Mark J. Cox [Tue, 30 Jan 2018 10:13:34 +0000 (10:13 +0000)]
Add EOL notes to the vulnerability pages so it's clear they are
no longer getting security updates (which was kind of the point
of doing these extra pages to start with)
Mark J. Cox [Tue, 30 Jan 2018 10:02:12 +0000 (10:02 +0000)]
Also ignore the new vulnerabilities inc files
Mark J. Cox [Tue, 30 Jan 2018 10:00:23 +0000 (10:00 +0000)]
Add vulnerability page for each version. If we did lots of major
releases it might be worth automating this a bit better. We could
have used a single page with clever javascript to filter the issues
too (but lets not start adding javascript for the sake of it)
Mark J. Cox [Tue, 30 Jan 2018 09:43:25 +0000 (09:43 +0000)]
Make the per-version vulnerability files. We could probably do something
clever here to work out all the versions we have releases for.
Mark J. Cox [Tue, 30 Jan 2018 09:27:28 +0000 (09:27 +0000)]
Link to all-issues page, better detection of "no vulnerabilities" for a given base version
Mark J. Cox [Tue, 30 Jan 2018 09:19:21 +0000 (09:19 +0000)]
Update mk-cvepage to remain backward compatible for now, but allow generation of a
"per major version" vuln page. So users of 1.1.0 can if they like just see a page
of issues that were fixed in 1.1.0*
Mark J. Cox [Mon, 29 Jan 2018 15:18:59 +0000 (15:18 +0000)]
Match lower case severity names in security policy
Mark J. Cox [Mon, 29 Jan 2018 15:16:35 +0000 (15:16 +0000)]
So we can link directly to severities
Mark J. Cox [Mon, 29 Jan 2018 14:49:07 +0000 (14:49 +0000)]
Move the git hash links to the respective 'fixed' sections so they show up on the vulnerabilities page
Mark J. Cox [Mon, 29 Jan 2018 14:45:01 +0000 (14:45 +0000)]
missing closing h3
Mark J. Cox [Mon, 29 Jan 2018 14:42:59 +0000 (14:42 +0000)]
tabs not spaces
Mark J. Cox [Mon, 29 Jan 2018 14:39:23 +0000 (14:39 +0000)]
Switch out the vulnerabilities.xsl for python, the differences to the
final page should be ordering (now for a given date in CVE order),
dates don't have suffixes like "1st", and ranges of affected versions
are used instead of listing every affected version
Mark J. Cox [Mon, 29 Jan 2018 14:38:27 +0000 (14:38 +0000)]
change mind, don't use output dir since we need to know what inc files
we create, so we'll do that as an option later
Mark J. Cox [Mon, 29 Jan 2018 14:34:06 +0000 (14:34 +0000)]
we use an inc file for vulnerabilities page
Mark J. Cox [Mon, 29 Jan 2018 14:31:53 +0000 (14:31 +0000)]
The xslt we use to convert the vulnerabilities.xml is clever, but esoteric, so
let's replace it with python instead and that way we can do things like
collapse the "affected" lists, and possibly in the future create multiple
pages (like a page for 1.0.2, 1.0.1 etc)
Mark J. Cox [Mon, 29 Jan 2018 11:14:25 +0000 (11:14 +0000)]
Add a script to convert our vulnerabilities.xml file to json
as per Mitre CVE JSON format, and validate it. We'll use this
for submitting our CVE updates to Mitre (and we may use change the
creation of the web site pages to use a similar script in future
as the xslt we currently use is a little esoteric)
Rich Salz [Tue, 23 Jan 2018 16:56:30 +0000 (11:56 -0500)]
Add -project mailing list; -dev is archived
Mark J. Cox [Tue, 23 Jan 2018 13:29:56 +0000 (13:29 +0000)]
Fix link wrapping issue
Mark J. Cox [Tue, 23 Jan 2018 13:28:02 +0000 (13:28 +0000)]
Simplify security policy, as per f2f discussion and subsequent OMC vote
Mark J. Cox [Mon, 22 Jan 2018 09:40:03 +0000 (09:40 +0000)]
ToC is getting large and probably isn't ever used anyway, simplify
so we get more before the break
Mark J. Cox [Mon, 22 Jan 2018 09:35:54 +0000 (09:35 +0000)]
Fix some bad formatting errors where we had entries with no advisories etc
Mark J. Cox [Mon, 22 Jan 2018 09:28:45 +0000 (09:28 +0000)]
Update vulnerability database with references for every CVE, either an
advisory, link to PR, or git commit link. Split out the DTLS issues
from 2009 as the three were not the same (and we can then ensure we
only have one CVE per entry in this file)
Mark J. Cox [Wed, 17 Jan 2018 15:01:19 +0000 (15:01 +0000)]
Fix advisory url, note which issues need links of some sort
Mark J. Cox [Wed, 17 Jan 2018 14:36:16 +0000 (14:36 +0000)]
Working on conversion of the xml to Mitre JSON; there are a few
issues that fail validation due to 1) missing affects (fixed)
and 2) missing references. Some are still missing references
as there was no security advisory and I'll link to the commits
instead over time.
Richard Levitte [Thu, 11 Jan 2018 17:23:02 +0000 (18:23 +0100)]
Steve Henson doesn't sign releases any longer
Fixes #38
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/39)
Matt Caswell [Wed, 10 Jan 2018 23:07:20 +0000 (23:07 +0000)]
Add link to Levchin prize blog post in news
Rich Salz [Thu, 4 Jan 2018 03:22:40 +0000 (22:22 -0500)]
Add security.txt
Rich Salz [Wed, 3 Jan 2018 16:27:33 +0000 (11:27 -0500)]
More doc on security level
Inspired by https://github.com/openssl/web/pull/37 by Ben Kaduk
Rich Salz [Wed, 3 Jan 2018 16:03:10 +0000 (11:03 -0500)]
Add "unknown size" text
Rich Salz [Tue, 2 Jan 2018 21:00:40 +0000 (16:00 -0500)]
Remove old sponsors
Rich Salz [Tue, 2 Jan 2018 17:54:25 +0000 (12:54 -0500)]
Fix typo
Rich Salz [Tue, 2 Jan 2018 17:47:27 +0000 (12:47 -0500)]
Fix typo
Rich Salz [Tue, 2 Jan 2018 17:46:02 +0000 (12:46 -0500)]
Move OSS to openssl.com website
nickthetait [Tue, 2 Jan 2018 23:09:50 +0000 (16:09 -0700)]
Create FAQ entry for enabling weak ciphers
Fixes #18
(Merged from https://github.com/openssl/web/pull/36)
nickthetait [Mon, 1 Jan 2018 04:32:36 +0000 (21:32 -0700)]
Add CLA link; remove outdated OpenGear link.
(Merged from https://github.com/openssl/web/pull/35/files)
Rich Salz [Mon, 1 Jan 2018 16:43:50 +0000 (11:43 -0500)]
Issue #19; FAQ for opaque structures
Rich Salz [Mon, 1 Jan 2018 16:37:09 +0000 (11:37 -0500)]
Update copyright
Jörn Heissler [Tue, 26 Dec 2017 10:36:48 +0000 (11:36 +0100)]
Fix duplicate words in in codingstyle.txt
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
GH: #33
Tim Hudson [Thu, 21 Dec 2017 21:59:28 +0000 (07:59 +1000)]
update roadmap as per face to face decisions
- TLSv1.3 primary focus release is 1.1.1
- FIPS primary focus release is after 1.1.1
Tim Hudson [Wed, 20 Dec 2017 23:09:55 +0000 (09:09 +1000)]
more formatting
Tim Hudson [Wed, 20 Dec 2017 23:08:58 +0000 (09:08 +1000)]
correct formatting
Tim Hudson [Wed, 20 Dec 2017 23:05:12 +0000 (09:05 +1000)]
added bylaws change history
Tim Hudson [Wed, 20 Dec 2017 22:54:56 +0000 (08:54 +1000)]
add leave-of-absence as per OMC vote
Rich Salz [Mon, 18 Dec 2017 13:01:36 +0000 (08:01 -0500)]
Add Softing (Bernd)
Rich Salz [Fri, 15 Dec 2017 14:20:45 +0000 (09:20 -0500)]
Remove reference to 1.0.3.
Mark J Cox [Fri, 15 Dec 2017 13:09:13 +0000 (13:09 +0000)]
Add link from "employers" to the actual list, for transparency
Rich Salz [Fri, 15 Dec 2017 09:43:21 +0000 (04:43 -0500)]
Fix formatting, remove AWS
Rich Salz [Fri, 15 Dec 2017 09:40:39 +0000 (04:40 -0500)]
Add compnies; remove outdated
Rich Salz [Thu, 14 Dec 2017 11:29:39 +0000 (06:29 -0500)]
Remove telephone number
Rich Salz [Tue, 12 Dec 2017 14:59:40 +0000 (09:59 -0500)]
More clarification
Rich Salz [Tue, 12 Dec 2017 14:47:45 +0000 (09:47 -0500)]
Wording tweak
Rich Salz [Mon, 11 Dec 2017 17:54:44 +0000 (12:54 -0500)]
Consolidate some FIPS pages into one
Remove unused image/logo files.
Tim Hudson [Sun, 10 Dec 2017 12:37:22 +0000 (22:37 +1000)]
update the fips related information
- remove all references and pointers to OVS or openssl.com
- remove negative comments/opinions/statements about NIST/CSE/CMVP
- remove historical advertising information
- point to the general contact address
Matt Caswell [Thu, 7 Dec 2017 13:42:20 +0000 (13:42 +0000)]
Updates for the new release
Rich Salz [Wed, 6 Dec 2017 14:05:32 +0000 (09:05 -0500)]
Remove OVS mention (after vote)
Rich Salz [Mon, 27 Nov 2017 02:45:06 +0000 (21:45 -0500)]
Update FIPS status
Tim Hudson [Fri, 24 Nov 2017 11:23:38 +0000 (21:23 +1000)]
align policy wording with bylaws
remove historical introduction text
Rich Salz [Thu, 16 Nov 2017 16:07:07 +0000 (11:07 -0500)]
Restore OVS to bylaws
Rich Salz [Thu, 16 Nov 2017 06:00:41 +0000 (01:00 -0500)]
Fix typos
Rich Salz [Thu, 16 Nov 2017 05:57:53 +0000 (00:57 -0500)]
fix typo
Rich Salz [Thu, 16 Nov 2017 05:57:17 +0000 (00:57 -0500)]
Sync contact titles
Rich Salz [Thu, 16 Nov 2017 05:55:50 +0000 (00:55 -0500)]
Remove duplicate email line
Rich Salz [Thu, 16 Nov 2017 05:54:34 +0000 (00:54 -0500)]
Tweak header
Rich Salz [Thu, 16 Nov 2017 05:52:11 +0000 (00:52 -0500)]
Bylaws transparency
Rename bylaws to omc-bylaws
Add OSS bylaws
Rich Salz [Thu, 16 Nov 2017 05:34:30 +0000 (00:34 -0500)]
Unify to one address
Richard Levitte [Wed, 15 Nov 2017 16:06:38 +0000 (17:06 +0100)]
SteveM has officially resigned, move to OMC Alumni
Rich Salz [Tue, 14 Nov 2017 23:48:32 +0000 (18:48 -0500)]
Remove "members are availble"
Rich Salz [Tue, 14 Nov 2017 23:45:43 +0000 (18:45 -0500)]
Revise tax-exempt status
Rich Salz [Tue, 14 Nov 2017 22:59:54 +0000 (17:59 -0500)]
Remove OVS, FIPS Private Label
Rich Salz [Tue, 14 Nov 2017 08:59:07 +0000 (03:59 -0500)]
remove OVS reference
Rich Salz [Fri, 3 Nov 2017 12:36:11 +0000 (08:36 -0400)]
Fix typo
Rich Salz [Fri, 3 Nov 2017 12:35:24 +0000 (08:35 -0400)]
Fix typo
Rich Salz [Fri, 3 Nov 2017 12:31:09 +0000 (08:31 -0400)]
Add secadv mention
Matt Caswell [Thu, 2 Nov 2017 17:23:47 +0000 (17:23 +0000)]
Update the advisory from
20170828 with the latest release information.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/web/pull/31)
Kurt Roeckx [Thu, 17 Aug 2017 20:06:28 +0000 (22:06 +0200)]
Fix duplicate line
Matt Caswell [Thu, 2 Nov 2017 14:47:35 +0000 (14:47 +0000)]
Updates for new release
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Fri, 27 Oct 2017 12:53:50 +0000 (08:53 -0400)]
Add trademark policy
(Merged from https://github.com/openssl/web/pull/30)
Richard Levitte [Wed, 25 Oct 2017 09:36:01 +0000 (11:36 +0200)]
Make purge-one-hour run the newer script
The newer script is elsewhere, for git server automation reasons.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29)
Richard Levitte [Tue, 24 Oct 2017 16:51:48 +0000 (18:51 +0200)]
Fix typo in docs/.htaccess
Matt Caswell [Tue, 24 Oct 2017 14:11:34 +0000 (15:11 +0100)]
Update OMC and Alumni list
Updates as a result of:
https://www.openssl.org/blog/blog/2017/10/24/steve-henson/
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27)
Rich Salz [Mon, 23 Oct 2017 19:51:31 +0000 (15:51 -0400)]
Add some rewrite rules
Recommended by a usability study conducted by Martin Ukrop at CRoCS, FI MU
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/web/pull/26)
Richard Levitte [Thu, 19 Oct 2017 15:31:07 +0000 (17:31 +0200)]
Allow dashes and periods in manpage names
Kurt Roeckx [Sun, 8 Oct 2017 10:00:26 +0000 (12:00 +0200)]
Also update the expiration date of the encryption key
Kurt Roeckx [Sun, 8 Oct 2017 09:57:21 +0000 (11:57 +0200)]
Really revoke the team email address
Kurt Roeckx [Sun, 8 Oct 2017 09:49:39 +0000 (11:49 +0200)]
Update key expiration date, revoke -team uid, add -omc uid
Rich Salz [Tue, 3 Oct 2017 18:55:32 +0000 (14:55 -0400)]
Eric/Tim acknowledgement not needed for the website
It's in the license of the source distributions.
Richard Levitte [Sat, 7 Oct 2017 07:53:25 +0000 (09:53 +0200)]
OMC page: remove alumni, refer to alumni page
Also, remove italics. There's is no "core team" any more.
Richard Levitte [Tue, 3 Oct 2017 07:34:30 +0000 (09:34 +0200)]
OMC Alumni page
Note: currently not linked from anywhere, only made available for
internal viewing. As soon as approved, omc.html will be edited
accordingly.
Rich Salz [Sat, 30 Sep 2017 13:23:33 +0000 (09:23 -0400)]
Always purge top of the blog tree
Steve Marquess [Thu, 28 Sep 2017 12:35:11 +0000 (08:35 -0400)]
Remove LF logo
Benjamin Kaduk [Wed, 6 Sep 2017 20:49:10 +0000 (15:49 -0500)]
Attempt to add a FAQ about TLS security levels
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/web/pull/23)
Rich Salz [Fri, 1 Sep 2017 19:02:25 +0000 (15:02 -0400)]
Use invalidate not delete
Rich Salz [Fri, 1 Sep 2017 18:19:56 +0000 (14:19 -0400)]
Add script to purge Akamai CDN
Rich Salz [Fri, 1 Sep 2017 18:07:47 +0000 (14:07 -0400)]
Update issue publication date
Rich Salz [Tue, 29 Aug 2017 17:55:14 +0000 (13:55 -0400)]
Fix typo
Rich Salz [Tue, 29 Aug 2017 13:57:03 +0000 (09:57 -0400)]
Update -git to -dev; add date comment
Rich Salz [Tue, 29 Aug 2017 13:49:26 +0000 (09:49 -0400)]
update updated date
Rich Salz [Mon, 28 Aug 2017 18:00:08 +0000 (14:00 -0400)]
Add PR link
Rich Salz [Mon, 28 Aug 2017 17:40:04 +0000 (13:40 -0400)]
Remove newline
wetinee [Wed, 23 Aug 2017 06:57:31 +0000 (14:57 +0800)]
CVE 2017-3735
Reviewed-by: Rich Salz <rsalz@openssl.org>