[openssl/web] 4fdfa2: Remove old file
Branch: refs/heads/master Home: https://github.com/openssl/web Commit: 4fdfa23c4664f3c8230ce7ac627f98a872738784 https://github.com/openssl/web/commit/4fdfa23c4664f3c8230ce7ac627f98a872738784 Author: Mark J. Cox Date: 2022-12-05 (Mon, 05 Dec 2022) Changed paths: R bin/mk-cvepage Log Message: --- Remove old file Commit: 43084e09ee8c951adc452329addb64457bb11508 https://github.com/openssl/web/commit/43084e09ee8c951adc452329addb64457bb11508 Author: Mark J. Cox Date: 2022-12-05 (Mon, 05 Dec 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Add back the premium support link as github links that don't work are not useful (they should eventually be changed in the json files) Compare: https://github.com/openssl/web/compare/c4683fb523c9...43084e09ee8c
[openssl/web] c4683f: CVE project has a broken redirect so we need to us...
Branch: refs/heads/master Home: https://github.com/openssl/web Commit: c4683fb523c9b85471a0b1584f20439ebb5161cf https://github.com/openssl/web/commit/c4683fb523c9b85471a0b1584f20439ebb5161cf Author: Mark J. Cox Date: 2022-11-17 (Thu, 17 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- CVE project has a broken redirect so we need to use www.cve
[openssl/web] 60cd7c: Trailing slash is needed for parser
Branch: refs/heads/master Home: https://github.com/openssl/web Commit: 60cd7c77e906c3a1fa4fb5d24ee3cb97af4e25fd https://github.com/openssl/web/commit/60cd7c77e906c3a1fa4fb5d24ee3cb97af4e25fd Author: Mark J. Cox Date: 2022-11-17 (Thu, 17 Nov 2022) Changed paths: M Makefile Log Message: --- Trailing slash is needed for parser
[openssl/web] 15c861: Create a XML to JSON5 converter, not complete
Branch: refs/heads/master Home: https://github.com/openssl/web Commit: 15c861f7ef39a2a2b2fe02667d1890265567c1cc https://github.com/openssl/web/commit/15c861f7ef39a2a2b2fe02667d1890265567c1cc Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: A bin/vulnxml2json5.py M bin/vulnxml2jsonproject.py Log Message: --- Create a XML to JSON5 converter, not complete Commit: c66c2358fe546a7ac3b3aabe7b9699bf878cc454 https://github.com/openssl/web/commit/c66c2358fe546a7ac3b3aabe7b9699bf878cc454 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/vulnxml2jsonproject.py Log Message: --- Add function to return the earliest affected version Commit: 3abd6357e08fe473facf787f5622b130e3f55c3e https://github.com/openssl/web/commit/3abd6357e08fe473facf787f5622b130e3f55c3e Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Dates should have a timezone, don't include a problemtype if none exists, other fixes so that everything now validates. Commit: 1852c1b3a2c7a71f02e0eaa3cd565dee65a627f7 https://github.com/openssl/web/commit/1852c1b3a2c7a71f02e0eaa3cd565dee65a627f7 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Add a creator that doesn't conflict with vulnogram showing the date and time the file was imported (should only happen once). Impact is required, so add a unknown one Commit: 067966335545e247a76b5b6c912a547755f59970 https://github.com/openssl/web/commit/067966335545e247a76b5b6c912a547755f59970 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Less debug Don't append the fixed versions to the description, CVE project shouldn't need this any more Commit: 3561294ecc4d06faf7d7ea8d8d3f6a7916c99253 https://github.com/openssl/web/commit/3561294ecc4d06faf7d7ea8d8d3f6a7916c99253 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: A bin/cvejsontohtml.py M bin/vulnxml2json.py M bin/vulnxml2json5.py Log Message: --- Doesn't do 'also in...' or the wierd issues Commit: abb5d0a40b3e740bca07ef1edc953038e4af2df6 https://github.com/openssl/web/commit/abb5d0a40b3e740bca07ef1edc953038e4af2df6 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Update to match the current file Commit: 3b6a5e473bb40d92b23186fd3929a1a07f8862d0 https://github.com/openssl/web/commit/3b6a5e473bb40d92b23186fd3929a1a07f8862d0 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- A few CVE don't have titles or advisories, so make sure we can handle that. The output HTML now matches the current site, apart from 1. fips 2. the out of support statements 3. the not-an-issue statements Commit: 6db52ccd2e17e2cfe4f21d19e2fc213818280579 https://github.com/openssl/web/commit/6db52ccd2e17e2cfe4f21d19e2fc213818280579 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Add statements Commit: 8d695209e626d8091287661106f94bcdd1fc4f4b https://github.com/openssl/web/commit/8d695209e626d8091287661106f94bcdd1fc4f4b Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Deal with disputed cves Commit: ceb7b018f375c3611c8a64f03f36f9d26baeae48 https://github.com/openssl/web/commit/ceb7b018f375c3611c8a64f03f36f9d26baeae48 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/cvejsontohtml.py M bin/vulnxml2json5.py Log Message: --- Update credit handling Commit: 942d33dd7e9357e8782b389d30aa66b7f37dbb9e https://github.com/openssl/web/commit/942d33dd7e9357e8782b389d30aa66b7f37dbb9e Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Option -e is no longer used, data comes from a statements.json file Commit: c9fcff38947dca2008f3bb1eaf29ed4f33ab81ca https://github.com/openssl/web/commit/c9fcff38947dca2008f3bb1eaf29ed4f33ab81ca Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M Makefile Log Message: --- Let's have the json files appear on the site (like we did for vulnerabilities.xml) Commit: a4b5fcdfaf9fc1871ad529e064e3fd69b78f https://github.com/openssl/web/commit/a4b5fcdfaf9fc1871ad529e064e3fd69b78f Author: Mark J
[openssl/web] 5ad983: Create a XML to JSON5 converter, not complete
Branch: refs/heads/json5 Home: https://github.com/openssl/web Commit: 5ad983ef763d6eee3471acaf31e33108837c5aab https://github.com/openssl/web/commit/5ad983ef763d6eee3471acaf31e33108837c5aab Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: A bin/vulnxml2json5.py M bin/vulnxml2jsonproject.py Log Message: --- Create a XML to JSON5 converter, not complete Commit: 840a4c6ff822442945cf90378b0c4480543310db https://github.com/openssl/web/commit/840a4c6ff822442945cf90378b0c4480543310db Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2jsonproject.py Log Message: --- Add function to return the earliest affected version Commit: 4f5bf957af3d7579d066c56c7e3f7baaa9766f07 https://github.com/openssl/web/commit/4f5bf957af3d7579d066c56c7e3f7baaa9766f07 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Dates should have a timezone, don't include a problemtype if none exists, other fixes so that everything now validates. Commit: 6335eba42e6fd225ed2a4f4c2b00da8d7a3cc212 https://github.com/openssl/web/commit/6335eba42e6fd225ed2a4f4c2b00da8d7a3cc212 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Add a creator that doesn't conflict with vulnogram showing the date and time the file was imported (should only happen once). Impact is required, so add a unknown one Commit: 600397b1a7ebbd99d7cc3ec3d63ab456bcf1d20a https://github.com/openssl/web/commit/600397b1a7ebbd99d7cc3ec3d63ab456bcf1d20a Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Less debug Don't append the fixed versions to the description, CVE project shouldn't need this any more Commit: a6260ca4707ea78f5303f5051679ab87e7e3edc2 https://github.com/openssl/web/commit/a6260ca4707ea78f5303f5051679ab87e7e3edc2 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: A bin/cvejsontohtml.py M bin/vulnxml2json.py M bin/vulnxml2json5.py Log Message: --- Doesn't do 'also in...' or the wierd issues Commit: 5f114df6c8c946abef29e0ef98af7e1da880491e https://github.com/openssl/web/commit/5f114df6c8c946abef29e0ef98af7e1da880491e Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Update to match the current file Commit: 4229c32f0835f262c8de86a5aa34b9874a7e6163 https://github.com/openssl/web/commit/4229c32f0835f262c8de86a5aa34b9874a7e6163 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- A few CVE don't have titles or advisories, so make sure we can handle that. The output HTML now matches the current site, apart from 1. fips 2. the out of support statements 3. the not-an-issue statements Commit: cc6088b0709556e5aff8bae9f7e611afa4efa708 https://github.com/openssl/web/commit/cc6088b0709556e5aff8bae9f7e611afa4efa708 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Add statements Commit: b438b80b006435eed755dc6a5afda03cb3d90738 https://github.com/openssl/web/commit/b438b80b006435eed755dc6a5afda03cb3d90738 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Deal with disputed cves Commit: 058c93cd8ff9a1e98fa1a58a3c94eb9237ced3fd https://github.com/openssl/web/commit/058c93cd8ff9a1e98fa1a58a3c94eb9237ced3fd Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py M bin/vulnxml2json5.py Log Message: --- Update credit handling Commit: bb07d5f8029a76260ef8cf88424f458c1dbfab99 https://github.com/openssl/web/commit/bb07d5f8029a76260ef8cf88424f458c1dbfab99 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Option -e is no longer used, data comes from a statements.json file Commit: a14324f29f2c7540b145b8063306786e644c8f9f https://github.com/openssl/web/commit/a14324f29f2c7540b145b8063306786e644c8f9f Author: Mark J. Cox Date: 2022-11-05 (Sat, 05 Nov 2022) Changed paths: M Makefile Log Message: --- Let's have the json files appear on the site (like we did for vulnerabilities.xml) Commit: b8d308f557b0dbb6081936488f030d89b7afaf49 https://github.com/openssl/web/commit/b8d308f557b0dbb6081936488f030d89b7afaf49 Author: Richard Le
[openssl/web]
Branch: refs/heads/json5 Home: https://github.com/openssl/web
[openssl/web] b8d308: Move VMS on IA64 and X86_64 from community to seco...
Branch: refs/heads/json5 Home: https://github.com/openssl/web Commit: b8d308f557b0dbb6081936488f030d89b7afaf49 https://github.com/openssl/web/commit/b8d308f557b0dbb6081936488f030d89b7afaf49 Author: Richard Levitte Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M policies/platformpolicy.md Log Message: --- Move VMS on IA64 and X86_64 from community to secondary It is supported by a team member (Richard Levitte), [VSI] provides hosts which Richard has access to running those VMS versions, and they are plugged into our [buildbot CI]. [VSI]: https://vmssoftware.com/ [buildbot CI]: https://ci.buildbot.openssl.org/ Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/363) Commit: 3e91522b324ae78f6193bf540b8ea6d32d1c3248 https://github.com/openssl/web/commit/3e91522b324ae78f6193bf540b8ea6d32d1c3248 Author: Martin Koci Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M roadmap.md Log Message: --- udpated roadmap file Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/367) Commit: dccd49f0dd09f2fbf94458594da6ef8dc7175db2 https://github.com/openssl/web/commit/dccd49f0dd09f2fbf94458594da6ef8dc7175db2 Author: Richard Levitte Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M policies/general/dirdata.yaml R policies/platformpolicy.md Log Message: --- Drop the old platform policy file, as it is now in general-policies Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/365) Commit: 97a1743f73a50561dd81b8ee75fc2306154290cd https://github.com/openssl/web/commit/97a1743f73a50561dd81b8ee75fc2306154290cd Author: Richard Levitte Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M Makefile Log Message: --- We have policy-supplementals, let's render them Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/368) Commit: 6d7fdd4309f0dd3689a725de7f709e21496ee5a7 https://github.com/openssl/web/commit/6d7fdd4309f0dd3689a725de7f709e21496ee5a7 Author: Richard Levitte Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M Makefile Log Message: --- Make better rendering of general policy-supplementals The quick method in the previous commit was incorrect. We change it to align with how other policy files are rendered. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/web/pull/369) Commit: 0579861ed6bc3fa90531fbba1748ce298603a1ef https://github.com/openssl/web/commit/0579861ed6bc3fa90531fbba1748ce298603a1ef Author: Richard Levitte Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M support/acks.md Log Message: --- support/acks.md: Remove "current" link Originally (when this file was still raw HTML), this was an ID (Sponsorship Donations). Turning it into a link was a clear typo. As far as I can tell, nothing linked to acks.html#current, so we can as well drop it entirely. Fixes #371 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/372) Commit: 47bcf69f8155a5158500a35d7a5a9ae32b3b67a8 https://github.com/openssl/web/commit/47bcf69f8155a5158500a35d7a5a9ae32b3b67a8 Author: Richard Levitte Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M Makefile Log Message: --- Add data for OpenSSL 3.1 Reviewed-by: Matt Caswell Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/web/pull/373) Commit: edd96199f47589ef2e74681f273d56df515287d6 https://github.com/openssl/web/commit/edd96199f47589ef2e74681f273d56df515287d6 Author: Martin Koci Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M support/acks.md Log Message: --- Added Microsoft among silver sponsors Reviewed-by: Paul Dale Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/web/pull/374) Commit: 373c5871924f138c870afefa841156e179ba7418 https://github.com/openssl/web/commit/373c5871924f138c870afefa841156e179ba7418 Author: Mark J. Cox Date: 2022-11-07 (Mon, 07 Nov 2022) Changed paths: M Makefile Log Message: --- Base the vulnerability pages from the JSON files instead of the old XML file Compare: https://github.com/openssl/web/compare/a14324f29f2c...373c5871924f
[openssl/web] a14324: Let's have the json files appear on the site (like...
Branch: refs/heads/json5 Home: https://github.com/openssl/web Commit: a14324f29f2c7540b145b8063306786e644c8f9f https://github.com/openssl/web/commit/a14324f29f2c7540b145b8063306786e644c8f9f Author: Mark J. Cox Date: 2022-11-05 (Sat, 05 Nov 2022) Changed paths: M Makefile Log Message: --- Let's have the json files appear on the site (like we did for vulnerabilities.xml)
[openssl/web] 5ad983: Create a XML to JSON5 converter, not complete
Branch: refs/heads/json5 Home: https://github.com/openssl/web Commit: 5ad983ef763d6eee3471acaf31e33108837c5aab https://github.com/openssl/web/commit/5ad983ef763d6eee3471acaf31e33108837c5aab Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: A bin/vulnxml2json5.py M bin/vulnxml2jsonproject.py Log Message: --- Create a XML to JSON5 converter, not complete Commit: 840a4c6ff822442945cf90378b0c4480543310db https://github.com/openssl/web/commit/840a4c6ff822442945cf90378b0c4480543310db Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2jsonproject.py Log Message: --- Add function to return the earliest affected version Commit: 4f5bf957af3d7579d066c56c7e3f7baaa9766f07 https://github.com/openssl/web/commit/4f5bf957af3d7579d066c56c7e3f7baaa9766f07 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Dates should have a timezone, don't include a problemtype if none exists, other fixes so that everything now validates. Commit: 6335eba42e6fd225ed2a4f4c2b00da8d7a3cc212 https://github.com/openssl/web/commit/6335eba42e6fd225ed2a4f4c2b00da8d7a3cc212 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Add a creator that doesn't conflict with vulnogram showing the date and time the file was imported (should only happen once). Impact is required, so add a unknown one Commit: 600397b1a7ebbd99d7cc3ec3d63ab456bcf1d20a https://github.com/openssl/web/commit/600397b1a7ebbd99d7cc3ec3d63ab456bcf1d20a Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/vulnxml2json5.py Log Message: --- Less debug Don't append the fixed versions to the description, CVE project shouldn't need this any more Commit: a6260ca4707ea78f5303f5051679ab87e7e3edc2 https://github.com/openssl/web/commit/a6260ca4707ea78f5303f5051679ab87e7e3edc2 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: A bin/cvejsontohtml.py M bin/vulnxml2json.py M bin/vulnxml2json5.py Log Message: --- Doesn't do 'also in...' or the wierd issues Commit: 5f114df6c8c946abef29e0ef98af7e1da880491e https://github.com/openssl/web/commit/5f114df6c8c946abef29e0ef98af7e1da880491e Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Update to match the current file Commit: 4229c32f0835f262c8de86a5aa34b9874a7e6163 https://github.com/openssl/web/commit/4229c32f0835f262c8de86a5aa34b9874a7e6163 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- A few CVE don't have titles or advisories, so make sure we can handle that. The output HTML now matches the current site, apart from 1. fips 2. the out of support statements 3. the not-an-issue statements Commit: cc6088b0709556e5aff8bae9f7e611afa4efa708 https://github.com/openssl/web/commit/cc6088b0709556e5aff8bae9f7e611afa4efa708 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Add statements Commit: b438b80b006435eed755dc6a5afda03cb3d90738 https://github.com/openssl/web/commit/b438b80b006435eed755dc6a5afda03cb3d90738 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Deal with disputed cves Commit: 058c93cd8ff9a1e98fa1a58a3c94eb9237ced3fd https://github.com/openssl/web/commit/058c93cd8ff9a1e98fa1a58a3c94eb9237ced3fd Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py M bin/vulnxml2json5.py Log Message: --- Update credit handling Commit: bb07d5f8029a76260ef8cf88424f458c1dbfab99 https://github.com/openssl/web/commit/bb07d5f8029a76260ef8cf88424f458c1dbfab99 Author: Mark J. Cox Date: 2022-11-04 (Fri, 04 Nov 2022) Changed paths: M bin/cvejsontohtml.py Log Message: --- Option -e is no longer used, data comes from a statements.json file Compare: https://github.com/openssl/web/compare/5ad983ef763d%5E...bb07d5f8029a
[openssl/tools] 851263: 3.0.0 is out so don't special case things as being...
Branch: refs/heads/master Home: https://github.com/openssl/tools Commit: 85126371f5705e6b3749eff73238b592c2ab91b3 https://github.com/openssl/tools/commit/85126371f5705e6b3749eff73238b592c2ab91b3 Author: Mark J. Cox Date: 2022-09-28 (Wed, 28 Sep 2022) Changed paths: M github-tools/stale.py Log Message: --- 3.0.0 is out so don't special case things as being deferred Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/tools/pull/127)
[openssl/tools] 4f9a7c: Add the tool that we use for openssl-engine to pin...
Branch: refs/heads/master Home: https://github.com/openssl/tools Commit: 4f9a7c5b08cc2e18da10a23b449d79a835144795 https://github.com/openssl/tools/commit/4f9a7c5b08cc2e18da10a23b449d79a835144795 Author: Mark J. Cox Date: 2022-03-14 (Mon, 14 Mar 2022) Changed paths: A github-tools/stale.py Log Message: --- Add the tool that we use for openssl-engine to ping and close stale PRs Commit: 98c731433c61f122c587b545efce23470174a515 https://github.com/openssl/tools/commit/98c731433c61f122c587b545efce23470174a515 Author: Mark J. Cox Date: 2022-03-14 (Mon, 14 Mar 2022) Changed paths: M github-tools/stale.py Log Message: --- Minor nits Commit: f052101444122690e79f464b465bd5da2ab767c7 https://github.com/openssl/tools/commit/f052101444122690e79f464b465bd5da2ab767c7 Author: Mark J. Cox Date: 2022-03-14 (Mon, 14 Mar 2022) Changed paths: M github-tools/stale.py Log Message: --- 3.0.0 is out so don't special case things as being deferred Commit: 9f7ede920a0a71bf2fc2f5bdd47352885817cc71 https://github.com/openssl/tools/commit/9f7ede920a0a71bf2fc2f5bdd47352885817cc71 Author: Mark J. Cox Date: 2022-09-28 (Wed, 28 Sep 2022) Changed paths: M HOWTO-make-a-release.md M github-tools/stale.py R release-tools/README.md M release-tools/do-copyright-year M release-tools/mkrelease.pl M release-tools/release-git.pl M review-tools/addrev M review-tools/ghmerge M review-tools/gitaddrev M review-tools/pick-to-branch Log Message: --- Merge branch 'master' into 300isnotdeferred Commit: 32a4d14ed0e65cbfd4fc26ad6cc18ecc108687e2 https://github.com/openssl/tools/commit/32a4d14ed0e65cbfd4fc26ad6cc18ecc108687e2 Author: Mark J. Cox Date: 2022-09-28 (Wed, 28 Sep 2022) Changed paths: M github-tools/stale.py Log Message: --- Merge pull request #109 from iamamoose/300isnotdeferred 3.0.0 is out so don't special case things as being deferred Compare: https://github.com/openssl/tools/compare/4dbaaffea297...32a4d14ed0e6
[openssl/web] f7a8ee: Remove sponsor
Branch: refs/heads/master Home: https://github.com/openssl/web Commit: f7a8eee5adacd2cd10001d1b977a3606ecef9096 https://github.com/openssl/web/commit/f7a8eee5adacd2cd10001d1b977a3606ecef9096 Author: Mark J. Cox Date: 2022-09-02 (Fri, 02 Sep 2022) Changed paths: M support/acks.md Log Message: --- Remove sponsor
[openssl/web]
Branch: refs/heads/premiumgit Home: https://github.com/openssl/web
[openssl/web] 9a81a9: If a release is only available to premium support ...
Branch: refs/heads/master Home: https://github.com/openssl/web Commit: 9a81a97b221f542297375654bfbcd30ae8e3a5d7 https://github.com/openssl/web/commit/9a81a97b221f542297375654bfbcd30ae8e3a5d7 Author: Mark J. Cox Date: 2022-07-25 (Mon, 25 Jul 2022) Changed paths: M bin/mk-cvepage Log Message: --- If a release is only available to premium support customers because it is EOL then don't link to github as those patches won't be there Commit: 15acf3badcff05b55ac7d20047048d1925e61a61 https://github.com/openssl/web/commit/15acf3badcff05b55ac7d20047048d1925e61a61 Author: Mark J. Cox Date: 2022-07-25 (Mon, 25 Jul 2022) Changed paths: M bin/mk-cvepage Log Message: --- Merge branch 'premiumgit' Compare: https://github.com/openssl/web/compare/a18e42645868...15acf3badcff
[openssl/web] 9a81a9: If a release is only available to premium support ...
Branch: refs/heads/premiumgit Home: https://github.com/openssl/web Commit: 9a81a97b221f542297375654bfbcd30ae8e3a5d7 https://github.com/openssl/web/commit/9a81a97b221f542297375654bfbcd30ae8e3a5d7 Author: Mark J. Cox Date: 2022-07-25 (Mon, 25 Jul 2022) Changed paths: M bin/mk-cvepage Log Message: --- If a release is only available to premium support customers because it is EOL then don't link to github as those patches won't be there
[web] master update
The branch master has been updated via acbb83e4accab58fab385371c8835316a33fb21c (commit) from 469d1a406bf21372d301396c66b8aec97bd8a32a (commit) - Log - commit acbb83e4accab58fab385371c8835316a33fb21c Author: Mark J. Cox Date: Mon Nov 1 10:14:50 2021 + Update to match reality, our sources of income are sponsorship and support contracts. --- Summary of changes: support/donations.html | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/support/donations.html b/support/donations.html index 0228569..7de3620 100644 --- a/support/donations.html +++ b/support/donations.html @@ -13,11 +13,10 @@ OpenSSL. You can support the OpenSSL project financially with the -purchase of a support contract, by a -sponsorship donation, or by hiring OSF for consulting services or -custom software development. +purchase of a support contract, or by a +sponsorship donation. -We can also accept smaller donations +We can accept smaller sponsorship donations via https://github.com/sponsors/openssl";>GitHub Sponsors. We do not have a PayPal account. Please do not donate to any
[web] master update
The branch master has been updated via 95646d33a713dd67de6aef668fb717aca07fa11a (commit) from 78a40cab4af1807c6530546557a93303b2505f40 (commit) - Log - commit 95646d33a713dd67de6aef668fb717aca07fa11a Author: Mark J. Cox Date: Mon Sep 27 13:15:14 2021 +0100 Add note of third party bug bounty program --- Summary of changes: community/index.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/community/index.html b/community/index.html index 72587ad..19e5397 100644 --- a/community/index.html +++ b/community/index.html @@ -62,9 +62,9 @@ Please note that we do not run a Bug Bounty program, although third parties -may reward confirmed security issues reported in the OpenSSL codebase. We -do not consider -the https://github.com/openssl/openssl/issues/6077";>lack of SPF records for openssl.org a security issue. +(such as the https://hackerone.com/ibb";>HackerOne Internet +Bug Bounty) +may reward correctly reported and confirmed security issues in the OpenSSL codebase.
[web] master update
The branch master has been updated via 1353aad58c10c84ca4cc09250ca72179b58fe8a8 (commit) via 7027987f060c25f61c8217cd26479f9b4af56bf6 (commit) from 30a512b2e4a02e643216a163af87db97ccbf00d2 (commit) - Log - commit 1353aad58c10c84ca4cc09250ca72179b58fe8a8 Merge: 30a512b 7027987 Author: Mark J. Cox Date: Thu Sep 2 12:22:25 2021 +0100 Merge pull request #256 from iamamoose/20210902 Add Activision Silver Sponsorship commit 7027987f060c25f61c8217cd26479f9b4af56bf6 Author: Mark J. Cox Date: Thu Sep 2 11:22:18 2021 +0100 Add Activision Silver sponsorship --- Summary of changes: support/acks.html | 1 + 1 file changed, 1 insertion(+) diff --git a/support/acks.html b/support/acks.html index 0b70d47..63f2366 100644 --- a/support/acks.html +++ b/support/acks.html @@ -46,6 +46,7 @@ Silver: +https://activision.com/";>Activision https://cargurus.com/";>CarGurus https://shiguredo.jp/";>Shiguredo Inc.
[web] master update
The branch master has been updated via 30a512b2e4a02e643216a163af87db97ccbf00d2 (commit) via d3f3bf5b0d8ef336acb45a3e8077436001be82f9 (commit) from 0374f7e7bd8802894fee0c15c474bd20e04f5731 (commit) - Log - commit 30a512b2e4a02e643216a163af87db97ccbf00d2 Merge: 0374f7e d3f3bf5 Author: Mark J. Cox Date: Tue Aug 31 10:55:38 2021 +0100 Merge pull request #254 from iamamoose/20210831sponsors Add CarGurus sponsorship (silver) commit d3f3bf5b0d8ef336acb45a3e8077436001be82f9 Author: Mark J. Cox Date: Tue Aug 31 10:20:05 2021 +0100 Add CarGurus sponsorship (silver) --- Summary of changes: support/acks.html | 1 + 1 file changed, 1 insertion(+) diff --git a/support/acks.html b/support/acks.html index 8a81815..0b70d47 100644 --- a/support/acks.html +++ b/support/acks.html @@ -46,6 +46,7 @@ Silver: +https://cargurus.com/";>CarGurus https://shiguredo.jp/";>Shiguredo Inc.
[web] master update
The branch master has been updated
via 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4 (commit)
via 6340022c20721b8cde5817dc5a9caa39e2d7b232 (commit)
from 61f488185e0736cf5196efc9d5f4f4b3370b3f8e (commit)
- Log -
commit 86e6eb2e66ec9112b311616d9dbfbb7da734c6a4
Merge: 61f4881 6340022
Author: Mark J. Cox
Date: Tue Jul 27 13:06:17 2021 +0100
Merge pull request #249 from iamamoose/fixpgp
SKS keyservers have been offline for a while, so switch to OpenPGP
commit 6340022c20721b8cde5817dc5a9caa39e2d7b232
Author: Mark J. Cox
Date: Tue Jul 27 12:07:40 2021 +0100
SKS keyservers have been offline for a while, so switch to
keys.openpgp.org
---
Summary of changes:
bin/mk-omc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-omc b/bin/mk-omc
index e6dee11..24144df 100755
--- a/bin/mk-omc
+++ b/bin/mk-omc
@@ -60,7 +60,7 @@ foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) }
keys %data) {
my $pgpurl = $data{$key}->{pgpid} if $options{pgp};
$pgpurl =~ s|\s+||g if $pgpurl;
$pgpurl =
-
"http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x$pgpurl";
+ "https://keys.openpgp.org/search?q=$pgpurl";
if $pgpurl;
my @columndata = ();
[web] master update
The branch master has been updated via 539bea014de78db5ff5b0785a46bfd7647b0b589 (commit) via f975a6468b54079ffad293492d9c42e006f65794 (commit) from 1570fc29ed21a46e7a7a3dd7c64f58a8ff976c29 (commit) - Log - commit 539bea014de78db5ff5b0785a46bfd7647b0b589 Merge: 1570fc2 f975a64 Author: Mark J. Cox Date: Thu Jul 15 08:58:51 2021 +0100 Merge pull request #246 from iamamoose/shiguredosponsor Add sponsor Shiguredo Inc commit f975a6468b54079ffad293492d9c42e006f65794 Author: Mark J. Cox Date: Thu Jul 15 08:54:51 2021 +0100 Add sponsor Shiguredo Inc --- Summary of changes: support/acks.html | 5 + 1 file changed, 5 insertions(+) diff --git a/support/acks.html b/support/acks.html index 418652c..8a81815 100644 --- a/support/acks.html +++ b/support/acks.html @@ -43,6 +43,11 @@ https://www.nginx.com/";> + + Silver: + +https://shiguredo.jp/";>Shiguredo Inc. + Bronze:
[web] master update
The branch master has been updated via f0be824328dc1cbbe56c1adb943d180c86aa4642 (commit) via db238e8d834b6775edcda71f30ca73ba54824872 (commit) from 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 (commit) - Log - commit f0be824328dc1cbbe56c1adb943d180c86aa4642 Merge: 2e8cfad db238e8 Author: Mark J. Cox Date: Tue Jun 8 10:25:55 2021 +0100 Merge pull request #242 from iamamoose/f5sponsor Add NGINX sponsorship logo commit db238e8d834b6775edcda71f30ca73ba54824872 Author: Mark J. Cox Date: Tue Jun 8 10:22:49 2021 +0100 Add NGINX sponsorship logo --- Summary of changes: img/nginx-logo-med.png | Bin 0 -> 7253 bytes support/acks.html | 7 +++ 2 files changed, 7 insertions(+) create mode 100644 img/nginx-logo-med.png diff --git a/img/nginx-logo-med.png b/img/nginx-logo-med.png new file mode 100644 index 000..d850df4 Binary files /dev/null and b/img/nginx-logo-med.png differ diff --git a/support/acks.html b/support/acks.html index 3bce679..418652c 100644 --- a/support/acks.html +++ b/support/acks.html @@ -37,6 +37,13 @@ } + Gold: + + +https://www.nginx.com/";> + + Bronze: https://beslist.nl/";>beslist.nl
[web] master update
The branch master has been updated via 4fab73cc1edf551a6ade144dfcae1223fa2aa120 (commit) via a56110d2a6791f92040bcd9ba6239a86916024ac (commit) via 6cea194f8dacf63ea52758c8e2a7bc2452918ca7 (commit) from be9a59e85c1be6992ed7f61737bcf630d6cad0f6 (commit) - Log - commit 4fab73cc1edf551a6ade144dfcae1223fa2aa120 Merge: be9a59e a56110d Author: Mark J. Cox Date: Wed Apr 28 14:07:16 2021 +0100 Merge pull request #237 from iamamoose/fixrt Fix security advisory links to rt.openssl.org commit a56110d2a6791f92040bcd9ba6239a86916024ac Author: Mark J. Cox Date: Wed Apr 28 13:54:47 2021 +0100 Remember we're in XML so escape & commit 6cea194f8dacf63ea52758c8e2a7bc2452918ca7 Author: Mark J. Cox Date: Wed Apr 28 13:52:47 2021 +0100 We have some old links to rt.openssl.org as advisories, just link those to the archive version for now, we could dump these to txt files later --- Summary of changes: news/vulnerabilities.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index c1b47e2..ba187fd 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -6391,7 +6391,7 @@ Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation. -https://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest"/> +https://web.archive.org/web/20100710092848/https://rt.openssl.org/Ticket/Display.html?id=1838"/> @@ -6415,7 +6415,7 @@ remote attacker could use this flaw to cause a DTLS server to crash. -https://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest"/> +https://web.archive.org/web/20120306065500/http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest"/> @@ -6445,7 +6445,7 @@ memory left. -https://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest"/> +https://web.archive.org/web/20101120211136/http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest"/> @@ -6475,7 +6475,7 @@ left. -https://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest"/> +https://web.archive.org/web/20100824233642/http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest"/>
[web] master update
The branch master has been updated via 15064d72540a2d5405d749acd74caeb8683ae886 (commit) via 866c7caa7a09f7f56be99d7cb750be9c901503e0 (commit) via f37be0806125a21d7107327a97cc0d7cdc9275e8 (commit) via f4faa3d32216b9a47c6103400659e8f274c36052 (commit) from abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit) - Log - commit 15064d72540a2d5405d749acd74caeb8683ae886 Merge: abbb2d4 866c7ca Author: Mark J. Cox Date: Tue Mar 16 10:48:55 2021 + Merge pull request #222 from iamamoose/securitypolicychange Update security policy to note we prenotify projects like LibreSSL and BoringSSL commit 866c7caa7a09f7f56be99d7cb750be9c901503e0 Author: Mark J. Cox Date: Tue Mar 16 10:47:33 2021 + Vote passed, update the change date commit f37be0806125a21d7107327a97cc0d7cdc9275e8 Author: Mark J. Cox Date: Thu Mar 4 11:07:25 2021 + "based on" could be misinterpreted as projects that simply use OpenSSL but the intent of this change is for projects that are derived from OpenSSL commit f4faa3d32216b9a47c6103400659e8f274c36052 Author: Mark J. Cox Date: Tue Mar 2 11:18:48 2021 + For many years we have notified LibreSSL and BoringSSL, but we should be clear that we do so in the policy --- Summary of changes: policies/secpolicy.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 54fb592..ff4eb5f 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 12th May 2020 + Last modified 16th March 2021 @@ -126,6 +126,8 @@ that uses OpenSSL as included on http://oss-security.openwall.org/wiki/mailing-lists/distros";>this list of Operating System distribution security contacts. +We also include other open source projects that are derived from OpenSSL which +have a significant user base and a reciprocal arrangement. We may also include other organisations that are not listed but would otherwise qualify for list membership. We may also include organisations with which we have a
[web] master update
The branch master has been updated via 3529993430cd665987db1ade8fa5e6f17fd9fdc7 (commit) via 0c8d22bbae92c7e78477d4dadadc2bc18c3cfbbf (commit) via c6cf36f015984e82e43de865b8f8103066a77c66 (commit) via 90bc2ffebb6e01e9a7820c13402a8249193e6448 (commit) via 628bbe846b437aba16656c25124294ae90196f53 (commit) via bc3baf2162d6eef8641c165eb70a9586c10a8020 (commit) via 3c797992c0d01f715efe0054c7ef7231fb292591 (commit) via 88a68140e52e169a828a5ef3f6ad6dbcd4f7f70b (commit) via f560958e29b058b606d3a3d665d564ad8a62f751 (commit) via a142c42643d6e8730a8c5948e19940677ee29b77 (commit) via c3555349fb3e1ca3c75e9677a05ece12f2ff644f (commit) via 5a4fd513a1e740b94dff9e051d2fd4e8110f997c (commit) via 635083bad80b21081f78fd0c5acef55afe87d73f (commit) via 3525d32ba43b960dda576cc55e0161ba773b3ec5 (commit) via 96fc8427dab3f7cdfe5175e6422e0c6c9339b308 (commit) via fa82509a79ae0b7c6b6b3aa4834fea358740e135 (commit) via a03ba3426aeae4e9fd7a9abfabba38e90bfe2cfe (commit) via c04f0bfc85bb789d66f9a8f2d4729a148088db4d (commit) via 704484cedfcc60d48b42d28ed8aa3f0464193ee0 (commit) via 5080a36b15ca1a0bd2ebfafbc288fb87422dfc09 (commit) via 9b1da3db16d5e0691137750c8f6850b02068cff0 (commit) via b9af396e59d0832d0e3523a38ce16c16ee3b8940 (commit) via 59c90242b6bf73f9f2c463389258e13dfa120595 (commit) via 30177d15c80f2170bfed542f131edd56397ed03a (commit) via e4f869c1b2d97b1efb9bfbb4e38ff9e7762a61d0 (commit) via cee36dc9d608462c45fff3ad7f280a301c02b34d (commit) from d2b610bc453351c8b9dd50a7da2c2fcbe03c58d5 (commit) - Log - commit 3529993430cd665987db1ade8fa5e6f17fd9fdc7 Merge: 0c8d22b c6cf36f Author: Mark J. Cox Date: Tue Feb 16 15:15:10 2021 + Merge pull request #217 from iamamoose/sponsor Add new bronze level github sponsor commit 0c8d22bbae92c7e78477d4dadadc2bc18c3cfbbf Merge: d2b610b 90bc2ff Author: Mark J. Cox Date: Tue Feb 16 14:57:14 2021 + Merge branch 'master' of github.com:iamamoose/openssl-web commit c6cf36f015984e82e43de865b8f8103066a77c66 Author: Mark J. Cox Date: Tue Feb 16 14:51:33 2021 + Add new bronze level github sponsor commit 90bc2ffebb6e01e9a7820c13402a8249193e6448 Merge: 628bbe8 32ac25c Author: Mark J. Cox Date: Mon Jan 4 15:53:49 2021 + Merge remote-tracking branch 'gh/master' commit 628bbe846b437aba16656c25124294ae90196f53 Merge: bc3baf2 0689c52 Author: Mark J. Cox Date: Mon Jan 4 15:51:30 2021 + Merge remote-tracking branch 'site/master' commit bc3baf2162d6eef8641c165eb70a9586c10a8020 Author: Mark J. Cox Date: Mon Jan 4 15:29:11 2021 + Update the Sponsorship page to remove sponsorships that have lapsed and add a link to recognise the GitHub Sponsors commit 3c797992c0d01f715efe0054c7ef7231fb292591 Author: Matt Caswell Date: Tue Dec 8 13:45:19 2020 + Commits for new releases Reviewed-by: Richard Levitte commit 88a68140e52e169a828a5ef3f6ad6dbcd4f7f70b Author: Matt Caswell Date: Thu Nov 26 15:03:27 2020 + Update newsflash for new release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/208) commit f560958e29b058b606d3a3d665d564ad8a62f751 Author: Pauli Date: Fri Nov 6 22:52:00 2020 +1000 by laws: remove the necessity for the OMC to invite committers and OTC members. It would be better if these invitations come from the OTC which does the nominations. Reviewed-by: Matt Caswell Reviewed-by: Mark J. Cox Reviewed-by: Tim Hudson Reviewed-by: Kurt Roeckx Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/207) commit a142c42643d6e8730a8c5948e19940677ee29b77 Author: Dr. Matthias St. Pierre Date: Thu Oct 1 18:13:22 2020 +0200 policies/sidebar: add link to OpenSSL Technical Policies Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/199) commit c3555349fb3e1ca3c75e9677a05ece12f2ff644f Author: Pauli Date: Thu Nov 5 09:54:17 2020 +1000 Merge SHA2 entries in FIPS table Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) commit 5a4fd513a1e740b94dff9e051d2fd4e8110f997c Author: Pauli Date: Thu Nov 5 09:30:22 2020 +1000 3.0 design: remove the SP 800-90 entropy testing entry. Due to rules changes, this will not be happening. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/205) commit 635083bad80b21081f78fd0c5acef55afe87d73f Author: Pauli Date: Thu Nov 5 09:29:45 2020 +1000 3.0 design: remove the compliance column. Reviewed-by: Matt Caswell (
[web] master update
The branch master has been updated via 32ac25c3dc11364b8854de9e91303951f6ba406d (commit) via 9720d7fff327192e2d845f4e4d305c32cc0fe8b9 (commit) from 0689c523b599d89f0ce5caedab4f7d66bee1efb6 (commit) - Log - commit 32ac25c3dc11364b8854de9e91303951f6ba406d Merge: 0689c52 9720d7f Author: Mark J. Cox Date: Mon Jan 4 15:49:15 2021 + Merge pull request #211 from iamamoose/sponsorupdate Update the Sponsorship page to remove sponsorships that have lapsed commit 9720d7fff327192e2d845f4e4d305c32cc0fe8b9 Author: Mark J. Cox Date: Mon Jan 4 15:29:11 2021 + Update the Sponsorship page to remove sponsorships that have lapsed and add a link to recognise the GitHub Sponsors --- Summary of changes: support/acks.html | 22 -- 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/support/acks.html b/support/acks.html index 419924e..f3c75d2 100644 --- a/support/acks.html +++ b/support/acks.html @@ -15,10 +15,9 @@ Sponsorship Donations - We would like to identify and thank the following sponsors for their donations which give significant support to the OpenSSL project. - Please note some sponsors remain anonymous. + Please note sponsors may choose to remain anonymous. @@ -38,24 +37,9 @@ } - Exceptional: - - - https://www.smartisan.com/";> - - - Platinum: - - - https://www.huawei.com/";> - - Bronze: https://beslist.nl/";>beslist.nl -https://cargurus.com/";>CarGurus @@ -63,7 +47,9 @@ Other Donations - We also identify and thank organizations who contribute + We also would like to thank those who contribute + via https://github.com/sponsors/openssl";>GitHub Sponsors, + as well as the organizations who contribute in-kind donations to the project.
[web] master update
The branch master has been updated via 4a2dac4738e42fc30f7f38d9292a9391f715757e (commit) from 9b73985f37ba01f63b9aeb5c25560d2f6409dba4 (commit) - Log - commit 4a2dac4738e42fc30f7f38d9292a9391f715757e Author: Mark J. Cox Date: Wed Sep 9 12:59:40 2020 +0100 Add Racoon advisory, vulnerability db entry, and newsflash pointing to the advisory --- Summary of changes: news/newsflash.txt | 1 + news/secadv/20200909.txt | 76 news/vulnerabilities.xml | 47 +- 3 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20200909.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index edc8cc8..c1820fa 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +09-Sep-2020: Security Advisory: Raccoon attack 05-Sep-2020: New Blog post: OpenSSL Is Looking for a Full Time Administrator and Manager 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it diff --git a/news/secadv/20200909.txt b/news/secadv/20200909.txt new file mode 100644 index 000..bbe32dd --- /dev/null +++ b/news/secadv/20200909.txt @@ -0,0 +1,76 @@ +OpenSSL Security Advisory [09 September 2020] += + +Raccoon Attack (CVE-2020-1968) +== + +Severity: Low + +The Raccoon attack exploits a flaw in the TLS specification which can lead to +an attacker being able to compute the pre-master secret in connections which +have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would +result in the attacker being able to eavesdrop on all encrypted communications +sent over that TLS connection. The attack can only be exploited if an +implementation re-uses a DH secret across multiple TLS connections. Note that +this issue only impacts DH ciphersuites and not ECDH ciphersuites. + +OpenSSL 1.1.1 is not vulnerable to this issue: it never reuses a DH secret and +does not implement any "static" DH ciphersuites. + +OpenSSL 1.0.2f and above will only reuse a DH secret if a "static" DH +ciphersuite is used. These static "DH" ciphersuites are ones that start with the +text "DH-" (for example "DH-RSA-AES256-SHA"). The standard IANA names for these +ciphersuites all start with "TLS_DH_" but excludes those that start with +"TLS_DH_anon_". + +OpenSSL 1.0.2e and below would reuse the DH secret across multiple TLS +connections in server processes unless the SSL_OP_SINGLE_DH_USE option was +explicitly configured. Therefore all ciphersuites that use DH in servers +(including ephemeral DH) are vulnerable in these versions. In OpenSSL 1.0.2f +SSL_OP_SINGLE_DH_USE was made the default and it could not be turned off as a +response to CVE-2016-0701. + +Since the vulnerability lies in the TLS specification, fixing the affected +ciphersuites is not viable. For this reason 1.0.2w moves the affected +ciphersuites into the "weak-ssl-ciphers" list. Support for the +"weak-ssl-ciphers" is not compiled in by default. This is unlikely to cause +interoperability problems in most cases since use of these ciphersuites is rare. +Support for the "weak-ssl-ciphers" can be added back by configuring OpenSSL at +compile time with the "enable-weak-ssl-ciphers" option. This is not recommended. + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. + +Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2w. If +upgrading is not viable then users of OpenSSL 1.0.2v or below should ensure +that affected ciphersuites are disabled through runtime configuration. Also +note that the affected ciphersuites are only available on the server side if a +DH certificate has been configured. These certificates are very rarely used and +for this reason this issue has been classified as LOW severity. + +This issue was found by Robert Merget, Marcus Brinkmann, Nimrod Aviram and Juraj +Somorovsky and reported to OpenSSL on 28th May 2020 under embargo in order to +allow co-ordinated disclosure with other implementations. + +Note + + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of this issue on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20200909.txt + +Note: t
[web] master update
The branch master has been updated via aa5a6394fe82d072ca491cc4054b00cbf624358e (commit) from 1ee0b6a74934e813ae26995ae59cab209127da03 (commit) - Log - commit aa5a6394fe82d072ca491cc4054b00cbf624358e Author: Mark J. Cox Date: Sun Aug 16 08:23:38 2020 +0100 Add beslist.nl to the sponsor list for the bronze equivalent github level. Remove the list of past sponsors, this would be better served perhaps as a yearly blog post giving details of the health of the project. --- Summary of changes: support/acks.html | 28 ++-- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/support/acks.html b/support/acks.html index 1f5714c..419924e 100644 --- a/support/acks.html +++ b/support/acks.html @@ -54,34 +54,10 @@ Bronze: - https://cargurus.com/";>CarGurus +https://beslist.nl/";>beslist.nl +https://cargurus.com/";>CarGurus - Past sponsors include: - -2018: https://www.akamai.com/";>Akamai, - https://www.bluecedar.com/";>Blue Cedar, - https://www.handshake.org/";>Handshake, - https://www.huawei.com/";>Huawei, - https://levchinprize.com/";>Levchin Prize, - https://www.netapp.com/";>NetApp, - https://www.smartisan.com/";>Smartisan, - and - https://vmware.com/";>VMWare. - -2017: https://www.akamai.com/";>Akamai, - https://www.huawei.com/";>Huawei, - https://www.oracle.com/";>Oracle, - and - https://www.smartisan.com/";>Smartisan. - -2016: https://www.huawei.com/";>Huawei, - https://www.coreinfrastructure.org/";>Linux Foundation -Core Infrastructure Initiative, - and - https://www.smartisan.com/";>Smartisan. - - Other Donations
[web] master update
The branch master has been updated via cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 (commit) via 67e47e8ba8c4b28604817c1b1be8756b1e894e21 (commit) from 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f (commit) - Log - commit cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 Merge: 320f9a2 67e47e8 Author: Mark J. Cox Date: Thu Jun 4 09:29:20 2020 +0100 Merge pull request #171 from t8m/master Mention the CLA: trivial marker commit 67e47e8ba8c4b28604817c1b1be8756b1e894e21 Author: Tomáš Mráz Date: Thu Apr 16 12:22:26 2020 +0200 Mention the CLA: trivial marker --- Summary of changes: policies/cla.html | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/policies/cla.html b/policies/cla.html index 51876e4..e29cf7d 100644 --- a/policies/cla.html +++ b/policies/cla.html @@ -46,8 +46,10 @@ In practice, it is required that the author (in the git commit message) and all approving team members (in the pull request thread) - agree that a change is trivial. The reviewers will normally post - a statement to the effect of "I agree that it is a trivial change." + agree that a change is trivial. The author has to add "CLA: trivial" + in the commit message separated by an empty line from the rest of the + message. The reviewers will normally post a statement to the effect + of "I agree that it is a trivial change."
[web] master update
The branch master has been updated via 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f (commit) via fdfbad68adcdcdd09533b493a22113408a568249 (commit) from 99682759ed4de5f994e486e6bc6ca0f8617c8c5b (commit) - Log - commit 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f Merge: 9968275 fdfbad6 Author: Mark J. Cox Date: Thu Jun 4 09:27:32 2020 +0100 Merge pull request #165 from iamamoose/nostandards Remove the docs/standards.html page commit fdfbad68adcdcdd09533b493a22113408a568249 Author: Mark J. Cox Date: Fri Mar 20 14:19:56 2020 + The standards page is out of date and we don't want to maintain it going forward, so best to remove it fixes #155 #106 --- Summary of changes: docs/index.html | 4 +- docs/sidebar.shtml | 3 - docs/standards.html | 200 3 files changed, 1 insertion(+), 206 deletions(-) delete mode 100644 docs/standards.html diff --git a/docs/index.html b/docs/index.html index a0297d0..16b7bf4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -22,9 +22,7 @@ The frequently-asked questions (FAQ) -is available. So is an incomplete list of -what standards (RFC's) are relevant. - +is available. Information about the first-ever open source FIPS-140 validation is also diff --git a/docs/sidebar.shtml b/docs/sidebar.shtml index e017bad..a603a43 100644 --- a/docs/sidebar.shtml +++ b/docs/sidebar.shtml @@ -6,9 +6,6 @@ FAQ - -Relevant standards - Manpages diff --git a/docs/standards.html b/docs/standards.html deleted file mode 100644 index c9e612e..000 --- a/docs/standards.html +++ /dev/null @@ -1,200 +0,0 @@ - - - - - - - - - - Standards - - This page is a partial list of the specifications -that are relevant to OpenSSL. Sometimes a document is useful -because OpenSSL provides an implementation; and sometimes it is -useful just for background knowledge. This list is maintained -on a casual basis. If you have updates, please let us know. - -Note that we do not claim to have completely implemented every -part of any specification. And also that some algorithms are -disabled by default. - - - https://tools.ietf.org/html/rfc1319";>RFC 1319: - The MD2 Message-Digest Algorithm - https://tools.ietf.org/html/rfc1320";>RFC 1320: - The MD4 Message-Digest Algorithm - https://tools.ietf.org/html/rfc1321";>RFC 1321: - The MD5 Message-Digest Algorithm - https://tools.ietf.org/html/rfc1421";>RFC 1421: - Privacy Enhancement for Internet Electronic Mail: Part - I: Message Encryption and Authentication Procedures - https://tools.ietf.org/html/rfc1422";>RFC 1422: - Privacy Enhancement for Internet Electronic Mail: Part - II: Certificate-Based Key Management - https://tools.ietf.org/html/rfc1423";>RFC 1423: - Privacy Enhancement for Internet Electronic Mail: Part - III: Algorithms, Modes, and Identifiers - https://tools.ietf.org/html/rfc1424";>RFC 1424: - Privacy Enhancement for Internet Electronic Mail: Part - IV: Key Certification and Related Services - https://tools.ietf.org/html/rfc2246";>RFC 2246: - The TLS Protocol Version 1 - https://tools.ietf.org/html/rfc2268";>RFC 2268: - A Description of the RC2(r) Encryption - Algorithm - https://tools.ietf.org/html/rfc2315";>RFC 2315: - PKCS 7: Cryptographic Message Syntax Version 1.5 - https://tools.ietf.org/html/rfc2510";>RFC 2510: - Internet X.509 Public Key Infrastructure Certificate - Management Protocols - https://tools.ietf.org/html/rfc2511";>RFC 2511: - Internet X.509 Certificate Request Message Format - https://tools.ietf.org/html/rfc2527";>RFC 2527: - Internet X.509 Public Key Infrastructure Certificate - Policy and Certification Practices Framework - https://tools.ietf.org/html/rfc2538";>RFC 2538: - Storing Certificates in the Domain Name System - (DNS) - https://tools.ietf.org/html/rfc2539";>RFC 2539: - Storage of Diffie-Hellman Keys in the Domain Name - System (DNS)
[web] master update
The branch master has been updated via 99682759ed4de5f994e486e6bc6ca0f8617c8c5b (commit) via 2fa2bb62190deb3c45df3b691a414246d87d9fe4 (commit) via 3beefff3e6a58d2796eba2ef9944404b3d706c48 (commit) from ea973d250e311c51c91217c2e6edf93370be0e43 (commit) - Log - commit 99682759ed4de5f994e486e6bc6ca0f8617c8c5b Merge: ea973d2 2fa2bb6 Author: Mark J. Cox Date: Thu Jun 4 09:22:17 2020 +0100 Merge pull request #179 from iamamoose/sponsors Add a link to our GitHub sponsors page commit 2fa2bb62190deb3c45df3b691a414246d87d9fe4 Author: Mark J. Cox Date: Thu Jun 4 08:01:11 2020 +0100 Closing tag commit 3beefff3e6a58d2796eba2ef9944404b3d706c48 Author: Mark J. Cox Date: Thu Jun 4 07:58:51 2020 +0100 Add a link to our GitHub sponsors page; we do need to rework all these pages in the future so don't worry about the "and one more thing" style for now. --- Summary of changes: support/donations.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/support/donations.html b/support/donations.html index 731ac19..0228569 100644 --- a/support/donations.html +++ b/support/donations.html @@ -17,6 +17,9 @@ sponsorship donation, or by hiring OSF for consulting services or custom software development. +We can also accept smaller donations +via https://github.com/sponsors/openssl";>GitHub Sponsors. + We do not have a PayPal account. Please do not donate to any PayPal account claiming to be associated with us!
[web] master update
The branch master has been updated via d874d260ef2e325c946ae152ea0d09c640c73d8b (commit) from 2c56e98a493d3739cdf292ff3d3c70de77e5efa9 (commit) - Log - commit d874d260ef2e325c946ae152ea0d09c640c73d8b Author: Mark J. Cox Date: Tue May 12 09:40:58 2020 +0100 Update policy to add to prenotifications as per OMC vote --- Summary of changes: policies/secpolicy.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 67d91d1..54fb592 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 12th May 2019 + Last modified 12th May 2020 @@ -128,6 +128,8 @@ href="http://oss-security.openwall.org/wiki/mailing-lists/distros";>this list of Operating System distribution security contacts. We may also include other organisations that are not listed but would otherwise qualify for list membership. +We may also include organisations with which we have a +commercial relationship. We may withdraw notifying certain organisations from future prenotifications if they leak issues before they are public
[web] master update
The branch master has been updated
via e06c12c5f7222ba0a7fc7982bf8e4b8f696d0222 (commit)
via 9d0d2ec0fd21f46e4503282a9b9f1739869accfb (commit)
from 9801203e145577c03541cf147946d107d9ae74c5 (commit)
- Log -
commit e06c12c5f7222ba0a7fc7982bf8e4b8f696d0222
Author: Mark J. Cox
Date: Fri Mar 20 09:02:32 2020 +
Simple fix for #159 if we can't open the schema tell the user how to work
around it. We
actually need to do that because some older? Ubuntu systems were having
problems with the
CA cert from github
commit 9d0d2ec0fd21f46e4503282a9b9f1739869accfb
Author: Mark J. Cox
Date: Thu Mar 19 14:43:19 2020 +
Mitre have been stripping whitespace after commas on submitted entries, so
let's
do that by default. But they are keeping the whitespace after :.
fixes #160
---
Summary of changes:
bin/vulnxml2json.py | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/bin/vulnxml2json.py b/bin/vulnxml2json.py
index cffa29f..3b1dcbb 100755
--- a/bin/vulnxml2json.py
+++ b/bin/vulnxml2json.py
@@ -39,7 +39,11 @@ if not options.input:
exit();
if options.schema:
- response = urllib.urlopen(options.schema)
+ try:
+ response = urllib.urlopen(options.schema)
+ except:
+ print "Problem opening schema: try downloading it manually then specify
it using --schema option: %s" % options.schema
+ exit()
schema_doc = json.loads(response.read())
cvej = list()
@@ -146,7 +150,7 @@ for issue in cvej:
continue
f = codecs.open(options.outputdir+"/"+fn, 'w', 'utf-8')
-f.write(json.dumps(issue, sort_keys=True, indent=4))
+f.write(json.dumps(issue, sort_keys=True, indent=4, separators=(',',': ')))
print "wrote %s" %(options.outputdir+"/"+fn)
f.close()
[web] master update
The branch master has been updated via 9801203e145577c03541cf147946d107d9ae74c5 (commit) via 036255af6ba639dd58607c48b3099e13f41ad5bd (commit) from b0b2c557bf523fc71a3f0393fb77fcd84b68c7a1 (commit) - Log - commit 9801203e145577c03541cf147946d107d9ae74c5 Author: Mark J. Cox Date: Thu Mar 19 14:21:28 2020 + Update security.txt to a clearsigned version with non-expired key matching the latest draft-foudil-securitytxt-09 fixes #145 commit 036255af6ba639dd58607c48b3099e13f41ad5bd Author: Mark J. Cox Date: Wed Mar 18 11:03:03 2020 + typo fixes: #86 --- Summary of changes: .well-known/security.txt | 24 +++- .well-known/security.txt.asc | 16 docs/faq-5-misc.txt | 2 +- 3 files changed, 24 insertions(+), 18 deletions(-) delete mode 100644 .well-known/security.txt.asc diff --git a/.well-known/security.txt b/.well-known/security.txt index d56daa5..6da9fbb 100644 --- a/.well-known/security.txt +++ b/.well-known/security.txt @@ -1,5 +1,27 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA256 + +Canonical: https://www.openssl.org/.well-known/security.txt Contact: openssl-secur...@openssl.org +Contact: https://www.openssl.org/community/#securityreports Encryption: https://www.openssl.org/news/openssl-security.asc Acknowledgement: https://www.openssl.org/news/vulnerabilities.html Policy: https://www.openssl.org/policies/secpolicy.html -Signature: https://www.openssl.org/.well-known/security.txt.asc + +-BEGIN PGP SIGNATURE- + +iQJMBAEBCAA2FiEE78CkZ9YTy4PH7W0w2JTizos9efUFAl5zf7QYHG9wZW5zc2wt +b21jQG9wZW5zc2wub3JnAAoJENiU4s6LPXn1BP8P/1nvn2szpgh5acMdccb6BJlP +LKSmtkQpwp7SNF7qMwTJ1aB4cjO29n1NE4JGwNLgv4k4jCPsip7CjAbtm4dJolSF +y3y0SaMShkByeeVqB50Sp7EGgPbt91mb094viQiDkqxDnKw9pljG4jqQO/Aj4PQF +/u6b7sDmArLVZMM/62gGxqopovtiRxXxefg7Lp6Qb60JmULdkEJqpzm3lCoGZMuM +m3riCZRhUWVwIzdJtcmtD06QH6KNKNoZGhD2Kxp2zLm2rmn2FtCR8pfa106Nz3SI +gsvVrFymM6NYROMl0T4B71pTXrQJBmAfkp+JXbSIX/ta+bRaNx4Z1ChIEG0llRsf +Bn8YWQ6ub8VAApoi4bbvlIv2BUp+xrGaSoeqQ8wJSJ5yVNcTXCxjN0OhgZFIH0QE +cHn1hqhrCIyhX3NfYgZeeXSfYxUu7AqGufs25YZ6gtNu76nH6/HbYMFVDpCEp94n +dyU2JTIMihalylm54tUulQ/+TX2uTVD42OmcBvBfJ60e3qHNk4NmgiM7g90Gb9QF +dUwGf2QkUi+7xd2NaNGNhkrNvE1eKgPiJxalvWFLhGPOw2FBLxOK3LWpw+IhTacM +CsQnWt+LX9KvAGhd+4+3xThVbJOHBasa8R4o3sHWwTa5Jdi1oO+BaycZdvn8JBL/ +BN+h2A7B4GNYIGaDnYj2 +=w4IR +-END PGP SIGNATURE- diff --git a/.well-known/security.txt.asc b/.well-known/security.txt.asc deleted file mode 100644 index 3fa82a1..000 --- a/.well-known/security.txt.asc +++ /dev/null @@ -1,16 +0,0 @@ --BEGIN PGP SIGNATURE- - -iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAlpNnfIACgkQ2JTizos9 -efXBWg//YIzGg2gDBOxsL9TPw2JtCR7SiwgEyHuMKpiHZxhCTfBVlYC0PBJbIvzp -jis9T4GQhmTkKswFzMjSnjLcIWPwUBsuRoZ6J25kAxOckNIa3Cj6HslU+nhxjKzU -UWtSElJKm4TDoTljcl78Jh12xqB90QJU7m9nHyCphaIuCgAugVDfdJxbXS2PsEOP -wClu+dq94BlyswC4jsQSvA7JcEq9JocooD/BYbcSRYK3MCnlu1WtT9JCYap02D5k -lgkGJGNo/Vbi0IglM4WhLI83EWyEOPpEPkT63VeW2dyMFQww8FN/icT2W0geHvac -VfBIKn/Eb357j1pQEufwhLmOb4Wf2EmGGV4uMnzxXk4DCx0PUDXCn8da+/2iBDvS -OUiQ7ziVZdoW/rbA2S9mSIky6HaFQWasVYDCB95lpY20Nr5femLBUpDhp/vTskXJ -dGwITxUxWhH32TGIYMMLFwDLpGb/ej26S+FunVn6gceqnMMQ8MVqTBfO1/3tQKjK -/OJL6+sLWaJMxJK8skLXOUvIwGmeLGArRoITl1lzpzwu09hfTEy19F23DVlwvJ/S -OOYNrJKWhfZwquU3lTZgNxLozGBFKuKvPcFvx25wIuwWnt7AGcfZNTIQb29WMoF2 -bBHJfCYwea2VPuGF++KeFNfOGlXGNK9CX/aKjkwwJK+Fws60oTQ= -=W3nD --END PGP SIGNATURE- diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt index f06fd34..611f23a 100644 --- a/docs/faq-5-misc.txt +++ b/docs/faq-5-misc.txt @@ -48,7 +48,7 @@ * Where can I get a compiled version of OpenSSL? -You can finder pointers to binary distributions in +You can find pointers to binary distributions in https://www.openssl.org/community/binaries.html. Some applications that use OpenSSL are distributed in binary form.
[tools] master update
The branch master has been updated
via 1a4ebc8a908344ddff8121eb664cf9f29e60d89a (commit)
via aef3a920ed35ecf2d539c02ac3a77f45a82c8c2f (commit)
from b51efa70790d498f07e221348dc3e07f3b2889bc (commit)
- Log -
commit 1a4ebc8a908344ddff8121eb664cf9f29e60d89a
Author: Mark J. Cox
Date: Fri Feb 7 11:14:22 2020 +
PRs are issues but let's be clear
commit aef3a920ed35ecf2d539c02ac3a77f45a82c8c2f
Author: Mark J. Cox
Date: Fri Feb 7 11:00:40 2020 +
Add a notification when ready to merge
fixes #52
---
Summary of changes:
github-approve-label-workflow/github-approve-label-workflow.py | 7 +++
1 file changed, 7 insertions(+)
diff --git a/github-approve-label-workflow/github-approve-label-workflow.py
b/github-approve-label-workflow/github-approve-label-workflow.py
index 93ffd72..ecacdf5 100644
--- a/github-approve-label-workflow/github-approve-label-workflow.py
+++ b/github-approve-label-workflow/github-approve-label-workflow.py
@@ -59,6 +59,13 @@ def movelabeldonetoready(issue):
res = requests.post(url, data=json.dumps(newlabel), headers=headers)
if (res.status_code != 200):
print("Error adding label", res.status_code, res.content)
+return
+newcomment = {"body":"This pull request is ready to merge"}
+url = api_url + "/issues/" + str(issue) + "/comments"
+res = requests.post(url, data=json.dumps(newcomment), headers=headers)
+if (res.status_code != 201):
+print("Error adding comment", res.status_code, res.content)
+return
# Check through an issue and see if it's a candidate for moving
[tools] master update
The branch master has been updated
via b51efa70790d498f07e221348dc3e07f3b2889bc (commit)
from 216776e13b1673a13fccb525f2ec0c0d821f7525 (commit)
- Log -
commit b51efa70790d498f07e221348dc3e07f3b2889bc
Author: Mark J. Cox
Date: Thu Feb 6 09:29:24 2020 +
Remove requirement of Python 3.7+ (just Python 3 is needed)
---
Summary of changes:
github-approve-label-workflow/README.md| 2 ++
github-approve-label-workflow/github-approve-label-workflow.py | 5 ++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/github-approve-label-workflow/README.md
b/github-approve-label-workflow/README.md
index 8442b58..6acf928 100644
--- a/github-approve-label-workflow/README.md
+++ b/github-approve-label-workflow/README.md
@@ -16,3 +16,5 @@ python github-approve-label-workflow --debug --token token.txt
or to also actually change any labels
python github-approve-label-workflow --debug --token token.txt --commit
+
+Requires Python 3
diff --git a/github-approve-label-workflow/github-approve-label-workflow.py
b/github-approve-label-workflow/github-approve-label-workflow.py
index 99713f7..93ffd72 100644
--- a/github-approve-label-workflow/github-approve-label-workflow.py
+++ b/github-approve-label-workflow/github-approve-label-workflow.py
@@ -1,5 +1,5 @@
#! /usr/bin/env python
-# requires python 3.7+
+# requires python 3
#
# Do we have any open PR's that have label "Approval: done"
# that are over 24 hours without any other comments?
@@ -20,8 +20,7 @@ from optparse import OptionParser
api_url = "https://api.github.com/repos/openssl/openssl";
def convertdate(date):
-# python fromisoformat needs a TZ in hours/minutes
-return datetime.fromisoformat(date.replace('Z', '+00:00'))
+return datetime.strptime(date.replace('Z',"+"), "%Y-%m-%dT%H:%M:%S%z")
# Get all the open pull requests, filtering by approval: done label
[tools] master update
The branch master has been updated
via 216776e13b1673a13fccb525f2ec0c0d821f7525 (commit)
via daa4fdc5eba7a9d7c10bee7ece40b9397eb7d8ca (commit)
via 55a4f13f049861dfd06476d6d6e4cf1ac8a93c49 (commit)
from cbda6bd72e4abbe16a4a260312b1289a0e9e4764 (commit)
- Log -
commit 216776e13b1673a13fccb525f2ec0c0d821f7525
Author: Mark J. Cox
Date: Wed Feb 5 11:22:24 2020 +
Neews python 3.7+ (or do a different date parser)
commit daa4fdc5eba7a9d7c10bee7ece40b9397eb7d8ca
Author: Mark J. Cox
Date: Wed Feb 5 11:20:25 2020 +
Style changes undo yapf blank lines, and fix typo function name
commit 55a4f13f049861dfd06476d6d6e4cf1ac8a93c49
Author: Mark J. Cox
Date: Wed Feb 5 10:49:33 2020 +
Add a tool for checking and changing labels
---
Summary of changes:
.gitignore | 3 +
github-approve-label-workflow/README.md| 18 +++
.../github-approve-label-workflow.py | 165 +
3 files changed, 186 insertions(+)
create mode 100644 github-approve-label-workflow/README.md
create mode 100644
github-approve-label-workflow/github-approve-label-workflow.py
diff --git a/.gitignore b/.gitignore
index e3a688e..5c45ae8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,5 +36,8 @@ ghpass.txt
/OpenSSL-Query/inc
/OpenSSL-Query/pm_to_blib
+# in case someone forgets and commits their token
+github-approve-label-workflow/token.txt
+
# Generic
*~
diff --git a/github-approve-label-workflow/README.md
b/github-approve-label-workflow/README.md
new file mode 100644
index 000..8442b58
--- /dev/null
+++ b/github-approve-label-workflow/README.md
@@ -0,0 +1,18 @@
+Do we have any open openssl PR requests that have the label
+"approval: done" that are over 24 hours old? If so if there
+have been no other comments added since then we can automatically
+move them to "approval: ready to merge"
+
+You need a token to make label changes and to ensure you don't
+hit rate limiting if you just want a dry run. Get one from
+https://github.com/settings/tokens/new select 'repo' only
+then put it in token.txt (prefix with the string "token ", i.e.
+echo "token 12903413aa" > token.txt
+
+to see what it would do:
+
+python github-approve-label-workflow --debug --token token.txt
+
+or to also actually change any labels
+
+python github-approve-label-workflow --debug --token token.txt --commit
diff --git a/github-approve-label-workflow/github-approve-label-workflow.py
b/github-approve-label-workflow/github-approve-label-workflow.py
new file mode 100644
index 000..99713f7
--- /dev/null
+++ b/github-approve-label-workflow/github-approve-label-workflow.py
@@ -0,0 +1,165 @@
+#! /usr/bin/env python
+# requires python 3.7+
+#
+# Do we have any open PR's that have label "Approval: done"
+# that are over 24 hours without any other comments?
+#
+# get a token https://github.com/settings/tokens/new -- just repo is fine
+# pop it in token.txt or you'll get a bad API limit
+#
+# note that we'd use pyGithub but we can't as it doesn't fully handle the
timeline objects
+# as of Feb 2020
+#
+# m...@openssl.org Feb 2020
+#
+import requests
+import json
+from datetime import datetime, timezone
+from optparse import OptionParser
+
+api_url = "https://api.github.com/repos/openssl/openssl";
+
+def convertdate(date):
+# python fromisoformat needs a TZ in hours/minutes
+return datetime.fromisoformat(date.replace('Z', '+00:00'))
+
+# Get all the open pull requests, filtering by approval: done label
+
+def getpullrequests():
+url = api_url + "/pulls?per_page=100&page=1" # defaults to open
+res = requests.get(url, headers=headers)
+repos = res.json()
+prs = []
+while 'next' in res.links.keys():
+res = requests.get(res.links['next']['url'], headers=headers)
+repos.extend(res.json())
+
+# Let's filter by label if we're just looking to move things, we can parse
+# everything for statistics in another script
+
+try:
+for pr in repos:
+if 'labels' in pr:
+for label in pr['labels']:
+if label['name'] == 'approval: done':
+prs.append(pr['number'])
+except:
+print("failed", repos['message'])
+return prs
+
+# Change the labels on an issue from approval: done to approval: ready to merge
+
+def movelabeldonetoready(issue):
+url = api_url + "/issues/" + str(issue) + "/labels/approval:%20done"
+res = requests.delete(url, headers=headers)
+if (res.status_code != 200):
+prin
[web] master update
The branch master has been updated
via 23af72984b104ab0407873cd01c885be9635cb81 (commit)
via d357e46dce040f602bd150afa23c68d80a58abfa (commit)
via 5ad619db6417b3405b9932e0d514112a60beb875 (commit)
via 78cdcfd517424f1b95f8d8e195e5cbdd822a631e (commit)
from ba98fa477470b023d70a080fad35dd406b573f3f (commit)
- Log -
commit 23af72984b104ab0407873cd01c885be9635cb81
Merge: d357e46 78cdcfd
Author: Mark J. Cox
Date: Fri Jan 3 12:13:39 2020 +
Merge pull request #148 from mattcaswell/remove-110-additional
Remove an additional 1.1.0 reference
commit d357e46dce040f602bd150afa23c68d80a58abfa
Merge: ba98fa4 5ad619d
Author: Mark J. Cox
Date: Fri Jan 3 12:13:07 2020 +
Merge pull request #151 from iamamoose/eolstatements
Allow a default statement if our page is not for a specific base version
commit 5ad619db6417b3405b9932e0d514112a60beb875
Author: Mark J. Cox
Date: Fri Jan 3 11:48:09 2020 +
Allow a default statement if our page is not for a specific base version
also clean up the HTML we closed the p tag in the wrong place. Add a
statement on all the versions out of support.
commit 78cdcfd517424f1b95f8d8e195e5cbdd822a631e
Author: Matt Caswell
Date: Tue Dec 17 14:26:51 2019 +
Remove an additional 1.1.0 reference
We previously removed references to 1.1.0 as a current release. There is
one remaining spot that was missed, so we update that too.
---
Summary of changes:
bin/mk-cvepage | 11 ++-
inc/mansidebar.shtml | 1 -
news/vulnerabilities.xml | 1 +
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 8ab..abed8b4 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -138,12 +138,13 @@ for base in allyourbase(dom):
bases.append( "%s"
%(base,base))
preface += "Show issues fixed only in OpenSSL " + ", ".join(bases)
if options.base:
-preface += ", or all versions"
+preface += ", or all versions"
preface += "Fixed in OpenSSL %s" %(options.base)
-for statement in dom.getElementsByTagName('statement'):
-if (statement.getAttribute("base") in options.base):
-preface += statement.firstChild.data.strip()
-preface += ""
+else:
+preface += ""
+for statement in dom.getElementsByTagName('statement'):
+if (statement.getAttribute("base") in (options.base or "none")):
+preface += ""+statement.firstChild.data.strip()+""
if len(allyears)>1: # If only vulns in this year no need for the year table of
contents
preface += "Jump to year: " + ", ".join( "%s" %(year,year) for year in allyears)
preface += ""
diff --git a/inc/mansidebar.shtml b/inc/mansidebar.shtml
index c794b16..5ec8083 100644
--- a/inc/mansidebar.shtml
+++ b/inc/mansidebar.shtml
@@ -5,7 +5,6 @@
master
1.1.1
- 1.1.0
1.0.2
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 0378674..60bfd33 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7336,6 +7336,7 @@ default and not common.
+ Note: All OpenSSL versions before 1.1.1 are out of
support and no longer receiving updates. Extended support is available for
1.0.2 from OpenSSL Software Services for premium support customers.
OpenSSL 0.9.6 is out of support and no longer
receiving updates.
OpenSSL 0.9.7 is out of support and no longer
receiving updates.
OpenSSL 0.9.8 is out of support since 1st January
2016 and no longer receiving updates.
[web] master update
The branch master has been updated
via ba98fa477470b023d70a080fad35dd406b573f3f (commit)
via edfd2b0b8980e340b13d288fc373c8ee9b909307 (commit)
from 9d8e43e70514d403e27663b13d06963c5381603b (commit)
- Log -
commit ba98fa477470b023d70a080fad35dd406b573f3f
Merge: 9d8e43e edfd2b0
Author: Mark J. Cox
Date: Fri Jan 3 10:05:39 2020 +
Merge pull request #150 from iamamoose/eolstatements
Update the vulnerability XML to also include some statements about EOL
commit edfd2b0b8980e340b13d288fc373c8ee9b909307
Author: Mark J. Cox
Date: Fri Jan 3 09:50:43 2020 +
Update the vulnerability XML to also include some statements about EOL
versions
that was we can make it clear on the vulnerability page when things are EOL
---
Summary of changes:
bin/mk-cvepage | 3 +++
news/vulnerabilities.xml | 8
2 files changed, 11 insertions(+)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 10654b6..8ab 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -140,6 +140,9 @@ preface += "Show issues fixed only in OpenSSL " + ",
".join(bases)
if options.base:
preface += ", or all versions"
preface += "Fixed in OpenSSL %s" %(options.base)
+for statement in dom.getElementsByTagName('statement'):
+if (statement.getAttribute("base") in options.base):
+preface += statement.firstChild.data.strip()
preface += ""
if len(allyears)>1: # If only vulns in this year no need for the year table of
contents
preface += "Jump to year: " + ", ".join( "%s" %(year,year) for year in allyears)
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index de81fa1..0378674 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7336,6 +7336,14 @@ default and not common.
+ OpenSSL 0.9.6 is out of support and no longer
receiving updates.
+ OpenSSL 0.9.7 is out of support and no longer
receiving updates.
+ OpenSSL 0.9.8 is out of support since 1st January
2016 and no longer receiving updates.
+ OpenSSL 1.0.0 is out of support since 1st January
2016 and no longer receiving updates.
+ OpenSSL 1.0.1 is out of support since 1st January
2017 and no longer receiving updates.
+ OpenSSL 1.0.2 is out of support since 1st January
2020 and is no longer receiving updates. Extended support is available from
OpenSSL Software Services for premium support customers
+ OpenSSL 1.1.0 is out of support since 12th September
2019 and no longer receiving updates.
+
[web] master update
The branch master has been updated
via 0f13e11e18c095b1880821007c06719808ce1360 (commit)
via 5fbd49f0e4457fdae7e5c09a263792f97353c759 (commit)
via cea049657a3078c9cde30101ec0aef24169642c5 (commit)
from 8930b3a506ef2147a434448fc21429c1d3e8027d (commit)
- Log -
commit 0f13e11e18c095b1880821007c06719808ce1360
Merge: 8930b3a 5fbd49f
Author: Mark J. Cox
Date: Mon Nov 11 12:35:06 2019 +
Merge pull request #140 from iamamoose/sponsorship
Sync the OSF sponsorship page with the current sponsors
commit 5fbd49f0e4457fdae7e5c09a263792f97353c759
Author: Mark J. Cox
Date: Mon Nov 11 12:13:54 2019 +
Better grammar for where the support goes
commit cea049657a3078c9cde30101ec0aef24169642c5
Author: Mark J. Cox
Date: Mon Nov 11 11:47:41 2019 +
Update the sponsorship page to be current with the list of OSF
sponsors. Add a bronze level and the current sponsors at that level.
Add a link to the 'in kind' thanks page.
---
Summary of changes:
support/acks.html | 76 ++
support/donations.html | 3 ++
2 files changed, 49 insertions(+), 30 deletions(-)
diff --git a/support/acks.html b/support/acks.html
index eea4919..1f5714c 100644
--- a/support/acks.html
+++ b/support/acks.html
@@ -7,19 +7,19 @@
- Sponsor Acknowledgements
+ Acknowledgements
The OpenSSL project depends on volunteer efforts and financial
support from the end user community. That support comes
in many forms.
- We would like to identify and thank the following such sponsors
- for their significant support of the OpenSSL project. Sponsors are
- listed alphabetically within categories. Please note that we ask
- permission to identify sponsors and that some sponsors we consider
- eligible for inclusion here have requested to remain anonymous.
+ Sponsorship Donations
- Current Sponsors:
+
+ We would like to identify and thank the following sponsors
+ for their donations which give significant support to the OpenSSL
project.
+ Please note some sponsors remain anonymous.
+
.sponsorlogo {
@@ -37,44 +37,60 @@
text-align: center !important;
}
-
-
- Exceptional support:
+
+ Exceptional:
- https://www.akamai.com/";>
https://www.smartisan.com/";>
-
-
- Platinum support:
+ Platinum:
- https://www.bluecedar.com/";>
https://www.huawei.com/";>
- https://www.netapp.com/";>
- https://www.oracle.com/";>
- https://www.vmware.com/";>
-
+ Bronze:
+
+ https://cargurus.com/";>CarGurus
+
+ Past sponsors include:
+
+2018: https://www.akamai.com/";>Akamai,
+ https://www.bluecedar.com/";>Blue Cedar,
+ https://www.handshake.org/";>Handshake,
+ https://www.huawei.com/";>Huawei,
+ https://levchinprize.com/";>Levchin Prize,
+ https://www.netapp.com/";>NetApp,
+ https://www.smartisan.com/";>Smartisan,
+ and
+ https://vmware.com/";>VMWare.
+
+2017: https://www.akamai.com/";>Akamai,
+ https://www.huawei.com/";>Huawei,
+ https://www.oracle.com/";>Oracle,
+ and
+ https://www.smartisan.com/";>Smartisan.
+
+2016: https://www.huawei.com/";>Huawei,
+ https://www.coreinfrastructure.org/";>Linux Foundation
+Core Infrastructure Initiative,
+ and
+ https://www.smartisan.com/";>Smartisan.
+
+
-
+ Other Donations
+
+
+ We also identify and thank organizations who contribute
+ in-kind donations to the
project.
+
+
diff --git a/support/donations.html b/support/donations.html
index 1e6d56e..731ac19 100644
--- a/support/donations.html
+++ b/support/donations.html
@@ -48,6 +48,9 @@
Silver$10,000/yr
Acknowledgement on openssl.org
+ Bronze$5,000/yr
+Acknowledgement on openssl.org
+
Â
[openssl-commits] [web] master update
The branch master has been updated via 0ef1cccd789aa8434f9ef8e3783df637d506b53f (commit) via d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b (commit) from c49be85acdf6d10bfb17d0a5f1cb6405ae25fcaf (commit) - Log - commit 0ef1cccd789aa8434f9ef8e3783df637d506b53f Merge: c49be85 d5d657a Author: Mark J. Cox Date: Tue Jan 15 12:02:31 2019 + Merge pull request #105 from iamamoose/vulns Add severities that were in the advisories but missing from the vulnerability pages, also found a missing vulnerability commit d5d657a5d4ee7aa2602d41cdcc5723b191c43a8b Author: Mark J. Cox Date: Tue Jan 15 11:37:51 2019 + Add severities that were in the advisories but missing from the vulnerability pages, also found a missing vulnerability --- Summary of changes: news/vulnerabilities.xml | 80 1 file changed, 80 insertions(+) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 2142ade..d9b42bd 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -3629,6 +3629,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3671,6 +3672,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3689,6 +3691,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3757,8 +3760,79 @@ the certificate key is invalid. This function is rarely used in practice. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due + to a NULL pointer dereference. This could lead to a Denial Of Service attack. + + + + + + @@ -3829,6 +3903,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3872,6 +3947,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -3951,6 +4027,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -4040,6 +4117,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -4066,6 +4144,7 @@ the certificate key is invalid. This function is rarely used in practice. + @@ -4201,6 +4280,7 @@ the certificate key is invalid. This function is rarely used in practice. + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b (commit) via 93507ac9b3d6cd013b2148f83c0726817cf71576 (commit) via 92a7bda034e49e626bf933f9e61b82a2cefe308c (commit) from b78d963402ca83b6ede75f1a5d42d64ca61c2c49 (commit) - Log - commit a7fc7eb4f8d9d6b21c3376d6e815d0735909bd7b Merge: b78d963 93507ac Author: Mark J. Cox Date: Mon Nov 12 16:09:29 2018 + Merge pull request #94 from iamamoose/master trivial changes - CVE-2015-1788 was missing severity tag, fix bad website includes commit 93507ac9b3d6cd013b2148f83c0726817cf71576 Author: Mark J. Cox Date: Mon Nov 12 16:01:40 2018 + CVE-2015-1788 was missing the severity tag commit 92a7bda034e49e626bf933f9e61b82a2cefe308c Author: Mark J. Cox Date: Sat Oct 13 10:29:45 2018 +0100 Remove broken include --- Summary of changes: news/vulnerabilities.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 97ec427..86b18c0 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -2482,6 +2482,7 @@ + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 72c1892c6630fe39a3ba99980876a4e7e983a2d8 (commit) from e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 (commit) - Log - commit 72c1892c6630fe39a3ba99980876a4e7e983a2d8 Author: Mark J. Cox Date: Sat Oct 13 10:30:33 2018 +0100 Remove broken link --- Summary of changes: docs/fips/verifycd.html | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html index da76889..e02e28b 100644 --- a/docs/fips/verifycd.html +++ b/docs/fips/verifycd.html @@ -73,7 +73,6 @@ - _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 (commit) via fc3a76a7b2d8cfa3de18408ce1428785f4a9678e (commit) from 0fdc26a3da6206efb38025e5f2d94a97760f0614 (commit) - Log - commit e803b1e8aa04dde1595450e785bcb7b63f1ac7b5 Merge: 0fdc26a fc3a76a Author: Mark J. Cox Date: Sat Oct 13 10:26:44 2018 +0100 Merge pull request #88 from iamamoose/fipscd Link to KeyPair arrangement for FIPS CD provision commit fc3a76a7b2d8cfa3de18408ce1428785f4a9678e Author: Mark J. Cox Date: Sat Oct 13 09:35:14 2018 +0100 Link to KeyPair arrangement for FIPS CD provision --- Summary of changes: docs/fips/verifycd.html | 26 +- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html index a30a9c1..da76889 100644 --- a/docs/fips/verifycd.html +++ b/docs/fips/verifycd.html @@ -40,20 +40,20 @@ The requirement for this verification with an independently acquired FIPS 140-2 validated cryptographic module does not apply when the distribution file is distributed using a "secure" means. Distribution -on physical media is considered secure in this context, so as a -convenience a copy of the distribution files can be obtained from -OSS as a CD-ROM disks via postal mail. - -The fee for this is $100 in US Dollars. At this time we are only able - to accept US wire transfers. -Email us at mailto:osf-cont...@openssl.org";>osf-cont...@openssl.org -and we will send you our ABA and account information. -We cannot do credit cards, purchase orders, or anything other - than a US-based bank transfer at this time. -We can mail internationally (the CD contains only open source code -and so may be exported under the TSU exception of EAR ECCN 5D002). -It will take a week or two to process your order. +on physical media is considered secure in this context so you can +verify by obtaining a copy of the distribution files on CD-ROM disks via +postal mail. +OpenSSL are not providing disks directly at this time. However we have +an arrangement with KeyPair Consulting who will +https://keypair.us/2018/05/cd/";>send a disk to you at no + charge. + +Important Disclaimer: The listing of these third party products does not + imply any endorsement by the OpenSSL project, and these organizations are not + affiliated in any way with OpenSSL other than by the reference to their + independent web sites here. + Note that the files you will receive on these CDs will be identical in every respect (except for formal FIPS 140-2 compliance) with the files you can download from https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 2c0a67c87382d0e10d4ee02921e4d59358906039 (commit)
via 14964aea93f2691734f6f40a3207e810349b9c2c (commit)
via e5d4e54cc90c3c5756e03b32b5490a2cbf26b42a (commit)
from d7b78dd4edd7fda96fc4b1fafdfd7686108d2b22 (commit)
- Log -
commit 2c0a67c87382d0e10d4ee02921e4d59358906039
Merge: d7b78dd 14964ae
Author: Mark J. Cox
Date: Mon Sep 24 10:42:11 2018 +0100
Merge pull request #84 from iamamoose/vulns111
Missing the 1.1.1 vulns page which will be needed when any issues get fixed
commit 14964aea93f2691734f6f40a3207e810349b9c2c
Author: Mark J. Cox
Date: Mon Sep 24 10:36:15 2018 +0100
Add page for 1.1.1 vulnerabilities, this will get automatically updated when
there are any (the breadcrumbs will get updated automatically at that time)
commit e5d4e54cc90c3c5756e03b32b5490a2cbf26b42a
Author: Mark J. Cox
Date: Mon Sep 24 10:35:14 2018 +0100
Don't imply there are no vulnerabilities at all, just that we've not
released fixes for any yet
---
Summary of changes:
bin/mk-cvepage | 2 +-
news/{vulnerabilities-1.0.2.html => vulnerabilities-1.1.1.html} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
copy news/{vulnerabilities-1.0.2.html => vulnerabilities-1.1.1.html} (92%)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 8dbb864..10654b6 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -147,7 +147,7 @@ preface += ""
if allissues != "":
preface += allissues + ""
else:
-preface += "No vulnerabilities"
+preface += "No vulnerabilities fixed"
sys.stdout.write(preface.encode('utf-8'))
diff --git a/news/vulnerabilities-1.0.2.html b/news/vulnerabilities-1.1.1.html
similarity index 92%
copy from news/vulnerabilities-1.0.2.html
copy to news/vulnerabilities-1.1.1.html
index 0f1ac3b..db54fa1 100644
--- a/news/vulnerabilities-1.0.2.html
+++ b/news/vulnerabilities-1.1.1.html
@@ -15,7 +15,7 @@
If you think you have found a security bug in OpenSSL,
please report it to us.
-
+
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 53cc720aa09a60463d62d184ab6e23baccef5e71 (commit)
via 7c369dac41a2f5a25d3533932686c860958b2643 (commit)
via fb942af17ae8fff1e18939d57676678931e9b7e4 (commit)
via a1a3195d8d9abdbc5238618b23f73cb774262d09 (commit)
via 91ca9441703a779d4c065dc181653410914ee6f2 (commit)
from 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit)
- Log -
commit 53cc720aa09a60463d62d184ab6e23baccef5e71
Merge: 50ac168 7c369da
Author: Mark J. Cox
Date: Tue Sep 18 14:07:12 2018 +0100
Merge pull request #77 from iamamoose/oss
Merge information from openssl.com and about OSS into main site
commit 7c369dac41a2f5a25d3533932686c860958b2643
Author: Mark J. Cox
Date: Tue Sep 18 13:09:05 2018 +0100
Update to the latest OSS bylaws
commit fb942af17ae8fff1e18939d57676678931e9b7e4
Author: Mark J. Cox
Date: Tue Sep 18 11:04:31 2018 +0100
Add verify CD image
commit a1a3195d8d9abdbc5238618b23f73cb774262d09
Author: Mark J. Cox
Date: Tue Sep 18 11:03:45 2018 +0100
Add the page from http://openssl.com/verifycd.html but update to
show we do not accept US cheques/checks at this time.
commit 91ca9441703a779d4c065dc181653410914ee6f2
Author: Mark J. Cox
Date: Tue Sep 18 10:49:41 2018 +0100
Add OSS bylaws and details of OSS to the contact page rather than using
openssl.com
which we should deprecate. Bring wording for FIPS in line with what we
used on
openssl.com
---
Summary of changes:
community/contacts.html | 19
docs/fips/verifycd.html | 81
docs/fips/verifycd.jpg | Bin 0 -> 20887 bytes
policies/oss-bylaws.pdf | Bin 0 -> 38884 bytes
4 files changed, 94 insertions(+), 6 deletions(-)
create mode 100644 docs/fips/verifycd.html
create mode 100644 docs/fips/verifycd.jpg
create mode 100644 policies/oss-bylaws.pdf
diff --git a/community/contacts.html b/community/contacts.html
index 5c6f6a6..8c0820e 100644
--- a/community/contacts.html
+++ b/community/contacts.html
@@ -17,10 +17,21 @@
(US) non-profit corporation with its own bylaws.
+ OpenSSL Software Services
+ (OSS) also represents the OpenSSL project, for
+Support Contracts, and
+as the
+ Vendor of Record for NIST Cryptographic Module
+https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747";>#1747
+(This is an open-source validation of FIPS-140 based on OpenSSL).
+It is a Delaware (US) corporation with its own bylaws.
+
- The best way to contact OSF is by sending an email to
+ The best way to contact OSF or OSS is by sending an email to
mailto:osf-cont...@openssl.org";>osf-cont...@openssl.org.
- For postal or telephone contact, use the following:
+ For postal contact, use the following:
40 E Main St, Suite 744
@@ -29,10 +40,6 @@
- https://www.openssl.com";>OpenSSL Software Services
- (OSS) also represents the OpenSSL project, most notably as the
- Vendor of Record for the FIPS validation.
-
You are here: Home
diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html
new file mode 100644
index 000..a30a9c1
--- /dev/null
+++ b/docs/fips/verifycd.html
@@ -0,0 +1,81 @@
+
+
+
+
+
+
+
+
+
+ FIPS 140-2 verification of the OpenSSL FIPS Object
Module source distribution file
+
+
+
+
+The latest of the OpenSSL FIPS Object Module ("FIPS module")
+FIPS 140-2 validations saw the introduction of a new requirement
+by the CMVP:
+
+ The distribution tar file, shall be verified using an
+independently acquired FIPS 140-2 validated cryptographic
+module...
+
+Some prospective users of the OpenSSL FIPS Object Module 2.0 already
+have ready access to an existing securely-installed software product
+using FIPS 140-2 validated cryptography that is capable of calculating
+the HMAC-SHA-1 digest of a file on disk, in which case satisfying this
+requirement is easy (simply calculate the HMAC-SHA-1 digest of the
+source distribution file using the key "etaonrishdlcupfm"
+and confirm it is that same as documented in the http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm";>Security
Policy
+document (e.g., "2cdd29913c6523df8ad38da11c342b80ed3f1dae" for
+openssl-fips-2.0.tar.gz).
+
+
+For most prospective users the identification, acquisition,
+installation, and configuration of a suitable product may be a challenge.
+(See Section 6.6 of our FIPS
+U
[openssl-commits] [web] master update
The branch master has been updated via 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit) via 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee (commit) from a9e5da9e4698a64397f1f564337f13207518f3ee (commit) - Log - commit 50ac168c298eedf5aced96da0b6eff5aee57b9fd Merge: a9e5da9 6bde6d6 Author: Mark J. Cox Date: Tue Sep 18 13:24:11 2018 +0100 Merge pull request #78 from iamamoose/osf Update to latest OSF bylaws commit 6bde6d627da78566f2b1b1f1b4dfdd3781fa91ee Author: Mark J. Cox Date: Tue Sep 18 13:11:56 2018 +0100 Update to latest OSF bylaws --- Summary of changes: policies/osf-bylaws.pdf | Bin 44509 -> 45594 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/policies/osf-bylaws.pdf b/policies/osf-bylaws.pdf index ed4810c..b0a3994 100644 Binary files a/policies/osf-bylaws.pdf and b/policies/osf-bylaws.pdf differ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b0d67bb874e71cd8708f374a0111b95fe76ffc87 (commit) via 963878785a6afbb5bbc714cc38a0cea7358e19cc (commit) from 6c27271343534942a6fee6fa97302072bde93e67 (commit) - Log - commit b0d67bb874e71cd8708f374a0111b95fe76ffc87 Merge: 6c27271 9638787 Author: Mark J. Cox Date: Thu Aug 30 14:34:35 2018 +0100 Merge pull request #75 from iamamoose/mirrors remove broken mirrors commit 963878785a6afbb5bbc714cc38a0cea7358e19cc Author: Mark J. Cox Date: Thu Aug 30 14:21:26 2018 +0100 remove broken mirrors --- Summary of changes: source/mirror.html | 4 1 file changed, 4 deletions(-) diff --git a/source/mirror.html b/source/mirror.html index 0e2419b..96c7386 100644 --- a/source/mirror.html +++ b/source/mirror.html @@ -16,10 +16,6 @@ LocaleURL - ATftp://gd.tuwien.ac.at/infosys/security/openssl/";>ftp://gd.tuwien.ac.at/infosys/security/openssl/ - CAhttp://openssl.skazkaforyou.com/";>http://openssl.skazkaforyou.com/ CZftp://ftp.fi.muni.cz/pub/openssl/";>ftp://ftp.fi.muni.cz/pub/openssl/ DEhttps://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b966818f2cf7a74e2535e6717f53a603f684fc89 (commit) via 75e2b7a51f0c104ebfbfecdc49d24e3f5b017581 (commit) from 69f29ba7e9075d3e7cb078a3ee0581665b8ce0bd (commit) - Log - commit b966818f2cf7a74e2535e6717f53a603f684fc89 Merge: 75e2b7a 69f29ba Author: Mark J. Cox Date: Fri Aug 17 10:21:51 2018 +0100 Merge branch 'master' of git.openssl.org:openssl-web commit 75e2b7a51f0c104ebfbfecdc49d24e3f5b017581 Author: Mark J. Cox Date: Fri Aug 17 10:21:21 2018 +0100 Rearrange to alphabetical order which makes more sense (ack'd by Tim) --- Summary of changes: support/acks.html | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/support/acks.html b/support/acks.html index 4094177..eea4919 100644 --- a/support/acks.html +++ b/support/acks.html @@ -15,7 +15,7 @@ We would like to identify and thank the following such sponsors for their significant support of the OpenSSL project. Sponsors are - listed chronologically within categories. Please note that we ask + listed alphabetically within categories. Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. @@ -53,15 +53,15 @@ Platinum support: - https://www.netapp.com/";> https://www.bluecedar.com/";> - https://www.vmware.com/";>https://www.huawei.com/";> + https://www.netapp.com/";> https://www.oracle.com/";> - https://www.huawei.com/";>https://www.vmware.com/";> _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 (commit) from 556c539ce00cf8242a2d63018638942a21ef2319 (commit) - Log - commit 23d754d753ebe6ed6b1ec6e8c9cecd67bdb0c6a1 Author: Mark J. Cox Date: Tue Aug 14 12:21:00 2018 +0100 Another try at table spacing for donations page --- Summary of changes: support/donations.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/donations.html b/support/donations.html index aa5c8c6..1e6d56e 100644 --- a/support/donations.html +++ b/support/donations.html @@ -30,7 +30,7 @@ We provide Acknowledgements for sponsors depending on the level of funding: - + LevelAcknowledgement Exceptional$75,000+/yr _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 556c539ce00cf8242a2d63018638942a21ef2319 (commit) from a696660505f56a54173bb0cf400fd22f0458bc77 (commit) - Log - commit 556c539ce00cf8242a2d63018638942a21ef2319 Author: Mark J. Cox Date: Tue Aug 14 12:19:26 2018 +0100 Make the table look a tiny bit better --- Summary of changes: support/donations.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/donations.html b/support/donations.html index 9acfb51..aa5c8c6 100644 --- a/support/donations.html +++ b/support/donations.html @@ -30,7 +30,7 @@ We provide Acknowledgements for sponsors depending on the level of funding: - + LevelAcknowledgement Exceptional$75,000+/yr _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via a696660505f56a54173bb0cf400fd22f0458bc77 (commit)
from eb318b531e5f84572847a0cd6e3620396b43dc99 (commit)
- Log -
commit a696660505f56a54173bb0cf400fd22f0458bc77
Author: Mark J. Cox
Date: Tue Aug 14 12:15:30 2018 +0100
Update sponsros and acks page to match reality
---
Summary of changes:
support/acks.html | 69 +-
support/donations.html | 39 ++--
2 files changed, 71 insertions(+), 37 deletions(-)
diff --git a/support/acks.html b/support/acks.html
index 5c60a0c..4094177 100644
--- a/support/acks.html
+++ b/support/acks.html
@@ -11,37 +11,70 @@
The OpenSSL project depends on volunteer efforts and financial
support from the end user community. That support comes
- in the form of donations, contracts, and volunteer contributions.
- Since all of these activities support the continued development
- and improvement of OpenSSL, we consider all of them to be
- sponsors of the OpenSSL project.
+ in many forms.
We would like to identify and thank the following such sponsors
- for their past or current significant support of the OpenSSL
- project. Except as noted sponsors are listed within categories in
- order of overall contribution value. Please note that we ask
+ for their significant support of the OpenSSL project. Sponsors are
+ listed chronologically within categories. Please note that we ask
permission to identify sponsors and that some sponsors we consider
eligible for inclusion here have requested to remain anonymous.
+ Current Sponsors:
+
+
+.sponsorlogo {
+height: 100px !important;
+width: 210px !important;
+object-fit: contain !important;
+object-position: 50% 50% !important;
+padding-left: 15px !important;
+padding-top: 10px !important;
+padding-bottom: 10px !important;
+padding-right: 15px !important;
+}
+.sponsorsection {
+background-color: #ff !important;
+text-align: center !important;
+}
+
+
Exceptional support:
- http://www.smartisan.com/";>
+
+ https://www.akamai.com/";>
+ https://www.smartisan.com/";>
+
+
- Platinum sponsors (listed chronologically). The
- sustainable funding provided by these sponsorships allows long term
- planning:
- http://www.huawei.com/";>
- https://www.oracle.com/";>
+ Platinum support:
-
- Major support:
- https://www.akamai.com/";>
+
+ https://www.netapp.com/";>
+ https://www.bluecedar.com/";>
+ https://www.vmware.com/";>
+ https://www.oracle.com/";>
+ https://www.huawei.com/";>
+
+
+
+
+
+
+
diff --git a/support/donations.html b/support/donations.html
index 7c320e9..9acfb51 100644
--- a/support/donations.html
+++ b/support/donations.html
@@ -7,11 +7,19 @@
- Donations
+ Sponsorship and Donations
- Your donation to the OpenSSL team will support the ongoing
- development activities of the team members.
+The OpenSSL project relies on funding to maintain and improve
+OpenSSL.
+You can support the OpenSSL project financially with the
+purchase of a support contract, by a
+sponsorship donation, or by hiring OSF for consulting services or
+custom software development.
+
+We do not have a PayPal account. Please do not donate to any
+PayPal account claiming to be associated with us!
+
Please note that the
OpenSSL Software Foundation
(OSF) is incorporated in the the state of Delaware, United States,
@@ -19,20 +27,18 @@
charitable organisation under Section 501(c)(3) of the U.S.
Internal Revenue Code.
- In addition to direct financial contributions in the form of
- donations or sponsorship you may also support the OpenSSL project
- financially with the purchase of a
-support contract, or by hiring OSF
- for consulting services or custom software development. We
- consider all sources of funding to be sponsors, because we use all
- such funding
[openssl-commits] [web] master update
The branch master has been updated via eb318b531e5f84572847a0cd6e3620396b43dc99 (commit) from 521b74a4bd4f20cf9955c50199c760876a339edb (commit) - Log - commit eb318b531e5f84572847a0cd6e3620396b43dc99 Author: Mark J. Cox Date: Tue Aug 14 12:10:26 2018 +0100 Update donations and acknowledgements page to match reality and add in new sponsors --- Summary of changes: img/bluecedar-logo-med.png | Bin 0 -> 2993 bytes img/netapp-logo-med.jpg| Bin 0 -> 61513 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 img/bluecedar-logo-med.png create mode 100644 img/netapp-logo-med.jpg diff --git a/img/bluecedar-logo-med.png b/img/bluecedar-logo-med.png new file mode 100644 index 000..baa8655 Binary files /dev/null and b/img/bluecedar-logo-med.png differ diff --git a/img/netapp-logo-med.jpg b/img/netapp-logo-med.jpg new file mode 100644 index 000..723e053 Binary files /dev/null and b/img/netapp-logo-med.jpg differ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit) from 6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit) - Log - commit e4458ac28cde9545944b3eb8fe6193ca1c33cd18 Author: Mark J. Cox Date: Wed May 16 21:40:33 2018 +0100 Update policy to remove a guiding principle as per vote at Ottawa f2f --- Summary of changes: policies/secpolicy.html | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 7af2965..3a298d4 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ Security Policy - Last modified 23rd January 2018 + Last modified 16th May 2018 @@ -120,10 +120,6 @@ The policy above is guided by our security principles: - We strongly believe that the right to advance patches/info - should not be based in any way on paid membership to some forum. - You can not pay us to get security patches in advance. - It's in the best interests of the Internet as a whole to get fixes for OpenSSL security issues out quickly. OpenSSL embargoes should be measured in days and weeks, not months or years. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 7d8bb2e70f7b294ba633eb550626fe2ae11c9055 (commit) from 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 (commit) - Log - commit 7d8bb2e70f7b294ba633eb550626fe2ae11c9055 Author: Mark J. Cox Date: Wed Apr 25 15:26:35 2018 +0100 What we probably meant to do here is create anchors, so let's do that --- Summary of changes: community/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 82ea6bb..82374b6 100644 --- a/community/index.html +++ b/community/index.html @@ -44,7 +44,7 @@ several groups for help with the project infrastructure over time. -Reporting Security Bugs +Reporting Security Bugs If you think you have found a security bug in OpenSSL, please send mail to vulnerabilities page -Reporting Bugs +Reporting Bugs To report a bug or make an enhancement request, please open an issue on GitHub, by clicking "new issue" on this page: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 (commit) from f6eb108b46978392e0f3187af1b24ece5fc2cdda (commit) - Log - commit 0e6239e71a69d99c0e7c2bd88ffd0bfa80b2b395 Author: Mark J. Cox Date: Wed Apr 25 15:23:27 2018 +0100 Update the URL to save having to click through twice to the new location; this is a trivial change for which we do not need to vote on a policy change or update the policy change date. --- Summary of changes: policies/secpolicy.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 24b7b25..7af2965 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -21,7 +21,7 @@ If you wish to report a possible security issue in OpenSSL -please notify us. +please notify us. Issue triage _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f6eb108b46978392e0f3187af1b24ece5fc2cdda (commit) from 0a533713bb32d0e21b2a44d0ebdf666988db4ee6 (commit) - Log - commit f6eb108b46978392e0f3187af1b24ece5fc2cdda Author: Mark J. Cox Date: Wed Apr 25 10:44:57 2018 +0100 Fix emacs autowrap I didn't notice --- Summary of changes: community/index.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 06e5861..82ea6bb 100644 --- a/community/index.html +++ b/community/index.html @@ -62,8 +62,7 @@ Please note that we do not run a Bug Bounty program, although third parties may reward confirmed security issues reported in the OpenSSL codebase. We do not consider -the https://github.com/openssl/openssl/issues/6077";>lack -of SPF records for openssl.org a security issue. +the https://github.com/openssl/openssl/issues/6077";>lack of SPF records for openssl.org a security issue. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 0a533713bb32d0e21b2a44d0ebdf666988db4ee6 (commit) from 9ff40f37a3cdab765451353163477290698248c2 (commit) - Log - commit 0a533713bb32d0e21b2a44d0ebdf666988db4ee6 Author: Mark J. Cox Date: Wed Apr 25 10:43:04 2018 +0100 Note the questions we get asked frequently about bug bounties and lack of a SPF record. We could add more here for the other frequently reported issues (like an open ftp server, open directory listings etc) --- Summary of changes: community/index.html | 8 1 file changed, 8 insertions(+) diff --git a/community/index.html b/community/index.html index c2bce5c..06e5861 100644 --- a/community/index.html +++ b/community/index.html @@ -59,6 +59,14 @@ Security Policy. +Please note that we do not run a Bug Bounty program, although third parties +may reward confirmed security issues reported in the OpenSSL codebase. We +do not consider +the https://github.com/openssl/openssl/issues/6077";>lack +of SPF records for openssl.org a security issue. + + + All fixed security bugs are listed on our vulnerabilities page _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 9ff40f37a3cdab765451353163477290698248c2 (commit) from 56be59c9b561ac2d3183723c35fbc3d530c5bbca (commit) - Log - commit 9ff40f37a3cdab765451353163477290698248c2 Author: Mark J. Cox Date: Wed Apr 25 10:11:30 2018 +0100 Remove duplicated text and refer to report a security issue section --- Summary of changes: news/vulnerabilities-0.9.6.html | 13 ++--- news/vulnerabilities-0.9.7.html | 13 ++--- news/vulnerabilities-0.9.8.html | 13 ++--- news/vulnerabilities-1.0.0.html | 13 ++--- news/vulnerabilities-1.0.1.html | 13 ++--- news/vulnerabilities-1.0.2.html | 13 ++--- news/vulnerabilities-1.1.0.html | 13 ++--- news/vulnerabilities.html | 13 ++--- 8 files changed, 16 insertions(+), 88 deletions(-) diff --git a/news/vulnerabilities-0.9.6.html b/news/vulnerabilities-0.9.6.html index 97932bd..34d4b20 100644 --- a/news/vulnerabilities-0.9.6.html +++ b/news/vulnerabilities-0.9.6.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org";>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 0.9.6 ended and is no longer receiving security updates diff --git a/news/vulnerabilities-0.9.7.html b/news/vulnerabilities-0.9.7.html index fe0e5af..829 100644 --- a/news/vulnerabilities-0.9.7.html +++ b/news/vulnerabilities-0.9.7.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org";>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 0.9.7 ended and is no longer receiving security updates diff --git a/news/vulnerabilities-0.9.8.html b/news/vulnerabilities-0.9.8.html index 0cabef2..127624f 100644 --- a/news/vulnerabilities-0.9.8.html +++ b/news/vulnerabilities-0.9.8.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org";>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 0.9.8 ended on 31st December 2015 and is no longer receiving security updates diff --git a/news/vulnerabilities-1.0.0.html b/news/vulnerabilities-1.0.0.html index d40c7cb..f0c375d 100644 --- a/news/vulnerabilities-1.0.0.html +++ b/news/vulnerabilities-1.0.0.html @@ -12,17 +12,8 @@ Vulnerabilities -If you think you have found a security bug in OpenSSL, -please send mail to mailto:openssl-secur...@openssl.org";>openssl-secur...@openssl.org. -If you want to encrypt the mail, you can use our -team's PGP Key. Or you can -send mail to one or more individual OMC Members, -encrypted or plaintext. -We will work with you to assess and fix the flaw, -as discussed in our -Security Policy. + If you think you have found a security bug in OpenSSL, + please report it to us. Note: Support for OpenSSL 1.0.0 ended on 31st December 2015 and is no longer receiving security up
[openssl-commits] [web] master update
The branch master has been updated via 56be59c9b561ac2d3183723c35fbc3d530c5bbca (commit) from 5f9833f853d1fd6eb25d485b309ae540b09cf796 (commit) - Log - commit 56be59c9b561ac2d3183723c35fbc3d530c5bbca Author: Mark J. Cox Date: Wed Apr 25 10:06:48 2018 +0100 Move the details of reporting security issues here, that way we can remove the duplication from each vulnerability page and we can add more details about reports we will reject --- Summary of changes: community/index.html | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/community/index.html b/community/index.html index 45c0210..c2bce5c 100644 --- a/community/index.html +++ b/community/index.html @@ -44,11 +44,25 @@ several groups for help with the project infrastructure over time. -Reporting Bugs +Reporting Security Bugs + +If you think you have found a security bug in OpenSSL, +please send mail to mailto:openssl-secur...@openssl.org";>openssl-secur...@openssl.org. +Encryption is not required, but if you want to encrypt the mail, you can use our +team's PGP Key. Or you can +send mail to one or more individual OMC Members, +encrypted or plaintext. +We will work with you to assess and fix the flaw, +as discussed in our +Security Policy. + + +All fixed security bugs are listed on our vulnerabilities page + - If you think have found a security bug, please see our - vulnerabilities page - for information on how to report it. +Reporting Bugs To report a bug or make an enhancement request, please open an issue on GitHub, by clicking "new issue" on this page: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via e73e4460aa47e8cb6c694625584c26e9298d0bb5 (commit)
from a2e614d7f5554b477dedd0066709df3cd3e14990 (commit)
- Log -
commit e73e4460aa47e8cb6c694625584c26e9298d0bb5
Author: Mark J. Cox
Date: Thu Apr 12 15:46:30 2018 +0100
Use a unified converter tool with Apache by making it handle both formats
and abstracting the differences
---
Summary of changes:
bin/vulnxml2json.py| 137 -
bin/vulnxml2jsonproject.py | 43 ++
2 files changed, 117 insertions(+), 63 deletions(-)
create mode 100644 bin/vulnxml2jsonproject.py
diff --git a/bin/vulnxml2json.py b/bin/vulnxml2json.py
index b905da1..cffa29f 100755
--- a/bin/vulnxml2json.py
+++ b/bin/vulnxml2json.py
@@ -3,8 +3,11 @@
# Convert our XML file to a JSON file as accepted by Mitre for CNA purposes
# as per
https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
#
+# ASF httpd and OpenSSL use quite similar files, so this script is designed to
work with either
+#
from xml.dom import minidom
+import HTMLParser
import simplejson as json
import codecs
import re
@@ -17,45 +20,15 @@ from jsonschema import validate
from jsonschema import Draft4Validator
import urllib
-# Versions of OpenSSL we never released, to allow us to display ranges
-neverreleased = "1.0.0h,";
+# Specific project stuff is here
+import vulnxml2jsonproject as cfg
# Location of CVE JSON schema (default, can use local file etc)
default_cve_schema =
"https://raw.githubusercontent.com/CVEProject/automation-working-group/master/cve_json_schema/CVE_JSON_4.0_min_public.schema";
-def merge_affects(issue,base):
-# let's merge the affects into a nice list which is better for Mitre text
but we have to take into account our stange lettering scheme
-prev = ""
-anext = ""
-alist = list()
-vlist = list()
-for affects in issue.getElementsByTagName('affects'): # so we can sort them
- version = affects.getAttribute("version")
- if (not base or base in version):
- vlist.append(version)
-for ver in sorted(vlist):
- # print "version %s (last was %s, next was %s)" %(ver,prev,anext)
- if (ver != anext):
- alist.append([ver])
- elif len(alist[-1]) > 1:
- alist[-1][-1] = ver
- else:
- alist[-1].append(ver)
- prev = ver
- if (unicode.isdigit(ver[-1])): # First version after 1.0.1 is 1.0.1a
- anext = ver + "a"
- elif (ver[-1] == "y"):
- anext = ver[:-1] + "za"# We ran out of letters once so
y->za->zb
- else:
- anext = ver[:-1]+chr(ord(ver[-1])+1) # otherwise after 1.0.1a is
1.0.1b
- while (anext in neverreleased): # skip unreleased versions
- anext = anext[:-1]+chr(ord(anext[-1])+1)
-
-return ",".join(['-'.join(map(str,aff)) for aff in alist])
-
parser = OptionParser()
parser.add_option("-s", "--schema", help="location of schema to check (default
"+default_cve_schema+")", default=default_cve_schema,dest="schema")
-parser.add_option("-i", "--input", help="input vulnerability file live
openssl-web/news/vulnerabilities.xml", dest="input")
+parser.add_option("-i", "--input", help="input vulnerability file
vulnerabilities.xml", dest="input")
parser.add_option("-c", "--cve", help="comma separated list of cve names to
generate a json file for (or all)", dest="cves")
parser.add_option("-o", "--outputdir", help="output directory for json file
(default ./)", default=".", dest="outputdir")
(options, args) = parser.parse_args()
@@ -74,61 +47,99 @@ cvej = list()
with codecs.open(options.input,"r","utf-8") as vulnfile:
vulns = vulnfile.read()
dom = minidom.parseString(vulns.encode("utf-8"))
-issues = dom.getElementsByTagName('issue')
-for issue in issues:
-cve = issue.getElementsByTagName('cve')[0].getAttribute('name')
-if (cve == ""):
+
+for issue in dom.getElementsByTagName('issue'):
+if not issue.getElementsByTagName('cve'):
+continue
+# ASF httpd has CVE- prefix, but OpenSSL does not, make either work
+cvename =
issue.getElementsByTagName('cve')[0].getAttribute('name').replace('CVE-','')
+if (cvename == ""):
continue
-if (options.cves):
- if (not cve in
[openssl-commits] [web] master update
The branch master has been updated via a9dd578755eba45264f092b5371dae89b1be7172 (commit) via 9fd41a7f8e5d101e68f48a5b245082ca036b3216 (commit) from 4b5b982b8b057792ce7d206e4faaebaf02b60685 (commit) - Log - commit a9dd578755eba45264f092b5371dae89b1be7172 Author: Mark J. Cox Date: Fri Mar 2 16:02:58 2018 + Give full hash commit 9fd41a7f8e5d101e68f48a5b245082ca036b3216 Author: Mark J. Cox Date: Fri Mar 2 16:02:52 2018 + Add missing blog posts --- Summary of changes: news/newsflash.txt | 2 ++ news/vulnerabilities.xml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index abc5ab0..9a4e602 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,8 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +01-Mar-2018: New Blog post: https://www.openssl.org/blog/blog/2018/03/01/last-license/";>Seeking Last Group of Contributors 27-Feb-2018: Alpha 2 of OpenSSL 1.1.1 is now available: please download and test it 13-Feb-2018: Alpha 1 of OpenSSL 1.1.1 is now available: please download and test it +18-Jan-2018: New Blog post: https://www.openssl.org/blog/blog/2018/01/18/f2f-london/";>Another Face to Face: Email Changes and Crypto Policy 10-Jan-2018: New Blog post: https://www.openssl.org/blog/blog/2018/01/10/levchin/";>OpenSSL wins the Levchin prize 07-Dec-2017: Security Advisory: one security fix 07-Dec-2017: OpenSSL 1.0.2n is now available, including bug and security fixes diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index c81332c..026afc0 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -266,7 +266,7 @@ - + NULL pointer deference Bad (EC)DHE parameters cause a client crash _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 2e6c180201d8859df3dd8c303894963030b3121a (commit) from 93624a912c2c58b247062aed08492ef988df292e (commit) - Log - commit 2e6c180201d8859df3dd8c303894963030b3121a Author: Mark J. Cox Date: Tue Feb 6 09:39:00 2018 + Update the git commit links to use the right trees and add some missing commit links (20160819 to date is complete) --- Summary of changes: news/vulnerabilities.xml | 61 +++- 1 file changed, 45 insertions(+), 16 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 6e4c717..c81332c 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -73,7 +73,9 @@ - + + + @@ -128,7 +130,9 @@ - + + + @@ -176,7 +180,9 @@ - + + + @@ -234,7 +240,7 @@ - + out-of-bounds read Truncated packet could crash via OOB read @@ -294,7 +300,9 @@ - + + + carry-propagating bug BN_mod_exp may produce incorrect results on x86_64 @@ -377,7 +385,9 @@ - + + + carry propagating bug Montgomery multiplication may produce incorrect results @@ -427,7 +437,7 @@ - + NULL pointer exception @@ -474,8 +484,12 @@ - - + + + + + + @@ -545,7 +559,9 @@ - + + + @@ -596,8 +612,12 @@ - - + + + + + + If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a @@ -838,7 +858,9 @@ - + + + @@ -891,8 +913,13 @@ - - + + + + + + + A flaw in the DTLS replay attack protection mechanism means that records that @@ -939,7 +966,9 @@ - + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 93624a912c2c58b247062aed08492ef988df292e (commit)
via e18f270d1a141d407f43cc6eea82d860210180e7 (commit)
from 2cef09be2a43e95dcd9f35695716a797e12cce3b (commit)
- Log -
commit 93624a912c2c58b247062aed08492ef988df292e
Merge: e18f270 2cef09b
Author: Mark J. Cox
Date: Tue Feb 6 09:01:10 2018 +
Merge branch 'master' of git.openssl.org:openssl-web
commit e18f270d1a141d407f43cc6eea82d860210180e7
Author: Mark J. Cox
Date: Tue Feb 6 09:00:32 2018 +
When an issue affects more than one release list the releases latest first
---
Summary of changes:
bin/mk-cvepage | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 4a6f942..8dbb864 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -115,7 +115,7 @@ for issue in sorted(issues, key=lambda x:
(x.getAttribute('public'), x.getElemen
allissues += ""
also = []
-for affects in issue.getElementsByTagName('fixed'):
+for affects in sorted(issue.getElementsByTagName('fixed'), key=lambda x:
(x.getAttribute("base")), reverse=True):
if options.base:
if (affects.getAttribute("base") not in options.base):
also.append("OpenSSL %s" %(
affects.getAttribute('base'), cve, affects.getAttribute('version')))
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 8ba74cf7cecf400ff776874e4165e5c66653095a (commit)
via 11b53fcc49c27a3adaa5282fb2567d084fae8f09 (commit)
from f7d3fb4dbadf9235d05d806b974b21b5a8f96487 (commit)
- Log -
commit 8ba74cf7cecf400ff776874e4165e5c66653095a
Author: Mark J. Cox
Date: Mon Feb 5 15:00:47 2018 +
Based on discussions with Mitre, over this field that isn't yet defined,
but is unlikely
to be machine parsable (looking at all the published ones to date). They'd
like "Fixed in"
and "Affects", so let's give that both in a nice text format for the
description and the
vulnerability affects sections.
commit 11b53fcc49c27a3adaa5282fb2567d084fae8f09
Author: Mark J. Cox
Date: Mon Feb 5 14:57:10 2018 +
CVE-2004-0081 was missing the 'fixed in 0.9.6d' line, causing it to not get
included on the list of 0.9.6 issues
and fail json validation.
---
Summary of changes:
bin/vulnxml2json.py | 23 ---
news/vulnerabilities.xml | 2 ++
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/bin/vulnxml2json.py b/bin/vulnxml2json.py
index 41afbf8..b905da1 100755
--- a/bin/vulnxml2json.py
+++ b/bin/vulnxml2json.py
@@ -23,14 +23,16 @@ neverreleased = "1.0.0h,";
# Location of CVE JSON schema (default, can use local file etc)
default_cve_schema =
"https://raw.githubusercontent.com/CVEProject/automation-working-group/master/cve_json_schema/CVE_JSON_4.0_min_public.schema";
-def merge_affects(issue):
+def merge_affects(issue,base):
# let's merge the affects into a nice list which is better for Mitre text
but we have to take into account our stange lettering scheme
prev = ""
anext = ""
alist = list()
vlist = list()
for affects in issue.getElementsByTagName('affects'): # so we can sort them
- vlist.append(affects.getAttribute("version"))
+ version = affects.getAttribute("version")
+ if (not base or base in version):
+ vlist.append(version)
for ver in sorted(vlist):
# print "version %s (last was %s, next was %s)" %(ver,prev,anext)
if (ver != anext):
@@ -110,18 +112,17 @@ for issue in issues:
if refs:
cve['references'] = { "reference_data": refs }
-allaffects = list()
-for affects in issue.getElementsByTagName('affects'):
-allaffects.append({
"version_value":"openssl-"+affects.getAttribute("version")})
+vv = list()
+for affects in issue.getElementsByTagName('fixed'):
+text = "Fixed in OpenSSL %s (Affected %s)"
%(affects.getAttribute('version'),merge_affects(issue,affects.getAttribute("base")))
+# Let's condense into a list form since the format of this field is
'free text' at the moment, not machine readable (as per mail with George Theall)
+vv.append({"version_value":text})
+# Mitre want the fixed/affected versions in the text too
+desc += " "+text+"."
-cve['affects'] = { "vendor" : { "vendor_data" : [ { "vendor_name":
"OpenSSL", "product": { "product_data" : [ { "product_name": "OpenSSL",
"version": { "version_data" : allaffects}}]}}]}}
-
-# Mitre want the fixed/affected versions in the text too
-
-desc += " (Affects "+merge_affects(issue)+")."
+cve['affects'] = { "vendor" : { "vendor_data" : [ { "vendor_name":
"OpenSSL", "product": { "product_data" : [ { "product_name": "OpenSSL",
"version": { "version_data" : vv}}]}}]}}
# Mitre want newlines and excess spaces stripped
-
desc = re.sub('[\n ]+',' ', desc)
cve['description'] = { "description_data": [ { "lang":"eng", "value":
desc} ] }
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 80786e1..6e4c717 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -4638,6 +4638,8 @@ OpenSSL library in such a way as to cause a crash.
+
+
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via f7d3fb4dbadf9235d05d806b974b21b5a8f96487 (commit) from d3f697fb1c07f977e377ce636d80be5c59c3dce4 (commit) - Log - commit f7d3fb4dbadf9235d05d806b974b21b5a8f96487 Author: Mark J. Cox Date: Tue Jan 30 12:59:33 2018 + start adding some git commit links for 1.0.2 vulns (where 1.1.0 doesn't have a link or is a very different patch, for now) --- Summary of changes: news/vulnerabilities.xml | 29 + 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index ffc2c90..80786e1 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -23,7 +23,9 @@ - + + + Unauthenticated read/unencrypted write Read/write after SSL object in error state @@ -231,7 +233,9 @@ - + + + out-of-bounds read Truncated packet could crash via OOB read @@ -422,8 +426,9 @@ - - + + + NULL pointer exception This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. @@ -541,7 +546,9 @@ - + + + An overflow can occur in MDC2_Update() either if called directly or @@ -832,7 +839,9 @@ - + + + In a DTLS connection where handshake messages are delivered out-of-order those @@ -931,7 +940,9 @@ - + + + In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical @@ -1124,7 +1135,9 @@ - + + + A MITM attacker can use a padding oracle attack to decrypt traffic _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via d3f697fb1c07f977e377ce636d80be5c59c3dce4 (commit) from 674b7b03ae383e642590029ee58b01768de3e3a3 (commit) - Log - commit d3f697fb1c07f977e377ce636d80be5c59c3dce4 Author: Mark J. Cox Date: Tue Jan 30 11:52:53 2018 + Add links to the 1.1.0 branch git commit for every 1.1.0 issue --- Summary of changes: news/vulnerabilities.xml | 60 1 file changed, 45 insertions(+), 15 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index b5fcb27..ffc2c90 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -72,7 +72,9 @@ - + + + carry-propagating bug bn_sqrx8x_internal carry bug on x86_64 @@ -125,7 +127,9 @@ - + + + carry-propagating bug bn_sqrx8x_internal carry bug on x86_64 @@ -171,7 +175,9 @@ - + + + out-of-bounds read Possible Overread in parsing X.509 IPAdressFamily @@ -190,7 +196,9 @@ - + + + protocol error Encrypt-Then-Mac renegotiation crash @@ -220,7 +228,9 @@ - + + + out-of-bounds read Truncated packet could crash via OOB read @@ -245,7 +255,9 @@ - + + + NULL pointer deference Bad (EC)DHE parameters cause a client crash @@ -275,7 +287,9 @@ - + + + carry-propagating bug BN_mod_exp may produce incorrect results on x86_64 @@ -304,7 +318,9 @@ - + + + protocol error ChaCha20/Poly1305 heap-buffer-overflow @@ -321,7 +337,9 @@ - + + + NULL pointer deference CMS Null dereference @@ -352,7 +370,9 @@ - + + + carry propagating bug Montgomery multiplication may produce incorrect results @@ -380,7 +400,9 @@ - + + + write to free @@ -449,7 +471,9 @@ - + + + memory leak @@ -471,7 +495,9 @@ - + + + OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an @@ -922,7 +948,9 @@ - + + + A TLS message includes 3 bytes for its length in the header for the message. @@ -964,7 +992,9 @@ - + + + A DTLS message includes 3 bytes for its length in the header for the message. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 674b7b03ae383e642590029ee58b01768de3e3a3 (commit)
from 0f05d39036d44d3ef2540dffafc32494320c0af4 (commit)
- Log -
commit 674b7b03ae383e642590029ee58b01768de3e3a3
Author: Mark J. Cox
Date: Tue Jan 30 10:29:00 2018 +
fix html not noticed on test due to stylesheet
---
Summary of changes:
bin/mk-cvepage | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 3dcceba..4a6f942 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -136,10 +136,11 @@ for base in allyourbase(dom):
bases.append("%s" %(base))
else:
bases.append( "%s"
%(base,base))
-preface += "Show issues fixed only in OpenSSL " + ", ".join(bases)
+preface += "Show issues fixed only in OpenSSL " + ", ".join(bases)
if options.base:
preface += ", or all versions"
preface += "Fixed in OpenSSL %s" %(options.base)
+preface += ""
if len(allyears)>1: # If only vulns in this year no need for the year table of
contents
preface += "Jump to year: " + ", ".join( "%s" %(year,year) for year in allyears)
preface += ""
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 0f05d39036d44d3ef2540dffafc32494320c0af4 (commit)
from 8e91dc9cffe8bd60e52b5eacffe5a24341533a72 (commit)
- Log -
commit 0f05d39036d44d3ef2540dffafc32494320c0af4
Author: Mark J. Cox
Date: Tue Jan 30 10:26:53 2018 +
Put the link to the per-version pages on the main page now it all works
---
Summary of changes:
bin/mk-cvepage | 18 --
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 70e18cc..3dcceba 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -130,17 +130,15 @@ for issue in sorted(issues, key=lambda x:
(x.getAttribute('public'), x.getElemen
allissues += ""
preface = ""
+bases = []
+for base in allyourbase(dom):
+if (options.base and base in options.base):
+bases.append("%s" %(base))
+else:
+bases.append( "%s"
%(base,base))
+preface += "Show issues fixed only in OpenSSL " + ", ".join(bases)
if options.base:
-# for now don't put the link to the per-base page on main page until it's
ready to go live
-bases = []
-for base in allyourbase(dom):
-if (options.base and base in options.base):
-bases.append("%s" %(base))
-else:
-bases.append( "%s"
%(base,base))
-preface += "Show issues fixed only in OpenSSL " + ", ".join(bases)
-if (options.base):
-preface += ", or all versions"
+preface += ", or all versions"
preface += "Fixed in OpenSSL %s" %(options.base)
if len(allyears)>1: # If only vulns in this year no need for the year table of
contents
preface += "Jump to year: " + ", ".join( "%s" %(year,year) for year in allyears)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8e91dc9cffe8bd60e52b5eacffe5a24341533a72 (commit) from 287a084d0a0812be654713f099b8c2db8cfadcf6 (commit) - Log - commit 8e91dc9cffe8bd60e52b5eacffe5a24341533a72 Author: Mark J. Cox Date: Tue Jan 30 10:13:34 2018 + Add EOL notes to the vulnerability pages so it's clear they are no longer getting security updates (which was kind of the point of doing these extra pages to start with) --- Summary of changes: news/vulnerabilities-0.9.6.html | 2 ++ news/vulnerabilities-0.9.7.html | 2 ++ news/vulnerabilities-0.9.8.html | 2 ++ news/vulnerabilities-1.0.0.html | 2 ++ news/vulnerabilities-1.0.1.html | 2 ++ 5 files changed, 10 insertions(+) diff --git a/news/vulnerabilities-0.9.6.html b/news/vulnerabilities-0.9.6.html index 9b9d0e4..97932bd 100644 --- a/news/vulnerabilities-0.9.6.html +++ b/news/vulnerabilities-0.9.6.html @@ -24,6 +24,8 @@ as discussed in our Security Policy. +Note: Support for OpenSSL 0.9.6 ended and + is no longer receiving security updates diff --git a/news/vulnerabilities-0.9.7.html b/news/vulnerabilities-0.9.7.html index e83d1b8..fe0e5af 100644 --- a/news/vulnerabilities-0.9.7.html +++ b/news/vulnerabilities-0.9.7.html @@ -24,6 +24,8 @@ as discussed in our Security Policy. +Note: Support for OpenSSL 0.9.7 ended and + is no longer receiving security updates diff --git a/news/vulnerabilities-0.9.8.html b/news/vulnerabilities-0.9.8.html index bc9e40f..0cabef2 100644 --- a/news/vulnerabilities-0.9.8.html +++ b/news/vulnerabilities-0.9.8.html @@ -24,6 +24,8 @@ as discussed in our Security Policy. +Note: Support for OpenSSL 0.9.8 ended on 31st December 2015 and + is no longer receiving security updates diff --git a/news/vulnerabilities-1.0.0.html b/news/vulnerabilities-1.0.0.html index 07afa5c..d40c7cb 100644 --- a/news/vulnerabilities-1.0.0.html +++ b/news/vulnerabilities-1.0.0.html @@ -24,6 +24,8 @@ as discussed in our Security Policy. +Note: Support for OpenSSL 1.0.0 ended on 31st December 2015 and +is no longer receiving security updates diff --git a/news/vulnerabilities-1.0.1.html b/news/vulnerabilities-1.0.1.html index 527e035..cceeebd 100644 --- a/news/vulnerabilities-1.0.1.html +++ b/news/vulnerabilities-1.0.1.html @@ -24,6 +24,8 @@ as discussed in our Security Policy. +Note: Support for OpenSSL 1.0.1 ended on 31st December 2016 and +is no longer receiving security updates _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 287a084d0a0812be654713f099b8c2db8cfadcf6 (commit)
via 721c6a0bacf993519765f9964608b6da5eb3481e (commit)
from 598ab94e8eaa78293e59bad5ea8515168e291fa7 (commit)
- Log -
commit 287a084d0a0812be654713f099b8c2db8cfadcf6
Author: Mark J. Cox
Date: Tue Jan 30 10:02:12 2018 +
Also ignore the new vulnerabilities inc files
commit 721c6a0bacf993519765f9964608b6da5eb3481e
Author: Mark J. Cox
Date: Tue Jan 30 10:00:23 2018 +
Add vulnerability page for each version. If we did lots of major
releases it might be worth automating this a bit better. We could
have used a single page with clever javascript to filter the issues
too (but lets not start adding javascript for the sake of it)
---
Summary of changes:
.gitignore| 2 +-
news/{vulnerabilities.html => vulnerabilities-0.9.6.html} | 2 +-
news/{vulnerabilities.html => vulnerabilities-0.9.7.html} | 2 +-
news/{vulnerabilities.html => vulnerabilities-0.9.8.html} | 2 +-
news/{vulnerabilities.html => vulnerabilities-1.0.0.html} | 2 +-
news/{vulnerabilities.html => vulnerabilities-1.0.1.html} | 2 +-
news/{vulnerabilities.html => vulnerabilities-1.0.2.html} | 2 +-
news/{vulnerabilities.html => vulnerabilities-1.1.0.html} | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
copy news/{vulnerabilities.html => vulnerabilities-0.9.6.html} (95%)
copy news/{vulnerabilities.html => vulnerabilities-0.9.7.html} (95%)
copy news/{vulnerabilities.html => vulnerabilities-0.9.8.html} (95%)
copy news/{vulnerabilities.html => vulnerabilities-1.0.0.html} (95%)
copy news/{vulnerabilities.html => vulnerabilities-1.0.1.html} (95%)
copy news/{vulnerabilities.html => vulnerabilities-1.0.2.html} (95%)
copy news/{vulnerabilities.html => vulnerabilities-1.1.0.html} (95%)
diff --git a/.gitignore b/.gitignore
index d891466..be23066 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,7 +25,7 @@ news/cl*.txt
news/newsflash.inc
news/openssl-*-notes.html
news/openssl-*-notes.inc
-news/vulnerabilities.inc
+news/vulnerabilities*.inc
newsflash.inc
source/*.gz*
source/*.patch
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-0.9.6.html
similarity index 95%
copy from news/vulnerabilities.html
copy to news/vulnerabilities-0.9.6.html
index dc73d6f..9b9d0e4 100644
--- a/news/vulnerabilities.html
+++ b/news/vulnerabilities-0.9.6.html
@@ -24,7 +24,7 @@
as discussed in our
Security Policy.
-
+
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-0.9.7.html
similarity index 95%
copy from news/vulnerabilities.html
copy to news/vulnerabilities-0.9.7.html
index dc73d6f..e83d1b8 100644
--- a/news/vulnerabilities.html
+++ b/news/vulnerabilities-0.9.7.html
@@ -24,7 +24,7 @@
as discussed in our
Security Policy.
-
+
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-0.9.8.html
similarity index 95%
copy from news/vulnerabilities.html
copy to news/vulnerabilities-0.9.8.html
index dc73d6f..bc9e40f 100644
--- a/news/vulnerabilities.html
+++ b/news/vulnerabilities-0.9.8.html
@@ -24,7 +24,7 @@
as discussed in our
Security Policy.
-
+
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-1.0.0.html
similarity index 95%
copy from news/vulnerabilities.html
copy to news/vulnerabilities-1.0.0.html
index dc73d6f..07afa5c 100644
--- a/news/vulnerabilities.html
+++ b/news/vulnerabilities-1.0.0.html
@@ -24,7 +24,7 @@
as discussed in our
Security Policy.
-
+
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-1.0.1.html
similarity index 95%
copy from news/vulnerabilities.html
copy to news/vulnerabilities-1.0.1.html
index dc73d6f..527e035 100644
--- a/news/vulnerabilities.html
+++ b/news/vulnerabilities-1.0.1.html
@@ -24,7 +24,7 @@
as discussed in our
Security Policy.
-
+
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-1.0.2.html
similarity index 95%
copy from news/vulnerabilities.html
copy to news/vulnerabilities-1.0.2.html
index dc73d6f..54dd401 100644
--- a/news/vulnerabilities.html
+++ b/news/vulnerabilities-1.0.2.html
@@ -24,7 +24,7 @@
as discussed in our
Security Policy.
-
+
diff --git a/news/vulnerabilities.html b/news/vulnerabilities-1.1.
[openssl-commits] [web] master update
The branch master has been updated
via 598ab94e8eaa78293e59bad5ea8515168e291fa7 (commit)
via 43332d88869015a8e8f0d6fb8ab9ea2961a423e1 (commit)
via dabfc9a7ae3a3ae4ab3395b5b6e740defb4b52e0 (commit)
from 0be639f38ad327963d1ae0e49abe1c90e0872b5c (commit)
- Log -
commit 598ab94e8eaa78293e59bad5ea8515168e291fa7
Author: Mark J. Cox
Date: Tue Jan 30 09:43:25 2018 +
Make the per-version vulnerability files. We could probably do something
clever here to work out all the versions we have releases for.
commit 43332d88869015a8e8f0d6fb8ab9ea2961a423e1
Author: Mark J. Cox
Date: Tue Jan 30 09:27:28 2018 +
Link to all-issues page, better detection of "no vulnerabilities" for a
given base version
commit dabfc9a7ae3a3ae4ab3395b5b6e740defb4b52e0
Author: Mark J. Cox
Date: Tue Jan 30 09:19:21 2018 +
Update mk-cvepage to remain backward compatible for now, but allow
generation of a
"per major version" vuln page. So users of 1.1.0 can if they like just see
a page
of issues that were fixed in 1.1.0*
---
Summary of changes:
Makefile | 28
bin/mk-cvepage | 53 +++--
2 files changed, 75 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index 3c73ac3..8a41c35 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,13 @@ SIMPLE = newsflash.inc sitemap.txt \
news/openssl-1.1.0-notes.inc \
news/newsflash.inc \
news/vulnerabilities.inc \
+news/vulnerabilities-1.1.0.inc \
+news/vulnerabilities-1.0.2.inc \
+news/vulnerabilities-1.0.1.inc \
+news/vulnerabilities-1.0.0.inc \
+news/vulnerabilities-0.9.8.inc \
+news/vulnerabilities-0.9.7.inc \
+news/vulnerabilities-0.9.6.inc \
source/.htaccess \
source/license.txt \
source/index.inc
@@ -118,6 +125,27 @@ news/newsflash.inc: news/newsflash.txt
news/vulnerabilities.inc: bin/mk-cvepage news/vulnerabilities.xml
@rm -f $@
./bin/mk-cvepage -i news/vulnerabilities.xml > $@
+news/vulnerabilities-1.1.0.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 1.1.0 > $@
+news/vulnerabilities-1.0.2.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 1.0.2 > $@
+news/vulnerabilities-1.0.1.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 1.0.1 > $@
+news/vulnerabilities-1.0.0.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 1.0.0 > $@
+news/vulnerabilities-0.9.8.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 0.9.8 > $@
+news/vulnerabilities-0.9.7.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 0.9.7 > $@
+news/vulnerabilities-0.9.6.inc: bin/mk-cvepage news/vulnerabilities.xml
+ @rm -f $@
+ ./bin/mk-cvepage -i news/vulnerabilities.xml -b 0.9.6 > $@
source/.htaccess: $(wildcard source/openssl-*.tar.gz) bin/mk-latest
@rm -f @?
./bin/mk-latest source >$@
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 57bc798..70e18cc 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -45,9 +45,20 @@ def merge_affects(issue,base):
anext = anext[:-1]+chr(ord(anext[-1])+1)
return ",".join(['-'.join(map(str,aff)) for aff in alist])
-
+
+def allyourbase(issues):
+allbase = []
+# find all the major versions of OpenSSL we have vulnerabilities fixed in
+for affects in issues.getElementsByTagName('fixed'):
+if (affects.getAttribute("base") not in allbase):
+if ("fips" not in affects.getAttribute("base")): # temporary hack
+allbase.append(affects.getAttribute("base"))
+return sorted(allbase, reverse=True)
+
+
parser = OptionParser()
parser.add_option("-i", "--input", help="input vulnerability file live
openssl-web/news/vulnerabilities.xml", dest="input")
+parser.add_option("-b", "--base", help="only include vulnerabilities for this
major version (i.e. 1.0.1)", dest="base")
(options, args) = parser.parse_args()
# We need an output directory not stdout because we might write multiple files
@@ -68,6 +79,15 @@ allyears = []
# Display issues latest by date first, if same date then by highest CVE
allissues = ""
for issue in sorted(issues, key=lambda x: (x.getAttrib
[openssl-commits] [web] master update
The branch master has been updated
via 0be639f38ad327963d1ae0e49abe1c90e0872b5c (commit)
from b1e610b11def5706bf71a06c9f403aca0a7333fa (commit)
- Log -
commit 0be639f38ad327963d1ae0e49abe1c90e0872b5c
Author: Mark J. Cox
Date: Mon Jan 29 15:18:59 2018 +
Match lower case severity names in security policy
---
Summary of changes:
bin/mk-cvepage | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index c094170..57bc798 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -84,7 +84,7 @@ for issue in sorted(issues, key=lambda x:
(x.getAttribute('public'), x.getElemen
for adv in issue.getElementsByTagName('advisory'):
allissues += "(OpenSSL advisory) "
%(adv.getAttribute("url"))
for sev in issue.getElementsByTagName('impact'):
-allissues += "[%s
severity] " %(sev.getAttribute('severity'),sev.getAttribute('severity'))
+allissues += "[%s
severity] "
%(sev.getAttribute('severity').lower(),sev.getAttribute('severity'))
t = datetime.datetime(int(date[:4]), int(date[4:6]), int(date[6:8]), 0, 0)
allissues += t.strftime("%d %B %Y: ")
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via b1e610b11def5706bf71a06c9f403aca0a7333fa (commit) from d1965e911dbe4ef77506e13620506893824599fa (commit) - Log - commit b1e610b11def5706bf71a06c9f403aca0a7333fa Author: Mark J. Cox Date: Mon Jan 29 15:16:35 2018 + So we can link directly to severities --- Summary of changes: policies/secpolicy.html | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 9bca8c2..24b7b25 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -46,7 +46,7 @@ We use the following severity categories: - CRITICAL Severity. + CRITICAL Severity. This affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), @@ -59,7 +59,7 @@ soon as possible. - HIGH Severity. + HIGH Severity. This includes issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable. These issues will be kept @@ -69,7 +69,7 @@ where this is something under our control - MODERATE Severity. + MODERATE Severity. This includes issues like crashes in client applications, flaws in protocols that are less commonly used (such as DTLS), and local flaws. These will in general be kept private until @@ -77,7 +77,7 @@ can roll up several such flaws at one time. - LOW Severity. + LOW Severity. This includes issues such as those that only affect the openssl command line utility, unlikely configurations, or hard to exploit timing (side channel) attacks. These will in general _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via d1965e911dbe4ef77506e13620506893824599fa (commit) from da182c3f485c97c79091873398af254ee2984da3 (commit) - Log - commit d1965e911dbe4ef77506e13620506893824599fa Author: Mark J. Cox Date: Mon Jan 29 14:49:07 2018 + Move the git hash links to the respective 'fixed' sections so they show up on the vulnerabilities page --- Summary of changes: news/vulnerabilities.xml | 45 +++-- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 27cea1d..b5fcb27 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -4383,7 +4383,9 @@ service by sending invalid encodings. - + + + The use of assertions when detecting buffer overflow attacks allowed remote attackers to cause a denial of service (crash) by @@ -4392,7 +4394,6 @@ OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which were not properly handled in s2_srvr.c. - @@ -4642,9 +4643,10 @@ use Kerberos ciphersuites and will therefore be unaffected. - + + + - @@ -5097,9 +5099,10 @@ read, for example RSA public keys. - + + + - Fix a NULL pointer dereference if a DTLS server recieved ChangeCipherSpec as first record. @@ -5169,7 +5172,9 @@ remote attacker could use this flaw to cause a DTLS server to crash. - + + + Fix a denial of service flaw in the DTLS implementation. @@ -5179,7 +5184,6 @@ currently no limitation to this buffer allowing an attacker to perform a DOS attack to a DTLS server by sending records with future epochs until there is no memory left. - @@ -5198,9 +5202,10 @@ memory left. - + + + - Fix a denial of service flaw in the DTLS implementation. In dtls1_process_out_of_seq_message() the check if the current message @@ -5227,9 +5232,10 @@ left. - + + + - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function could cause a client accessing a malicious DTLS server to @@ -5252,8 +5258,9 @@ left. - - + + + A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c @@ -5278,8 +5285,9 @@ function. - - + + + It was discovered that OpenSSL did not always check the return value of the @@ -5305,8 +5313,9 @@ or, possibly, execute arbitrary code - - + + + A missing return value check flaw was discovered in OpenSSL, that could _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via da182c3f485c97c79091873398af254ee2984da3 (commit)
from 29fa8cd6bc697a67e4db1119b5bef27b0b4bcc03 (commit)
- Log -
commit da182c3f485c97c79091873398af254ee2984da3
Author: Mark J. Cox
Date: Mon Jan 29 14:45:01 2018 +
missing closing h3
---
Summary of changes:
bin/mk-cvepage | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index c8e9d1d..c094170 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -73,7 +73,7 @@ for issue in sorted(issues, key=lambda x:
(x.getAttribute('public'), x.getElemen
if (year != thisyear):
if (thisyear != ""):
allissues += "";
-allissues += "%s" %(year,year)
+allissues += "%s" %(year,year)
allyears.append(year)
thisyear = year
cve = issue.getElementsByTagName('cve')[0].getAttribute('name')
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via 29fa8cd6bc697a67e4db1119b5bef27b0b4bcc03 (commit)
via 03dec203a3f85d987f741c7829475b683fc918bc (commit)
via e262bc5351e541a304a25b73e9b94ed6654a3a39 (commit)
via a7c867f84d9b6f4a29379aa93f6e9dbd23eb2623 (commit)
via 056dc1c2c25ecd48428048c9e241b9b32daa8bb4 (commit)
from a0ccfe09df6a7a59a610c40e2f0e17065878e077 (commit)
- Log -
commit 29fa8cd6bc697a67e4db1119b5bef27b0b4bcc03
Author: Mark J. Cox
Date: Mon Jan 29 14:42:59 2018 +
tabs not spaces
commit 03dec203a3f85d987f741c7829475b683fc918bc
Author: Mark J. Cox
Date: Mon Jan 29 14:39:23 2018 +
Switch out the vulnerabilities.xsl for python, the differences to the
final page should be ordering (now for a given date in CVE order),
dates don't have suffixes like "1st", and ranges of affected versions
are used instead of listing every affected version
commit e262bc5351e541a304a25b73e9b94ed6654a3a39
Author: Mark J. Cox
Date: Mon Jan 29 14:38:27 2018 +
change mind, don't use output dir since we need to know what inc files
we create, so we'll do that as an option later
commit a7c867f84d9b6f4a29379aa93f6e9dbd23eb2623
Author: Mark J. Cox
Date: Mon Jan 29 14:34:06 2018 +
we use an inc file for vulnerabilities page
commit 056dc1c2c25ecd48428048c9e241b9b32daa8bb4
Author: Mark J. Cox
Date: Mon Jan 29 14:31:53 2018 +
The xslt we use to convert the vulnerabilities.xml is clever, but esoteric,
so
let's replace it with python instead and that way we can do things like
collapse the "affected" lists, and possibly in the future create multiple
pages (like a page for 1.0.2, 1.0.1 etc)
---
Summary of changes:
Makefile | 5 +--
bin/mk-cvepage | 113 +
2 files changed, 115 insertions(+), 3 deletions(-)
create mode 100755 bin/mk-cvepage
diff --git a/Makefile b/Makefile
index dbaa5a5..3c73ac3 100644
--- a/Makefile
+++ b/Makefile
@@ -115,10 +115,9 @@ news/newsflash.inc: news/newsflash.txt
-e 's@^@@' \
-e 's@: @@' \
-e 's@$$@@'
-news/vulnerabilities.inc: bin/vulnerabilities.xsl news/vulnerabilities.xml
+news/vulnerabilities.inc: bin/mk-cvepage news/vulnerabilities.xml
@rm -f $@
- xsltproc bin/vulnerabilities.xsl news/vulnerabilities.xml >$@
-
+ ./bin/mk-cvepage -i news/vulnerabilities.xml > $@
source/.htaccess: $(wildcard source/openssl-*.tar.gz) bin/mk-latest
@rm -f @?
./bin/mk-latest source >$@
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
new file mode 100755
index 000..c8e9d1d
--- /dev/null
+++ b/bin/mk-cvepage
@@ -0,0 +1,113 @@
+#! /usr/bin/python
+#
+# Convert our XML file to a HTML file for the web page
+# let's replace vulnerabilities.xsl
+#
+
+from xml.dom import minidom
+import simplejson as json
+import codecs
+import re
+from optparse import OptionParser
+import datetime
+import sys
+
+# Versions of OpenSSL we never released, to allow us to display ranges, it's
not a big deal if they
+# are not included here, it just makes things look better if they are.
+neverreleased = "1.0.0h,";
+
+def merge_affects(issue,base):
+# let's merge the affects into a nice list which is better for Mitre text
but we have to take into account our stange lettering scheme
+prev = ""
+anext = ""
+alist = list()
+vlist = list()
+for affects in issue.getElementsByTagName('affects'): # so we can sort them
+ version = affects.getAttribute("version")
+ if (not base or base in version):
+ vlist.append(version)
+for ver in sorted(vlist):
+ # print "version %s (last was %s, next was %s)" %(ver,prev,anext)
+ if (ver != anext):
+ alist.append([ver])
+ elif len(alist[-1]) > 1:
+ alist[-1][-1] = ver
+ else:
+ alist[-1].append(ver)
+ prev = ver
+ if (unicode.isdigit(ver[-1])): # First version after 1.0.1 is 1.0.1a
+ anext = ver + "a"
+ elif (ver[-1] == "y"):
+ anext = ver[:-1] + "za"# We ran out of letters once so
y->za->zb
+ else:
+ anext = ver[:-1]+chr(ord(ver[-1])+1) # otherwise after 1.0.1a is
1.0.1b
+ while (anext in neverreleased): # skip unreleased versions
+ anext = anext[:-1]+chr(ord(anext[-1])+1)
+
+return ",".join(['-'.join(map(str,aff)) for aff in alist])
+
+parser = OptionParser()
+parser.add_option("-i", "--input", help="input vulnerability file live
openssl-web/news/vulnerabilities.xml", dest="input&quo
[openssl-commits] [web] master update
The branch master has been updated
via a0ccfe09df6a7a59a610c40e2f0e17065878e077 (commit)
from 22e17fc35d35640a6aaa98080ebeae14833e5a37 (commit)
- Log -
commit a0ccfe09df6a7a59a610c40e2f0e17065878e077
Author: Mark J. Cox
Date: Mon Jan 29 11:14:25 2018 +
Add a script to convert our vulnerabilities.xml file to json
as per Mitre CVE JSON format, and validate it. We'll use this
for submitting our CVE updates to Mitre (and we may use change the
creation of the web site pages to use a similar script in future
as the xslt we currently use is a little esoteric)
---
Summary of changes:
bin/vulnxml2json.py | 151
1 file changed, 151 insertions(+)
create mode 100755 bin/vulnxml2json.py
diff --git a/bin/vulnxml2json.py b/bin/vulnxml2json.py
new file mode 100755
index 000..41afbf8
--- /dev/null
+++ b/bin/vulnxml2json.py
@@ -0,0 +1,151 @@
+#! /usr/bin/python
+#
+# Convert our XML file to a JSON file as accepted by Mitre for CNA purposes
+# as per
https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
+#
+
+from xml.dom import minidom
+import simplejson as json
+import codecs
+import re
+from optparse import OptionParser
+
+# for validation
+import json
+import jsonschema
+from jsonschema import validate
+from jsonschema import Draft4Validator
+import urllib
+
+# Versions of OpenSSL we never released, to allow us to display ranges
+neverreleased = "1.0.0h,";
+
+# Location of CVE JSON schema (default, can use local file etc)
+default_cve_schema =
"https://raw.githubusercontent.com/CVEProject/automation-working-group/master/cve_json_schema/CVE_JSON_4.0_min_public.schema";
+
+def merge_affects(issue):
+# let's merge the affects into a nice list which is better for Mitre text
but we have to take into account our stange lettering scheme
+prev = ""
+anext = ""
+alist = list()
+vlist = list()
+for affects in issue.getElementsByTagName('affects'): # so we can sort them
+ vlist.append(affects.getAttribute("version"))
+for ver in sorted(vlist):
+ # print "version %s (last was %s, next was %s)" %(ver,prev,anext)
+ if (ver != anext):
+ alist.append([ver])
+ elif len(alist[-1]) > 1:
+ alist[-1][-1] = ver
+ else:
+ alist[-1].append(ver)
+ prev = ver
+ if (unicode.isdigit(ver[-1])): # First version after 1.0.1 is 1.0.1a
+ anext = ver + "a"
+ elif (ver[-1] == "y"):
+ anext = ver[:-1] + "za"# We ran out of letters once so
y->za->zb
+ else:
+ anext = ver[:-1]+chr(ord(ver[-1])+1) # otherwise after 1.0.1a is
1.0.1b
+ while (anext in neverreleased): # skip unreleased versions
+ anext = anext[:-1]+chr(ord(anext[-1])+1)
+
+return ",".join(['-'.join(map(str,aff)) for aff in alist])
+
+parser = OptionParser()
+parser.add_option("-s", "--schema", help="location of schema to check (default
"+default_cve_schema+")", default=default_cve_schema,dest="schema")
+parser.add_option("-i", "--input", help="input vulnerability file live
openssl-web/news/vulnerabilities.xml", dest="input")
+parser.add_option("-c", "--cve", help="comma separated list of cve names to
generate a json file for (or all)", dest="cves")
+parser.add_option("-o", "--outputdir", help="output directory for json file
(default ./)", default=".", dest="outputdir")
+(options, args) = parser.parse_args()
+
+if not options.input:
+ print "needs input file"
+ parser.print_help()
+ exit();
+
+if options.schema:
+ response = urllib.urlopen(options.schema)
+ schema_doc = json.loads(response.read())
+
+cvej = list()
+
+with codecs.open(options.input,"r","utf-8") as vulnfile:
+vulns = vulnfile.read()
+dom = minidom.parseString(vulns.encode("utf-8"))
+issues = dom.getElementsByTagName('issue')
+for issue in issues:
+cve = issue.getElementsByTagName('cve')[0].getAttribute('name')
+if (cve == ""):
+ continue
+if (options.cves):
+ if (not cve in options.cves):
+ continue
+cve = dict()
+cve['data_type']="CVE"
+cve['data_format']="MITRE"
+cve['data_version']="4.0"
+cve['CVE_data_meta']= { "ID":
"CVE-"+issue.getElementsByTagName('cve')[0].getAttribute('name&
[openssl-commits] [web] master update
The branch master has been updated via ab0288e13b02e6dce1edcbd9d83b130fc3caa876 (commit) from ac747af201144b372b8b6145d2219fae6bccd958 (commit) - Log - commit ab0288e13b02e6dce1edcbd9d83b130fc3caa876 Author: Mark J. Cox Date: Tue Jan 23 13:29:56 2018 + Fix link wrapping issue --- Summary of changes: policies/secpolicy.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index c143a80..9bca8c2 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -103,8 +103,7 @@ general purpose OS that uses OpenSSL as included on http://oss-security.openwall.org/wiki/mailing-lists/distros";>this - list of Operating System distribution security contacts. + href="http://oss-security.openwall.org/wiki/mailing-lists/distros";>this list of Operating System distribution security contacts. We may also include other organisations that are not listed but would otherwise qualify for list membership. We may _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ac747af201144b372b8b6145d2219fae6bccd958 (commit) from 11d98938cac1a3db7c001e497e44fcc07beb3503 (commit) - Log - commit ac747af201144b372b8b6145d2219fae6bccd958 Author: Mark J. Cox Date: Tue Jan 23 13:28:02 2018 + Simplify security policy, as per f2f discussion and subsequent OMC vote --- Summary of changes: policies/secpolicy.html | 177 +--- 1 file changed, 61 insertions(+), 116 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 26e34c3..c143a80 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,99 +12,38 @@ Security Policy - Last modified 28th September 2015 + Last modified 23rd January 2018 - Introduction - - Our policy on how we internally handle security issues - is based on experience and has evolved over the years. - Reporting security issues - We have an email address which can be used to notify - us of possible security vulnerabilities. A subset of - OpenSSL team members receive this mail, and messages - can be sent using PGP encryption. Full details are at https://www.openssl.org/news/vulnerabilities.html +If you wish to report a possible security issue in OpenSSL +please notify us. +Issue triage + - When we are notified about an issue we engage resources - within the OpenSSL team to investigate and prioritise it. - We may also utilise resources from the employers of our team - members or committers, as well as others we have worked with before. - +Notifications are received by a group of OpenSSL Management Committee +members. We engage resources within + OpenSSL to start the investigation and prioritisation. We may work in private + with individuals who are not on the OpenSSL Management Committee as + well as other organisations and + our employers where we believe + this can help with the issue investigation, resolution, or + testing. - Background - - - Everyone would like to get advance notice of security issues - in OpenSSL. This is a complex topic and we need to set out - some background with our findings: - - The more people you tell in advance the higher the - likelihood that a leak will occur. We have seen this - happen before, both with OpenSSL and other projects. - - A huge number of products from an equally large number of - organisations use OpenSSL. It's not just secure websites, you're - just as likely to find OpenSSL inside your smart TV, car, or - fridge. - - We strongly believe that the right to advance patches/info - should not be based in any way on paid membership to some forum. - You can not pay us to get security patches in advance. - - We can benefit from peer review of the patches and advisory. - Keeping security issues private means they can't get the level - of testing or scrutiny that they otherwise would. - It is not acceptable for organisations to use advance notice - in marketing as a competitive advantage. For example "if you - had bought our product/used our service you would have been - protected a week ago". - - There are actually not a large number of serious - vulnerabilities in OpenSSL which make it worth spending - significant time keeping our own list of vendors we trust, or - signing framework agreements, or dealing with changes, and - policing the policy. This is a significant amount of effort per - issue that is better spent on other things. - - We have previously used third parties to handle notification - for us including CPNI, oCERT, or CERT/CC, but none were - suitable. - - It's in the best interests of the Internet as a whole to get - fixes for OpenSSL security issues out quickly. OpenSSL embargoes - should be measured in days and weeks, not months or years. - - Many sites affected by OpenSSL issues will be running a - version of OpenSSL they got from some vendor (and likely bundled - with an operating system). The most effective way for these - si
[openssl-commits] [web] master update
The branch master has been updated via 11d98938cac1a3db7c001e497e44fcc07beb3503 (commit) from e18968d4f57b74c5c7cd6dc7c1893377d21a007f (commit) - Log - commit 11d98938cac1a3db7c001e497e44fcc07beb3503 Author: Mark J. Cox Date: Mon Jan 22 09:40:03 2018 + ToC is getting large and probably isn't ever used anyway, simplify so we get more before the break --- Summary of changes: bin/vulnerabilities.xsl | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/bin/vulnerabilities.xsl b/bin/vulnerabilities.xsl index bf035d3..145a6b0 100644 --- a/bin/vulnerabilities.xsl +++ b/bin/vulnerabilities.xsl @@ -48,14 +48,16 @@ Do not edit this file; edit vulnerabilities.xml -Table of Contents - +Jump to year: - + + + , + - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e18968d4f57b74c5c7cd6dc7c1893377d21a007f (commit) from 75d0764d335204555b07725adfacd001ae27b7a0 (commit) - Log - commit e18968d4f57b74c5c7cd6dc7c1893377d21a007f Author: Mark J. Cox Date: Mon Jan 22 09:35:54 2018 + Fix some bad formatting errors where we had entries with no advisories etc --- Summary of changes: bin/vulnerabilities.xsl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/vulnerabilities.xsl b/bin/vulnerabilities.xsl index e6a0ee3..bf035d3 100644 --- a/bin/vulnerabilities.xsl +++ b/bin/vulnerabilities.xsl @@ -77,8 +77,9 @@ + -(OpenSSL advisory) + (OpenSSL advisory) [ severity] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 75d0764d335204555b07725adfacd001ae27b7a0 (commit) from 7b59deb727d5f8665b918f3e5185a315a23ae398 (commit) - Log - commit 75d0764d335204555b07725adfacd001ae27b7a0 Author: Mark J. Cox Date: Mon Jan 22 09:28:45 2018 + Update vulnerability database with references for every CVE, either an advisory, link to PR, or git commit link. Split out the DTLS issues from 2009 as the three were not the same (and we can then ensure we only have one CVE per entry in this file) --- Summary of changes: news/vulnerabilities.xml | 87 ++-- 1 file changed, 76 insertions(+), 11 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 6eed241..27cea1d 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -4381,7 +4381,7 @@ service by sending invalid encodings. - + @@ -4392,6 +4392,7 @@ OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which were not properly handled in s2_srvr.c. + @@ -4620,7 +4621,7 @@ use Kerberos ciphersuites and will therefore be unaffected. - + @@ -4643,6 +4644,7 @@ use Kerberos ciphersuites and will therefore be unaffected. + @@ -5085,7 +5087,7 @@ read, for example RSA public keys. - + @@ -5097,6 +5099,7 @@ read, for example RSA public keys. + Fix a NULL pointer dereference if a DTLS server recieved ChangeCipherSpec as first record. @@ -5127,7 +5130,8 @@ Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation. - + +https://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest"/> @@ -5150,9 +5154,66 @@ remote attacker could use this flaw to cause a DTLS server to crash. - + +https://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest"/> + + + + + + + + + + + + + + + + +Fix a denial of service flaw in the DTLS implementation. +Records are buffered if they arrive with a future epoch to be +processed after finishing the corresponding handshake. There is +currently no limitation to this buffer allowing an attacker to perform +a DOS attack to a DTLS server by sending records with future epochs until there is no +memory left. + + + + + +https://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest"/> + + + + + + + + + + + + + + + + + + Fix a denial of service flaw in the DTLS implementation. +In dtls1_process_out_of_seq_message() the check if the current message +is already buffered was missing. For every new message was memory +allocated, allowing an attacker to perform an denial of service attack +against a DTLS server by sending out of seq handshake messages until there is no memory +left. + + + + +https://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest"/> @@ -5168,15 +5229,16 @@ remote attacker could use this flaw to cause a DTLS server to crash. + -Fix denial of service flaws in the DTLS implementation. A -remote attacker could use these flaws to cause a DTLS server to use -excessive amounts of memory, or crash. + Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment + function could cause a client accessing a malicious DTLS server to + crash. - + @@ -5191,6 +5253,7 @@ excessive amounts of memory, or crash. + A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c @@ -5201,7 +5264,7 @@ function. - + @@ -5216,6 +5279,7 @@ function. + It was discovered that OpenSSL did not always check the return value of the @@ -5226,7 +5290,7 @@ or, possibly, execute arbitrary code - + @@ -5242,6 +5306,7 @@ or, possibly, execute arbitrary code + A missing return value check flaw was discovered in OpenSSL, that could _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 7b59deb727d5f8665b918f3e5185a315a23ae398 (commit) from 3ce25987564d4a98da666c17dbf6feb70b4e16ed (commit) - Log - commit 7b59deb727d5f8665b918f3e5185a315a23ae398 Author: Mark J. Cox Date: Wed Jan 17 15:01:19 2018 + Fix advisory url, note which issues need links of some sort --- Summary of changes: news/vulnerabilities.xml | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 9e022e4..6eed241 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -4381,7 +4381,7 @@ service by sending invalid encodings. - + @@ -4620,7 +4620,7 @@ use Kerberos ciphersuites and will therefore be unaffected. - + @@ -5085,7 +5085,7 @@ read, for example RSA public keys. - + @@ -5127,7 +5127,7 @@ Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation. - + @@ -5150,7 +5150,7 @@ remote attacker could use this flaw to cause a DTLS server to crash. - + @@ -5176,7 +5176,7 @@ excessive amounts of memory, or crash. - + @@ -5201,7 +5201,7 @@ function. - + @@ -5226,7 +5226,7 @@ or, possibly, execute arbitrary code - + @@ -6031,7 +6031,7 @@ This issue only affected OpenSSL 1.0.1 versions. - + @@ -6050,7 +6050,7 @@ server could use this flaw to crash a connecting client. This issue only affect -https://www.openssl.org/news/secadv/20140605.txt"/> + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 3ce25987564d4a98da666c17dbf6feb70b4e16ed (commit) from 18c21788f12170c543d93a72f5e55febe1d9bf20 (commit) - Log - commit 3ce25987564d4a98da666c17dbf6feb70b4e16ed Author: Mark J. Cox Date: Wed Jan 17 14:36:16 2018 + Working on conversion of the xml to Mitre JSON; there are a few issues that fail validation due to 1) missing affects (fixed) and 2) missing references. Some are still missing references as there was no security advisory and I'll link to the commits instead over time. --- Summary of changes: news/vulnerabilities.xml | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index c96da20..9e022e4 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -4356,6 +4356,8 @@ large session ID in SSL3. + + A buffer overflow when Kerberos is enabled allowed attackers @@ -4366,6 +4368,7 @@ flaw did not affect any released version of 0.9.6 or 0.9.7 + @@ -4944,7 +4947,8 @@ only when applications are compiled for debugging. - + + The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates @@ -6046,6 +6050,7 @@ server could use this flaw to crash a connecting client. This issue only affect +https://www.openssl.org/news/secadv/20140605.txt"/> _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 70525d16672d72effc2ac4343fbb3659b5a15f4d (commit) from 809ca07f8d524710f2f76d35c74d9712e71447a6 (commit) - Log - commit 70525d16672d72effc2ac4343fbb3659b5a15f4d Author: Mark J Cox Date: Fri Dec 15 13:09:13 2017 + Add link from "employers" to the actual list, for transparency --- Summary of changes: policies/secpolicy.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index d6c691c..26e34c3 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -35,7 +35,7 @@ When we are notified about an issue we engage resources within the OpenSSL team to investigate and prioritise it. - We may also utilise resources from the employers of our team + We may also utilise resources from the employers of our team members or committers, as well as others we have worked with before. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 9e202bb48ed00656e8af83e6cd654a4e2209948a (commit) from e5f2c86257184fc2a9331d5ea53fd9f790e7181b (commit) - Log - commit 9e202bb48ed00656e8af83e6cd654a4e2209948a Author: Mark J. Cox Date: Wed Mar 29 08:02:28 2017 +0100 CNA requirements have a field for "problem type" which is vaguely defined but we'll need to provide it. Also add a "title" field to newer entries as this is in our advisories already but missing from the vulns html page (not added there yet however) --- Summary of changes: news/vulnerabilities.xml | 17 + 1 file changed, 17 insertions(+) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 3d759a8..668e987 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -15,6 +15,8 @@ +protocol error +Encrypt-Then-Mac renegotiation crash During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then @@ -44,6 +46,8 @@ +out-of-bounds read +Truncated packet could crash via OOB read If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or @@ -66,6 +70,8 @@ +NULL pointer deference +Bad (EC)DHE parameters cause a client crash If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a @@ -95,6 +101,8 @@ +carry-propagating bug +BN_mod_exp may produce incorrect results on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks @@ -121,6 +129,8 @@ +protocol error +ChaCha20/Poly1305 heap-buffer-overflow TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL @@ -136,6 +146,8 @@ +NULL pointer deference +CMS Null dereference Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE @@ -166,6 +178,8 @@ +carry propagating bug +Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but @@ -193,6 +207,7 @@ +write to free This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. @@ -212,6 +227,7 @@ +NULL pointer exception This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. @@ -260,6 +276,7 @@ +memory leak A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated
via e5f2c86257184fc2a9331d5ea53fd9f790e7181b (commit)
from f5b1e33b845050d23aed66d926f850a3accc66d3 (commit)
- Log -
commit e5f2c86257184fc2a9331d5ea53fd9f790e7181b
Author: Mark J. Cox
Date: Tue Mar 28 08:17:54 2017 +0100
Vuln page and other pages looked bad due to bad li indent, quick
fix
---
Summary of changes:
inc/screen.css | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/inc/screen.css b/inc/screen.css
index 6f0def4..4af1a4a 100644
--- a/inc/screen.css
+++ b/inc/screen.css
@@ -24,7 +24,8 @@ html {
}
ol, ul {
- list-style: none;
+list-style: none;
+padding-left: 2em;
}
dd {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via bb01f78cc17fc7fc9aba39f34e7403e0d38f4309 (commit) from 6ab0a53dba21e3d4bc94859ec6dc6624cff8f774 (commit) - Log - commit bb01f78cc17fc7fc9aba39f34e7403e0d38f4309 Author: Mark J. Cox Date: Thu Feb 16 12:18:53 2017 + Add link to advisory --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 1a66cde..9667597 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Feb-2017: Security Advisory: one security fix 16-Feb-2017: OpenSSL 1.1.0e is now available, including bug and security fixes 13-Feb-2017: New Blog post: https://www.openssl.org/blog/blog/2017/02/13/bylaws/";>Project Bylaws 13-Feb-2017: New https://www.openssl.org/policies/bylaws.html";>OpenSSL Bylaws published _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via e088c8bb8449c3613e41a5200acbd56cd23268b8 (commit) from 001a0f55253e2dc9dd7360b6e5d20a158c319bcc (commit) - Log - commit e088c8bb8449c3613e41a5200acbd56cd23268b8 Author: Mark J. Cox Date: Tue Feb 14 10:45:51 2017 + Add blog post and bylaws --- Summary of changes: news/newsflash.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 8d8e4b7..a32903f 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +13-Feb-2017: New Blog post: https://www.openssl.org/blog/blog/2017/02/13/bylaws/";>Project Bylaws +13-Feb-2017: New https://www.openssl.org/policies/bylaws.html";>OpenSSL Bylaws published 13-Feb-2017: OpenSSL 1.1.0e https://mta.openssl.org/pipermail/openssl-announce/2017-February/95.html";>security release due on 16th February 2017 26-Jan-2017: Security Advisory: several security fixes 26-Jan-2017: OpenSSL 1.1.0d is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via bd52d4392ffaaf5d36a6df2880dc0cd35c02d2dd (commit) from 5462c2b6332641c05197264f8f6f62b7070d0330 (commit) - Log - commit bd52d4392ffaaf5d36a6df2880dc0cd35c02d2dd Author: Mark J. Cox Date: Mon Feb 13 09:02:14 2017 + useright date --- Summary of changes: news/newsflash.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 63d3f57..8d8e4b7 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,7 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item -13-Feb-2017: OpenSSL 1.1.0e https://mta.openssl.org/pipermail/openssl-announce/2017-February/95.html";>security release due on 17th February 2017 +13-Feb-2017: OpenSSL 1.1.0e https://mta.openssl.org/pipermail/openssl-announce/2017-February/95.html";>security release due on 16th February 2017 26-Jan-2017: Security Advisory: several security fixes 26-Jan-2017: OpenSSL 1.1.0d is now available, including bug and security fixes 26-Jan-2017: OpenSSL 1.0.2k is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5462c2b6332641c05197264f8f6f62b7070d0330 (commit) from e73ecc3a9de63cbe57d503e8fed1a9884a074000 (commit) - Log - commit 5462c2b6332641c05197264f8f6f62b7070d0330 Author: Mark J. Cox Date: Mon Feb 13 08:55:03 2017 + Add ref to preannounce --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index c5a88e3..63d3f57 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +13-Feb-2017: OpenSSL 1.1.0e https://mta.openssl.org/pipermail/openssl-announce/2017-February/95.html";>security release due on 17th February 2017 26-Jan-2017: Security Advisory: several security fixes 26-Jan-2017: OpenSSL 1.1.0d is now available, including bug and security fixes 26-Jan-2017: OpenSSL 1.0.2k is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8a3857ed83a03aecbc900ddb380eff53e0842d46 (commit) from 466d4694fc4d785fdc8a4f613787181b1fbfb8bc (commit) - Log - commit 8a3857ed83a03aecbc900ddb380eff53e0842d46 Author: Mark J. Cox Date: Mon Jan 30 13:01:47 2017 + Missing from home page https://twitter.com/hanno/status/826050473853612032 --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 60eb7c5..c5a88e3 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +26-Jan-2017: Security Advisory: several security fixes 26-Jan-2017: OpenSSL 1.1.0d is now available, including bug and security fixes 26-Jan-2017: OpenSSL 1.0.2k is now available, including bug and security fixes 23-Jan-2017: OpenSSL 1.1.0d, 1.0.2k https://mta.openssl.org/pipermail/openssl-announce/2017-January/91.html";>security release due on 26th January 2017 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 8962398f72a4c4c04caf80069dcc59cb7a544c48 (commit) from 54431437a78392906910d31ca59cd6591e3ef0ba (commit) - Log - commit 8962398f72a4c4c04caf80069dcc59cb7a544c48 Author: Mark J. Cox Date: Mon Jan 23 21:13:00 2017 + Update newsflash for upcoming secuirty release --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index c1c16e3..525a960 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +23-Jan-2017: OpenSSL 1.1.0d, 1.0.2k https://mta.openssl.org/pipermail/openssl-announce/2017-January/91.html";>security release due on 26th January 2017 02-Jan-2017: The OpenSSL 1.0.1 series of releases are now out of support. Please upgrade to 1.1.0 or 1.0.2. 10-Nov-2016: Security Advisory: several security fixes 10-Nov-2016: OpenSSL 1.1.0c is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 183632aa1c2541118fe7b465c05db7d364b0 (commit) from 5371172a04aa5a6757d77efba75d66e6c7bb636f (commit) - Log - commit 183632aa1c2541118fe7b465c05db7d364b0 Author: Mark J. Cox Date: Mon Nov 7 11:19:31 2016 + Use correct pasted link --- Summary of changes: news/newsflash.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 5848af6..7cdd7aa 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,7 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item -07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html";>security release due on 10th November 2016 +07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-November/85.html";>security release due on 10th November 2016 12-Oct-2016: New Blog post: https://www.openssl.org/blog/blog/2016/10/12/f2f-rt-github/";>Face to Face: Goodbye RT, Hello GitHub 26-Sep-2016: Security Advisory: Two security fixes 26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5371172a04aa5a6757d77efba75d66e6c7bb636f (commit) from 940e30d84bf1d54701725a1744af2df0ac081a85 (commit) - Log - commit 5371172a04aa5a6757d77efba75d66e6c7bb636f Author: Mark J. Cox Date: Mon Nov 7 11:18:24 2016 + Add nov 10 details --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 92f3e01..5848af6 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html";>security release due on 10th November 2016 12-Oct-2016: New Blog post: https://www.openssl.org/blog/blog/2016/10/12/f2f-rt-github/";>Face to Face: Goodbye RT, Hello GitHub 26-Sep-2016: Security Advisory: Two security fixes 26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via ee08d5718cc67ddf208fa08d5d6dbedc1c582ff3 (commit) from 18fc4b7e05dbd707be58da1262d74b7a441bbc8b (commit) - Log - commit ee08d5718cc67ddf208fa08d5d6dbedc1c582ff3 Author: Mark J. Cox Date: Thu Oct 13 09:26:09 2016 +0100 Revert my inadvertant changes to Makefile --- Summary of changes: Makefile | 4 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index fa6f692..2ff7768 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,10 @@ RELEASEDIR = /var/www/openssl/source # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ docs/faq.inc docs/fips.inc \ + news/changelog.inc news/changelog.txt \ + news/cl101.txt news/cl102.txt news/cl110.txt \ + news/openssl-1.0.1-notes.inc news/openssl-1.0.2-notes.inc \ + news/openssl-1.1.0-notes.inc \ news/newsflash.inc \ news/vulnerabilities.inc \ source/.htaccess \ _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 18fc4b7e05dbd707be58da1262d74b7a441bbc8b (commit) from 621f13efef38d2bdafafbdbcdb15457a7e2e6f04 (commit) - Log - commit 18fc4b7e05dbd707be58da1262d74b7a441bbc8b Author: Mark J. Cox Date: Thu Oct 13 09:03:22 2016 +0100 Try an experiment, add the blog post to the latest news. We should automate that ;) Increase lines to 6 in latest news block --- Summary of changes: Makefile | 6 +- news/newsflash.txt | 1 + 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 28b1e53..fa6f692 100644 --- a/Makefile +++ b/Makefile @@ -12,10 +12,6 @@ RELEASEDIR = /var/www/openssl/source # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ docs/faq.inc docs/fips.inc \ -news/changelog.inc news/changelog.txt \ -news/cl101.txt news/cl102.txt news/cl110.txt \ -news/openssl-1.0.1-notes.inc news/openssl-1.0.2-notes.inc \ -news/openssl-1.1.0-notes.inc \ news/newsflash.inc \ news/vulnerabilities.inc \ source/.htaccess \ @@ -58,7 +54,7 @@ clean: newsflash.inc: news/newsflash.inc @rm -f $@ - head -6 $? >$@ + head -7 $? >$@ sitemap.txt: bin/mk-sitemap @rm -f $@ ./bin/mk-sitemap >$@ diff --git a/news/newsflash.txt b/news/newsflash.txt index e10aef8..92f3e01 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +12-Oct-2016: New Blog post: https://www.openssl.org/blog/blog/2016/10/12/f2f-rt-github/";>Face to Face: Goodbye RT, Hello GitHub 26-Sep-2016: Security Advisory: Two security fixes 26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix 26-Sep-2016: OpenSSL 1.0.2j is now available, including a security fix _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via bf56f9aa180a9abbc2f96f75bdaab62818a24f64 (commit) via 73e3771bff7a8c6d277c5f5c64cf46fef1fb98c1 (commit) from 51d47d31b1baaf7c275e2a696665983488b01340 (commit) - Log - commit bf56f9aa180a9abbc2f96f75bdaab62818a24f64 Author: Mark J. Cox Date: Sun Oct 9 11:19:35 2016 +0100 Add more dates of reported commit 73e3771bff7a8c6d277c5f5c64cf46fef1fb98c1 Author: Mark J. Cox Date: Sun Oct 9 11:19:12 2016 +0100 Allow multiple reported (for independant) Display reported date if we know it --- Summary of changes: bin/vulnerabilities.xsl | 15 --- news/vulnerabilities.xml | 31 --- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/bin/vulnerabilities.xsl b/bin/vulnerabilities.xsl index 8c7b915..e6a0ee3 100644 --- a/bin/vulnerabilities.xsl +++ b/bin/vulnerabilities.xsl @@ -90,9 +90,18 @@ - - Reported by . - + + + Reported by + + on + + + + + . + + Fixed in OpenSSL diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 518d74d..392128c 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -1557,7 +1557,7 @@ of service attack. - + @@ -1584,7 +1584,7 @@ default in OpenSSL DHE based SSL/TLS ciphersuites. - + @@ -1624,7 +1624,7 @@ servers which enable client authentication. - + @@ -1716,7 +1716,7 @@ SSL/TLS is not affected. - + @@ -1793,7 +1793,7 @@ "issue" an invalid certificate. - + @@ -1852,7 +1852,7 @@ client authentication enabled. - + @@ -1943,7 +1943,8 @@ callbacks. - + + @@ -2030,7 +2031,7 @@ servers are not affected. - + @@ -2115,7 +2116,7 @@ verifies signedData messages using the CMS code. - + @@ -2263,7 +2264,7 @@ corruption. - + @@ -2277,7 +2278,7 @@ invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. - + @@ -2298,7 +2299,7 @@ it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. - + @@ -2316,7 +2317,7 @@ example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server. - + @@ -2390,7 +2391,7 @@ application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. - + @@ -2553,7 +2554,7 @@ otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 51d47d31b1baaf7c275e2a696665983488b01340 (commit) from 674195c2ea51de57b28906e17832c75716694b2a (commit) - Log - commit 51d47d31b1baaf7c275e2a696665983488b01340 Author: Mark J. Cox Date: Sat Oct 8 13:41:29 2016 +0100 Add reported dates to xml for anything 2016+ (useful for Emilia's blog) --- Summary of changes: news/vulnerabilities.xml | 62 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index e53c367..518d74d 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -23,7 +23,7 @@ could potentially lead to execution of arbitrary code. - + @@ -39,7 +39,7 @@ CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. - + @@ -92,7 +92,7 @@ support. - + @@ -106,7 +106,7 @@ attack. - + @@ -155,7 +155,7 @@ on most platforms. - + @@ -202,7 +202,7 @@ a custom server callback and ticket lookup mechanism. - + @@ -248,7 +248,7 @@ record limits will reject an oversized certificate before it is parsed. - + @@ -292,7 +292,7 @@ of data written. This will result in OOB reads when large OIDs are presented. - + @@ -351,7 +351,7 @@ values of len that are too big and therefore p + len < limit. - + @@ -397,7 +397,7 @@ recover the private DSA key. - + @@ -448,7 +448,7 @@ through memory exhaustion. - + @@ -496,7 +496,7 @@ DTLS connection. - + @@ -543,7 +543,7 @@ a client or a server which enables client authentication. - + @@ -585,7 +585,7 @@ of memory - which would then mean a more serious Denial of Service. - + @@ -627,7 +627,7 @@ of memory - which would then mean a more serious Denial of Service. - + @@ -687,7 +687,7 @@ Certification Authorities. - + @@ -736,7 +736,7 @@ bytes. - + @@ -788,7 +788,7 @@ message. This is no longer believed to be the case). - + @@ -846,7 +846,7 @@ this function directly. - + @@ -893,7 +893,7 @@ TLS applications are not affected. - + @@ -935,7 +935,7 @@ This could result in arbitrary stack data being returned in the buffer. - + @@ -1014,7 +1014,7 @@ not provide any "EXPORT" or "LOW" strength ciphers. - + @@ -1055,7 +1055,7 @@ rare. - + @@ -1112,7 +1112,7 @@ constant time. - + @@ -1165,7 +1165,7 @@ also anticipated to be rare. - + @@ -1224,7 +1224,7 @@ trigger these issues because of message size limits enforced within libssl. - + @@ -1266,7 +1266,7 @@ the victim thread which is performing decryptions. - + @@ -1355,7 +1355,7 @@ computation. - + @@ -1438,7 +1438,7 @@ the DROWN attack. - + @@ -1500,7 +1500,7 @@ and cannot be disabled. This could have some performance impact. - + @@ -1539,7 +1539,7 @@ SSL_OP_NO_SSLv2. - + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
