Dr. Stephen Henson [Sun, 14 Sep 2008 23:02:55 +0000 (23:02 +0000)]
Send .asc types with a more useful MIME type.
Lutz Jänicke [Mon, 4 Aug 2008 08:57:27 +0000 (08:57 +0000)]
Add entry for commercial services provided by dmp|cda
Lutz Jänicke [Fri, 11 Jul 2008 07:16:15 +0000 (07:16 +0000)]
Only subscribers are allowed to post to openssl-users.
Reported by "Frank J. Iannarilli" <franki@aerodyne.com>.
Mark J. Cox [Wed, 28 May 2008 10:02:56 +0000 (10:02 +0000)]
fix to use utf-8
Mark J. Cox [Wed, 28 May 2008 10:02:14 +0000 (10:02 +0000)]
Convert announce.txt to utf-8
Mark J. Cox [Wed, 28 May 2008 08:14:49 +0000 (08:14 +0000)]
Include fixed dates
Mark J. Cox [Wed, 28 May 2008 08:13:18 +0000 (08:13 +0000)]
Update vulnerabilities page
Mark J. Cox [Wed, 28 May 2008 08:07:26 +0000 (08:07 +0000)]
Various != Two really.
Mark J. Cox [Wed, 28 May 2008 08:04:52 +0000 (08:04 +0000)]
Changes to the site for 0.9.8h release
Lutz Jänicke [Tue, 6 May 2008 07:48:05 +0000 (07:48 +0000)]
Put additional web resources under CVS control
Lutz Jänicke [Tue, 6 May 2008 07:46:34 +0000 (07:46 +0000)]
CVS ingore .zip files like .gz
Lutz Jänicke [Tue, 6 May 2008 07:45:31 +0000 (07:45 +0000)]
Ignore ".sig" files like ".asc"
Lutz Jänicke [Tue, 6 May 2008 07:42:49 +0000 (07:42 +0000)]
Update handling of file types
Lutz Jänicke [Mon, 7 Apr 2008 06:27:17 +0000 (06:27 +0000)]
Install redirection for obsolete page. The information may still be
mentioned in README files of old releases.
Mark J. Cox [Thu, 28 Feb 2008 13:28:30 +0000 (13:28 +0000)]
Ryo Okumura noted that the fix for CVE-2007-5135 was committed after 0.9.7m
and therefore the advisory was incorrect. Fixed advisory.
Dr. Stephen Henson [Tue, 5 Feb 2008 01:04:56 +0000 (01:04 +0000)]
Add mirror site.
openssl [Fri, 30 Nov 2007 17:40:44 +0000 (17:40 +0000)]
Typo.
Dr. Stephen Henson [Fri, 30 Nov 2007 17:39:27 +0000 (17:39 +0000)]
Document anonymous over ssh CVS access.
openssl [Thu, 29 Nov 2007 19:20:14 +0000 (19:20 +0000)]
PRNG patches.
Dr. Stephen Henson [Thu, 29 Nov 2007 19:18:54 +0000 (19:18 +0000)]
FIPS 1.1.1 PRNG security issue.
Lutz Jänicke [Fri, 19 Oct 2007 08:43:11 +0000 (08:43 +0000)]
Announce release of 0.9.8g
Mark J. Cox [Fri, 12 Oct 2007 10:55:37 +0000 (10:55 +0000)]
make sure we mention security fixes
Ben Laurie [Fri, 12 Oct 2007 10:53:42 +0000 (10:53 +0000)]
Security advisory.
Ben Laurie [Fri, 12 Oct 2007 10:49:03 +0000 (10:49 +0000)]
Update.
Ben Laurie [Thu, 11 Oct 2007 18:33:39 +0000 (18:33 +0000)]
Release cockup.
Ben Laurie [Thu, 11 Oct 2007 16:28:24 +0000 (16:28 +0000)]
Update for 0.9.8f.
Mark J. Cox [Thu, 2 Aug 2007 09:35:48 +0000 (09:35 +0000)]
Rather than point to svn where we have to have a couple of entries,
use the cumulative 0.9.8 patch from Andy Polyakov
Dr. Stephen Henson [Tue, 13 Mar 2007 13:20:00 +0000 (13:20 +0000)]
Update links.
Dr. Stephen Henson [Fri, 23 Feb 2007 13:43:30 +0000 (13:43 +0000)]
Make table wider, update current version.
Dr. Stephen Henson [Fri, 23 Feb 2007 13:03:28 +0000 (13:03 +0000)]
Update website.
Richard Levitte [Mon, 5 Feb 2007 17:17:46 +0000 (17:17 +0000)]
Change the DelphiImport link on request. Note that there doesn't seem to be a link to MySSL...
Lutz Jänicke [Thu, 1 Feb 2007 11:14:10 +0000 (11:14 +0000)]
Updated links.
Richard Levitte [Wed, 27 Dec 2006 18:14:18 +0000 (18:14 +0000)]
Add LSM-PKCS11
Nils Larsch [Thu, 5 Oct 2006 06:30:27 +0000 (06:30 +0000)]
remove dead link
Mark J. Cox [Thu, 28 Sep 2006 12:36:03 +0000 (12:36 +0000)]
Update vulnerability database
Mark J. Cox [Thu, 28 Sep 2006 12:25:50 +0000 (12:25 +0000)]
Changes to the site for 0.9.8d and 0.9.7l releases
Mark J. Cox [Wed, 6 Sep 2006 08:40:56 +0000 (08:40 +0000)]
From: Bodo Moeller <bmoeller@acm.org>
The rsa_eay.c change (which, as Colin observed, isn't functional
anyway) should be completely omitted from the new patch at
http://www.openssl.org/news/patch-CVE-2006-4339.txt
This means that the changes to rsa.h and rsa_err.c become obsolete
as well, so only the rsa_sign.c change remains.
Mark J. Cox [Tue, 5 Sep 2006 15:57:07 +0000 (15:57 +0000)]
Update patch so it also works against 0.9.6; thanks to Tomas Mraz of Red Hat
Mark J. Cox [Tue, 5 Sep 2006 15:47:17 +0000 (15:47 +0000)]
A few people have been unable to find this reference, no point hiding it.
Mark J. Cox [Tue, 5 Sep 2006 10:56:15 +0000 (10:56 +0000)]
Note this actually doesn't work on the 0.9.6 branch
Mark J. Cox [Tue, 5 Sep 2006 09:34:44 +0000 (09:34 +0000)]
Also fix up announce.txt for sending out
Mark J. Cox [Tue, 5 Sep 2006 09:24:34 +0000 (09:24 +0000)]
Current source to highlight is 0.9.8c
Mark J. Cox [Tue, 5 Sep 2006 09:21:17 +0000 (09:21 +0000)]
Third time lucky? Fix title of advisory
Mark J. Cox [Tue, 5 Sep 2006 09:20:21 +0000 (09:20 +0000)]
Fix newsflash
Mark J. Cox [Tue, 5 Sep 2006 09:19:22 +0000 (09:19 +0000)]
Updates for website for new releases
Mark J. Cox [Tue, 5 Sep 2006 09:16:01 +0000 (09:16 +0000)]
Clearsign the patch
Mark J. Cox [Tue, 5 Sep 2006 09:14:36 +0000 (09:14 +0000)]
Fix the advice which I badly c&p
Mark J. Cox [Tue, 5 Sep 2006 09:12:46 +0000 (09:12 +0000)]
Remember to fill in the MD5/SHA1
Mark J. Cox [Tue, 5 Sep 2006 09:09:34 +0000 (09:09 +0000)]
Add advisory, patch, and vulndb update
openssl [Wed, 26 Jul 2006 19:48:07 +0000 (19:48 +0000)]
Correction.
openssl [Wed, 26 Jul 2006 17:44:03 +0000 (17:44 +0000)]
Make FIPS area of website visible.
Dr. Stephen Henson [Thu, 4 May 2006 14:28:22 +0000 (14:28 +0000)]
More accurate newsflash.txt
Dr. Stephen Henson [Thu, 4 May 2006 14:14:39 +0000 (14:14 +0000)]
Update website files for new release.
Dr. Stephen Henson [Sun, 23 Apr 2006 00:40:28 +0000 (00:40 +0000)]
Add SUN PKCS#11 patch to contrib.
Dr. Stephen Henson [Thu, 30 Mar 2006 01:07:25 +0000 (01:07 +0000)]
New mirror.
Bodo Möller [Sat, 25 Mar 2006 17:06:12 +0000 (17:06 +0000)]
update location
openssl [Thu, 23 Mar 2006 21:01:02 +0000 (21:01 +0000)]
Update index to pick up capitalized OpenSSL tarball.
Dr. Stephen Henson [Thu, 23 Mar 2006 19:22:18 +0000 (19:22 +0000)]
List all files of form openssl-*.tar.gz
Dr. Stephen Henson [Tue, 7 Mar 2006 01:25:33 +0000 (01:25 +0000)]
Add a couple of new mirrors
Nils Larsch [Tue, 31 Jan 2006 21:38:06 +0000 (21:38 +0000)]
add two mirrors; thanks to Ralf Uhlemann <ralf@realhost.de>
Mark J. Cox [Wed, 19 Oct 2005 10:46:16 +0000 (10:46 +0000)]
CAN to CVE one time renumbering
Mark J. Cox [Sun, 16 Oct 2005 20:31:51 +0000 (20:31 +0000)]
Just fix the date
Richard Levitte [Fri, 14 Oct 2005 22:45:18 +0000 (22:45 +0000)]
Announce the release of 0.9.7i
Mark J. Cox [Tue, 11 Oct 2005 15:02:07 +0000 (15:02 +0000)]
Fix "affects" versions
Mark J. Cox [Tue, 11 Oct 2005 11:19:31 +0000 (11:19 +0000)]
Commit SHA1 update to correct file!
Mark J. Cox [Tue, 11 Oct 2005 11:15:28 +0000 (11:15 +0000)]
Make the SHA1 appear at /source/
Mark J. Cox [Tue, 11 Oct 2005 11:13:55 +0000 (11:13 +0000)]
We started listing a sha1 file
Mark J. Cox [Tue, 11 Oct 2005 10:56:13 +0000 (10:56 +0000)]
Use lynx -dump to generate a quick announce.txt
Mark J. Cox [Tue, 11 Oct 2005 10:47:22 +0000 (10:47 +0000)]
Web site updates for 0.9.8a and 0.9.7h release and CAN-2005-2969
security advisory
Richard Levitte [Tue, 26 Jul 2005 11:31:16 +0000 (11:31 +0000)]
I now use richard@levitte.org
Richard Levitte [Tue, 5 Jul 2005 19:35:30 +0000 (19:35 +0000)]
Update the web files for the release of OpenSSL 0.9.8.
Richard Levitte [Tue, 21 Jun 2005 06:19:45 +0000 (06:19 +0000)]
The beta6 announcement
Richard Levitte [Tue, 21 Jun 2005 06:07:25 +0000 (06:07 +0000)]
Release 0.9.8-beta6
Richard Levitte [Mon, 20 Jun 2005 05:14:11 +0000 (05:14 +0000)]
Reschedule.
Richard Levitte [Mon, 13 Jun 2005 04:10:19 +0000 (04:10 +0000)]
New beta announcement
Richard Levitte [Mon, 13 Jun 2005 03:55:47 +0000 (03:55 +0000)]
Release beta5
Bodo Möller [Mon, 6 Jun 2005 22:41:27 +0000 (22:41 +0000)]
Restore alphabetical order of names
Richard Levitte [Mon, 6 Jun 2005 01:18:53 +0000 (01:18 +0000)]
Forgot one place to change 3 to 4
Richard Levitte [Mon, 6 Jun 2005 01:08:15 +0000 (01:08 +0000)]
New announcement
Richard Levitte [Mon, 6 Jun 2005 00:58:12 +0000 (00:58 +0000)]
Release 0.9.8 beta 4.
Richard Levitte [Sun, 5 Jun 2005 23:47:02 +0000 (23:47 +0000)]
Commit contributions I had lying around, as well as the new netwarepatch-0.9.7g.diff.gz
Mark J. Cox [Sun, 5 Jun 2005 09:20:07 +0000 (09:20 +0000)]
Finally figure out where the subnavigation bar is, and add the vulnerabilities
page. I'd actually quite like a main navigation "Security" option that states
how people should contact us about flaws we've found, list the various FIPS
things, list details of the audits that have been performed and by who and so
on. Maybe next month.
Mark J. Cox [Sun, 5 Jun 2005 09:14:12 +0000 (09:14 +0000)]
Remember to generate the wml for the site
Mark J. Cox [Sun, 5 Jun 2005 09:13:38 +0000 (09:13 +0000)]
Joe Orton noticed some of the dates were wrong; what comes of having
advisories for exactly the same date on two years. Also there were
a number of flaws between 0.9.6 and 0.9.6a that didn't get CVE names
yet, so we move the starting date to 0.9.6a until we've got those ones
sorted out
Mark J. Cox [Tue, 31 May 2005 21:48:07 +0000 (21:48 +0000)]
Fix typo
Mark J. Cox [Tue, 31 May 2005 21:42:48 +0000 (21:42 +0000)]
Add the vulnerabilities database to the site; but don't link it in
yet until it's working totally. To change or add a vulnerability you
exit vulnerabilities.xml then run an xslt processor on that file with
the vulnerabilities.xsl stylesheet and out will pop vulnerabilities.wml
that the website knows how to process. For now we make the user who
commits the change do this, and also commit in the wml file. We could
probably do this at make time with some perl, but the openssl site
doesn't have all the dependancies needed for XML::XSLT yet.
Although a lot of this information is in our changes file and in news
items on the site there isn't a single place where you can get a
complete overview of the vulnerabilities. A CSO I was speaking too
this month was suprised by how few issues there had been and thought
there were many more serious issues that had affected OpenSSL, this
page is, unsuprisingly, similar to the Apache httpd vulnerabilities pages
and is based on raw data I've been collecting on vulnerabilities for
Red Hat.
Richard Levitte [Mon, 30 May 2005 23:34:35 +0000 (23:34 +0000)]
Create the announcement for beta 3.
Richard Levitte [Mon, 30 May 2005 23:30:09 +0000 (23:30 +0000)]
Add the newsflash about beta3
Ralf S. Engelschall [Fri, 27 May 2005 19:39:22 +0000 (19:39 +0000)]
test commit after project environment migration
Ralf S. Engelschall [Fri, 27 May 2005 19:27:39 +0000 (19:27 +0000)]
adjust for latest world order
Richard Levitte [Tue, 24 May 2005 04:19:55 +0000 (04:19 +0000)]
The announcement for beta2
Richard Levitte [Tue, 24 May 2005 04:18:58 +0000 (04:18 +0000)]
News: beta2 released
Richard Levitte [Tue, 24 May 2005 03:56:41 +0000 (03:56 +0000)]
Slight adjustment to fit my personal schedule.
Richard Levitte [Thu, 19 May 2005 23:35:23 +0000 (23:35 +0000)]
Wrong year *blush*
Richard Levitte [Thu, 19 May 2005 20:08:20 +0000 (20:08 +0000)]
Add beta announcement text for 0.9.8-beta1.
Richard Levitte [Thu, 19 May 2005 19:55:42 +0000 (19:55 +0000)]
Add newflash about 0.9.8-beta1.
Richard Levitte [Wed, 18 May 2005 04:19:35 +0000 (04:19 +0000)]
I slipped. That means the schedule has been changed, again.
Richard Levitte [Sun, 8 May 2005 18:55:42 +0000 (18:55 +0000)]
We need to push it yet another week. I hope this will be the last
time we have to push...
Richard Levitte [Thu, 5 May 2005 06:30:22 +0000 (06:30 +0000)]
Change to my current PGP id.
Richard Levitte [Mon, 2 May 2005 04:31:52 +0000 (04:31 +0000)]
Move the release plan by one week. Reasons:
- pqueue needs some kind of rework, as BN_[U]LLONG isn't supported
everywhere.
- some things from 0.9.7 still need to be ported.
- Nils Larsch has a few changes that need to go into bn_nist.c.