajZ+6myCK9
+mgrvWqAJHKmzQjOljehYGW9AR/1ywcmTOpLC4zuTg9QR0j5Cuxw0yw2k0BWG8x9S
+Labllr1YfpfeWuQJptyHOCWck28NCO0uJ9JaPiRuJfPVq1rGMACbI9QoZ9E4rRf1
+UzBuyTrRRygSszb1zmOx/Oc1PAMbwuZYrOby3qUnONTV8CaEe5fgsItYRSCSETuk
+UladwcCPpgEkWQJ/WWgqjcnwx4RUJ7aZ+tO6UZdnh7zueyjda9XyTmQcfD/aeEtL
+KgbPUFxeMDZQTNr/03uDBqvsM0EBbaHybgUhKTdIx6VbqRxmUVpAksnTOE6Aka8B
+IXJb9xr1JotVgM8tuUgW2keNPPwYBAE9l6+k1Fy0JU9wZW5TU0wgT01DIDxvcGVu
+c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
+AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCW8TAGAUJCZb/eQAKCRDY
+lOLOiz159Xe0EACD9dOKa8Yy0K8xrC77KZteyEJb49O3e0fagjulquebwXQNjdzv
+SvAo3W67bwJ2zRA6kBRHzCxh70dtdd9PvD7gkbqombeZ8CKf1ADj0P31I3dOBJM4
+rupTWnzycKkSzR2JvhoXmA7bNqpGIgRtOSJBKNCVPMtLSR/Oc2Z/KckjbldY110s
+zaa6ef1lLtc9CrNnQb9GQNu4hrIbRrFFFyvyIb+46R8XPcjCTnwyfMpWo9/6ftk9
+MbpnsQRwsX3YujnzH6z20nlp+vRtNEbXCfkvz4j744QiffYLA9DQHoV4jjaN5cZ1
+3isaODNnIFuq9QPbN6LzlJrfTplQ4ugPmK5IBe1WTIratFGp8bLyb5HRNXVNDblK
+RBp1R/V/PWBL5C3IDgyG4zh/09hHqQ1TOMeQYDDDopMb5seKJB0A4oIQNhmDP1tj
+3BIPnd9BOHyvkOFD152AVABmwnlHmOi5m77lt4bxU/U66+AoDjvzL9VZfrGcosKo
+B+IX6nhp7RYNObZxCJnKyRMtDY1oLTESYCD0OBN3S/0215VUwp5WmloawTbW9pfu
+zbbw+Pax/wQDCXmKq1wlkxVUwd2Yx6uiN3QeeZY+mVsFWjBpNPEtwzP9eqWvGXvK
+WHo2oDeEUrUHCEWQAfogS9dia4Bk0S3MWX63ibmWwYeuUf6Wy1C5KXbm/7QnT3Bl
 blNTTCB0ZWFtIDxvcGVuc3NsLXRlYW1Ab3BlbnNzbC5vcmc+iQJZBDABCgBDFiEE
 78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ9jUlHSBSZXBsYWNlZCBieSBvcGVuc3Ns
 LW9tY0BvcGVuc3NsLm9yZwAKCRDYlOLOiz159VAiD/wLVz8KE84z+iPBcDXJR4hr
@@ -63,17 +63,17 @@ 
ncd+VYvth6cM9jDWsTJAXEaqNoFjVfw227NnQ/hxqGCwEVzweBi7a7dix3nCa9JO
 w5eV3xCyezUohQ6nOBbDnoAnp3FLeUrhBJQXCPNtlb0fSMnj14EwBoD6EKO/xz/g
 



[openssl-commits] [web]  master update


2018-12-05

Thread
Matt Caswell

The branch master has been updated
   via  be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit)
  from  af5e14f2df748257775c39faa63fcc755b81b1b9 (commit)


- Log -
commit be4639ae76f20fccfd718dea2aaa7def1dbe8a55
Author: Dr. Matthias St. Pierre 
Date:   Tue Nov 6 12:12:26 2018 +0100

cla.html: make CLA download links and email address more prominent

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/web/pull/92)

---

Summary of changes:
 policies/cla.html | 28 +---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/policies/cla.html b/policies/cla.html
index f234dde..efe0445 100644
--- a/policies/cla.html
+++ b/policies/cla.html
@@ -25,7 +25,8 @@
  
  OpenSSL requires that all non-trivial contributors of ideas, code, or
  documentation complete, sign, and submit (via postal mail, fax
- or email) an Individual CLA [PDF].
+ or email) an
+ Individual Contributor License Agreement 
(ICLA).
  The purpose of this agreement is to clearly define
  the terms under which intellectual property has been contributed
  to OpenSSL and thereby allow us to defend the project should
@@ -39,8 +40,8 @@
  
 
  
- For a corporation that has assigned employees to work on OpenSSL,
- a Corporate CLA [PDF]
+ For a corporation that has assigned employees to work on OpenSSL, a
+ Corporate Contributor License Agreement 
(CCLA)
  is available for contributing intellectual property via
  the corporation, that may have been assigned as part of an
  employment agreement. Note that a Corporate CLA does not
@@ -49,6 +50,27 @@
  
 
  
+ If you have not already done so, please complete and sign a printout 
of the above
+ ICLA (and CCLA if necessary), then scan and email a pdf file of the 
Agreement(s) to
+ mailto:le...@opensslfoundation.org;>le...@opensslfoundation.org.
+ 
+
+ 
+ If you prefer snail mail, send an original signed Agreement to the
+ 
+
+ 
+ OpenSSL Software Foundation
+ 40 East Main Street
+ Suite 744
+ Newark, DE 19711
+ United States
+ 
+
+ Please read the document(s) carefully before signing and keep a copy 
for your records.
+ 
+
+ 
  Your Full name will be published unless you provide an alternative
  Public name. For example if your full name is Andrew Bernard Charles
  Dickens, but you wish to be known as Andrew Dickens, please enter
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-11-20

Thread
Matt Caswell

The branch master has been updated
   via  af5e14f2df748257775c39faa63fcc755b81b1b9 (commit)
  from  28c43932d579cd6ba18ec411bb828a2512c3419e (commit)


- Log -
commit af5e14f2df748257775c39faa63fcc755b81b1b9
Author: Matt Caswell 
Date:   Tue Nov 20 13:55:56 2018 +

Updates for new release

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/95)

---

Summary of changes:
 news/newsflash.txt   |  4 
 news/vulnerabilities.xml | 12 ++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 2c05c1a..07229f2 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,10 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes
+20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes
+20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes
+12-Nov-2018: Security Advisory: one 
low severity fix in ECC scalar multiplication
 29-Oct-2018: Security Advisory: one 
low severity fix in DSA
 29-Oct-2018: Security Advisory: one 
low severity fix in ECDSA
 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please 
download and upgrade!
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 46cdcff..2142ade 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -40,7 +40,7 @@
 
   
 
-
+
   
 
 Side Channel Attack
@@ -85,13 +85,13 @@
 
 
 
-
+
   
 
-
+
   
 
-
+
   
 
 Constant time issue
@@ -118,10 +118,10 @@
 
 
 
-
+
   
 
-
+
   
 
 Constant time issue
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-11-12

Thread
Matt Caswell

The branch master has been updated
   via  28c43932d579cd6ba18ec411bb828a2512c3419e (commit)
  from  a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b (commit)


- Log -
commit 28c43932d579cd6ba18ec411bb828a2512c3419e
Author: Matt Caswell 
Date:   Mon Nov 12 15:02:14 2018 +

Updates for CVE-2018-5407

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/93)

---

Summary of changes:
 news/secadv/20181112.txt | 41 +
 news/vulnerabilities.xml | 48 +++-
 2 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20181112.txt

diff --git a/news/secadv/20181112.txt b/news/secadv/20181112.txt
new file mode 100644
index 000..764520e
--- /dev/null
+++ b/news/secadv/20181112.txt
@@ -0,0 +1,41 @@
+OpenSSL Security Advisory [12 November 2018]
+
+
+Microarchitecture timing vulnerability in ECC scalar multiplication 
(CVE-2018-5407)
+===
+
+Severity: Low
+
+OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown
+to be vulnerable to a microarchitecture timing side channel attack. An attacker
+with sufficient access to mount local timing attacks during ECDSA signature
+generation could recover the private key.
+
+This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest
+version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low
+severity of this issue we are not creating a new release at this time. The 
1.0.2
+mitigation for this issue can be found in commit b18162a7c.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0i.
+
+This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera
+Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola 
Tuveri.
+
+Note
+
+
+OpenSSL 1.1.0 is currently only receiving security updates. Support for this
+version will end on 11th September 2019. Users of this version should upgrade 
to
+OpenSSL 1.1.1.
+
+References
+==
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20181112.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 86b18c0..46cdcff 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,53 @@
 
 
-
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+  
+
+Side Channel Attack
+Microarchitecture timing vulnerability in ECC scalar 
multiplication
+
+  OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been 
shown
+  to be vulnerable to a microarchitecture timing side channel attack. An 
attacker
+  with sufficient access to mount local timing attacks during ECDSA 
signature
+  generation could recover the private key.
+
+
+
+  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-11-12

Thread
Mark J . Cox

The branch master has been updated
   via  a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b (commit)
   via  93507ac9b3d6cd013b2148f83c0726817cf71576 (commit)
   via  92a7bda034e49e626bf933f9e61b82a2cefe308c (commit)
  from  b78d963402ca83b6ede75f1a5d42d64ca61c2c49 (commit)


- Log -
commit a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b
Merge: b78d963 93507ac
Author: Mark J. Cox 
Date:   Mon Nov 12 16:09:29 2018 +

Merge pull request #94 from iamamoose/master

trivial changes - CVE-2015-1788 was missing severity tag, fix bad website 
includes

commit 93507ac9b3d6cd013b2148f83c0726817cf71576
Author: Mark J. Cox 
Date:   Mon Nov 12 16:01:40 2018 +

CVE-2015-1788 was missing the severity tag

commit 92a7bda034e49e626bf933f9e61b82a2cefe308c
Author: Mark J. Cox 
Date:   Sat Oct 13 10:29:45 2018 +0100

Remove broken include

---

Summary of changes:
 news/vulnerabilities.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 97ec427..86b18c0 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -2482,6 +2482,7 @@
   
   
 
+
 
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-11-01

Thread
Paul I . Dale

The branch master has been updated
   via  b78d963402ca83b6ede75f1a5d42d64ca61c2c49 (commit)
  from  ec4583cb047f1dd56918b38f5a36941747d50d28 (commit)


- Log -
commit b78d963402ca83b6ede75f1a5d42d64ca61c2c49
Author: Pauli 
Date:   Fri Nov 2 08:40:27 2018 +1000

Update advisory for CVE-2018-0734 indicating that it introduced a new issue
and that this has been fixed.  Git commit versions are included.

---

Summary of changes:
 news/secadv/20181030.txt | 5 +
 1 file changed, 5 insertions(+)

diff --git a/news/secadv/20181030.txt b/news/secadv/20181030.txt
index b33ac41..7569b56 100644
--- a/news/secadv/20181030.txt
+++ b/news/secadv/20181030.txt
@@ -19,6 +19,11 @@ git repository.
 
 This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
 
+As a result of the changes made to mitigate this vulnerability, a new
+side channel attack was created.  The mitigation for this new vulnerability
+can be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0)
+and 880d1c76ed (for 1.0.2)
+
 References
 ==
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-29

Thread
Matt Caswell

The branch master has been updated
   via  ec4583cb047f1dd56918b38f5a36941747d50d28 (commit)
  from  54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit)


- Log -
commit ec4583cb047f1dd56918b38f5a36941747d50d28
Author: Matt Caswell 
Date:   Mon Oct 29 21:52:29 2018 +

Correct the security advisory name

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/web/pull/91)

---

Summary of changes:
 news/secadv/{20181030.pdf => 20181030.txt} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename news/secadv/{20181030.pdf => 20181030.txt} (100%)

diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.txt
similarity index 100%
rename from news/secadv/20181030.pdf
rename to news/secadv/20181030.txt
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-29

Thread
Paul I . Dale

The branch master has been updated
   via  54c39f92bbaae5b32b84c8b632c4daf2d7ad6132 (commit)
   via  c84f2126b736207c23b1984cbc07d496c22ca85d (commit)
  from  43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit)


- Log -
commit 54c39f92bbaae5b32b84c8b632c4daf2d7ad6132
Merge: c84f212 43a3ec6
Author: Pauli 
Date:   Tue Oct 30 07:00:24 2018 +1000

Merge branch 'master' of git.openssl.org:openssl-web

commit c84f2126b736207c23b1984cbc07d496c22ca85d
Author: Pauli 
Date:   Tue Oct 30 07:00:08 2018 +1000

Add CVE-2018-0734

---

Summary of changes:
 news/newsflash.txt   |  3 ++-
 news/secadv/20181030.pdf | 32 +
 news/vulnerabilities.xml | 52 +++-
 3 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 news/secadv/20181030.pdf

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 311c39b..2c05c1a 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,7 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
-29-Oct-2018: Security Advisory: one 
low severity fix
+29-Oct-2018: Security Advisory: one 
low severity fix in DSA
+29-Oct-2018: Security Advisory: one 
low severity fix in ECDSA
 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please 
download and upgrade!
 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please 
download and test it
 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes
diff --git a/news/secadv/20181030.pdf b/news/secadv/20181030.pdf
new file mode 100644
index 000..b33ac41
--- /dev/null
+++ b/news/secadv/20181030.pdf
@@ -0,0 +1,32 @@
+OpenSSL Security Advisory [30 October 2018]
+===
+
+Timing vulnerability in DSA signature generation (CVE-2018-0734)
+
+
+Severity: Low
+
+The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+timing side channel attack. An attacker could use variations in the signing
+algorithm to recover the private key.
+
+Due to the low severity of this issue we are not issuing a new release
+of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix will be included
+in OpenSSL 1.1.1a, OpenSSL 1.1.0j and OpenSSL 1.0.2q when they become
+available. The fix is also available in commit 8abfe72e8c (for 1.1.1),
+ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL
+git repository.
+
+This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+
+References
+==
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20181030.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 52cc185..97ec427 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,57 @@
 
 
-
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+  
+
+
+  
+
+Constant time issue
+Timing attack against DSA
+
+  The OpenSSL DSA signature algorithm has been shown to be vulnerable
+  to a timing side channel attack. An attacker could use variations
+  in the signing algorithm to recover the private key.
+
+
+
+  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-29

Thread
Matt Caswell

The branch master has been updated
   via  43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb (commit)
  from  ecf0f6ced3b30e616932d3ccd7609e7e63520c8c (commit)


- Log -
commit 43a3ec6622d22e8fb33324d50bd4aa4944e9e5fb
Author: Matt Caswell 
Date:   Mon Oct 29 12:09:44 2018 +

Update vulnerabilities.xml

The new CVE is only fixed in the dev version. 1.1.1a and 1.1.0j are not
yet released.

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/90)

---

Summary of changes:
 news/vulnerabilities.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 6067c1e..52cc185 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -22,10 +22,10 @@
 
 
 
-
+
   
 
-
+
   
 
 Constant time issue
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-28

Thread
Paul I . Dale

The branch master has been updated
   via  ecf0f6ced3b30e616932d3ccd7609e7e63520c8c (commit)
  from  61572af57041195c7654c0485f8f323baec0ab66 (commit)


- Log -
commit ecf0f6ced3b30e616932d3ccd7609e7e63520c8c
Author: Pauli 
Date:   Mon Oct 29 10:54:02 2018 +1000

update vulnerability information again, this is the published version

---

Summary of changes:
 news/vulnerabilities.xml | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index b2979db..6067c1e 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -10,7 +10,7 @@
 
   
 
-
+
 
 
 
@@ -22,6 +22,12 @@
 
 
 
+
+  
+
+
+  
+
 Constant time issue
 Timing attack against ECDSA signature generation
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-28

Thread
Paul I . Dale

The branch master has been updated
   via  61572af57041195c7654c0485f8f323baec0ab66 (commit)
  from  c35854b022239196048f9bbd5418fb77dd4f7ee0 (commit)


- Log -
commit 61572af57041195c7654c0485f8f323baec0ab66
Author: Pauli 
Date:   Mon Oct 29 10:01:23 2018 +1000

fix vulnerability entry

---

Summary of changes:
 news/vulnerabilities.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 605f354..b2979db 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -10,7 +10,7 @@
 
   
 
-
+
 
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-28

Thread
Paul I . Dale

The branch master has been updated
   via  c35854b022239196048f9bbd5418fb77dd4f7ee0 (commit)
  from  6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 (commit)


- Log -
commit c35854b022239196048f9bbd5418fb77dd4f7ee0
Author: Pauli 
Date:   Mon Oct 29 09:58:52 2018 +1000

fix vulnerability entry

---

Summary of changes:
 news/vulnerabilities.xml | 50 
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index a2a2de0..605f354 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,31 @@
 
 
-
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+Constant time issue
+Timing attack against ECDSA signature generation
+
+  The OpenSSL ECDSA signature algorithm has been shown to be
+  vulnerable to a timing side channel attack. An attacker could use
+  variations in the signing algorithm to recover the private key.
+
+
+
+  
   
 
 
@@ -54,30 +78,6 @@
 
 
   
-  
-
-
-
-
-
-
-
-
-
-
-
-
-
-Constant time issue
-Timing attack against ECDSA signature generation
-
-  The OpenSSL ECDSA signature algorithm has been shown to be
-  vulnerable to a timing side channel attack. An attacker could use
-  variations in the signing algorithm to recover the private key.
-
-
-
-  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-28

Thread
Paul I . Dale

The branch master has been updated
   via  6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4 (commit)
   via  911cdb11d835a00d901d3e9c1a728ed2613f84a6 (commit)
  from  fbf24147cb7b9e04c40ef0d14f76dc85d59a8413 (commit)


- Log -
commit 6e45814cbe2c0d6d40b7b24a7d5f238faafb4bd4
Merge: 911cdb1 fbf2414
Author: Pauli 
Date:   Mon Oct 29 09:06:01 2018 +1000

Merge branch 'master' of git.openssl.org:openssl-web

commit 911cdb11d835a00d901d3e9c1a728ed2613f84a6
Author: Pauli 
Date:   Mon Oct 29 09:03:42 2018 +1000

Update for ECDSA vulnerability CVS-2018-0735

---

Summary of changes:
 news/newsflash.txt   |  1 +
 news/secadv/20181029.txt | 31 +++
 news/vulnerabilities.xml | 24 
 3 files changed, 56 insertions(+)
 create mode 100644 news/secadv/20181029.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 1a0f0fb..311c39b 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+29-Oct-2018: Security Advisory: one 
low severity fix
 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please 
download and upgrade!
 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please 
download and test it
 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes
diff --git a/news/secadv/20181029.txt b/news/secadv/20181029.txt
new file mode 100644
index 000..2194ef0
--- /dev/null
+++ b/news/secadv/20181029.txt
@@ -0,0 +1,31 @@
+OpenSSL Security Advisory [29 October 2018]
+===
+
+Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+==
+
+Severity: Low
+
+The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+timing side channel attack. An attacker could use variations in the signing
+algorithm to recover the private key.
+
+Due to the low severity of this issue we are not issuing a new release
+of OpenSSL 1.1.1 or 1.1.0 at this time. The fix will be included in
+OpenSSL 1.1.1a and OpenSSL 1.1.0j when they become available. The fix
+is also available in commit b1d6d55ece (for 1.1.1) and commit 56fb454d28
+(for 1.1.0) in the OpenSSL git repository.
+
+This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+
+References
+==
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20181029.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 6ef9c56..a2a2de0 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -54,6 +54,30 @@
 
 
   
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+Constant time issue
+Timing attack against ECDSA signature generation
+
+  The OpenSSL ECDSA signature algorithm has been shown to be
+  vulnerable to a timing side channel attack. An attacker could use
+  variations in the signing algorithm to recover the private key.
+
+
+
+  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-26

Thread
Richard Levitte

The branch master has been updated
   via  fbf24147cb7b9e04c40ef0d14f76dc85d59a8413 (commit)
  from  3b07e5291b0df2cef8469ab0494d1c787e84af87 (commit)


- Log -
commit fbf24147cb7b9e04c40ef0d14f76dc85d59a8413
Author: Joe 
Date:   Fri Oct 26 08:22:17 2018 +

Small typo fix

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/89)

---

Summary of changes:
 source/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/index.html b/source/index.html
index a4a98ce..605c009 100644
--- a/source/index.html
+++ b/source/index.html
@@ -17,7 +17,7 @@
 at https://github.com/openssl/openssl;>https://github.com/openssl/openssl.
 Bugs and pull patches (issues and pull requests) should be
-file on the GitHub repo.
+filed on the GitHub repo.
Please familiarize yourself with the
license.

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-15

Thread
Kurt Roeckx

The branch master has been updated
   via  3b07e5291b0df2cef8469ab0494d1c787e84af87 (commit)
  from  72c1892c6630fe39a3ba99980876a4e7e983a2d8 (commit)


- Log -
commit 3b07e5291b0df2cef8469ab0494d1c787e84af87
Author: Kurt Roeckx 
Date:   Mon Oct 15 18:32:18 2018 +0200

Update PGP key

---

Summary of changes:
 news/openssl-security.asc | 128 +++---
 1 file changed, 64 insertions(+), 64 deletions(-)

diff --git a/news/openssl-security.asc b/news/openssl-security.asc
index 217cbe7..fb0482f 100644
--- a/news/openssl-security.asc
+++ b/news/openssl-security.asc
@@ -12,68 +12,68 @@ 
Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO
 zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK
 eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB
 tCVPcGVuU1NMIE9NQyA8b3BlbnNzbC1vbWNAb3BlbnNzbC5vcmc+iQJUBBMBCgA+
-FiEE78CkZ9YTy4PH7W0w2JTizos9efUFAlnZ8x0CGwMFCQefA0oFCwkIBwMFFQoJ
-CAsFFgIDAQACHgECF4AACgkQ2JTizos9efVNnw/9GHSauODL8PCSRcobbVm8/3tl
-ejky6YVmjBjpbKKLVCAyK6sM7ns1RDSoHSQfKdClZbD+n2ZLZFVbvdDbu873ntsE
-WdMZUk5dTW0a8mtaUFV5nkZiWbNn5Yr+gtUiqOtIDR6wbXOd4RtpaKawllqN0JX/
-oZdVUcV60tekt92rUe3J/KbFptACvZNkvm1c2zEWdNemEWIqYOierjaeNhqdgAbA
-kKA7EAYP53bursxTDfhQQZWzPOFXcl4ElHKHvVED2ZyGamRnuwD5F2YyjOCNlvt2
-si1mzTsvyjuNJv0OeK0rdPqX00OXWCuOb96rlGiSeaK3WFSTHeDiaFiCahwf9VJT
-I9kGA/FF6is8UW2SJEGzYHGnY/lsUL697XTuLEgWU2qHlYXExLY1cuz+pTLB0vsB
-suCGTe18BgjKF2und7z7+kDPB4uECXCwgPKjxLNM/JFhJswt3KTzDbcXz0/lg0+5
-3r1NsBV3JW0DxoRsmqWAn6anyCRDxN8GHzEymRkc88wacEt38JeyPuLiz6ejbpFR
-EYNHDrVVB9gDkkxafL7csKH/J69v1GAujzyXPcTsT08YyKgf7kOc5e26jyNq9KYs
-YJhE7yr/qcqcbcQTgntaFCas+1nBm/SM26xKLF4MkS8KEeGRUuCwQhDXPNORAsNj
-EIOh6s4v5T9Py3lpJNu0NE9wZW5TU0wgc2VjdXJpdHkgdGVhbSA8b3BlbnNzbC1z
-ZWN1cml0eUBvcGVuc3NsLm9yZz6JAlMEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID
-AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCWdny6QUJB58DSgAKCRDY
-lOLOiz159XxmD/dSmuPL95utayr83urce6FibwqWZeA7LldBiaKEn8ShxhVgb/HG
-EGfQKxF1cWXOe1NF3NEhmZD/JTYoMlqEyGARZMDR4klDPP0jhPWVcfnw8HoUjufE
-QptCagLhitZzfb0GEzvAOG63tFwit4bM6gT2po3VZH8o62j2PcBtcSmjHVqtaKwI
-i5MMXFRTaJnLQmLHg+W2nunw+CgTNdUgvn/oB0RPHXU+TlfPiuC7tAluZC+xYnIA
-nspHRRbge3H1R07JP5LZW8fu60VMj/o7t/0rCupjjra/qE2KScF1MsFI7eiv1I/Q
-68lgvtHLCpSqV/qqVmrdgGhV2pHQaEeB7sh/8E5+G0Yi6sYwztl/OeUUpdiGhXxU
-OPWPYExIwDrh1guIi/yva/78wksbi/ZQffZTR//OIwdGmMVxYfdCQ16PfqXpKJlW
-OcaH0Kbom13lha0Am0pXnqRnupOp5XrcrHJUcdFoS2df3wOh6aFejimjBWnvAajh
-rzNnXedY9rtxDlA5O/D1Yx0j8ZfAMrmqxFTc+XyT5gBwxYc2wCQ3ch20MfDpJ9/s
-eA4WS7dPGyOkziIcszT4vNCAtDnIs4Hr0uNb/1wF5R1UFq464Ghyqpt6SE2xfxsP
-Uty+iyvCYfrbL7ILwHmpgYUARL51ovSxVRQA7osSg8qrf6U26pIDXD63tCdPcGVu
-U1NMIHRlYW0gPG9wZW5zc2wtdGVhbUBvcGVuc3NsLm9yZz6JAlkEMAEKAEMWIQTv
-wKRn1hPLg8ftbTDYlOLOiz159QUCWdn2NSUdIFJlcGxhY2VkIGJ5IG9wZW5zc2wt
-b21jQG9wZW5zc2wub3JnAAoJENiU4s6LPXn1UCIP/AtXPwoTzjP6I8FwNclHiGuK
-w+gV5Sw3rRNyiKg9TL0dudcVfDsdtdxmBR1vughH0PNsYstNggflbGIefLTIuNTQ
-1qun5GTluLxZyWxcf6WJPMRTJdJpdy5BrIfXFaHrEohAQLBeL0P25gjXzOvA7C7Y
-wCuxkKG3FuQKyKr4HNy5WF1LKZIBPcjHEHD6sjLDaxD4KxQnHd31s1xdarDvEbXe
-G8MmiQApKUJ2fN9sGPdbrjBs1nBtgPksZHThT7g5FpuZfIWwOvg6XRaf2Ig538AG
-aq+rqKnZHE9HvCEbBqidhSe6h3hkr5BY5Bh2jj5CTOvZSSBBTAq47wUFTeG/B4XK
-m5yW561lRhQ8YEnYzb16swQyYA6jIRjeWRyYRoYmQ4tNrs6idKfjlMytQohKNPzH
-OzW+bFX72Kz+C6KikXHjXj4MGafCcDpwuVPOE1muqR2Jt64o36wTzzBXsfTQ0EPy
-hBSDYQDEFTFLY9osuQDT6arH7TiI7EX1lp/u0CIuBLmEQA3JZUWhyWkwQMyOep4J
-A2gOeaMmjJ0lJ7tH44Fk4g+AhFW7Eq0dJ1iSoQoOQ21cKv3SJqDdYiu/M4kenCXX
-kIXtxmPgHVnuwovu+U4mMvGZYfUs+JqZfNcUc/XmHDv4NMRusKTxP36rmvPwIHig
-KxCiVjdbrygghWc0Qe7quQINBFQv6Z8BEADAd7PvHauU/H1vm9znBroxHG4coLnO
-g+bIZTVrLgld1u/os7FVHvtIQ9WMA99Aus49vgiazMT0PwQd7t0m8hzAz+Xyi+xk
-IgP59fdoV9g7h8b0MJwzZB8WIIbaxSjpVwMrXtmsANHwvntKPJR2tWHdmWTapQwt
-t6ibSzCR/G1/AiK+fSnJDcr+uGxfoVTyDd3r54dQI5+APOfOPBGTEHI3nYO9jLAN
-01tg+KJmsmO3lxObrrexWHGOkjOKU4SAdl/QzN/UYMt6guDm7xJBH2lpyXx8cl4g
-PFxfhWbpF3P4jOvD9FUv7DJpfUD7GDFpzB3BpTnLs0CUQGpamScLitGSL6G4f2Pa
-2C8ax7TQoEo2hbkjfSv2IaQMbPNB+pVWuxgkgEk0a0tzr5mPvn07FD80jr4rdJKk
-H4ps4mMe0HCSGoBvdpr1Jrn9jxH870ouomiKjIWk2iauasTkdKuN9CmpEJLTT1+d
-x35Vi+2Hpwz2MNaxMkBcRqo2gWNV/Dbbs2dD+HGoYLARXPB4GLtrt2LHecJr0k7D
-l5XfELJ7NSiFDqc4FsOegCencUt5SuEElBcI822VvR9IyePXgTAGgPoQo7/HP+AR
-bmavRr7Gn5+NuS8dVf9zxSZT7ueVfu6lo3jpEszXLTJZgqj0FXrW2f6RywCTuSFD
-t0qE7OZJemwEcwARAQABiQI8BBgBCgAmAhsMFiEE78CkZ9YTy4PH7W0w2JTizos9
-efUFAlnZ9v8FCQefB2AACgkQ2JTizos9efVBOA/+ObcOrEGwKPI3KFaxKdkfbl/K
-UoTTC8L6F/AJTd9JREXgic/CKZRfa64S+RvRqH8kY1DEUCi6v6o/57kS6o1BS+6a
-PMeg/xi8nBmC5o+fqgOdIdFyUkJbwq/jWcHZ7Sjf89LCh0gtVqxsRYT3yZicCNJi
-8qrWe4I2iv6OHOjZbHeF3RKM7IKaqcUCI6jklJSge3MoCR74gOEpAAA/eUQ2YfVx
-pS1kMaJXLpa0gbkaylZALmt2uTvacOc5uipmZBzQRoVna9scM9+Fy0taus4TA+54
-8EMzjK7LUcgkgndXUf1hE29UGgZyOLBkLfXRZMl9hnOrurTnfUqthbpvZwQ892ba
-ZW0NDkk2nlGFOCJQsfrLQdwxKm0oeH/eJoXaSSZuzn1hL2+EzfMNwpAP03l7xagI
-sYkuyTUDyVGKwyT036yro9yqP0Iaa7CIgJ+DaxsyWthtG/NbJoRkmaJFKyu0pNa8
-dt04jmfMODToNAU7Ji8Ctan4gacGevYItgE8q30+kr1PPQD18DNXw6u36BLfjvPj




[openssl-commits] [web]  master update


2018-10-13

Thread
Mark J . Cox

The branch master has been updated
   via  72c1892c6630fe39a3ba99980876a4e7e983a2d8 (commit)
  from  e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 (commit)


- Log -
commit 72c1892c6630fe39a3ba99980876a4e7e983a2d8
Author: Mark J. Cox 
Date:   Sat Oct 13 10:30:33 2018 +0100

Remove broken link

---

Summary of changes:
 docs/fips/verifycd.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html
index da76889..e02e28b 100644
--- a/docs/fips/verifycd.html
+++ b/docs/fips/verifycd.html
@@ -73,7 +73,6 @@
  

   
-  
 
   
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-13

Thread
Mark J . Cox

The branch master has been updated
   via  e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 (commit)
   via  fc3a76a7b2d8cfa3de18408ce1428785f4a9678e (commit)
  from  0fdc26a3da6206efb38025e5f2d94a97760f0614 (commit)


- Log -
commit e803b1e8aa04dde1595450e785bcb7b63f1ac7b5
Merge: 0fdc26a fc3a76a
Author: Mark J. Cox 
Date:   Sat Oct 13 10:26:44 2018 +0100

Merge pull request #88 from iamamoose/fipscd

Link to KeyPair arrangement for FIPS CD provision

commit fc3a76a7b2d8cfa3de18408ce1428785f4a9678e
Author: Mark J. Cox 
Date:   Sat Oct 13 09:35:14 2018 +0100

Link to KeyPair arrangement for FIPS CD provision

---

Summary of changes:
 docs/fips/verifycd.html | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html
index a30a9c1..da76889 100644
--- a/docs/fips/verifycd.html
+++ b/docs/fips/verifycd.html
@@ -40,20 +40,20 @@
 The requirement for this verification with an independently acquired
 FIPS 140-2 validated cryptographic module does not apply when the
 distribution file is distributed using a "secure" means. Distribution
-on physical media is considered secure in this context, so as a
-convenience a copy of the distribution files can be obtained from
-OSS as a CD-ROM disks via postal 
mail.
-
-The fee for this is $100 in US Dollars. At this time we are only able
-  to accept US wire transfers.
-Email us at mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org
-and we will send you our ABA and account information.
-We cannot do credit cards, purchase orders, or anything other
-  than a US-based bank transfer at this time.
-We can mail internationally (the CD contains only open source code
-and so may be exported under the TSU exception of EAR ECCN 5D002).
-It will take a week or two to process your order.
+on physical media is considered secure in this context so you can
+verify by obtaining a copy of the distribution files on CD-ROM disks via
+postal mail.
 
+OpenSSL are not providing disks directly at this time.  However we have
+an arrangement with KeyPair Consulting who will
+https://keypair.us/2018/05/cd/;>send a disk to you at no
+  charge.
+
+Important Disclaimer: The listing of these third party 
products does not
+  imply any endorsement by the OpenSSL project, and these organizations 
are not
+  affiliated in any way with OpenSSL other than by the reference to their
+  independent web sites here.
+
 Note that the files you will receive on these CDs will be
 identical in every respect (except for formal FIPS 140-2
 compliance) with the files you can download from https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-10-11

Thread
Matt Caswell

The branch master has been updated
   via  0fdc26a3da6206efb38025e5f2d94a97760f0614 (commit)
  from  39045b9f57b5ff168bb646f44119bf4dc55ba37c (commit)


- Log -
commit 0fdc26a3da6206efb38025e5f2d94a97760f0614
Author: Matt Caswell 
Date:   Wed Oct 10 17:19:54 2018 +0100

Correct the contact email on the trademark page

Reviewed-by: Mark J. Cox 
(Merged from https://github.com/openssl/web/pull/87)

---

Summary of changes:
 policies/trademark.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policies/trademark.html b/policies/trademark.html
index f669e46..39ecab7 100644
--- a/policies/trademark.html
+++ b/policies/trademark.html
@@ -134,7 +134,7 @@
 When in doubt about the use of OpenSSL trademarks, or to
 request permission for uses not allowed by this policy, please
 send an email to
-mailto:cont...@openssl.org;>cont...@openssl.org.
+mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org.
 Be sure to include the following information in the body of your
 message:
 
@@ -160,7 +160,7 @@
 
 For any queries with respect to these guidelines, please send an
 email to
-mailto:cont...@openssl.org;>cont...@openssl.org.
+mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org.
 
 Organisations Licensed to Use OpenSSL Trademarks
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-29

Thread
Richard Levitte

The branch master has been updated
   via  39045b9f57b5ff168bb646f44119bf4dc55ba37c (commit)
  from  2c0a67c87382d0e10d4ee02921e4d59358906039 (commit)


- Log -
commit 39045b9f57b5ff168bb646f44119bf4dc55ba37c
Author: Beat Bolli 
Date:   Sat Sep 29 00:20:38 2018 +0200

inc/screen.css: style  and  like  and 

pod2html emits the deprecated visual tags instead of the semantic ones,
so we have to style the visual tags as well.

Fixes #74

Reviewed-by: Tim Hudson 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/85)

---

Summary of changes:
 inc/screen.css | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/screen.css b/inc/screen.css
index 9a5b157..e3d672c 100644
--- a/inc/screen.css
+++ b/inc/screen.css
@@ -239,11 +239,11 @@ ul ul, ul ol, ol ul, ol ol {
   margin-bottom: 0em;
 }
 
-strong {
+strong, b {
   font-weight: bold;
 }
 
-em {
+em, i {
   font-style: italic;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-24

Thread
Mark J . Cox

The branch master has been updated
   via  2c0a67c87382d0e10d4ee02921e4d59358906039 (commit)
   via  14964aea93f2691734f6f40a3207e810349b9c2c (commit)
   via  e5d4e54cc90c3c5756e03b32b5490a2cbf26b42a (commit)
  from  d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22 (commit)


- Log -
commit 2c0a67c87382d0e10d4ee02921e4d59358906039
Merge: d7b78dd 14964ae
Author: Mark J. Cox 
Date:   Mon Sep 24 10:42:11 2018 +0100

Merge pull request #84 from iamamoose/vulns111

Missing the 1.1.1 vulns page which will be needed when any issues get fixed

commit 14964aea93f2691734f6f40a3207e810349b9c2c
Author: Mark J. Cox 
Date:   Mon Sep 24 10:36:15 2018 +0100

Add page for 1.1.1 vulnerabilities, this will get automatically updated when
there are any (the breadcrumbs will get updated automatically at that time)

commit e5d4e54cc90c3c5756e03b32b5490a2cbf26b42a
Author: Mark J. Cox 
Date:   Mon Sep 24 10:35:14 2018 +0100

Don't imply there are no vulnerabilities at all, just that we've not 
released fixes for any yet

---

Summary of changes:
 bin/mk-cvepage  | 2 +-
 news/{vulnerabilities-1.0.2.html => vulnerabilities-1.1.1.html} | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 copy news/{vulnerabilities-1.0.2.html => vulnerabilities-1.1.1.html} (92%)

diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 8dbb864..10654b6 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -147,7 +147,7 @@ preface += ""
 if allissues != "":
 preface += allissues + ""
 else:
-preface += "No vulnerabilities"
+preface += "No vulnerabilities fixed"
 
 sys.stdout.write(preface.encode('utf-8'))
 
diff --git a/news/vulnerabilities-1.0.2.html b/news/vulnerabilities-1.1.1.html
similarity index 92%
copy from news/vulnerabilities-1.0.2.html
copy to news/vulnerabilities-1.1.1.html
index 0f1ac3b..db54fa1 100644
--- a/news/vulnerabilities-1.0.2.html
+++ b/news/vulnerabilities-1.1.1.html
@@ -15,7 +15,7 @@
   If you think you have found a security bug in OpenSSL,
   please report it to us.

-
+

  
  
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-22

Thread
Richard Levitte

The branch master has been updated
   via  d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22 (commit)
  from  256ea23dae5b675ded6823625d6a966a353c2f5d (commit)


- Log -
commit d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22
Author: Dr. Matthias St. Pierre 
Date:   Sat Sep 22 16:42:58 2018 +0200

Remove pre-release from 1.1.1

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/83)

---

Summary of changes:
 docs/manpages.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/manpages.html b/docs/manpages.html
index 91623d9..d75fec0 100644
--- a/docs/manpages.html
+++ b/docs/manpages.html
@@ -14,7 +14,7 @@

 
   master
-  1.1.1 (pre-release)
+  1.1.1
   1.1.0
   1.0.2
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-22

Thread
Richard Levitte

The branch master has been updated
   via  256ea23dae5b675ded6823625d6a966a353c2f5d (commit)
  from  2b448f5a972d0f89e4b141d0568984dc1d37d489 (commit)


- Log -
commit 256ea23dae5b675ded6823625d6a966a353c2f5d
Author: Richard Levitte 
Date:   Wed Sep 19 02:20:27 2018 +0200

inc/screen.css: no pre-wrap

There's no reason why the contents of  element should be wrapped on
line breaks.  Set white-space to 'normal' instead.

This property is useful in case we happen to inherit some other
setting of that property and want to get back to a normal setting.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/79)

---

Summary of changes:
 inc/screen.css | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/inc/screen.css b/inc/screen.css
index c526275..9a5b157 100644
--- a/inc/screen.css
+++ b/inc/screen.css
@@ -362,10 +362,7 @@ article blockquote cite:before {
 
 /* @extend this to force long lines of continuous text to wrap */
 .force-wrap, article a, aside.sidebar a {
-  white-space: -moz-pre-wrap;
-  white-space: -pre-wrap;
-  white-space: -o-pre-wrap;
-  white-space: pre-wrap;
+  white-space: normal;
   word-wrap: break-word;
 }
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-19

Thread
Richard Levitte

The branch master has been updated
   via  2b448f5a972d0f89e4b141d0568984dc1d37d489 (commit)
  from  8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 (commit)


- Log -
commit 2b448f5a972d0f89e4b141d0568984dc1d37d489
Author: Richard Levitte 
Date:   Wed Sep 19 02:47:10 2018 +0200

Fix openssl.com htaccess

Redirect works with prefixes.  If only / should be redirected and not
any sub-path, use RedirectMatch

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/81)

---

Summary of changes:
 .htaccess.openssl.com | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.htaccess.openssl.com b/.htaccess.openssl.com
index 90b3e57..2af9a82 100644
--- a/.htaccess.openssl.com
+++ b/.htaccess.openssl.com
@@ -1,4 +1,5 @@
 # -*- Apache -*-
-Redirect permanent / https://www.openssl.org/community/contacts.html
 Redirect permanent /verifycd.html 
https://www.openssl.org/docs/fips/verifycd.html
+
+RedirectMatch permanent "^/$" https://www.openssl.org/community/contacts.html
 RedirectMatch permanent "^(.*)$" "https://www.openssl.org$1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-18

Thread
Richard Levitte

The branch master has been updated
   via  8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871 (commit)
  from  53cc720aa09a60463d62d184ab6e23baccef5e71 (commit)


- Log -
commit 8a1b9339b244cf9bf76bb1bed0eb6e6cd45b3871
Author: Richard Levitte 
Date:   Wed Sep 19 02:25:26 2018 +0200

Add a openssl.com specific .htaccess

This allows us to redirect whatever openssl.com URLs we want freely.
The setup in the openssl.com site configuration will include this line:

AccessFileName .htaccess.openssl.com .htaccess

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/80)

---

Summary of changes:
 .htaccess.openssl.com | 4 
 1 file changed, 4 insertions(+)
 create mode 100644 .htaccess.openssl.com

diff --git a/.htaccess.openssl.com b/.htaccess.openssl.com
new file mode 100644
index 000..90b3e57
--- /dev/null
+++ b/.htaccess.openssl.com
@@ -0,0 +1,4 @@
+# -*- Apache -*-
+Redirect permanent / https://www.openssl.org/community/contacts.html
+Redirect permanent /verifycd.html 
https://www.openssl.org/docs/fips/verifycd.html
+RedirectMatch permanent "^(.*)$" "https://www.openssl.org$1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-18

Thread
Mark J . Cox

The branch master has been updated
   via  53cc720aa09a60463d62d184ab6e23baccef5e71 (commit)
   via  7c369dac41a2f5a25d3533932686c860958b2643 (commit)
   via  fb942af17ae8fff1e18939d57676678931e9b7e4 (commit)
   via  a1a3195d8d9abdbc5238618b23f73cb774262d09 (commit)
   via  91ca9441703a779d4c065dc181653410914ee6f2 (commit)
  from  50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit)


- Log -
commit 53cc720aa09a60463d62d184ab6e23baccef5e71
Merge: 50ac168 7c369da
Author: Mark J. Cox 
Date:   Tue Sep 18 14:07:12 2018 +0100

Merge pull request #77 from iamamoose/oss

Merge information from openssl.com and about OSS into main site

commit 7c369dac41a2f5a25d3533932686c860958b2643
Author: Mark J. Cox 
Date:   Tue Sep 18 13:09:05 2018 +0100

Update to the latest OSS bylaws

commit fb942af17ae8fff1e18939d57676678931e9b7e4
Author: Mark J. Cox 
Date:   Tue Sep 18 11:04:31 2018 +0100

Add verify CD image

commit a1a3195d8d9abdbc5238618b23f73cb774262d09
Author: Mark J. Cox 
Date:   Tue Sep 18 11:03:45 2018 +0100

Add the page from http://openssl.com/verifycd.html but update to
show we do not accept US cheques/checks at this time.

commit 91ca9441703a779d4c065dc181653410914ee6f2
Author: Mark J. Cox 
Date:   Tue Sep 18 10:49:41 2018 +0100

Add OSS bylaws and details of OSS to the contact page rather than using 
openssl.com
which we should deprecate.  Bring wording for FIPS in line with what we 
used on
openssl.com

---

Summary of changes:
 community/contacts.html |  19 
 docs/fips/verifycd.html |  81 
 docs/fips/verifycd.jpg  | Bin 0 -> 20887 bytes
 policies/oss-bylaws.pdf | Bin 0 -> 38884 bytes
 4 files changed, 94 insertions(+), 6 deletions(-)
 create mode 100644 docs/fips/verifycd.html
 create mode 100644 docs/fips/verifycd.jpg
 create mode 100644 policies/oss-bylaws.pdf

diff --git a/community/contacts.html b/community/contacts.html
index 5c6f6a6..8c0820e 100644
--- a/community/contacts.html
+++ b/community/contacts.html
@@ -17,10 +17,21 @@
  (US) non-profit corporation with its own bylaws.
 
+ OpenSSL Software Services
+   (OSS) also represents the OpenSSL project, for
+Support Contracts, and 
+as the
+   Vendor of Record for NIST Cryptographic Module
+https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747
+(This is an open-source validation of FIPS-140 based on OpenSSL).  
+It is a Delaware (US) corporation with its own bylaws.
+
  
-  The best way to contact OSF is by sending an email to
+  The best way to contact OSF or OSS is by sending an email to
   mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org.
-  For postal or telephone contact, use the following:
+  For postal contact, use the following:
 
  
40 E Main St, Suite 744
@@ -29,10 +40,6 @@
  
  
 
- https://www.openssl.com;>OpenSSL Software Services
- (OSS) also represents the OpenSSL project, most notably as the
- Vendor of Record for the FIPS validation.
-


  You are here: Home
diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html
new file mode 100644
index 000..a30a9c1
--- /dev/null
+++ b/docs/fips/verifycd.html
@@ -0,0 +1,81 @@
+
+
+
+
+  
+  
+
+  
+   
+  FIPS 140-2 verification of the OpenSSL FIPS Object 
Module source distribution file
+ 
+
+
+
+The latest of the OpenSSL FIPS Object Module ("FIPS module")
+FIPS 140-2 validations saw the introduction of a new requirement
+by the CMVP:
+
+  The distribution tar file, shall be verified using an
+independently acquired FIPS 140-2 validated cryptographic
+module...
+
+Some prospective users of the OpenSSL FIPS Object Module 2.0 already
+have ready access to an existing securely-installed software product
+using FIPS 140-2 validated cryptography that is capable of calculating
+the HMAC-SHA-1 digest of a file on disk, in which case satisfying this
+requirement is easy (simply calculate the HMAC-SHA-1 digest of the
+source distribution file using the key "etaonrishdlcupfm"
+and confirm it is that same as documented in the http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm;>Security
 Policy
+document (e.g., "2cdd29913c6523df8ad38da11c342b80ed3f1dae" for
+openssl-fips-2.0.tar.gz).
+
+
+For most prospective users the identification, acquisition,
+installation, and configuration of a suitable product may be a challenge.
+(See Section 6.6 of our FIPS
+User
+  Guide)
+The requirement for this verification with an 



[openssl-commits] [web]  master update


2018-09-18

Thread
Mark J . Cox

The branch master has been updated
   via  50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit)
   via  6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee (commit)
  from  a9e5da9e4698a64397f1f564337f13207518f3ee (commit)


- Log -
commit 50ac168c298eedf5aced96da0b6eff5aee57b9fd
Merge: a9e5da9 6bde6d6
Author: Mark J. Cox 
Date:   Tue Sep 18 13:24:11 2018 +0100

Merge pull request #78 from iamamoose/osf

Update to latest OSF bylaws

commit 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee
Author: Mark J. Cox 
Date:   Tue Sep 18 13:11:56 2018 +0100

Update to latest OSF bylaws

---

Summary of changes:
 policies/osf-bylaws.pdf | Bin 44509 -> 45594 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/policies/osf-bylaws.pdf b/policies/osf-bylaws.pdf
index ed4810c..b0a3994 100644
Binary files a/policies/osf-bylaws.pdf and b/policies/osf-bylaws.pdf differ
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-09-11

Thread
Matt Caswell

The branch master has been updated
   via  a9e5da9e4698a64397f1f564337f13207518f3ee (commit)
  from  b0d67bb874e71cd8708f374a0111b95fe76ffc87 (commit)


- Log -
commit a9e5da9e4698a64397f1f564337f13207518f3ee
Author: Matt Caswell 
Date:   Tue Sep 11 14:16:04 2018 +0100

Updates for the 1.1.1 release

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/76)

---

Summary of changes:
 news/newsflash.txt |  1 +
 source/index.html  | 28 
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index f1001bd..1a0f0fb 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please 
download and upgrade!
 21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please 
download and test it
 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes
 14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes
diff --git a/source/index.html b/source/index.html
index 6c6c066..a4a98ce 100644
--- a/source/index.html
+++ b/source/index.html
@@ -30,11 +30,20 @@
A list of mirror sites can be found here.

 
-   Note: The latest stable version is the 1.1.0 series.
-The 1.0.2 series is our Long Term
-   Support (LTS) release, supported until 31st December 2019.
-The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and
-   should not be used.
+   Note: The latest stable version is the 1.1.1 series. 
This is
+also our Long Term Support (LTS) version, supported until 11th 
September
+2023. Our previous LTS version (1.0.2 series) will continue to be
+supported until 31st December 2019 (security fixes only during the last
+year of support). The 1.1.0 series is currently only receiving security
+fixes and will go out of support on 11th September 2019. All users of
+1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as possible.
+The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should
+not be used.
+
+The OpenSSL FIPS Object Module 2.0 (FOM) is also available for
+download. It is no longer receiving updates. It must be used in
+conjunction with a FIPS capable version of OpenSSL (1.0.2 series). A
+new FIPS module is currently in development.
 

  
@@ -47,9 +56,12 @@

 
When building a release for the first time, please make sure
-   to look at the README and INSTALL files in the distribution.
-   If you have problems, look at the FAQ, which can be
-   found online.
+   to look at the INSTALL file in the distribution along with any NOTES
+file applicable to your platform. If you have problems, look at the 
FAQ,
+which can be found online. If you
+still need more help, then join the
+openssl-users email list and
+post a question there.
 
PGP keys for the signatures are available from the
https://www.openssl.org/community/omc.html;>OMC page.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-30

Thread
Mark J . Cox

The branch master has been updated
   via  b0d67bb874e71cd8708f374a0111b95fe76ffc87 (commit)
   via  963878785a6afbb5bbc714cc38a0cea7358e19cc (commit)
  from  6c27271343534942a6fee6fa97302072bde93e67 (commit)


- Log -
commit b0d67bb874e71cd8708f374a0111b95fe76ffc87
Merge: 6c27271 9638787
Author: Mark J. Cox 
Date:   Thu Aug 30 14:34:35 2018 +0100

Merge pull request #75 from iamamoose/mirrors

remove broken mirrors

commit 963878785a6afbb5bbc714cc38a0cea7358e19cc
Author: Mark J. Cox 
Date:   Thu Aug 30 14:21:26 2018 +0100

remove broken mirrors

---

Summary of changes:
 source/mirror.html | 4 
 1 file changed, 4 deletions(-)

diff --git a/source/mirror.html b/source/mirror.html
index 0e2419b..96c7386 100644
--- a/source/mirror.html
+++ b/source/mirror.html
@@ -16,10 +16,6 @@

  LocaleURL
 
- ATftp://gd.tuwien.ac.at/infosys/security/openssl/;>ftp://gd.tuwien.ac.at/infosys/security/openssl/
- CAhttp://openssl.skazkaforyou.com/;>http://openssl.skazkaforyou.com/
  CZftp://ftp.fi.muni.cz/pub/openssl/;>ftp://ftp.fi.muni.cz/pub/openssl/
  DEhttps://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-22

Thread
Richard Levitte

The branch master has been updated
   via  6c27271343534942a6fee6fa97302072bde93e67 (commit)
  from  60246d07484ce72139483e7bbcc52c7b45a3b408 (commit)


- Log -
commit 6c27271343534942a6fee6fa97302072bde93e67
Author: Richard Levitte 
Date:   Wed Aug 22 13:01:20 2018 +0200

Update the end copyright year

Reviewed-by: Matt Caswell 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/72)

---

Summary of changes:
 inc/footer.shtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/footer.shtml b/inc/footer.shtml
index 89f8e84..65be9f1 100644
--- a/inc/footer.shtml
+++ b/inc/footer.shtml
@@ -4,7 +4,7 @@
 Please report problems with this website to webmaster at openssl.org.
   
   
-Copyright  1999-2017, OpenSSL Software Foundation.
+Copyright  1999-2018, OpenSSL Software Foundation.
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-22

Thread
Matt Caswell

The branch master has been updated
   via  60246d07484ce72139483e7bbcc52c7b45a3b408 (commit)
  from  46b7dc43cbd00b4d6cf275afb544a770a991a2ec (commit)


- Log -
commit 60246d07484ce72139483e7bbcc52c7b45a3b408
Author: Matt Caswell 
Date:   Tue Aug 21 15:30:13 2018 +0100

Update the support contracts page

In accordance with an OMC vote

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/71)

---

Summary of changes:
 support/contracts.html | 93 +++---
 1 file changed, 20 insertions(+), 73 deletions(-)

diff --git a/support/contracts.html b/support/contracts.html
index 0651184..7f35804 100644
--- a/support/contracts.html
+++ b/support/contracts.html
@@ -15,7 +15,9 @@
OpenSSL Software Services
offers three different types of support contract.  If you
have specific requirements not addressed by any of these plans,
-   or for more information, discuss custom arrangements.
+   or for more information, please contact us at
+   mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org to
+   discuss custom arrangements.
 
Please see the list of definitions
at the bottom of the page for the definitions used below.
@@ -25,11 +27,11 @@
  Enterprise Level Support
  Designed for the large enterprise utilising OpenSSL
  extensively in product lines or critical infrastructure.
- Vendor Support
+ Vendor Support
  Designed for organisations requiring support of product
  lines using OpenSSL or for customised in-house versions of
  OpenSSL.
- Basic Support
+ Basic Support
  Basic technical support for application development shops or
  end users.

@@ -38,102 +40,47 @@
Premium Level Support
US$50,000 annually

- All technical support requests handled directly by a 
Designated Responder
- 24x7x365 availability
- Four Support Administrators
- Unlimited Service Requests
- Custom patch preparation and creation
- OpenSSL FIPS Object Module support included
- FIPS validation support
+ A custom support contract designed to meet the needs of a 
specific Enterprise customer
+ Exact costs will depend on the terms of the agreed support 
contract

-   The premium support plan is designed for the large enterprise
+   The premium support plan is intended for the large enterprise
using OpenSSL as an essential component of multiple products or
product lines or in support of in-house or commercially provided
-   services. Many prospective Premium Level customers have already
-   hired individual OpenSSL team members for specific tasks. The
-   typical large enterprise customer has a capable in-house technical
-   staff but still finds it cost-effective to engage the world class
-   talent of OpenSSL authors and maintainers.  Customisation of
-   OpenSSL by prospective Schedule A customers is common, as are
-   "private label" FIPS 140-2 validations.
-   Note we don't expect to sell very many of the premium support
-   plans, but those few customers will receive careful attention for
-   both immediate problems and long range strategic interests.
+   services. The typical large enterprise customer has a capable 
in-house
+   technical staff but still finds it cost-effective to engage OpenSSL
+   authors and maintainers directly.
 
Vendor Level Support
-   US$20,000 annually
+   US$25,000 annually

- Institutional Response with escalation to Designated 
Responder as appropriate.
- 12x5 availability
- Two Support Administrators
+ Email response
  Limit of four Service Requests per month
- Custom patch preparation
- OpenSSL FIPS Object Module support included
- FIPS validation support excluded
+ Patch preparation
+ Two Support Administrators

This plan is designed for the medium enterprise using OpenSSL
for a single product or product line. The prospective Vendor Level
Support customer has a proficient technical staff but no specific
-   expertise in cryptography or OpenSSL. Technical support is
-   provided for use of the unmodified OpenSSL FIPS Object Module, but
-   not for validations of derivative software.
+   expertise in cryptography or 



[openssl-commits] [web]  master update


2018-08-21

Thread
Matt Caswell

The branch master has been updated
   via  46b7dc43cbd00b4d6cf275afb544a770a991a2ec (commit)
  from  b966818f2cf7a74e2535e6717f53a603f684fc89 (commit)


- Log -
commit 46b7dc43cbd00b4d6cf275afb544a770a991a2ec
Author: Matt Caswell 
Date:   Tue Aug 21 13:23:58 2018 +0100

Updates to newsflash for the pre9 release

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/70)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 6913436..f1001bd 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+21-Aug-2018: Beta 7 of OpenSSL 1.1.1 (pre release 9) is now available: please 
download and test it
 14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes
 14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes
 20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please 
download and test it
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-17

Thread
Mark J . Cox

The branch master has been updated
   via  b966818f2cf7a74e2535e6717f53a603f684fc89 (commit)
   via  75e2b7a51f0c104ebfbfecdc49d24e3f5b017581 (commit)
  from  69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd (commit)


- Log -
commit b966818f2cf7a74e2535e6717f53a603f684fc89
Merge: 75e2b7a 69f29ba
Author: Mark J. Cox 
Date:   Fri Aug 17 10:21:51 2018 +0100

Merge branch 'master' of git.openssl.org:openssl-web

commit 75e2b7a51f0c104ebfbfecdc49d24e3f5b017581
Author: Mark J. Cox 
Date:   Fri Aug 17 10:21:21 2018 +0100

Rearrange to alphabetical order which makes more sense (ack'd by Tim)

---

Summary of changes:
 support/acks.html | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/support/acks.html b/support/acks.html
index 4094177..eea4919 100644
--- a/support/acks.html
+++ b/support/acks.html
@@ -15,7 +15,7 @@
 
  We would like to identify and thank the following such sponsors
  for their significant support of the OpenSSL project. Sponsors are
- listed chronologically within categories.  Please note that we ask
+ listed alphabetically within categories.  Please note that we ask
  permission to identify sponsors and that some sponsors we consider
  eligible for inclusion here have requested to remain anonymous.
 
@@ -53,15 +53,15 @@
  Platinum support:
 
   
- https://www.netapp.com/;>  
  https://www.bluecedar.com/;>  
- https://www.vmware.com/;>https://www.huawei.com/;>
+ https://www.netapp.com/;>  
  https://www.oracle.com/;>
- https://www.huawei.com/;>https://www.vmware.com/;>
   
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-14

Thread
Matt Caswell

The branch master has been updated
   via  69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd (commit)
  from  22fe269070986cdb68933423044f4d126a154d0c (commit)


- Log -
commit 69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd
Author: Matt Caswell 
Date:   Tue Aug 14 13:43:06 2018 +0100

Updates for the new releases

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/68)

---

Summary of changes:
 news/newsflash.txt   |  2 ++
 news/vulnerabilities.xml | 10 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index dabc4fa..6913436 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+14-Aug-2018: OpenSSL 1.1.0i is now available, including bug and security fixes
+14-Aug-2018: OpenSSL 1.0.2p is now available, including bug and security fixes
 20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please 
download and test it
 12-Jun-2018: Security Advisory: one 
low severity fix
 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please 
download and test it
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 97f818b..6ef9c56 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,7 @@
 
 
-
+
   
 
 
@@ -36,10 +36,10 @@
 
 
 
-
+
   
 
-
+
   
 
 Client side Denial of Service
@@ -82,10 +82,10 @@
 
 
 
-
+
   
 
-
+
   
 
 Constant time issue
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-14

Thread
Rich Salz

The branch master has been updated
   via  22fe269070986cdb68933423044f4d126a154d0c (commit)
  from  23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 (commit)


- Log -
commit 22fe269070986cdb68933423044f4d126a154d0c
Author: Rich Salz 
Date:   Tue Aug 14 07:59:18 2018 -0400

Add FIPS FAQ, update FIPS status.

---

Summary of changes:
 docs/faq-5-misc.txt |  7 +++
 docs/fips.html  | 21 ++---
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt
index f2810e5..006b323 100644
--- a/docs/faq-5-misc.txt
+++ b/docs/faq-5-misc.txt
@@ -33,6 +33,13 @@ that came with the version of OpenSSL you are using. The pod 
format
 documentation is included in each OpenSSL distribution under the docs
 directory.
 
+* I need a FIPS validated offering
+
+Please see
+@@@https://www.openssl.org/docs/fips.html@@@; the OpenSSL project is no longer
+involved in private label validations nor adding platforms to the existing
+certificates.
+
 * How can I contact the OpenSSL developers?
 
 The README file describes how to submit bug reports and patches to
diff --git a/docs/fips.html b/docs/fips.html
index 5c9b3ec..7bbce9c 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -10,7 +10,7 @@
  FIPS-140
  
 
-   The most recent open source based validation of a cryptographic
+   The current validation of a cryptographic
module (Module) compatible with the OpenSSL 1.0.2
is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747.
@@ -28,6 +28,19 @@

 
 
+Neither validation will work with any release other than 1.0.2.
+The OpenSSL project is no longer maintaining either the 1747
+or the 2398 module. This includes adding platforms to those
+validations.
+We are starting work on a new validation, after the 1.1.1
+release completes.
+That module will have a small set of validated operational
+environments.
+The OpenSSL project is no longer involved in private label
+validations nor adding platforms to the existing certificates.
+
+
+
Here is the complete set of files. Note that if you are interested
 in the "1747" validation, you only need the three files mentioned
 above.
@@ -68,12 +81,6 @@
  source based validated module directly.  You must obtain your
  own validation.
 
-  None of the validations will work with OpenSSL 1.1.0 or
-  later.
-
-  We are starting work on a new validation based on the
-  upcoming 1.1.1 release.
-

 
  
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-14

Thread
Mark J . Cox

The branch master has been updated
   via  23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 (commit)
  from  556c539ce00cf8242a2d63018638942a21ef2319 (commit)


- Log -
commit 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1
Author: Mark J. Cox 
Date:   Tue Aug 14 12:21:00 2018 +0100

Another try at table spacing for donations page

---

Summary of changes:
 support/donations.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/support/donations.html b/support/donations.html
index aa5c8c6..1e6d56e 100644
--- a/support/donations.html
+++ b/support/donations.html
@@ -30,7 +30,7 @@
 We provide Acknowledgements for sponsors
 depending on the level of funding:
 
-   
+   
  LevelAcknowledgement
 
  Exceptional$75,000+/yr
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-14

Thread
Mark J . Cox

The branch master has been updated
   via  556c539ce00cf8242a2d63018638942a21ef2319 (commit)
  from  a696660505f56a54173bb0cf400fd22f0458bc77 (commit)


- Log -
commit 556c539ce00cf8242a2d63018638942a21ef2319
Author: Mark J. Cox 
Date:   Tue Aug 14 12:19:26 2018 +0100

Make the table look a tiny bit better

---

Summary of changes:
 support/donations.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/support/donations.html b/support/donations.html
index 9acfb51..aa5c8c6 100644
--- a/support/donations.html
+++ b/support/donations.html
@@ -30,7 +30,7 @@
 We provide Acknowledgements for sponsors
 depending on the level of funding:
 
-   
+   
  LevelAcknowledgement
 
  Exceptional$75,000+/yr
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-14

Thread
Mark J . Cox

The branch master has been updated
   via  a696660505f56a54173bb0cf400fd22f0458bc77 (commit)
  from  eb318b531e5f84572847a0cd6e3620396b43dc99 (commit)


- Log -
commit a696660505f56a54173bb0cf400fd22f0458bc77
Author: Mark J. Cox 
Date:   Tue Aug 14 12:15:30 2018 +0100

Update sponsros and acks page to match reality

---

Summary of changes:
 support/acks.html  | 69 +-
 support/donations.html | 39 ++--
 2 files changed, 71 insertions(+), 37 deletions(-)

diff --git a/support/acks.html b/support/acks.html
index 5c60a0c..4094177 100644
--- a/support/acks.html
+++ b/support/acks.html
@@ -11,37 +11,70 @@

  The OpenSSL project depends on volunteer efforts and financial
  support from the end user community.  That support comes
- in the form of donations, contracts, and volunteer contributions.
- Since all of these activities support the continued development
- and improvement of OpenSSL, we consider all of them to be
- sponsors of the OpenSSL project.
+  in many forms.
 
  We would like to identify and thank the following such sponsors
- for their past or current significant support of the OpenSSL
- project. Except as noted sponsors are listed within categories in
- order of overall contribution value. Please note that we ask
+ for their significant support of the OpenSSL project. Sponsors are
+ listed chronologically within categories.  Please note that we ask
  permission to identify sponsors and that some sponsors we consider
  eligible for inclusion here have requested to remain anonymous.
 
+  Current Sponsors:
+
+  
+.sponsorlogo {
+height: 100px !important;
+width: 210px !important;
+object-fit: contain !important;
+object-position: 50% 50% !important;
+padding-left: 15px !important;
+padding-top: 10px !important;
+padding-bottom: 10px !important;
+padding-right: 15px !important;
+}
+.sponsorsection {
+background-color: #ff !important;
+text-align: center !important;
+}
+  
+  
  
  Exceptional support:
 
- http://www.smartisan.com/;>
+  
+ https://www.akamai.com/;>
+ https://www.smartisan.com/;>
+  
 
+
  
- Platinum sponsors (listed chronologically).  The
- sustainable funding provided by these sponsorships allows long term
- planning:
- http://www.huawei.com/;>
- https://www.oracle.com/;>
+ Platinum support:
 
- 
- Major support:
- https://www.akamai.com/;>
+  
+ https://www.netapp.com/;>  
+ https://www.bluecedar.com/;>  
+ https://www.vmware.com/;>
+ https://www.oracle.com/;>
+ https://www.huawei.com/;>
+  
+
+
+
+  
+  
+
 
  
  
diff --git a/support/donations.html b/support/donations.html
index 7c320e9..9acfb51 100644
--- a/support/donations.html
+++ b/support/donations.html
@@ -7,11 +7,19 @@
 
   

- Donations
+ Sponsorship and Donations
  
-   Your donation to the OpenSSL team will support the ongoing
-   development activities of the team members.
+The OpenSSL project relies on funding to maintain and improve
+OpenSSL.
 
+You can support the OpenSSL project financially with the
+purchase of a support contract, by a
+sponsorship donation, or by hiring OSF for consulting services or
+custom software development.
+
+We do not have a PayPal account. Please do not donate to any
+PayPal account claiming to be associated with us!
+
Please note that the
OpenSSL Software Foundation
(OSF) is incorporated in the the state of Delaware, United States,
@@ -19,20 +27,18 @@
charitable organisation under Section 501(c)(3) of the U.S.
 Internal Revenue Code.
 
-   In addition to direct financial contributions in the form of
-   donations or sponsorship you may also support the OpenSSL project
-   financially with the purchase of a
-support contract, or by hiring OSF
-   for consulting services or custom software development.  We
-   consider all sources of funding to be sponsors, because we use all
-   such funding, whether donations or pay for services rendered, for
-   the same purpose -- to improve and 



[openssl-commits] [web]  master update


2018-08-14

Thread
Mark J . Cox

The branch master has been updated
   via  eb318b531e5f84572847a0cd6e3620396b43dc99 (commit)
  from  521b74a4bd4f20cf9955c50199c760876a339edb (commit)


- Log -
commit eb318b531e5f84572847a0cd6e3620396b43dc99
Author: Mark J. Cox 
Date:   Tue Aug 14 12:10:26 2018 +0100

Update donations and acknowledgements page to match reality and
add in new sponsors

---

Summary of changes:
 img/bluecedar-logo-med.png | Bin 0 -> 2993 bytes
 img/netapp-logo-med.jpg| Bin 0 -> 61513 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 img/bluecedar-logo-med.png
 create mode 100644 img/netapp-logo-med.jpg

diff --git a/img/bluecedar-logo-med.png b/img/bluecedar-logo-med.png
new file mode 100644
index 000..baa8655
Binary files /dev/null and b/img/bluecedar-logo-med.png differ
diff --git a/img/netapp-logo-med.jpg b/img/netapp-logo-med.jpg
new file mode 100644
index 000..723e053
Binary files /dev/null and b/img/netapp-logo-med.jpg differ
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-08-13

Thread
Rich Salz

The branch master has been updated
   via  521b74a4bd4f20cf9955c50199c760876a339edb (commit)
  from  45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit)


- Log -
commit 521b74a4bd4f20cf9955c50199c760876a339edb
Author: Rich Salz 
Date:   Mon Aug 13 22:41:34 2018 -0400

Fix date for when travel policy was approved

---

Summary of changes:
 policies/travel.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policies/travel.html b/policies/travel.html
index 5d0f1db..7eda596 100644
--- a/policies/travel.html
+++ b/policies/travel.html
@@ -12,7 +12,7 @@

  Travel Reimbursement Policy
  
-   First issued 28th February 2014
+   First issued 28th February 2018
  

 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-07-26

Thread
Rich Salz

The branch master has been updated
   via  45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit)
  from  3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit)


- Log -
commit 45331ed59e3bd3c16808ceed54e35a98a3fea79b
Author: Rich Salz 
Date:   Thu Jul 26 15:00:58 2018 -0400

Add GeneralName question

Reviewed-by: Viktor Dukhovni 
(Merged from https://github.com/openssl/openssl/pull/64)

---

Summary of changes:
 docs/faq-3-prog.txt | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/docs/faq-3-prog.txt b/docs/faq-3-prog.txt
index a471f5e..bb6790a 100644
--- a/docs/faq-3-prog.txt
+++ b/docs/faq-3-prog.txt
@@ -154,6 +154,25 @@ Rules (DER): these uniquely specify how a given structure 
is encoded.
 Therefore, because DER is a special case of BER, DER is an acceptable encoding
 for BER.
 
+* The encoding for GeneralName is wrong; why is the SEQUENCE tag missing?
+
+In RFC 5280 GeneralName is defined in the module in Appendix A.2, and that
+module specifies the use of IMPLICIT tagging. This means that there is not an
+explicit SEQUENCE (30) tag following the A0 tag (you just know from the ASN.1
+that what follows the A1 tag is a SEQUENCE). This is in contrast to the value
+field within OtherName (test@kerberose-domain.internal), where the tag for
+UTF8String (0C) follows the A0 tag, since EXPLICIT tagging is specified for
+that particular field.
+
+You will notice the same thing if you look at other choices within
+GeneralName. If you look at the DNS names encoded in the subjectAltName
+extension, the 82 tag (corresponding to [2]) is not followed by a tag for
+IA5String (22). It is not needed since the ASN.1 indicates that what follows
+the 82 tag is an IA5String. However, if the module specified EXPLICIT
+encoding, then there would be a 16 tag after the 82 tag.
+
+(Thanks to David Cooper for this text.)
+
 * I tried to set a cipher list with a valid cipher, but the call fails, why?
 
 OpenSSL 1.1.0 introduced the concept of a security level, 
allowing
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-07-03

Thread
Rich Salz

The branch master has been updated
   via  3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit)
  from  108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit)


- Log -
commit 3c0d5cabf30bc2367a5574b3b9bfd5639396533f
Author: Rich Salz 
Date:   Tue Jul 3 11:35:17 2018 -0400

Fix NIST links, remove 2473.

Also remove some "political" content.

Reviewed-by: Tim Hudson 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/63)

---

Summary of changes:
 docs/fips.html | 29 +
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/docs/fips.html b/docs/fips.html
index 8c67a04..5c9b3ec 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -10,15 +10,10 @@
  FIPS-140
  
 
-   For a basic introduction,
-   see below.  Thanks to multiple platform
-   sponsorships, the 2.0 validations include the largest number of
-   formally tested platforms for any validated module.
-
The most recent open source based validation of a cryptographic
-   module (Module) compatible with the OpenSSL 1.0.1 and 1.0.2
-   libraries is v2.0.16, FIPS 140-2 certificate http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747;>#1747.
+   module (Module) compatible with the OpenSSL 1.0.2
+   is v2.0.16, FIPS 140-2 certificate https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747;>#1747.
This Module is documented in the
2.0 User Guide;
the source code,
@@ -26,12 +21,10 @@
 are also available.
 
 
-   For convoluted bureaucratic reasons, the same module is also
-   available under the validations http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398;>#2398
-   (revision 2.0.16) and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473;>#2473
-   (revision 2.0.10).
+   For various bureaucratic reasons, the same module is also
+   available as validation https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2398;>#2398
+   (revision 2.0.16).

 
 
@@ -69,14 +62,18 @@
  instructions) for your platform, then you can use it as
  validated cryptography on a "vendor affirmed" basis.
 
- If even the tiniest source code or build process changes are
- required for your intended application, you cannot use the open
+ If even a single line of the source code or build process
+  has to be changed
+ for your intended application, you cannot use the open
  source based validated module directly.  You must obtain your
  own validation.
 
   None of the validations will work with OpenSSL 1.1.0 or
   later.
 
+  We are starting work on a new validation based on the
+  upcoming 1.1.1 release.
+

 
  
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-06-20

Thread
Matt Caswell

The branch master has been updated
   via  108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit)
  from  59e4ff330c6ff27e71c040f65d2918f4fb5c0692 (commit)


- Log -
commit 108c503eb0e909259ef0f1f68a07e74752c2f9a3
Author: Matt Caswell 
Date:   Wed Jun 20 15:54:49 2018 +0100

Update newsflash for pre 8

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/62)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index ce931be..dabc4fa 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please 
download and test it
 12-Jun-2018: Security Advisory: one 
low severity fix
 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please 
download and test it
 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and 
test it
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-06-14

Thread
Richard Levitte

The branch master has been updated
   via  59e4ff330c6ff27e71c040f65d2918f4fb5c0692 (commit)
   via  6e56f7d522fa01f454e88a2ffd9c1df4527dad16 (commit)
  from  574a269efd409a480d1eef665dddb7362156d70a (commit)


- Log -
commit 59e4ff330c6ff27e71c040f65d2918f4fb5c0692
Author: Richard Levitte 
Date:   Thu Jun 14 10:02:01 2018 +0200

OMC generation: account for titles when sorting names

This moves the process of making names sortable to a separate function.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/61)

commit 6e56f7d522fa01f454e88a2ffd9c1df4527dad16
Author: Richard Levitte 
Date:   Thu Jun 14 10:01:10 2018 +0200

OMC generation: Make sure non-ASCII characters are made into entities

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/61)

---

Summary of changes:
 bin/mk-omc | 27 ++-
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/bin/mk-omc b/bin/mk-omc
index 5832710..e6dee11 100755
--- a/bin/mk-omc
+++ b/bin/mk-omc
@@ -6,6 +6,7 @@ use warnings;
 use Getopt::Long;
 use Pod::Usage;
 use OpenSSL::Query::REST;
+use HTML::Entities;
 
 my %options = ();
 GetOptions(
@@ -55,14 +56,7 @@ print join("\n",
   map { "$_\n" } @columns);
 print "  \n";
 
-foreach my $key (sort { my $sortablename_a =
-   ($a =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|,
-"$2, $1");
-   my $sortablename_b =
-   ($b =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|,
-"$2, $1");
-   $sortablename_a cmp $sortablename_b }
-keys %data) {
+foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) } keys %data) {
 my $pgpurl = $data{$key}->{pgpid} if $options{pgp};
 $pgpurl =~ s|\s+||g if $pgpurl;
 $pgpurl =
@@ -73,7 +67,7 @@ foreach my $key (sort { my $sortablename_a =
 push @columndata,
join('',
 $data{$key}->{active} ? "" : "",
-"$key",
+encode_entities($key),
 $data{$key}->{active} ? "" : " (I)",
 $data{$key}->{emeritus} ? " (OMC Emeritus)" : "")
if $options{name};
@@ -93,3 +87,18 @@ foreach my $key (sort { my $sortablename_a =
 }
 
 print "\n";
+
+sub mk_sortable {
+my $name = shift;
+
+# Peel off any title
+$name =~ s/(Dr|Mr|Mrs|Miss)\.?\s+//;
+
+# Split into first+middle name and last names and flip them over with
+# a comma between.
+# We work with the assumption that the middle name, if included, is
+# given as a single letter followed by a possible period.
+$name = ($name =~ m|^(\S+(?:\s\S\.?)?)\s+(.*)$|, "$2, $1");
+
+return $name;
+}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-06-14

Thread
Richard Levitte

The branch master has been updated
   via  574a269efd409a480d1eef665dddb7362156d70a (commit)
  from  b89fd121a046015bb70865060d6cf7f3268b36f0 (commit)


- Log -
commit 574a269efd409a480d1eef665dddb7362156d70a
Author: Richard Levitte 
Date:   Wed Jun 13 19:19:13 2018 +0200

Generate OMC Members and OMC Alumni

This simplifies our lives when we need to do changes, since we already
have a personell database.

Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/60)

---

Summary of changes:
 Makefile  |  8 +++-
 bin/mk-omc| 95 +++
 community/omc-alumni.html | 67 +
 community/omc.html| 63 +--
 4 files changed, 104 insertions(+), 129 deletions(-)
 create mode 100755 bin/mk-omc

diff --git a/Makefile b/Makefile
index d53b50c..a495e0c 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,7 @@ RELEASEDIR = /var/www/openssl/source
 # All simple generated files.
 SIMPLE = newsflash.inc sitemap.txt \
 community/committers.inc \
+community/omc.inc community/omc-alumni.inc \
 docs/faq.inc docs/fips.inc \
  news/changelog.inc news/changelog.txt \
  news/cl102.txt news/cl110.txt news/cl111.txt \
@@ -78,7 +79,7 @@ manmaster:
$(call newmakemanpages,$(CHECKOUTS)/openssl,master)
 
 ## $(SIMPLE) -- SIMPLE GENERATED FILES
-.PHONY: sitemap community/committers.inc
+.PHONY: sitemap community/committers.inc community/omc.inc 
community/omc-alumni.inc
 newsflash.inc: news/newsflash.inc
@rm -f $@
head -7 $? >$@
@@ -92,6 +93,11 @@ community/committers.inc:
./bin/mk-committers $@
@rm -f Members
 
+community/omc.inc:
+   ./bin/mk-omc -n -e -l -p -t 'OMC Members' omc omc-inactive > $@
+community/omc-alumni.inc:
+   ./bin/mk-omc -n -l -t 'OMC Alumni' omc-alumni omc-emeritus > $@
+
 docs/faq.inc: $(wildcard docs/faq-[0-9]-*.txt) bin/mk-faq
@rm -f $@
./bin/mk-faq docs/faq-[0-9]-*txt >$@
diff --git a/bin/mk-omc b/bin/mk-omc
new file mode 100755
index 000..5832710
--- /dev/null
+++ b/bin/mk-omc
@@ -0,0 +1,95 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use Getopt::Long;
+use Pod::Usage;
+use OpenSSL::Query::REST;
+
+my %options = ();
+GetOptions(
+\%options,
+'name|n',  # Show name
+'email|e', # Show email
+'locale|l',# Show locale
+'pgp|p',   # Show PGP key ID
+'activity|a',  # Show whether person is active
+'title|t=s',   # Title of the resulting table
+'help|?',  # Help
+'man', # Full manual
+   ) or pod2usage(2);
+
+pod2usage(1) unless $options{title};
+pod2usage(1)
+unless ($options{name} || $options{email} || $options{locale}
+   || $options{activity} || $options{pgp});
+pod2usage(1) if $options{help};
+pod2usage(-exitval => 0, -verbose => 2) if $options{man};
+
+my $query = OpenSSL::Query->new();
+
+my %data = (); # Indexed by name, value is a hash table of vals
+foreach my $groupname (@ARGV) {
+my @members = $query->members_of($groupname);
+foreach my $ids (@members) {
+   my $name = (grep m|\s|, @$ids)[0];
+   my $email = (grep m|\@openssl\.org$|, @$ids)[0];
+   my $locale = $query->find_person_tag($email, 'country');
+   my $pgpid = $query->find_person_tag($email, 'pgp');
+   $data{$name} = { email => $email, locale => $locale, pgpid => $pgpid,
+active => !!($groupname !~ m|-inactive$|),
+emeritus => !!($groupname =~ m|-emeritus$|) };
+}
+}
+
+my @columns = ();
+push @columns, 'Name' if $options{name};
+push @columns, 'Email' if $options{email};
+push @columns, 'Locale' if $options{locale};
+push @columns, 'PGP Key ID' if $options{pgp};
+
+print "\n";
+print "  \n";
+print join("\n",
+  map { "$_\n" } @columns);
+print "  \n";
+
+foreach my $key (sort { my $sortablename_a =
+   ($a =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|,
+"$2, $1");
+   my $sortablename_b =
+   ($b =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|,
+"$2, $1");
+   $sortablename_a cmp $sortablename_b }
+keys %data) {
+my $pgpurl = $data{$key}->{pgpid} if $options{pgp};
+$pgpurl =~ s|\s+||g if $pgpurl;
+$pgpurl =
+   
"http://pool.sks-keyservers.net:11371/pks/lookup?op=get=0x$pgpurl;
+   if $pgpurl;
+
+my @columndata = ();
+push @columndata,
+   join('',
+$data{$key}->{active} ? "" : "",
+"$key",
+$data{$key}->{active} ? "" : " 



[openssl-commits] [web]  master update


2018-06-12

Thread
Matt Caswell

The branch master has been updated
   via  b89fd121a046015bb70865060d6cf7f3268b36f0 (commit)
  from  81d4522dd877e11b558579fdb89b447cf95606bb (commit)


- Log -
commit b89fd121a046015bb70865060d6cf7f3268b36f0
Author: Matt Caswell 
Date:   Tue Jun 12 13:10:13 2018 +0100

Fix advisory link

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/web/pull/59)

---

Summary of changes:
 news/vulnerabilities.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 145e1ef..97f818b 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -51,7 +51,7 @@
 generating a key for this prime resulting in a hang until the client 
has
 finished. This could be exploited in a Denial Of Service attack.
 
-
+
 
   
   
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-06-12

Thread
Matt Caswell

The branch master has been updated
   via  81d4522dd877e11b558579fdb89b447cf95606bb (commit)
  from  d04d28a092b7489bfe3831aa69e20ddc87b28bfa (commit)


- Log -
commit 81d4522dd877e11b558579fdb89b447cf95606bb
Author: Matt Caswell 
Date:   Tue Jun 12 10:25:31 2018 +0100

Updates for CVE-2018-0732

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/web/pull/58)

---

Summary of changes:
 news/newsflash.txt   |  1 +
 news/secadv/20180612.txt | 35 +++
 news/vulnerabilities.xml | 48 +++-
 3 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20180612.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index cba57e2..ce931be 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+12-Jun-2018: Security Advisory: one 
low severity fix
 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please 
download and test it
 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and 
test it
 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and 
test it
diff --git a/news/secadv/20180612.txt b/news/secadv/20180612.txt
new file mode 100644
index 000..1864ace
--- /dev/null
+++ b/news/secadv/20180612.txt
@@ -0,0 +1,35 @@
+
+OpenSSL Security Advisory [12 June 2018]
+
+
+Client DoS due to large DH parameter (CVE-2018-0732)
+
+
+Severity: Low
+
+During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+malicious server can send a very large prime value to the client. This will
+cause the client to spend an unreasonably long period of time generating a key
+for this prime resulting in a hang until the client has finished. This could be
+exploited in a Denial Of Service attack.
+
+Due to the low severity of this issue we are not issuing a new release of
+OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i
+and OpenSSL 1.0.2p when they become available. The fix is also available in
+commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2) in the OpenSSL 
git
+repository.
+
+This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who also
+developed the fix.
+
+References
+==
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20180612.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index bb13b7f..145e1ef 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,53 @@
 
 
-
+
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+  
+
+Client side Denial of Service
+Client DoS due to large DH parameter
+
+During key agreement in a TLS handshake using a DH(E) based ciphersuite
+a malicious server can send a very large prime value to the client. 
This
+will cause the client to spend an unreasonably long period of time
+generating a key for this prime resulting in a hang until the client 
has
+finished. This could be exploited in a Denial Of Service attack.
+
+
+
+  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-06-12

Thread
Richard Levitte

The branch master has been updated
   via  d04d28a092b7489bfe3831aa69e20ddc87b28bfa (commit)
  from  8241c47b948d2213e8cead94844fd23207716499 (commit)


- Log -
commit d04d28a092b7489bfe3831aa69e20ddc87b28bfa
Author: Richard Levitte 
Date:   Tue Jun 12 09:19:01 2018 +0200

Emilia Käsper has left us

---

Summary of changes:
 community/omc-alumni.html | 5 +
 community/omc.html| 7 ---
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/community/omc-alumni.html b/community/omc-alumni.html
index 2f1fbd7..0581a62 100644
--- a/community/omc-alumni.html
+++ b/community/omc-alumni.html
@@ -38,6 +38,11 @@

 

+ Emilia Ksper
+ CH
+   
+
+   
  Nils Larsch
  DE

diff --git a/community/omc.html b/community/omc.html
index 6678dc7..dd78706 100644
--- a/community/omc.html
+++ b/community/omc.html
@@ -59,13 +59,6 @@
   
href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get=0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD;>C1F3
 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD
 
 
-   
- Emilia Ksper
- mailto:emi...@openssl.org;>emi...@openssl.org
- CH
- 
-   
-
 
   Richard Levitte
   mailto:levi...@openssl.org;>levi...@openssl.org
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-30

Thread
Rich Salz

The branch master has been updated
   via  8241c47b948d2213e8cead94844fd23207716499 (commit)
  from  62df8cc9ba93dd099b4f5622e331f935643b6790 (commit)


- Log -
commit 8241c47b948d2213e8cead94844fd23207716499
Author: Rich Salz 
Date:   Tue May 29 11:18:24 2018 -0400

Remove rationale paragraph

Reviewed-by: OMC Vote

---

Summary of changes:
 policies/releasestrat.html | 16 +---
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 9d0e3c3..0bb80f5 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -34,20 +34,6 @@
  performance improvements and so on. There is no need to
  recompile applications to benefit from these features.
 
- Binary compatibility also allows other possibilities. For
- example, consider an application that wishes to utilize
- a new cipher provided in a specific 1.0.x release, but it
- is also desirable to maintain the application in a 1.0.0
- context.  Customarily this would be resolved at compile time
- resulting in two binary packages targeting different OpenSSL
- versions. However, depending on the feature, it might be
- possible to check for its availability at run-time, thus cutting
- down on the maintenance of multiple binary packages. Admittedly
- it takes a certain discipline and some extra coding, but we
- would like to encourage such practice. This is because we
- want to see later releases being adopted faster, because new
- features can improve security.
-
  With regards to current and future releases the OpenSSL
  project has adopted the following policy:
 
@@ -64,7 +50,7 @@
  and we will specify one at least every four years. Non-LTS
  releases will be supported for at least two years.
 
- As implied by the above paragraphs, during the final year
+ During the final year
  of support, we do not commit to anything other than security
  fixes. Before that, bug and security fixes will be applied
  as appropriate.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-29

Thread
Matt Caswell

The branch master has been updated
   via  62df8cc9ba93dd099b4f5622e331f935643b6790 (commit)
  from  0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit)


- Log -
commit 62df8cc9ba93dd099b4f5622e331f935643b6790
Author: Matt Caswell 
Date:   Tue May 29 09:21:53 2018 +0100

Update the release strategy

Updates in line with the following votes:

"The next LTS release will be 1.1.1 and the LTS expiry date for 1.0.2 will
not be changed."

and

"1.1.1 beta release schedule changed so that the next two beta releases
are now 29th May, 19 June and we will re-review release readiness after
that. We will also ensure that there is at least one beta release post
TLS-1.3 RFC publication prior to the final release."

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/55)

---

Summary of changes:
 policies/releasestrat.html | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 3f37936..9d0e3c3 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -13,7 +13,7 @@
  Release Strategy
  
First issued 23rd December 2014
-   Last modified 6th February 2018
+   Last modified 29th May 2018
  

 
@@ -69,10 +69,10 @@
  fixes. Before that, bug and security fixes will be applied
  as appropriate.
 
- The next version of OpenSSL will be 1.1.1. This is currently in
- development and has a primary focus of implementing TLSv1.3. The
- RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1
- will not have its final release until that has happened.
+ The next version of OpenSSL will be 1.1.1 which will be an LTS 
release.
+ This is currently in development and has a primary focus of 
implementing
+ TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF.
+ OpenSSL 1.1.1 will not have its final release until that has 
happened.
 
  The draft release timetable for 1.1.1 is as follows. This may be
   amended at any time as the need arises.
@@ -88,9 +88,10 @@
3rd April 2018, beta release 2 (pre4)
17th April 2018, beta release 3 (pre5)
1st May 2018, beta release 4 (pre6)
-   8th May 2018, release readiness check (new release
-   cycles added if required, first possible final release date:
-   15th May 2018)
+   29th May 2018, beta release 5 (pre7)
+   19th June 2018, beta release 6 (pre8)
+   Release readiness check following pre8 release (new release
+   cycles added if required)
  
 
  An alpha release means:
@@ -113,7 +114,7 @@
Clean builds in Travis and Appveyor for two days
run-checker.sh to be showing as clean 2 days before release
No open Coverity issues (not flagged as "False Positive" or 
"Ignore")
-   TLSv1.3 RFC published
+   TLSv1.3 RFC published (with at least one beta release after the 
publicaction)
  
 
  Valid reasons for closing an issue/PR with a 1.1.1 milestone might 
be:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-29

Thread
Matt Caswell

The branch master has been updated
   via  0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit)
  from  c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit)


- Log -
commit 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48
Author: Matt Caswell 
Date:   Tue May 29 13:26:20 2018 +0100

Updates to newsflash for pre7 release

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/56)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 202f95c..cba57e2 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please 
download and test it
 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and 
test it
 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and 
test it
 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL
 1747 Validation not moved to historical
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-23

Thread
Rich Salz

The branch master has been updated
   via  c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit)
  from  ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit)


- Log -
commit c9f50cbf963b7d9949332c17e614ad0a6e97d431
Author: Rich Salz 
Date:   Wed May 23 19:57:47 2018 -0400

Revert "Remove rationale, clarify language."

This reverts commit ac5eb58ddc24db122c494b4cb13de3adff366e48.

---

Summary of changes:
 policies/releasestrat.html | 28 
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 83b85d2..3f37936 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -34,6 +34,20 @@
  performance improvements and so on. There is no need to
  recompile applications to benefit from these features.
 
+ Binary compatibility also allows other possibilities. For
+ example, consider an application that wishes to utilize
+ a new cipher provided in a specific 1.0.x release, but it
+ is also desirable to maintain the application in a 1.0.0
+ context.  Customarily this would be resolved at compile time
+ resulting in two binary packages targeting different OpenSSL
+ versions. However, depending on the feature, it might be
+ possible to check for its availability at run-time, thus cutting
+ down on the maintenance of multiple binary packages. Admittedly
+ it takes a certain discipline and some extra coding, but we
+ would like to encourage such practice. This is because we
+ want to see later releases being adopted faster, because new
+ features can improve security.
+
  With regards to current and future releases the OpenSSL
  project has adopted the following policy:
 
@@ -50,18 +64,15 @@
  and we will specify one at least every four years. Non-LTS
  releases will be supported for at least two years.
 
- During the final year
+ As implied by the above paragraphs, during the final year
  of support, we do not commit to anything other than security
- fixes. Before then, bug and security fixes will be applied
+ fixes. Before that, bug and security fixes will be applied
  as appropriate.
 
  The next version of OpenSSL will be 1.1.1. This is currently in
  development and has a primary focus of implementing TLSv1.3. The
  RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1
- will not have its final release until that has happened;
-  we want to have at least one beta release after TLS 1.3 is
-  officially published as an RFC. The next LTS release will be
-  1.1.1.
+ will not have its final release until that has happened.
 
  The draft release timetable for 1.1.1 is as follows. This may be
   amended at any time as the need arises.
@@ -77,8 +88,9 @@
3rd April 2018, beta release 2 (pre4)
17th April 2018, beta release 3 (pre5)
1st May 2018, beta release 4 (pre6)
-29th May 2018, beta release 5 (pre7)
-19th June 2018, beta release 6 (pre8)
+   8th May 2018, release readiness check (new release
+   cycles added if required, first possible final release date:
+   15th May 2018)
  
 
  An alpha release means:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-23

Thread
Rich Salz

The branch master has been updated
   via  ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit)
  from  2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit)


- Log -
commit ac5eb58ddc24db122c494b4cb13de3adff366e48
Author: Rich Salz 
Date:   Mon May 14 16:29:47 2018 -0400

Remove rationale, clarify language.

Add 1.1.1 release/LTS details.

Remove paragraph justifying binary compatibility.  Also remove
phrase "as implied by the above" beause, well, it ACTUALY ISN'T
implied by the above. :)

Reviewed-by: Matt Caswell 
Reviewed-by: Mark Cox 
(Merged from https://github.com/openssl/web/pull/52)

---

Summary of changes:
 policies/releasestrat.html | 28 
 1 file changed, 8 insertions(+), 20 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 3f37936..83b85d2 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -34,20 +34,6 @@
  performance improvements and so on. There is no need to
  recompile applications to benefit from these features.
 
- Binary compatibility also allows other possibilities. For
- example, consider an application that wishes to utilize
- a new cipher provided in a specific 1.0.x release, but it
- is also desirable to maintain the application in a 1.0.0
- context.  Customarily this would be resolved at compile time
- resulting in two binary packages targeting different OpenSSL
- versions. However, depending on the feature, it might be
- possible to check for its availability at run-time, thus cutting
- down on the maintenance of multiple binary packages. Admittedly
- it takes a certain discipline and some extra coding, but we
- would like to encourage such practice. This is because we
- want to see later releases being adopted faster, because new
- features can improve security.
-
  With regards to current and future releases the OpenSSL
  project has adopted the following policy:
 
@@ -64,15 +50,18 @@
  and we will specify one at least every four years. Non-LTS
  releases will be supported for at least two years.
 
- As implied by the above paragraphs, during the final year
+ During the final year
  of support, we do not commit to anything other than security
- fixes. Before that, bug and security fixes will be applied
+ fixes. Before then, bug and security fixes will be applied
  as appropriate.
 
  The next version of OpenSSL will be 1.1.1. This is currently in
  development and has a primary focus of implementing TLSv1.3. The
  RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1
- will not have its final release until that has happened.
+ will not have its final release until that has happened;
+  we want to have at least one beta release after TLS 1.3 is
+  officially published as an RFC. The next LTS release will be
+  1.1.1.
 
  The draft release timetable for 1.1.1 is as follows. This may be
   amended at any time as the need arises.
@@ -88,9 +77,8 @@
3rd April 2018, beta release 2 (pre4)
17th April 2018, beta release 3 (pre5)
1st May 2018, beta release 4 (pre6)
-   8th May 2018, release readiness check (new release
-   cycles added if required, first possible final release date:
-   15th May 2018)
+29th May 2018, beta release 5 (pre7)
+19th June 2018, beta release 6 (pre8)
  
 
  An alpha release means:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-23

Thread
Matt Caswell

The branch master has been updated
   via  2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit)
  from  e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit)


- Log -
commit 2f148d990cb7ada6bf1516d08d9927cc9efd7b26
Author: Matt Caswell 
Date:   Wed May 23 10:01:41 2018 +0100

Remove the Forthcoming Features section as per OMC vote

Issues have been created for the outstanding features, also as per the
vote.

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/54)

---

Summary of changes:
 policies/roadmap.html | 21 -
 1 file changed, 21 deletions(-)

diff --git a/policies/roadmap.html b/policies/roadmap.html
index 58d9812..e2b9479 100644
--- a/policies/roadmap.html
+++ b/policies/roadmap.html
@@ -86,27 +86,6 @@
Publish the build and test status for each platform
  (Timescale: Next feature release)
  
-
- Forthcoming Features 
- The primary focus of the next feature release (1.1.1) is
- TLS 1.3.
- The primary focus of the immediately following feature 
- release (after 1.1.1) is FIPS.
-
- We are also evaluating the following new features.
-
- 
-   New AEAD API
-   SHA3
-   X25519 performance improvements
-   New IETF signature algorithms
-   PKCS#11
-   PRNG replacement
-   ASN.1 encoder/decoder replacement
-   STORE (certificate, crl, key storage API)
-   Replace CAPI with newer API engine
- 
  
 

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-16

Thread
Mark J . Cox

The branch master has been updated
   via  e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit)
  from  6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit)


- Log -
commit e4458ac28cde9545944b3eb8fe6193ca1c33cd18
Author: Mark J. Cox 
Date:   Wed May 16 21:40:33 2018 +0100

Update policy to remove a guiding principle as per vote at Ottawa f2f

---

Summary of changes:
 policies/secpolicy.html | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index 7af2965..3a298d4 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -12,7 +12,7 @@
  
Security Policy

- Last modified 23rd January 2018
+ Last modified 16th May 2018


  
@@ -120,10 +120,6 @@
 The policy above is guided by our security principles:
 

- We strongly believe that the right to advance patches/info
- should not be based in any way on paid membership to some forum.
- You can not pay us to get security patches in advance.
-
  It's in the best interests of the Internet as a whole to get
  fixes for OpenSSL security issues out quickly. OpenSSL embargoes
  should be measured in days and weeks, not months or years.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-16

Thread
Rich Salz

The branch master has been updated
   via  6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit)
  from  c1af450066654ac208edbb73f954fcf32d6330f7 (commit)


- Log -
commit 6d2d64dcea7f89da419eafb2e860b0f0f164458f
Author: Rich Salz 
Date:   Wed May 16 16:09:43 2018 -0400

Broken link to pgpkey.html

Also fix indent of #include'd file

Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/53)

---

Summary of changes:
 community/index.html | 2 +-
 news/pgpkey.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/community/index.html b/community/index.html
index 82374b6..e204c4b 100644
--- a/community/index.html
+++ b/community/index.html
@@ -50,7 +50,7 @@
 please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org.
 Encryption is not required, but if you want to encrypt the mail, 
you can use our
-team's PGP Key.  Or you can
+team's PGP Key.  Or you can
 send mail to one or more individual OMC Members,
 encrypted or plaintext.
diff --git a/news/pgpkey.html b/news/pgpkey.html
index 492a80d..5c996a5 100644
--- a/news/pgpkey.html
+++ b/news/pgpkey.html
@@ -18,7 +18,7 @@
openssl-security.asc


-   
+

  
  
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-05

Thread
Rich Salz

The branch master has been updated
   via  c1af450066654ac208edbb73f954fcf32d6330f7 (commit)
  from  8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit)


- Log -
commit c1af450066654ac208edbb73f954fcf32d6330f7
Author: Rich Salz 
Date:   Fri Apr 6 12:08:26 2018 -0400

Remove NSA license and mention of it

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/51)

---

Summary of changes:
 source/NSA-PLA.pdf   | Bin 2276088 -> 0 bytes
 source/sidebar.shtml |   3 ---
 2 files changed, 3 deletions(-)
 delete mode 100644 source/NSA-PLA.pdf

diff --git a/source/NSA-PLA.pdf b/source/NSA-PLA.pdf
deleted file mode 100644
index 88514df..000
Binary files a/source/NSA-PLA.pdf and /dev/null differ
diff --git a/source/sidebar.shtml b/source/sidebar.shtml
index 233e092..6862589 100644
--- a/source/sidebar.shtml
+++ b/source/sidebar.shtml
@@ -17,9 +17,6 @@
 OCB License
   
   
-NSA ECC License
-  
-  
 Old Releases
   
   
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-05

Thread
Rich Salz

The branch master has been updated
   via  8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit)
  from  52717d01f543385642f385407e52b1eb35283f21 (commit)


- Log -
commit 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d
Author: Rich Salz 
Date:   Sat May 5 10:10:44 2018 -0400

Tweak wording based on F2F

---

Summary of changes:
 community/getting-started.html | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/community/getting-started.html b/community/getting-started.html
index 0bbc175..c7c9626 100644
--- a/community/getting-started.html
+++ b/community/getting-started.html
@@ -14,11 +14,21 @@
 the information on this page, and the links to the side.
 In particular, you should look at the Mailing Lists page and join
-the openssl-dev or openssl-users list, or both.
+the openssl-project or openssl-users list, or 
both.
 After that, here are some ideas:
 
 
 
+  Review and comment on the pull requests on GitHub.
+  
+  You can find pull requests -- patches that people have
+  suggested -- at
+  https://github.com/openssl/openssl/pulls;>https://github.com/openssl/openssl/pulls
+  Reviewing and commenting on these is helpful and can be a good
+  way to learn your way around the code.
+  
+
   Look through the OpenSSL issues on GitHub.
   
   You can find issues that people have opened at
@@ -31,22 +41,12 @@
   very useful!
   
 
-  Look at the pull requests on GitHub.
-  
-  You can find pull requests -- patches that people have
-  suggested -- at
-  https://github.com/openssl/openssl/pulls;>https://github.com/openssl/openssl/pulls
-  Reviewing and commenting on these is helpful, like with
-  the issues mentioned above.
-  
-
   Help update the documentation.
   
   The documentation has gotten better, but there are still many
   API's that are not documented.  Write a POD page, or report
-  bugs in existing pages.  It's probably better to get a whole
-  bunch of minor edits done one once.
+  bugs in existing pages.  It's probably better to do a whole
+  bunch of minor edits in one submission.
   
 
   Write some test cases.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-05-01

Thread
Matt Caswell

The branch master has been updated
   via  52717d01f543385642f385407e52b1eb35283f21 (commit)
  from  7d8bb2e70f7b294ba633eb550626fe2ae11c9055 (commit)


- Log -
commit 52717d01f543385642f385407e52b1eb35283f21
Author: Matt Caswell 
Date:   Tue May 1 13:30:50 2018 +0100

Update newsflash for new release

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 00f1aff..202f95c 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and 
test it
 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and 
test it
 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL
 1747 Validation not moved to historical
 16-Apr-2018: Security Advisory: one 
low severity fix
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-25

Thread
Mark J . Cox

The branch master has been updated
   via  7d8bb2e70f7b294ba633eb550626fe2ae11c9055 (commit)
  from  0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 (commit)


- Log -
commit 7d8bb2e70f7b294ba633eb550626fe2ae11c9055
Author: Mark J. Cox 
Date:   Wed Apr 25 15:26:35 2018 +0100

What we probably meant to do here is create anchors, so let's do that

---

Summary of changes:
 community/index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/community/index.html b/community/index.html
index 82ea6bb..82374b6 100644
--- a/community/index.html
+++ b/community/index.html
@@ -44,7 +44,7 @@
 several groups for help with the project infrastructure over time.

 
-Reporting Security Bugs
+Reporting Security Bugs
 
 If you think you have found a security bug in OpenSSL,
 please send mail to vulnerabilities page
 
 
-Reporting Bugs
+Reporting Bugs
 
To report a bug or make an enhancement request, please open
 an issue on GitHub, by clicking "new issue" on this page:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-25

Thread
Mark J . Cox

The branch master has been updated
   via  0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 (commit)
  from  f6eb108b46978392e0f3187af1b24ece5fc2cdda (commit)


- Log -
commit 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395
Author: Mark J. Cox 
Date:   Wed Apr 25 15:23:27 2018 +0100

Update the URL to save having to click through twice to the new
location; this is a trivial change for which we do not need to vote
on a policy change or update the policy change date.

---

Summary of changes:
 policies/secpolicy.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index 24b7b25..7af2965 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -21,7 +21,7 @@
 

 If you wish to report a possible security issue in OpenSSL
-please notify us.  
+please notify us.  

 
 Issue triage
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-25

Thread
Mark J . Cox

The branch master has been updated
   via  f6eb108b46978392e0f3187af1b24ece5fc2cdda (commit)
  from  0a533713bb32d0e21b2a44d0ebdf666988db4ee6 (commit)


- Log -
commit f6eb108b46978392e0f3187af1b24ece5fc2cdda
Author: Mark J. Cox 
Date:   Wed Apr 25 10:44:57 2018 +0100

Fix emacs autowrap I didn't notice

---

Summary of changes:
 community/index.html | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/community/index.html b/community/index.html
index 06e5861..82ea6bb 100644
--- a/community/index.html
+++ b/community/index.html
@@ -62,8 +62,7 @@
 Please note that we do not run a Bug Bounty program, although 
third parties
 may reward confirmed security issues reported in the OpenSSL 
codebase.  We
 do not consider
-the https://github.com/openssl/openssl/issues/6077;>lack
-of SPF records for openssl.org a security issue.
+the https://github.com/openssl/openssl/issues/6077;>lack 
of SPF records for openssl.org a security issue.
 
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-25

Thread
Mark J . Cox

The branch master has been updated
   via  0a533713bb32d0e21b2a44d0ebdf666988db4ee6 (commit)
  from  9ff40f37a3cdab765451353163477290698248c2 (commit)


- Log -
commit 0a533713bb32d0e21b2a44d0ebdf666988db4ee6
Author: Mark J. Cox 
Date:   Wed Apr 25 10:43:04 2018 +0100

Note the questions we get asked frequently about bug bounties and
lack of a SPF record.  We could add more here for the other frequently
reported issues (like an open ftp server, open directory listings etc)

---

Summary of changes:
 community/index.html | 8 
 1 file changed, 8 insertions(+)

diff --git a/community/index.html b/community/index.html
index c2bce5c..06e5861 100644
--- a/community/index.html
+++ b/community/index.html
@@ -59,6 +59,14 @@
 Security Policy.
 
 
+Please note that we do not run a Bug Bounty program, although 
third parties
+may reward confirmed security issues reported in the OpenSSL 
codebase.  We
+do not consider
+the https://github.com/openssl/openssl/issues/6077;>lack
+of SPF records for openssl.org a security issue.
+
+
+
 All fixed security bugs are listed on our vulnerabilities page
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-25

Thread
Mark J . Cox

The branch master has been updated
   via  9ff40f37a3cdab765451353163477290698248c2 (commit)
  from  56be59c9b561ac2d3183723c35fbc3d530c5bbca (commit)


- Log -
commit 9ff40f37a3cdab765451353163477290698248c2
Author: Mark J. Cox 
Date:   Wed Apr 25 10:11:30 2018 +0100

Remove duplicated text and refer to report a security issue section

---

Summary of changes:
 news/vulnerabilities-0.9.6.html | 13 ++---
 news/vulnerabilities-0.9.7.html | 13 ++---
 news/vulnerabilities-0.9.8.html | 13 ++---
 news/vulnerabilities-1.0.0.html | 13 ++---
 news/vulnerabilities-1.0.1.html | 13 ++---
 news/vulnerabilities-1.0.2.html | 13 ++---
 news/vulnerabilities-1.1.0.html | 13 ++---
 news/vulnerabilities.html   | 13 ++---
 8 files changed, 16 insertions(+), 88 deletions(-)

diff --git a/news/vulnerabilities-0.9.6.html b/news/vulnerabilities-0.9.6.html
index 97932bd..34d4b20 100644
--- a/news/vulnerabilities-0.9.6.html
+++ b/news/vulnerabilities-0.9.6.html
@@ -12,17 +12,8 @@
  Vulnerabilities
  

-If you think you have found a security bug in OpenSSL,
-please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org.
-If you want to encrypt the mail, you can use our
-team's PGP Key.  Or you can
-send mail to one or more individual OMC Members,
-encrypted or plaintext.
-We will work with you to assess and fix the flaw,
-as discussed in our
-Security Policy.
+  If you think you have found a security bug in OpenSSL,
+  please report it to us.

 Note: Support for OpenSSL 0.9.6 ended and
   is no longer receiving security updates
diff --git a/news/vulnerabilities-0.9.7.html b/news/vulnerabilities-0.9.7.html
index fe0e5af..829 100644
--- a/news/vulnerabilities-0.9.7.html
+++ b/news/vulnerabilities-0.9.7.html
@@ -12,17 +12,8 @@
  Vulnerabilities
  

-If you think you have found a security bug in OpenSSL,
-please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org.
-If you want to encrypt the mail, you can use our
-team's PGP Key.  Or you can
-send mail to one or more individual OMC Members,
-encrypted or plaintext.
-We will work with you to assess and fix the flaw,
-as discussed in our
-Security Policy.
+  If you think you have found a security bug in OpenSSL,
+  please report it to us.

 Note: Support for OpenSSL 0.9.7 ended and
   is no longer receiving security updates
diff --git a/news/vulnerabilities-0.9.8.html b/news/vulnerabilities-0.9.8.html
index 0cabef2..127624f 100644
--- a/news/vulnerabilities-0.9.8.html
+++ b/news/vulnerabilities-0.9.8.html
@@ -12,17 +12,8 @@
  Vulnerabilities
  

-If you think you have found a security bug in OpenSSL,
-please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org.
-If you want to encrypt the mail, you can use our
-team's PGP Key.  Or you can
-send mail to one or more individual OMC Members,
-encrypted or plaintext.
-We will work with you to assess and fix the flaw,
-as discussed in our
-Security Policy.
+  If you think you have found a security bug in OpenSSL,
+  please report it to us.

 Note: Support for OpenSSL 0.9.8 ended on 31st December 2015 and
   is no longer receiving security updates
diff --git a/news/vulnerabilities-1.0.0.html b/news/vulnerabilities-1.0.0.html
index d40c7cb..f0c375d 100644
--- a/news/vulnerabilities-1.0.0.html
+++ b/news/vulnerabilities-1.0.0.html
@@ -12,17 +12,8 @@
  Vulnerabilities
  

-If you think you have found a security bug in OpenSSL,
-please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org.
-If you want to encrypt the mail, you can use our
-team's PGP Key.  Or you can
-send mail to one or more individual OMC Members,
-encrypted or plaintext.
-We will work with you to assess and fix the flaw,
-as discussed in our
-Security Policy.
+  If you think you have found a security bug in OpenSSL,
+  please report it to us.

 Note: Support for OpenSSL 1.0.0 ended on 31st December 2015 and
 is no longer receiving security updates
diff --git 



[openssl-commits] [web]  master update


2018-04-25

Thread
Mark J . Cox

The branch master has been updated
   via  56be59c9b561ac2d3183723c35fbc3d530c5bbca (commit)
  from  5f9833f853d1fd6eb25d485b309ae540b09cf796 (commit)


- Log -
commit 56be59c9b561ac2d3183723c35fbc3d530c5bbca
Author: Mark J. Cox 
Date:   Wed Apr 25 10:06:48 2018 +0100

Move the details of reporting security issues here, that way we can
remove the duplication from each vulnerability page and we can add
more details about reports we will reject

---

Summary of changes:
 community/index.html | 22 ++
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/community/index.html b/community/index.html
index 45c0210..c2bce5c 100644
--- a/community/index.html
+++ b/community/index.html
@@ -44,11 +44,25 @@
 several groups for help with the project infrastructure over time.

 
-Reporting Bugs
+Reporting Security Bugs
+
+If you think you have found a security bug in OpenSSL,
+please send mail to mailto:openssl-secur...@openssl.org;>openssl-secur...@openssl.org.
+Encryption is not required, but if you want to encrypt the mail, 
you can use our
+team's PGP Key.  Or you can
+send mail to one or more individual OMC Members,
+encrypted or plaintext.
+We will work with you to assess and fix the flaw,
+as discussed in our
+Security Policy.
+
+
+All fixed security bugs are listed on our vulnerabilities page
+
 
-   If you think have found a security bug, please see our
-   vulnerabilities page
-   for information on how to report it.
+Reporting Bugs
 
To report a bug or make an enhancement request, please open
 an issue on GitHub, by clicking "new issue" on this page:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-24

Thread
Matt Caswell

The branch master has been updated
   via  5f9833f853d1fd6eb25d485b309ae540b09cf796 (commit)
  from  f8a362841bcc696786c5faa1dcfc8d0c274f92e7 (commit)


- Log -
commit 5f9833f853d1fd6eb25d485b309ae540b09cf796
Author: Matt Caswell 
Date:   Tue Apr 24 08:21:54 2018 +0100

Fix error for CVE-2018-0737

vulnerabilities.xml erroneously did not list 1.0.2a and 1.0.2 as affected.

---

Summary of changes:
 news/vulnerabilities.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 684eb33..bb13b7f 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -20,6 +20,8 @@
 
 
 
+
+
 
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-18

Thread
Rich Salz

The branch master has been updated
   via  f8a362841bcc696786c5faa1dcfc8d0c274f92e7 (commit)
  from  fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 (commit)


- Log -
commit f8a362841bcc696786c5faa1dcfc8d0c274f92e7
Author: Rich Salz 
Date:   Wed Apr 18 08:50:48 2018 -0400

Add bug bounty reference

---

Summary of changes:
 docs/faq-5-misc.txt | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt
index b84b595..f2810e5 100644
--- a/docs/faq-5-misc.txt
+++ b/docs/faq-5-misc.txt
@@ -103,3 +103,13 @@ in the next minor release.
 
 It was decided after the release of OpenSSL 0.9.8y the next version should
 be 0.9.8za then 0.9.8zb and so on.
+
+* Do you have a bug bounty program?
+
+The project does not.  Google runs a program
+@@@https://www.google.com/about/appsecurity/patch-rewards/@@@; so does
+HackerOne, @@@https://hackerone.com/ibb-openssl@@@. In general, if you
+have found a security issue, send email to openssl-secur...@openssl.org.
+Please note that we do not consider DNS configurations or Website
+configuration to be security issues.
+
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-17

Thread
Richard Levitte

The branch master has been updated
   via  fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2 (commit)
  from  168a9472b41c33b508d82a167ec169482b854664 (commit)


- Log -
commit fd21e3cd9ca7c7b7a8465d47e2bfbb728a4865e2
Author: Richard Levitte 
Date:   Tue Apr 17 15:46:22 2018 +0200

Update newsflash for release of OpenSSL 1.1.1-pre5 (beta 3)

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index b0b7cf1..00f1aff 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and 
test it
 16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL
 1747 Validation not moved to historical
 16-Apr-2018: Security Advisory: one 
low severity fix
 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and 
test it
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-16

Thread
Rich Salz

The branch master has been updated
   via  168a9472b41c33b508d82a167ec169482b854664 (commit)
  from  58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit)


- Log -
commit 168a9472b41c33b508d82a167ec169482b854664
Author: Rich Salz 
Date:   Mon Apr 16 11:47:44 2018 -0400

1747 newsflash

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index e4ecaef..b0b7cf1 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL
 1747 Validation not moved to historical
 16-Apr-2018: Security Advisory: one 
low severity fix
 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and 
test it
 27-Mar-2018: Security Advisory: 
several security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-16

Thread
Matt Caswell

The branch master has been updated
   via  58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit)
  from  5d178ddbeb5943d800ecf261449b139971d6743a (commit)


- Log -
commit 58fdfb2faa17a780294c693bc5c8f08149bd3d2c
Author: Matt Caswell 
Date:   Mon Apr 16 16:33:11 2018 +0100

Update newsflash for security advisory

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index fe25c29..e4ecaef 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+16-Apr-2018: Security Advisory: one 
low severity fix
 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and 
test it
 27-Mar-2018: Security Advisory: 
several security fixes
 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-16

Thread
Matt Caswell

The branch master has been updated
   via  5d178ddbeb5943d800ecf261449b139971d6743a (commit)
  from  e73e4460aa47e8cb6c694625584c26e9298d0bb5 (commit)


- Log -
commit 5d178ddbeb5943d800ecf261449b139971d6743a
Author: Matt Caswell 
Date:   Mon Apr 16 16:30:00 2018 +0100

Updates for CVE-2018-0737

---

Summary of changes:
 news/secadv/20180416.txt | 35 +++
 news/vulnerabilities.xml | 43 +++
 2 files changed, 78 insertions(+)
 create mode 100644 news/secadv/20180416.txt

diff --git a/news/secadv/20180416.txt b/news/secadv/20180416.txt
new file mode 100644
index 000..700beb6
--- /dev/null
+++ b/news/secadv/20180416.txt
@@ -0,0 +1,35 @@
+
+OpenSSL Security Advisory [16 Apr 2018]
+
+
+Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
+
+Severity: Low
+
+The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a
+cache timing side channel attack. An attacker with sufficient access to mount
+cache timing attacks during the RSA key generation process could recover the
+private key.
+
+Due to the low severity of this issue we are not issuing a new release of
+OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i
+and OpenSSL 1.0.2p when they become available. The fix is also available in
+commit 6939eab03 (for 1.1.0) and commit 349a41da1 (for 1.0.2) in the OpenSSL 
git
+repository.
+
+This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+The fix was developed by Billy Brumley.
+
+References
+==
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20180416.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index b565e18..684eb33 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -8,6 +8,49 @@
 
 
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+  
+
+Constant time issue
+Cache timing vulnerability in RSA Key Generation
+
+  The OpenSSL RSA Key generation algorithm has been shown to be vulnerable
+  to a cache timing side channel attack. An attacker with sufficient access
+  to mount cache timing attacks during the RSA key generation process could
+  recover the private key.
+
+
+
+  
   
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-12

Thread
Mark J . Cox

The branch master has been updated
   via  e73e4460aa47e8cb6c694625584c26e9298d0bb5 (commit)
  from  a2e614d7f5554b477dedd0066709df3cd3e14990 (commit)


- Log -
commit e73e4460aa47e8cb6c694625584c26e9298d0bb5
Author: Mark J. Cox 
Date:   Thu Apr 12 15:46:30 2018 +0100

Use a unified converter tool with Apache by making it handle both formats 
and abstracting the differences

---

Summary of changes:
 bin/vulnxml2json.py| 137 -
 bin/vulnxml2jsonproject.py |  43 ++
 2 files changed, 117 insertions(+), 63 deletions(-)
 create mode 100644 bin/vulnxml2jsonproject.py

diff --git a/bin/vulnxml2json.py b/bin/vulnxml2json.py
index b905da1..cffa29f 100755
--- a/bin/vulnxml2json.py
+++ b/bin/vulnxml2json.py
@@ -3,8 +3,11 @@
 # Convert our XML file to a JSON file as accepted by Mitre for CNA purposes
 # as per 
https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
 #
+# ASF httpd and OpenSSL use quite similar files, so this script is designed to 
work with either
+#
 
 from xml.dom import minidom
+import HTMLParser
 import simplejson as json
 import codecs
 import re
@@ -17,45 +20,15 @@ from jsonschema import validate
 from jsonschema import Draft4Validator
 import urllib
 
-# Versions of OpenSSL we never released, to allow us to display ranges
-neverreleased = "1.0.0h,";
+# Specific project stuff is here
+import vulnxml2jsonproject as cfg
 
 # Location of CVE JSON schema (default, can use local file etc)
 default_cve_schema = 
"https://raw.githubusercontent.com/CVEProject/automation-working-group/master/cve_json_schema/CVE_JSON_4.0_min_public.schema;
 
-def merge_affects(issue,base):
-# let's merge the affects into a nice list which is better for Mitre text 
but we have to take into account our stange lettering scheme
-prev = ""
-anext = ""
-alist = list()
-vlist = list()
-for affects in issue.getElementsByTagName('affects'): # so we can sort them
-   version = affects.getAttribute("version")
-   if (not base or base in version):
-   vlist.append(version)
-for ver in sorted(vlist):
-   # print "version %s (last was %s, next was %s)" %(ver,prev,anext)
-   if (ver != anext):
-  alist.append([ver])
-   elif len(alist[-1]) > 1:
-  alist[-1][-1] = ver
-   else:
-  alist[-1].append(ver)
-   prev = ver
-   if (unicode.isdigit(ver[-1])):   # First version after 1.0.1 is 1.0.1a
-   anext = ver + "a"
-   elif (ver[-1] == "y"):
-   anext = ver[:-1] + "za"# We ran out of letters once so 
y->za->zb
-   else:
-   anext = ver[:-1]+chr(ord(ver[-1])+1) # otherwise after 1.0.1a is 
1.0.1b
-   while (anext in neverreleased): # skip unreleased versions
-  anext = anext[:-1]+chr(ord(anext[-1])+1)
-
-return ",".join(['-'.join(map(str,aff)) for aff in alist])
-
 parser = OptionParser()
 parser.add_option("-s", "--schema", help="location of schema to check (default 
"+default_cve_schema+")", default=default_cve_schema,dest="schema")
-parser.add_option("-i", "--input", help="input vulnerability file live 
openssl-web/news/vulnerabilities.xml", dest="input")
+parser.add_option("-i", "--input", help="input vulnerability file 
vulnerabilities.xml", dest="input")
 parser.add_option("-c", "--cve", help="comma separated list of cve names to 
generate a json file for (or all)", dest="cves")
 parser.add_option("-o", "--outputdir", help="output directory for json file 
(default ./)", default=".", dest="outputdir")
 (options, args) = parser.parse_args()
@@ -74,61 +47,99 @@ cvej = list()
 with codecs.open(options.input,"r","utf-8") as vulnfile:
 vulns = vulnfile.read()
 dom = minidom.parseString(vulns.encode("utf-8"))
-issues = dom.getElementsByTagName('issue')
-for issue in issues:
-cve = issue.getElementsByTagName('cve')[0].getAttribute('name')
-if (cve == ""):
+
+for issue in dom.getElementsByTagName('issue'):
+if not issue.getElementsByTagName('cve'):
+continue
+# ASF httpd has CVE- prefix, but OpenSSL does not, make either work
+cvename = 
issue.getElementsByTagName('cve')[0].getAttribute('name').replace('CVE-','')
+if (cvename == ""):
continue
-if (options.cves):
-   if (not cve in options.cves):
+if (options.cves): # If we only want a certain list of CVEs, skip the rest
+   if (not cvename in options.cves):
   continue
+
 cve = dict()
 cve['data_type']="CVE"
 cve['data_format']="MITRE"
 cve['data_version']="4.0"
-cve['CVE_data_meta']= { "ID": 
"CVE-"+issue.getElementsByTagName('cve')[0].getAttribute('name'), "ASSIGNER": 
"openssl-secur...@openssl.org", "STATE":"PUBLIC" }
+cve['CVE_data_meta']= { "ID": "CVE-"+cvename, 



[openssl-commits] [web]  master update


2018-04-04

Thread
Richard Levitte

The branch master has been updated
   via  a2e614d7f5554b477dedd0066709df3cd3e14990 (commit)
  from  f0dd77fca46f3d630d5a47d3bb93e8d50c66f7df (commit)


- Log -
commit a2e614d7f5554b477dedd0066709df3cd3e14990
Author: Richard Levitte 
Date:   Wed Apr 4 11:14:44 2018 +0200

Generalise the rewrites of older tarballs

We enumerated every series when we could as simply handle them all
with one simple regexp.

---

Summary of changes:
 bin/mk-latest | 10 +-
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/bin/mk-latest b/bin/mk-latest
index 2307837..8c2d3a7 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -43,15 +43,7 @@ print <<\EOF;
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L]
 RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^openssl-(1\.0\.2.*) old/1.0.2/openssl-$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^openssl-(1\.1\.0.*) old/1.1.0/openssl-$1 [L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^openssl-(1\.1\.1.*) old/1.1.1/openssl-$1 [L]
+RewriteRule ^(openssl-(\d+\.\d+\.\d+).*) old/$2/$1 [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^openssl-(fips.*)  old/fips/openssl-$1 [L]
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-03

Thread
Richard Levitte

The branch master has been updated
   via  f0dd77fca46f3d630d5a47d3bb93e8d50c66f7df (commit)
   via  4fc0fbf43218d56c669b1b426687e8797c3dfaa1 (commit)
  from  1a509e9e5395e713e42d4e5f334aec68cf43d146 (commit)


- Log -
commit f0dd77fca46f3d630d5a47d3bb93e8d50c66f7df
Author: Richard Levitte 
Date:   Tue Apr 3 15:42:54 2018 +0200

bin/mk-latest: Allow for 1.1.1 URLs

commit 4fc0fbf43218d56c669b1b426687e8797c3dfaa1
Author: Richard Levitte 
Date:   Tue Apr 3 15:42:14 2018 +0200

source/.htaccess: I forgot it's autogenerated

---

Summary of changes:
 bin/mk-latest| 4 +++-
 source/.htaccess | 3 ---
 2 files changed, 3 insertions(+), 4 deletions(-)
 delete mode 100644 source/.htaccess

diff --git a/bin/mk-latest b/bin/mk-latest
index 122d950..2307837 100755
--- a/bin/mk-latest
+++ b/bin/mk-latest
@@ -41,7 +41,7 @@ print <<\EOF;
 
 # Old distro's are in subdirs.
 RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-0\.9\.8.*) old/0.9.x/$1 [L]
+RewriteRule ^(openssl-0\.9\.\d.*) old/0.9.x/$1 [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L]
 RewriteCond %{REQUEST_FILENAME} !-f
@@ -51,6 +51,8 @@ RewriteRule ^openssl-(1\.0\.2.*) old/1.0.2/openssl-$1 [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^openssl-(1\.1\.0.*) old/1.1.0/openssl-$1 [L]
 RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^openssl-(1\.1\.1.*) old/1.1.1/openssl-$1 [L]
+RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^openssl-(fips.*)  old/fips/openssl-$1 [L]
 
 
diff --git a/source/.htaccess b/source/.htaccess
deleted file mode 100644
index 1bbeac9..000
--- a/source/.htaccess
+++ /dev/null
@@ -1,3 +0,0 @@
-RewriteEngine on
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz) /source/old/$2/$1 
[L,R=301,NC]
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-04-03

Thread
Matt Caswell

The branch master has been updated
   via  1a509e9e5395e713e42d4e5f334aec68cf43d146 (commit)
  from  a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a (commit)


- Log -
commit 1a509e9e5395e713e42d4e5f334aec68cf43d146
Author: Matt Caswell 
Date:   Tue Apr 3 14:30:42 2018 +0100

Update newsflash for new release

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index c48a7e4..fe25c29 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and 
test it
 27-Mar-2018: Security Advisory: 
several security fixes
 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
 27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-29

Thread
Richard Levitte

The branch master has been updated
  discards  eeb7c341f09ec323bcaaafeee1c56c977565b116 (commit)
   via  a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (eeb7c341f09ec323bcaaafeee1c56c977565b116)
\
 N -- N -- N (a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.


- Log -
commit a345bc8dd66b5dac2ddc915fe57ba2fafeb3b62a
Author: Richard Levitte 
Date:   Thu Mar 29 14:15:27 2018 +0200

source/: translate /source/openssl-x.y.z*.tar.gz -> /source/old/x.y.z/...

Some people try to access older archive through their original
position.  Help them along.

---

Summary of changes:
 source/.htaccess | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/.htaccess b/source/.htaccess
index 97cefb5..1bbeac9 100644
--- a/source/.htaccess
+++ b/source/.htaccess
@@ -1,3 +1,3 @@
 RewriteEngine on
 RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz)  old/$2/$1 [L,R=301,NC]
+RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz) /source/old/$2/$1 
[L,R=301,NC]
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-29

Thread
Richard Levitte

The branch master has been updated
   via  eeb7c341f09ec323bcaaafeee1c56c977565b116 (commit)
  from  4ac275863a6dc09118532264420face062534d74 (commit)


- Log -
commit eeb7c341f09ec323bcaaafeee1c56c977565b116
Author: Richard Levitte 
Date:   Thu Mar 29 14:15:27 2018 +0200

source/: translate /source/openssl-x.y.z*.tar.gz -> /source/old/x.y.z/...

Some people try to access older archive through their original
position.  Help them along.

---

Summary of changes:
 source/.htaccess | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 source/.htaccess

diff --git a/source/.htaccess b/source/.htaccess
new file mode 100644
index 000..97cefb5
--- /dev/null
+++ b/source/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine on
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^(openssl-(\d+\.\d+\.\d+).*\.tar\.gz)  old/$2/$1 [L,R=301,NC]
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-28

Thread
Matt Caswell

The branch master has been updated
   via  4ac275863a6dc09118532264420face062534d74 (commit)
  from  b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit)


- Log -
commit 4ac275863a6dc09118532264420face062534d74
Author: Matt Caswell 
Date:   Wed Mar 28 10:37:47 2018 +0100

Add a link to the advisory

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index f7fd9a1..c48a7e4 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+27-Mar-2018: Security Advisory: 
several security fixes
 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
 27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes
 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security
 release due on 27th March 2018
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-27

Thread
Matt Caswell

The branch master has been updated
   via  b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit)
   via  8af698d4de2c19b45f702d03560c8045fc1bbec5 (commit)
  from  ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit)


- Log -
commit b142b6fc2b1787bac79b0823c7a1cc37c301c68c
Author: Matt Caswell 
Date:   Tue Mar 27 14:25:09 2018 +0100

Publish security advisory

commit 8af698d4de2c19b45f702d03560c8045fc1bbec5
Author: Matt Caswell 
Date:   Tue Mar 27 14:10:47 2018 +0100

Update news for new release

---

Summary of changes:
 news/newsflash.txt   |  2 ++
 news/secadv/20180327.txt | 82 
 news/vulnerabilities.xml | 73 --
 3 files changed, 155 insertions(+), 2 deletions(-)
 create mode 100644 news/secadv/20180327.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 572c8db..f7fd9a1 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
+27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes
 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security
 release due on 27th March 2018
 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and 
test it
 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last 
Group of Contributors
diff --git a/news/secadv/20180327.txt b/news/secadv/20180327.txt
new file mode 100644
index 000..bddf0a6
--- /dev/null
+++ b/news/secadv/20180327.txt
@@ -0,0 +1,82 @@
+
+OpenSSL Security Advisory [27 Mar 2018]
+
+
+Constructed ASN.1 types with a recursive definition could exceed the stack 
(CVE-2018-0739)
+==
+
+Severity: Moderate
+
+Constructed ASN.1 types with a recursive definition (such as can be found in
+PKCS7) could eventually exceed the stack given malicious input with
+excessive recursion. This could result in a Denial Of Service attack. There are
+no such structures used within SSL/TLS that come from untrusted sources so this
+is considered safe.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+OpenSSL 1.0.2 users should upgrade to 1.0.2o
+
+This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project.
+The fix was developed by Matt Caswell of the OpenSSL development team.
+
+Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+
+
+Severity: Moderate
+
+Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+effectively reduced to only comparing the least significant bit of each byte.
+This allows an attacker to forge messages that would be considered as
+authenticated in an amount of tries lower than that guaranteed by the security
+claims of the scheme. The module can only be compiled by the HP-UX assembler, 
so
+that only HP-UX PA-RISC targets are affected.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+
+This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM).
+The fix was developed by Andy Polyakov of the OpenSSL development team.
+
+rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+=
+
+Severity: Low
+
+This issue has been reported in a previous OpenSSL security advisory and a fix
+was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at
+that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h.
+
+There is an overflow bug in the AVX2 Montgomery multiplication procedure
+used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+Analysis suggests that attacks against RSA and DSA as a result of this defect
+would be very difficult to perform and are not believed likely. Attacks
+against DH1024 are considered just feasible, because most of the work
+necessary to deduce information about a private key may be performed offline.
+The amount of resources required for such an attack would be significant.
+However, for an attack on TLS to be meaningful, the server would have to share
+the DH1024 private key among multiple clients, which is no longer an option
+since CVE-2016-0701.
+
+This only affects processors that support the AVX2 but not ADX extensions
+like Intel Haswell (4th generation).
+
+Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
+and CVE-2015-3193.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+OpenSSL 1.0.2 users should upgrade 



[openssl-commits] [web]  master update


2018-03-24

Thread
Richard Levitte

The branch master has been updated
   via  ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit)
   via  52f4b4da8deb49a0c4229951265f40223a286c7f (commit)
   via  b11a6c4a822ce76e1061fdf2626fc20c673c4676 (commit)
   via  860c1786061372ffe7225e5a1a9e89d90630b802 (commit)
  from  d1915ac75ca02f62e91e72d530515df030103253 (commit)


- Log -
commit ba28d8470fba25cac99a94b7b9fa27bddbd1622a
Author: Richard Levitte 
Date:   Sat Mar 24 16:27:49 2018 +0100

mk-notes: slight change to include unreleased stuff from other branches

commit 52f4b4da8deb49a0c4229951265f40223a286c7f
Author: Jonathan Champ 
Date:   Fri Mar 23 18:49:18 2018 -0400

mk-notes: Find all sections; only print released

commit b11a6c4a822ce76e1061fdf2626fc20c673c4676
Author: Jonathan Champ 
Date:   Fri Mar 23 17:08:54 2018 -0400

mk-notes: Allow 'under development' version

commit 860c1786061372ffe7225e5a1a9e89d90630b802
Author: Richard Levitte 
Date:   Sat Mar 24 16:15:25 2018 +0100

Make news/cl111.txt as well

---

Summary of changes:
 Makefile |  2 +-
 bin/mk-notes | 18 +++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 27e4609..d53b50c 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ SIMPLE = newsflash.inc sitemap.txt \
 community/committers.inc \
 docs/faq.inc docs/fips.inc \
  news/changelog.inc news/changelog.txt \
- news/cl102.txt news/cl110.txt \
+ news/cl102.txt news/cl110.txt news/cl111.txt \
  news/openssl-1.0.2-notes.inc \
  news/openssl-1.1.0-notes.inc \
  news/openssl-1.1.1-notes.inc \
diff --git a/bin/mk-notes b/bin/mk-notes
index 66c5937..75562ef 100755
--- a/bin/mk-notes
+++ b/bin/mk-notes
@@ -8,12 +8,21 @@ my $copy = 0;
 my $in_ul = 0;
 while (  ) {
 chomp;
-if (/^\s*(Major changes between|Known issues in).*(\d+\.\d+\.\d+)\D.*\[(in 
pre-release|\d+\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s\d+)\]:?$/) 
{
+if (/^\s*(Major changes between|Known issues 
in).*(\d+\.\d+\.\d+)\D.*\[(.*)\]:?$/) {
+   my $release_series = $2;
+   my $release_date = $3;
+   if ($release_date !~ /^in 
pre-release|\d+\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s\d+$/) {
+   # The rationale to not simply stop when encountering another title
+   # line is that it's unreleased stuff that also exist in another
+   # series, but is also part of this one and should therefore be
+   # included.
+   next;
+   }
if ($in_ul) {
print "\n";
$in_ul = 0;
}
-   if ($2 eq $SERIES) {
+   if ($release_series eq $SERIES) {
print "";
print;
print "\n";
@@ -36,4 +45,7 @@ while (  ) {
print;
 }
 }
-print "";
+if ($in_ul) {
+print "\n";
+$in_ul = 0;
+}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-21

Thread
Matt Caswell

The branch master has been updated
   via  d1915ac75ca02f62e91e72d530515df030103253 (commit)
  from  3519dc1324f73e6d902f46ccb3685cef98ef78c8 (commit)


- Log -
commit d1915ac75ca02f62e91e72d530515df030103253
Author: Matt Caswell 
Date:   Wed Mar 21 23:02:15 2018 +

Update newsflash with pre-announcement for next release

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index b812aa0..572c8db 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html;>security
 release due on 27th March 2018
 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and 
test it
 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last 
Group of Contributors
 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and 
test it
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-20

Thread
Matt Caswell

The branch master has been updated
   via  3519dc1324f73e6d902f46ccb3685cef98ef78c8 (commit)
  from  89540fdb4b0aecc7dcd8a544a97d6a41aec6384e (commit)


- Log -
commit 3519dc1324f73e6d902f46ccb3685cef98ef78c8
Author: Matt Caswell 
Date:   Tue Mar 20 13:53:52 2018 +

Updates for beta 1 release

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 9a4e602..b812aa0 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and 
test it
 01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last 
Group of Contributors
 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and 
test it
 13-Feb-2018: Alpha 1 of OpenSSL 1.1.1 is now available: please download and 
test it
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-12

Thread
Richard Levitte

The branch master has been updated
   via  89540fdb4b0aecc7dcd8a544a97d6a41aec6384e (commit)
  from  a9dd578755eba45264f092b5371dae89b1be7172 (commit)


- Log -
commit 89540fdb4b0aecc7dcd8a544a97d6a41aec6384e
Author: Richard Levitte 
Date:   Mon Mar 12 21:23:40 2018 +0100

Update the release dates according to OMC vote

OMC vote has the following text:

  topic: Push the release of 1.1.1 beta1 (pre3) forward one week

 Reason: we have a number of unreviewed PRs on github marked
 1.1.1 and time is getting short.

 All other current future release dates will be pushed one week as 
well.
 https://www.openssl.org/policies/releasestrat.html will be updated.
 An official announcement should be made.
  Proposed by Richard Levitte

The votes are 6 +1's, no -1's and one not voted

---

Summary of changes:
 policies/releasestrat.html | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/policies/releasestrat.html b/policies/releasestrat.html
index 36eb4b2..3f37936 100644
--- a/policies/releasestrat.html
+++ b/policies/releasestrat.html
@@ -80,16 +80,17 @@
  
13th February 2018, alpha release 1 (pre1)
27th February 2018, alpha release 2 (pre2)
-   13th March 2018, beta release 1 (pre3)
+   20th March 2018, beta release 1 (pre3)
   
OpenSSL_1_1_1-stable created (feature freeze)
master becomes basis for 1.1.2 or 1.2.0 (TBD)
  
-   27th March 2018, beta release 2 (pre4)
-   10th April 2018, beta release 3 (pre5)
-   24th April 2018, beta release 4 (pre6)
-   1st May 2018, release readiness check (new release cycles added 
if
-   required, first possible final release date: 8th May 2018)
+   3rd April 2018, beta release 2 (pre4)
+   17th April 2018, beta release 3 (pre5)
+   1st May 2018, beta release 4 (pre6)
+   8th May 2018, release readiness check (new release
+   cycles added if required, first possible final release date:
+   15th May 2018)
  
 
  An alpha release means:
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-02

Thread
Mark J . Cox

The branch master has been updated
   via  a9dd578755eba45264f092b5371dae89b1be7172 (commit)
   via  9fd41a7f8e5d101e68f48a5b245082ca036b3216 (commit)
  from  4b5b982b8b057792ce7d206e4faaebaf02b60685 (commit)


- Log -
commit a9dd578755eba45264f092b5371dae89b1be7172
Author: Mark J. Cox 
Date:   Fri Mar 2 16:02:58 2018 +

Give full hash

commit 9fd41a7f8e5d101e68f48a5b245082ca036b3216
Author: Mark J. Cox 
Date:   Fri Mar 2 16:02:52 2018 +

Add missing blog posts

---

Summary of changes:
 news/newsflash.txt   | 2 ++
 news/vulnerabilities.xml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index abc5ab0..9a4e602 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,8 +4,10 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/;>Seeking Last 
Group of Contributors
 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and 
test it
 13-Feb-2018: Alpha 1 of OpenSSL 1.1.1 is now available: please download and 
test it
+18-Jan-2018: New Blog post: https://www.openssl.org/blog/blog/2018/01/18/f2f-london/;>Another Face to 
Face: Email Changes and Crypto Policy
 10-Jan-2018: New Blog post: https://www.openssl.org/blog/blog/2018/01/10/levchin/;>OpenSSL wins the 
Levchin prize
 07-Dec-2017: Security Advisory: one 
security fix
 07-Dec-2017: OpenSSL 1.0.2n is now available, including bug and security fixes
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index c81332c..026afc0 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -266,7 +266,7 @@
 
 
 
-  
+  
 
 NULL pointer deference
 Bad (EC)DHE parameters cause a client crash
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-03-01

Thread
Rich Salz

The branch master has been updated
   via  4b5b982b8b057792ce7d206e4faaebaf02b60685 (commit)
  from  46a84819a178b76996e0ddbe4b6d72b3197153e7 (commit)


- Log -
commit 4b5b982b8b057792ce7d206e4faaebaf02b60685
Author: Rich Salz 
Date:   Thu Mar 1 17:14:28 2018 -0500

Address issue 44

---

Summary of changes:
 policies/committers.html | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/policies/committers.html b/policies/committers.html
index af0564c..80e31c8 100644
--- a/policies/committers.html
+++ b/policies/committers.html
@@ -91,11 +91,13 @@
  
   If you have trouble finding consensus on a difficult review,
   reach out to the OMC at
-  mailto:openssl-t...@openssl.org;>openssl-t...@openssl.org
-  (private, moderated) or committers at
-  mailto:openssl-...@openssl.org;>openssl-...@openssl.org
-  (public). On GitHub, you can reach OMC members at @openssl/team,
-  and committers can be found at @openssl/dev.
+  mailto:openssl-...@openssl.org;>openssl-...@openssl.org
+  (private, moderated) or the project at
+  mailto:openssl-proj...@openssl.org;>openssl-proj...@openssl.org
+  (public, moderated).
+  On GitHub, you can target the OMC members with @openssl/omc,
+  and committers with @openssl/committers.
 
   Commit workflow
   We do code reviews on GitHub. The
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-02-28

Thread
Rich Salz

The branch master has been updated
   via  46a84819a178b76996e0ddbe4b6d72b3197153e7 (commit)
  from  8e971cf5d3256e7a1ca7bbb04c28926f36505eb8 (commit)


- Log -
commit 46a84819a178b76996e0ddbe4b6d72b3197153e7
Author: Rich Salz 
Date:   Wed Feb 28 10:23:36 2018 -0500

Add Travel Reimbursement policy

---

Summary of changes:
 policies/index.html|  6 +++--
 policies/sidebar.shtml |  3 +++
 policies/travel.html   | 60 ++
 3 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100644 policies/travel.html

diff --git a/policies/index.html b/policies/index.html
index e12703d..71607df 100644
--- a/policies/index.html
+++ b/policies/index.html
@@ -29,10 +29,12 @@
  supported.


-   Put another way, by being as transparent as possible,
+   By being as transparent as possible,
we hope to reduce the chance that people are surprised by
what we do, and we hope to help maintain predictable
-   behavior within the project.
+   behavior within the project. This includes how spend some
+money, as detailed in the
+travel reimbursement policy.

 
The Roadmap describes our overall
diff --git a/policies/sidebar.shtml b/policies/sidebar.shtml
index f7cd8c1..389cc51 100644
--- a/policies/sidebar.shtml
+++ b/policies/sidebar.shtml
@@ -16,6 +16,9 @@
Release Strategy
   
   
+Travel Reimbursement Policy.
+  
+  
Security Policy
   
   
diff --git a/policies/travel.html b/policies/travel.html
new file mode 100644
index 000..5d0f1db
--- /dev/null
+++ b/policies/travel.html
@@ -0,0 +1,60 @@
+
+
+
+
+
+
+
+
+  
+
+  
+   
+ Travel Reimbursement Policy
+ 
+   First issued 28th February 2014
+ 
+   
+
+   
+
+  The OpenSSL project may pay travel expenses for OMC members when
+  pre-approved by the OMC or when it is an official OMC meeting (as
+  determined by vote). Project members may seek to be reimbursed if
+  their employer is not covering the expense. The requirements for
+  reimbursement are:
+
+  
+An email sent to openssl-omc, including scanned attachments of
+  all receipts over 30 Euros.
+Barring exceptional circumstances, for an all-day meeting the
+  project will pay for arrival the day before and departure the
+  following morning.
+When presenting at a conference, the project will pay the
+  expenses for the entire conference provided the attendee agrees
+  to act as representative of the project during that time.
+Reasonable lodging and meal expenses during the travel time
+  will be covered.
+Barring exceptional circumstances, room service, minibar,
+  in-room movies, and other similar amenities are not
+  covered.
+  
+
+   
+   
+ You are here: Home
+ : Policies
+ : Travel Reimbursement Policy
+ Sitemap
+   
+  
+
+
+  
+
+
+
+
+
+
+
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





[openssl-commits] [web]  master update


2018-02-27

Thread
Richard Levitte

The branch master has been updated
   via  8e971cf5d3256e7a1ca7bbb04c28926f36505eb8 (commit)
  from  998aec751cf4da874a5ca07e4252729c477c0f70 (commit)


- Log -
commit 8e971cf5d3256e7a1ca7bbb04c28926f36505eb8
Author: Richard Levitte 
Date:   Tue Feb 27 15:27:24 2018 +0100

Include source/old/1.1.1

---

Summary of changes:
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 2ba6f57..27e4609 100644
--- a/Makefile
+++ b/Makefile
@@ -37,6 +37,7 @@ SRCLISTS = \
   source/old/1.0.1/index.inc \
   source/old/1.0.2/index.inc \
   source/old/1.1.0/index.inc \
+  source/old/1.1.1/index.inc \
   source/old/fips/index.inc \
 
 
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits





  1   2   3   4   5    >