[openssl-commits] [web] master update
Rich Salz
rsalz at openssl.org
Sat Aug 15 17:08:33 UTC 2015
The branch master has been updated
via e42ef50e5b67be76e0a2e0b14d3ec85fdc88d7ec (commit)
from 7054f23464d7f9062cd62034f4e91e346ddfd4f6 (commit)
- Log -----------------------------------------------------------------
commit e42ef50e5b67be76e0a2e0b14d3ec85fdc88d7ec
Author: Rich Salz <rsalz at akamai.com>
Date: Sat Aug 15 13:07:34 2015 -0400
FLIP THE SWITCH
First commit of the new website. Things probably broke. Now to
start fixing.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 31 +-
.htaccess | 3 -
.wmkrc | 1 -
.wmlrc | 11 -
.wmlsnb | 13 -
Makefile | 121 +-
README | 12 -
about/.wmlrc | 10 -
about/.wmlsnb | 16 -
about/binaries.wml | 36 -
about/contacts.wml | 102 --
about/credits.wml | 53 -
about/index.wml | 106 --
about/openssl-contact.wml | 22 -
about/releasestrat.wml | 67 -
about/roadmap.wml | 364 -----
about/secpolicy.wml | 167 ---
bin/mk-changelog | 48 +
run-faq.pl => bin/mk-faq | 96 +-
bin/mk-filelist | 52 +
bin/mk-sitemap | 40 +
bin/vulnerabilities.xsl | 141 ++
community/binaries.html | 67 +
community/contacts.html | 107 ++
community/index.html | 91 ++
community/mailinglists.html | 100 ++
community/sidebar.inc | 32 +
community/team.html | 174 +++
community/thanks.html | 75 +
docs/.gitignore | 3 -
docs/.wmlrc | 10 -
docs/.wmlsnb | 15 -
docs/HOWTO/.gitignore | 1 -
docs/faq.html | 31 +
docs/fips.html | 65 +
docs/fips/SecurityPolicy-1.1.1.pdf | Bin 0 -> 1395381 bytes
docs/fips/SecurityPolicy-1.1.2.pdf | Bin 0 -> 429420 bytes
docs/fips/SecurityPolicy-1.2.2.pdf | Bin 0 -> 645167 bytes
docs/fips/SecurityPolicy-1.2.3.pdf | Bin 0 -> 399521 bytes
docs/fips/SecurityPolicy-1.2.4.pdf | Bin 0 -> 399888 bytes
docs/fips/SecurityPolicy-1.2.pdf | Bin 0 -> 860211 bytes
docs/fips/SecurityPolicy-2.0.1.pdf | Bin 0 -> 453385 bytes
docs/fips/SecurityPolicy-2.0.2.pdf | Bin 0 -> 450201 bytes
docs/fips/SecurityPolicy-2.0.3.pdf | Bin 0 -> 462896 bytes
docs/fips/SecurityPolicy-2.0.4.pdf | Bin 0 -> 464520 bytes
docs/fips/SecurityPolicy-2.0.5.pdf | Bin 0 -> 467374 bytes
docs/fips/SecurityPolicy-2.0.6.pdf | Bin 0 -> 509654 bytes
docs/fips/SecurityPolicy-2.0.7.pdf | Bin 0 -> 517313 bytes
docs/fips/SecurityPolicy-2.0.8.pdf | Bin 0 -> 520606 bytes
docs/fips/SecurityPolicy-2.0.9.odt | Bin 0 -> 812096 bytes
docs/fips/SecurityPolicy-2.0.9.pdf | Bin 0 -> 525392 bytes
docs/fips/SecurityPolicy-2.0.pdf | Bin 0 -> 525392 bytes
docs/fips/UserGuide-1.1.1.pdf | Bin 0 -> 681420 bytes
docs/fips/UserGuide-1.2.pdf | Bin 0 -> 925694 bytes
docs/fips/UserGuide-2.0.pdf | Bin 0 -> 1842937 bytes
docs/fips/UserGuide.pdf | Bin 0 -> 223576 bytes
docs/fips/fips-2.0-tv.tar.gz | Bin 0 -> 82787660 bytes
docs/fips/fipsnotes.wml | 115 --
docs/fips/fipsvalidation.wml | 164 --
docs/fips/incore.gz | Bin 0 -> 1936 bytes
docs/fips/index.wml | 24 -
docs/fips/privatelabel.html | 133 ++
docs/fips/privatelabel.wml | 98 --
docs/fips/rsp.HP-UX.2005-07-01.tar.gz | Bin 0 -> 5660011 bytes
docs/fips/rsp.SuSE.2005-06-30.tar.gz | Bin 0 -> 5699128 bytes
docs/fips/rsp.SuSE.2005-07-01.tar.gz | Bin 0 -> 5700115 bytes
...-09.zip => testvectors-linux-2007-10-10.tar.gz} | Bin 9112982 -> 8947798 bytes
docs/fips/testvectors.HP-UX.tar.gz | Bin 0 -> 4149860 bytes
docs/fips/testvectors.SuSE.tar.gz | Bin 0 -> 4249118 bytes
docs/fipsnotes.html | 133 ++
docs/fipsvalidation.html | 121 ++
docs/index.html | 51 +
docs/index.wml | 54 -
docs/sidebar.inc | 15 +
images/page-corner-bl.gif | Bin 143 -> 0 bytes
images/page-corner-br.gif | Bin 144 -> 0 bytes
images/page-corner-tr.gif | Bin 146 -> 0 bytes
images/page-head-bl.jpg | Bin 653 -> 0 bytes
images/page-head-bm.jpg | Bin 608 -> 0 bytes
images/page-head-tl.jpg | Bin 2991 -> 0 bytes
images/page-head-tm.jpg | Bin 6546 -> 0 bytes
images/page-navbar-ab-n.jpg | Bin 887 -> 0 bytes
images/page-navbar-ab-s.jpg | Bin 1035 -> 0 bytes
images/page-navbar-bot.jpg | Bin 642 -> 0 bytes
images/page-navbar-do-n.jpg | Bin 1138 -> 0 bytes
images/page-navbar-do-s.jpg | Bin 1313 -> 0 bytes
images/page-navbar-fq-n.jpg | Bin 1242 -> 0 bytes
images/page-navbar-fq-s.jpg | Bin 1336 -> 0 bytes
images/page-navbar-ne-n.jpg | Bin 865 -> 0 bytes
images/page-navbar-ne-s.jpg | Bin 993 -> 0 bytes
images/page-navbar-re-n.jpg | Bin 965 -> 0 bytes
images/page-navbar-re-s.jpg | Bin 1135 -> 0 bytes
images/page-navbar-se-n.jpg | Bin 1571 -> 0 bytes
images/page-navbar-se-s.jpg | Bin 1650 -> 0 bytes
images/page-navbar-so-n.jpg | Bin 934 -> 0 bytes
images/page-navbar-so-s.jpg | Bin 1076 -> 0 bytes
images/page-navbar-su-n.jpg | Bin 1002 -> 0 bytes
images/page-navbar-su-s.jpg | Bin 1165 -> 0 bytes
images/page-navbar-ti-n.jpg | Bin 810 -> 0 bytes
images/page-navbar-ti-s.jpg | Bin 931 -> 0 bytes
images/page-navbar-top.jpg | Bin 622 -> 0 bytes
{images => img}/DHS-logo-med.jpg | Bin
{images => img}/acano-logo.jpg | Bin
{images => img}/akamai-logo-med.png | Bin
{images => img}/cerberus-logo-med.jpg | Bin
{images => img}/cii-logo-med.png | Bin
{images => img}/citrix-logo-med.jpg | Bin
{images => img}/globalsign-logo-med.jpg | Bin
{images => img}/huawei-logo-med.jpg | Bin
{images => img}/innominate-logo-med.jpg | Bin
{images => img}/lf-logo-med.png | Bin
{images => img}/milton-logo-med.jpg | Bin
{images => img}/nokia-logo-med.jpg | Bin
{images => img}/opengear-logo-med.jpg | Bin
{images => img}/oracle-logo-med.jpg | Bin
{images => img}/pkware-logo-med.jpg | Bin
{images => img}/psw-logo-med.jpg | Bin
{images => img}/psw-logo.gif | Bin
{images => img}/qualsys-logo-med.jpg | Bin
{images => img}/quintessence-logo-med.jpg | Bin
{images => img}/smartisan-logo-med.png | Bin
support/UnionPay.jpg => img/unionpay.jpg | Bin
img/up.gif | Bin 0 -> 76 bytes
inc/README | 1 +
inc/banner.inc | 33 +
inc/footer.inc | 7 +
inc/head.inc | 25 +
inc/legalities.inc | 21 +
inc/libs/jquery.min.js | 5 +
inc/modernizr-2.0.js | 5 +
inc/octopress.js | 78 +
inc/screen.css | 1569 ++++++++++++++++++++
index.html | 56 +
index.wml | 38 -
news/.wmlrc | 10 -
news/.wmlsnb | 12 -
news/announce-098.txt | 43 -
news/announce-100.txt | 44 -
news/announce-beta.txt | 62 -
news/announce.txt | 44 -
news/changelog.html | 36 +
news/changelog.wml | 15 -
news/index.html | 46 +
news/index.wml | 14 -
news/internet.wml | 46 -
news/news.wml | 22 -
news/newsflash.txt | 445 +++---
news/newslog.html | 33 +
news/notice_20120425.txt | 14 -
news/openssl-0.9.8-notes.wml | 4 -
news/openssl-1.0.0-notes.wml | 4 -
news/openssl-1.0.1-notes.wml | 5 -
news/openssl-1.0.2-notes.wml | 4 -
news/openssl-notes.wml | 20 -
news/openssl-old-notes.wml | 25 -
news/patch-CAN-2005-2969.txt | 13 -
news/patch-CVE-2006-4339.txt | 53 -
news/patch-CVE-2007-3108.txt | 126 --
news/patch-CVE-2007-5502-1.txt | 20 -
news/patch-CVE-2007-5502-2.txt | 29 -
news/patch_20020730_0_9_6d.txt | 518 -------
news/patch_20020730_0_9_7.txt | 665 ---------
news/pgpkey.html | 37 +
news/{secadv_20020730.txt => secadv/20020730.txt} | 0
news/{secadv_20030219.txt => secadv/20030219.txt} | 0
news/{secadv_20030317.txt => secadv/20030317.txt} | 0
news/{secadv_20030319.txt => secadv/20030319.txt} | 0
news/{secadv_20030930.txt => secadv/20030930.txt} | 0
news/{secadv_20031104.txt => secadv/20031104.txt} | 0
news/{secadv_20040317.txt => secadv/20040317.txt} | 0
news/{secadv_20051011.txt => secadv/20051011.txt} | 0
news/{secadv_20060905.txt => secadv/20060905.txt} | 0
news/{secadv_20060928.txt => secadv/20060928.txt} | 0
news/{secadv_20071012.txt => secadv/20071012.txt} | 0
news/{secadv_20071129.txt => secadv/20071129.txt} | 0
news/{secadv_20080528.txt => secadv/20080528.txt} | 0
news/{secadv_20090107.txt => secadv/20090107.txt} | 0
news/{secadv_20090325.txt => secadv/20090325.txt} | 0
news/{secadv_20091111.txt => secadv/20091111.txt} | 0
news/{secadv_20100324.txt => secadv/20100324.txt} | 0
news/{secadv_20100601.txt => secadv/20100601.txt} | 0
.../20101116-2.txt} | 0
news/{secadv_20101116.txt => secadv/20101116.txt} | 0
news/{secadv_20101202.txt => secadv/20101202.txt} | 0
news/{secadv_20110208.txt => secadv/20110208.txt} | 0
news/{secadv_20110906.txt => secadv/20110906.txt} | 0
news/{secadv_20120104.txt => secadv/20120104.txt} | 0
news/{secadv_20120118.txt => secadv/20120118.txt} | 0
news/{secadv_20120312.txt => secadv/20120312.txt} | 0
news/{secadv_20120419.txt => secadv/20120419.txt} | 0
news/{secadv_20120424.txt => secadv/20120424.txt} | 0
news/{secadv_20120510.txt => secadv/20120510.txt} | 0
news/{secadv_20130204.txt => secadv/20130204.txt} | 0
news/{secadv_20130205.txt => secadv/20130205.txt} | 0
news/{secadv_20140407.txt => secadv/20140407.txt} | 0
news/{secadv_20140605.txt => secadv/20140605.txt} | 0
news/{secadv_20140806.txt => secadv/20140806.txt} | 0
news/{secadv_20141015.txt => secadv/20141015.txt} | 0
news/{secadv_20150108.txt => secadv/20150108.txt} | 0
news/{secadv_20150319.txt => secadv/20150319.txt} | 0
news/{secadv_20150611.txt => secadv/20150611.txt} | 0
news/{secadv_20150709.txt => secadv/20150709.txt} | 0
news/{secadv_hack.txt => secadv/hack.txt} | 0
news/{secadv_prng.txt => secadv/prng.txt} | 0
news/sidebar.inc | 18 +
news/state.wml | 31 -
news/vulnerabilities.xml | 196 +--
news/vulnerabilities.xsl | 129 --
news/vulnerabilitiesdates.xsl | 54 -
openssl.wml | 603 --------
{about => policies}/buglist.txt | 0
policies/cla.html | 80 +
policies/codingstyle.html | 40 +
{about => policies}/codingstyle.txt | 0
policies/index.html | 65 +
{licenses => policies}/openssl_ccla.pdf | Bin
{licenses => policies}/openssl_icla.pdf | Bin
policies/releasestrat.html | 106 ++
policies/roadmap.html | 421 ++++++
policies/secpolicy.html | 201 +++
policies/sidebar.inc | 24 +
{about => policies}/ticket-activity.png | Bin
run-changelog.pl | 15 -
run-fundingfaq.pl | 97 --
sidebar.inc | 31 +
source/.gitignore | 7 -
source/.wmlrc | 10 -
source/.wmlsnb | 12 -
source/gitrepo.html | 76 +
source/index.current | 2 -
source/index.html | 69 +
source/index.wml | 34 -
source/license.html | 38 +
source/license.wml | 12 -
source/mirror.html | 74 +
source/mirror.wml | 20 -
source/old/0.9.x/index.html | 31 +
source/old/0.9.x/index.wml | 16 -
source/old/1.0.0/index.html | 31 +
source/old/1.0.0/index.wml | 16 -
source/old/1.0.1/index.html | 31 +
source/old/1.0.1/index.wml | 16 -
source/old/1.0.2/index.html | 31 +
source/old/1.0.2/index.wml | 16 -
source/old/fips/index.html | 31 +
source/old/fips/index.wml | 16 -
source/old/index.html | 37 +
source/old/index.wml | 17 -
source/repos.wml | 87 --
source/sidebar.inc | 18 +
support/.wmlrc | 10 -
support/.wmlsnb | 14 -
support/acknowledgments.wml | 192 ---
support/acks.html | 75 +
support/community.wml | 91 --
support/consulting.wml | 68 -
support/contracts.html | 168 +++
support/{donations-cn.wml => donations-cn.html} | 2 +-
support/donations.html | 88 ++
support/donations.wml | 106 --
support/faq.wml | 8 -
support/funding/contract.wml | 37 -
support/funding/support-basic.wml | 22 -
support/funding/support-contact.wml | 19 -
support/funding/support-definitions.wml | 24 -
support/funding/support-faq.txt | 229 ---
support/funding/support-faq.wml | 7 -
support/funding/support-incident.wml | 10 -
support/funding/support-premium.wml | 30 -
support/funding/support-vendor.wml | 24 -
support/funding/wishlist.wml | 20 -
support/index.html | 45 +
support/index.wml | 28 -
support/majordomo.wml | 8 -
support/other.wml | 36 -
support/rt.wml | 55 -
support/sidebar.inc | 18 +
template-file.html | 31 +
278 files changed, 5785 insertions(+), 5977 deletions(-)
delete mode 100644 .wmkrc
delete mode 100644 .wmlrc
delete mode 100644 .wmlsnb
delete mode 100644 README
delete mode 100644 about/.wmlrc
delete mode 100644 about/.wmlsnb
delete mode 100644 about/binaries.wml
delete mode 100644 about/contacts.wml
delete mode 100644 about/credits.wml
delete mode 100644 about/index.wml
delete mode 100644 about/openssl-contact.wml
delete mode 100644 about/releasestrat.wml
delete mode 100644 about/roadmap.wml
delete mode 100644 about/secpolicy.wml
create mode 100755 bin/mk-changelog
rename run-faq.pl => bin/mk-faq (52%)
create mode 100755 bin/mk-filelist
create mode 100755 bin/mk-sitemap
create mode 100644 bin/vulnerabilities.xsl
create mode 100644 community/binaries.html
create mode 100644 community/contacts.html
create mode 100644 community/index.html
create mode 100644 community/mailinglists.html
create mode 100644 community/sidebar.inc
create mode 100644 community/team.html
create mode 100644 community/thanks.html
delete mode 100644 docs/.gitignore
delete mode 100644 docs/.wmlrc
delete mode 100644 docs/.wmlsnb
delete mode 100644 docs/HOWTO/.gitignore
create mode 100644 docs/faq.html
create mode 100644 docs/fips.html
create mode 100644 docs/fips/SecurityPolicy-1.1.1.pdf
create mode 100644 docs/fips/SecurityPolicy-1.1.2.pdf
create mode 100644 docs/fips/SecurityPolicy-1.2.2.pdf
create mode 100644 docs/fips/SecurityPolicy-1.2.3.pdf
create mode 100644 docs/fips/SecurityPolicy-1.2.4.pdf
create mode 100644 docs/fips/SecurityPolicy-1.2.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.1.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.2.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.3.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.4.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.5.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.6.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.7.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.8.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.9.odt
create mode 100644 docs/fips/SecurityPolicy-2.0.9.pdf
create mode 100644 docs/fips/SecurityPolicy-2.0.pdf
create mode 100644 docs/fips/UserGuide-1.1.1.pdf
create mode 100644 docs/fips/UserGuide-1.2.pdf
create mode 100644 docs/fips/UserGuide-2.0.pdf
create mode 100644 docs/fips/UserGuide.pdf
create mode 100644 docs/fips/fips-2.0-tv.tar.gz
delete mode 100644 docs/fips/fipsnotes.wml
delete mode 100644 docs/fips/fipsvalidation.wml
create mode 100644 docs/fips/incore.gz
delete mode 100644 docs/fips/index.wml
create mode 100644 docs/fips/privatelabel.html
delete mode 100644 docs/fips/privatelabel.wml
create mode 100644 docs/fips/rsp.HP-UX.2005-07-01.tar.gz
create mode 100644 docs/fips/rsp.SuSE.2005-06-30.tar.gz
create mode 100644 docs/fips/rsp.SuSE.2005-07-01.tar.gz
copy docs/fips/{testvectors-XP-2007-10-09.zip => testvectors-linux-2007-10-10.tar.gz} (52%)
create mode 100644 docs/fips/testvectors.HP-UX.tar.gz
create mode 100644 docs/fips/testvectors.SuSE.tar.gz
create mode 100644 docs/fipsnotes.html
create mode 100644 docs/fipsvalidation.html
create mode 100644 docs/index.html
delete mode 100644 docs/index.wml
create mode 100644 docs/sidebar.inc
delete mode 100644 images/page-corner-bl.gif
delete mode 100644 images/page-corner-br.gif
delete mode 100644 images/page-corner-tr.gif
delete mode 100644 images/page-head-bl.jpg
delete mode 100644 images/page-head-bm.jpg
delete mode 100644 images/page-head-tl.jpg
delete mode 100644 images/page-head-tm.jpg
delete mode 100644 images/page-navbar-ab-n.jpg
delete mode 100644 images/page-navbar-ab-s.jpg
delete mode 100644 images/page-navbar-bot.jpg
delete mode 100644 images/page-navbar-do-n.jpg
delete mode 100644 images/page-navbar-do-s.jpg
delete mode 100755 images/page-navbar-fq-n.jpg
delete mode 100755 images/page-navbar-fq-s.jpg
delete mode 100644 images/page-navbar-ne-n.jpg
delete mode 100644 images/page-navbar-ne-s.jpg
delete mode 100644 images/page-navbar-re-n.jpg
delete mode 100644 images/page-navbar-re-s.jpg
delete mode 100644 images/page-navbar-se-n.jpg
delete mode 100644 images/page-navbar-se-s.jpg
delete mode 100644 images/page-navbar-so-n.jpg
delete mode 100644 images/page-navbar-so-s.jpg
delete mode 100644 images/page-navbar-su-n.jpg
delete mode 100644 images/page-navbar-su-s.jpg
delete mode 100644 images/page-navbar-ti-n.jpg
delete mode 100644 images/page-navbar-ti-s.jpg
delete mode 100644 images/page-navbar-top.jpg
rename {images => img}/DHS-logo-med.jpg (100%)
rename {images => img}/acano-logo.jpg (100%)
rename {images => img}/akamai-logo-med.png (100%)
rename {images => img}/cerberus-logo-med.jpg (100%)
rename {images => img}/cii-logo-med.png (100%)
rename {images => img}/citrix-logo-med.jpg (100%)
rename {images => img}/globalsign-logo-med.jpg (100%)
rename {images => img}/huawei-logo-med.jpg (100%)
rename {images => img}/innominate-logo-med.jpg (100%)
rename {images => img}/lf-logo-med.png (100%)
rename {images => img}/milton-logo-med.jpg (100%)
rename {images => img}/nokia-logo-med.jpg (100%)
rename {images => img}/opengear-logo-med.jpg (100%)
rename {images => img}/oracle-logo-med.jpg (100%)
rename {images => img}/pkware-logo-med.jpg (100%)
rename {images => img}/psw-logo-med.jpg (100%)
rename {images => img}/psw-logo.gif (100%)
rename {images => img}/qualsys-logo-med.jpg (100%)
rename {images => img}/quintessence-logo-med.jpg (100%)
rename {images => img}/smartisan-logo-med.png (100%)
rename support/UnionPay.jpg => img/unionpay.jpg (100%)
create mode 100644 img/up.gif
create mode 100644 inc/README
create mode 100644 inc/banner.inc
create mode 100644 inc/footer.inc
create mode 100644 inc/head.inc
create mode 100644 inc/legalities.inc
create mode 100644 inc/libs/jquery.min.js
create mode 100644 inc/modernizr-2.0.js
create mode 100644 inc/octopress.js
create mode 100644 inc/screen.css
create mode 100644 index.html
delete mode 100644 index.wml
delete mode 100644 news/.wmlrc
delete mode 100644 news/.wmlsnb
delete mode 100644 news/announce-098.txt
delete mode 100644 news/announce-100.txt
delete mode 100644 news/announce-beta.txt
delete mode 100644 news/announce.txt
create mode 100644 news/changelog.html
delete mode 100644 news/changelog.wml
create mode 100644 news/index.html
delete mode 100644 news/index.wml
delete mode 100644 news/internet.wml
delete mode 100644 news/news.wml
create mode 100644 news/newslog.html
delete mode 100644 news/notice_20120425.txt
delete mode 100644 news/openssl-0.9.8-notes.wml
delete mode 100644 news/openssl-1.0.0-notes.wml
delete mode 100644 news/openssl-1.0.1-notes.wml
delete mode 100644 news/openssl-1.0.2-notes.wml
delete mode 100644 news/openssl-notes.wml
delete mode 100644 news/openssl-old-notes.wml
delete mode 100644 news/patch-CAN-2005-2969.txt
delete mode 100644 news/patch-CVE-2006-4339.txt
delete mode 100644 news/patch-CVE-2007-3108.txt
delete mode 100644 news/patch-CVE-2007-5502-1.txt
delete mode 100644 news/patch-CVE-2007-5502-2.txt
delete mode 100644 news/patch_20020730_0_9_6d.txt
delete mode 100644 news/patch_20020730_0_9_7.txt
create mode 100644 news/pgpkey.html
rename news/{secadv_20020730.txt => secadv/20020730.txt} (100%)
rename news/{secadv_20030219.txt => secadv/20030219.txt} (100%)
rename news/{secadv_20030317.txt => secadv/20030317.txt} (100%)
rename news/{secadv_20030319.txt => secadv/20030319.txt} (100%)
rename news/{secadv_20030930.txt => secadv/20030930.txt} (100%)
rename news/{secadv_20031104.txt => secadv/20031104.txt} (100%)
rename news/{secadv_20040317.txt => secadv/20040317.txt} (100%)
rename news/{secadv_20051011.txt => secadv/20051011.txt} (100%)
rename news/{secadv_20060905.txt => secadv/20060905.txt} (100%)
rename news/{secadv_20060928.txt => secadv/20060928.txt} (100%)
rename news/{secadv_20071012.txt => secadv/20071012.txt} (100%)
rename news/{secadv_20071129.txt => secadv/20071129.txt} (100%)
rename news/{secadv_20080528.txt => secadv/20080528.txt} (100%)
rename news/{secadv_20090107.txt => secadv/20090107.txt} (100%)
rename news/{secadv_20090325.txt => secadv/20090325.txt} (100%)
rename news/{secadv_20091111.txt => secadv/20091111.txt} (100%)
rename news/{secadv_20100324.txt => secadv/20100324.txt} (100%)
rename news/{secadv_20100601.txt => secadv/20100601.txt} (100%)
rename news/{secadv_20101116-2.txt => secadv/20101116-2.txt} (100%)
rename news/{secadv_20101116.txt => secadv/20101116.txt} (100%)
rename news/{secadv_20101202.txt => secadv/20101202.txt} (100%)
rename news/{secadv_20110208.txt => secadv/20110208.txt} (100%)
rename news/{secadv_20110906.txt => secadv/20110906.txt} (100%)
rename news/{secadv_20120104.txt => secadv/20120104.txt} (100%)
rename news/{secadv_20120118.txt => secadv/20120118.txt} (100%)
rename news/{secadv_20120312.txt => secadv/20120312.txt} (100%)
rename news/{secadv_20120419.txt => secadv/20120419.txt} (100%)
rename news/{secadv_20120424.txt => secadv/20120424.txt} (100%)
rename news/{secadv_20120510.txt => secadv/20120510.txt} (100%)
rename news/{secadv_20130204.txt => secadv/20130204.txt} (100%)
rename news/{secadv_20130205.txt => secadv/20130205.txt} (100%)
rename news/{secadv_20140407.txt => secadv/20140407.txt} (100%)
rename news/{secadv_20140605.txt => secadv/20140605.txt} (100%)
rename news/{secadv_20140806.txt => secadv/20140806.txt} (100%)
rename news/{secadv_20141015.txt => secadv/20141015.txt} (100%)
rename news/{secadv_20150108.txt => secadv/20150108.txt} (100%)
rename news/{secadv_20150319.txt => secadv/20150319.txt} (100%)
rename news/{secadv_20150611.txt => secadv/20150611.txt} (100%)
rename news/{secadv_20150709.txt => secadv/20150709.txt} (100%)
rename news/{secadv_hack.txt => secadv/hack.txt} (100%)
rename news/{secadv_prng.txt => secadv/prng.txt} (100%)
create mode 100644 news/sidebar.inc
delete mode 100644 news/state.wml
delete mode 100644 news/vulnerabilities.xsl
delete mode 100644 news/vulnerabilitiesdates.xsl
delete mode 100644 openssl.wml
rename {about => policies}/buglist.txt (100%)
create mode 100644 policies/cla.html
create mode 100644 policies/codingstyle.html
rename {about => policies}/codingstyle.txt (100%)
create mode 100644 policies/index.html
copy {licenses => policies}/openssl_ccla.pdf (100%)
copy {licenses => policies}/openssl_icla.pdf (100%)
create mode 100644 policies/releasestrat.html
create mode 100644 policies/roadmap.html
create mode 100644 policies/secpolicy.html
create mode 100644 policies/sidebar.inc
rename {about => policies}/ticket-activity.png (100%)
delete mode 100644 run-changelog.pl
delete mode 100755 run-fundingfaq.pl
create mode 100644 sidebar.inc
delete mode 100644 source/.gitignore
delete mode 100644 source/.wmlrc
delete mode 100644 source/.wmlsnb
create mode 100644 source/gitrepo.html
delete mode 100644 source/index.current
create mode 100644 source/index.html
delete mode 100644 source/index.wml
create mode 100644 source/license.html
delete mode 100644 source/license.wml
create mode 100644 source/mirror.html
delete mode 100644 source/mirror.wml
create mode 100644 source/old/0.9.x/index.html
delete mode 100644 source/old/0.9.x/index.wml
create mode 100644 source/old/1.0.0/index.html
delete mode 100644 source/old/1.0.0/index.wml
create mode 100644 source/old/1.0.1/index.html
delete mode 100644 source/old/1.0.1/index.wml
create mode 100644 source/old/1.0.2/index.html
delete mode 100644 source/old/1.0.2/index.wml
create mode 100644 source/old/fips/index.html
delete mode 100644 source/old/fips/index.wml
create mode 100644 source/old/index.html
delete mode 100644 source/old/index.wml
delete mode 100644 source/repos.wml
create mode 100644 source/sidebar.inc
delete mode 100644 support/.wmlrc
delete mode 100644 support/.wmlsnb
delete mode 100644 support/acknowledgments.wml
create mode 100644 support/acks.html
delete mode 100644 support/community.wml
delete mode 100644 support/consulting.wml
create mode 100644 support/contracts.html
rename support/{donations-cn.wml => donations-cn.html} (98%)
create mode 100644 support/donations.html
delete mode 100644 support/donations.wml
delete mode 100644 support/faq.wml
delete mode 100644 support/funding/contract.wml
delete mode 100644 support/funding/support-basic.wml
delete mode 100644 support/funding/support-contact.wml
delete mode 100644 support/funding/support-definitions.wml
delete mode 100644 support/funding/support-faq.txt
delete mode 100644 support/funding/support-faq.wml
delete mode 100644 support/funding/support-incident.wml
delete mode 100644 support/funding/support-premium.wml
delete mode 100644 support/funding/support-vendor.wml
delete mode 100644 support/funding/wishlist.wml
create mode 100644 support/index.html
delete mode 100644 support/index.wml
delete mode 100644 support/majordomo.wml
delete mode 100644 support/other.wml
delete mode 100644 support/rt.wml
create mode 100644 support/sidebar.inc
create mode 100644 template-file.html
diff --git a/.gitignore b/.gitignore
index f6bef20..4e9329d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,20 @@
-*.html
-*.pdf
-*.gz*
-pod2htmd.tmp
-pod2htmi.tmp
-blog
+*.swp
+sitemap.txt
+docs/faq.inc
+docs/faq.txt
+docs/fips.inc
news/changelog.inc
-news/vulnerabilities.wml
-source/license.inc
-support/faq.inc
-support/funding/support-faq.inc
-.ssh
-.cache
+news/changelog.txt
+news/newsflash.inc
+news/vulnerabilities.html
+news/vulnerabilities.inc
+newsflash.inc
+source/index.inc
+source/license.txt
+docs/HOWTO/*.txt
+source/*.gz
+source/*.gz.asc
+source/*.gz.md5
+source/*.gz.sha1
+source/*.tar.gz.sig
+source/*.patch
diff --git a/.htaccess b/.htaccess
index 92b86ae..ac417dd 100644
--- a/.htaccess
+++ b/.htaccess
@@ -4,9 +4,6 @@ RewriteEngine on
Options +ExecCGI +FollowSymLinks
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule related/(.*) /about/$1
-
<Files *.md5>
ForceType application/binary
</Files>
diff --git a/.wmkrc b/.wmkrc
deleted file mode 100644
index b320886..0000000
--- a/.wmkrc
+++ /dev/null
@@ -1 +0,0 @@
--F openssl.wml
diff --git a/.wmlrc b/.wmlrc
deleted file mode 100644
index 31104f3..0000000
--- a/.wmlrc
+++ /dev/null
@@ -1,11 +0,0 @@
-##
-## .wmlrc -- Global WML RC file for www.openssl.org
-##
-
--DROOT~.
--DBASE_URL=http://www.openssl.org
--DBASE_DIR~.
--DIMG~images
--DIMGDOT_BASE~images/misc-space
--I.
-
diff --git a/.wmlsnb b/.wmlsnb
deleted file mode 100644
index b9a20bb..0000000
--- a/.wmlsnb
+++ /dev/null
@@ -1,13 +0,0 @@
-##
-## .wmlsnb -- Sub Navigation Bar Specification for WML
-##
-
-<snb>
-## <snb_button id=general txt="Support OpenSSL" url="">
- <snb_button id=tarballs txt="Download" url="source/">
- <snb_button id=tarballs txt="Blog" url="blog/">
- <snb_button id=sponsors txt="Our Sponsors" url="support/acknowledgments.html">
- <snb_button id=donations txt="Sponsor OpenSSL" url="support/donations.html">
- <snb_button id=security txt="Security" url="news/vulnerabilities.html">
-</snb>
-
diff --git a/Makefile b/Makefile
index ddb9619..1e0ddaa 100644
--- a/Makefile
+++ b/Makefile
@@ -1,45 +1,92 @@
##
-## Makefile -- Top-level build procedure for www.openssl.org
-##
+## Build procedure for www.openssl.org
+
+## Snapshot directory
+SNAP = /var/cache/openssl/checkouts/openssl
+RELEASEDIR = /var/www/openssl/source
-# Used to have a hack with a lockfile.
-# Not needed since this is fast now.
+# All simple generated files.
+SIMPLE = newsflash.inc sitemap.txt \
+ docs/faq.txt docs/faq.inc docs/fips.inc \
+ news/changelog.inc news/changelog.txt \
+ news/newsflash.inc \
+ news/vulnerabilities.inc \
+ source/license.txt \
+ source/index.inc
+SRCLISTS = source/old/index.inc \
+ source/old/0.9.x/index.inc \
+ source/old/1.0.0/index.inc \
+ source/old/1.0.1/index.inc \
+ source/old/1.0.2/index.inc \
+ source/old/fips/index.inc \
-SNAP=/var/cache/openssl/checkouts/openssl
-PODSHOME=$(SNAP)/doc
+all: $(SIMPLE) $(SRCLISTS)
-FORCE=#-f
-QUIET=--quiet
+# Legacy targets
+simple: all
+generated: all
+manpages: all
+rebuild: all
+relupd: all
-DIRS= about docs news source support
+# To be fixed.
+hack-source_htaccess:
+ exit 1;
-all: generated simple manpages
+clean:
+ rm -f $(SIMPLE)
-generated:
- cp -f $(SNAP)/LICENSE source/license.inc
- cp -f $(PODSHOME)/HOWTO/*.txt docs/HOWTO/.
- perl run-changelog.pl <$(SNAP)/CHANGES >news/changelog.inc
- perl run-faq.pl <$(SNAP)/FAQ >support/faq.inc
- perl run-fundingfaq.pl < support/funding/support-faq.txt >support/funding/support-faq.inc
- ( cd news && xsltproc vulnerabilities.xsl vulnerabilities.xml > vulnerabilities.wml )
+newsflash.inc: news/newsflash.inc
+ @rm -f $@
+ head -6 $? >$@
+sitemap.txt:
+ @rm -f $@
+ ./bin/mk-sitemap >$@
-simple: rebuild hack-source_htaccess
-rebuild:
- wmk $(FORCE) -I $(SNAP) -a $(DIRS) index.wml
-hack-source_htaccess:
- ( cd source && wml -o .htaccess .htaccess.wml )
-
-manpages:
- sh ./run-pod2html.sh $(PODSHOME)
-
-# Update release notes (and other items, but relnotes is the use-case)
-relupd:
- if [ "`id -un`" != openssl; then \
- echo "**** you must do 'sudo -u openssl -H bash'"; \
- exit 1; \
- fi
- cd $(SNAP)/.. ; for dir in openssl* ; do \
- echo Updating $$dir ; ( cd $$dir ; git pull $(QUIET) ) ; \
- done
- git pull $(QUIET)
- $(MAKE) generated simple
+news/changelog.inc: news/changelog.txt bin/mk-changelog
+ @rm -f $@
+ ./bin/mk-changelog <news/changelog.txt >$@
+news/changelog.txt: $(SNAP)/CHANGES
+ @rm -f $@
+ cp $? $@
+news/newsflash.inc: news/newsflash.txt
+ sed <$? >$@ \
+ -e 's@^@<tr><td class="d">@' \
+ -e 's@: @</td><td class="t">@' \
+ -e 's@$$@</td></tr>@'
+news/vulnerabilities.inc: bin/vulnerabilities.xsl news/vulnerabilities.xml
+ @rm -f $@
+ xsltproc bin/vulnerabilities.xsl news/vulnerabilities.xml >$@
+
+docs/faq.txt: $(SNAP)/FAQ
+ @rm -f $@
+ cp $? $@
+docs/faq.inc: docs/faq.txt
+ @rm -f $@
+ ./bin/mk-faq <$? >$@
+docs/fips.inc:
+ @rm -f $@
+ ./bin/mk-filelist docs/fips fips/ '*' >$@
+
+source/license.txt: $(SNAP)/LICENSE
+ @rm -f $@
+ cp $? $@
+source/index.inc:
+ @rm -f $@
+ ./bin/mk-filelist $(RELEASEDIR) '' 'openssl-*.tar.gz' >$@
+
+source/old/0.9.x/index.inc:
+ @rm -f $@
+ ./bin/mk-filelist source/old/0.9.8 '' '*.gz' >$@
+source/old/1.0.0/index.inc:
+ @rm -f $@
+ ./bin/mk-filelist source/old/1.0.0 '' '*.gz' >$@
+source/old/1.0.1/index.inc:
+ @rm -f $@
+ ./bin/mk-filelist source/old/1.0.1 '' '*.gz' >$@
+source/old/1.0.2/index.inc:
+ @rm -f $@
+ ./bin/mk-filelist source/old/1.0.2 '' '*.gz' >$@
+source/old/fips/index.inc:
+ @rm -f $@
+ ./bin/mk-filelist source/old/fips '' '*.gz' >$@
diff --git a/README b/README
deleted file mode 100644
index 61f945f..0000000
--- a/README
+++ /dev/null
@@ -1,12 +0,0 @@
-
-This is the source for www.openssl.org
-
-The images were generated with Photoshop. The text is written using
-Website META Language (WML) for markup. WML can (hopefully) be
-found at http://thewml.org; the last release was in 2006.
-
-The Makefile rebuilds the website. It needs a copy of a checked-out
-tree, pointed to by the SNAP variable.
-
-Not included in the repository are the .tar.gz files for download.
-They are kept in the FTP area and within the URI tree.
diff --git a/about/.wmlrc b/about/.wmlrc
deleted file mode 100644
index ab44064..0000000
--- a/about/.wmlrc
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## .wmlrc -- Local RC file for WML
-##
-
-# define where the URL root of the Sub Navigation Bar (SNB)
-# is located [SNB_ROOT] and where it's buttons are defined [SNB_RC]
--DSNB_ROOT~.
--DSNB_RC=.wmlsnb
--I.
-
diff --git a/about/.wmlsnb b/about/.wmlsnb
deleted file mode 100644
index 03ecfd4..0000000
--- a/about/.wmlsnb
+++ /dev/null
@@ -1,16 +0,0 @@
-##
-## .wmlsnb -- Sub Navigation Bar Specification for WML
-##
-
-<snb>
- <snb_button id=general txt="General" url="/about">
- <snb_button id=binaries txt="Binaries" url="binaries.html">
- <snb_button id=rt txt="Bugs" url="/support/rt.html">
- <snb_button id=roadmap txt="Roadmap" url="roadmap.html">
- <snb_button id=secpol txt="Security Policy" url="secpolicy.html">
- <snb_button id=releasestrat txt="Release Strategy" url="releasestrat.html">
- <snb_button id=codingstyle txt="Coding Style" url="codingstyle.txt">
- <snb_button id=contacts txt="Contacts" url="contacts.html">
- <snb_button id=credits txt="Credits" url="credits.html">
-</snb>
-
diff --git a/about/binaries.wml b/about/binaries.wml
deleted file mode 100644
index 21b745f..0000000
--- a/about/binaries.wml
+++ /dev/null
@@ -1,36 +0,0 @@
-
-#use wml::openssl area=about page=binaries
-
-<title>OpenSSL Binary Distributions</title>
-
-<h1>Binary Distributions</h1>
-
-<p>Some people have offered to provide OpenSSL binary distributions for
-selected operating systems. The condition to get a link here is that the
-link is stable and can provide continued support for OpenSSL for a while.</p>
-
-<p>Note: many Linux distributions come with pre-compiled OpenSSL packages.
-Those are already well-known among the users of said distributions, and
-will therefore <i>not</i> be mentioned here. If you are such a user,
-we ask you to get in touch with your distributor first. This service is
-primarly for operating systems where there are no pre-compiled OpenSSL
-packages.</p>
-
-<ul>
- <item name="OpenSSL for Windows"
- info="Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables."
- url="http://www.slproweb.com/products/Win32OpenSSL.html">
-</ul>
-
-<ul>
- <item name="OpenSSL for Windows"
- info="Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio
-Runtime DLLs, except for the system provided msvcrt.dll"
- url="http://indy.fulgan.com/SSL/">
-</ul>
-
-<ul>
- <item name="OpenSSL for Solaris"
- info="Versions for Solaris 2.5 - 11 SPARC and X86"
- url=" http://www.unixpackages.com/">
-</ul>
diff --git a/about/contacts.wml b/about/contacts.wml
deleted file mode 100644
index 658aa8d..0000000
--- a/about/contacts.wml
+++ /dev/null
@@ -1,102 +0,0 @@
-
-#use wml::openssl area=about page=contacts
-
-<title>About, Contacts</title>
-
-<h1>About the OpenSSL Project</h1>
-
-<h2>Physical Addresses</h2>
-
-<p>Apart from mail addresses and names, some organizations require a physical
-address as contact for open source projects. Physical addresses can be
-useful in other cases as well. Therefore, some people have stepped forward
-and volunteered as "official" contacts for OpenSSL. If you want to get in
-touch with any of these people, please consider using email first, since
-that will also reach other team members in case your contact is temporarly
-not available.</p>
-
-<p>Please remember to be kind to the contacts. Their time is their own
-to dispose of. You may <i>request</i> support, but it's the contact's
-responsability and freedom alone to decide if he wants to give any support
-or not, regardless of who makes the request.</p>
-
-<p>The <i>OpenSSL Software Foundation</i> represents the OpenSSL project in most capacities including contributor license
-agreements, managing donations, etc.</p>
-</p>
-
-<table>
-<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
-<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
-<tr><td>
-OpenSSL Software Foundation<br>
-20-22 Wenlock Road<br>
-London<br>
-N1 7GU<br>
-United Kingdom<br>
-+44 1785508015 (UK)<br>
-+1 877-OPENSSL(6775) (US toll free)<br>
-+1 301-956-2281 (US)<br>
-<i>E-mail:</i> <a href="mailto:info at opensslfoundation.org">info at opensslfoundation.org</a>
-</td><td valign=top>
-Worldwide
-</td></tr>
-</table>
-
-<p><i>OpenSSL Software Services</i> represents the OpenSSL project for selected commercial or quasi-commercial contexts, such
-as providing formal support contracts and brokering consulting contracts for OpenSSL team members</p>
-</p>
-
-<table>
-<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
-<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
-<tr><td>
-OpenSSL Software Services Inc.<br>
-40 E Main St, Suite 744<br>
-Newark DE 19711<br>
-USA<br>
-+1 240-215-3103<br>
-<i>E-mail:</i> <a href="mailto:info at opensslservices.com">info at opensslservices.com</a>
-</td><td valign=top>
-Worldwide
-</td></tr>
-</table>
-
-<p>
-Commercial activities specific to FIPS 140-2 validations and the OpenSSL FIPS Object Module are handled by <i>OpenSSL Validation Services</i>:
-</p>
-
-<table>
-<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
-<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
-<tr><td>
-OpenSSL Validation Services Inc.<br>
-1829 Mount Ephraim Road<br>
-Adamstown, MD 21710<br>
-USA<br>
-+1 301-874-2571<br>
-<i>E-mail:</i> <a href="mailto:info at openssl.com">info at openssl.com</a>
-</td><td valign=top>
-Worldwide
-</td></tr>
-</table>
-
-<p>
-<p>
-Some OpenSSL team members are available for selected consulting engagements:
-<p>
-
-<table>
-<tr><td><b id=sf>Address</b></td><td><b id=sf>Area covered</b></td></tr>
-<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
-<tr><td>
-OpenSSL SE<br>
-c/o Richard Levitte<br>
-Nordingrågatan 20<br>
-S-162 53 Vällingby<br>
-Sweden<br>
-<i>E-mail:</i> <a href="mailto:openssl-contact.SE at openssl.org">openssl-contact.SE at openssl.org</a>
-</td><td valign=top>
-Sweden only
-</td></tr>
-</table>
-
diff --git a/about/credits.wml b/about/credits.wml
deleted file mode 100644
index 27db0b1..0000000
--- a/about/credits.wml
+++ /dev/null
@@ -1,53 +0,0 @@
-
-#use wml::openssl area=about page=credits
-
-<title>About, Credits</title>
-
-<h1>Credits</h1>
-
-This page gives credit to the various individuals and
-companies who contributed to the OpenSSL project.
-
-<ul>
-
-<li>
-Our current hosting is provided courtesy of
-<a href="https://www.space.net">SpaceNet AG</a>.
-<p>
-
-<li>
-Thanks to <a href="https://www.globalsign.com">GMO GlobalSign</a> for
-providing free TLS certificates.
-<p>
-
-<li>Thanks to <a href="https://rsync.net">rsync.net</a> for providing free
-backup storage.
-<p>
-
-<li>
-Thanks to Eric Young and Tim Hudson for the SSLeay
-package on which OpenSSL is based.
-<p>
-
-<li>
-Thanks to C2Net for contributing back to the Open Source community the
-SSLeay version 0.9.1b, which was the last internal SSLeay version Eric
-and Tim created while working for C2Net.
-<p>
-
-<li>
-Thanks to the Development Team of Internet Services at <a
-href="http://www.cw.com/">Cable & Wireless</a> Munich, Germany, for
-providing the hardware and network resources for some time after 2002.
-<p>
-
-<li>
-Thanks to the IT Support Group of the Department of
-Information Technology and Electrical Engineering at the <a
-href="http://www.ethz.ch/">Swiss Federal Institute of Technology
-Zurich</a> (ETHZ) for providing the hardware and network resources
-from 1998 to 2002.
-<p>
-
-</ul>
-
diff --git a/about/index.wml b/about/index.wml
deleted file mode 100644
index cf363e5..0000000
--- a/about/index.wml
+++ /dev/null
@@ -1,106 +0,0 @@
-
-#use wml::openssl area=about page=general
-
-<title>About, General</title>
-
-<h1>About the OpenSSL Project</h1>
-
-<h2>The goal of the project</h2>
-
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and <a
-href="http://www.opensource.org/">Open Source</a> toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and
-Transport Layer Security (TLS
-v1.0/v1.1/v1.2) protocols as well as a full-strength general purpose cryptography library
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL toolkit and its related
-documentation.
-
-<h2>Derivation and License</h2>
-
-OpenSSL is based on the SSLeay library
-developed by Eric Young and
-<a href="mailto:tjh at cryptsoft.com">Tim Hudson</a>. The OpenSSL toolkit
-is licensed under an <a href="../source/license.html">Apache-style licence</a> which basically means that you are free
-to get and use it for commercial and non-commercial purposes.
-
-<h2>The OpenSSL Core and Development Team</h2>
-
-The OpenSSL project is volunteer-driven. We do not have any specific
-requirement for volunteers other than a strong willingness to really
-contribute while following the projects goal. The OpenSSL project is formed
-by a development team, which consists of the current active developers
-and other major contributors. Additionally a subset of the developers form the
-OpenSSL core team which globally manages the OpenSSL project. Anyone wanting
-to join the development effort should subscribe to the developers mailing list
-openssl-dev at openssl.org, where all development efforts are coordinated.
-
-<p>
-The current OpenSSL core team consists of (in alphabetical order):
-<p>
-<blockquote><table>
-<tr><td><b id="sf">Individual</b></td> <td><b id="sf">Email</b></td> <td><b id="sf">Location</b></td> <td><b id="sf">Key ID / Fingerprint</b></td></tr>
-<tr><td><hr noshade size="1"></td><td><hr noshade size="1"></td><td><hr noshade size="1"></td> <td><hr noshade size="1"></td> </tr>
-<tr><td>Mark J. Cox</td> <td><a href="mailto:mark at openssl.org">mark at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x36CEE4DEB00CFE33">B00CFE33</a>, <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xEEAD4CFD49A563D9">49A563D9 (old key)</a></td></tr>
-<tr><td>Dr. Stephen Henson</td> <td><a href="mailto:steve at openssl.org">steve at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x62605AA4334AF9F0DDE5D349D3577507FA40E9E2">FA40E9E2</a>, <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759">F295C759 (old key)</a></td></tr>
-<tr><td>Ben Laurie</td> <td><a href="mailto:ben at openssl.org">ben at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x765655DE62E396FF2587EB6C4F6DE1562118CF83">2118CF83<tr><td>Andy Polyakov</td> <td><a href="mailto:appro at openssl.org">appro at openssl.org</a></td> <td>SE</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xB652F27F2B8D1B8DA78D7061BA6CDA461FE8E023">1FE8E023</a></td> </tr>
-</a></td> </tr>
-</table></blockquote>
-
-<p>
-The current OpenSSL development team consists of (in alphabetical order):
-<p>
-<blockquote><table summary="">
-<tr><td><b id="sf">Individual</b></td> <td><b id="sf">Email</b></td> <td><b id="sf">Location </b></td> <td><b id="sf">Key ID</b></td> </tr>
-<tr><td><hr noshade size="1"></td><td><hr noshade size="1"></td><td><hr noshade size="1"></td><td><hr noshade size="1"></td> </tr>
-<tr><td>Matt Caswell</td> <td><a href="mailto:matt at openssl.org">matt at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491">0E604491</a></td></tr>
-<tr><td>Mark J. Cox</td> <td><a href="mailto:mark at openssl.org">mark at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x36CEE4DEB00CFE33">B00CFE33</a>, <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xEEAD4CFD49A563D9">49A563D9 (old key)</a></td></tr>
-<tr><td>Viktor Dukhovni</td> <td><a href="mailto:viktor at openssl.org">viktor at openssl.org</a></td> <td>US</td> <td></a></a></td></tr>
-<tr><td>Dr. Stephen Henson</td> <td><a href="mailto:steve at openssl.org">steve at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x62605AA4334AF9F0DDE5D349D3577507FA40E9E2">FA40E9E2</a>, <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759">F295C759 (old key)</a></td></tr>
-<tr><td>Tim Hudson</td> <td><a href="mailto:tjh at openssl.org">tjh at openssl.org</a></td> <td>AU</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD">41FBF7DD</a></td></tr>
-<tr><td>Lutz Jänicke</td> <td><a href="mailto:jaenicke at openssl.org">jaenicke at openssl.org</a></td> <td>DE</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x0A77335AADE74E6BB36CAD8ADFAB592ABDD52F1C">BDD52F1C</a>, <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x78993B149C58A66D">9C58A66D (old key)</a></td> </tr>
-<tr><td>Emilia Käsper</td> <td><a href="mailto:emilia at openssl.org">emilia at openssl.org</a></td> <td>CH</td> <td></td> </tr>
-<tr><td>Ben Laurie</td> <td><a href="mailto:ben at openssl.org">ben at openssl.org</a></td> <td>UK</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x765655DE62E396FF2587EB6C4F6DE1562118CF83">2118CF83</a></td> </tr>
-<tr><td>Steve Marquess</td> <td><a href="mailto:marquess at openssl.org">marquess at openssl.org</a></td> <td>US</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xFEAB1FB2653717429B0B894F431711F76D1892F5">6D1892F5</a>(old key: <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x1F3B2A1B7F63F8C4CAAECC4224100B01CE69424E">CE69424E</a>)</td> </tr>
-<tr><td>Richard Levitte</td> <td><a href="mailto:levitte at openssl.org">levitte at openssl.org</a></td> <td>SE</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C">7DF9EE8C</a> (old key: <a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xA7AF9E78F709453B">F709453B</a>)</td> </tr>
-<tr><td>Bodo Möller</td> <td><a href="mailto:bodo at openssl.org">bodo at openssl.org</a></td> <td>CH</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xAA589DAC5A6A9B85">5A6A9B85</a></td> </tr>
-<tr><td>Andy Polyakov</td> <td><a href="mailto:appro at openssl.org">appro at openssl.org</a></td> <td>SE</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xB652F27F2B8D1B8DA78D7061BA6CDA461FE8E023">1FE8E023</a></td> </tr>
-<tr><td>Kurt Roeckx</td> <td><a href="mailto:kurt at openssl.org">kurt at openssl.org</a></td> <td>BE</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xE5E52560DD91C556DDBDA5D02064C53641C25E5D">41C25E5D</a></td> </tr>
-<tr><td>Rich Salz</td>
-<td><a href="mailto:rsalz at openssl.org">rsalz at openssl.org</a></td>
-<td>US</td>
-<td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xD099684DC7C21E02E14A8AFEF23479455C51B27C">5C51B27C<br>D099 684D C7C2 1E02 E14A 8AFE F234 7945 5C51 B27C</a></td>
-</tr>
-<tr><td>Geoff Thorpe</td> <td><a href="mailto:geoff at openssl.org">geoff at openssl.org</a></td> <td>QC</td> <td><a href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x1B3DF808C221D2A5ED74172F0833F510E18C1C32">E18C1C32</td> </tr>
-</table></blockquote>
-
-<p>
-Currently inactive OpenSSL members (in alphabetical order):
-<p>
-<blockquote><table summary="">
-<tr><td><b id="sf">Individual</b></td> <td><b id="sf">Email</b></td> <td><b id="sf">Location </b></td> <td><b id="sf">Key ID</b></td> </tr>
-<tr><td><hr noshade size="1"></td><td><hr noshade size="1"></td><td><hr noshade size="1"></td><hr noshade size="1"></td> </tr>
-<tr><td>Ralf S. Engelschall</td> <td><a href="mailto:rse at openssl.org">rse at openssl.org</a></td> <td>DE</td> <td></td> </tr>
-<tr><td>Nils Larsch</td> <td><a href="mailto:nils at openssl.org">nils at openssl.org</a></td> <td>DE</td> <td></td> </tr>
-</table></blockquote>
-
-
-<p>
-OpenSSL Emeritae - old members now off doing other things (in alphabetical order):
-<p>
-<blockquote><table>
-<tr><td><b id=sf>Individual</b></td> <td><b id=sf>Email</b></td> <td><b id=sf>Location</b></td> </tr>
-<tr><td><hr noshade size=1></td><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
-<tr><td>Holger Reif</td> <td ><a href="mailto:holger at openssl.org">holger at openssl.org</a></td> <td>DE</td> </tr>
-<tr><td>Paul C. Sutton</td> <td ><a href="mailto:paul at openssl.org">paul at openssl.org</a></td> <td>UK</td> </tr>
-</table></blockquote>
-
-<p>
-In Memoriam - members sadly no longer with us:
-<p>
-<blockquote><table summary="">
-<tr><td><b id="sf">Individual</b></td> <td><b id="sf">Location</b></td> </tr>
-<tr><td><hr noshade size="1"></td><td><hr noshade size="1"></td></tr>
-<tr><td>Ulf Möller</td> <td>DE</td> </tr>
-</table>
diff --git a/about/openssl-contact.wml b/about/openssl-contact.wml
deleted file mode 100644
index 8b9c590..0000000
--- a/about/openssl-contact.wml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>OpenSSL Software Foundation Contact Info</title>
-
-<h1>OpenSSL Software Foundation Queries</h1>
-
-Direct queries concerning any non-commercial activites or issues to:<br>
-<br>
-OpenSSL Software Foundation<br>
-20-22 Wenlock Road<br>
-London<br>
-N1 7GU<br>
-United Kingdom<br>
-+44 1785508015 (UK)<br>
-+1 877-OPENSSL(6775) (US toll free)<br>
-+1 301-956-2281 (US)<br>
-<a href="mailto:info at opensslfoundation.org">info at opensslfoundation.org</a>
-<p>
-You will probably wind up talking to Steve Marquess who currently handles OpenSSL commercial contracting, he is
-reachable directly at <a href="mailto:marquess at opensslfoundation.org">marquess at opensslfoundation.org</a> or
-the telephone numbers above.
diff --git a/about/releasestrat.wml b/about/releasestrat.wml
deleted file mode 100644
index cc20ee1..0000000
--- a/about/releasestrat.wml
+++ /dev/null
@@ -1,67 +0,0 @@
-
-#use wml::openssl area=about page=releasestrat
-
-<title>About, Release Strategy</title>
-<h1><center>OpenSSL Release Strategy</center></h1>
-<h2><center>First issued 23rd December 2014</center></h2>
-<h2><center>Last modified 9th August 2015</center></h2>
-<p>
-<br>
-</p>
-<p>As of release 1.0.0 the OpenSSL versioning scheme was improved to
-better meet developers' and vendors' expectations. Letter releases, such as
-1.0.1a, exclusively contain bug and security fixes and no new features.
-Minor releases that change the last digit, e.g. 1.0.1 vs. 1.0.2, can and
-are likely to contain new features, but in a way that does not break
-binary compatibility. This means that an application compiled and
-dynamically linked with 1.0.0 does not need to be recompiled when the shared
-library is updated to 1.0.2. It should be noted that some features are
-transparent to the application such as the maximum negotiated TLS version and
-cipher suites, performance improvements and so on. There is no need to recompile
-applications to benefit from these features.</p>
-
-<p>Binary compatibility also allows other possibilities. For example, consider an
-application that wishes to utilize a new cipher provided in a specific 1.0.x
-release, but it is also desirable to maintain the application in a 1.0.0 context.
-Customarily this would be resolved at compile time resulting in two binary
-packages targeting different OpenSSL versions. However, depending on the feature,
-it might be possible to check for its availability at run-time, thus cutting
-down on the maintenance of multiple binary packages. Admittedly it takes a certain
-discipline and some extra coding, but we would like to encourage such
-practice. This is because we want to see later releases being adopted
-faster, because new features can improve security.</p>
-
-<p>With regards to current and future releases the OpenSSL project has adopted the
-following policy:</p>
-
-<ul>
-<li><p>Support for version 0.9.8 will cease on 2015-12-31. No further releases of 0.9.8
-will be made after that date. Security fixes only will be applied to 0.9.8 until
-then.</p></li>
-
-<li><p>Support for version 1.0.0 will cease on 2015-12-31. No further releases of 1.0.0
-will be made after that date. Security fixes only will be applied to 1.0.0 until
-then.</p></li>
-</ul>
-
-<p>We may designate a release as a Long Term Support (LTS) release. LTS releases
-will be supported for at least five years and we will specify one at least every
-four years. Non-LTS releases will be supported for at least two years.</p>
-
-<p>As implied by the above paragraphs, during the final year of support, we do not
-commit to anything other than security fixes. Before that, bug and security
-fixes will be applied as appropriate.</p>
-
-<ul>
-<li><p>Version 1.0.1 will be supported until 2016-12-31.</p></li>
-
-<li><p>Version 1.0.2 will be supported until 2019-12-31.</p></li>
-</ul>
-
-<p>At this time, we are not planning a 1.0.3 release.</p>
-
-<p>Version 1.1.0 will (moderately) break source compatibility (for example we will
-make most structures opaque etc). We expect a preview version to be available
-mid 2015, with an expected release by the end of 2015. Preview means that we are
-not planning or expecting major API changes between the preview release and the
-final release (but are not categorically precluding that possibility).</p>
diff --git a/about/roadmap.wml b/about/roadmap.wml
deleted file mode 100644
index 05f6587..0000000
--- a/about/roadmap.wml
+++ /dev/null
@@ -1,364 +0,0 @@
-
-#use wml::openssl area=about page=roadmap
-
-<title>About, Roadmap</title>
-<h1><center>OpenSSL Project Roadmap</center></h1>
-<h2><center>First issued 30th June 2014</center></h2>
-<h2><center>Last modified 14th October 2014</center></h2>
-<p>
-<br>
-</p>
-<p>
-This document is intended to outline the OpenSSL project roadmap. It
-is a living document and is expected to change over time. Objectives
-and dates should be considered aspirational.</p>
-<p>
-The OpenSSL project is increasingly perceived as slow-moving and
-insular. This roadmap will attempt to address this by setting out
-some objectives for improvement, along with defined timescales.</p>
-<h1>Current Issues</h1>
-<p>
-The OpenSSL project is currently experiencing a number of issues.
-These are:</p>
-<ol>
- <li><p>
- <b>RT Backlog<br></b><br>Over a period of some considerable time
- open tickets have been building up in RT (our bug tracking system) to
- the point that now there are a very significant number of them. A large
- proportion of these issues have been open for years. Some of these have
- in fact been dealt with and should be closed, but this has not been
- recorded in the system. Most however have not been looked at.<br><br>
- </p>
- <li><p>
- <b>Incomplete/incorrect documentation<br><br></b>Documentation of
- OpenSSL is patchy at best. Some areas are well documented, while
- many others suffer from incomplete or incorrect documentation. There
- are also many areas which have no documentation at all.<br><br>
- </p>
- <li><p>
- <b>Library complexity<br><br></b>The OpenSSL libraries and
- applications are complex, both from a maintainer's perspective and
- from a user's perspective. The public API contains many things which
- should probably be internal. The code has been ported to a large
- number of platforms, many of which are no longer relevant to us
- today, and this complicates the codebase. Some parts of the code
- have been in place for a very long time, and are in need of a
- refresh. It is further complicated by the support for FIPS.<br><br>This
- complexity causes maintenance problems, and can also be the source
- of obscure and difficult to spot security vulnerabilities. It can
- also make users' lives much more difficult especially when
- combined with (2) above.<br><br>The current memory management code has
- also been a source of problems and vulnerabilities.<br><br>
- </p>
- <li><p>
- <b>Inconsistent coding style<br><br></b>There have been numerous
- developers working on the codebase over many years. There are many
- different styles used within the code, which is confusing and makes
- maintenance more difficult than it should be. Even if strictly
- consistent, the current code layout is unusual and idiosyncratic and
- unlike any other open source software.<br><br>
- </p>
- <li><p>
- <del>
- <b>Lack of code review<br><br></b>We don't have a code review system
- and we don't mandate code reviews.<br><br>
- </del>
- </p>
- <li><p>
- <b>No clear release plan<br><br></b>Historically OpenSSL has made new
- feature releases on an infrequent basis and no forward plan of releases
- has been published. It is difficult for users to plan for new releases,
- and understand when new features might become available, or when support
- will end for a release. In addition a large number of stable releases
- are maintained by the OpenSSL development team - diverting effort away
- from the most up to date versions.<br><br>
- </p>
- <li><p>
- <b>No clear platform strategy</b><br><br>Historically OpenSSL has
- supported a very wide range of platforms. Typically platform support has
- been added through "ifdef" conditional compilation on a per
- platform basis. This approach has led to a number of problems:</p>
-</ol>
-<ul>
- <li><p>
- The code has become very cluttered and is difficult to effectively
- maintain</p>
- <li><p>
- There is support still in the code for a number of legacy platforms
- which are unlikely to be widely deployed today - if the code even
- still works on those platforms</p>
- <li><p>
- In practice the development team do not have access to many of the
- platforms that the codebase supports and testing typically takes
- place on a very limited set (usually Linux, FreeBSD and Windows)<br><br>
- </p>
-</ul>
-<del>
-<ol start="8">
- <li><p>
- <b>No published security strategy</b><br><br>We do not have a well-known
- and published approach for how we appropriately inform all interested
- parties of security advisories.<br><br>
- </p>
-</ol>
-</del>
-
-<h1>Objectives</h1>
-<p>
-Each of the issues identified above can be translated into high level
-objectives. Some of these objectives can be achieved more easily and
-quickly than others.</p>
-<p>
-<b>An important principle is that the priority and focus of effort
-will be on achieving these objectives over and above the delivery of
-new features.</b></p>
-<h2>RT Backlog</h2>
-<ol>
- <li><p>
- Manage all newly submitted RT tickets in a timely manner such as an
- initial response within four working days. (Timescale: Now)</p>
- <li><p>
- Reduce over time the existing RT backlog (Timescale: Ongoing). This
- may include the mass closure of very old tickets, such as those
- raised before the release of any currently supported version</p>
- <a name="8-sep-2014"><p>Update (8th September 2014):</a>
- we have made a great deal of progress on the backlog.
- A <a href="ticket-activity.png">graph of ticket activity</a>
- is available, as is the <a href="buglist.txt">raw data</a>
- for every bug showing when it was open, and resolved. We will
- update these files periodically.</a>
-</ol>
-<h2>Incomplete/incorrect documentation</h2>
-<ol>
- <li><p>
- Provide complete documentation for all of the public API (excluding
- deprecated APIs) (Timescale: Within one year)</p>
- <ol type="a">
- <li><p>
- This may include introducing a new documentation system</p>
- <li><p>
- Some parts of the API have historically been public but were not
- intended for public use, such as low level cipher and digest APIs.
- These parts may not be documented, and if they are will be marked
- as deprecated (Timescale: within nine months).</p>
- </ol>
-</ol>
-<h2>Library complexity</h2>
-<ol>
- <li><p>
- Review and revise the public API with a view to reducing complexity
- (Timescale: Within one year)</p>
- <li><p>
- Document a platform strategy: see below (Timescale: Within three
- months)</p>
- <li><p>
- Review and refactor the FIPS code to make it far less intrusive
- (Timescale: Within one year)</p>
- <li><p>
- Review and refactor the memory management code (Timescale: Within
- six months)</p>
-</ol>
-<h2>Inconsistent coding style</h2>
-<ol>
- <li><p>
- Define a clear coding standard for the project. This will cover not
- only code layout but also items such as how to handle platform
- dependencies, unit testing and optional code. (Timescale: Within
- three months)
- </p>
- <li><p>
- Format the entire codebase according to the agreed standard.
- (Timescale: Within three months of coding standard being defined)
- </p>
- <li><p>
- Refactor code to follow other parts of the style guide. (Timescale:
- Within one year)</p>
-</ol>
-<h2>Code review</h2>
-<ol>
- <li><p>
- <del>
- Agree and implement a process such that all new commits should first
- be reviewed by a team member conversant with the relevant code and
- updated until the reviewer's issues are addressed. This is
- contingent on recruiting sufficient team members that reviewers are
- more-or-less always available. (Timescale: Within three months)</p>
- </del>
- <p>
- Objective met (16th July 2014): All changes are first reviewed by
- another team member prior to being committed to the public openssl
- repository.
- </p>
- <li><p>
- Agree on a code review system. (Timescale: Within six months)</p>
-</ol>
-<h2>Audit</h2>
-<ol>
- <li><p>
- Externally audit the current code base. (Timescale: Dependent on
- external body)</p>
- <p>
- <p>Update (14th October 2014):
- Auditors selected and funded; schedule being worked on.</p>
-</ol>
-<h2>Static/Dynamic Analysis</h2>
-<ol>
- <li><p>
- Regularly audit the code using appropriate analysis tools.
- (Timescale: Within six months)
- </p>
-</ol>
-<h2><a name="relstrat">Release Strategy</a></h2>
-<p>
-We intend to develop a release strategy which will set out our plans
-for how frequently we plan to release, and when. It will also cover
-how long releases will be supported for, and when their EOL (End Of
-Life) will be. (Timescale: Within three months)</p>
-<p>
-There are a number of objectives that we would be seeking to address
-within the release strategy. Some of these objectives compete with
-each other, and so from necessity there will have to be compromises.
-The objectives are:</p>
-<ol>
- <li><p>
- We need security fix releases with very low chance of breaking
- anything. This is largely met by prohibiting new features in stable
- branches (i.e. letter releases).</p>
- <li><p>
- If something is broken in a release a fixed version should be made
- available shortly afterwards (i.e. more letter releases more often)</p>
- <li><p>
- We need a way to get new binary compatible features into OpenSSL
- relatively quickly.</p>
- <li><p>
- We don't want to have to maintain too many branches. This is likely
- to include a timescale for the EOL of version 0.9.8</p>
- <li><p>
- We need a way to refactor code and make necessary binary
- incompatible changes, deprecating APIs etc.</p>
-</ol>
-<h2><a name="platstrat">Platform Strategy</a></h2>
-<p>
-Moving forward OpenSSL will adopt the following policy:</p>
-<ul>
- <li><p>
- There will be a defined set of primary platforms. The primary
- platforms will be Linux and FreeBSD. A primary platform is one where
- most development occurs.</p>
- <li><p>
- In addition there will be a list of secondary platforms which are
- supported by the development team.</p>
- <li><p>
- Platform specific code will be moved out of the main codebase
- (removing overuse of "ifdef").</p>
- <li><p>
- Legacy platforms that are unlikely to have wide deployment will be
- removed from the code.</p>
- <li><p>
- Non-supported platforms requiring regular maintenance activities
- will eventually be removed from the code after first seeking
- community owners to support the platforms in platform specific
- repositories.<br><br></p>
-</ul>
-<p>
-Necessary criteria for a platform to be included in the secondary
-platform list includes:</p>
-<ul>
- <li><p>
- Currency, i.e. a platform is widely deployed and in current use</p>
- <li><p>
- Vendor support</p>
- <li><p>
- Available to the dev team, i.e. the dev team have access to a
- suitable environment in which to test builds and deal with tickets
- and issues</p>
- <li><p>
- Dev team ownership, i.e. at least one person on the team is willing
- to take some responsibility for a platform<br><br></p>
-</ul>
-<p>
-In addition the secondary list will be as small as possible so as not
-to spread the development team too thinly.</p>
-<p>
-The secondary platforms are still to be defined but will be based on
-the above criteria. For each primary/secondary platform, we should
-have, at least, a continuous integration box and a dev machine we can
-access for test/debug. We will seek support from the platform vendors
-or the community to provide access to these platforms. The secondary
-platform list will change over time, but an initial list will be
-produced within three months.</p>
-<p>
-The Platform Strategy will be phased in over a period of time based
-on how quickly we can refactor the code.</p>
-<h2>Security Strategy</h2>
-<del>
-<p>
-We will be documenting a security strategy which will define our
-policy on:</p>
-<ul>
- <li><p>
- How we make security fixes</p>
- <li><p>
- What (if any) pre-notification of forthcoming security releases will
- be provided (and to whom) (Timescale: Within two months)</p>
-</ul>
-</del>
-<p>
-Objective met (7th September 2014): The OpenSSL security policy is available
-<a href="secpolicy.html">here</a>
-</p>
-<h1>Forthcoming Features</h1>
-<p>
-The primary focus of effort will be on achieving the objectives
-detailed above, however we are evaluating the following new features.</p>
-<ul>
- <li><p>
- IPv6 support</p>
- <li><p>
- AEAD updates (API review, Poly/ChaCha support, /dev/crypto
- operations coalescing)</p>
- <li><p>
- TLS 1.3.
- </p>
- <li><p>
- Certificate Transparency support.
- </p>
- <li><p>
- Support for new ciphersuites e.g. CCM.</p>
- <li><p>
- Extended SSL_CONF support.</p>
- <li><p>
- DANE support.</p>
- <li><p>
- Security levels (currently experimental in master)</p>
- <li><p>
- OCB</p>
- <li><p>
- FIPS code review and refactor</p>
- <li><p>
- Support for emerging platforms, e.g. ARMv8, POWER8</p>
- <li><p>
- Built-in MT support for two major threading "flavours", POSIX
- threads and Win32.</p>
-</ul>
-
-<h1>Roadmap Update History</h1>
-<p>
-The following changes have been made since the roadmap was first
-issued 30-June-2014.
-</p>
-<ul>
- <li><p>
- <a name="14-oct-2014">14-October-2014.</a>
- Updated audit; added TLS 1.3 and Certificate
- Transparency to features.</p>
- <li><p>
- 8-September-2014. Updated status on the RT backlog objective.</p>
- <li><p>
- 7-September-2014. Updated security policy section.</p>
- <li><p>
- 16-July-2014. Updated code review section.</p>
- <li><p>
- 1-July-2014. Noted RT is our bug tracking system.</p>
-</ul>
-
diff --git a/about/secpolicy.wml b/about/secpolicy.wml
deleted file mode 100644
index 6301a29..0000000
--- a/about/secpolicy.wml
+++ /dev/null
@@ -1,167 +0,0 @@
-
-#use wml::openssl area=about page=secpol
-
-<title>About, Security Policy</title>
-<h1><center>OpenSSL Security Policy</center></h1>
-<h2><center>Last modified 7th September 2014</center></h2>
-<p>
-<br>
-</p>
-
-
-<h1>Introduction</h1>
-
-<p>
-Recent flaws have captured the attention of the media and highlighted
-how much of the internet infrastructure is based on OpenSSL. We've
-never published our policy on how we internally handle security issues;
-that process being based on experience and has evolved
-over the years.
-</p>
-
-<h1>Reporting security issues</h1>
-
-<p>
-We have an email address which can be used to notify us of possible
-security vulnerabilities. A subset of OpenSSL team members receive
-this mail, and messages can be sent using PGP encryption. Full
-details are at <a href="../news/vulnerabilities.html">https://www.openssl.org/news/vulnerabilities.html</a>
-</p>
-
-<p>
-When we are notified about an issue we engage resources within the
-OpenSSL team to investigate and prioritise it. We may also utilise
-resources from the employers of our team members, as well as others
-we have worked with before.
-</p>
-
-<h1>Background</h1>
-
-<p>
-Everyone would like to get advance notice of security issues in OpenSSL.
-This is a complex topic and we need to set out some background
-with our findings:
-</p>
-<ul>
-<li><p>The more people you tell in advance the higher the likelihood that a
- leak will occur. We have seen this happen before, both with OpenSSL
- and other projects.</p>
-
-<li><p>A huge number of products from an equally large number of
- organisations use OpenSSL. It's not just secure websites, you're
- just as likely to find OpenSSL inside your smart TV, car, or fridge.</p>
-
-<li><p>We strongly believe that the right to advance patches/info
- should not be based in any way on paid membership to some forum. You
- can not pay us to get security patches in advance.</p>
-
-<li><p>We can benefit from peer review of the patches and advisory. Keeping
- security issues private means they can't get the level of testing or
- scrutiny that they otherwise would.</p>
-
-<li><p>It is not acceptable for organisations to use advance notice in marketing
- as a competitive advantage. For example "if you had bought our
- product/used our service you would have been protected a week ago".</p>
-
-<li><p>There are actually not a large number of serious vulnerabilities in
- OpenSSL which make it worth spending significant time keeping our
- own list of vendors we trust, or signing framework agreements, or
- dealing with changes, and policing the policy. This is a
- significant amount of effort per issue that is better spent on other
- things.</p>
-
-<li><p>We have previously used third parties to handle notification for us
- including CPNI, oCERT, or CERT/CC, but none were suitable.</p>
-
-<li><p>It's in the best interests of the Internet as a whole to get fixes
- for OpenSSL security issues out quickly. OpenSSL embargoes should be
- measured in days and weeks, not months or years.</p>
-
-<li><p>Many sites affected by OpenSSL issues will be running a version of
- OpenSSL they got from some vendor (and likely bundled with an
- operating system). The most effective way for these sites to get
- protected is to get an updated version from that vendor. Sites who
- use their own OpenSSL compilations should be able to handle a quick
- patch and recompile once the issue is public.</p>
-</ul>
-
-<h1>Internal handling of security issues</h1>
-
-<p>This leads us to our policy for security issues notified to us or
-found by our team which are not yet public.</p>
-
-<p>"private" means kept within the OpenSSL development team.</p>
-
-<p>We will determine the risk of each issue being addressed. We will
-take into account our experience dealing with past issues, versions
-affected, common defaults, and use cases. We divide the issues into
-the following categories:</p>
-
-<ul>
-
-<li><p>low severity issues. This includes issues such as those that only
- affect the openssl command line utility, unlikely configurations, or
- hard to exploit timing (side channel) attacks. These will in
- general be fixed immediately in latest development versions, and may
- be backported to older versions that are still getting updates. We
- will update the vulnerabilities page and note the issue CVE in the
- changelog and commit message, but they may not trigger new releases.</p>
-
-<li><p>moderate severity issues. This includes issues like crashes in
- client applications, flaws in protocols that are less commonly used
- (such as DTLS), and local flaws. These will in general be kept
- private until the next release, and that release will be scheduled
- so that it can roll up several such flaws at one time.</p>
-
-<li><p>high severity issues. This includes issues affecting common
- configurations which are also likely to be exploitable. Examples
- include a server DoS, a significant leak of server memory, and
- remote code execution. These issues will be kept private and will
- trigger a new release of all supported versions. We will attempt to
- keep the time these issues are private to a minimum; our aim would
- be no longer than a month where this is something under our control,
- and significantly quicker if there is a significant risk or we are
- aware the issue is being exploited.</p>
-</ul>
-
-<p>During the investigation of issues we may work with individuals and
-organisations who are not on the development team. We do this because
-past experience has shown that they can add value to our understanding
-of the issue and the ability to test patches. In cases where
-protocols are affected this is the best way to mitigate the risk that
-a poorly reviewed update causes signficiant breakage, or to detect if
-issues are being exploited in the wild. We have a strict policy on
-what these organisations and individuals can do with the information
-and will review the need on a case by case basis.</p>
-
-<h1>Prenotification policy</h1>
-
-<p>Where we are planning an update that fixes security issues we will
-notify the openssl-announce list and update the home page to give our
-scheduled update release date and time and the severity of issues
-being fixed by the update. No futher information about the issues
-will be given. This is to aid organisations that need to ensure they
-have staff available to handle triaging our announcement and what it
-means to their organisation.</p>
-
-<p>For updates that include high severity issues we will also prenotify
-with more details and patches. Our policy is to let the organisations
-that have a general purpose OS that uses OpenSSL have a few days
-notice in order to prepare packages for their users and feedback test
-results.</p>
-
-<p>We use the mailing list described at
-<a href="http://oss-security.openwall.org/wiki/mailing-lists/distros">http://oss-security.openwall.org/wiki/mailing-lists/distros</a> for this.
-We may also include other organisations that would otherwise qualify
-for list membership. We may withdraw notifying individual
-organisations from future prenotifications if they leak issues before
-they are public or over time do not add value (value can be added by
-providing feedback, corrections, test results, etc.)</p>
-
-<p>Finally, note that not all security issues are notified to us
-directly; some come from third parties such as companies that pay for
-vulnerabilities, some come from country CERTs. These intermediaries,
-or the researchers themselves, may follow a different style of
-notification. This is within their rights and outside of the control
-of the OpenSSL team.</p>
-
diff --git a/bin/mk-changelog b/bin/mk-changelog
new file mode 100755
index 0000000..60135c9
--- /dev/null
+++ b/bin/mk-changelog
@@ -0,0 +1,48 @@
+#! /usr/bin/perl -w
+use strict;
+
+# Read whole input.
+my $page;
+{
+ local $/;
+ $page .= <STDIN>;
+}
+
+# HTML entities.
+$page =~ s|&|&|sg;
+$page =~ s|<|<|sg;
+$page =~ s|>|>|sg;
+
+# Make sub-headings.
+$page =~ s|^.+?(Changes.+?\n+)|$1|s;
+$page =~ s|(Changes between.+?)\n|</pre>\n<h3>$1</h3>\n<pre>\n|sg;
+
+# Wrap it, and remove empty <pre></pre>
+$page = '<pre>' . $page . '</pre>';
+$page =~ s|<pre></pre>||g;
+
+# Make a TOC
+my $ctr = 0;
+my $toc;
+my $out;
+my $top = ' <a href="#toc"><img src="/img/up.gif"/></a>';
+for (split /^/, $page) {
+ if ( /<h3>/ ) {
+ my $name = $_;
+ $name =~ s|<h3>(.*)</h3>|$1|;
+ chop ($name);
+ $out .= '<h3><a name="x' . $ctr . '">' . $name . "</a>$top</h3>\n";
+ $toc .= '<li><a href="#x' . $ctr . '">' . $name . "</a></li>\n";
+ $ctr++;
+ } else {
+ $out .= $_;
+ }
+}
+
+print "<h3><a name='toc'>Table of contents</a></h3>\n";
+print "<ul>";
+print $toc;
+print "</ul>";
+print $out;
+
+exit(0);
diff --git a/run-faq.pl b/bin/mk-faq
similarity index 52%
rename from run-faq.pl
rename to bin/mk-faq
index f1e38f5..803d53a 100755
--- a/run-faq.pl
+++ b/bin/mk-faq
@@ -1,48 +1,73 @@
-#!/usr/bin/perl
-## read a FAQ file and pretty-print it as html
+#! /usr/bin/perl -w
+use strict;
+
+sub escape
+{
+ s/\&/\&/g;
+ s/\</\</g;
+ s/\>/\>/g;
+}
-$|++;
# TOC
-$i=0; $l=""; $n=0;
-print "<ul>\n";
-print "<ol>\n";
+my $l = "";
+my $n = 0;
+print "<h3><a name='toc'>Table of Contents</a></h3>\n";
+my $dirty = 0;
while (<STDIN>) {
escape($_);
last if /^=+$/;
next if /^\w*$/;
if (/^\[([^\[]+)\] (.*)/) {
- $l=$1;
- $n=0;
- print "</ol>\n";
- print "<li><a href=\"#$l\">$1</a> $2\n";
+ print "</ol>\n" if $dirty;
+ $l = $1;
+ $n = 0;
+ $dirty = 1;
+ print "<h4><a href=\"#$l\">$1</a> $2</h4>\n";
print "<ol>\n";
} elsif (/^\* (.*)/) {
$n++;
- print "<li><a href=\"#$l$n\">$1</a>\n";
+ print "<li><a href=\"#$l$n\">$1</a></li>\n";
}
}
-print "</ol>\n";
-print "</ul>\n\n";
+print "</ol>\n" if $dirty;
# Contents
-$l=""; $n=0; $pre=0; $snip=0;
+my $top = ' <a href="#toc"><img src="/img/up.gif"/></a>';
+$l = "";
+$n = 0;
+my $pre = 0;
+my $snip = 0;
while (<STDIN>) {
next if /^=+$/;
if (/^----- snip:start -----/) {
- print "<pre><listing>" unless $snip;
- $snip=1;
+ print "<pre>";
+ $snip = 1;
+ next;
}
if ($snip) {
+ if (/^----- snip:end -----/) {
+ print "</pre>";
+ $snip = 0;
+ } else {
+ escape($_);
+ print;
+ }
+ next;
+ }
+ if (/^ /) {
+ print "<pre>" unless $pre;
+ $pre = 1;
escape($_);
print;
+ next;
}
- if ($snip && /^----- snip:end -----/) {
- print "</listing></pre>";
- $snip=0;
- goto cont;
+ if ($pre) {
+ print "</pre>\n";
+ $pre = 0;
}
- if ($snip) {
- goto cont;
+ if (/^$/) {
+ print "<p>";
+ next;
}
if (/<URL:/ and not /<URL:.*>/) {
chomp;
@@ -53,7 +78,7 @@ while (<STDIN>) {
s/\@\@\@(.*?)\@\@\@/<a href=\"$1\">$1<\/a>/;
if (s/\((.?)\)/XX$1XX/g) {
while (/([A-Za-z_\.]*)XX(.?)XX/) {
- foreach $section ("apps", "ssl", "crypto") {
+ foreach my $section ("apps", "ssl", "crypto") {
if (-f "../docs/$section/$1.html") {
s|([A-Za-z_\.]*)XX(.?)XX|<a href=\"../docs/$section/$1.html\">$1($2)</a>|;
goto found;
@@ -64,32 +89,19 @@ while (<STDIN>) {
}
}
if (/^\[([^\[]+)\] =+/) {
- $l=$1;
- $n=0;
+ $l = $1;
+ $n = 0;
print "<hr>\n";
- print "<h2>[<a name=\"$l\">$1</a>]</h2>\n";
+ print "<h3>[<a name=\"$l\">$1</a>] $top</h3>\n";
} elsif (/^\* (.*)/) {
$n++;
- print "\n<h2><i><a name=\"$l$n\">$n. $1</a></i></h2>\n";
+ print "\n<h4><a name=\"$l$n\">$n. $1</a>$top</h4>\n";
} elsif (/^$/) {
print "<p>";
- } elsif (/^ /) {
- print "<pre>" unless $pre;
- $pre=1;
- print;
- } else {
- print "</pre>\n" if $pre;
- $pre=0;
+ }
+ else {
print;
}
- cont:
}
exit(0);
-
-sub escape
-{
- s/\&/\&/g;
- s/\</\</g;
- s/\>/\>/g;
-}
diff --git a/bin/mk-filelist b/bin/mk-filelist
new file mode 100755
index 0000000..e6b6088
--- /dev/null
+++ b/bin/mk-filelist
@@ -0,0 +1,52 @@
+#! /usr/bin/perl -w
+use strict;
+
+die "Missing args\n" if $#ARGV < 2;
+my $SRCDIR = $ARGV[0]; shift;
+my $URLBASE = $ARGV[0]; shift;
+my $GLOB = join(' ', @ARGV);
+
+my @months = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
+ 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
+
+sub ls {
+ my ($pat) = @_;
+ my @F = sort { (stat($b))[9] <=> (stat($a))[9]; } (glob($pat));
+ my @R = ();
+ foreach my $f (@F) {
+ next if ($f =~ m|^index.*|);
+ next if -d $f;
+ my @S = stat($f);
+ my @T = localtime($S[9]);
+ push(@R, sprintf("%d %d-%s-%02d %02d:%02d:%02d %s",
+ $S[7] / 1024,
+ 1900+$T[5], $months[$T[4]], $T[3],
+ $T[2], $T[1], $T[0],
+ $f));
+ }
+ return @R;
+}
+
+chdir $SRCDIR || die "Can't chdir $SRCDIR, $!";
+my @L = &ls($GLOB);
+foreach my $l (@L) {
+ next if $l =~ m|^\s*$|;
+ my @fields = split / /, $l;
+ # Size, date, time, filename
+ my $fs = $fields[0];
+ my $fd = $fields[1] . " " . $fields[2];
+ my $ff = $fields[3];
+ my $url = $URLBASE . $ff;
+ my $r = "<a href=\"$url\">$ff</a>";
+ $r .= " (<a href=\"$url.sha256\">SHA256</a>)" if -f "$ff.sha256";
+ $r .= " (<a href=\"$url.asc\">PGP sign</a>)" if -f "$ff.asc";
+ $r .= " (<a href=\"$url.sha1\">SHA1</a>)" if -f "$ff.sha1";
+ # $r .= " (<a href=\"$url.md5\">MD5</a>)" if -f "$ff.md5";
+ print "<tr>\n";
+ print " <td>$fs </td>\n";
+ print " <td>$fd </td>\n";
+ print " <td>$r</td>\n";
+ print "</tr>\n";
+}
+
+exit(0);
diff --git a/bin/mk-sitemap b/bin/mk-sitemap
new file mode 100755
index 0000000..d53d3cb
--- /dev/null
+++ b/bin/mk-sitemap
@@ -0,0 +1,40 @@
+#! /usr/bin/perl -w
+use strict;
+
+sub
+dodir()
+{
+ my $dir = shift;
+ my $level = shift || 1;
+ my @files = ();
+ my @dirs = ();
+
+ foreach my $entry ( glob($dir . "/*")) {
+ if (-f $entry ) {
+ next unless $entry =~ m/.*\.(html|pdf|txt|png)$/;
+ push @files, $entry;
+ } elsif ( -d $entry ) {
+ push @dirs, $entry;
+ }
+ }
+
+ foreach my $entry ( @files ) {
+ $entry =~ s at .*/@@;
+ next if $entry eq 'template-file.html';
+ print "\t" x $level, $entry, "\n";
+ }
+
+ foreach my $entry ( @dirs) {
+ $entry =~ s@^\.\/@@;
+ next if $entry =~ m/.git|inc|img|bin/;
+ next if $entry =~ m/secadv/;
+ my $simple = $entry;
+ $simple =~ s at .*/@@;
+ print "\n", "\t" x $level, $simple, "/\n";
+ &dodir($entry, $level + 1);
+ }
+}
+
+print "/\n";
+&dodir('.', 0);
+exit(0);
diff --git a/bin/vulnerabilities.xsl b/bin/vulnerabilities.xsl
new file mode 100644
index 0000000..83971a6
--- /dev/null
+++ b/bin/vulnerabilities.xsl
@@ -0,0 +1,141 @@
+<?xml version="1.0"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+
+ <xsl:output indent="yes" encoding="UTF-8" method="html" omit-xml-declaration="yes"/>
+
+ <!-- Format a date like "1960-02-10" into "February 10th, 1960" -->
+ <xsl:template name="dateformat">
+ <xsl:param name="date" select="."/>
+ <xsl:variable name="day" select="number(substring($date,7,2))"/>
+ <xsl:variable name="month" select="number(substring($date,5,2))"/>
+ <xsl:variable name="year" select="number(substring($date,1,4))"/>
+
+ <xsl:if test="$day > 0">
+ <xsl:value-of select="$day" />
+ <xsl:choose>
+ <xsl:when test="$day=1 or $day=21 or $day=31">st</xsl:when>
+ <xsl:when test="$day=2 or $day=22">nd</xsl:when>
+ <xsl:when test="$day=3 or $day=23">rd</xsl:when>
+ <xsl:otherwise>th</xsl:otherwise>
+ </xsl:choose>
+ <xsl:text> </xsl:text>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="$month=01">January</xsl:when>
+ <xsl:when test="$month=02">February</xsl:when>
+ <xsl:when test="$month=03">March</xsl:when>
+ <xsl:when test="$month=04">April</xsl:when>
+ <xsl:when test="$month=05">May</xsl:when>
+ <xsl:when test="$month=06">June</xsl:when>
+ <xsl:when test="$month=07">July</xsl:when>
+ <xsl:when test="$month=08">August</xsl:when>
+ <xsl:when test="$month=09">September</xsl:when>
+ <xsl:when test="$month=10">October</xsl:when>
+ <xsl:when test="$month=11">November</xsl:when>
+ <xsl:when test="$month=12">December</xsl:when>
+ </xsl:choose>
+ <xsl:if test="$year>0">
+ <xsl:text> </xsl:text>
+ <xsl:value-of select="$year"/>
+ </xsl:if>
+ </xsl:template>
+
+ <xsl:key name="unique-date" match="@public" use="substring(.,1,4)"/>
+ <xsl:key name="unique-base" match="@base" use="."/>
+
+ <xsl:template match="security">
+ <xsl:comment>
+ Do not edit this file; edit vulnerabilities.xml
+ </xsl:comment>
+
+ <h3><a name="toc">Table of Contents</a></h3>
+ <ul>
+ <xsl:for-each select="issue/@public[generate-id()=generate-id(key('unique-date',substring(.,1,4)))]">
+ <xsl:sort select="." order="descending"/>
+ <xsl:variable name="year" select="substring(.,1,4)"/>
+ <li><a href="#y{$year}"><xsl:value-of select="$year"/></a></li>
+ </xsl:for-each>
+ </ul>
+
+ <xsl:for-each select="issue/@public[generate-id()=generate-id(key('unique-date',substring(.,1,4)))]">
+ <xsl:sort select="." order="descending"/>
+ <xsl:variable name="year" select="substring(.,1,4)"/>
+
+ <h3><a name="y{$year}"><xsl:value-of select="$year"/></a>
+ <!-- don't need an UP on each year.
+ <xsl:text> </xsl:text><a href="#toc"><img src="/img/up.gif"/></a>
+ -->
+ </h3>
+ <dl>
+ <xsl:apply-templates select="../../issue[substring(@public,1,4)=$year]">
+ <xsl:sort select="./@public" order="descending"/>
+ </xsl:apply-templates>
+ </dl>
+ </xsl:for-each>
+ </xsl:template>
+
+ <xsl:template match="issue">
+ <dt>
+ <xsl:apply-templates select="cve"/>
+ <xsl:if test="advisory/@url">
+ <xsl:text> </xsl:text><a href="{advisory/@url}">(OpenSSL advisory) </a>
+ </xsl:if>
+ <xsl:if test="impact/@severity">
+ [<xsl:value-of select="impact/@severity"/> severity]
+ </xsl:if>
+ <xsl:call-template name="dateformat">
+ <xsl:with-param name="date" select="@public"/>
+ </xsl:call-template>
+ <xsl:text disable-output-escaping='yes'>: <a href="#toc"><img src="/img/up.gif"/></a></xsl:text>
+ </dt>
+ <dd>
+ <xsl:copy-of select="string(description)"/>
+ <xsl:if test="reported/@source">
+ Reported by <xsl:value-of select="reported/@source"/>.
+ </xsl:if>
+ <ul>
+ <xsl:for-each select="fixed">
+ <li>Fixed in OpenSSL
+ <xsl:value-of select="@version"/>
+ <xsl:if test="git/@hash">
+ <xsl:text> </xsl:text><a href="https://github.com/openssl/openssl/commit/{git/@hash}">(git commit)</a><xsl:text> </xsl:text>
+ </xsl:if>
+ <xsl:variable name="mybase" select="@base"/>
+ <xsl:for-each select="../affects[@base=$mybase]|../maybeaffects[@base=$mybase]">
+ <xsl:sort select="@version" order="descending"/>
+ <xsl:if test="position() =1">
+ <xsl:text> (Affected </xsl:text>
+ </xsl:if>
+ <xsl:value-of select="@version"/>
+ <xsl:if test="name() = 'maybeaffects'">
+ <xsl:text>?</xsl:text>
+ </xsl:if>
+ <xsl:if test="position() != last()">
+ <xsl:text>, </xsl:text>
+ </xsl:if>
+ <xsl:if test="position() = last()">
+ <xsl:text>) </xsl:text>
+ </xsl:if>
+ </xsl:for-each>
+ </li>
+ </xsl:for-each>
+ </ul>
+ </dd>
+ </xsl:template>
+
+ <xsl:template match="cve">
+ <xsl:if test="@name != ''">
+ <b><a name="{@name}">
+ <xsl:if test="@description = 'full'">
+ The Common Vulnerabilities and Exposures project
+ has assigned the name
+ </xsl:if>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-{@name}">CVE-<xsl:value-of select="@name"/> </a>
+ <xsl:if test="@description = 'full'">
+ to this issue.
+ </xsl:if>
+ </a></b>
+ </xsl:if>
+ </xsl:template>
+
+</xsl:stylesheet>
diff --git a/community/binaries.html b/community/binaries.html
new file mode 100644
index 0000000..7774af5
--- /dev/null
+++ b/community/binaries.html
@@ -0,0 +1,67 @@
+
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Binaries</h2></header>
+ <div class="entry-content">
+ <p>Some people have offered to provide OpenSSL binary
+ distributions for selected operating systems. The condition to
+ get a link here is that the link is stable and can provide
+ continued support for OpenSSL for a while.</p>
+
+ <p>Note: many Linux distributions come with pre-compiled OpenSSL
+ packages. Those are already well-known among the users of said
+ distributions, and will therefore <em>not</em> be mentioned here.
+ If you are such a user, we ask you to get in touch with your
+ distributor first. This service is primarly for operating systems
+ where there are no pre-compiled OpenSSL packages.</p>
+
+ <dl>
+ <dt>OpenSSL for Windows</dt>
+ <dd>Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form
+ of self-install executables.
+ <a
+ href="http://www.slproweb.com/products/Win32OpenSSL.html">http://www.slproweb.com/products/Win32OpenSSL.html</a>
+ </dd>
+
+ <dt>OpenSSL for Windows</dt>
+ <dd>Pre-compiled Win32/64 libraries without external
+ dependencies to the Microsoft Visual Studio Runtime DLLs, except
+ for the system provided msvcrt.dll.
+ <a
+ href="http://indy.fulgan.com/SSL/">http://indy.fulgan.com/SSL/</a>
+ </dd>
+
+ <dt>OpenSSL for Solaris</dt>
+ <dd>Versions for Solaris 2.5 - 11 SPARC and X86
+ <a
+ href="http://www.unixpackages.com/">http://www.unixpackages.com/</a>
+ </dd>
+ </dl>
+ </p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Community</a>
+ : <a href="">Binaries</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/community/contacts.html b/community/contacts.html
new file mode 100644
index 0000000..a18948b
--- /dev/null
+++ b/community/contacts.html
@@ -0,0 +1,107 @@
+<h1>About the OpenSSL Project</h1>
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Contact Us</h2></header>
+ <div class="entry-content">
+ <p>
+
+ <p>Apart from email addresses and names, some organizations require
+ a physical address as contact for open source projects. Physical
+ addresses can be useful in other cases as well. Therefore, some
+ people have stepped forward and volunteered as "official" contacts
+ for OpenSSL. If you want to get in touch with any of these
+ people, please consider using email first, since that will also
+ reach other team members in case your contact is temporarly not
+ available.</p>
+
+ <p>Please remember to be kind to the contacts. Their time is
+ their own to dispose of. You may <em>request</em> support, but
+ it's the contact's responsability and freedom alone to decide if
+ he wants to give any support or not, regardless of who makes the
+ request.</p>
+
+ <p>The<em>OpenSSL Software Foundation</em> represents the OpenSSL
+ project in most capacities including contributor license
+ agreements, managing donations, and so on.
+
+ <blockquote>
+ OpenSSL Software Foundation<br>
+ 20-22 Wenlock Road<br>
+ London<br>
+ N1 7GU<br>
+ United Kingdom<br>
+ +44 1785508015 (UK)<br>
+ +1 877-OPENSSL(6775) (US toll free)<br>
+ +1 301-956-2281 (US)<br>
+ <a href="mailto:info at opensslfoundation.org">info at opensslfoundation.org</a>
+ </blockquote>
+ </p>
+
+ <p><em>OpenSSL Software Services</em> represents the OpenSSL
+ project for selected commercial or quasi-commercial contexts, such
+ as providing formal support contracts and brokering consulting
+ contracts for OpenSSL team members.
+ <blockquote>
+ OpenSSL Software Services Inc.<br>
+ 40 E Main St, Suite 744<br>
+ Newark DE 19711<br>
+ USA<br>
+ +1 240-215-3103<br>
+ <a href="mailto:info at opensslservices.com">info at opensslservices.com</a>
+ </blockquote>
+ </p>
+
+ <p>Commercial activities specific to FIPS 140-2 validations and
+ the OpenSSL FIPS Object Module are handled by
+ <em>OpenSSL Validation Services</em>.
+ <blockquote>
+ OpenSSL Validation Services Inc.<br>
+ 1829 Mount Ephraim Road<br>
+ Adamstown, MD 21710<br>
+ USA<br>
+ +1 301-874-2571<br>
+ <a href="mailto:info at openssl.com">info at openssl.com</a>
+ </blockquote>
+ </p>
+
+ <p>Some OpenSSL team members are available for selected consulting
+ engagements.</p>
+
+ <p>In Sweden:</p>
+
+ <blockquote>
+ OpenSSL SE<br>
+ c/o Richard Levitte<br>
+ Nordingrågatan 20<br>
+ S-162 53 Vällingby<br>
+ Sweden<br>
+ <a href="mailto:openssl-contact.SE at openssl.org">openssl-contact.SE at openssl.org</a>
+ </blockquote>
+ </p>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Community</a>
+ : <a href="">Contact Us</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+</div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/community/index.html b/community/index.html
new file mode 100644
index 0000000..091bff5
--- /dev/null
+++ b/community/index.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Community<h2></header>
+ <div class="entry-content">
+ <p>
+ OpenSSL is a a collaborative effort of a worldwide community of
+ volunteers. Here are some of the ways you can join the
+ community and contribute.
+ The list of <a href="team.html">development team members</a> is
+ available, as is a description of how to
+ <a href="contacts.html">contact us</a> off-line. We'd also like
+ to <a href="thanks.html">thank</a> several groups for help with
+ the project infrastructure over time.
+ </p>
+
+ <p>
+ We maintain several <a href="mailinglists.html">mailing lists</a>.
+ Anyone can join, but you must be a member of a list to post to it.
+ We have a <a href="http://wiki.openssl.org">public wiki</a>,
+ and anyone can request an account and start adding content.
+ We have a <a href="/blog">team blog</a>, where members of
+ the development team will occasionally post.
+ </p>
+
+ <p>
+ While we only distribute source, some members of the community
+ make <a href="binaries.html">binaries</a> available.
+ </p>
+
+ <h3>Reporting Bugs</h3>
+
+ <p>If you think have found a security bug, please see our
+ <a href="/news/vulnerabilities.html">vulnerabilities page</a>
+ for information on how to report it.</p>
+
+ <p>We have set up a request tracker at
+ <a href="http://rt.openssl.org">http://rt.openssl.org</a>,
+ with read-only access using <em>guest</em> as the name
+ and password.
+ Requests can be viewed on-line by using the following URL,
+ replacing <em>NNNN</em> with the request number:
+ http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=<em>NNNN</em>
+ </p>
+
+ <p>To report a bug or make an enhancement request, send email
+ to <a href="mailto:rt at openssl.org">rt at openssl.org</a>.
+ In the subject line, please make sure to indicate if its a
+ bug, a fix, and a brief description of the issue. In the
+ body of your mail, please include the version of operationg
+ system and OpenSSL you are using. If you have a patch or diff,
+ please send it as an attachment, and not inline in
+ the message body.</p>
+
+ <p>The easiest way to respond to an existing request is to reply
+ to the relevant message in <em>openssl-dev at openssl.org</em>.
+ To help avoid duplicate copies, edit the recipient list so that
+ only <em>rt at openssl.org</em> is listed and remove any quoted
+ material.
+ </p>
+
+ <p>You can also create a pull request in
+ <a href="https://github.com/openssl/openssl">GitHub</a>,
+ but if you do that, please also use RT and refer to the
+ request number. That way we are less likely to lose track
+ of things.</p>
+
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Community</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/community/mailinglists.html b/community/mailinglists.html
new file mode 100644
index 0000000..5ca5d4c
--- /dev/null
+++ b/community/mailinglists.html
@@ -0,0 +1,100 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Mailing Lists<h2></header>
+ <div class="entry-content">
+ <p>
+ Here is are the
+ <a href="http://mta.openssl.org/">mailing lists</a> we run.
+ You must be a member of the list to post to it.
+ </p>
+
+ <table>
+ <tr><td>List</td><td>Purpose</td></tr>
+ <tr>
+ <td><a
+ href="https://mta.openssl.org/mailman/listinfo/openssl-announce">openssl-announce</a></td>
+ <td>Official Project Announcements; low-volume read-only.</td>
+ </tr>
+ <tr>
+ <td><a
+ href="https://mta.openssl.org/mailman/listinfo/openssl-commits">openssl-commits</a></td>
+ <td>Commits to the source repository; read-only</td>
+ </tr>
+ <tr>
+ <td><a
+ href="https://mta.openssl.org/mailman/listinfo/openssl-dev">openssl-dev</a></td>
+ <td>Discussions on development of the OpenSSL library.
+ This is not the place for application development
+ questions!</td>
+ </tr>
+ <tr>
+ <td><a
+ href="https://mta.openssl.org/mailman/listinfo/openssl-users">openssl-users</a></td>
+ <td>Application Development, installing and configuring
+ OpenSSL, etc.</td>
+ </tr>
+ </table>
+ <p></p>
+
+ <h3>Archives</h3>
+
+ <p>
+ Public archives can be found at the following locations:
+ </p>
+ <table>
+ <tr><td>List</td><td>Archives</td></tr>
+ <tr><td>openssl-announce</td><td>
+ <a
+ href="http://marc.info/?l=openssl-announce">http://marc.info/?l=openssl-announce</a><br>
+ <a
+ href="http://www.mail-archive.com/openssl-announce@openssl.org/">http://www.mail-archive.com/openssl-announce@openssl.org/</a>
+ </td></tr>
+ <tr><td>openssl-users</td><td>
+ <a
+ href="http://marc.info/?l=openssl-users">http://marc.info/?l=openssl-users</a><br>
+ <a
+ href="http://www.mail-archive.com/openssl-users@openssl.org/">http://www.mail-archive.com/openssl-users@openssl.org/</a><br>
+ <a
+ href="http://groups.google.com/groups?group=mailing.openssl.users">http://groups.google.com/groups?group=mailing.openssl.users</a><br>
+ </td></tr>
+ <tr><td>openssl-dev</td><td>
+ <a
+ href="http://marc.info/?l=openssl-dev">http://marc.info/?l=openssl-dev</a><br>
+ <a
+ href="http://www.mail-archive.com/openssl-dev@openssl.org/">http://www.mail-archive.com/openssl-dev@openssl.org/</a><br>
+ <a
+ href="http://groups.google.com/groups?group=mailing.openssl.dev">http://groups.google.com/groups?group=mailing.openssl.dev</a>
+ </td></tr>
+ <tr><td>openssl-commits</td><td>
+ <a
+ href="http://marc.info/?l=openssl-cvs">http://marc.info/?l=openssl-cvs</a>
+ <a
+ href="http://groups.google.com/groups?group=mailing.openssl.cvs">http://groups.google.com/groups?group=mailing.openssl.cvs</a>
+ </table>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href="index.html">Community</a>
+ : <a href=".">Mailing Lists</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/community/sidebar.inc b/community/sidebar.inc
new file mode 100644
index 0000000..4cbbebb
--- /dev/null
+++ b/community/sidebar.inc
@@ -0,0 +1,32 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">Community</a></h1>
+ <ul>
+ <li>
+ <a href="team.html">Team</a>
+ </li>
+ <li>
+ <a href="contacts.html">Contact Us</a>
+ </li>
+ <li>
+ <a href="thanks.html">Thanks!</a>
+ </li>
+ <li>
+ <a href="mailinglists.html">Mailing Lists</a>
+ </li>
+ <li>
+ <a href="http://wiki.openssl.org">Wiki</a>
+ </li>
+ <li>
+ <a href="http://www.openssl.org/blog">Blog</a>
+ </li>
+ <li>
+ <a href="binaries.html">Binaries</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
+
+
diff --git a/community/team.html b/community/team.html
new file mode 100644
index 0000000..b733f82
--- /dev/null
+++ b/community/team.html
@@ -0,0 +1,174 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Team</h2></header>
+ <div class="entry-content">
+ <p>
+ The OpenSSL development team consists of people who have commit
+ access to the source repository.
+ Policies and procedures are adopted after a majority vote of
+ the dev-team.
+
+ <p>
+ The current OpenSSL development team consists of (in alphabetical
+ order):
+ </p>
+ <table summary="">
+ <tr>
+ <td>Name</td>
+ <td>Email</td>
+ <td>Locale </td>
+ <td>PGP Key ID</td>
+ </tr>
+
+ <tr>
+ <td>Matt Caswell</td>
+ <td><a href="mailto:matt at openssl.org">matt at openssl.org</a></td>
+ <td>UK</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491">D9C4D26D0E604491</a></td>
+ </tr>
+
+ <tr>
+ <td>Mark J. Cox*</td>
+ <td><a href="mailto:mark at openssl.org">mark at openssl.org</a></td>
+ <td>UK</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x36CEE4DEB00CFE33">27585B2E26B927CA29D660CFEAC0FF30DCE1DD5A</a>
+ </tr>
+
+ <tr>
+ <td>Viktor Dukhovni</td>
+ <td><a href="mailto:viktor at openssl.org">viktor at openssl.org</a></td>
+ <td>US</td>
+ <td> </td>
+ </tr>
+
+ <tr>
+ <td>Dr. Stephen Henson*</td>
+ <td><a href="mailto:steve at openssl.org">steve at openssl.org</a></td>
+ <td>UK</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x62605AA4334AF9F0DDE5D349D3577507FA40E9E2">D3577507FA40E9E2</a>
+ </tr>
+
+ <tr>
+ <td>Tim Hudson</td>
+ <td><a href="mailto:tjh at openssl.org">tjh at openssl.org</a></td>
+ <td>AU</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD">9195C48241FBF7DD</a></td>
+ </tr>
+
+ <tr>
+ <td>Lutz Jänicke</td>
+ <td><a href="mailto:jaenicke at openssl.org">jaenicke at openssl.org</a></td>
+ <td>DE</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x0A77335AADE74E6BB36CAD8ADFAB592ABDD52F1C">DFAB592ABDD52F1C</a>
+ </tr>
+
+ <tr>
+ <td>Emilia Käsper</td>
+ <td><a href="mailto:emilia at openssl.org">emilia at openssl.org</a></td>
+ <td>CH</td>
+ <td></td>
+ </tr>
+
+ <tr>
+ <td>Ben Laurie*</td>
+ <td><a href="mailto:ben at openssl.org">ben at openssl.org</a></td>
+ <td>UK</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x765655DE62E396FF2587EB6C4F6DE1562118CF83">4F6DE1562118CF83</a></td>
+ </tr>
+
+ <tr>
+ <td>Steve Marquess</td>
+ <td><a href="mailto:marquess at openssl.org">marquess at openssl.org</a></td>
+ <td>US</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xFEAB1FB2653717429B0B894F431711F76D1892F5">CE1AE41903B0216376DCC2357E5776CE7D86D554</a>
+ </tr>
+
+ <tr>
+ <td>Richard Levitte</td>
+ <td><a href="mailto:levitte at openssl.org">levitte at openssl.org</a></td>
+ <td>SE</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C">98BB1B36A0210D0139948153DC137F72BE01CD05</a>
+ </tr>
+
+ <tr>
+ <td>Bodo Möller</td>
+ <td><a href="mailto:bodo at openssl.org">bodo at openssl.org</a></td>
+ <td>CH</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xAA589DAC5A6A9B85">AA589DAC5A6A9B85</a></td>
+ </tr>
+
+ <tr>
+ <td>Andy Polyakov*</td>
+ <td><a href="mailto:appro at openssl.org">appro at openssl.org</a></td>
+ <td>SE</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xB652F27F2B8D1B8DA78D7061BA6CDA461FE8E023">BA6CDA461FE8E023</a></td>
+ </tr>
+
+ <tr>
+ <td>Kurt Roeckx</td>
+ <td><a href="mailto:kurt at openssl.org">kurt at openssl.org</a></td>
+ <td>BE</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xE5E52560DD91C556DDBDA5D02064C53641C25E5D">2064C53641C25E5D</a></td>
+ </tr>
+
+ <tr>
+ <td>Rich Salz</td>
+ <td><a href="mailto:rsalz at openssl.org">rsalz at openssl.org</a></td>
+ <td>US</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xD099684DC7C21E02E14A8AFEF23479455C51B27C">F23479455C51B27C</a></td>
+ </tr>
+
+ <tr>
+ <td>Geoff Thorpe</td>
+ <td><a href="mailto:geoff at openssl.org">geoff at openssl.org</a></td>
+ <td>QC</td>
+ <td><a
+ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x1B3DF808C221D2A5ED74172F0833F510E18C1C32">0833F510E18C1C32</a></td>
+ </tr>
+ </table>
+ *Names with an asterisk indicate members of the core team.
+ <p> </p>
+
+ <p>
+ In addition, we gratefully acknowledge the contributions of the
+ following alumni: Ralf S. Engelschall, Nils Larsch, Holger Reif, and
+ Paul C. Sutton. We also respectfully remember Ulf Möller who
+ is no longer with us.
+ </p>
+ </div>
+
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Community</a>
+ : <a href="">Team</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+ <!--#include virtual="/inc/footer.inc" -->
+ </body>
+ </html>
diff --git a/community/thanks.html b/community/thanks.html
new file mode 100644
index 0000000..8433046
--- /dev/null
+++ b/community/thanks.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Thanks!</h2></header>
+ <div class="entry-content">
+ <p>
+ We'd like to thank the following individuals and organizations
+ who contribute to the OpenSSL project.
+ </p>
+
+ <ul>
+ <li>Our current hosting is provided courtesy of
+ <a href="https://www.space.net">SpaceNet AG</a>.</li>
+ <li>Thanks to
+ <a href="https://www.globalsign.com">GMO GlobalSign</a>
+ for providing free TLS certificates.</li>
+ <li>Thanks to <a href="https://rsync.net">rsync.net</a> for
+ providing free backup storage.</li>
+ <li>Thanks to Eric Young and Tim Hudson for the SSLeay
+ package on which OpenSSL is based.</li>
+ <li>Thanks to Tony Arcieri for the updated logo and some
+ important tweaks to the CSS.</li>
+ <li>Thanks to <a href="http://octopress.org">Octopress</a>
+ for providing the CSS basis for the redesign, as well as
+ our entire blog machinery.</li>
+ </ul>
+
+ <p>
+ We'd also like to recognize the following for their prior
+ support:
+ </p>
+ <ul>
+ <li>Thanks to C2Net for contributing back to the Open Source
+ community the SSLeay version 0.9.1b, which was the last internal
+ SSLeay version Eric and Tim created while working for
+ C2Net.</li>
+
+ <li>Thanks to the Development Team of Internet Services at
+ <a href="http://www.cw.com/">Cable & Wireless</a> Munich,
+ Germany, for providing the hardware and network resources for
+ some time after 2002. </li>
+
+ <li>Thanks to the IT Support Group of the Department of
+ Information Technology and Electrical Engineering at the
+ <a href="http://www.ethz.ch/">Swiss Federal Institute of Technology Zurich</a>
+ (ETHZ) for providing the hardware and network resources
+ from 1998 to 2002.
+ </li>
+ </ul>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Community</a>
+ : <a href="">Thanks!</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/docs/.gitignore b/docs/.gitignore
deleted file mode 100644
index ea742a5..0000000
--- a/docs/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-crypto
-ssl
-apps
diff --git a/docs/.wmlrc b/docs/.wmlrc
deleted file mode 100644
index ab44064..0000000
--- a/docs/.wmlrc
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## .wmlrc -- Local RC file for WML
-##
-
-# define where the URL root of the Sub Navigation Bar (SNB)
-# is located [SNB_ROOT] and where it's buttons are defined [SNB_RC]
--DSNB_ROOT~.
--DSNB_RC=.wmlsnb
--I.
-
diff --git a/docs/.wmlsnb b/docs/.wmlsnb
deleted file mode 100644
index e53d69d..0000000
--- a/docs/.wmlsnb
+++ /dev/null
@@ -1,15 +0,0 @@
-##
-## .wmlsnb -- Sub Navigation Bar Specification for WML
-##
-
-<snb>
- <snb_button id=index txt="Documents" url="./">
- <snb_button id=index txt="Blog" url="/blog/">
- <snb_button id=openssl txt="openssl(1)" url="apps/openssl.html">
- <snb_button id=ssl txt="ssl(3)" url="ssl/ssl.html">
- <snb_button id=crypto txt="crypto(3)" url="crypto/crypto.html">
- <snb_button id=HOWTO txt="HOWTO" url="HOWTO/">
- <snb_button id=WIKI txt="Wiki" url="http://wiki.openssl.org/">
- <snb_button id=FIPS140 txt="FIPS140" url="fips/">
-</snb>
-
diff --git a/docs/HOWTO/.gitignore b/docs/HOWTO/.gitignore
deleted file mode 100644
index 2211df6..0000000
--- a/docs/HOWTO/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-*.txt
diff --git a/docs/faq.html b/docs/faq.html
new file mode 100644
index 0000000..0f8a061
--- /dev/null
+++ b/docs/faq.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Frequently Asked Questions</h2></header>
+ <div class="entry-content">
+ <!--#include virtual="faq.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">News</a>
+ : <a href="">Frequently Asked Questions</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/docs/fips.html b/docs/fips.html
new file mode 100644
index 0000000..61b4378
--- /dev/null
+++ b/docs/fips.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>FIPS-140</h2></header>
+ <div class="entry-content">
+
+ <p>The OpenSSL project has collaborated with the <a
+ href="http://oss-institute.org/"> Open Source Software Institute</a>
+ on the groundbreaking OpenSSL FIPS Object Module and other
+ validations. For a basic introduction and some general
+ background see <a
+ href="fipsnotes.html">Important Notes About OpenSSL and FIPS 140-2</a>.
+ For information about sponsorship and support, see
+ <a href="fipsvalidation.html">OpenSSL and FIPS 140-2</a>
+ </p>
+
+
+ <p>The most recent open source based validation of a cryptographic
+ module (Module) compatible with the OpenSSL libraries is v2.0.1,
+ FIPS 140-2 certificate <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
+ This Module is documented in the
+ <a href="UserGuide-2.0.pdf">2.0 User Guide</a>.
+ </p>
+
+ <p>Thanks to multiple platform sponsorships the 2.0 validation
+ includes the largest number of formally tested platforms for any
+ validated module.</p>
+
+ The <a href="http://www.openssl.org/source/openssl-fips-2.0.1.tar.gz">source code</a> and
+ <a href="fips/UserGuide-2.0.pdf">User Guide</a> are available.
+ Here is the complete set of files:</p>
+
+
+ <table>
+ <tr>
+ <td>KBytes </td>
+ <td>Date </td>
+ <td>File </td>
+ </tr>
+ <!--#include virtual="fips.inc" -->
+ </table>
+ <p> </p>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Docs</a>
+ : <a href="">FIPS-140</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/docs/fips/SecurityPolicy-1.1.1.pdf b/docs/fips/SecurityPolicy-1.1.1.pdf
new file mode 100644
index 0000000..e79ba44
Binary files /dev/null and b/docs/fips/SecurityPolicy-1.1.1.pdf differ
diff --git a/docs/fips/SecurityPolicy-1.1.2.pdf b/docs/fips/SecurityPolicy-1.1.2.pdf
new file mode 100644
index 0000000..4cab221
Binary files /dev/null and b/docs/fips/SecurityPolicy-1.1.2.pdf differ
diff --git a/docs/fips/SecurityPolicy-1.2.2.pdf b/docs/fips/SecurityPolicy-1.2.2.pdf
new file mode 100644
index 0000000..0cf6e9e
Binary files /dev/null and b/docs/fips/SecurityPolicy-1.2.2.pdf differ
diff --git a/docs/fips/SecurityPolicy-1.2.3.pdf b/docs/fips/SecurityPolicy-1.2.3.pdf
new file mode 100644
index 0000000..b4e8c71
Binary files /dev/null and b/docs/fips/SecurityPolicy-1.2.3.pdf differ
diff --git a/docs/fips/SecurityPolicy-1.2.4.pdf b/docs/fips/SecurityPolicy-1.2.4.pdf
new file mode 100644
index 0000000..2bb1ace
Binary files /dev/null and b/docs/fips/SecurityPolicy-1.2.4.pdf differ
diff --git a/docs/fips/SecurityPolicy-1.2.pdf b/docs/fips/SecurityPolicy-1.2.pdf
new file mode 100644
index 0000000..9ac0515
Binary files /dev/null and b/docs/fips/SecurityPolicy-1.2.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.1.pdf b/docs/fips/SecurityPolicy-2.0.1.pdf
new file mode 100644
index 0000000..e93e0e1
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.1.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.2.pdf b/docs/fips/SecurityPolicy-2.0.2.pdf
new file mode 100644
index 0000000..088b749
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.2.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.3.pdf b/docs/fips/SecurityPolicy-2.0.3.pdf
new file mode 100644
index 0000000..5e5fccc
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.3.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.4.pdf b/docs/fips/SecurityPolicy-2.0.4.pdf
new file mode 100644
index 0000000..1cca3ac
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.4.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.5.pdf b/docs/fips/SecurityPolicy-2.0.5.pdf
new file mode 100644
index 0000000..5b54047
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.5.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.6.pdf b/docs/fips/SecurityPolicy-2.0.6.pdf
new file mode 100644
index 0000000..78a5945
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.6.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.7.pdf b/docs/fips/SecurityPolicy-2.0.7.pdf
new file mode 100644
index 0000000..0f1a607
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.7.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.8.pdf b/docs/fips/SecurityPolicy-2.0.8.pdf
new file mode 100644
index 0000000..95da962
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.8.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.9.odt b/docs/fips/SecurityPolicy-2.0.9.odt
new file mode 100644
index 0000000..8c285b0
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.9.odt differ
diff --git a/docs/fips/SecurityPolicy-2.0.9.pdf b/docs/fips/SecurityPolicy-2.0.9.pdf
new file mode 100644
index 0000000..b4ff166
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.9.pdf differ
diff --git a/docs/fips/SecurityPolicy-2.0.pdf b/docs/fips/SecurityPolicy-2.0.pdf
new file mode 100644
index 0000000..b4ff166
Binary files /dev/null and b/docs/fips/SecurityPolicy-2.0.pdf differ
diff --git a/docs/fips/UserGuide-1.1.1.pdf b/docs/fips/UserGuide-1.1.1.pdf
new file mode 100644
index 0000000..edb94fa
Binary files /dev/null and b/docs/fips/UserGuide-1.1.1.pdf differ
diff --git a/docs/fips/UserGuide-1.2.pdf b/docs/fips/UserGuide-1.2.pdf
new file mode 100644
index 0000000..a0d0155
Binary files /dev/null and b/docs/fips/UserGuide-1.2.pdf differ
diff --git a/docs/fips/UserGuide-2.0.pdf b/docs/fips/UserGuide-2.0.pdf
new file mode 100644
index 0000000..6150d8d
Binary files /dev/null and b/docs/fips/UserGuide-2.0.pdf differ
diff --git a/docs/fips/UserGuide.pdf b/docs/fips/UserGuide.pdf
new file mode 100644
index 0000000..126ef28
Binary files /dev/null and b/docs/fips/UserGuide.pdf differ
diff --git a/docs/fips/fips-2.0-tv.tar.gz b/docs/fips/fips-2.0-tv.tar.gz
new file mode 100644
index 0000000..0c9a275
Binary files /dev/null and b/docs/fips/fips-2.0-tv.tar.gz differ
diff --git a/docs/fips/fipsnotes.wml b/docs/fips/fipsnotes.wml
deleted file mode 100644
index ef2b234..0000000
--- a/docs/fips/fipsnotes.wml
+++ /dev/null
@@ -1,115 +0,0 @@
-
-#use wml::openssl area=documents page=FIPS140
-
-<title>Important Notes about OpenSSL and FIPS 140-2</title>
-
-<h1>OpenSSL and FIPS 140-2</h1>
-
-Please please read the <a href="UserGuide.pdf">User Guide</a>. Nothing will make sense otherwise (it still may not afterwards, but at least you've a better chance).
-
-<h2>FIPS What? Where Do I Start?</h2>
-
-Ok, so your company needs FIPS validated cryptography to land that big sale, and your product currently uses OpenSSL.
-You haven't worked up the motivation to wade through the entire <a href="UserGuide.pdf">User Guide</a> and want the
-quick "executive summary". Here is a grossly oversimplified account:
-<p>
-<ul>
-
-<li>OpenSSL itself is not validated, and never will be. Instead a special carefully defined software component called the
-OpenSSL FIPS Object Module has been created. This Module was designed for compatibility with OpenSSL so that products using
-the OpenSSL API can be converted to use validated cryptography with minimal effort.
-<p>
-
-<li>The OpenSSL FIPS Object Module validation is unique among all FIPS 140-2 validations in that the product is "delivered"
-in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented
-instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis.
-<p>
-
-<li>If even the tiniest source code or build process changes are required for your intended application, you cannot use
-the open source based validated module directly. You must obtain your own validation. This situation is common; see "Private
-Label" validation, below.
-<p>
-
-<li>New FIPS 140-2 validations (of any type) are slow (6-12 months is typical), expensive
-(US$50,000 is probably typical for an uncomplicated validation), and unpredictable
-(completion dates are not only uncertain when first beginning a validation, but remain so
-during the process).
-
-</ul>
-Note that FIPS 140-2 validation is a complicated topic that the above summary does not adequately address. You have been warned!
-
-<a name="privatelabel">
-<h2>The "Private Label" Validation</h2>
-</a>
-
-We refer to validations based directly on the OpenSSL FIPS Object Module as
-"private label" validations. These are also sometimes referred to as "cookie cutter"
-validations. The usual reason for such separate validations is the need for small
-modifications which forces a complete new validation, but some vendors,
-for marketing or risk management reasons, have obtained private label validations for binaries
-produced from unmodified (or only cosmetically modified) source code.
-<p>
-The OSF would really prefer to work on open source based validations of benefit
-to the OpenSSL user community at large, but financial support for that objective
-is intermittent at best. On the other hand many vendors are interested in private label
-validations and the OSF will assist in such efforts on a paid basis. We've done enough
-of these to be very cost competitive, and for uncomplicated validations we typically work
-on a fixed price basis.
-
-<p>
-<font color="#cc3333">Update:</font> As of 2015 we are no longer performing
-<a href="privatelabel.html">private label</a> validations.
-We are still adding new
-platforms to the
- <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>
-or related validations.
-
-<h2>Current Validations</h2>
-
-The most recent open source based validation is the
-<a href="fipsvalidation.html">OpenSSL FIPS Object Module v2.0</a>,
-FIPS 140-2 certificate
- <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>. You will need the
- <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf">Security Policy</a> and
- <a href="../../source/openssl-fips-2.0.tar.gz">source</a> at a minimum. Note that for this validation a
-new <a href="http://openssl.com/fips/verify.html">"secure installation"</a> requirement has been imposed.
-And did we mention the <a href="UserGuide.pdf">User Guide</a>?
-<p>
-<a name="transition">
-<font color="#cc3333">Important Note:</font>
-</a>
-Due to changes in the FIPS 140-2 validation requirements the current v2.0 Module is
-no longer a suitable model for private label validations in its current form past the year 2014.
-<p>
-
-<h2>Upcoming Validations</h2>
-<p>
-No new validations are currently planned. The <a href="http://www.openssl.com/fips/ig95.html">I.G. 9.5</a>
-issue has effectively precluded consideration of new validations for much of 2013, but with the July 25 2013 update of the
-<a href="http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf">Implementation Guidance</a>
-(I.G.) document such validations appear to be feasible again. We will be happy to discuss our current understanding of
-the risks with interested sponsors.
-
-<h2>Technical Notes</h2>
-<h3>Performance at Startup</h3>
-We have had many complaints about poor performance of the Power-On Self Test (POST) on low
-powered computers, as with some embedded devices. In the worst cases the POST can take several minutes.
-Such devices were not included as test platforms at the time the code was originally written.
-<p>
-The current FIPS validated code performs a very comprehensive set of mandatory
-algorithm self tests when it enter FIPS mode covering many algorithm
-combinations. There is a DSA parameter generation self test which is
-especially CPU intensive.
-<p>
-As a result of the POST performance issue we revisited the KAT (Known Answer Test)
-requirements in the POST process that were burning up most of those
-cycle. In consultation with a CMVP test lab we determined that it should
-be possible to substantially reduce that performance penalty in a new
-validation. Unfortunately such a change can only be undertaken in the context
-of a new validation, and not as a change letter modification.
-<p>
-Another factor affecting performance is the use (or not) of platform specific
-optimizations. The x86/x64 Windows and Linux code makes use of assembly language
-optimizations for FIPS cryptographic algorithms. The C only version
-is much slower and so the POST is slower too.
-
diff --git a/docs/fips/fipsvalidation.wml b/docs/fips/fipsvalidation.wml
deleted file mode 100644
index b75ffb7..0000000
--- a/docs/fips/fipsvalidation.wml
+++ /dev/null
@@ -1,164 +0,0 @@
-
-#use wml::openssl area=documents page=FIPS140
-
-<title>OpenSSL and FIPS 140-2</title>
-
-<h1>OpenSSL and FIPS 140-2 Validation Status</h1>
-
-The most recent open source based validation of a cryptographic module (Module) compatible with the
-OpenSSL libraries is v2.0.1, FIPS 140-2 certificate
- <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
-This Module is documented in the <a href="UserGuide-2.0.pdf">2.0 User Guide</a>.
-It substantially updates and improves the earlier v1.2 module, FIPS 140-2 certificate
- <a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1051">#1051</a>, which
-is documented in the <a href="UserGuide-1.2.pdf">1.2 User Guide</a>.
-<p>
-<font color="#cc3333">Important Note:</font>
-Due to new requirements introduced in 2013 the current v2.0 Module is no longer suitable as a
-reference for private label validations; see the <a href="http://www.openssl.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
-Due to earlier changes in the FIPS 140-2 validation
-requirements the v1.2 Module is no longer be a suitable model for private label validations
-in its current form past the year 2010; see the NIST
- <a href="http://csrc.nist.gov/groups/STM/cmvp/notices.html">Notices</a>,
-<a href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf">discussion paper</a> and
-<a href="http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf">Draft 800-131</a>.
-<p>
-<h2>The 2.0 Validation</h2>
-On January 4, 2011 we began work on the new open source FIPS 140-2 Level 1 validation.
-This validation covers most of the objectives we have been wanting to achieve in a new validation,
-including:
-<ul>
-
-<li>Satisfying the new CMVP testing guidelines.
-<p>
-<li>One or more new PRNG implementations.
-<p>
-
-<li>Algorithm test programs for the AESGCM and ECDSA algorithms.
-<p>
-
-<li>RSA encryption.
-<p>
-
-<li>Upgrade DSA2 for key sizes greater then 1024.
-<p>
-
-<li>Any mandatory additional tests or algorithm modifications for the testing guidelines.
-<p>
-<li>An extensive re-design of the FIPS Module to eliminate OpenSSL revision dependencies. The new module
-will live in a completely separate purpose-built source distribution. In contrast to the current module,
-this new module will at least in principle be useful in some stand-alone contexts requiring only low
-level cryptographic primitives.
-
-</ul>
-In addition this validation also includes:
-<ul>
-
-<li>Suite B cryptography, and a "Suite B" mode of operation enforcement similar
-to that provided by the current "FIPS capable" OpenSSL.
-
-</ul>
-
-Thanks to multiple platform sponsorships the 2.0 validation includes the largest number
-of formally tested platforms for any validated module.
-
-<h2>Current Status</h2>
-The validation was awarded on June 27, 2012, certificate number
-<a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
-The <a href="http://www.openssl.org/source/openssl-fips-2.0.1.tar.gz">source code</a> and
-<a href="http://www.openssl.org/docs/fips/UserGuide-2.0.pdf">User Guide document</a> can be downloaded from the
-<a href="http://openssl.org/">OpenSSL web site</a>.
-
-On July 9, 2012 the first "change letter" update was approved, adding six additional platforms and a new
-revision number of 2.0.1. The revised source code can be used
-for all tested platforms, though the older 2.0
-<a href="http://www.openssl.org/source/openssl-fips-2.0.tar.gz">source distribution</a> remains valid for the platforms tested
-at that time.
-
-On October 24, 2012, the second "change letter" update was approved, adding two additional platforms and a new
-revision number of 2.0.2. The revised source code can be used
-for all tested platforms, though the older 2.0 and 2.0.1 revisions
-remain valid for the platforms tested at the time those revisions were approved.
-
-<a name="sponsors">
-<h2>Sponsors</h2>
-</a>
-The OpenSSL FIPS Object Module validations receive support from multiple sources for each
-validation effort; however only those sponsors who have elected to be recognised
-for their contribution to OpenSSL are listed below.
-<ul>
-
-<li><hr> <a href="http://www.darpa.mil/Our_Work/I2O/Programs/Transformative_Apps.aspx">
-Defense Advanced Research Projects Agency (DARPA) Transformative Apps Program</a>,
-original primary sponsor of the overall validation with several Android on ARMv7 platforms.
-
-<p>
-<p>
-
-<li><hr><a href="http://www.securenetterm.com/">Intersoft International, Inc.</a>,
-platform sponsor (VC++ Win32/x86 asm optimisation)
-<p>
-<p>
-
-<li><hr><a href="http://www.opengear.com/">Opengear, Inc.</a>, platform sponsor
-(uCLinux ARMv4 asm optimisation)
-<a href="http://www.opengear.com/">
-<img src="$(IMG)/opengear-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr><a href="http://www.quintessencelabs.com/">QuintessenceLabs Pty Ltd</a>, platform sponsor
-(Fedora 14 x86-64 asm optimisation)
-<a href="http://www.quintessencelabs.com/">
-<img src="$(IMG)/quintessence-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr><a href="http://www.pkware.com/">PKWARE, Inc.</a>, platform sponsor
-(HPUX 11i on Itanium 32, 64 bit with asm optimisation)
-<a href="http://www.pkware.com/">
-<img src="$(IMG)/pkware-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr>platform sponsor
-(Ubuntu Linux 32bit x86 with asm optimisation)
-
-<li><hr><a href="http://www.cerberusftp.com/">Cerberus, LLC</a>, general sponsor
-<a href="http://www.cerberusftp.com/">
-<img src="$(IMG)/cerberus-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr><a href="http://www.cyber.st.dhs.gov/host.html">DHS Science and Technology
-Directorate-sponsored Homeland Open Security Technology (HOST) program</a>, algorithm sponsor (CMAC, AES-CCM)
-<a href="http://www.cyber.st.dhs.gov/host.html">
-<img src="$(IMG)/DHS-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr><a href="http://www.innominate.com/">Innominate Security Technologies AG</a>, platform sponsor (Linux on Freescale MPC8313)
-<a href="http://www.innominate.com/">
-<img src="$(IMG)/innominate-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr><a href="http://www.psw.net/">PSW GROUP</a>, general sponsor
-<a href="http://www.psw.net/">
-<img src="$(IMG)/psw-logo-med.jpg" align=center border=0>
-</a>
-
-<li><hr><a href="http://www.citrix.com/">Citrix Systems, Inc.</a>, platform sponsor (multiple platforms)
-<a href="http://www.citrix.com/">
-<img src="$(IMG)/citrix-logo-med.jpg" align=center border=0>
-</a>
-
-<hr>
-</ul>
-<p>
-If you have an interest in sponsoring any changes or additions to this validation
-please contact <a href="http://openssl.com/fips">OpenSSL Validation Services</a>.
-<p>
-Some commercial software vendors ask us "what do we gain from sponsoring a validation
-that our competition can also use?". Our answer is "nothing, if you think in terms of
-obstructing your competition". If, on the other hand, you compete primarily on the
-merits of you products what others may do with the validation is less of a threat as
-they derive no more advantage from it than you do. Your advantage is that your sponsorship
-will probably cost less that the commercial software license you would otherwise have to buy,
-and you will retain backwards compatibility with the regular OpenSSL API while avoiding
-vendor lock-in.
-
diff --git a/docs/fips/incore.gz b/docs/fips/incore.gz
new file mode 100644
index 0000000..c6171f0
Binary files /dev/null and b/docs/fips/incore.gz differ
diff --git a/docs/fips/index.wml b/docs/fips/index.wml
deleted file mode 100644
index 0bb9a6a..0000000
--- a/docs/fips/index.wml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-#use wml::openssl area=documents page=FIPS140
-
-<title>FIPS140 Files</title>
-
-<h1>FIPS140 Files</h1>
-
-Here you can find a number of FIPS140 related files including the user
-guide and test vectors.
-The latest <a href="UserGuide.pdf">User Guide</a> is the best place to start. For a basic
-introduction and some general background see
-<a href="fipsnotes.html">Important Notes About OpenSSL and FIPS 140-2</a>, also note the
-<a href="fipsvalidation.html">summary and status</a> of the ongoing open source based OpenSSL FIPS Object Module validation.
-<p>
-<rfilelist "*.pdf *.tar.gz *.zip *.odt incore*">
-<p>
-Note FIPS module and FIPS validation support is included in some of the
-OpenSSL <a href="../../support/funding/contract.html">support plans</a>. Assistance
-with private label validation is also available on a
- <a href="../../support/consulting.html">consultancy</a> basis.
-<p>
-The OpenSSL project has collaborated with the <a href="http://oss-institute.org/">
-Open Source Software Institute</a> on the groundbreaking OpenSSL FIPS Object Module
-and other validations.
diff --git a/docs/fips/privatelabel.html b/docs/fips/privatelabel.html
new file mode 100644
index 0000000..00a9740
--- /dev/null
+++ b/docs/fips/privatelabel.html
@@ -0,0 +1,133 @@
+<!DOCTYPE html>
+<!-- THIS FILE IS OUTDATED. THE INFORMATION HERE IS IN THE FIPS.HTML
+ FILE. THIS FILE EXISTS SO OLD LINKS STILL WORK. -->
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>OpenSSL FIPS 140-2 Private Label Validations</h2></header>
+ <div class="entry-content">
+ <p> If you haven't already, please read our <a
+ href="/docs/fipsnotes.html">FIPS 140-2 Notes</a> page.</p>
+
+ <p><strong>IMPORTANT NOTE:</strong> The addition of multiple new
+ formal requirements since the #1747 validation was first approved
+ in 2012, and recent unfavorable experiences with increasingly
+ unpredictable outcomes from the validation process, have increased
+ to the point where private label validations are no longer
+ economically feasible for a small organization of limited means;
+ the risk doesn't justify the substantial investment of time and
+ money required to pursue new validations. As of 2015 we are no
+ longer performing any private label validations. The addition of
+ new platforms to the existing #1747 or <a
+ href="http://openssl.com/fips/ransom.html">comparable</a>
+ validations is still possible and those validation actions are still
+ being performed.</p>
+
+ <p>The rest of this page is of historical interest only.</p>
+
+ <h3>What It Is</h3>
+
+ <p>We have found that one of the most popular commercial services
+ offered by the OpenSSL team is the <a
+ href="/docs/fipsnotes.html#privatelabel">private label validation</a>.
+ It's not a business we ever planned to be in, but as the
+ originators of the source code based OpenSSL FIPS Object Module
+ validations, and with lots of practice, we've gotten pretty good
+ at it. The revenue we earn from these validations supports the
+ OpenSSL project, and for some validations also results in useful
+ additions to the OpenSSL baseline.</p>
+
+
+ <h3>What You Get</h3>
+
+ <p>For a total fixed price we will obtain a Level 1 FIPS 140-2
+ validation in your name using the OpenSSL FIPS Object Module v2.0
+ for two common platforms using unmodified source code. A common
+ platform is a computing device (hardware and operating system)
+ that is available and familiar to us and the test lab(s).
+ Examples of common platforms are:</p>
+ <ul>
+ <li>Microsoft Windows (32 bit) on x86 hardware</li>
+ <li>Microsoft Windows (64 bit) on x64 hardware</li>
+ <li>Linux on 32 bit x86 hardware</li>
+ <li>Linux (64 bit) on x64 hardware
+ <li>The Android operating system on some common smart phones
+ using ARM processors</li>
+ <li>HP-UX 11 on Itanium</li>
+ <li>Solaris on x64 hardware </li>
+ </ul>
+
+ <p>Additional common platforms can be added to your validation for
+ US$4000 (Linux/Unix/Android) or US$4500 (desktop/server Windows)
+ each.</p>
+
+ <p>We will handle all interaction with the accredited testing lab
+ and the <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/index.html">CMVP</a>.
+ You sign one contract with the OSF with half of the price due as a
+ down payment and the remainder due only when your certificate is <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm">posted</a>
+ by the CMVP.</p>
+
+ <p>Within two weeks of executing your contract with us, your
+ pending validation will also appear on the <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/inprocess.html">pre-val list</a>.
+ The presence of your product on this list is sufficient
+ to satisfy FIPS 140-2 requirements for some procurements.</p>
+
+ <h3>What Qualifies</h3>
+
+ <p>This turnkey validation package is applicable in the following
+ circumstances:</p>
+ <ul>
+ <li>You have already confirmed that the module generated from
+ the OpenSSL FIPS Object Module v2.0 source distribution,
+ possibly with modifications, works on your platform(s).</li>
+ <li>Your modifications to the OpenSSL source code, if any, are
+ not "cryptographically significant". Roughly speaking, that
+ means the modifications do not affect the actual cryptographic
+ algorithms. Modifications for portability, such as changing
+ <em>#include</em> statements or redefining macros, or changes to
+ the build process such as new compiler or linker options, are
+ generally acceptable.</li>
+ <li>Your application does not require cross-compilation (the
+ build system and the target platform can be the same system),
+ <em>or</em> your cross-compiled platform is one for which the
+ complete build process, including generation of the integrity
+ test digest, is already known and tested.</li>
+ <li>The actual platform, hardware and software, is either
+ already available to the OSF and the lab or is supplied by you.
+ We will need at least two complete sets of platform hardware and
+ software for customer provided equipment. This equipment can be
+ returned once the validation is awarded, though some customers
+ have preferred to leave that equipment with us for regression
+ testing of future revisions.</li?
+ <li>You have determined that the performance of the module is
+ satisfactory on your specific target platform. We continually
+ make performance enhancements to OpenSSL, only some of which can
+ readily be incorporated into routine private label
+ validations.</li>
+ </ul>
+ <p>Note that we can still help you if not all of these
+ circumstances apply, but we'll have to look at your specific
+ situation more closely. Note minor software modifications can
+ often be accommodated in a change letter modification.</p>
+
+ <hr>
+ <p>Interested? Contact
+ <a href="http://openssl.com/fips">OpenSSL Software Services</a>.
+ </p>
+
+ </div>
+ </article>
+ </div>
+ </div>
+ </div>
+ <!--#include virtual="/inc/footer.inc" -->
+ </body>
+ </html>
diff --git a/docs/fips/privatelabel.wml b/docs/fips/privatelabel.wml
deleted file mode 100644
index 19a4f6e..0000000
--- a/docs/fips/privatelabel.wml
+++ /dev/null
@@ -1,98 +0,0 @@
-
-#use wml::openssl area=documents page=FIPS140
-
-<title>OpenSSL FIPS 140-2 Private Label Validations</title>
-
-<h1>One Stop Package Deal for Private Label Validations</h1>
-
-If you haven't already, please read our <a href="fipsnotes.html">FIPS 140-2 Notes</a> page.
-
-<p>
-<font color="#cc3333">IMPORTANT NOTE: </font>The addition of
-multiple new formal requirements since the #1747 validation was first approved in 2012, and
-recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased
-to the point where private label validations are no longer economically feasible for a small
-organization of limited means; the risk doesn't justify the substantial investment of time and money required
-to pursue new validations. As of 2015 we are no longer performing any private label validations. The addition of
-new platforms to the existing #1747 or <a href="http://openssl.com/fips/ransom.html">comparable</a> validations
-is still possible and those validation actions are still being performed.
-<p>
-The rest of this page is of historical interest only.
-
-<h2>What It Is</h2>
-
-We have found that one of the most popular commercial services offered by the OpenSSL team
-is the <a href="fipsnotes.html#privatelabel">private label validation</a>. It's not a
-business we ever planned to be in, but as the originators of the source code based
-OpenSSL FIPS Object Module validations, and with lots of practice, we've gotten pretty good at it.
-The revenue we earn from these validations supports the OpenSSL project, and for some
-validations also results in useful additions to the OpenSSL baseline.
-<p>
-
-
-<h2>What You Get</h2>
-
-For the total fixed price of as little as US$[TBD] we will obtain a Level 1 FIPS 140-2 validation
-in your name using the OpenSSL FIPS Object Module v2.0 for two common platforms using unmodified
-source code. A common platform is a computing device (hardware and operating system)
-that is available and familiar to us and the test lab(s). Examples of common platforms are:
-<ul>
- <li> Microsoft Windows (32 bit) on x86 hardware
- <li> Microsoft Windows (64 bit) on x64 hardware
- <li> Linux on 32 bit x86 hardware
- <li> Linux (64 bit) on x64 hardware
- <li> The Android operating system on some common smart phones using ARM processors
- <li> HP-UX 11 on Itanium
- <li> Solaris on x64 hardware
-</ul>
-<p>
-Additional common platforms can be added to your validation for US$4000 (Linux/Unix/Android)
-or US$4500 (desktop/server Windows) each.
-<p>
-We will handle all interaction with the accredited testing lab and the
-<a href="http://csrc.nist.gov/groups/STM/cmvp/index.html">CMVP</a>. You sign one contract with the
-OSF with half of the price due as a down payment and the remainder due only when your certificate is
-<a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm">posted</a> by the CMVP.
-
-<p>
-Within two weeks of executing your contract with us, your pending validation will also appear on the
-<a href="http://csrc.nist.gov/groups/STM/cmvp/inprocess.html">pre-val list</a>. The presence of your product on
-this list is sufficient to satisfy FIPS 140-2 requirements for some procurements.
-
-<p>
-<h2>What Qualifies</h2>
-<p>
-This turnkey validation package is applicable in the following circumstances:
-<ul>
- <li>You have already confirmed that the module generated from the
-OpenSSL FIPS Object Module v2.0
-source distribution, possibly with modifications, works on your platform(s).
- <p>
- <li>Your modifications to the OpenSSL source code, if any, are not "cryptographically
- significant". Roughly speaking, that means the modifications do not affect the
- actual cryptographic algorithms. Modifications for portability, such
- as changing <em>#include</em> statements or redefining macros, or changes to the build process such
- as new compiler or linker options, are generally acceptable.
- <p>
- <li>Your application does not require cross-compilation (the build system and the
- target platform can be the same system), <em>or</em> your cross-compiled platform
- is one for which the complete build process, including generation of the
- integrity test digest, is already known and tested.
- <p>
- <li>The actual platform, hardware and software, is either already available to the OSF and the lab or is supplied by you.
- We will need at least two complete sets of platform hardware and software for customer provided equipment. This
- equipment can be returned once the validation is awarded, though some customers have preferred
- to leave that equipment with us for regression testing of future revisions.
- <p>
- <li>You have determined that the performance of the module is satisfactory on your
- specific target platform. We continually make performance enhancements to OpenSSL,
- only some of which can readily be incorporated into routine private label validations.
-</ul>
-<p>
-Note that we can still help you if not all of these circumstances apply, but we'll
-have to look at your specific situation more closely.
-Note minor software modifications can often be accommodated in a change letter modification.
-<p>
-<hr>
-
-Interested? Contact <a href="http://openssl.com/fips">OpenSSL Software Services</a>.
diff --git a/docs/fips/rsp.HP-UX.2005-07-01.tar.gz b/docs/fips/rsp.HP-UX.2005-07-01.tar.gz
new file mode 100644
index 0000000..8313592
Binary files /dev/null and b/docs/fips/rsp.HP-UX.2005-07-01.tar.gz differ
diff --git a/docs/fips/rsp.SuSE.2005-06-30.tar.gz b/docs/fips/rsp.SuSE.2005-06-30.tar.gz
new file mode 100644
index 0000000..f978047
Binary files /dev/null and b/docs/fips/rsp.SuSE.2005-06-30.tar.gz differ
diff --git a/docs/fips/rsp.SuSE.2005-07-01.tar.gz b/docs/fips/rsp.SuSE.2005-07-01.tar.gz
new file mode 100644
index 0000000..c5c1ba6
Binary files /dev/null and b/docs/fips/rsp.SuSE.2005-07-01.tar.gz differ
diff --git a/docs/fips/testvectors-XP-2007-10-09.zip b/docs/fips/testvectors-linux-2007-10-10.tar.gz
similarity index 52%
copy from docs/fips/testvectors-XP-2007-10-09.zip
copy to docs/fips/testvectors-linux-2007-10-10.tar.gz
index e87a4f9..e70c1c1 100644
Binary files a/docs/fips/testvectors-XP-2007-10-09.zip and b/docs/fips/testvectors-linux-2007-10-10.tar.gz differ
diff --git a/docs/fips/testvectors.HP-UX.tar.gz b/docs/fips/testvectors.HP-UX.tar.gz
new file mode 100644
index 0000000..5b23df6
Binary files /dev/null and b/docs/fips/testvectors.HP-UX.tar.gz differ
diff --git a/docs/fips/testvectors.SuSE.tar.gz b/docs/fips/testvectors.SuSE.tar.gz
new file mode 100644
index 0000000..fe27023
Binary files /dev/null and b/docs/fips/testvectors.SuSE.tar.gz differ
diff --git a/docs/fipsnotes.html b/docs/fipsnotes.html
new file mode 100644
index 0000000..56bcc55
--- /dev/null
+++ b/docs/fipsnotes.html
@@ -0,0 +1,133 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Important Notes about OpenSSL and FIPS 140</h2></header>
+ <div class="entry-content">
+ <p>Please please read the <a href="UserGuide.pdf">User Guide</a>.
+ Nothing will make sense otherwise (it still may not afterwards,
+ but at least you've a better chance).</p>
+
+ <p>No new validations are currently planned.</p>
+
+ <h3>FIPS What? Where Do I Start?</h3>
+
+ <p>Ok, so your company needs FIPS validated cryptography to land
+ that big sale, and your product currently uses OpenSSL. You
+ haven't worked up the motivation to wade through the entire <a
+ href="UserGuide.pdf">User Guide</a> and want the quick "executive
+ summary". Here is a grossly oversimplified account:</p>
+ <p>
+
+ <ul>
+
+ <li>OpenSSL itself is not validated, and never will be. Instead
+ a special carefully defined software component called the
+ OpenSSL FIPS Object Module has been created. This Module was
+ designed for compatibility with OpenSSL so that products using
+ the OpenSSL API can be converted to use validated cryptography
+ with minimal effort.</li>
+
+ <li>The OpenSSL FIPS Object Module validation is unique among
+ all FIPS 140-2 validations in that the product is "delivered" in
+ source code form, meaning that if you can use it exactly as is
+ and can build it (according to the very specific documented
+ instructions) for your platform, then you can use it as
+ validated cryptography on a "vendor affirmed" basis.</li>
+
+ <li>If even the tiniest source code or build process changes are
+ required for your intended application, you cannot use the open
+ source based validated module directly. You must obtain your
+ own validation. This situation is common; see "Private Label"
+ validation, below.</li>
+
+ <li>New FIPS 140-2 validations (of any type) are slow (6-12
+ months is typical), expensive (US$50,000 is probably typical for
+ an uncomplicated validation), and unpredictable (completion
+ dates are not only uncertain when first beginning a validation,
+ but remain so during the process).</li>
+
+ </ul>
+
+ <p>Note that FIPS 140-2 validation is a complicated topic that the
+ above summary does not adequately address. You have been
+ warned!</p>
+
+ <h2><a name="privatelable">The "Private Label" Validation</></h2>
+
+ <p>We refer to validations based directly on the OpenSSL FIPS
+ Object Module as "private label" validations. These are also
+ sometimes referred to as "cookie cutter" validations. The usual
+ reason for such separate validations is the need for small
+ modifications which forces a complete new validation, but some
+ vendors, for marketing or risk management reasons, have obtained
+ private label validations for binaries produced from unmodified
+ (or only cosmetically modified) source code.</p>
+
+ <p>The OSF would really prefer to work on open source based
+ validations of benefit to the OpenSSL user community at large, but
+ financial support for that objective is intermittent at best. On
+ the other hand many vendors are interested in private label
+ validations and the OSF will assist in such efforts on a paid
+ basis. We've done enough of these to be very cost competitive,
+ and for uncomplicated validations we typically work on a fixed
+ price basis.</p>
+
+ <p><strong>Update:</strong> As of 2015 we are no longer performing private label validations. We are still adding new platforms to the <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>
+ or related validations.</p>
+
+ <h3>Current Validations</h3>
+
+ <p> The most recent open source based validation is the FIPS 140-2
+ certificate <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
+ You will need the <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf">Security Policy</a>
+ and <a href="/source/openssl-fips-2.0.tar.gz">source</a>
+ at a minimum. And did we mention the
+ <a href="UserGuide.pdf">User Guide</a>?</p>
+
+ <h3>Performance at Startup</h3>
+
+ <p>We have had many complaints about poor performance of the
+ Power-On Self Test (POST) on low powered computers, as with some
+ embedded devices. In the worst cases the POST can take several
+ minutes. Such devices were not included as test platforms at the
+ time the code was originally written.</p>
+ <p>The current FIPS validated code performs a very comprehensive
+ set of mandatory algorithm self tests when it enter FIPS mode
+ covering many algorithm combinations. There is a DSA parameter
+ generation self test which is especially CPU intensive.</p>
+ <p>As a result of the POST performance issue we revisited the KAT
+ (Known Answer Test) requirements in the POST process that were
+ burning up most of those cycle. In consultation with a CMVP test
+ lab we determined that it should be possible to substantially
+ reduce that performance penalty in a new validation.
+ Unfortunately such a change can only be undertaken in the context
+ of a new validation, and not as a change letter modification.</p>
+ <p>Another factor affecting performance is the use (or not) of
+ platform specific optimizations. The x86/x64 Windows and Linux
+ code makes use of assembly language optimizations for FIPS
+ cryptographic algorithms. The C only version is much slower and so
+ the POST is slower too.</p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Docs</a>
+ : <a href="">Important Notes about OpenSSL and FIPS-140</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/docs/fipsvalidation.html b/docs/fipsvalidation.html
new file mode 100644
index 0000000..534c87b
--- /dev/null
+++ b/docs/fipsvalidation.html
@@ -0,0 +1,121 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>OpenSSL and FIPS 140-2</h2></header>
+
+ <div class="entry-content">
+ <p>The most recent open source based validation of a cryptographic
+ module (Module) compatible with the OpenSSL libraries is v2.0.1,
+ FIPS 140-2 certificate <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
+ This Module is documented in the
+ <a href="UserGuide-2.0.pdf">2.0 User Guide</a>. It substantially
+ updates and improves the earlier v1.2 module, FIPS 140-2
+ certificate
+ <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1051">#1051</a>,
+ which is documented in the
+ <a href="UserGuide-1.2.pdf">1.2 User Guide</a>.</p>
+
+ <p><strong>Important Note:</strong>
+ Due to new requirements introduced in 2013 the current v2.0 Module
+ is no longer suitable as a reference for private label
+ validations; see the <a
+ href="http://www.openssl.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
+ Due to earlier changes in the FIPS 140-2 validation requirements
+ the v1.2 Module is no longer be a suitable model for private label
+ validations in its current form past the year 2010; see the NIST <a
+ href="http://csrc.nist.gov/groups/STM/cmvp/notices.html">Notices</a>,
+ <a
+ href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf">discussion paper</a>
+ and <a
+ href="http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf">Draft 800-131</a>.</p>
+
+ <h3>Sponsors</h3>
+ <p>The OpenSSL FIPS Object Module validations receive support
+ from multiple sources for each validation effort; however only
+ those sponsors who have elected to be recognised for their
+ contribution to OpenSSL are listed below.</p>
+
+ <hr>
+ <a href="http://www.darpa.mil/Our_Work/I2O/Programs/Transformative_Apps.aspx">Defense Advanced Research Projects Agency (DARPA) Transformative Apps Program</a>,
+ original primary sponsor of the overall validation with several Android on ARMv7 platforms.
+
+ <hr>
+ <a href="http://www.securenetterm.com/">Intersoft International, Inc.</a>,
+ platform sponsor (VC++ Win32/x86 asm optimisation)
+
+ <hr>
+ <img src="/img/opengear-logo-med.jpg">
+ <a href="http://www.opengear.com/">Opengear, Inc.</a>, platform sponsor
+ (uCLinux ARMv4 asm optimisation)
+
+ <hr>
+ <img src="/img/quintessence-logo-med.jpg">
+ <a href="http://www.quintessencelabs.com/">QuintessenceLabs Pty Ltd</a>,
+ platform sponsor (Fedora 14 x86-64 asm optimisation)
+
+ <hr>
+ <img src="/img/pkware-logo-med.jpg">
+ <a href="http://www.pkware.com/">PKWARE, Inc.</a>, platform sponsor
+ (HPUX 11i on Itanium 32, 64 bit with asm optimisation)
+
+ <hr>
+ <img src="/img/cerberus-logo-med.jpg">
+ <a href="http://www.cerberusftp.com/">Cerberus, LLC</a>, general sponsor
+ <hr>
+ <img src="/img/DHS-logo-med.jpg">
+ <a href="http://www.cyber.st.dhs.gov/host.html">DHS Science and Technology Directorate-sponsored Homeland Open Security Technology (HOST) program</a>,
+ algorithm sponsor (CMAC, AES-CCM)
+
+ <hr>
+ <img src="/img/innominate-logo-med.jpg">
+ <a href="http://www.innominate.com/">Innominate Security Technologies AG</a>,
+ platform sponsor (Linux on Freescale MPC8313)
+
+ <hr>
+ <img src="/img/psw-logo-med.jpg">
+ <a href="http://www.psw.net/">PSW GROUP</a>,
+ general sponsor
+
+ <hr>
+ <img src="/img/citrix-logo-med.jpg">
+ <a href="http://www.citrix.com/">Citrix Systems, Inc.</a>,
+ platform sponsor (multiple platforms)
+
+ <hr>
+
+ <p>If you have an interest in sponsoring any changes or additions
+ to this validation please contact <a
+ href="http://openssl.com/fips">OpenSSL Validation Services</a>.</p>
+ <p>Some commercial software vendors ask us "what do we gain from
+ sponsoring a validation that our competition can also use?". Our
+ answer is "nothing, if you think in terms of obstructing your
+ competition". If, on the other hand, you compete primarily on the
+ merits of you products what others may do with the validation is
+ less of a threat as they derive no more advantage from it than you
+ do. Your advantage is that your sponsorship will probably cost
+ less that the commercial software license you would otherwise have
+ to buy, and you will retain backwards compatibility with the
+ regular OpenSSL API while avoiding vendor lock-in.</p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Documentation</a>
+ : <a href="">OpenSSL and FIPS 140-2</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/docs/index.html b/docs/index.html
new file mode 100644
index 0000000..72e3f1e
--- /dev/null
+++ b/docs/index.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Documentation<h2></header>
+ <div class="entry-content">
+ <p>We have an online copy of our
+ <a href="faq.html">FAQ</a>. It is
+ also part of the distribution.</p>
+ </p>
+ <p>Information about the first-ever open source
+ <a href="fips.html">FIPS-140 validation</a> is also
+ available.</p>
+
+ <p>Ivan Ristić, the creator of
+ <a href="https://ssllabs.com">https://ssllabs.com</a>,
+ has a free download of his <em>OpenSSL Cookbook</em>
+ that covers the most frequently used OpenSSL features
+ and commands. It is updated often, and is available
+ at
+ <a
+ href="https://www.feistyduck.com/books/openssl-cookbook/">https://www.feistyduck.com/books/openssl-cookbook/</a>.
+ It is highly recommended.
+ </p>
+
+ <p>Online versions of the manpages are not yet available,
+ but will be shortly.</p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Documentation</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/docs/index.wml b/docs/index.wml
deleted file mode 100644
index 3ad49e6..0000000
--- a/docs/index.wml
+++ /dev/null
@@ -1,54 +0,0 @@
-
-#use wml::openssl area=docs page=index
-
-<title>Documentation</title>
-
-<h1>OpenSSL Documents</h1>
-
-<p>
-Here are copies of the manpages from the latest snapshot, and other
-useful documentation. Since they are from the snapshot, they may describe
-features which are not present in other releases.
-
-<p>
-<ul>
-<li><a href="apps/openssl.html" target="_blank"><font id=sfl>openssl(1)</font></a><br>
- Manual page documenting the <b>openssl</b> command line tool,
- or the <a href="apps/">full command list</a>.
- (Opens in new page or tab.)
-<p>
-<li><a href="ssl/ssl.html" target="_blank"><font id=sfl>ssl(3)</font></a><br>
- Manual page documenting the OpenSSL <b>SSL/TLS</b> library,
- or the <a href="ssl/">full list of SSL API's</a>.
- (Opens in new page or tab.)
-<p>
-<li><a href="crypto/crypto.html" target="_blank"><font id=sfl>crypto(3)</font></a><br>
- Manual page documenting the OpenSSL <b>Crypto</b> library,
- or the <a href="crypto/">full list of crypto API's</a>.
- (Opens in new page or tab.)
-<p>
-<li><a href="HOWTO/"><font id=sfl>HOWTO</font></a><br>
- HOWTO documents to introduce concepts or explain them in a way that is not possible in the manuals.
-<p>
-<li><a href="http://wiki.openssl.org/"><font id=sfl>WIKI</font></a><br>
- A wiki providing information and guidance about openssl. Operated by the OpenSSL Software Foundation.
-<p>
-<li><a href="fips/"><font id=sfl>FIPS140</font></a>:<br>
- Data and documentation related to the FIPS140 validation support in OpenSSL
-<p>
-</ul>
-
-<p>
-Other standards and documentation:
-<ul>
- <item name="OpenSSL Cookbook"
- info="A free ebook that covers configuration and command-line usage; highly recommended. Updated in March, with more than 30 new pages."
- url="https://www.feistyduck.com/books/openssl-cookbook/">
- <item name="X.680 and X.690"
- info="The official ASN.1, BER and DER specifications."
- url="http://www.itu.int/ITU-T/studygroups/com10/languages/">
- <item name="ASN.1 Modules from X-series Recommendations"
- info="The ASN.1 definitions for X.509 and other standards."
- url="http://www.itu.int/ITU-T/asn1/database/itu-t/x/">
-</ul>
-
diff --git a/docs/sidebar.inc b/docs/sidebar.inc
new file mode 100644
index 0000000..13d62a7
--- /dev/null
+++ b/docs/sidebar.inc
@@ -0,0 +1,15 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">Documentation</a></h1>
+ <ul>
+ <li>
+ <a href="faq.html">FAQ</a>
+ </li>
+ <li>
+ <a href="fips.html">FIPS-140 Validation</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
diff --git a/images/page-corner-bl.gif b/images/page-corner-bl.gif
deleted file mode 100644
index 8ac02c7..0000000
Binary files a/images/page-corner-bl.gif and /dev/null differ
diff --git a/images/page-corner-br.gif b/images/page-corner-br.gif
deleted file mode 100644
index 33e830d..0000000
Binary files a/images/page-corner-br.gif and /dev/null differ
diff --git a/images/page-corner-tr.gif b/images/page-corner-tr.gif
deleted file mode 100644
index 6a63e13..0000000
Binary files a/images/page-corner-tr.gif and /dev/null differ
diff --git a/images/page-head-bl.jpg b/images/page-head-bl.jpg
deleted file mode 100644
index 2604f71..0000000
Binary files a/images/page-head-bl.jpg and /dev/null differ
diff --git a/images/page-head-bm.jpg b/images/page-head-bm.jpg
deleted file mode 100644
index 8b02a1b..0000000
Binary files a/images/page-head-bm.jpg and /dev/null differ
diff --git a/images/page-head-tl.jpg b/images/page-head-tl.jpg
deleted file mode 100644
index b603f89..0000000
Binary files a/images/page-head-tl.jpg and /dev/null differ
diff --git a/images/page-head-tm.jpg b/images/page-head-tm.jpg
deleted file mode 100644
index 73051b9..0000000
Binary files a/images/page-head-tm.jpg and /dev/null differ
diff --git a/images/page-navbar-ab-n.jpg b/images/page-navbar-ab-n.jpg
deleted file mode 100644
index 5c84066..0000000
Binary files a/images/page-navbar-ab-n.jpg and /dev/null differ
diff --git a/images/page-navbar-ab-s.jpg b/images/page-navbar-ab-s.jpg
deleted file mode 100644
index 7ccba47..0000000
Binary files a/images/page-navbar-ab-s.jpg and /dev/null differ
diff --git a/images/page-navbar-bot.jpg b/images/page-navbar-bot.jpg
deleted file mode 100644
index 1c00c62..0000000
Binary files a/images/page-navbar-bot.jpg and /dev/null differ
diff --git a/images/page-navbar-do-n.jpg b/images/page-navbar-do-n.jpg
deleted file mode 100644
index dc7e04c..0000000
Binary files a/images/page-navbar-do-n.jpg and /dev/null differ
diff --git a/images/page-navbar-do-s.jpg b/images/page-navbar-do-s.jpg
deleted file mode 100644
index 0bff78b..0000000
Binary files a/images/page-navbar-do-s.jpg and /dev/null differ
diff --git a/images/page-navbar-fq-n.jpg b/images/page-navbar-fq-n.jpg
deleted file mode 100755
index de3b582..0000000
Binary files a/images/page-navbar-fq-n.jpg and /dev/null differ
diff --git a/images/page-navbar-fq-s.jpg b/images/page-navbar-fq-s.jpg
deleted file mode 100755
index 8fa2409..0000000
Binary files a/images/page-navbar-fq-s.jpg and /dev/null differ
diff --git a/images/page-navbar-ne-n.jpg b/images/page-navbar-ne-n.jpg
deleted file mode 100644
index 828731b..0000000
Binary files a/images/page-navbar-ne-n.jpg and /dev/null differ
diff --git a/images/page-navbar-ne-s.jpg b/images/page-navbar-ne-s.jpg
deleted file mode 100644
index 0025056..0000000
Binary files a/images/page-navbar-ne-s.jpg and /dev/null differ
diff --git a/images/page-navbar-re-n.jpg b/images/page-navbar-re-n.jpg
deleted file mode 100644
index f915322..0000000
Binary files a/images/page-navbar-re-n.jpg and /dev/null differ
diff --git a/images/page-navbar-re-s.jpg b/images/page-navbar-re-s.jpg
deleted file mode 100644
index 65bd3fb..0000000
Binary files a/images/page-navbar-re-s.jpg and /dev/null differ
diff --git a/images/page-navbar-se-n.jpg b/images/page-navbar-se-n.jpg
deleted file mode 100644
index 96cc9b2..0000000
Binary files a/images/page-navbar-se-n.jpg and /dev/null differ
diff --git a/images/page-navbar-se-s.jpg b/images/page-navbar-se-s.jpg
deleted file mode 100644
index 3db5d5f..0000000
Binary files a/images/page-navbar-se-s.jpg and /dev/null differ
diff --git a/images/page-navbar-so-n.jpg b/images/page-navbar-so-n.jpg
deleted file mode 100644
index 40f070b..0000000
Binary files a/images/page-navbar-so-n.jpg and /dev/null differ
diff --git a/images/page-navbar-so-s.jpg b/images/page-navbar-so-s.jpg
deleted file mode 100644
index 35af201..0000000
Binary files a/images/page-navbar-so-s.jpg and /dev/null differ
diff --git a/images/page-navbar-su-n.jpg b/images/page-navbar-su-n.jpg
deleted file mode 100644
index 6b165ec..0000000
Binary files a/images/page-navbar-su-n.jpg and /dev/null differ
diff --git a/images/page-navbar-su-s.jpg b/images/page-navbar-su-s.jpg
deleted file mode 100644
index 037b9ea..0000000
Binary files a/images/page-navbar-su-s.jpg and /dev/null differ
diff --git a/images/page-navbar-ti-n.jpg b/images/page-navbar-ti-n.jpg
deleted file mode 100644
index 765d8f1..0000000
Binary files a/images/page-navbar-ti-n.jpg and /dev/null differ
diff --git a/images/page-navbar-ti-s.jpg b/images/page-navbar-ti-s.jpg
deleted file mode 100644
index 4bc05e8..0000000
Binary files a/images/page-navbar-ti-s.jpg and /dev/null differ
diff --git a/images/page-navbar-top.jpg b/images/page-navbar-top.jpg
deleted file mode 100644
index 3703213..0000000
Binary files a/images/page-navbar-top.jpg and /dev/null differ
diff --git a/images/DHS-logo-med.jpg b/img/DHS-logo-med.jpg
similarity index 100%
rename from images/DHS-logo-med.jpg
rename to img/DHS-logo-med.jpg
diff --git a/images/acano-logo.jpg b/img/acano-logo.jpg
similarity index 100%
rename from images/acano-logo.jpg
rename to img/acano-logo.jpg
diff --git a/images/akamai-logo-med.png b/img/akamai-logo-med.png
similarity index 100%
rename from images/akamai-logo-med.png
rename to img/akamai-logo-med.png
diff --git a/images/cerberus-logo-med.jpg b/img/cerberus-logo-med.jpg
similarity index 100%
rename from images/cerberus-logo-med.jpg
rename to img/cerberus-logo-med.jpg
diff --git a/images/cii-logo-med.png b/img/cii-logo-med.png
similarity index 100%
rename from images/cii-logo-med.png
rename to img/cii-logo-med.png
diff --git a/images/citrix-logo-med.jpg b/img/citrix-logo-med.jpg
similarity index 100%
rename from images/citrix-logo-med.jpg
rename to img/citrix-logo-med.jpg
diff --git a/images/globalsign-logo-med.jpg b/img/globalsign-logo-med.jpg
similarity index 100%
rename from images/globalsign-logo-med.jpg
rename to img/globalsign-logo-med.jpg
diff --git a/images/huawei-logo-med.jpg b/img/huawei-logo-med.jpg
similarity index 100%
rename from images/huawei-logo-med.jpg
rename to img/huawei-logo-med.jpg
diff --git a/images/innominate-logo-med.jpg b/img/innominate-logo-med.jpg
similarity index 100%
rename from images/innominate-logo-med.jpg
rename to img/innominate-logo-med.jpg
diff --git a/images/lf-logo-med.png b/img/lf-logo-med.png
similarity index 100%
rename from images/lf-logo-med.png
rename to img/lf-logo-med.png
diff --git a/images/milton-logo-med.jpg b/img/milton-logo-med.jpg
similarity index 100%
rename from images/milton-logo-med.jpg
rename to img/milton-logo-med.jpg
diff --git a/images/nokia-logo-med.jpg b/img/nokia-logo-med.jpg
similarity index 100%
rename from images/nokia-logo-med.jpg
rename to img/nokia-logo-med.jpg
diff --git a/images/opengear-logo-med.jpg b/img/opengear-logo-med.jpg
similarity index 100%
rename from images/opengear-logo-med.jpg
rename to img/opengear-logo-med.jpg
diff --git a/images/oracle-logo-med.jpg b/img/oracle-logo-med.jpg
similarity index 100%
rename from images/oracle-logo-med.jpg
rename to img/oracle-logo-med.jpg
diff --git a/images/pkware-logo-med.jpg b/img/pkware-logo-med.jpg
similarity index 100%
rename from images/pkware-logo-med.jpg
rename to img/pkware-logo-med.jpg
diff --git a/images/psw-logo-med.jpg b/img/psw-logo-med.jpg
similarity index 100%
rename from images/psw-logo-med.jpg
rename to img/psw-logo-med.jpg
diff --git a/images/psw-logo.gif b/img/psw-logo.gif
similarity index 100%
rename from images/psw-logo.gif
rename to img/psw-logo.gif
diff --git a/images/qualsys-logo-med.jpg b/img/qualsys-logo-med.jpg
similarity index 100%
rename from images/qualsys-logo-med.jpg
rename to img/qualsys-logo-med.jpg
diff --git a/images/quintessence-logo-med.jpg b/img/quintessence-logo-med.jpg
similarity index 100%
rename from images/quintessence-logo-med.jpg
rename to img/quintessence-logo-med.jpg
diff --git a/images/smartisan-logo-med.png b/img/smartisan-logo-med.png
similarity index 100%
rename from images/smartisan-logo-med.png
rename to img/smartisan-logo-med.png
diff --git a/support/UnionPay.jpg b/img/unionpay.jpg
similarity index 100%
rename from support/UnionPay.jpg
rename to img/unionpay.jpg
diff --git a/img/up.gif b/img/up.gif
new file mode 100644
index 0000000..a169e3c
Binary files /dev/null and b/img/up.gif differ
diff --git a/inc/README b/inc/README
new file mode 100644
index 0000000..09edd38
--- /dev/null
+++ b/inc/README
@@ -0,0 +1 @@
+Directory for files that are used in multiple places.
diff --git a/inc/banner.inc b/inc/banner.inc
new file mode 100644
index 0000000..e9ce3a0
--- /dev/null
+++ b/inc/banner.inc
@@ -0,0 +1,33 @@
+<!-- banner.inc -->
+<header role="banner">
+ <hgroup>
+ <h1>
+ <a href="/">
+ <span id="header-open-text">Open</span><span id="header-ssl-text">SSL</span>
+ </a>
+ </h1>
+ <h2>
+ Cryptography and SSL/TLS Toolkit
+ </h2>
+ </hgroup>
+</header>
+
+<nav role="navigation">
+ <form action="https://www.google.com/search" method="get">
+ <fieldset role="search">
+ <input type="hidden" name="sitesearch" value="www.openssl.org" />
+ <input class="search" type="text" name="q" results="0" placeholder="Search"/>
+ </fieldset>
+ </form>
+
+ <ul class="main-navigation">
+ <li><a href="/" title="Home page">Home</a></li>
+ <li><a href="/source" title="Source code">Downloads</a></li>
+ <li><a href="/docs" title="FAQ, FIPS, manpages, ...">Docs</a></li>
+ <li><a href="/news" title="Latest information">News</a></li>
+ <li><a href="/policies" title="How we operate">Policies</a></li>
+ <li><a href="/community" title="Blog, bugs, email, ...">Community</a></li>
+ <li><a href="/support" title="Commercial support and contracting">Support</a></li>
+ </ul>
+ </nav>
+<!-- end -->
diff --git a/inc/footer.inc b/inc/footer.inc
new file mode 100644
index 0000000..e09888e
--- /dev/null
+++ b/inc/footer.inc
@@ -0,0 +1,7 @@
+<!-- footer.inc -->
+<footer role="contentinfo">
+ <p>
+ Copyright © 2015, OpenSSL Software Foundation.
+ </p>
+</footer>
+<!-- end -->
diff --git a/inc/head.inc b/inc/head.inc
new file mode 100644
index 0000000..9367a7f
--- /dev/null
+++ b/inc/head.inc
@@ -0,0 +1,25 @@
+<!-- head.inc -->
+ <title>OpenSSL</title>
+ <meta charset="utf-8">
+ <meta name="author" content="OpenSSL Foundation, Inc.">
+ <meta name="HandheldFriendly" content="True">
+ <meta name="MobileOptimized" content="320">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+
+ <link rel="canonical" href="https://www.openssl.org/">
+ <link href="favicon.png" rel="icon">
+ <link href="/inc/screen.css" media="screen, projection" rel="stylesheet" type="text/css">
+
+ <script src="/inc/modernizr-2.0.js"></script>
+ <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
+ <script>!window.jQuery && document.write(unescape('%3Cscript src="./inc/libs/jquery.min.js"%3E%3C/script%3E'))</script>
+ <script src="/inc/octopress.js" type="text/javascript"></script>
+
+ <link href="//fonts.googleapis.com/css?family=PT+Serif:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">
+ <link href="//fonts.googleapis.com/css?family=PT+Sans:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">
+
+ <!--[if lt IE 9]>
+ <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+ <![endif]-->
+<!-- end -->
diff --git a/inc/legalities.inc b/inc/legalities.inc
new file mode 100644
index 0000000..2a2a3c8
--- /dev/null
+++ b/inc/legalities.inc
@@ -0,0 +1,21 @@
+<h3>Legalities</h3>
+<p>
+Please remember that export/import and/or use of strong
+cryptography software, providing cryptography hooks, or even just
+communicating technical details about cryptography software is
+illegal in some parts of the world. So when you import this
+package to your country, re-distribute it from there or even
+just email technical suggestions or even source patches to the
+authors or other people you are strongly advised to pay close
+attention to any laws or regulations which apply to
+you. The authors of openssl are not liable for any violations
+you make here. So be careful, it is your responsibility.
+</p>
+
+<h3>Acknowledgement</h3>
+<p>
+This product includes cryptographic software written by Eric
+Young. This product includes software written by Tim Hudson
+(tjh at cryptsoft.com).
+</p>
+
diff --git a/inc/libs/jquery.min.js b/inc/libs/jquery.min.js
new file mode 100644
index 0000000..32d50cb
--- /dev/null
+++ b/inc/libs/jquery.min.js
@@ -0,0 +1,5 @@
+/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license
+//@ sourceMappingURL=jquery.min.map
+*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H))};b.fn=b.prototype={jquery:p,constructor:b,init:function(e,n,r){var i,a;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:N.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof b?n[0]:n,b.merge(this,b.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:o,!0)),C.test(i[1])&&b.isPlainObject(n))for(i in n)b.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(a=o.getElementById(i[2]),a&&a.parentNode){if(a.id!==i[2])return r.find(e);this.length=1,this[0]=a}return this.context=o,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):b.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),b.makeArray(e,this))},selector:"",length:0,size:function(){return this.length},toArray:function(){return h.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=b.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return b.each(this,e,t)},ready:function(e){return b.ready.promise().done(e),this},slice:function(){return this.pushStack(h.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(b.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:d,sort:[].sort,splice:[].splice},b.fn.init.prototype=b.fn,b.extend=b.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},u=1,l=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},u=2),"object"==typeof s||b.isFunction(s)||(s={}),l===u&&(s=this,--u);l>u;u++)if(null!=(o=arguments[u]))for(i in o)e=s[i],r=o[i],s!==r&&(c&&r&&(b.isPlainObject(r)||(n=b.isArray(r)))?(n?(n=!1,a=e&&b.isArray(e)?e:[]):a=e&&b.isPlainObject(e)?e:{},s[i]=b.extend(c,a,r)):r!==t&&(s[i]=r));return s},b.extend({noConflict:function(t){return e.$===b&&(e.$=u),t&&e.jQuery===b&&(e.jQuery=s),b},isReady:!1,readyWait:1,holdReady:function(e){e?b.readyWait++:b.ready(!0)},ready:function(e){if(e===!0?!--b.readyWait:!b.isReady){if(!o.body)return setTimeout(b.ready);b.isReady=!0,e!==!0&&--b.readyWait>0||(n.resolveWith(o,[b]),b.fn.trigger&&b(o).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===b.type(e)},isArray:Array.isArray||function(e){return"array"===b.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[m.call(e)]||"object":typeof e},isPlainObject:function(e){if(!e||"object"!==b.type(e)||e.nodeType||b.isWindow(e))return!1;try{if(e.constructor&&!y.call(e,"constructor")&&!y.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return!1}var r;for(r in e);return r===t||y.call(e,r)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw Error(e)},parseHTML:function(e,t,n){if(!e||"string"!=typeof e)return null;"boolean"==typeof t&&(n=t,t=!1),t=t||o;var r=C.exec(e),i=!n&&[];return r?[t.createElement(r[1])]:(r=b.buildFragment([e],t,i),i&&b(i).remove(),b.merge([],r.childNodes))},parseJSON:function(n){return e.JSON&&e.JSON.parse?e.JSON.parse(n):null===n?n:"string"==typeof n&&(n=b.trim(n),n&&k.test(n.replace(S,"@").replace(A,"]").replace(E,"")))?Function("return "+n)():(b.error("Invalid JSON: "+n),t)},parseXML:function(n){var r,i;if(!n||"string"!=typeof n)return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(o){r=t}return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||b.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&b.trim(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(j,"ms-").replace(D,L)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,t,n){var r,i=0,o=e.length,a=M(e);if(n){if(a){for(;o>i;i++)if(r=t.apply(e[i],n),r===!1)break}else for(i in e)if(r=t.apply(e[i],n),r===!1)break}else if(a){for(;o>i;i++)if(r=t.call(e[i],i,e[i]),r===!1)break}else for(i in e)if(r=t.call(e[i],i,e[i]),r===!1)break;return e},trim:v&&!v.call("\ufeff\u00a0")?function(e){return null==e?"":v.call(e)}:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(M(Object(e))?b.merge(n,"string"==typeof e?[e]:e):d.call(n,e)),n},inArray:function(e,t,n){var r;if(t){if(g)return g.call(t,e,n);for(r=t.length,n=n?0>n?Math.max(0,r+n):n:0;r>n;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,o=0;if("number"==typeof r)for(;r>o;o++)e[i++]=n[o];else while(n[o]!==t)e[i++]=n[o++];return e.length=i,e},grep:function(e,t,n){var r,i=[],o=0,a=e.length;for(n=!!n;a>o;o++)r=!!t(e[o],o),n!==r&&i.push(e[o]);return i},map:function(e,t,n){var r,i=0,o=e.length,a=M(e),s=[];if(a)for(;o>i;i++)r=t(e[i],i,n),null!=r&&(s[s.length]=r);else for(i in e)r=t(e[i],i,n),null!=r&&(s[s.length]=r);return f.apply([],s)},guid:1,proxy:function(e,n){var r,i,o;return"string"==typeof n&&(o=e[n],n=e,e=o),b.isFunction(e)?(r=h.call(arguments,2),i=function(){return e.apply(n||this,r.concat(h.call(arguments)))},i.guid=e.guid=e.guid||b.guid++,i):t},access:function(e,n,r,i,o,a,s){var u=0,l=e.length,c=null==r;if("object"===b.type(r)){o=!0;for(u in r)b.access(e,n,u,r[u],!0,a,s)}else if(i!==t&&(o=!0,b.isFunction(i)||(s=!0),c&&(s?(n.call(e,i),n=null):(c=n,n=function(e,t,n){return c.call(b(e),n)})),n))for(;l>u;u++)n(e[u],r,s?i:i.call(e[u],u,n(e[u],r)));return o?e:c?n.call(e):l?n(e[0],r):a},now:function(){return(new Date).getTime()}}),b.ready.promise=function(t){if(!n)if(n=b.Deferred(),"complete"===o.readyState)setTimeout(b.ready);else if(o.addEventListener)o.addEventListener("DOMContentLoaded",H,!1),e.addEventListener("load",H,!1);else{o.attachEvent("onreadystatechange",H),e.attachEvent("onload",H);var r=!1;try{r=null==e.frameElement&&o.documentElement}catch(i){}r&&r.doScroll&&function a(){if(!b.isReady){try{r.doScroll("left")}catch(e){return setTimeout(a,50)}q(),b.ready()}}()}return n.promise(t)},b.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function M(e){var t=e.length,n=b.type(e);return b.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}r=b(o);var _={};function F(e){var t=_[e]={};return b.each(e.match(w)||[],function(e,n){t[n]=!0}),t}b.Callbacks=function(e){e="string"==typeof e?_[e]||F(e):b.extend({},e);var n,r,i,o,a,s,u=[],l=!e.once&&[],c=function(t){for(r=e.memory&&t,i=!0,a=s||0,s=0,o=u.length,n=!0;u&&o>a;a++)if(u[a].apply(t[0],t[1])===!1&&e.stopOnFalse){r=!1;break}n=!1,u&&(l?l.length&&c(l.shift()):r?u=[]:p.disable())},p={add:function(){if(u){var t=u.length;(function i(t){b.each(t,function(t,n){var r=b.type(n);"function"===r?e.unique&&p.has(n)||u.push(n):n&&n.length&&"string"!==r&&i(n)})})(arguments),n?o=u.length:r&&(s=t,c(r))}return this},remove:function(){return u&&b.each(arguments,function(e,t){var r;while((r=b.inArray(t,u,r))>-1)u.splice(r,1),n&&(o>=r&&o--,a>=r&&a--)}),this},has:function(e){return e?b.inArray(e,u)>-1:!(!u||!u.length)},empty:function(){return u=[],this},disable:function(){return u=l=r=t,this},disabled:function(){return!u},lock:function(){return l=t,r||p.disable(),this},locked:function(){return!l},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],!u||i&&!l||(n?l.push(t):c(t)),this},fire:function(){return p.fireWith(this,arguments),this},fired:function(){return!!i}};return p},b.extend({Deferred:function(e){var t=[["resolve","done",b.Callbacks("once memory"),"resolved"],["reject","fail",b.Callbacks("once memory"),"rejected"],["notify","progress",b.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return b.Deferred(function(n){b.each(t,function(t,o){var a=o[0],s=b.isFunction(e[t])&&e[t];i[o[1]](function(){var e=s&&s.apply(this,arguments);e&&b.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[a+"With"](this===r?n.promise():this,s?[e]:arguments)})}),e=null}).promise()},promise:function(e){return null!=e?b.extend(e,r):r}},i={};return r.pipe=r.then,b.each(t,function(e,o){var a=o[2],s=o[3];r[o[1]]=a.add,s&&a.add(function(){n=s},t[1^e][2].disable,t[2][2].lock),i[o[0]]=function(){return i[o[0]+"With"](this===i?r:this,arguments),this},i[o[0]+"With"]=a.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=h.call(arguments),r=n.length,i=1!==r||e&&b.isFunction(e.promise)?r:0,o=1===i?e:b.Deferred(),a=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?h.call(arguments):r,n===s?o.notifyWith(t,n):--i||o.resolveWith(t,n)}},s,u,l;if(r>1)for(s=Array(r),u=Array(r),l=Array(r);r>t;t++)n[t]&&b.isFunction(n[t].promise)?n[t].promise().done(a(t,l,n)).fail(o.reject).progress(a(t,u,s)):--i;return i||o.resolveWith(l,n),o.promise()}}),b.support=function(){var t,n,r,a,s,u,l,c,p,f,d=o.createElement("div");if(d.setAttribute("className","t"),d.innerHTML=" <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",n=d.getElementsByTagName("*"),r=d.getElementsByTagName("a")[0],!n||!r||!n.length)return{};s=o.createElement("select"),l=s.appendChild(o.createElement("option")),a=d.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t={getSetAttribute:"t"!==d.className,leadingWhitespace:3===d.firstChild.nodeType,tbody:!d.getElementsByTagName("tbody").length,htmlSerialize:!!d.getElementsByTagName("link").length,style:/top/.test(r.getAttribute("style")),hrefNormalized:"/a"===r.getAttribute("href"),opacity:/^0.5/.test(r.style.opacity),cssFloat:!!r.style.cssFloat,checkOn:!!a.value,optSelected:l.selected,enctype:!!o.createElement("form").enctype,html5Clone:"<:nav></:nav>"!==o.createElement("nav").cloneNode(!0).outerHTML,boxModel:"CSS1Compat"===o.compatMode,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},a.checked=!0,t.noCloneChecked=a.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!l.disabled;try{delete d.test}catch(h){t.deleteExpando=!1}a=o.createElement("input"),a.setAttribute("value",""),t.input=""===a.getAttribute("value"),a.value="t",a.setAttribute("type","radio"),t.radioValue="t"===a.value,a.setAttribute("checked","t"),a.setAttribute("name","t"),u=o.createDocumentFragment(),u.appendChild(a),t.appendChecked=a.checked,t.checkClone=u.cloneNode(!0).cloneNode(!0).lastChild.checked,d.attachEvent&&(d.attachEvent("onclick",function(){t.noCloneEvent=!1}),d.cloneNode(!0).click());for(f in{submit:!0,change:!0,focusin:!0})d.setAttribute(c="on"+f,"t"),t[f+"Bubbles"]=c in e||d.attributes[c].expando===!1;return d.style.backgroundClip="content-box",d.cloneNode(!0).style.backgroundClip="",t.clearCloneStyle="content-box"===d.style.backgroundClip,b(function(){var n,r,a,s="padding:0;margin:0;border:0;display:block;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;",u=o.getElementsByTagName("body")[0];u&&(n=o.createElement("div"),n.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",u.appendChild(n).appendChild(d),d.innerHTML="<table><tr><td></td><td>t</td></tr></table>",a=d.getElementsByTagName("td"),a[0].style.cssText="padding:0;margin:0;border:0;display:none",p=0===a[0].offsetHeight,a[0].style.display="",a[1].style.display="none",t.reliableHiddenOffsets=p&&0===a[0].offsetHeight,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",t.boxSizing=4===d.offsetWidth,t.doesNotIncludeMarginInBodyOffset=1!==u.offsetTop,e.getComputedStyle&&(t.pixelPosition="1%"!==(e.getComputedStyle(d,null)||{}).top,t.boxSizingReliable="4px"===(e.getComputedStyle(d,null)||{width:"4px"}).width,r=d.appendChild(o.createElement("div")),r.style.cssText=d.style.cssText=s,r.style.marginRight=r.style.width="0",d.style.width="1px",t.reliableMarginRight=!parseFloat((e.getComputedStyle(r,null)||{}).marginRight)),typeof d.style.zoom!==i&&(d.innerHTML="",d.style.cssText=s+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=3===d.offsetWidth,d.style.display="block",d.innerHTML="<div></div>",d.firstChild.style.width="5px",t.shrinkWrapBlocks=3!==d.offsetWidth,t.inlineBlockNeedsLayout&&(u.style.zoom=1)),u.removeChild(n),n=d=a=r=null)}),n=s=u=l=r=a=null,t}();var O=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,B=/([A-Z])/g;function P(e,n,r,i){if(b.acceptData(e)){var o,a,s=b.expando,u="string"==typeof n,l=e.nodeType,p=l?b.cache:e,f=l?e[s]:e[s]&&s;if(f&&p[f]&&(i||p[f].data)||!u||r!==t)return f||(l?e[s]=f=c.pop()||b.guid++:f=s),p[f]||(p[f]={},l||(p[f].toJSON=b.noop)),("object"==typeof n||"function"==typeof n)&&(i?p[f]=b.extend(p[f],n):p[f].data=b.extend(p[f].data,n)),o=p[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[b.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[b.camelCase(n)])):a=o,a}}function R(e,t,n){if(b.acceptData(e)){var r,i,o,a=e.nodeType,s=a?b.cache:e,u=a?e[b.expando]:b.expando;if(s[u]){if(t&&(o=n?s[u]:s[u].data)){b.isArray(t)?t=t.concat(b.map(t,b.camelCase)):t in o?t=[t]:(t=b.camelCase(t),t=t in o?[t]:t.split(" "));for(r=0,i=t.length;i>r;r++)delete o[t[r]];if(!(n?$:b.isEmptyObject)(o))return}(n||(delete s[u].data,$(s[u])))&&(a?b.cleanData([e],!0):b.support.deleteExpando||s!=s.window?delete s[u]:s[u]=null)}}}b.extend({cache:{},expando:"jQuery"+(p+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(e){return e=e.nodeType?b.cache[e[b.expando]]:e[b.expando],!!e&&!$(e)},data:function(e,t,n){return P(e,t,n)},removeData:function(e,t){return R(e,t)},_data:function(e,t,n){return P(e,t,n,!0)},_removeData:function(e,t){return R(e,t,!0)},acceptData:function(e){if(e.nodeType&&1!==e.nodeType&&9!==e.nodeType)return!1;var t=e.nodeName&&b.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),b.fn.extend({data:function(e,n){var r,i,o=this[0],a=0,s=null;if(e===t){if(this.length&&(s=b.data(o),1===o.nodeType&&!b._data(o,"parsedAttrs"))){for(r=o.attributes;r.length>a;a++)i=r[a].name,i.indexOf("data-")||(i=b.camelCase(i.slice(5)),W(o,i,s[i]));b._data(o,"parsedAttrs",!0)}return s}return"object"==typeof e?this.each(function(){b.data(this,e)}):b.access(this,function(n){return n===t?o?W(o,e,b.data(o,e)):null:(this.each(function(){b.data(this,e,n)}),t)},null,n,arguments.length>1,null,!0)},removeData:function(e){return this.each(function(){b.removeData(this,e)})}});function W(e,n,r){if(r===t&&1===e.nodeType){var i="data-"+n.replace(B,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===r?!1:"null"===r?null:+r+""===r?+r:O.test(r)?b.parseJSON(r):r}catch(o){}b.data(e,n,r)}else r=t}return r}function $(e){var t;for(t in e)if(("data"!==t||!b.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}b.extend({queue:function(e,n,r){var i;return e?(n=(n||"fx")+"queue",i=b._data(e,n),r&&(!i||b.isArray(r)?i=b._data(e,n,b.makeArray(r)):i.push(r)),i||[]):t},dequeue:function(e,t){t=t||"fx";var n=b.queue(e,t),r=n.length,i=n.shift(),o=b._queueHooks(e,t),a=function(){b.dequeue(e,t)};"inprogress"===i&&(i=n.shift(),r--),o.cur=i,i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,a,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return b._data(e,n)||b._data(e,n,{empty:b.Callbacks("once memory").add(function(){b._removeData(e,t+"queue"),b._removeData(e,n)})})}}),b.fn.extend({queue:function(e,n){var r=2;return"string"!=typeof e&&(n=e,e="fx",r--),r>arguments.length?b.queue(this[0],e):n===t?this:this.each(function(){var t=b.queue(this,e,n);b._queueHooks(this,e),"fx"===e&&"inprogress"!==t[0]&&b.dequeue(this,e)})},dequeue:function(e){return this.each(function(){b.dequeue(this,e)})},delay:function(e,t){return e=b.fx?b.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,o=b.Deferred(),a=this,s=this.length,u=function(){--i||o.resolveWith(a,[a])};"string"!=typeof e&&(n=e,e=t),e=e||"fx";while(s--)r=b._data(a[s],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(u));return u(),o.promise(n)}});var I,z,X=/[\t\r\n]/g,U=/\r/g,V=/^(?:input|select|textarea|button|object)$/i,Y=/^(?:a|area)$/i,J=/^(?:checked|selected|autofocus|autoplay|async|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped)$/i,G=/^(?:checked|selected)$/i,Q=b.support.getSetAttribute,K=b.support.input;b.fn.extend({attr:function(e,t){return b.access(this,b.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){b.removeAttr(this,e)})},prop:function(e,t){return b.access(this,b.prop,e,t,arguments.length>1)},removeProp:function(e){return e=b.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,o,a=0,s=this.length,u="string"==typeof e&&e;if(b.isFunction(e))return this.each(function(t){b(this).addClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(w)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(X," "):" ")){o=0;while(i=t[o++])0>r.indexOf(" "+i+" ")&&(r+=i+" ");n.className=b.trim(r)}return this},removeClass:function(e){var t,n,r,i,o,a=0,s=this.length,u=0===arguments.length||"string"==typeof e&&e;if(b.isFunction(e))return this.each(function(t){b(this).removeClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(w)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(X," "):"")){o=0;while(i=t[o++])while(r.indexOf(" "+i+" ")>=0)r=r.replace(" "+i+" "," ");n.className=e?b.trim(r):""}return this},toggleClass:function(e,t){var n=typeof e,r="boolean"==typeof t;return b.isFunction(e)?this.each(function(n){b(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if("string"===n){var o,a=0,s=b(this),u=t,l=e.match(w)||[];while(o=l[a++])u=r?u:!s.hasClass(o),s[u?"addClass":"removeClass"](o)}else(n===i||"boolean"===n)&&(this.className&&b._data(this,"__className__",this.className),this.className=this.className||e===!1?"":b._data(this,"__className__")||"")})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;r>n;n++)if(1===this[n].nodeType&&(" "+this[n].className+" ").replace(X," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,o=this[0];{if(arguments.length)return i=b.isFunction(e),this.each(function(n){var o,a=b(this);1===this.nodeType&&(o=i?e.call(this,n,a.val()):e,null==o?o="":"number"==typeof o?o+="":b.isArray(o)&&(o=b.map(o,function(e){return null==e?"":e+""})),r=b.valHooks[this.type]||b.valHooks[this.nodeName.toLowerCase()],r&&"set"in r&&r.set(this,o,"value")!==t||(this.value=o))});if(o)return r=b.valHooks[o.type]||b.valHooks[o.nodeName.toLowerCase()],r&&"get"in r&&(n=r.get(o,"value"))!==t?n:(n=o.value,"string"==typeof n?n.replace(U,""):null==n?"":n)}}}),b.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,o="select-one"===e.type||0>i,a=o?null:[],s=o?i+1:r.length,u=0>i?s:o?i:0;for(;s>u;u++)if(n=r[u],!(!n.selected&&u!==i||(b.support.optDisabled?n.disabled:null!==n.getAttribute("disabled"))||n.parentNode.disabled&&b.nodeName(n.parentNode,"optgroup"))){if(t=b(n).val(),o)return t;a.push(t)}return a},set:function(e,t){var n=b.makeArray(t);return b(e).find("option").each(function(){this.selected=b.inArray(b(this).val(),n)>=0}),n.length||(e.selectedIndex=-1),n}}},attr:function(e,n,r){var o,a,s,u=e.nodeType;if(e&&3!==u&&8!==u&&2!==u)return typeof e.getAttribute===i?b.prop(e,n,r):(a=1!==u||!b.isXMLDoc(e),a&&(n=n.toLowerCase(),o=b.attrHooks[n]||(J.test(n)?z:I)),r===t?o&&a&&"get"in o&&null!==(s=o.get(e,n))?s:(typeof e.getAttribute!==i&&(s=e.getAttribute(n)),null==s?t:s):null!==r?o&&a&&"set"in o&&(s=o.set(e,r,n))!==t?s:(e.setAttribute(n,r+""),r):(b.removeAttr(e,n),t))},removeAttr:function(e,t){var n,r,i=0,o=t&&t.match(w);if(o&&1===e.nodeType)while(n=o[i++])r=b.propFix[n]||n,J.test(n)?!Q&&G.test(n)?e[b.camelCase("default-"+n)]=e[r]=!1:e[r]=!1:b.attr(e,n,""),e.removeAttribute(Q?n:r)},attrHooks:{type:{set:function(e,t){if(!b.support.radioValue&&"radio"===t&&b.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(e,n,r){var i,o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return a=1!==s||!b.isXMLDoc(e),a&&(n=b.propFix[n]||n,o=b.propHooks[n]),r!==t?o&&"set"in o&&(i=o.set(e,r,n))!==t?i:e[n]=r:o&&"get"in o&&null!==(i=o.get(e,n))?i:e[n]},propHooks:{tabIndex:{get:function(e){var n=e.getAttributeNode("tabindex");return n&&n.specified?parseInt(n.value,10):V.test(e.nodeName)||Y.test(e.nodeName)&&e.href?0:t}}}}),z={get:function(e,n){var r=b.prop(e,n),i="boolean"==typeof r&&e.getAttribute(n),o="boolean"==typeof r?K&&Q?null!=i:G.test(n)?e[b.camelCase("default-"+n)]:!!i:e.getAttributeNode(n);return o&&o.value!==!1?n.toLowerCase():t},set:function(e,t,n){return t===!1?b.removeAttr(e,n):K&&Q||!G.test(n)?e.setAttribute(!Q&&b.propFix[n]||n,n):e[b.camelCase("default-"+n)]=e[n]=!0,n}},K&&Q||(b.attrHooks.value={get:function(e,n){var r=e.getAttributeNode(n);return b.nodeName(e,"input")?e.defaultValue:r&&r.specified?r.value:t},set:function(e,n,r){return b.nodeName(e,"input")?(e.defaultValue=n,t):I&&I.set(e,n,r)}}),Q||(I=b.valHooks.button={get:function(e,n){var r=e.getAttributeNode(n);return r&&("id"===n||"name"===n||"coords"===n?""!==r.value:r.specified)?r.value:t},set:function(e,n,r){var i=e.getAttributeNode(r);return i||e.setAttributeNode(i=e.ownerDocument.createAttribute(r)),i.value=n+="","value"===r||n===e.getAttribute(r)?n:t}},b.attrHooks.contenteditable={get:I.get,set:function(e,t,n){I.set(e,""===t?!1:t,n)}},b.each(["width","height"],function(e,n){b.attrHooks[n]=b.extend(b.attrHooks[n],{set:function(e,r){return""===r?(e.setAttribute(n,"auto"),r):t}})})),b.support.hrefNormalized||(b.each(["href","src","width","height"],function(e,n){b.attrHooks[n]=b.extend(b.attrHooks[n],{get:function(e){var r=e.getAttribute(n,2);return null==r?t:r}})}),b.each(["href","src"],function(e,t){b.propHooks[t]={get:function(e){return e.getAttribute(t,4)}}})),b.support.style||(b.attrHooks.style={get:function(e){return e.style.cssText||t},set:function(e,t){return e.style.cssText=t+""}}),b.support.optSelected||(b.propHooks.selected=b.extend(b.propHooks.selected,{get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}})),b.support.enctype||(b.propFix.enctype="encoding"),b.support.checkOn||b.each(["radio","checkbox"],function(){b.valHooks[this]={get:function(e){return null===e.getAttribute("value")?"on":e.value}}}),b.each(["radio","checkbox"],function(){b.valHooks[this]=b.extend(b.valHooks[this],{set:function(e,n){return b.isArray(n)?e.checked=b.inArray(b(e).val(),n)>=0:t}})});var Z=/^(?:input|select|textarea)$/i,et=/^key/,tt=/^(?:mouse|contextmenu)|click/,nt=/^(?:focusinfocus|focusoutblur)$/,rt=/^([^.]*)(?:\.(.+)|)$/;function it(){return!0}function ot(){return!1}b.event={global:{},add:function(e,n,r,o,a){var s,u,l,c,p,f,d,h,g,m,y,v=b._data(e);if(v){r.handler&&(c=r,r=c.handler,a=c.selector),r.guid||(r.guid=b.guid++),(u=v.events)||(u=v.events={}),(f=v.handle)||(f=v.handle=function(e){return typeof b===i||e&&b.event.triggered===e.type?t:b.event.dispatch.apply(f.elem,arguments)},f.elem=e),n=(n||"").match(w)||[""],l=n.length;while(l--)s=rt.exec(n[l])||[],g=y=s[1],m=(s[2]||"").split(".").sort(),p=b.event.special[g]||{},g=(a?p.delegateType:p.bindType)||g,p=b.event.special[g]||{},d=b.extend({type:g,origType:y,data:o,handler:r,guid:r.guid,selector:a,needsContext:a&&b.expr.match.needsContext.test(a),namespace:m.join(".")},c),(h=u[g])||(h=u[g]=[],h.delegateCount=0,p.setup&&p.setup.call(e,o,m,f)!==!1||(e.addEventListener?e.addEventListener(g,f,!1):e.attachEvent&&e.attachEvent("on"+g,f))),p.add&&(p.add.call(e,d),d.handler.guid||(d.handler.guid=r.guid)),a?h.splice(h.delegateCount++,0,d):h.push(d),b.event.global[g]=!0;e=null}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,p,f,d,h,g,m=b.hasData(e)&&b._data(e);if(m&&(c=m.events)){t=(t||"").match(w)||[""],l=t.length;while(l--)if(s=rt.exec(t[l])||[],d=g=s[1],h=(s[2]||"").split(".").sort(),d){p=b.event.special[d]||{},d=(r?p.delegateType:p.bindType)||d,f=c[d]||[],s=s[2]&&RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),u=o=f.length;while(o--)a=f[o],!i&&g!==a.origType||n&&n.guid!==a.guid||s&&!s.test(a.namespace)||r&&r!==a.selector&&("**"!==r||!a.selector)||(f.splice(o,1),a.selector&&f.delegateCount--,p.remove&&p.remove.call(e,a));u&&!f.length&&(p.teardown&&p.teardown.call(e,h,m.handle)!==!1||b.removeEvent(e,d,m.handle),delete c[d])}else for(d in c)b.event.remove(e,d+t[l],n,r,!0);b.isEmptyObject(c)&&(delete m.handle,b._removeData(e,"events"))}},trigger:function(n,r,i,a){var s,u,l,c,p,f,d,h=[i||o],g=y.call(n,"type")?n.type:n,m=y.call(n,"namespace")?n.namespace.split("."):[];if(l=f=i=i||o,3!==i.nodeType&&8!==i.nodeType&&!nt.test(g+b.event.triggered)&&(g.indexOf(".")>=0&&(m=g.split("."),g=m.shift(),m.sort()),u=0>g.indexOf(":")&&"on"+g,n=n[b.expando]?n:new b.Event(g,"object"==typeof n&&n),n.isTrigger=!0,n.namespace=m.join("."),n.namespace_re=n.namespace?RegExp("(^|\\.)"+m.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,n.result=t,n.target||(n.target=i),r=null==r?[n]:b.makeArray(r,[n]),p=b.event.special[g]||{},a||!p.trigger||p.trigger.apply(i,r)!==!1)){if(!a&&!p.noBubble&&!b.isWindow(i)){for(c=p.delegateType||g,nt.test(c+g)||(l=l.parentNode);l;l=l.parentNode)h.push(l),f=l;f===(i.ownerDocument||o)&&h.push(f.defaultView||f.parentWindow||e)}d=0;while((l=h[d++])&&!n.isPropagationStopped())n.type=d>1?c:p.bindType||g,s=(b._data(l,"events")||{})[n.type]&&b._data(l,"handle"),s&&s.apply(l,r),s=u&&l[u],s&&b.acceptData(l)&&s.apply&&s.apply(l,r)===!1&&n.preventDefault();if(n.type=g,!(a||n.isDefaultPrevented()||p._default&&p._default.apply(i.ownerDocument,r)!==!1||"click"===g&&b.nodeName(i,"a")||!b.acceptData(i)||!u||!i[g]||b.isWindow(i))){f=i[u],f&&(i[u]=null),b.event.triggered=g;try{i[g]()}catch(v){}b.event.triggered=t,f&&(i[u]=f)}return n.result}},dispatch:function(e){e=b.event.fix(e);var n,r,i,o,a,s=[],u=h.call(arguments),l=(b._data(this,"events")||{})[e.type]||[],c=b.event.special[e.type]||{};if(u[0]=e,e.delegateTarget=this,!c.preDispatch||c.preDispatch.call(this,e)!==!1){s=b.event.handlers.call(this,e,l),n=0;while((o=s[n++])&&!e.isPropagationStopped()){e.currentTarget=o.elem,a=0;while((i=o.handlers[a++])&&!e.isImmediatePropagationStopped())(!e.namespace_re||e.namespace_re.test(i.namespace))&&(e.handleObj=i,e.data=i.data,r=((b.event.special[i.origType]||{}).handle||i.handler).apply(o.elem,u),r!==t&&(e.result=r)===!1&&(e.preventDefault(),e.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,e),e.result}},handlers:function(e,n){var r,i,o,a,s=[],u=n.delegateCount,l=e.target;if(u&&l.nodeType&&(!e.button||"click"!==e.type))for(;l!=this;l=l.parentNode||this)if(1===l.nodeType&&(l.disabled!==!0||"click"!==e.type)){for(o=[],a=0;u>a;a++)i=n[a],r=i.selector+" ",o[r]===t&&(o[r]=i.needsContext?b(r,this).index(l)>=0:b.find(r,this,null,[l]).length),o[r]&&o.push(i);o.length&&s.push({elem:l,handlers:o})}return n.length>u&&s.push({elem:this,handlers:n.slice(u)}),s},fix:function(e){if(e[b.expando])return e;var t,n,r,i=e.type,a=e,s=this.fixHooks[i];s||(this.fixHooks[i]=s=tt.test(i)?this.mouseHooks:et.test(i)?this.keyHooks:{}),r=s.props?this.props.concat(s.props):this.props,e=new b.Event(a),t=r.length;while(t--)n=r[t],e[n]=a[n];return e.target||(e.target=a.srcElement||o),3===e.target.nodeType&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,a):e},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return null==e.which&&(e.which=null!=t.charCode?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,i,a,s=n.button,u=n.fromElement;return null==e.pageX&&null!=n.clientX&&(i=e.target.ownerDocument||o,a=i.documentElement,r=i.body,e.pageX=n.clientX+(a&&a.scrollLeft||r&&r.scrollLeft||0)-(a&&a.clientLeft||r&&r.clientLeft||0),e.pageY=n.clientY+(a&&a.scrollTop||r&&r.scrollTop||0)-(a&&a.clientTop||r&&r.clientTop||0)),!e.relatedTarget&&u&&(e.relatedTarget=u===e.target?n.toElement:u),e.which||s===t||(e.which=1&s?1:2&s?3:4&s?2:0),e}},special:{load:{noBubble:!0},click:{trigger:function(){return b.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):t}},focus:{trigger:function(){if(this!==o.activeElement&&this.focus)try{return this.focus(),!1}catch(e){}},delegateType:"focusin"},blur:{trigger:function(){return this===o.activeElement&&this.blur?(this.blur(),!1):t},delegateType:"focusout"},beforeunload:{postDispatch:function(e){e.result!==t&&(e.originalEvent.returnValue=e.result)}}},simulate:function(e,t,n,r){var i=b.extend(new b.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?b.event.trigger(i,null,t):b.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},b.removeEvent=o.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]===i&&(e[r]=null),e.detachEvent(r,n))},b.Event=function(e,n){return this instanceof b.Event?(e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?it:ot):this.type=e,n&&b.extend(this,n),this.timeStamp=e&&e.timeStamp||b.now(),this[b.expando]=!0,t):new b.Event(e,n)},b.Event.prototype={isDefaultPrevented:ot,isPropagationStopped:ot,isImmediatePropagationStopped:ot,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=it,e&&(e.preventDefault?e.preventDefault():e.returnValue=!1)},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=it,e&&(e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=it,this.stopPropagation()}},b.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){b.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj;
+return(!i||i!==r&&!b.contains(r,i))&&(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),b.support.submitBubbles||(b.event.special.submit={setup:function(){return b.nodeName(this,"form")?!1:(b.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=b.nodeName(n,"input")||b.nodeName(n,"button")?n.form:t;r&&!b._data(r,"submitBubbles")&&(b.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),b._data(r,"submitBubbles",!0))}),t)},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&b.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){return b.nodeName(this,"form")?!1:(b.event.remove(this,"._submit"),t)}}),b.support.changeBubbles||(b.event.special.change={setup:function(){return Z.test(this.nodeName)?(("checkbox"===this.type||"radio"===this.type)&&(b.event.add(this,"propertychange._change",function(e){"checked"===e.originalEvent.propertyName&&(this._just_changed=!0)}),b.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),b.event.simulate("change",this,e,!0)})),!1):(b.event.add(this,"beforeactivate._change",function(e){var t=e.target;Z.test(t.nodeName)&&!b._data(t,"changeBubbles")&&(b.event.add(t,"change._change",function(e){!this.parentNode||e.isSimulated||e.isTrigger||b.event.simulate("change",this.parentNode,e,!0)}),b._data(t,"changeBubbles",!0))}),t)},handle:function(e){var n=e.target;return this!==n||e.isSimulated||e.isTrigger||"radio"!==n.type&&"checkbox"!==n.type?e.handleObj.handler.apply(this,arguments):t},teardown:function(){return b.event.remove(this,"._change"),!Z.test(this.nodeName)}}),b.support.focusinBubbles||b.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){b.event.simulate(t,e.target,b.event.fix(e),!0)};b.event.special[t]={setup:function(){0===n++&&o.addEventListener(e,r,!0)},teardown:function(){0===--n&&o.removeEventListener(e,r,!0)}}}),b.fn.extend({on:function(e,n,r,i,o){var a,s;if("object"==typeof e){"string"!=typeof n&&(r=r||n,n=t);for(a in e)this.on(a,n,r,e[a],o);return this}if(null==r&&null==i?(i=n,r=n=t):null==i&&("string"==typeof n?(i=r,r=t):(i=r,r=n,n=t)),i===!1)i=ot;else if(!i)return this;return 1===o&&(s=i,i=function(e){return b().off(e),s.apply(this,arguments)},i.guid=s.guid||(s.guid=b.guid++)),this.each(function(){b.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,o;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,b(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if("object"==typeof e){for(o in e)this.off(o,n,e[o]);return this}return(n===!1||"function"==typeof n)&&(r=n,n=t),r===!1&&(r=ot),this.each(function(){b.event.remove(this,e,r,n)})},bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},trigger:function(e,t){return this.each(function(){b.event.trigger(e,t,this)})},triggerHandler:function(e,n){var r=this[0];return r?b.event.trigger(e,n,r,!0):t}}),function(e,t){var n,r,i,o,a,s,u,l,c,p,f,d,h,g,m,y,v,x="sizzle"+-new Date,w=e.document,T={},N=0,C=0,k=it(),E=it(),S=it(),A=typeof t,j=1<<31,D=[],L=D.pop,H=D.push,q=D.slice,M=D.indexOf||function(e){var t=0,n=this.length;for(;n>t;t++)if(this[t]===e)return t;return-1},_="[\\x20\\t\\r\\n\\f]",F="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",O=F.replace("w","w#"),B="([*^$|!~]?=)",P="\\["+_+"*("+F+")"+_+"*(?:"+B+_+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+O+")|)|)"+_+"*\\]",R=":("+F+")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|"+P.replace(3,8)+")*)|.*)\\)|)",W=RegExp("^"+_+"+|((?:^|[^\\\\])(?:\\\\.)*)"+_+"+$","g"),$=RegExp("^"+_+"*,"+_+"*"),I=RegExp("^"+_+"*([\\x20\\t\\r\\n\\f>+~])"+_+"*"),z=RegExp(R),X=RegExp("^"+O+"$"),U={ID:RegExp("^#("+F+")"),CLASS:RegExp("^\\.("+F+")"),NAME:RegExp("^\\[name=['\"]?("+F+")['\"]?\\]"),TAG:RegExp("^("+F.replace("w","w*")+")"),ATTR:RegExp("^"+P),PSEUDO:RegExp("^"+R),CHILD:RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+_+"*(even|odd|(([+-]|)(\\d*)n|)"+_+"*(?:([+-]|)"+_+"*(\\d+)|))"+_+"*\\)|)","i"),needsContext:RegExp("^"+_+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+_+"*((?:-\\d)?\\d*)"+_+"*\\)|)(?=[^-]|$)","i")},V=/[\x20\t\r\n\f]*[+~]/,Y=/^[^{]+\{\s*\[native code/,J=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,G=/^(?:input|select|textarea|button)$/i,Q=/^h\d$/i,K=/'|\\/g,Z=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,et=/\\([\da-fA-F]{1,6}[\x20\t\r\n\f]?|.)/g,tt=function(e,t){var n="0x"+t-65536;return n!==n?t:0>n?String.fromCharCode(n+65536):String.fromCharCode(55296|n>>10,56320|1023&n)};try{q.call(w.documentElement.childNodes,0)[0].nodeType}catch(nt){q=function(e){var t,n=[];while(t=this[e++])n.push(t);return n}}function rt(e){return Y.test(e+"")}function it(){var e,t=[];return e=function(n,r){return t.push(n+=" ")>i.cacheLength&&delete e[t.shift()],e[n]=r}}function ot(e){return e[x]=!0,e}function at(e){var t=p.createElement("div");try{return e(t)}catch(n){return!1}finally{t=null}}function st(e,t,n,r){var i,o,a,s,u,l,f,g,m,v;if((t?t.ownerDocument||t:w)!==p&&c(t),t=t||p,n=n||[],!e||"string"!=typeof e)return n;if(1!==(s=t.nodeType)&&9!==s)return[];if(!d&&!r){if(i=J.exec(e))if(a=i[1]){if(9===s){if(o=t.getElementById(a),!o||!o.parentNode)return n;if(o.id===a)return n.push(o),n}else if(t.ownerDocument&&(o=t.ownerDocument.getElementById(a))&&y(t,o)&&o.id===a)return n.push(o),n}else{if(i[2])return H.apply(n,q.call(t.getElementsByTagName(e),0)),n;if((a=i[3])&&T.getByClassName&&t.getElementsByClassName)return H.apply(n,q.call(t.getElementsByClassName(a),0)),n}if(T.qsa&&!h.test(e)){if(f=!0,g=x,m=t,v=9===s&&e,1===s&&"object"!==t.nodeName.toLowerCase()){l=ft(e),(f=t.getAttribute("id"))?g=f.replace(K,"\\$&"):t.setAttribute("id",g),g="[id='"+g+"'] ",u=l.length;while(u--)l[u]=g+dt(l[u]);m=V.test(e)&&t.parentNode||t,v=l.join(",")}if(v)try{return H.apply(n,q.call(m.querySelectorAll(v),0)),n}catch(b){}finally{f||t.removeAttribute("id")}}}return wt(e.replace(W,"$1"),t,n,r)}a=st.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?"HTML"!==t.nodeName:!1},c=st.setDocument=function(e){var n=e?e.ownerDocument||e:w;return n!==p&&9===n.nodeType&&n.documentElement?(p=n,f=n.documentElement,d=a(n),T.tagNameNoComments=at(function(e){return e.appendChild(n.createComment("")),!e.getElementsByTagName("*").length}),T.attributes=at(function(e){e.innerHTML="<select></select>";var t=typeof e.lastChild.getAttribute("multiple");return"boolean"!==t&&"string"!==t}),T.getByClassName=at(function(e){return e.innerHTML="<div class='hidden e'></div><div class='hidden'></div>",e.getElementsByClassName&&e.getElementsByClassName("e").length?(e.lastChild.className="e",2===e.getElementsByClassName("e").length):!1}),T.getByName=at(function(e){e.id=x+0,e.innerHTML="<a name='"+x+"'></a><div name='"+x+"'></div>",f.insertBefore(e,f.firstChild);var t=n.getElementsByName&&n.getElementsByName(x).length===2+n.getElementsByName(x+0).length;return T.getIdNotName=!n.getElementById(x),f.removeChild(e),t}),i.attrHandle=at(function(e){return e.innerHTML="<a href='#'></a>",e.firstChild&&typeof e.firstChild.getAttribute!==A&&"#"===e.firstChild.getAttribute("href")})?{}:{href:function(e){return e.getAttribute("href",2)},type:function(e){return e.getAttribute("type")}},T.getIdNotName?(i.find.ID=function(e,t){if(typeof t.getElementById!==A&&!d){var n=t.getElementById(e);return n&&n.parentNode?[n]:[]}},i.filter.ID=function(e){var t=e.replace(et,tt);return function(e){return e.getAttribute("id")===t}}):(i.find.ID=function(e,n){if(typeof n.getElementById!==A&&!d){var r=n.getElementById(e);return r?r.id===e||typeof r.getAttributeNode!==A&&r.getAttributeNode("id").value===e?[r]:t:[]}},i.filter.ID=function(e){var t=e.replace(et,tt);return function(e){var n=typeof e.getAttributeNode!==A&&e.getAttributeNode("id");return n&&n.value===t}}),i.find.TAG=T.tagNameNoComments?function(e,n){return typeof n.getElementsByTagName!==A?n.getElementsByTagName(e):t}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},i.find.NAME=T.getByName&&function(e,n){return typeof n.getElementsByName!==A?n.getElementsByName(name):t},i.find.CLASS=T.getByClassName&&function(e,n){return typeof n.getElementsByClassName===A||d?t:n.getElementsByClassName(e)},g=[],h=[":focus"],(T.qsa=rt(n.querySelectorAll))&&(at(function(e){e.innerHTML="<select><option selected=''></option></select>",e.querySelectorAll("[selected]").length||h.push("\\["+_+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),e.querySelectorAll(":checked").length||h.push(":checked")}),at(function(e){e.innerHTML="<input type='hidden' i=''/>",e.querySelectorAll("[i^='']").length&&h.push("[*^$]="+_+"*(?:\"\"|'')"),e.querySelectorAll(":enabled").length||h.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),h.push(",.*:")})),(T.matchesSelector=rt(m=f.matchesSelector||f.mozMatchesSelector||f.webkitMatchesSelector||f.oMatchesSelector||f.msMatchesSelector))&&at(function(e){T.disconnectedMatch=m.call(e,"div"),m.call(e,"[s!='']:x"),g.push("!=",R)}),h=RegExp(h.join("|")),g=RegExp(g.join("|")),y=rt(f.contains)||f.compareDocumentPosition?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},v=f.compareDocumentPosition?function(e,t){var r;return e===t?(u=!0,0):(r=t.compareDocumentPosition&&e.compareDocumentPosition&&e.compareDocumentPosition(t))?1&r||e.parentNode&&11===e.parentNode.nodeType?e===n||y(w,e)?-1:t===n||y(w,t)?1:0:4&r?-1:1:e.compareDocumentPosition?-1:1}:function(e,t){var r,i=0,o=e.parentNode,a=t.parentNode,s=[e],l=[t];if(e===t)return u=!0,0;if(!o||!a)return e===n?-1:t===n?1:o?-1:a?1:0;if(o===a)return ut(e,t);r=e;while(r=r.parentNode)s.unshift(r);r=t;while(r=r.parentNode)l.unshift(r);while(s[i]===l[i])i++;return i?ut(s[i],l[i]):s[i]===w?-1:l[i]===w?1:0},u=!1,[0,0].sort(v),T.detectDuplicates=u,p):p},st.matches=function(e,t){return st(e,null,null,t)},st.matchesSelector=function(e,t){if((e.ownerDocument||e)!==p&&c(e),t=t.replace(Z,"='$1']"),!(!T.matchesSelector||d||g&&g.test(t)||h.test(t)))try{var n=m.call(e,t);if(n||T.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(r){}return st(t,p,null,[e]).length>0},st.contains=function(e,t){return(e.ownerDocument||e)!==p&&c(e),y(e,t)},st.attr=function(e,t){var n;return(e.ownerDocument||e)!==p&&c(e),d||(t=t.toLowerCase()),(n=i.attrHandle[t])?n(e):d||T.attributes?e.getAttribute(t):((n=e.getAttributeNode(t))||e.getAttribute(t))&&e[t]===!0?t:n&&n.specified?n.value:null},st.error=function(e){throw Error("Syntax error, unrecognized expression: "+e)},st.uniqueSort=function(e){var t,n=[],r=1,i=0;if(u=!T.detectDuplicates,e.sort(v),u){for(;t=e[r];r++)t===e[r-1]&&(i=n.push(r));while(i--)e.splice(n[i],1)}return e};function ut(e,t){var n=t&&e,r=n&&(~t.sourceIndex||j)-(~e.sourceIndex||j);if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function lt(e){return function(t){var n=t.nodeName.toLowerCase();return"input"===n&&t.type===e}}function ct(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function pt(e){return ot(function(t){return t=+t,ot(function(n,r){var i,o=e([],n.length,t),a=o.length;while(a--)n[i=o[a]]&&(n[i]=!(r[i]=n[i]))})})}o=st.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=o(e)}else if(3===i||4===i)return e.nodeValue}else for(;t=e[r];r++)n+=o(t);return n},i=st.selectors={cacheLength:50,createPseudo:ot,match:U,find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(et,tt),e[3]=(e[4]||e[5]||"").replace(et,tt),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||st.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&st.error(e[0]),e},PSEUDO:function(e){var t,n=!e[5]&&e[2];return U.CHILD.test(e[0])?null:(e[4]?e[2]=e[4]:n&&z.test(n)&&(t=ft(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){return"*"===e?function(){return!0}:(e=e.replace(et,tt).toLowerCase(),function(t){return t.nodeName&&t.nodeName.toLowerCase()===e})},CLASS:function(e){var t=k[e+" "];return t||(t=RegExp("(^|"+_+")"+e+"("+_+"|$)"))&&k(e,function(e){return t.test(e.className||typeof e.getAttribute!==A&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=st.attr(r,e);return null==i?"!="===t:t?(i+="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.slice(-n.length)===n:"~="===t?(" "+i+" ").indexOf(n)>-1:"|="===t?i===n||i.slice(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),a="last"!==e.slice(-4),s="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,u){var l,c,p,f,d,h,g=o!==a?"nextSibling":"previousSibling",m=t.parentNode,y=s&&t.nodeName.toLowerCase(),v=!u&&!s;if(m){if(o){while(g){p=t;while(p=p[g])if(s?p.nodeName.toLowerCase()===y:1===p.nodeType)return!1;h=g="only"===e&&!h&&"nextSibling"}return!0}if(h=[a?m.firstChild:m.lastChild],a&&v){c=m[x]||(m[x]={}),l=c[e]||[],d=l[0]===N&&l[1],f=l[0]===N&&l[2],p=d&&m.childNodes[d];while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if(1===p.nodeType&&++f&&p===t){c[e]=[N,d,f];break}}else if(v&&(l=(t[x]||(t[x]={}))[e])&&l[0]===N)f=l[1];else while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if((s?p.nodeName.toLowerCase()===y:1===p.nodeType)&&++f&&(v&&((p[x]||(p[x]={}))[e]=[N,f]),p===t))break;return f-=i,f===r||0===f%r&&f/r>=0}}},PSEUDO:function(e,t){var n,r=i.pseudos[e]||i.setFilters[e.toLowerCase()]||st.error("unsupported pseudo: "+e);return r[x]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?ot(function(e,n){var i,o=r(e,t),a=o.length;while(a--)i=M.call(e,o[a]),e[i]=!(n[i]=o[a])}):function(e){return r(e,0,n)}):r}},pseudos:{not:ot(function(e){var t=[],n=[],r=s(e.replace(W,"$1"));return r[x]?ot(function(e,t,n,i){var o,a=r(e,null,i,[]),s=e.length;while(s--)(o=a[s])&&(e[s]=!(t[s]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),!n.pop()}}),has:ot(function(e){return function(t){return st(e,t).length>0}}),contains:ot(function(e){return function(t){return(t.textContent||t.innerText||o(t)).indexOf(e)>-1}}),lang:ot(function(e){return X.test(e||"")||st.error("unsupported lang: "+e),e=e.replace(et,tt).toLowerCase(),function(t){var n;do if(n=d?t.getAttribute("xml:lang")||t.getAttribute("lang"):t.lang)return n=n.toLowerCase(),n===e||0===n.indexOf(e+"-");while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===f},focus:function(e){return e===p.activeElement&&(!p.hasFocus||p.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeName>"@"||3===e.nodeType||4===e.nodeType)return!1;return!0},parent:function(e){return!i.pseudos.empty(e)},header:function(e){return Q.test(e.nodeName)},input:function(e){return G.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||t.toLowerCase()===e.type)},first:pt(function(){return[0]}),last:pt(function(e,t){return[t-1]}),eq:pt(function(e,t,n){return[0>n?n+t:n]}),even:pt(function(e,t){var n=0;for(;t>n;n+=2)e.push(n);return e}),odd:pt(function(e,t){var n=1;for(;t>n;n+=2)e.push(n);return e}),lt:pt(function(e,t,n){var r=0>n?n+t:n;for(;--r>=0;)e.push(r);return e}),gt:pt(function(e,t,n){var r=0>n?n+t:n;for(;t>++r;)e.push(r);return e})}};for(n in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})i.pseudos[n]=lt(n);for(n in{submit:!0,reset:!0})i.pseudos[n]=ct(n);function ft(e,t){var n,r,o,a,s,u,l,c=E[e+" "];if(c)return t?0:c.slice(0);s=e,u=[],l=i.preFilter;while(s){(!n||(r=$.exec(s)))&&(r&&(s=s.slice(r[0].length)||s),u.push(o=[])),n=!1,(r=I.exec(s))&&(n=r.shift(),o.push({value:n,type:r[0].replace(W," ")}),s=s.slice(n.length));for(a in i.filter)!(r=U[a].exec(s))||l[a]&&!(r=l[a](r))||(n=r.shift(),o.push({value:n,type:a,matches:r}),s=s.slice(n.length));if(!n)break}return t?s.length:s?st.error(e):E(e,u).slice(0)}function dt(e){var t=0,n=e.length,r="";for(;n>t;t++)r+=e[t].value;return r}function ht(e,t,n){var i=t.dir,o=n&&"parentNode"===i,a=C++;return t.first?function(t,n,r){while(t=t[i])if(1===t.nodeType||o)return e(t,n,r)}:function(t,n,s){var u,l,c,p=N+" "+a;if(s){while(t=t[i])if((1===t.nodeType||o)&&e(t,n,s))return!0}else while(t=t[i])if(1===t.nodeType||o)if(c=t[x]||(t[x]={}),(l=c[i])&&l[0]===p){if((u=l[1])===!0||u===r)return u===!0}else if(l=c[i]=[p],l[1]=e(t,n,s)||r,l[1]===!0)return!0}}function gt(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function mt(e,t,n,r,i){var o,a=[],s=0,u=e.length,l=null!=t;for(;u>s;s++)(o=e[s])&&(!n||n(o,r,i))&&(a.push(o),l&&t.push(s));return a}function yt(e,t,n,r,i,o){return r&&!r[x]&&(r=yt(r)),i&&!i[x]&&(i=yt(i,o)),ot(function(o,a,s,u){var l,c,p,f=[],d=[],h=a.length,g=o||xt(t||"*",s.nodeType?[s]:s,[]),m=!e||!o&&t?g:mt(g,f,e,s,u),y=n?i||(o?e:h||r)?[]:a:m;if(n&&n(m,y,s,u),r){l=mt(y,d),r(l,[],s,u),c=l.length;while(c--)(p=l[c])&&(y[d[c]]=!(m[d[c]]=p))}if(o){if(i||e){if(i){l=[],c=y.length;while(c--)(p=y[c])&&l.push(m[c]=p);i(null,y=[],l,u)}c=y.length;while(c--)(p=y[c])&&(l=i?M.call(o,p):f[c])>-1&&(o[l]=!(a[l]=p))}}else y=mt(y===a?y.splice(h,y.length):y),i?i(null,a,y,u):H.apply(a,y)})}function vt(e){var t,n,r,o=e.length,a=i.relative[e[0].type],s=a||i.relative[" "],u=a?1:0,c=ht(function(e){return e===t},s,!0),p=ht(function(e){return M.call(t,e)>-1},s,!0),f=[function(e,n,r){return!a&&(r||n!==l)||((t=n).nodeType?c(e,n,r):p(e,n,r))}];for(;o>u;u++)if(n=i.relative[e[u].type])f=[ht(gt(f),n)];else{if(n=i.filter[e[u].type].apply(null,e[u].matches),n[x]){for(r=++u;o>r;r++)if(i.relative[e[r].type])break;return yt(u>1&>(f),u>1&&dt(e.slice(0,u-1)).replace(W,"$1"),n,r>u&&vt(e.slice(u,r)),o>r&&vt(e=e.slice(r)),o>r&&dt(e))}f.push(n)}return gt(f)}function bt(e,t){var n=0,o=t.length>0,a=e.length>0,s=function(s,u,c,f,d){var h,g,m,y=[],v=0,b="0",x=s&&[],w=null!=d,T=l,C=s||a&&i.find.TAG("*",d&&u.parentNode||u),k=N+=null==T?1:Math.random()||.1;for(w&&(l=u!==p&&u,r=n);null!=(h=C[b]);b++){if(a&&h){g=0;while(m=e[g++])if(m(h,u,c)){f.push(h);break}w&&(N=k,r=++n)}o&&((h=!m&&h)&&v--,s&&x.push(h))}if(v+=b,o&&b!==v){g=0;while(m=t[g++])m(x,y,u,c);if(s){if(v>0)while(b--)x[b]||y[b]||(y[b]=L.call(f));y=mt(y)}H.apply(f,y),w&&!s&&y.length>0&&v+t.length>1&&st.uniqueSort(f)}return w&&(N=k,l=T),x};return o?ot(s):s}s=st.compile=function(e,t){var n,r=[],i=[],o=S[e+" "];if(!o){t||(t=ft(e)),n=t.length;while(n--)o=vt(t[n]),o[x]?r.push(o):i.push(o);o=S(e,bt(i,r))}return o};function xt(e,t,n){var r=0,i=t.length;for(;i>r;r++)st(e,t[r],n);return n}function wt(e,t,n,r){var o,a,u,l,c,p=ft(e);if(!r&&1===p.length){if(a=p[0]=p[0].slice(0),a.length>2&&"ID"===(u=a[0]).type&&9===t.nodeType&&!d&&i.relative[a[1].type]){if(t=i.find.ID(u.matches[0].replace(et,tt),t)[0],!t)return n;e=e.slice(a.shift().value.length)}o=U.needsContext.test(e)?0:a.length;while(o--){if(u=a[o],i.relative[l=u.type])break;if((c=i.find[l])&&(r=c(u.matches[0].replace(et,tt),V.test(a[0].type)&&t.parentNode||t))){if(a.splice(o,1),e=r.length&&dt(a),!e)return H.apply(n,q.call(r,0)),n;break}}}return s(e,p)(r,t,d,n,V.test(e)),n}i.pseudos.nth=i.pseudos.eq;function Tt(){}i.filters=Tt.prototype=i.pseudos,i.setFilters=new Tt,c(),st.attr=b.attr,b.find=st,b.expr=st.selectors,b.expr[":"]=b.expr.pseudos,b.unique=st.uniqueSort,b.text=st.getText,b.isXMLDoc=st.isXML,b.contains=st.contains}(e);var at=/Until$/,st=/^(?:parents|prev(?:Until|All))/,ut=/^.[^:#\[\.,]*$/,lt=b.expr.match.needsContext,ct={children:!0,contents:!0,next:!0,prev:!0};b.fn.extend({find:function(e){var t,n,r,i=this.length;if("string"!=typeof e)return r=this,this.pushStack(b(e).filter(function(){for(t=0;i>t;t++)if(b.contains(r[t],this))return!0}));for(n=[],t=0;i>t;t++)b.find(e,this[t],n);return n=this.pushStack(i>1?b.unique(n):n),n.selector=(this.selector?this.selector+" ":"")+e,n},has:function(e){var t,n=b(e,this),r=n.length;return this.filter(function(){for(t=0;r>t;t++)if(b.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e,!1))},filter:function(e){return this.pushStack(ft(this,e,!0))},is:function(e){return!!e&&("string"==typeof e?lt.test(e)?b(e,this.context).index(this[0])>=0:b.filter(e,this).length>0:this.filter(e).length>0)},closest:function(e,t){var n,r=0,i=this.length,o=[],a=lt.test(e)||"string"!=typeof e?b(e,t||this.context):0;for(;i>r;r++){n=this[r];while(n&&n.ownerDocument&&n!==t&&11!==n.nodeType){if(a?a.index(n)>-1:b.find.matchesSelector(n,e)){o.push(n);break}n=n.parentNode}}return this.pushStack(o.length>1?b.unique(o):o)},index:function(e){return e?"string"==typeof e?b.inArray(this[0],b(e)):b.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){var n="string"==typeof e?b(e,t):b.makeArray(e&&e.nodeType?[e]:e),r=b.merge(this.get(),n);return this.pushStack(b.unique(r))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),b.fn.andSelf=b.fn.addBack;function pt(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}b.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return b.dir(e,"parentNode")},parentsUntil:function(e,t,n){return b.dir(e,"parentNode",n)},next:function(e){return pt(e,"nextSibling")},prev:function(e){return pt(e,"previousSibling")},nextAll:function(e){return b.dir(e,"nextSibling")},prevAll:function(e){return b.dir(e,"previousSibling")},nextUntil:function(e,t,n){return b.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return b.dir(e,"previousSibling",n)},siblings:function(e){return b.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return b.sibling(e.firstChild)},contents:function(e){return b.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:b.merge([],e.childNodes)}},function(e,t){b.fn[e]=function(n,r){var i=b.map(this,t,n);return at.test(e)||(r=n),r&&"string"==typeof r&&(i=b.filter(r,i)),i=this.length>1&&!ct[e]?b.unique(i):i,this.length>1&&st.test(e)&&(i=i.reverse()),this.pushStack(i)}}),b.extend({filter:function(e,t,n){return n&&(e=":not("+e+")"),1===t.length?b.find.matchesSelector(t[0],e)?[t[0]]:[]:b.find.matches(e,t)},dir:function(e,n,r){var i=[],o=e[n];while(o&&9!==o.nodeType&&(r===t||1!==o.nodeType||!b(o).is(r)))1===o.nodeType&&i.push(o),o=o[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n}});function ft(e,t,n){if(t=t||0,b.isFunction(t))return b.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return b.grep(e,function(e){return e===t===n});if("string"==typeof t){var r=b.grep(e,function(e){return 1===e.nodeType});if(ut.test(t))return b.filter(t,r,!n);t=b.filter(t,r)}return b.grep(e,function(e){return b.inArray(e,t)>=0===n})}function dt(e){var t=ht.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}var ht="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",gt=/ jQuery\d+="(?:null|\d+)"/g,mt=RegExp("<(?:"+ht+")[\\s/>]","i"),yt=/^\s+/,vt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bt=/<([\w:]+)/,xt=/<tbody/i,wt=/<|&#?\w+;/,Tt=/<(?:script|style|link)/i,Nt=/^(?:checkbox|radio)$/i,Ct=/checked\s*(?:[^=]|=\s*.checked.)/i,kt=/^$|\/(?:java|ecma)script/i,Et=/^true\/(.*)/,St=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,At={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:b.support.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]},jt=dt(o),Dt=jt.appendChild(o.createElement("div"));At.optgroup=At.option,At.tbody=At.tfoot=At.colgroup=At.caption=At.thead,At.th=At.td,b.fn.extend({text:function(e){return b.access(this,function(e){return e===t?b.text(this):this.empty().append((this[0]&&this[0].ownerDocument||o).createTextNode(e))},null,e,arguments.length)},wrapAll:function(e){if(b.isFunction(e))return this.each(function(t){b(this).wrapAll(e.call(this,t))});if(this[0]){var t=b(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&1===e.firstChild.nodeType)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return b.isFunction(e)?this.each(function(t){b(this).wrapInner(e.call(this,t))}):this.each(function(){var t=b(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=b.isFunction(e);return this.each(function(n){b(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){b.nodeName(this,"body")||b(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(e){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&this.appendChild(e)})},prepend:function(){return this.domManip(arguments,!0,function(e){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&this.insertBefore(e,this.firstChild)})},before:function(){return this.domManip(arguments,!1,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return this.domManip(arguments,!1,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},remove:function(e,t){var n,r=0;for(;null!=(n=this[r]);r++)(!e||b.filter(e,[n]).length>0)&&(t||1!==n.nodeType||b.cleanData(Ot(n)),n.parentNode&&(t&&b.contains(n.ownerDocument,n)&&Mt(Ot(n,"script")),n.parentNode.removeChild(n)));return this},empty:function(){var e,t=0;for(;null!=(e=this[t]);t++){1===e.nodeType&&b.cleanData(Ot(e,!1));while(e.firstChild)e.removeChild(e.firstChild);e.options&&b.nodeName(e,"select")&&(e.options.length=0)}return this},clone:function(e,t){return e=null==e?!1:e,t=null==t?e:t,this.map(function(){return b.clone(this,e,t)})},html:function(e){return b.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return 1===n.nodeType?n.innerHTML.replace(gt,""):t;if(!("string"!=typeof e||Tt.test(e)||!b.support.htmlSerialize&&mt.test(e)||!b.support.leadingWhitespace&&yt.test(e)||At[(bt.exec(e)||["",""])[1].toLowerCase()])){e=e.replace(vt,"<$1></$2>");try{for(;i>r;r++)n=this[r]||{},1===n.nodeType&&(b.cleanData(Ot(n,!1)),n.innerHTML=e);n=0}catch(o){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(e){var t=b.isFunction(e);return t||"string"==typeof e||(e=b(e).not(this).detach()),this.domManip([e],!0,function(e){var t=this.nextSibling,n=this.parentNode;n&&(b(this).remove(),n.insertBefore(e,t))})},detach:function(e){return this.remove(e,!0)},domManip:function(e,n,r){e=f.apply([],e);var i,o,a,s,u,l,c=0,p=this.length,d=this,h=p-1,g=e[0],m=b.isFunction(g);if(m||!(1>=p||"string"!=typeof g||b.support.checkClone)&&Ct.test(g))return this.each(function(i){var o=d.eq(i);m&&(e[0]=g.call(this,i,n?o.html():t)),o.domManip(e,n,r)});if(p&&(l=b.buildFragment(e,this[0].ownerDocument,!1,this),i=l.firstChild,1===l.childNodes.length&&(l=i),i)){for(n=n&&b.nodeName(i,"tr"),s=b.map(Ot(l,"script"),Ht),a=s.length;p>c;c++)o=l,c!==h&&(o=b.clone(o,!0,!0),a&&b.merge(s,Ot(o,"script"))),r.call(n&&b.nodeName(this[c],"table")?Lt(this[c],"tbody"):this[c],o,c);if(a)for(u=s[s.length-1].ownerDocument,b.map(s,qt),c=0;a>c;c++)o=s[c],kt.test(o.type||"")&&!b._data(o,"globalEval")&&b.contains(u,o)&&(o.src?b.ajax({url:o.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):b.globalEval((o.text||o.textContent||o.innerHTML||"").replace(St,"")));l=i=null}return this}});function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}function Ht(e){var t=e.getAttributeNode("type");return e.type=(t&&t.specified)+"/"+e.type,e}function qt(e){var t=Et.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function Mt(e,t){var n,r=0;for(;null!=(n=e[r]);r++)b._data(n,"globalEval",!t||b._data(t[r],"globalEval"))}function _t(e,t){if(1===t.nodeType&&b.hasData(e)){var n,r,i,o=b._data(e),a=b._data(t,o),s=o.events;if(s){delete a.handle,a.events={};for(n in s)for(r=0,i=s[n].length;i>r;r++)b.event.add(t,n,s[n][r])}a.data&&(a.data=b.extend({},a.data))}}function Ft(e,t){var n,r,i;if(1===t.nodeType){if(n=t.nodeName.toLowerCase(),!b.support.noCloneEvent&&t[b.expando]){i=b._data(t);for(r in i.events)b.removeEvent(t,r,i.handle);t.removeAttribute(b.expando)}"script"===n&&t.text!==e.text?(Ht(t).text=e.text,qt(t)):"object"===n?(t.parentNode&&(t.outerHTML=e.outerHTML),b.support.html5Clone&&e.innerHTML&&!b.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):"input"===n&&Nt.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):"option"===n?t.defaultSelected=t.selected=e.defaultSelected:("input"===n||"textarea"===n)&&(t.defaultValue=e.defaultValue)}}b.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){b.fn[e]=function(e){var n,r=0,i=[],o=b(e),a=o.length-1;for(;a>=r;r++)n=r===a?this:this.clone(!0),b(o[r])[t](n),d.apply(i,n.get());return this.pushStack(i)}});function Ot(e,n){var r,o,a=0,s=typeof e.getElementsByTagName!==i?e.getElementsByTagName(n||"*"):typeof e.querySelectorAll!==i?e.querySelectorAll(n||"*"):t;if(!s)for(s=[],r=e.childNodes||e;null!=(o=r[a]);a++)!n||b.nodeName(o,n)?s.push(o):b.merge(s,Ot(o,n));return n===t||n&&b.nodeName(e,n)?b.merge([e],s):s}function Bt(e){Nt.test(e.type)&&(e.defaultChecked=e.checked)}b.extend({clone:function(e,t,n){var r,i,o,a,s,u=b.contains(e.ownerDocument,e);if(b.support.html5Clone||b.isXMLDoc(e)||!mt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(Dt.innerHTML=e.outerHTML,Dt.removeChild(o=Dt.firstChild)),!(b.support.noCloneEvent&&b.support.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||b.isXMLDoc(e)))for(r=Ot(o),s=Ot(e),a=0;null!=(i=s[a]);++a)r[a]&&Ft(i,r[a]);if(t)if(n)for(s=s||Ot(e),r=r||Ot(o),a=0;null!=(i=s[a]);a++)_t(i,r[a]);else _t(e,o);return r=Ot(o,"script"),r.length>0&&Mt(r,!u&&Ot(e,"script")),r=s=i=null,o},buildFragment:function(e,t,n,r){var i,o,a,s,u,l,c,p=e.length,f=dt(t),d=[],h=0;for(;p>h;h++)if(o=e[h],o||0===o)if("object"===b.type(o))b.merge(d,o.nodeType?[o]:o);else if(wt.test(o)){s=s||f.appendChild(t.createElement("div")),u=(bt.exec(o)||["",""])[1].toLowerCase(),c=At[u]||At._default,s.innerHTML=c[1]+o.replace(vt,"<$1></$2>")+c[2],i=c[0];while(i--)s=s.lastChild;if(!b.support.leadingWhitespace&&yt.test(o)&&d.push(t.createTextNode(yt.exec(o)[0])),!b.support.tbody){o="table"!==u||xt.test(o)?"<table>"!==c[1]||xt.test(o)?0:s:s.firstChild,i=o&&o.childNodes.length;while(i--)b.nodeName(l=o.childNodes[i],"tbody")&&!l.childNodes.length&&o.removeChild(l)
+}b.merge(d,s.childNodes),s.textContent="";while(s.firstChild)s.removeChild(s.firstChild);s=f.lastChild}else d.push(t.createTextNode(o));s&&f.removeChild(s),b.support.appendChecked||b.grep(Ot(d,"input"),Bt),h=0;while(o=d[h++])if((!r||-1===b.inArray(o,r))&&(a=b.contains(o.ownerDocument,o),s=Ot(f.appendChild(o),"script"),a&&Mt(s),n)){i=0;while(o=s[i++])kt.test(o.type||"")&&n.push(o)}return s=null,f},cleanData:function(e,t){var n,r,o,a,s=0,u=b.expando,l=b.cache,p=b.support.deleteExpando,f=b.event.special;for(;null!=(n=e[s]);s++)if((t||b.acceptData(n))&&(o=n[u],a=o&&l[o])){if(a.events)for(r in a.events)f[r]?b.event.remove(n,r):b.removeEvent(n,r,a.handle);l[o]&&(delete l[o],p?delete n[u]:typeof n.removeAttribute!==i?n.removeAttribute(u):n[u]=null,c.push(o))}}});var Pt,Rt,Wt,$t=/alpha\([^)]*\)/i,It=/opacity\s*=\s*([^)]*)/,zt=/^(top|right|bottom|left)$/,Xt=/^(none|table(?!-c[ea]).+)/,Ut=/^margin/,Vt=RegExp("^("+x+")(.*)$","i"),Yt=RegExp("^("+x+")(?!px)[a-z%]+$","i"),Jt=RegExp("^([+-])=("+x+")","i"),Gt={BODY:"block"},Qt={position:"absolute",visibility:"hidden",display:"block"},Kt={letterSpacing:0,fontWeight:400},Zt=["Top","Right","Bottom","Left"],en=["Webkit","O","Moz","ms"];function tn(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=en.length;while(i--)if(t=en[i]+n,t in e)return t;return r}function nn(e,t){return e=t||e,"none"===b.css(e,"display")||!b.contains(e.ownerDocument,e)}function rn(e,t){var n,r,i,o=[],a=0,s=e.length;for(;s>a;a++)r=e[a],r.style&&(o[a]=b._data(r,"olddisplay"),n=r.style.display,t?(o[a]||"none"!==n||(r.style.display=""),""===r.style.display&&nn(r)&&(o[a]=b._data(r,"olddisplay",un(r.nodeName)))):o[a]||(i=nn(r),(n&&"none"!==n||!i)&&b._data(r,"olddisplay",i?n:b.css(r,"display"))));for(a=0;s>a;a++)r=e[a],r.style&&(t&&"none"!==r.style.display&&""!==r.style.display||(r.style.display=t?o[a]||"":"none"));return e}b.fn.extend({css:function(e,n){return b.access(this,function(e,n,r){var i,o,a={},s=0;if(b.isArray(n)){for(o=Rt(e),i=n.length;i>s;s++)a[n[s]]=b.css(e,n[s],!1,o);return a}return r!==t?b.style(e,n,r):b.css(e,n)},e,n,arguments.length>1)},show:function(){return rn(this,!0)},hide:function(){return rn(this)},toggle:function(e){var t="boolean"==typeof e;return this.each(function(){(t?e:nn(this))?b(this).show():b(this).hide()})}}),b.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Wt(e,"opacity");return""===n?"1":n}}}},cssNumber:{columnCount:!0,fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":b.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var o,a,s,u=b.camelCase(n),l=e.style;if(n=b.cssProps[u]||(b.cssProps[u]=tn(l,u)),s=b.cssHooks[n]||b.cssHooks[u],r===t)return s&&"get"in s&&(o=s.get(e,!1,i))!==t?o:l[n];if(a=typeof r,"string"===a&&(o=Jt.exec(r))&&(r=(o[1]+1)*o[2]+parseFloat(b.css(e,n)),a="number"),!(null==r||"number"===a&&isNaN(r)||("number"!==a||b.cssNumber[u]||(r+="px"),b.support.clearCloneStyle||""!==r||0!==n.indexOf("background")||(l[n]="inherit"),s&&"set"in s&&(r=s.set(e,r,i))===t)))try{l[n]=r}catch(c){}}},css:function(e,n,r,i){var o,a,s,u=b.camelCase(n);return n=b.cssProps[u]||(b.cssProps[u]=tn(e.style,u)),s=b.cssHooks[n]||b.cssHooks[u],s&&"get"in s&&(a=s.get(e,!0,r)),a===t&&(a=Wt(e,n,i)),"normal"===a&&n in Kt&&(a=Kt[n]),""===r||r?(o=parseFloat(a),r===!0||b.isNumeric(o)?o||0:a):a},swap:function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=a[o];return i}}),e.getComputedStyle?(Rt=function(t){return e.getComputedStyle(t,null)},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),u=s?s.getPropertyValue(n)||s[n]:t,l=e.style;return s&&(""!==u||b.contains(e.ownerDocument,e)||(u=b.style(e,n)),Yt.test(u)&&Ut.test(n)&&(i=l.width,o=l.minWidth,a=l.maxWidth,l.minWidth=l.maxWidth=l.width=u,u=s.width,l.width=i,l.minWidth=o,l.maxWidth=a)),u}):o.documentElement.currentStyle&&(Rt=function(e){return e.currentStyle},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),u=s?s[n]:t,l=e.style;return null==u&&l&&l[n]&&(u=l[n]),Yt.test(u)&&!zt.test(n)&&(i=l.left,o=e.runtimeStyle,a=o&&o.left,a&&(o.left=e.currentStyle.left),l.left="fontSize"===n?"1em":u,u=l.pixelLeft+"px",l.left=i,a&&(o.left=a)),""===u?"auto":u});function on(e,t,n){var r=Vt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function an(e,t,n,r,i){var o=n===(r?"border":"content")?4:"width"===t?1:0,a=0;for(;4>o;o+=2)"margin"===n&&(a+=b.css(e,n+Zt[o],!0,i)),r?("content"===n&&(a-=b.css(e,"padding"+Zt[o],!0,i)),"margin"!==n&&(a-=b.css(e,"border"+Zt[o]+"Width",!0,i))):(a+=b.css(e,"padding"+Zt[o],!0,i),"padding"!==n&&(a+=b.css(e,"border"+Zt[o]+"Width",!0,i)));return a}function sn(e,t,n){var r=!0,i="width"===t?e.offsetWidth:e.offsetHeight,o=Rt(e),a=b.support.boxSizing&&"border-box"===b.css(e,"boxSizing",!1,o);if(0>=i||null==i){if(i=Wt(e,t,o),(0>i||null==i)&&(i=e.style[t]),Yt.test(i))return i;r=a&&(b.support.boxSizingReliable||i===e.style[t]),i=parseFloat(i)||0}return i+an(e,t,n||(a?"border":"content"),r,o)+"px"}function un(e){var t=o,n=Gt[e];return n||(n=ln(e,t),"none"!==n&&n||(Pt=(Pt||b("<iframe frameborder='0' width='0' height='0'/>").css("cssText","display:block !important")).appendTo(t.documentElement),t=(Pt[0].contentWindow||Pt[0].contentDocument).document,t.write("<!doctype html><html><body>"),t.close(),n=ln(e,t),Pt.detach()),Gt[e]=n),n}function ln(e,t){var n=b(t.createElement(e)).appendTo(t.body),r=b.css(n[0],"display");return n.remove(),r}b.each(["height","width"],function(e,n){b.cssHooks[n]={get:function(e,r,i){return r?0===e.offsetWidth&&Xt.test(b.css(e,"display"))?b.swap(e,Qt,function(){return sn(e,n,i)}):sn(e,n,i):t},set:function(e,t,r){var i=r&&Rt(e);return on(e,t,r?an(e,n,r,b.support.boxSizing&&"border-box"===b.css(e,"boxSizing",!1,i),i):0)}}}),b.support.opacity||(b.cssHooks.opacity={get:function(e,t){return It.test((t&&e.currentStyle?e.currentStyle.filter:e.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":t?"1":""},set:function(e,t){var n=e.style,r=e.currentStyle,i=b.isNumeric(t)?"alpha(opacity="+100*t+")":"",o=r&&r.filter||n.filter||"";n.zoom=1,(t>=1||""===t)&&""===b.trim(o.replace($t,""))&&n.removeAttribute&&(n.removeAttribute("filter"),""===t||r&&!r.filter)||(n.filter=$t.test(o)?o.replace($t,i):o+" "+i)}}),b(function(){b.support.reliableMarginRight||(b.cssHooks.marginRight={get:function(e,n){return n?b.swap(e,{display:"inline-block"},Wt,[e,"marginRight"]):t}}),!b.support.pixelPosition&&b.fn.position&&b.each(["top","left"],function(e,n){b.cssHooks[n]={get:function(e,r){return r?(r=Wt(e,n),Yt.test(r)?b(e).position()[n]+"px":r):t}}})}),b.expr&&b.expr.filters&&(b.expr.filters.hidden=function(e){return 0>=e.offsetWidth&&0>=e.offsetHeight||!b.support.reliableHiddenOffsets&&"none"===(e.style&&e.style.display||b.css(e,"display"))},b.expr.filters.visible=function(e){return!b.expr.filters.hidden(e)}),b.each({margin:"",padding:"",border:"Width"},function(e,t){b.cssHooks[e+t]={expand:function(n){var r=0,i={},o="string"==typeof n?n.split(" "):[n];for(;4>r;r++)i[e+Zt[r]+t]=o[r]||o[r-2]||o[0];return i}},Ut.test(e)||(b.cssHooks[e+t].set=on)});var cn=/%20/g,pn=/\[\]$/,fn=/\r?\n/g,dn=/^(?:submit|button|image|reset|file)$/i,hn=/^(?:input|select|textarea|keygen)/i;b.fn.extend({serialize:function(){return b.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var e=b.prop(this,"elements");return e?b.makeArray(e):this}).filter(function(){var e=this.type;return this.name&&!b(this).is(":disabled")&&hn.test(this.nodeName)&&!dn.test(e)&&(this.checked||!Nt.test(e))}).map(function(e,t){var n=b(this).val();return null==n?null:b.isArray(n)?b.map(n,function(e){return{name:t.name,value:e.replace(fn,"\r\n")}}):{name:t.name,value:n.replace(fn,"\r\n")}}).get()}}),b.param=function(e,n){var r,i=[],o=function(e,t){t=b.isFunction(t)?t():null==t?"":t,i[i.length]=encodeURIComponent(e)+"="+encodeURIComponent(t)};if(n===t&&(n=b.ajaxSettings&&b.ajaxSettings.traditional),b.isArray(e)||e.jquery&&!b.isPlainObject(e))b.each(e,function(){o(this.name,this.value)});else for(r in e)gn(r,e[r],n,o);return i.join("&").replace(cn,"+")};function gn(e,t,n,r){var i;if(b.isArray(t))b.each(t,function(t,i){n||pn.test(e)?r(e,i):gn(e+"["+("object"==typeof i?t:"")+"]",i,n,r)});else if(n||"object"!==b.type(t))r(e,t);else for(i in t)gn(e+"["+i+"]",t[i],n,r)}b.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(e,t){b.fn[t]=function(e,n){return arguments.length>0?this.on(t,null,e,n):this.trigger(t)}}),b.fn.hover=function(e,t){return this.mouseenter(e).mouseleave(t||e)};var mn,yn,vn=b.now(),bn=/\?/,xn=/#.*$/,wn=/([?&])_=[^&]*/,Tn=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Nn=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Cn=/^(?:GET|HEAD)$/,kn=/^\/\//,En=/^([\w.+-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,Sn=b.fn.load,An={},jn={},Dn="*/".concat("*");try{yn=a.href}catch(Ln){yn=o.createElement("a"),yn.href="",yn=yn.href}mn=En.exec(yn.toLowerCase())||[];function Hn(e){return function(t,n){"string"!=typeof t&&(n=t,t="*");var r,i=0,o=t.toLowerCase().match(w)||[];if(b.isFunction(n))while(r=o[i++])"+"===r[0]?(r=r.slice(1)||"*",(e[r]=e[r]||[]).unshift(n)):(e[r]=e[r]||[]).push(n)}}function qn(e,n,r,i){var o={},a=e===jn;function s(u){var l;return o[u]=!0,b.each(e[u]||[],function(e,u){var c=u(n,r,i);return"string"!=typeof c||a||o[c]?a?!(l=c):t:(n.dataTypes.unshift(c),s(c),!1)}),l}return s(n.dataTypes[0])||!o["*"]&&s("*")}function Mn(e,n){var r,i,o=b.ajaxSettings.flatOptions||{};for(i in n)n[i]!==t&&((o[i]?e:r||(r={}))[i]=n[i]);return r&&b.extend(!0,e,r),e}b.fn.load=function(e,n,r){if("string"!=typeof e&&Sn)return Sn.apply(this,arguments);var i,o,a,s=this,u=e.indexOf(" ");return u>=0&&(i=e.slice(u,e.length),e=e.slice(0,u)),b.isFunction(n)?(r=n,n=t):n&&"object"==typeof n&&(a="POST"),s.length>0&&b.ajax({url:e,type:a,dataType:"html",data:n}).done(function(e){o=arguments,s.html(i?b("<div>").append(b.parseHTML(e)).find(i):e)}).complete(r&&function(e,t){s.each(r,o||[e.responseText,t,e])}),this},b.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){b.fn[t]=function(e){return this.on(t,e)}}),b.each(["get","post"],function(e,n){b[n]=function(e,r,i,o){return b.isFunction(r)&&(o=o||i,i=r,r=t),b.ajax({url:e,type:n,dataType:o,data:r,success:i})}}),b.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:yn,type:"GET",isLocal:Nn.test(mn[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Dn,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":e.String,"text html":!0,"text json":b.parseJSON,"text xml":b.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(e,t){return t?Mn(Mn(e,b.ajaxSettings),t):Mn(b.ajaxSettings,e)},ajaxPrefilter:Hn(An),ajaxTransport:Hn(jn),ajax:function(e,n){"object"==typeof e&&(n=e,e=t),n=n||{};var r,i,o,a,s,u,l,c,p=b.ajaxSetup({},n),f=p.context||p,d=p.context&&(f.nodeType||f.jquery)?b(f):b.event,h=b.Deferred(),g=b.Callbacks("once memory"),m=p.statusCode||{},y={},v={},x=0,T="canceled",N={readyState:0,getResponseHeader:function(e){var t;if(2===x){if(!c){c={};while(t=Tn.exec(a))c[t[1].toLowerCase()]=t[2]}t=c[e.toLowerCase()]}return null==t?null:t},getAllResponseHeaders:function(){return 2===x?a:null},setRequestHeader:function(e,t){var n=e.toLowerCase();return x||(e=v[n]=v[n]||e,y[e]=t),this},overrideMimeType:function(e){return x||(p.mimeType=e),this},statusCode:function(e){var t;if(e)if(2>x)for(t in e)m[t]=[m[t],e[t]];else N.always(e[N.status]);return this},abort:function(e){var t=e||T;return l&&l.abort(t),k(0,t),this}};if(h.promise(N).complete=g.add,N.success=N.done,N.error=N.fail,p.url=((e||p.url||yn)+"").replace(xn,"").replace(kn,mn[1]+"//"),p.type=n.method||n.type||p.method||p.type,p.dataTypes=b.trim(p.dataType||"*").toLowerCase().match(w)||[""],null==p.crossDomain&&(r=En.exec(p.url.toLowerCase()),p.crossDomain=!(!r||r[1]===mn[1]&&r[2]===mn[2]&&(r[3]||("http:"===r[1]?80:443))==(mn[3]||("http:"===mn[1]?80:443)))),p.data&&p.processData&&"string"!=typeof p.data&&(p.data=b.param(p.data,p.traditional)),qn(An,p,n,N),2===x)return N;u=p.global,u&&0===b.active++&&b.event.trigger("ajaxStart"),p.type=p.type.toUpperCase(),p.hasContent=!Cn.test(p.type),o=p.url,p.hasContent||(p.data&&(o=p.url+=(bn.test(o)?"&":"?")+p.data,delete p.data),p.cache===!1&&(p.url=wn.test(o)?o.replace(wn,"$1_="+vn++):o+(bn.test(o)?"&":"?")+"_="+vn++)),p.ifModified&&(b.lastModified[o]&&N.setRequestHeader("If-Modified-Since",b.lastModified[o]),b.etag[o]&&N.setRequestHeader("If-None-Match",b.etag[o])),(p.data&&p.hasContent&&p.contentType!==!1||n.contentType)&&N.setRequestHeader("Content-Type",p.contentType),N.setRequestHeader("Accept",p.dataTypes[0]&&p.accepts[p.dataTypes[0]]?p.accepts[p.dataTypes[0]]+("*"!==p.dataTypes[0]?", "+Dn+"; q=0.01":""):p.accepts["*"]);for(i in p.headers)N.setRequestHeader(i,p.headers[i]);if(p.beforeSend&&(p.beforeSend.call(f,N,p)===!1||2===x))return N.abort();T="abort";for(i in{success:1,error:1,complete:1})N[i](p[i]);if(l=qn(jn,p,n,N)){N.readyState=1,u&&d.trigger("ajaxSend",[N,p]),p.async&&p.timeout>0&&(s=setTimeout(function(){N.abort("timeout")},p.timeout));try{x=1,l.send(y,k)}catch(C){if(!(2>x))throw C;k(-1,C)}}else k(-1,"No Transport");function k(e,n,r,i){var c,y,v,w,T,C=n;2!==x&&(x=2,s&&clearTimeout(s),l=t,a=i||"",N.readyState=e>0?4:0,r&&(w=_n(p,N,r)),e>=200&&300>e||304===e?(p.ifModified&&(T=N.getResponseHeader("Last-Modified"),T&&(b.lastModified[o]=T),T=N.getResponseHeader("etag"),T&&(b.etag[o]=T)),204===e?(c=!0,C="nocontent"):304===e?(c=!0,C="notmodified"):(c=Fn(p,w),C=c.state,y=c.data,v=c.error,c=!v)):(v=C,(e||!C)&&(C="error",0>e&&(e=0))),N.status=e,N.statusText=(n||C)+"",c?h.resolveWith(f,[y,C,N]):h.rejectWith(f,[N,C,v]),N.statusCode(m),m=t,u&&d.trigger(c?"ajaxSuccess":"ajaxError",[N,p,c?y:v]),g.fireWith(f,[N,C]),u&&(d.trigger("ajaxComplete",[N,p]),--b.active||b.event.trigger("ajaxStop")))}return N},getScript:function(e,n){return b.get(e,t,n,"script")},getJSON:function(e,t,n){return b.get(e,t,n,"json")}});function _n(e,n,r){var i,o,a,s,u=e.contents,l=e.dataTypes,c=e.responseFields;for(s in c)s in r&&(n[c[s]]=r[s]);while("*"===l[0])l.shift(),o===t&&(o=e.mimeType||n.getResponseHeader("Content-Type"));if(o)for(s in u)if(u[s]&&u[s].test(o)){l.unshift(s);break}if(l[0]in r)a=l[0];else{for(s in r){if(!l[0]||e.converters[s+" "+l[0]]){a=s;break}i||(i=s)}a=a||i}return a?(a!==l[0]&&l.unshift(a),r[a]):t}function Fn(e,t){var n,r,i,o,a={},s=0,u=e.dataTypes.slice(),l=u[0];if(e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u[1])for(i in e.converters)a[i.toLowerCase()]=e.converters[i];for(;r=u[++s];)if("*"!==r){if("*"!==l&&l!==r){if(i=a[l+" "+r]||a["* "+r],!i)for(n in a)if(o=n.split(" "),o[1]===r&&(i=a[l+" "+o[0]]||a["* "+o[0]])){i===!0?i=a[n]:a[n]!==!0&&(r=o[0],u.splice(s--,0,r));break}if(i!==!0)if(i&&e["throws"])t=i(t);else try{t=i(t)}catch(c){return{state:"parsererror",error:i?c:"No conversion from "+l+" to "+r}}}l=r}return{state:"success",data:t}}b.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/(?:java|ecma)script/},converters:{"text script":function(e){return b.globalEval(e),e}}}),b.ajaxPrefilter("script",function(e){e.cache===t&&(e.cache=!1),e.crossDomain&&(e.type="GET",e.global=!1)}),b.ajaxTransport("script",function(e){if(e.crossDomain){var n,r=o.head||b("head")[0]||o.documentElement;return{send:function(t,i){n=o.createElement("script"),n.async=!0,e.scriptCharset&&(n.charset=e.scriptCharset),n.src=e.url,n.onload=n.onreadystatechange=function(e,t){(t||!n.readyState||/loaded|complete/.test(n.readyState))&&(n.onload=n.onreadystatechange=null,n.parentNode&&n.parentNode.removeChild(n),n=null,t||i(200,"success"))},r.insertBefore(n,r.firstChild)},abort:function(){n&&n.onload(t,!0)}}}});var On=[],Bn=/(=)\?(?=&|$)|\?\?/;b.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=On.pop()||b.expando+"_"+vn++;return this[e]=!0,e}}),b.ajaxPrefilter("json jsonp",function(n,r,i){var o,a,s,u=n.jsonp!==!1&&(Bn.test(n.url)?"url":"string"==typeof n.data&&!(n.contentType||"").indexOf("application/x-www-form-urlencoded")&&Bn.test(n.data)&&"data");return u||"jsonp"===n.dataTypes[0]?(o=n.jsonpCallback=b.isFunction(n.jsonpCallback)?n.jsonpCallback():n.jsonpCallback,u?n[u]=n[u].replace(Bn,"$1"+o):n.jsonp!==!1&&(n.url+=(bn.test(n.url)?"&":"?")+n.jsonp+"="+o),n.converters["script json"]=function(){return s||b.error(o+" was not called"),s[0]},n.dataTypes[0]="json",a=e[o],e[o]=function(){s=arguments},i.always(function(){e[o]=a,n[o]&&(n.jsonpCallback=r.jsonpCallback,On.push(o)),s&&b.isFunction(a)&&a(s[0]),s=a=t}),"script"):t});var Pn,Rn,Wn=0,$n=e.ActiveXObject&&function(){var e;for(e in Pn)Pn[e](t,!0)};function In(){try{return new e.XMLHttpRequest}catch(t){}}function zn(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}b.ajaxSettings.xhr=e.ActiveXObject?function(){return!this.isLocal&&In()||zn()}:In,Rn=b.ajaxSettings.xhr(),b.support.cors=!!Rn&&"withCredentials"in Rn,Rn=b.support.ajax=!!Rn,Rn&&b.ajaxTransport(function(n){if(!n.crossDomain||b.support.cors){var r;return{send:function(i,o){var a,s,u=n.xhr();if(n.username?u.open(n.type,n.url,n.async,n.username,n.password):u.open(n.type,n.url,n.async),n.xhrFields)for(s in n.xhrFields)u[s]=n.xhrFields[s];n.mimeType&&u.overrideMimeType&&u.overrideMimeType(n.mimeType),n.crossDomain||i["X-Requested-With"]||(i["X-Requested-With"]="XMLHttpRequest");try{for(s in i)u.setRequestHeader(s,i[s])}catch(l){}u.send(n.hasContent&&n.data||null),r=function(e,i){var s,l,c,p;try{if(r&&(i||4===u.readyState))if(r=t,a&&(u.onreadystatechange=b.noop,$n&&delete Pn[a]),i)4!==u.readyState&&u.abort();else{p={},s=u.status,l=u.getAllResponseHeaders(),"string"==typeof u.responseText&&(p.text=u.responseText);try{c=u.statusText}catch(f){c=""}s||!n.isLocal||n.crossDomain?1223===s&&(s=204):s=p.text?200:404}}catch(d){i||o(-1,d)}p&&o(s,c,p,l)},n.async?4===u.readyState?setTimeout(r):(a=++Wn,$n&&(Pn||(Pn={},b(e).unload($n)),Pn[a]=r),u.onreadystatechange=r):r()},abort:function(){r&&r(t,!0)}}}});var Xn,Un,Vn=/^(?:toggle|show|hide)$/,Yn=RegExp("^(?:([+-])=|)("+x+")([a-z%]*)$","i"),Jn=/queueHooks$/,Gn=[nr],Qn={"*":[function(e,t){var n,r,i=this.createTween(e,t),o=Yn.exec(t),a=i.cur(),s=+a||0,u=1,l=20;if(o){if(n=+o[2],r=o[3]||(b.cssNumber[e]?"":"px"),"px"!==r&&s){s=b.css(i.elem,e,!0)||n||1;do u=u||".5",s/=u,b.style(i.elem,e,s+r);while(u!==(u=i.cur()/a)&&1!==u&&--l)}i.unit=r,i.start=s,i.end=o[1]?s+(o[1]+1)*n:n}return i}]};function Kn(){return setTimeout(function(){Xn=t}),Xn=b.now()}function Zn(e,t){b.each(t,function(t,n){var r=(Qn[t]||[]).concat(Qn["*"]),i=0,o=r.length;for(;o>i;i++)if(r[i].call(e,t,n))return})}function er(e,t,n){var r,i,o=0,a=Gn.length,s=b.Deferred().always(function(){delete u.elem}),u=function(){if(i)return!1;var t=Xn||Kn(),n=Math.max(0,l.startTime+l.duration-t),r=n/l.duration||0,o=1-r,a=0,u=l.tweens.length;for(;u>a;a++)l.tweens[a].run(o);return s.notifyWith(e,[l,o,n]),1>o&&u?n:(s.resolveWith(e,[l]),!1)},l=s.promise({elem:e,props:b.extend({},t),opts:b.extend(!0,{specialEasing:{}},n),originalProperties:t,originalOptions:n,startTime:Xn||Kn(),duration:n.duration,tweens:[],createTween:function(t,n){var r=b.Tween(e,l.opts,t,n,l.opts.specialEasing[t]||l.opts.easing);return l.tweens.push(r),r},stop:function(t){var n=0,r=t?l.tweens.length:0;if(i)return this;for(i=!0;r>n;n++)l.tweens[n].run(1);return t?s.resolveWith(e,[l,t]):s.rejectWith(e,[l,t]),this}}),c=l.props;for(tr(c,l.opts.specialEasing);a>o;o++)if(r=Gn[o].call(l,e,c,l.opts))return r;return Zn(l,c),b.isFunction(l.opts.start)&&l.opts.start.call(e,l),b.fx.timer(b.extend(u,{elem:e,anim:l,queue:l.opts.queue})),l.progress(l.opts.progress).done(l.opts.done,l.opts.complete).fail(l.opts.fail).always(l.opts.always)}function tr(e,t){var n,r,i,o,a;for(i in e)if(r=b.camelCase(i),o=t[r],n=e[i],b.isArray(n)&&(o=n[1],n=e[i]=n[0]),i!==r&&(e[r]=n,delete e[i]),a=b.cssHooks[r],a&&"expand"in a){n=a.expand(n),delete e[r];for(i in n)i in e||(e[i]=n[i],t[i]=o)}else t[r]=o}b.Animation=b.extend(er,{tweener:function(e,t){b.isFunction(e)?(t=e,e=["*"]):e=e.split(" ");var n,r=0,i=e.length;for(;i>r;r++)n=e[r],Qn[n]=Qn[n]||[],Qn[n].unshift(t)},prefilter:function(e,t){t?Gn.unshift(e):Gn.push(e)}});function nr(e,t,n){var r,i,o,a,s,u,l,c,p,f=this,d=e.style,h={},g=[],m=e.nodeType&&nn(e);n.queue||(c=b._queueHooks(e,"fx"),null==c.unqueued&&(c.unqueued=0,p=c.empty.fire,c.empty.fire=function(){c.unqueued||p()}),c.unqueued++,f.always(function(){f.always(function(){c.unqueued--,b.queue(e,"fx").length||c.empty.fire()})})),1===e.nodeType&&("height"in t||"width"in t)&&(n.overflow=[d.overflow,d.overflowX,d.overflowY],"inline"===b.css(e,"display")&&"none"===b.css(e,"float")&&(b.support.inlineBlockNeedsLayout&&"inline"!==un(e.nodeName)?d.zoom=1:d.display="inline-block")),n.overflow&&(d.overflow="hidden",b.support.shrinkWrapBlocks||f.always(function(){d.overflow=n.overflow[0],d.overflowX=n.overflow[1],d.overflowY=n.overflow[2]}));for(i in t)if(a=t[i],Vn.exec(a)){if(delete t[i],u=u||"toggle"===a,a===(m?"hide":"show"))continue;g.push(i)}if(o=g.length){s=b._data(e,"fxshow")||b._data(e,"fxshow",{}),"hidden"in s&&(m=s.hidden),u&&(s.hidden=!m),m?b(e).show():f.done(function(){b(e).hide()}),f.done(function(){var t;b._removeData(e,"fxshow");for(t in h)b.style(e,t,h[t])});for(i=0;o>i;i++)r=g[i],l=f.createTween(r,m?s[r]:0),h[r]=s[r]||b.style(e,r),r in s||(s[r]=l.start,m&&(l.end=l.start,l.start="width"===r||"height"===r?1:0))}}function rr(e,t,n,r,i){return new rr.prototype.init(e,t,n,r,i)}b.Tween=rr,rr.prototype={constructor:rr,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||"swing",this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(b.cssNumber[n]?"":"px")},cur:function(){var e=rr.propHooks[this.prop];return e&&e.get?e.get(this):rr.propHooks._default.get(this)},run:function(e){var t,n=rr.propHooks[this.prop];return this.pos=t=this.options.duration?b.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):rr.propHooks._default.set(this),this}},rr.prototype.init.prototype=rr.prototype,rr.propHooks={_default:{get:function(e){var t;return null==e.elem[e.prop]||e.elem.style&&null!=e.elem.style[e.prop]?(t=b.css(e.elem,e.prop,""),t&&"auto"!==t?t:0):e.elem[e.prop]},set:function(e){b.fx.step[e.prop]?b.fx.step[e.prop](e):e.elem.style&&(null!=e.elem.style[b.cssProps[e.prop]]||b.cssHooks[e.prop])?b.style(e.elem,e.prop,e.now+e.unit):e.elem[e.prop]=e.now}}},rr.propHooks.scrollTop=rr.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},b.each(["toggle","show","hide"],function(e,t){var n=b.fn[t];b.fn[t]=function(e,r,i){return null==e||"boolean"==typeof e?n.apply(this,arguments):this.animate(ir(t,!0),e,r,i)}}),b.fn.extend({fadeTo:function(e,t,n,r){return this.filter(nn).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(e,t,n,r){var i=b.isEmptyObject(e),o=b.speed(t,n,r),a=function(){var t=er(this,b.extend({},e),o);a.finish=function(){t.stop(!0)},(i||b._data(this,"finish"))&&t.stop(!0)};return a.finish=a,i||o.queue===!1?this.each(a):this.queue(o.queue,a)},stop:function(e,n,r){var i=function(e){var t=e.stop;delete e.stop,t(r)};return"string"!=typeof e&&(r=n,n=e,e=t),n&&e!==!1&&this.queue(e||"fx",[]),this.each(function(){var t=!0,n=null!=e&&e+"queueHooks",o=b.timers,a=b._data(this);if(n)a[n]&&a[n].stop&&i(a[n]);else for(n in a)a[n]&&a[n].stop&&Jn.test(n)&&i(a[n]);for(n=o.length;n--;)o[n].elem!==this||null!=e&&o[n].queue!==e||(o[n].anim.stop(r),t=!1,o.splice(n,1));(t||!r)&&b.dequeue(this,e)})},finish:function(e){return e!==!1&&(e=e||"fx"),this.each(function(){var t,n=b._data(this),r=n[e+"queue"],i=n[e+"queueHooks"],o=b.timers,a=r?r.length:0;for(n.finish=!0,b.queue(this,e,[]),i&&i.cur&&i.cur.finish&&i.cur.finish.call(this),t=o.length;t--;)o[t].elem===this&&o[t].queue===e&&(o[t].anim.stop(!0),o.splice(t,1));for(t=0;a>t;t++)r[t]&&r[t].finish&&r[t].finish.call(this);delete n.finish})}});function ir(e,t){var n,r={height:e},i=0;for(t=t?1:0;4>i;i+=2-t)n=Zt[i],r["margin"+n]=r["padding"+n]=e;return t&&(r.opacity=r.width=e),r}b.each({slideDown:ir("show"),slideUp:ir("hide"),slideToggle:ir("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,t){b.fn[e]=function(e,n,r){return this.animate(t,e,n,r)}}),b.speed=function(e,t,n){var r=e&&"object"==typeof e?b.extend({},e):{complete:n||!n&&t||b.isFunction(e)&&e,duration:e,easing:n&&t||t&&!b.isFunction(t)&&t};return r.duration=b.fx.off?0:"number"==typeof r.duration?r.duration:r.duration in b.fx.speeds?b.fx.speeds[r.duration]:b.fx.speeds._default,(null==r.queue||r.queue===!0)&&(r.queue="fx"),r.old=r.complete,r.complete=function(){b.isFunction(r.old)&&r.old.call(this),r.queue&&b.dequeue(this,r.queue)},r},b.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2}},b.timers=[],b.fx=rr.prototype.init,b.fx.tick=function(){var e,n=b.timers,r=0;for(Xn=b.now();n.length>r;r++)e=n[r],e()||n[r]!==e||n.splice(r--,1);n.length||b.fx.stop(),Xn=t},b.fx.timer=function(e){e()&&b.timers.push(e)&&b.fx.start()},b.fx.interval=13,b.fx.start=function(){Un||(Un=setInterval(b.fx.tick,b.fx.interval))},b.fx.stop=function(){clearInterval(Un),Un=null},b.fx.speeds={slow:600,fast:200,_default:400},b.fx.step={},b.expr&&b.expr.filters&&(b.expr.filters.animated=function(e){return b.grep(b.timers,function(t){return e===t.elem}).length}),b.fn.offset=function(e){if(arguments.length)return e===t?this:this.each(function(t){b.offset.setOffset(this,e,t)});var n,r,o={top:0,left:0},a=this[0],s=a&&a.ownerDocument;if(s)return n=s.documentElement,b.contains(n,a)?(typeof a.getBoundingClientRect!==i&&(o=a.getBoundingClientRect()),r=or(s),{top:o.top+(r.pageYOffset||n.scrollTop)-(n.clientTop||0),left:o.left+(r.pageXOffset||n.scrollLeft)-(n.clientLeft||0)}):o},b.offset={setOffset:function(e,t,n){var r=b.css(e,"position");"static"===r&&(e.style.position="relative");var i=b(e),o=i.offset(),a=b.css(e,"top"),s=b.css(e,"left"),u=("absolute"===r||"fixed"===r)&&b.inArray("auto",[a,s])>-1,l={},c={},p,f;u?(c=i.position(),p=c.top,f=c.left):(p=parseFloat(a)||0,f=parseFloat(s)||0),b.isFunction(t)&&(t=t.call(e,n,o)),null!=t.top&&(l.top=t.top-o.top+p),null!=t.left&&(l.left=t.left-o.left+f),"using"in t?t.using.call(e,l):i.css(l)}},b.fn.extend({position:function(){if(this[0]){var e,t,n={top:0,left:0},r=this[0];return"fixed"===b.css(r,"position")?t=r.getBoundingClientRect():(e=this.offsetParent(),t=this.offset(),b.nodeName(e[0],"html")||(n=e.offset()),n.top+=b.css(e[0],"borderTopWidth",!0),n.left+=b.css(e[0],"borderLeftWidth",!0)),{top:t.top-n.top-b.css(r,"marginTop",!0),left:t.left-n.left-b.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent||o.documentElement;while(e&&!b.nodeName(e,"html")&&"static"===b.css(e,"position"))e=e.offsetParent;return e||o.documentElement})}}),b.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,n){var r=/Y/.test(n);b.fn[e]=function(i){return b.access(this,function(e,i,o){var a=or(e);return o===t?a?n in a?a[n]:a.document.documentElement[i]:e[i]:(a?a.scrollTo(r?b(a).scrollLeft():o,r?o:b(a).scrollTop()):e[i]=o,t)},e,i,arguments.length,null)}});function or(e){return b.isWindow(e)?e:9===e.nodeType?e.defaultView||e.parentWindow:!1}b.each({Height:"height",Width:"width"},function(e,n){b.each({padding:"inner"+e,content:n,"":"outer"+e},function(r,i){b.fn[i]=function(i,o){var a=arguments.length&&(r||"boolean"!=typeof i),s=r||(i===!0||o===!0?"margin":"border");return b.access(this,function(n,r,i){var o;return b.isWindow(n)?n.document.documentElement["client"+e]:9===n.nodeType?(o=n.documentElement,Math.max(n.body["scroll"+e],o["scroll"+e],n.body["offset"+e],o["offset"+e],o["client"+e])):i===t?b.css(n,r,s):b.style(n,r,i,s)},n,a?i:t,a,null)}})}),e.jQuery=e.$=b,"function"==typeof define&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return b})})(window);
diff --git a/inc/modernizr-2.0.js b/inc/modernizr-2.0.js
new file mode 100644
index 0000000..9dca7b0
--- /dev/null
+++ b/inc/modernizr-2.0.js
@@ -0,0 +1,5 @@
+/* Modernizr 2.6.2 (Custom Build) | MIT & BSD
+ * Build: http://modernizr.com/download/#-video-mq-cssclasses-teststyles-testprop-testallprops-prefixes-domprefixes-load
+ */
+;window.Modernizr=function(a,b,c){function A(a){j.cssText=a}function B(a,b){return A(m.join(a+";")+(b||""))}function C(a,b){return typeof a===b}function D(a,b){return!!~(""+a).indexOf(b)}function E(a,b){for(var d in a){var e=a[d];if(!D(e,"-")&&j[e]!==c)return b=="pfx"?e:!0}return!1}function F(a,b,d){for(var e in a){var f=b[a[e]];if(f!==c)return d===!1?a[e]:C(f,"function")?f.bind(d||b):f}return!1}function G(a,b,c){var d=a.charAt(0).toUpperCase()+a.slice(1),e=(a+" "+o.join(d+" ")+d).split(" ");return C(b,"string")||C(b,"undefined")?E(e,b):(e=(a+" "+p.join(d+" ")+d).split(" "),F(e,b,c))}var d="2.6.2",e={},f=!0,g=b.documentElement,h="modernizr",i=b.createElement(h),j=i.style,k,l={}.toString,m=" -webkit- -moz- -o- -ms- ".split(" "),n="Webkit Moz O ms",o=n.split(" "),p=n.toLowerCase().split(" "),q={},r={},s={},t=[],u=t.slice,v,w=function(a,c,d,e){var f,i,j,k,l=b.createElement("div"),m=b.body,n=m||b.createElement("body");if(parseInt(d,10))while(d--)j=b.createElement("div"),j.id=e?e[d]:h+(d+1),l.appendChild(j);return f=["",'<style id="s',h,'">',a,"</style>"].join(""),l.id=h,(m?l:n).innerHTML+=f,n.appendChild(l),m||(n.style.background="",n.style.overflow="hidden",k=g.style.overflow,g.style.overflow="hidden",g.appendChild(n)),i=c(l,a),m?l.parentNode.removeChild(l):(n.parentNode.removeChild(n),g.style.overflow=k),!!i},x=function(b){var c=a.matchMedia||a.msMatchMedia;if(c)return c(b).matches;var d;return w("@media "+b+" { #"+h+" { position: absolute; } }",function(b){d=(a.getComputedStyle?getComputedStyle(b,null):b.currentStyle)["position"]=="absolute"}),d},y={}.hasOwnProperty,z;!C(y,"undefined")&&!C(y.call,"undefined")?z=function(a,b){return y.call(a,b)}:z=function(a,b){return b in a&&C(a.constructor.prototype[b],"undefined")},Function.prototype.bind||(Function.prototype.bind=function(b){var c=this;if(typeof c!="function")throw new TypeError;var d=u.call(arguments,1),e=function(){if(this instanceof e){var a=function(){};a.prototype=c.prototype;var f=new a,g=c.apply(f,d.concat(u.call(arguments)));return Object(g)===g?g:f}return c.apply(b,d.concat(u.call(arguments)))};return e}),q.video=function(){var a=b.createElement("video"),c=!1;try{if(c=!!a.canPlayType)c=new Boolean(c),c.ogg=a.canPlayType('video/ogg; codecs="theora"').replace(/^no$/,""),c.h264=a.canPlayType('video/mp4; codecs="avc1.42E01E"').replace(/^no$/,""),c.webm=a.canPlayType('video/webm; codecs="vp8, vorbis"').replace(/^no$/,"")}catch(d){}return c};for(var H in q)z(q,H)&&(v=H.toLowerCase(),e[v]=q[H](),t.push((e[v]?"":"no-")+v));return e.addTest=function(a,b){if(typeof a=="object")for(var d in a)z(a,d)&&e.addTest(d,a[d]);else{a=a.toLowerCase();if(e[a]!==c)return e;b=typeof b=="function"?b():b,typeof f!="undefined"&&f&&(g.className+=" "+(b?"":"no-")+a),e[a]=b}return e},A(""),i=k=null,e._version=d,e._prefixes=m,e._domPrefixes=p,e._cssomPrefixes=o,e.mq=x,e.testProp=function(a){return E([a])},e.testAllProps=G,e.testStyles=w,g.className=g.className.replace(/(^|\s)no-js(\s|$)/,"$1$2")+(f?" js "+t.join(" "):""),e}(this,this.document),function(a,b,c){function d(a){return"[object Function]"==o.call(a)}function e(a){return"string"==typeof a}function f(){}function g(a){return!a||"loaded"==a||"complete"==a||"uninitialized"==a}function h(){var a=p.shift();q=1,a?a.t?m(function(){("c"==a.t?B.injectCss:B.injectJs)(a.s,0,a.a,a.x,a.e,1)},0):(a(),h()):q=0}function i(a,c,d,e,f,i,j){function k(b){if(!o&&g(l.readyState)&&(u.r=o=1,!q&&h(),l.onload=l.onreadystatechange=null,b)){"img"!=a&&m(function(){t.removeChild(l)},50);for(var d in y[c])y[c].hasOwnProperty(d)&&y[c][d].onload()}}var j=j||B.errorTimeout,l=b.createElement(a),o=0,r=0,u={t:d,s:c,e:f,a:i,x:j};1===y[c]&&(r=1,y[c]=[]),"object"==a?l.data=c:(l.src=c,l.type=a),l.width=l.height="0",l.onerror=l.onload=l.onreadystatechange=function(){k.call(this,r)},p.splice(e,0,u),"img"!=a&&(r||2===y[c]?(t.insertBefore(l,s?null:n),m(k,j)):y[c].push(l))}function j(a,b,c,d,f){return q=0,b=b||"j",e(a)?i("c"==b?v:u,a,b,this.i++,c,d,f):(p.splice(this.i++,0,a),1==p.length&&h()),this}function k(){var a=B;return a.loader={load:j,i:0},a}var l=b.documentElement,m=a.setTimeout,n=b.getElementsByTagName("script")[0],o={}.toString,p=[],q=0,r="MozAppearance"in l.style,s=r&&!!b.createRange().compareNode,t=s?l:n.parentNode,l=a.opera&&"[object Opera]"==o.call(a.opera),l=!!b.attachEvent&&!l,u=r?"object":l?"script":"img",v=l?"script":u,w=Array.isArray||function(a){return"[object Array]"==o.call(a)},x=[],y={},z={timeout:function(a,b){return b.length&&(a.timeout=b[0]),a}},A,B;B=function(a){function b(a){var a=a.split("!"),b=x.length,c=a.pop(),d=a.length,c={url:c,origUrl:c,prefixes:a},e,f,g;for(f=0;f<d;f++)g=a[f].split("="),(e=z[g.shift()])&&(c=e(c,g));for(f=0;f<b;f++)c=x[f](c);return c}function g(a,e,f,g,h){var i=b(a),j=i.autoCallback;i.url.split(".").pop().split("?").shift(),i.bypass||(e&&(e=d(e)?e:e[a]||e[g]||e[a.split("/").pop().split("?")[0]]),i.instead?i.instead(a,e,f,g,h):(y[i.url]?i.noexec=!0:y[i.url]=1,f.load(i.url,i.forceCSS||!i.forceJS&&"css"==i.url.split(".").pop().split("?").shift()?"c":c,i.noexec,i.attrs,i.timeout),(d(e)||d(j))&&f.load(function(){k(),e&&e(i.origUrl,h,g),j&&j(i.origUrl,h,g),y[i.url]=2})))}function h(a,b){function c(a,c){if(a){if(e(a))c||(j=function(){var a=[].slice.call(arguments);k.apply(this,a),l()}),g(a,j,b,0,h);else if(Object(a)===a)for(n in m=function(){var b=0,c;for(c in a)a.hasOwnProperty(c)&&b++;return b}(),a)a.hasOwnProperty(n)&&(!c&&!--m&&(d(j)?j=function(){var a=[].slice.call(arguments);k.apply(this,a),l()}:j[n]=function(a){return function(){var b=[].slice.call(arguments);a&&a.apply(this,b),l()}}(k[n])),g(a[n],j,b,n,h))}else!c&&l()}var h=!!a.test,i=a.load||a.both,j=a.callback||f,k=j,l=a.complete||f,m,n;c(h?a.yep:a.nope,!!i),i&&c(i)}var i,j,l=this.yepnope.loader;if(e(a))g(a,0,l,0);else if(w(a))for(i=0;i<a.length;i++)j=a[i],e(j)?g(j,0,l,0):w(j)?B(j):Object(j)===j&&h(j,l);else Object(a)===a&&h(a,l)},B.addPrefix=function(a,b){z[a]=b},B.addFilter=function(a){x.push(a)},B.errorTimeout=1e4,null==b.readyState&&b.addEventListener&&(b.readyState="loading",b.addEventListener("DOMContentLoaded",A=function(){b.removeEventListener("DOMContentLoaded",A,0),b.readyState="complete"},0)),a.yepnope=k(),a.yepnope.executeStack=h,a.yepnope.injectJs=function(a,c,d,e,i,j){var k=b.createElement("script"),l,o,e=e||B.errorTimeout;k.src=a;for(o in d)k.setAttribute(o,d[o]);c=j?h:c||f,k.onreadystatechange=k.onload=function(){!l&&g(k.readyState)&&(l=1,c(),k.onload=k.onreadystatechange=null)},m(function(){l||(l=1,c(1))},e),i?k.onload():n.parentNode.insertBefore(k,n)},a.yepnope.injectCss=function(a,c,d,e,g,i){var e=b.createElement("link"),j,c=i?h:c||f;e.href=a,e.rel="stylesheet",e.type="text/css";for(j in d)e.setAttribute(j,d[j]);g||(n.parentNode.insertBefore(e,n),m(c,0))}}(this,document),Modernizr.load=function(){yepnope.apply(window,[].slice.call(arguments,0))};
+
diff --git a/inc/octopress.js b/inc/octopress.js
new file mode 100644
index 0000000..10fa974
--- /dev/null
+++ b/inc/octopress.js
@@ -0,0 +1,78 @@
+function getNav() {
+ var mainNav = $('ul.main-navigation, ul[role=main-navigation]').before('<fieldset class="mobile-nav">')
+ var mobileNav = $('fieldset.mobile-nav').append('<select>');
+ mobileNav.find('select').append('<option value="">Navigate…</option>');
+ var addOption = function(i, option) {
+ mobileNav.find('select').append('<option value="' + this.href + '">» ' + $(this).text() + '</option>');
+ }
+ mainNav.find('a').each(addOption);
+ $('ul.subscription a').each(addOption);
+ mobileNav.find('select').bind('change', function(event) {
+ if (event.target.value) { window.location.href = event.target.value; }
+ });
+}
+
+function addSidebarToggler() {
+ if(!$('body').hasClass('sidebar-footer')) {
+ $('#content').append('<span class="toggle-sidebar"></span>');
+ $('.toggle-sidebar').bind('click', function(e) {
+ e.preventDefault();
+ $('body').toggleClass('collapse-sidebar');
+ });
+ }
+ var sections = $('aside.sidebar > section');
+ if (sections.length > 1) {
+ sections.each(function(index, section){
+ if ((sections.length >= 3) && index % 3 === 0) {
+ $(section).addClass("first");
+ }
+ var count = ((index +1) % 2) ? "odd" : "even";
+ $(section).addClass(count);
+ });
+ }
+ if (sections.length >= 3){ $('aside.sidebar').addClass('thirds'); }
+}
+
+function testFeatures() {
+ var features = ['maskImage'];
+ $(features).map(function(i, feature) {
+ if (Modernizr.testAllProps(feature)) {
+ $('html').addClass(feature);
+ } else {
+ $('html').addClass('no-'+feature);
+ }
+ });
+ if ("placeholder" in document.createElement("input")) {
+ $('html').addClass('placeholder');
+ } else {
+ $('html').addClass('no-placeholder');
+ }
+}
+
+
+$('document').ready(function() {
+ testFeatures();
+ getNav();
+ addSidebarToggler();
+});
+
+// iOS scaling bug fix
+// Rewritten version
+// By @mathias, @cheeaun and @jdalton
+// Source url: https://gist.github.com/901295
+(function(doc) {
+ var addEvent = 'addEventListener',
+ type = 'gesturestart',
+ qsa = 'querySelectorAll',
+ scales = [1, 1],
+ meta = qsa in doc ? doc[qsa]('meta[name=viewport]') : [];
+ function fix() {
+ meta.content = 'width=device-width,minimum-scale=' + scales[0] + ',maximum-scale=' + scales[1];
+ doc.removeEventListener(type, fix, true);
+ }
+ if ((meta = meta[meta.length - 1]) && addEvent in doc) {
+ fix();
+ scales = [0.25, 1.6];
+ doc[addEvent](type, fix, true);
+ }
+}(document));
diff --git a/inc/screen.css b/inc/screen.css
new file mode 100644
index 0000000..fb51d89
--- /dev/null
+++ b/inc/screen.css
@@ -0,0 +1,1569 @@
+html, body, div, span, object, iframe,
+h1, h2, h3, h4, h5, h6, p, blockquote, pre,
+a, abbr, acronym, address, big, cite, code,
+del, dfn, em, img, ins, kbd, q, s, samp,
+small, strike, strong, sub, sup, tt, var,
+b, u, i, center,
+dl, dt, ol, ul, li,
+fieldset, form, label, legend,
+table, caption, tbody, tfoot, thead, tr, th, td,
+article, aside, canvas, details, embed,
+figure, figcaption, footer, header, hgroup,
+menu, nav, output, ruby, section, summary,
+mark {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font: inherit;
+ font-size: 100%;
+ vertical-align: baseline;
+}
+
+html {
+ line-height: 1;
+}
+
+ol, ul {
+ list-style: none;
+}
+
+table {
+ border-collapse: collapse;
+ border-spacing: 0;
+}
+
+caption, th, td {
+ text-align: left;
+ font-weight: normal;
+ vertical-align: middle;
+}
+
+q, blockquote {
+ quotes: none;
+}
+q:before, q:after, blockquote:before, blockquote:after {
+ content: "";
+ content: none;
+}
+
+a img {
+ border: none;
+}
+
+article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section, summary {
+ display: block;
+}
+
+a {
+ color: #1863a1;
+}
+a:visited {
+ color: #751590;
+}
+a:focus {
+ color: #0181eb;
+}
+a:hover {
+ color: #0181eb;
+}
+a:active {
+ color: #01579f;
+}
+
+aside.sidebar a {
+ color: #222222;
+}
+aside.sidebar a:focus {
+ color: #0181eb;
+}
+aside.sidebar a:hover {
+ color: #0181eb;
+}
+aside.sidebar a:active {
+ color: #01579f;
+}
+
+a {
+ -webkit-transition: color 0.3s;
+ -moz-transition: color 0.3s;
+ -o-transition: color 0.3s;
+ transition: color 0.3s;
+}
+
+html {
+ background: #252525 url('/img/line-tile.png') top left;
+}
+
+body > div {
+ background: #f2f2f2 url('/img/noise.png') top left;
+ border-bottom: 1px solid #bfbfbf;
+}
+body > div > div {
+ background: #f8f8f8 url('/img/noise.png') top left;
+ border-right: 1px solid #e0e0e0;
+}
+
+.heading, body > header h1, h1, h2, h3, h4, h5, h6 {
+ font-family: "PT Serif", "Georgia", "Helvetica Neue", Arial, sans-serif;
+}
+
+.sans, body > header h2, article header p.meta, article > footer, #content .blog-index footer, html aside.sidebar section, body > footer {
+ font-family: "PT Sans", "Helvetica Neue", Arial, sans-serif;
+}
+
+.serif, body, #content .blog-index a[rel=full-article] {
+ font-family: "PT Serif", Georgia, Times, "Times New Roman", serif;
+}
+
+.mono, pre, code, tt, p code, li code {
+ font-family: Menlo, Monaco, "Andale Mono", "lucida console", "Courier New", monospace;
+}
+
+body > header h1 {
+ font-size: 2.2em;
+ font-family: "HelveticaNeue-Light", "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;
+ font-weight: normal;
+ line-height: 1.2em;
+ margin-bottom: 0.6667em;
+}
+
+body > header h2 {
+ font-family: "HelveticaNeue-Light", "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;
+ color: black;
+ position: relative;
+ top: -0.8em;
+ left: 5em;
+}
+
+#header-open-text {
+ font-weight: 400;
+ font-size: 1.8em;
+ color: #721412;
+}
+
+#header-ssl-text {
+ font-weight: bold;
+ font-size: 1.8em;
+ color: black;
+}
+
+body {
+ line-height: 1.5em;
+ color: #222222;
+}
+
+h1 {
+ font-size: 2.2em;
+ line-height: 1.2em;
+}
+
+ at media only screen and (min-width: 992px) {
+ body {
+ font-size: 1.15em;
+ }
+
+ h1 {
+ font-size: 2.6em;
+ line-height: 1.2em;
+ }
+}
+h1, h2, h3, h4, h5, h6 {
+ text-rendering: optimizelegibility;
+ margin-bottom: 1em;
+ font-weight: bold;
+}
+
+h2, section h1 {
+ font-size: 1.5em;
+}
+
+h3, section h2, section section h1 {
+ font-size: 1.3em;
+}
+
+h4, section h3, section section h2, section section section h1 {
+ font-size: 1em;
+}
+
+h5, section h4, section section h3 {
+ font-size: .9em;
+}
+
+h6, section h5, section section h4, section section section h3 {
+ font-size: .8em;
+}
+
+p, article blockquote, ul, ol {
+ margin-bottom: 1.5em;
+}
+
+ul {
+ list-style-type: disc;
+}
+ul ul {
+ list-style-type: circle;
+ margin-bottom: 0px;
+}
+ul ul ul {
+ list-style-type: square;
+ margin-bottom: 0px;
+}
+
+ol {
+ list-style-type: decimal;
+}
+ol ol {
+ list-style-type: lower-alpha;
+ margin-bottom: 0px;
+}
+ol ol ol {
+ list-style-type: lower-roman;
+ margin-bottom: 0px;
+}
+
+ul, ul ul, ul ol, ol, ol ul, ol ol {
+ margin-left: 1.3em;
+}
+
+ul ul, ul ol, ol ul, ol ol {
+ margin-bottom: 0em;
+}
+
+strong {
+ font-weight: bold;
+}
+
+em {
+ font-style: italic;
+}
+
+sup, sub {
+ font-size: 0.75em;
+ position: relative;
+ display: inline-block;
+ padding: 0 .2em;
+ line-height: .8em;
+}
+
+sup {
+ top: -.5em;
+}
+
+sub {
+ bottom: -.5em;
+}
+
+a[rev='footnote'] {
+ font-size: .75em;
+ padding: 0 .3em;
+ line-height: 1;
+}
+
+q {
+ font-style: italic;
+}
+q:before {
+ content: "\201C";
+}
+q:after {
+ content: "\201D";
+}
+
+em, dfn {
+ font-style: italic;
+}
+
+strong, dfn {
+ font-weight: bold;
+}
+
+del, s {
+ text-decoration: line-through;
+}
+
+abbr, acronym {
+ border-bottom: 1px dotted;
+ cursor: help;
+}
+
+hr {
+ margin-bottom: 0.2em;
+}
+
+small {
+ font-size: .8em;
+}
+
+big {
+ font-size: 1.2em;
+}
+
+article blockquote {
+ font-style: italic;
+ position: relative;
+ font-size: 1.2em;
+ line-height: 1.5em;
+ padding-left: 1em;
+ border-left: 4px solid rgba(170, 170, 170, 0.5);
+}
+article blockquote cite {
+ font-style: italic;
+}
+article blockquote cite a {
+ color: #aaaaaa !important;
+ word-wrap: break-word;
+}
+article blockquote cite:before {
+ content: '\2014';
+ padding-right: .3em;
+ padding-left: .3em;
+ color: #aaaaaa;
+}
+ at media only screen and (min-width: 992px) {
+ article blockquote {
+ padding-left: 1.5em;
+ border-left-width: 4px;
+ }
+}
+
+.pullquote-right:before,
+.pullquote-left:before {
+ /* Reset metrics. */
+ padding: 0;
+ border: none;
+ /* Content */
+ content: attr(data-pullquote);
+ /* Pull out to the right, modular scale based margins. */
+ float: right;
+ width: 45%;
+ margin: .5em 0 1em 1.5em;
+ /* Baseline correction */
+ position: relative;
+ top: 7px;
+ font-size: 1.4em;
+ line-height: 1.45em;
+}
+
+.pullquote-left:before {
+ /* Make left pullquotes align properly. */
+ float: left;
+ margin: .5em 1.5em 1em 0;
+}
+
+/* @extend this to force long lines of continuous text to wrap */
+.force-wrap, article a, aside.sidebar a {
+ white-space: -moz-pre-wrap;
+ white-space: -pre-wrap;
+ white-space: -o-pre-wrap;
+ white-space: pre-wrap;
+ word-wrap: break-word;
+}
+
+.group, body > header, body > nav, body > footer, body #content > article, body #content > div > article, body #content > div > section, body div.pagination, aside.sidebar, #content, .sidebar {
+ *zoom: 1;
+}
+.group:after, body > header:after, body > nav:after, body > footer:after, body #content > article:after, body #content > div > section:after, body div.pagination:after, #content:after, .sidebar:after {
+ content: "";
+ display: table;
+ clear: both;
+}
+
+body {
+ -webkit-text-size-adjust: none;
+ max-width: 1200px;
+ position: relative;
+ margin: 0 auto;
+}
+body > header, body > nav, body > footer, body #content > article, body #content > div > article, body #content > div > section {
+ padding-left: 18px;
+ padding-right: 18px;
+}
+ at media only screen and (min-width: 480px) {
+ body > header, body > nav, body > footer, body #content > article, body #content > div > article, body #content > div > section {
+ padding-left: 25px;
+ padding-right: 25px;
+ }
+}
+ at media only screen and (min-width: 768px) {
+ body > header, body > nav, body > footer, body #content > article, body #content > div > article, body #content > div > section {
+ padding-left: 35px;
+ padding-right: 35px;
+ }
+}
+ at media only screen and (min-width: 992px) {
+ body > header, body > nav, body > footer, body #content > article, body #content > div > article, body #content > div > section {
+ padding-left: 55px;
+ padding-right: 55px;
+ }
+}
+body div.pagination {
+ margin-left: 18px;
+ margin-right: 18px;
+}
+ at media only screen and (min-width: 480px) {
+ body div.pagination {
+ margin-left: 25px;
+ margin-right: 25px;
+ }
+}
+ at media only screen and (min-width: 768px) {
+ body div.pagination {
+ margin-left: 35px;
+ margin-right: 35px;
+ }
+}
+ at media only screen and (min-width: 992px) {
+ body div.pagination {
+ margin-left: 55px;
+ margin-right: 55px;
+ }
+}
+body > header {
+ font-size: 1em;
+ padding-top: 1.5em;
+ padding-bottom: 1.5em;
+ margin-bottom: -1em;
+}
+
+#content {
+ overflow: hidden;
+}
+#content > div, #content > article {
+ width: 100%;
+}
+
+aside.sidebar {
+ float: none;
+ padding: 0 18px 1px;
+ background-color: #f7f7f7;
+ border-top: 1px solid #e0e0e0;
+}
+
+.flex-content, article img, aside.sidebar img {
+ max-width: 100%;
+ height: auto;
+}
+
+.basic-alignment.left, article img.left, aside.sidebar img.left {
+ float: left;
+ margin-right: 1.5em;
+}
+.basic-alignment.right, article img.right, aside.sidebar img.right {
+ float: right;
+ margin-left: 1.5em;
+}
+.basic-alignment.center, article img.center, aside.sidebar img.center {
+ display: block;
+ margin: 0 auto 1.5em;
+}
+.basic-alignment.left, article img.left, aside.sidebar img.left, .basic-alignment.right, article img.right, aside.sidebar img.right {
+ margin-bottom: .8em;
+}
+
+.toggle-sidebar, .no-sidebar .toggle-sidebar {
+ display: none;
+}
+
+ at media only screen and (min-width: 750px) {
+ body.sidebar-footer aside.sidebar {
+ float: none;
+ width: auto;
+ clear: left;
+ margin: 0;
+ padding: 0 35px 1px;
+ background-color: #f7f7f7;
+ border-top: 1px solid #eaeaea;
+ }
+ body.sidebar-footer aside.sidebar section.odd, body.sidebar-footer aside.sidebar section.even {
+ float: left;
+ width: 48%;
+ }
+ body.sidebar-footer aside.sidebar section.odd {
+ margin-left: 0;
+ }
+ body.sidebar-footer aside.sidebar section.even {
+ margin-left: 4%;
+ }
+ body.sidebar-footer aside.sidebar.thirds section {
+ width: 30%;
+ margin-left: 5%;
+ }
+ body.sidebar-footer aside.sidebar.thirds section.first {
+ margin-left: 0;
+ clear: both;
+ }
+}
+body.sidebar-footer #content {
+ margin-right: 0px;
+}
+body.sidebar-footer .toggle-sidebar {
+ display: none;
+}
+
+ at media only screen and (min-width: 550px) {
+ body > header {
+ font-size: 1em;
+ }
+}
+ at media only screen and (min-width: 750px) {
+ aside.sidebar {
+ float: none;
+ width: auto;
+ clear: left;
+ margin: 0;
+ padding: 0 35px 1px;
+ background-color: #f7f7f7;
+ border-top: 1px solid #eaeaea;
+ }
+ aside.sidebar section.odd, aside.sidebar section.even {
+ float: left;
+ width: 48%;
+ }
+ aside.sidebar section.odd {
+ margin-left: 0;
+ }
+ aside.sidebar section.even {
+ margin-left: 4%;
+ }
+ aside.sidebar.thirds section {
+ width: 30%;
+ margin-left: 5%;
+ }
+ aside.sidebar.thirds section.first {
+ margin-left: 0;
+ clear: both;
+ }
+}
+ at media only screen and (min-width: 768px) {
+ body {
+ -webkit-text-size-adjust: auto;
+ }
+
+ body > header {
+ font-size: 1.2em;
+ }
+
+ #content {
+ overflow: visible;
+ margin-right: 240px;
+ position: relative;
+ }
+ .no-sidebar #content {
+ margin-right: 0;
+ border-right: 0;
+ }
+ .collapse-sidebar #content {
+ margin-right: 20px;
+ }
+ #content > div, #content > article {
+ padding-top: 17.5px;
+ padding-bottom: 17.5px;
+ float: left;
+ }
+
+ aside.sidebar {
+ width: 210px;
+ padding: 0 15px 15px;
+ background: none;
+ clear: none;
+ float: left;
+ margin: 0 -100% 0 0;
+ }
+ aside.sidebar section {
+ width: auto;
+ margin-left: 0;
+ }
+ aside.sidebar section.odd, aside.sidebar section.even {
+ float: none;
+ width: auto;
+ margin-left: 0;
+ }
+ .collapse-sidebar aside.sidebar {
+ float: none;
+ width: auto;
+ clear: left;
+ margin: 0;
+ padding: 0 35px 1px;
+ background-color: #f7f7f7;
+ border-top: 1px solid #eaeaea;
+ }
+ .collapse-sidebar aside.sidebar section.odd, .collapse-sidebar aside.sidebar section.even {
+ float: left;
+ width: 48%;
+ }
+ .collapse-sidebar aside.sidebar section.odd {
+ margin-left: 0;
+ }
+ .collapse-sidebar aside.sidebar section.even {
+ margin-left: 4%;
+ }
+ .collapse-sidebar aside.sidebar.thirds section {
+ width: 30%;
+ margin-left: 5%;
+ }
+ .collapse-sidebar aside.sidebar.thirds section.first {
+ margin-left: 0;
+ clear: both;
+ }
+}
+ at media only screen and (min-width: 992px) {
+ body > header {
+ font-size: 1.3em;
+ }
+
+ #content {
+ margin-right: 300px;
+ }
+
+ #content > div, #content > article {
+ padding-top: 27.5px;
+ padding-bottom: 27.5px;
+ }
+
+ aside.sidebar {
+ width: 260px;
+ padding: 1.2em 20px 20px;
+ }
+ .collapse-sidebar aside.sidebar {
+ padding-left: 55px;
+ padding-right: 55px;
+ }
+}
+ at media only screen and (min-width: 768px) {
+ ul, ol {
+ margin-left: 0;
+ }
+}
+body > header {
+ background: #cccccc;
+}
+body > header h1 {
+ display: inline-block;
+ margin: 0;
+}
+body > header h1 a, body > header h1 a:visited, body > header h1 a:hover {
+ color: #f2f2f2;
+ text-decoration: none;
+}
+body > header h2 {
+ margin: .2em 0 0;
+ font-weight: 300;
+ font-size: 0.8em;
+ color: black;
+ position: relative;
+ top: -0.8em;
+ left: 5em;
+}
+
+body > nav {
+ position: relative;
+ background-color: #cccccc;
+ background: url('/img/noise.png'), -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #e0e0e0), color-stop(50%, #cccccc), color-stop(100%, #b0b0b0));
+ background: url('/img/noise.png'), -webkit-linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ background: url('/img/noise.png'), -moz-linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ background: url('/img/noise.png'), -o-linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ background: url('/img/noise.png'), linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ border-top: 1px solid #f2f2f2;
+ border-bottom: 1px solid #8c8c8c;
+ padding-top: .35em;
+ padding-bottom: .35em;
+}
+body > nav form {
+ -webkit-background-clip: padding;
+ -moz-background-clip: padding;
+ background-clip: padding-box;
+ margin: 0;
+ padding: 0;
+}
+body > nav form .search {
+ padding: .3em .5em 0;
+ font-size: .85em;
+ font-family: "PT Sans", "Helvetica Neue", Arial, sans-serif;
+ line-height: 1.1em;
+ width: 95%;
+ -webkit-border-radius: 0.5em;
+ -moz-border-radius: 0.5em;
+ -ms-border-radius: 0.5em;
+ -o-border-radius: 0.5em;
+ border-radius: 0.5em;
+ -webkit-background-clip: padding;
+ -moz-background-clip: padding;
+ background-clip: padding-box;
+ -webkit-box-shadow: #d1d1d1 0 1px;
+ -moz-box-shadow: #d1d1d1 0 1px;
+ box-shadow: #d1d1d1 0 1px;
+ background-color: #f2f2f2;
+ border: 1px solid #b3b3b3;
+ color: #888;
+}
+body > nav form .search:focus {
+ color: #444;
+ border-color: #80b1df;
+ -webkit-box-shadow: #80b1df 0 0 4px, #80b1df 0 0 3px inset;
+ -moz-box-shadow: #80b1df 0 0 4px, #80b1df 0 0 3px inset;
+ box-shadow: #80b1df 0 0 4px, #80b1df 0 0 3px inset;
+ background-color: #fff;
+ outline: none;
+}
+body > nav fieldset[role=search] {
+ float: right;
+ width: 48%;
+}
+body > nav fieldset.mobile-nav {
+ float: left;
+ width: 48%;
+}
+body > nav fieldset.mobile-nav select {
+ width: 100%;
+ font-size: .8em;
+ border: 1px solid #888;
+}
+body > nav ul {
+ display: none;
+}
+ at media only screen and (min-width: 550px) {
+ body > nav {
+ font-size: .9em;
+ }
+ body > nav ul {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ overflow: hidden;
+ *zoom: 1;
+ float: left;
+ display: block;
+ padding-top: .15em;
+ }
+ body > nav ul li {
+ list-style-image: none;
+ list-style-type: none;
+ margin-left: 0;
+ white-space: nowrap;
+ display: inline;
+ float: left;
+ padding-left: 0;
+ padding-right: 0;
+ }
+ body > nav ul li:first-child, body > nav ul li.first {
+ padding-left: 0;
+ }
+ body > nav ul li:last-child {
+ padding-right: 0;
+ }
+ body > nav ul li.last {
+ padding-right: 0;
+ }
+ body > nav ul.subscription {
+ margin-left: .8em;
+ float: right;
+ }
+ body > nav ul.subscription li:last-child a {
+ padding-right: 0;
+ }
+ body > nav ul li {
+ margin: 0;
+ }
+ body > nav a {
+ color: #6b6b6b;
+ font-family: "PT Sans", "Helvetica Neue", Arial, sans-serif;
+ text-shadow: #ebebeb 0 1px;
+ float: left;
+ text-decoration: none;
+ font-size: 1.1em;
+ padding: .1em 0;
+ line-height: 1.5em;
+ }
+ body > nav a:visited {
+ color: #6b6b6b;
+ }
+ body > nav a:hover {
+ color: #2b2b2b;
+ }
+ body > nav li + li {
+ border-left: 1px solid #b0b0b0;
+ margin-left: .8em;
+ }
+ body > nav li + li a {
+ padding-left: .8em;
+ border-left: 1px solid #dedede;
+ }
+ body > nav form {
+ float: right;
+ text-align: left;
+ padding-left: .8em;
+ width: 175px;
+ }
+ body > nav form .search {
+ width: 93%;
+ font-size: .95em;
+ line-height: 1.2em;
+ }
+ body > nav ul[data-subscription$=email] + form {
+ width: 97px;
+ }
+ body > nav ul[data-subscription$=email] + form .search {
+ width: 91%;
+ }
+ body > nav fieldset.mobile-nav {
+ display: none;
+ }
+ body > nav fieldset[role=search] {
+ width: 99%;
+ }
+}
+ at media only screen and (min-width: 992px) {
+ body > nav form {
+ width: 215px;
+ }
+ body > nav ul[data-subscription$=email] + form {
+ width: 147px;
+ }
+}
+
+.no-placeholder body > nav .search {
+ background: #f2f2f2 url('/img/search.png') 0.3em 0.25em no-repeat;
+ text-indent: 1.3em;
+}
+
+ at media only screen and (min-width: 550px) {
+ .maskImage body > nav ul[data-subscription$=email] + form {
+ width: 123px;
+ }
+}
+ at media only screen and (min-width: 992px) {
+ .maskImage body > nav ul[data-subscription$=email] + form {
+ width: 173px;
+ }
+}
+.maskImage ul.subscription {
+ position: relative;
+ top: .2em;
+}
+.maskImage ul.subscription li, .maskImage ul.subscription a {
+ border: 0;
+ padding: 0;
+}
+
+article {
+ padding-top: 1em;
+}
+article header {
+ position: relative;
+ padding-top: 2em;
+ padding-bottom: 1em;
+ margin-bottom: 1em;
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') bottom left repeat-x;
+}
+article header h1 {
+ margin: 0;
+}
+article header h1 a {
+ text-decoration: none;
+}
+article header h1 a:hover {
+ text-decoration: underline;
+}
+article header p {
+ font-size: .9em;
+ color: #aaaaaa;
+ margin: 0;
+}
+article header p.meta {
+ text-transform: uppercase;
+ position: absolute;
+ top: 0;
+}
+ at media only screen and (min-width: 768px) {
+ article header {
+ margin-bottom: 1.5em;
+ padding-bottom: 1em;
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') bottom left repeat-x;
+ }
+}
+article h2 {
+ padding-top: 0.8em;
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') top left repeat-x;
+}
+.entry-content article h2:first-child, article header + h2 {
+ padding-top: 0;
+}
+article h2:first-child, article header + h2 {
+ background: none;
+}
+article .feature {
+ padding-top: .5em;
+ margin-bottom: 1em;
+ padding-bottom: 1em;
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') bottom left repeat-x;
+ font-size: 2.0em;
+ font-style: italic;
+ line-height: 1.3em;
+}
+article img, {
+ -webkit-border-radius: 0.3em;
+ -moz-border-radius: 0.3em;
+ -ms-border-radius: 0.3em;
+ -o-border-radius: 0.3em;
+ border-radius: 0.3em;
+ -webkit-box-shadow: rgba(0, 0, 0, 0.15) 0 1px 4px;
+ -moz-box-shadow: rgba(0, 0, 0, 0.15) 0 1px 4px;
+ box-shadow: rgba(0, 0, 0, 0.15) 0 1px 4px;
+ -webkit-box-sizing: border-box;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+ border: white 0.5em solid;
+}
+article > footer {
+ padding-bottom: 2.5em;
+ margin-top: 2em;
+}
+article > footer p.meta {
+ margin-bottom: .8em;
+ font-size: .85em;
+ clear: both;
+ overflow: hidden;
+}
+
+.blog-index article + article {
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') top left repeat-x;
+}
+
+#content .blog-index {
+ padding-top: 0;
+ padding-bottom: 0;
+}
+#content .blog-index article {
+ padding-top: 2em;
+}
+#content .blog-index article header {
+ background: none;
+ padding-bottom: 0;
+}
+#content .blog-index article h1 {
+ font-size: 2.2em;
+}
+#content .blog-index article h1 a {
+ color: inherit;
+}
+#content .blog-index article h1 a:hover {
+ color: #0181eb;
+}
+#content .blog-index footer {
+ margin-top: 1em;
+}
+
+.separator, article > footer .comments:before {
+ content: "\2022 ";
+ padding: 0 .4em 0 .2em;
+ display: inline-block;
+}
+
+#content div.pagination {
+ text-align: center;
+ font-size: .95em;
+ position: relative;
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') top left repeat-x;
+ padding-top: 1.5em;
+ padding-bottom: 1.5em;
+}
+#content div.pagination a {
+ text-decoration: none;
+ color: #aaaaaa;
+}
+#content div.pagination a.prev {
+ position: absolute;
+ left: 0;
+}
+#content div.pagination a.next {
+ position: absolute;
+ right: 0;
+}
+#content div.pagination a:hover {
+ color: #0181eb;
+}
+#content div.pagination a[href*=archive]:before, #content div.pagination a[href*=archive]:after {
+ content: '\2014';
+ padding: 0 .3em;
+}
+
+p.meta + .sharing {
+ padding-top: 1em;
+ padding-left: 0;
+ background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAABCAYAAACsXeyTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAFUlEQVQIHWNIS0sr/v//PwMMDzY+ADqMahlW4J91AAAAAElFTkSuQmCC') top left repeat-x;
+}
+
+#fb-root {
+ display: none;
+}
+
+.highlight, {
+ border: 1px solid #05232b !important;
+}
+.highlight table td.code, table td.code {
+ width: 100%;
+}
+
+.highlight .line-numbers, html .highlight .line_numbers {
+ text-align: right;
+ font-size: 13px;
+ line-height: 1.45em;
+ background: #073642 url('/img/noise.png') top left !important;
+ border-right: 1px solid #00232c !important;
+ -webkit-box-shadow: #083e4b -1px 0 inset;
+ -moz-box-shadow: #083e4b -1px 0 inset;
+ box-shadow: #083e4b -1px 0 inset;
+ text-shadow: #021014 0 -1px;
+ padding: .8em !important;
+ -webkit-border-radius: 0;
+ -moz-border-radius: 0;
+ -ms-border-radius: 0;
+ -o-border-radius: 0;
+ border-radius: 0;
+}
+.highlight .line-numbers span, html .highlight .line_numbers span {
+ color: #586e75 !important;
+}
+
+figure.code, pre {
+ -webkit-box-shadow: rgba(0, 0, 0, 0.06) 0 0 10px;
+ -moz-box-shadow: rgba(0, 0, 0, 0.06) 0 0 10px;
+ box-shadow: rgba(0, 0, 0, 0.06) 0 0 10px;
+}
+figure.code .highlight pre, .highlight pre, pre .highlight pre {
+ -webkit-box-shadow: none;
+ -moz-box-shadow: none;
+ box-shadow: none;
+}
+
+.highlight *::-moz-selection, figure.code .highlight *::-moz-selection {
+ background: #386774;
+ color: inherit;
+ text-shadow: #002b36 0 1px;
+}
+.highlight *::-webkit-selection, figure.code .highlight *::-webkit-selection {
+ background: #386774;
+ color: inherit;
+ text-shadow: #002b36 0 1px;
+}
+.highlight *::selection, figure.code .highlight *::selection {
+ background: #386774;
+ color: inherit;
+ text-shadow: #002b36 0 1px;
+}
+
+pre {
+ background: #002b36 url('/img/noise.png') top left;
+ -webkit-border-radius: 0.4em;
+ -moz-border-radius: 0.4em;
+ -ms-border-radius: 0.4em;
+ -o-border-radius: 0.4em;
+ border-radius: 0.4em;
+ border: 1px solid #05232b;
+ line-height: 1.45em;
+ font-size: 13px;
+ margin-bottom: 2.1em;
+ padding: .8em 1em;
+# color: #93a1a1;
+ color: #00FF00;
+ overflow: auto;
+}
+
+h3.filename + pre {
+ -moz-border-radius-topleft: 0px;
+ -webkit-border-top-left-radius: 0px;
+ border-top-left-radius: 0px;
+ -moz-border-radius-topright: 0px;
+ -webkit-border-top-right-radius: 0px;
+ border-top-right-radius: 0px;
+}
+
+p code, li code {
+ display: inline-block;
+ white-space: no-wrap;
+ background: #fff;
+ font-size: .8em;
+ line-height: 1.5em;
+ color: #555;
+ border: 1px solid #ddd;
+ -webkit-border-radius: 0.4em;
+ -moz-border-radius: 0.4em;
+ -ms-border-radius: 0.4em;
+ -o-border-radius: 0.4em;
+ border-radius: 0.4em;
+ padding: 0 .3em;
+ margin: -1px 0;
+}
+p pre code, li pre code {
+ font-size: 1em !important;
+ background: none;
+ border: none;
+}
+
+.pre-code, html .highlight pre, .highlight code {
+ font-family: Menlo, Monaco, "Andale Mono", "lucida console", "Courier New", monospace !important;
+ overflow: scroll;
+ overflow-y: hidden;
+ display: block;
+ padding: .8em;
+ overflow-x: auto;
+ line-height: 1.45em;
+ background: #002b36 url('/img/noise.png') top left !important;
+ color: #93a1a1 !important;
+}
+.pre-code span, html .highlight pre span, .highlight code span {
+ color: #93a1a1 !important;
+}
+.pre-code span, html .highlight pre span, .highlight code span {
+ font-style: normal !important;
+ font-weight: normal !important;
+}
+.pre-code .c, html .highlight pre .c, .highlight code .c {
+ color: #586e75 !important;
+ font-style: italic !important;
+}
+.pre-code .cm, html .highlight pre .cm, .highlight code .cm {
+ color: #586e75 !important;
+ font-style: italic !important;
+}
+.pre-code .cp, html .highlight pre .cp, .highlight code .cp {
+ color: #586e75 !important;
+ font-style: italic !important;
+}
+.pre-code .c1, html .highlight pre .c1, .highlight code .c1 {
+ color: #586e75 !important;
+ font-style: italic !important;
+}
+.pre-code .cs, html .highlight pre .cs, .highlight code .cs {
+ color: #586e75 !important;
+ font-weight: bold !important;
+ font-style: italic !important;
+}
+.pre-code .err, html .highlight pre .err, .highlight code .err {
+ color: #dc322f !important;
+ background: none !important;
+}
+.pre-code .k, html .highlight pre .k, .highlight code .k {
+ color: #cb4b16 !important;
+}
+.pre-code .o, html .highlight pre .o, .highlight code .o {
+ color: #93a1a1 !important;
+ font-weight: bold !important;
+}
+.pre-code .p, html .highlight pre .p, .highlight code .p {
+ color: #93a1a1 !important;
+}
+.pre-code .ow, html .highlight pre .ow, .highlight code .ow {
+ color: #2aa198 !important;
+ font-weight: bold !important;
+}
+.pre-code .gd, html .highlight pre .gd, .highlight code .gd {
+ color: #93a1a1 !important;
+ background-color: #372c34 !important;
+ display: inline-block;
+}
+.pre-code .gd .x, html .highlight pre .gd .x, .highlight code .gd .x {
+ color: #93a1a1 !important;
+ background-color: #4d2d33 !important;
+ display: inline-block;
+}
+.pre-code .ge, html .highlight pre .ge, .highlight code .ge {
+ color: #93a1a1 !important;
+ font-style: italic !important;
+}
+.pre-code .gh, html .highlight pre .gh, .highlight code .gh {
+ color: #586e75 !important;
+}
+.pre-code .gi, html .highlight pre .gi, .highlight code .gi {
+ color: #93a1a1 !important;
+ background-color: #1a412b !important;
+ display: inline-block;
+}
+.pre-code .gi .x, html .highlight pre .gi .x, .highlight code .gi .x {
+ color: #93a1a1 !important;
+ background-color: #355720 !important;
+ display: inline-block;
+}
+.pre-code .gs, html .highlight pre .gs, .highlight code .gs {
+ color: #93a1a1 !important;
+ font-weight: bold !important;
+}
+.pre-code .gu, html .highlight pre .gu, .highlight code .gu {
+ color: #6c71c4 !important;
+}
+.pre-code .kc, html .highlight pre .kc, .highlight code .kc {
+ color: #859900 !important;
+ font-weight: bold !important;
+}
+.pre-code .kd, html .highlight pre .kd, .highlight code .kd {
+ color: #268bd2 !important;
+}
+.pre-code .kp, html .highlight pre .kp, .highlight code .kp {
+ color: #cb4b16 !important;
+ font-weight: bold !important;
+}
+.pre-code .kr, html .highlight pre .kr, .highlight code .kr {
+ color: #d33682 !important;
+ font-weight: bold !important;
+}
+.pre-code .kt, html .highlight pre .kt, .highlight code .kt {
+ color: #2aa198 !important;
+}
+.pre-code .n, html .highlight pre .n, .highlight code .n {
+ color: #268bd2 !important;
+}
+.pre-code .na, html .highlight pre .na, .highlight code .na {
+ color: #268bd2 !important;
+}
+.pre-code .nb, html .highlight pre .nb, .highlight code .nb {
+ color: #859900 !important;
+}
+.pre-code .nc, html .highlight pre .nc, .highlight code .nc {
+ color: #d33682 !important;
+}
+.pre-code .no, html .highlight pre .no, .highlight code .no {
+ color: #b58900 !important;
+}
+.pre-code .nl, html .highlight pre .nl, .highlight code .nl {
+ color: #859900 !important;
+}
+.pre-code .ne, html .highlight pre .ne, .highlight code .ne {
+ color: #268bd2 !important;
+ font-weight: bold !important;
+}
+.pre-code .nf, html .highlight pre .nf, .highlight code .nf {
+ color: #268bd2 !important;
+ font-weight: bold !important;
+}
+.pre-code .nn, html .highlight pre .nn, .highlight code .nn {
+ color: #b58900 !important;
+}
+.pre-code .nt, html .highlight pre .nt, .highlight code .nt {
+ color: #268bd2 !important;
+ font-weight: bold !important;
+}
+.pre-code .nx, html .highlight pre .nx, .highlight code .nx {
+ color: #b58900 !important;
+}
+.pre-code .vg, html .highlight pre .vg, .highlight code .vg {
+ color: #268bd2 !important;
+}
+.pre-code .vi, html .highlight pre .vi, .highlight code .vi {
+ color: #268bd2 !important;
+}
+.pre-code .nv, html .highlight pre .nv, .highlight code .nv {
+ color: #268bd2 !important;
+}
+.pre-code .mf, html .highlight pre .mf, .highlight code .mf {
+ color: #2aa198 !important;
+}
+.pre-code .m, html .highlight pre .m, .highlight code .m {
+ color: #2aa198 !important;
+}
+.pre-code .mh, html .highlight pre .mh, .highlight code .mh {
+ color: #2aa198 !important;
+}
+.pre-code .mi, html .highlight pre .mi, .highlight code .mi {
+ color: #2aa198 !important;
+}
+.pre-code .s, html .highlight pre .s, .highlight code .s {
+ color: #2aa198 !important;
+}
+.pre-code .sd, html .highlight pre .sd, .highlight code .sd {
+ color: #2aa198 !important;
+}
+.pre-code .s2, html .highlight pre .s2, .highlight code .s2 {
+ color: #2aa198 !important;
+}
+.pre-code .se, html .highlight pre .se, .highlight code .se {
+ color: #dc322f !important;
+}
+.pre-code .si, html .highlight pre .si, .highlight code .si {
+ color: #268bd2 !important;
+}
+.pre-code .sr, html .highlight pre .sr, .highlight code .sr {
+ color: #2aa198 !important;
+}
+.pre-code .s1, html .highlight pre .s1, .highlight code .s1 {
+ color: #2aa198 !important;
+}
+.pre-code div .gd, html .highlight pre div .gd, .highlight code div .gd, .pre-code div .gd .x, html .highlight pre div .gd .x, .highlight code div .gd .x, .pre-code div .gi, html .highlight pre div .gi, .highlight code div .gi, .pre-code div .gi .x, html .highlight pre div .gi .x, .highlight code div .gi .x {
+ display: inline-block;
+ width: 100%;
+}
+
+.highlight {
+ margin-bottom: 1.8em;
+ background: #002b36;
+ overflow-y: hidden;
+ overflow-x: auto;
+}
+.highlight pre {
+ background: none;
+ -webkit-border-radius: 0px;
+ -moz-border-radius: 0px;
+ -ms-border-radius: 0px;
+ -o-border-radius: 0px;
+ border-radius: 0px;
+ border: none;
+ padding: 0;
+ margin-bottom: 0;
+}
+
+pre::-webkit-scrollbar, .highlight::-webkit-scrollbar {
+ height: .5em;
+ background: rgba(255, 255, 255, 0.15);
+}
+pre::-webkit-scrollbar-thumb:horizontal, .highlight::-webkit-scrollbar-thumb:horizontal {
+ background: rgba(255, 255, 255, 0.2);
+ -webkit-border-radius: 4px;
+ border-radius: 4px;
+}
+
+.highlight code {
+ background: #000;
+}
+
+figure.code {
+ background: none;
+ padding: 0;
+ border: 0;
+ margin-bottom: 1.5em;
+}
+figure.code pre {
+ margin-bottom: 0;
+}
+figure.code figcaption {
+ position: relative;
+}
+figure.code .highlight {
+ margin-bottom: 0;
+}
+
+.code-title, html a[href*='#file'], h3.filename, figure.code figcaption {
+ text-align: center;
+ font-size: 13px;
+ line-height: 2em;
+ text-shadow: #cbcccc 0 1px 0;
+ color: #474747;
+ font-weight: normal;
+ margin-bottom: 0;
+ -moz-border-radius-topleft: 5px;
+ -webkit-border-top-left-radius: 5px;
+ border-top-left-radius: 5px;
+ -moz-border-radius-topright: 5px;
+ -webkit-border-top-right-radius: 5px;
+ border-top-right-radius: 5px;
+ font-family: "Helvetica Neue", Arial, "Lucida Grande", "Lucida Sans Unicode", Lucida, sans-serif;
+ background: #aaaaaa url('/img/code_bg.png') top repeat-x;
+ border: 1px solid #565656;
+ border-top-color: #cbcbcb;
+ border-left-color: #a5a5a5;
+ border-right-color: #a5a5a5;
+ border-bottom: 0;
+}
+
+.download-source, html a[href*=raw], figure.code figcaption a {
+ position: absolute;
+ right: .8em;
+ text-decoration: none;
+ color: #666 !important;
+ z-index: 1;
+ font-size: 13px;
+ text-shadow: #cbcccc 0 1px 0;
+ padding-left: 3em;
+}
+.download-source:hover, html a[href*=raw]:hover, figure.code figcaption a:hover {
+ text-decoration: underline;
+}
+
+#archive #content > div, #archive #content > div > article {
+ padding-top: 0;
+}
+
+
+#content > .category article {
+ margin-left: 0;
+ padding-left: 6.8em;
+}
+#content > .category .year {
+ display: inline;
+}
+
+.side-shadow-border, aside.sidebar section h1, aside.sidebar li {
+ -webkit-box-shadow: white 0 1px;
+ -moz-box-shadow: white 0 1px;
+ box-shadow: white 0 1px;
+}
+
+aside.sidebar {
+ overflow: hidden;
+ color: #4b4b4b;
+ text-shadow: white 0 1px;
+}
+aside.sidebar section {
+ font-size: .8em;
+ line-height: 1.4em;
+ margin-bottom: 1.5em;
+}
+aside.sidebar section h1 {
+ margin: 1.5em 0 0;
+ padding-bottom: .2em;
+ border-bottom: 1px solid #e0e0e0;
+}
+aside.sidebar section h1 + p {
+ padding-top: .4em;
+}
+aside.sidebar img {
+ -webkit-border-radius: 0.3em;
+ -moz-border-radius: 0.3em;
+ -ms-border-radius: 0.3em;
+ -o-border-radius: 0.3em;
+ border-radius: 0.3em;
+ -webkit-box-shadow: rgba(0, 0, 0, 0.15) 0 1px 4px;
+ -moz-box-shadow: rgba(0, 0, 0, 0.15) 0 1px 4px;
+ box-shadow: rgba(0, 0, 0, 0.15) 0 1px 4px;
+ -webkit-box-sizing: border-box;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+ border: white 0.3em solid;
+}
+aside.sidebar ul {
+ margin-bottom: 0.5em;
+ margin-left: 0;
+}
+aside.sidebar li {
+ list-style: none;
+ padding: .5em 0;
+ margin: 0;
+ border-bottom: 1px solid #e0e0e0;
+}
+aside.sidebar li p:last-child {
+ margin-bottom: 0;
+}
+aside.sidebar a {
+ color: inherit;
+ -webkit-transition: color 0.5s;
+ -moz-transition: color 0.5s;
+ -o-transition: color 0.5s;
+ transition: color 0.5s;
+ text-decoration: none;
+}
+aside.sidebar:hover a {
+ color: #222222;
+}
+aside.sidebar:hover a:hover {
+ color: #0181eb;
+}
+
+.aside-alt-link, #pinboard_linkroll .pin-tag {
+ color: #7e7e7e;
+}
+.aside-alt-link:hover, #pinboard_linkroll .pin-tag:hover {
+ color: #0181eb;
+}
+
+ at media only screen and (min-width: 768px) {
+ .toggle-sidebar {
+ outline: none;
+ position: absolute;
+ right: -10px;
+ top: 0;
+ bottom: 0;
+ display: inline-block;
+ text-decoration: none;
+ color: #cecece;
+ width: 9px;
+ cursor: pointer;
+ }
+ .toggle-sidebar:hover {
+ background: #e9e9e9;
+ background: -webkit-gradient(linear, 0% 50%, 100% 50%, color-stop(0%, rgba(224, 224, 224, 0.5)), color-stop(100%, rgba(224, 224, 224, 0)));
+ background: -webkit-linear-gradient(left, rgba(224, 224, 224, 0.5), rgba(224, 224, 224, 0));
+ background: -moz-linear-gradient(left, rgba(224, 224, 224, 0.5), rgba(224, 224, 224, 0));
+ background: -o-linear-gradient(left, rgba(224, 224, 224, 0.5), rgba(224, 224, 224, 0));
+ background: linear-gradient(left, rgba(224, 224, 224, 0.5), rgba(224, 224, 224, 0));
+ }
+ .toggle-sidebar:after {
+ position: absolute;
+ right: -11px;
+ top: 0;
+ width: 20px;
+ font-size: 1.2em;
+ line-height: 1.1em;
+ padding-bottom: .15em;
+ -moz-border-radius-bottomright: 0.3em;
+ -webkit-border-bottom-right-radius: 0.3em;
+ border-bottom-right-radius: 0.3em;
+ text-align: center;
+ background: #f8f8f8 url('/img/noise.png') top left;
+ border-bottom: 1px solid #e0e0e0;
+ border-right: 1px solid #e0e0e0;
+ content: "\00BB";
+ text-indent: -1px;
+ }
+ .collapse-sidebar .toggle-sidebar {
+ text-indent: 0px;
+ right: -20px;
+ width: 19px;
+ }
+ .collapse-sidebar .toggle-sidebar:hover {
+ background: #e9e9e9;
+ }
+ .collapse-sidebar .toggle-sidebar:after {
+ border-left: 1px solid #e0e0e0;
+ text-shadow: #fff 0 1px;
+ content: "\00AB";
+ left: 0px;
+ right: 0;
+ text-align: center;
+ text-indent: 0;
+ border: 0;
+ border-right-width: 0;
+ background: none;
+ }
+}
+
+body > footer {
+ font-size: .8em;
+ color: #888888;
+ text-shadow: #d9d9d9 0 1px;
+ background-color: #cccccc;
+ background: url('/img/noise.png'), -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #e0e0e0), color-stop(50%, #cccccc), color-stop(100%, #b0b0b0));
+ background: url('/img/noise.png'), -webkit-linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ background: url('/img/noise.png'), -moz-linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ background: url('/img/noise.png'), -o-linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ background: url('/img/noise.png'), linear-gradient(#e0e0e0, #cccccc, #b0b0b0);
+ border-top: 1px solid #f2f2f2;
+ position: relative;
+ padding-top: 1em;
+ padding-bottom: 1em;
+ margin-bottom: 3em;
+ -moz-border-radius-bottomleft: 0.4em;
+ -webkit-border-bottom-left-radius: 0.4em;
+ border-bottom-left-radius: 0.4em;
+ -moz-border-radius-bottomright: 0.4em;
+ -webkit-border-bottom-right-radius: 0.4em;
+ border-bottom-right-radius: 0.4em;
+ z-index: 1;
+}
+body > footer a {
+ color: #6b6b6b;
+}
+body > footer a:visited {
+ color: #6b6b6b;
+}
+body > footer a:hover {
+ color: #484848;
+}
+body > footer p:last-child {
+ margin-bottom: 0;
+}
+
+/* OPENSSL WEBSITE ADDITIONS */
+
+/* newsflash table */
+tr:first-child { font-weight: bold; border-bottom: 1px solid black; }
+tr:nth-child(even) { background-color: #D9f0ff; }
+td.d { float: left; width: 20%; }
+td.t { float: right; width: 80%; }
diff --git a/index.html b/index.html
new file mode 100644
index 0000000..6e6684f
--- /dev/null
+++ b/index.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Welcome to the OpenSSL Project</h2></header>
+ <div class="entry-content">
+ <p>
+ The OpenSSL Project is a collaborative effort to develop a
+ robust, commercial-grade, full-featured, and Open Source toolkit
+ implementing the Transport Layer Security (TLS) and Secure
+ Sockets Layer (SSL) protocols as well as a full-strength
+ general purpose cryptography library. The project is managed
+ by a worldwide community of volunteers that use the Internet
+ to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.
+ </p>
+
+ <p>
+ OpenSSL is based on the excellent SSLeay library developed by Eric
+ Young and Tim Hudson. The OpenSSL toolkit is licensed under an
+ Apache-style licence, which basically means that you are free to
+ get and use it for commercial and non-commercial purposes subject
+ to some simple license conditions.
+ </p>
+
+ <h3>Latest News</h3>
+ <table class="newsflash" width="90%">
+ <!--#include virtual="newsflash.inc"-->
+ <tr><td class="d"><a href="news">More...</a></td><td class="t"></td></tr>
+ </table>
+ <p> </p>
+
+ <!--#include virtual="/inc/legalities.inc" -->
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+</div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/index.wml b/index.wml
deleted file mode 100644
index 0dfdfa4..0000000
--- a/index.wml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-#use wml::openssl area=title page=home
-
-<title>The Open Source toolkit for SSL/TLS</title>
-
-<h1>Welcome to the OpenSSL Project</h1>
-
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and <a href="http://www.opensource.org/">Open
-Source</a> toolkit implementing the
-Secure Sockets Layer (SSL v2/v3)
-and Transport
-Layer Security (TLS) protocols as well as a full-strength general
-purpose cryptography library.
-The project is managed by a worldwide community of volunteers that
-use the Internet to communicate, plan, and develop the OpenSSL toolkit and its
-related documentation.
-
-<p>
-OpenSSL is based on the excellent SSLeay library developed by Eric Young
-and Tim Hudson. The OpenSSL toolkit <a href="$(ROOT)/source/license.html">is
-licensed</a>
-under an Apache-style
-licence, which basically means that you are free to get and use it for
-commercial and non-commercial purposes subject to some simple license
-conditions.
-
-<p>
-<newsflash from="$(ROOT)/news/newsflash.txt" max=5 more="$(ROOT)/news/">
-
-<p>
-<disclaimer>
-
-<p>
-<website-tools>
-
-<p>
-Hosting provided courtesy of <a href="https://www.space.net/">SpaceNet AG</a>.
diff --git a/news/.wmlrc b/news/.wmlrc
deleted file mode 100644
index ab44064..0000000
--- a/news/.wmlrc
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## .wmlrc -- Local RC file for WML
-##
-
-# define where the URL root of the Sub Navigation Bar (SNB)
-# is located [SNB_ROOT] and where it's buttons are defined [SNB_RC]
--DSNB_ROOT~.
--DSNB_RC=.wmlsnb
--I.
-
diff --git a/news/.wmlsnb b/news/.wmlsnb
deleted file mode 100644
index b38ee26..0000000
--- a/news/.wmlsnb
+++ /dev/null
@@ -1,12 +0,0 @@
-##
-## .wmlsnb -- Sub Navigation Bar Specification for WML
-##
-
-<snb>
- <snb_button id=newsflash txt="Newsflash" url="index.html">
- <snb_button id=state txt="State" url="state.html">
- <snb_button id=news txt="Release Notes" url="news.html">
- <snb_button id=changelog txt="ChangeLog" url="changelog.html">
- <snb_button id=vulnerabilities txt="Vulnerabilities" url="vulnerabilities.html">
-</snb>
-
diff --git a/news/announce-098.txt b/news/announce-098.txt
deleted file mode 100644
index f833a59..0000000
--- a/news/announce-098.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-
- OpenSSL version 0.9.8x released
- ===============================
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- http://www.openssl.org/
-
- The OpenSSL project team is pleased to announce the release of
- version 0.9.8x of our open source toolkit for SSL/TLS. This new
- OpenSSL version is a security and bugfix release. For a complete
- list of changes, please see
-
- http://www.openssl.org/source/exp/CHANGES.
-
- The most significant changes are:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- We consider OpenSSL 0.9.8x to be the best version of OpenSSL 0.9.8
- available and we strongly recommend that users of older 0.9.8 versions
- upgrade as soon as possible. OpenSSL 0.9.8x is available for
- download via HTTP and FTP from the following master locations (you
- can find the various FTP mirrors under
- http://www.openssl.org/source/mirror.html):
-
- * http://www.openssl.org/source/
- * ftp://ftp.openssl.org/source/
-
- The distribution file name is:
-
- o openssl-0.9.8x.tar.gz
- Size: 3782486
- MD5 checksum: ee17e9bc805c8cc7d0afac3b0ef78eda
- SHA1 checksum: 8c3be5160513c0af1e558d3f932390ecb16f59e9
-
- The checksums were calculated using the following commands:
-
- openssl md5 openssl-0.9.8x.tar.gz
- openssl sha1 openssl-0.9.8x.tar.gz
-
- Yours,
-
- The OpenSSL Project Team.
diff --git a/news/announce-100.txt b/news/announce-100.txt
deleted file mode 100644
index 1f90678..0000000
--- a/news/announce-100.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-
- OpenSSL version 1.0.0j released
- ===============================
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- http://www.openssl.org/
-
- The OpenSSL project team is pleased to announce the release of
- version 1.0.0j of our open source toolkit for SSL/TLS. This new
- OpenSSL version is a new feature release. For a complete
- list of changes, please see
-
- http://www.openssl.org/source/exp/CHANGES.
-
- The most significant changes are:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- We consider OpenSSL 1.0.0j to be the best version of OpenSSL 1.0.0
- available and we strongly recommend that users of older 1.0.0 versions
- upgrade as soon as possible. OpenSSL 1.0.0j is available for
- download via HTTP and FTP from the following master locations (you
- can find the various FTP mirrors under
- http://www.openssl.org/source/mirror.html):
-
- * http://www.openssl.org/source/
- * ftp://ftp.openssl.org/source/
-
- The distribution file name is:
-
- o openssl-1.0.0j.tar.gz
- Size: 4047852
- MD5 checksum: cbe4ac0d8f598680f68a951e04b0996b
- SHA1 checksum: 31e6e8bbf1de2f59fbd53382c34214887ccc1318
-
- The checksums were calculated using the following commands:
-
- openssl md5 openssl-1.0.0j.tar.gz
- openssl sha1 openssl-1.0.0j.tar.gz
-
- Yours,
-
- The OpenSSL Project Team.
-
diff --git a/news/announce-beta.txt b/news/announce-beta.txt
deleted file mode 100644
index 66cb6da..0000000
--- a/news/announce-beta.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-
- OpenSSL version 1.0.1 Beta 3
- ============================
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- http://www.openssl.org/
-
- OpenSSL is currently in a release cycle. The third beta is now released.
- This is expected to be the final beta depending on the number of bugs
- reported.
-
- The beta release is available for download via HTTP and FTP from the
- following master locations (the various FTP mirrors you can find under
- http://www.openssl.org/source/mirror.html):
-
- o http://www.openssl.org/source/
- o ftp://ftp.openssl.org/source/
-
- The file names of the beta are:
-
- o openssl-1.0.1-beta3.tar.gz
- Size: 4451351
- MD5 checksum: dc141587e0d374bdb0c7b97f770fff5e
- SHA1 checksum: 32105cbcc1bc6bc959102b2d70eb16ed1da732ce
-
- The checksums were calculated using the following command:
-
- openssl md5 < openssl-1.0.1-beta3.tar.gz
- openssl sha1 < openssl-1.0.1-beta3.tar.gz
-
- Please download and test them as soon as possible. This new OpenSSL
- version incorporates 55 documented changes and bugfixes to the
- toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES).
-
- Also check the latest snapshots at ftp://ftp.openssl.org/snapshot/
- or CVS (see http://www.openssl.org/source/repos.html) to avoid
- reporting previously fixed bugs.
-
- Since the second beta the following has happened:
-
- - Improved TLS v1.2 client authentication interop.
- - MDC2 signature format compatibility fix.
- - ABI compatibility fixes.
- - Other fixes.
-
- Reports and patches should be sent to openssl-bugs at openssl.org.
- Discussions around the development of OpenSSL should be sent to
- openssl-dev at openssl.org. Anything else should go to
- openssl-users at openssl.org.
-
- The best way, at least on Unix, to create a report is to do the
- following after configuration:
-
- make report
-
- That will do a few basic checks of the compiler and bc, then build
- and run the tests. The result will appear on screen and in the file
- "testlog". Please read the report before sending it to us. There
- may be problems that we can't solve for you, like missing programs.
-
- Yours,
- The OpenSSL Project Team.
diff --git a/news/announce.txt b/news/announce.txt
deleted file mode 100644
index be91b16..0000000
--- a/news/announce.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-
- OpenSSL version 1.0.1e released
- ===============================
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- http://www.openssl.org/
-
- The OpenSSL project team is pleased to announce the release of
- version 1.0.1e of our open source toolkit for SSL/TLS. This new
- OpenSSL version is a new feature release. For a complete
- list of changes, please see
-
- http://www.openssl.org/source/exp/CHANGES.
-
- The most significant changes are:
-
- o Corrected fix for CVE-2013-0169
-
- We consider OpenSSL 1.0.1e to be the best version of OpenSSL
- available and we strongly recommend that users of older versions
- upgrade as soon as possible. OpenSSL 1.0.1e is available for
- download via HTTP and FTP from the following master locations (you
- can find the various FTP mirrors under
- http://www.openssl.org/source/mirror.html):
-
- * http://www.openssl.org/source/
- * ftp://ftp.openssl.org/source/
-
- The distribution file name is:
-
- o openssl-1.0.1e.tar.gz
- Size: 4459777
- MD5 checksum: 66bf6f10f060d561929de96f9dfe5b8c
- SHA1 checksum: 3f1b1223c9e8189bfe4e186d86449775bd903460
-
- The checksums were calculated using the following commands:
-
- openssl md5 openssl-1.0.1e.tar.gz
- openssl sha1 openssl-1.0.1e.tar.gz
-
- Yours,
-
- The OpenSSL Project Team.
-
diff --git a/news/changelog.html b/news/changelog.html
new file mode 100644
index 0000000..66abe58
--- /dev/null
+++ b/news/changelog.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Changelog</h2></header>
+ <div class="entry-content">
+ <p>
+ The plain-text version of this document is available
+ here: <a href="changelog.txt">changelog.txt</a>
+ </p>
+ <!--#include virtual="changelog.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">News</a>
+ : <a href="">Changelog</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/news/changelog.wml b/news/changelog.wml
deleted file mode 100644
index 9ecb792..0000000
--- a/news/changelog.wml
+++ /dev/null
@@ -1,15 +0,0 @@
-
-#use wml::openssl area=news page=changelog
-
-<title>News, ChangeLog</title>
-
-<h1>ChangeLog</h1>
-
-This file summarizes all types of changes to the OpenSSL toolkit, i.e.
-changes between each patchlevel. Take this list as a reference for concrete
-and detailed information about every significant change. The presented contents
-reflects the current state of the <tt>CHANGES</tt> file inside the git repository.
-
-<p>
-<!--#include virtual="/news/changelog.inc" -->
-
diff --git a/news/index.html b/news/index.html
new file mode 100644
index 0000000..e157bcb
--- /dev/null
+++ b/news/index.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>News<h2></header>
+ <div class="entry-content">
+ <p>
+ To get the latest source, see the
+ <a href="/source">Downloads</a> section.
+ For an exhaustive list of all releases (and some other
+ announcements), see the <a href="newslog.html">Newslog</a>
+ page.
+ </p>
+
+ <p>If you think you have found a security bug, or want
+ to look at all the vulnerabilities we have published and
+ fixed, visit the
+ <a href="vulnerabilities.html">Vulnerabilities</a> page.</p>
+
+ <p>We have an online copy of our
+ <a href="changelog.html">Changelog</a>. It is
+ also part of the distribution.</p>
+ </p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">News</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/news/index.wml b/news/index.wml
deleted file mode 100644
index 95c862a..0000000
--- a/news/index.wml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-#use wml::openssl area=news page=newsflash
-
-<title>News, Project Newsflash</title>
-
-<h1>Project Newsflash!</h1>
-
-Here you can find hints to the regular news about the OpenSSL project. Check
-this table from time to time when you want to be up-to-date with the latest
-OpenSSL development.
-
-<p>
-<newsflash from="$(ROOT)/news/newsflash.txt">
-
diff --git a/news/internet.wml b/news/internet.wml
deleted file mode 100644
index 7a32168..0000000
--- a/news/internet.wml
+++ /dev/null
@@ -1,46 +0,0 @@
-
-#use wml::openssl area=news page=internet
-
-<title>News, Internet</title>
-
-<h1>OpenSSL News on the Internet</h1>
-
-<p>
-<zwue>News on the Internet</zwue>
-
-Here you can find some links to Internet services which show you the
-OpenSSL-related activity and latest news on the net.
-
-<ul>
-<li><a href="http://www.dejanews.com/">
- <font id=sfl>DejaNews Discussion Network</font>
- </a><br>
- <a href="http://www.dejanews.com/dnquery.xp?QRY=OpenSSL&defaultOp=AND&DBS=1&maxhits=100&showsort=date&format=terse">
- Archive of all OpenSSL related discussions</a> on Usenet forums. Use this
- to look at all postings in Usenet newsgroups where people talk about
- OpenSSL.
-<p>
-<li><a href="http://www.altavista.com/">
- <font id=sfl>AltaVista Usenet Search Engine</font>
- </a><br>
- <a href="http://www.altavista.com/cgi-bin/query?pg=q&what=news&q=OpenSSL">
- Archive of all OpenSSL related discussions</a> on Usenet forums. Use this
- to look at all postings in Usenet newsgroups where people talk about
- OpenSSL.
-<p>
-<li><a href="http://www.altavista.com/">
- <font id=sfl>AltaVista Web Search Engine</font>
- </a><br>
- <a href="http://www.altavista.com/cgi-bin/query?pg=q&kl=XX&q=link%3Awww.openssl.org%2F">
- List of all currently known hyperlinks</a> to the OpenSSL website. Use
- this to look at all pages on the WWW which have a hyperlink to the OpenSSL
- home location.
-<p>
-<li><a href="http://ftpsearch.ntnu.no/">
- <font id=sfl>FAST FTP Search Engine</font>
- </a><br>
- <a href="http://ftpsearch.ntnu.no/cgi-bin/search?query=openssl&doit=Search&type=Case+insensitive+substring+search&doexact=on&hits=50&matches=&hitsprmatch=&limdom=&limpath=&hidepackages=on&hidedistfiles=on&hidefreebsd=on&hideopenbsd=on&hidenetbsd=on&f1=Mode&f2=Time&f3=Host&f4=Path&f5=-&f6=-&header=none&sort=date&trlen=30">
- List of FTP location</a> where OpenSSL distribution tarballs can be found.
- Use this to find the various mirrors of the OpenSSL FTP area.
-</ul>
-
diff --git a/news/news.wml b/news/news.wml
deleted file mode 100644
index c55a434..0000000
--- a/news/news.wml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-#use wml::openssl area=news page=news
-
-<title>News, Release Notes</title>
-
-<h1>Release Notes</h1>
-
-This page contains links to release and pre-release notes for all branches of
-the OpenSSL toolkit. The presented contents reflect the current state of the
-<tt>NEWS</tt> file inside the git repository for the appropriate branch.
-
-<ul>
-<li><a href="openssl-notes.html">Release notes for all OpenSSL branches.</a>
-<li><a href="openssl-1.0.2-notes.html">Release notes for 1.0.2 branch of OpenSSL.</a>
-<li><a href="openssl-1.0.1-notes.html">Release notes for 1.0.1 branch of OpenSSL.</a>
-<li><a href="openssl-1.0.0-notes.html">Release notes for 1.0.0 branch of OpenSSL.</a>
-<li><a href="openssl-0.9.8-notes.html">Release notes for 0.9.8 branch of OpenSSL.</a>
-<li><a href="openssl-old-notes.html">Release notes for obsolete branches of OpenSSL.</a>
-</ul>
-
-More details can be found in the <a href="changelog.html">ChangeLog</a>.
-
diff --git a/news/newsflash.txt b/news/newsflash.txt
index a49983f..42e39b2 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -1,227 +1,228 @@
-09-Jul-2015: <a href="ROOT/news/secadv_20150709.txt">Security Advisory</a>: one security fix
-09-Jul-2015: OpenSSL 1.0.2d is now <a href="ROOT/source/">available</a>, including bug and security fixes
-09-Jul-2015: OpenSSL 1.0.1p is now <a href="ROOT/source/">available</a>, including bug and security fixes
+Date: Item
+09-Jul-2015: <a href="secadv/20150709.txt">Security Advisory</a>: one security fix
+09-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes
+09-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes
06-Jul-2015: OpenSSL 1.0.2d and 1.0.1p <a href="https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html">security releases due 9th July 2015</a>
12-Jun-2015: New releases to resolve ABI compatibility problems:
-12-Jun-2015: OpenSSL 1.0.2c is now <a href="ROOT/source/">available</a>, including bug fixes
-12-Jun-2015: OpenSSL 1.0.1o is now <a href="ROOT/source/">available</a>, including bug fixes
-11-Jun-2015: <a href="ROOT/news/secadv_20150611.txt">Security Advisory</a>: five security fixes
-11-Jun-2015: OpenSSL 1.0.2b is now <a href="ROOT/source/">available</a>, including bug and security fixes
-11-Jun-2015: OpenSSL 1.0.1n is now <a href="ROOT/source/">available</a>, including bug and security fixes
-11-Jun-2015: OpenSSL 1.0.0s is now <a href="ROOT/source/">available</a>, including bug and security fixes
-11-Jun-2015: OpenSSL 0.9.8zg is now <a href="ROOT/source/">available</a>, including bug and security fixes
-19-Mar-2015: <a href="ROOT/news/secadv_20150319.txt">Security Advisory</a>: twelve security fixes
-19-Mar-2015: OpenSSL 1.0.2a is now <a href="ROOT/source/">available</a>, including bug and security fixes
-19-Mar-2015: OpenSSL 1.0.1m is now <a href="ROOT/source/">available</a>, including bug and security fixes
-19-Mar-2015: OpenSSL 1.0.0r is now <a href="ROOT/source/">available</a>, including bug and security fixes
-19-Mar-2015: OpenSSL 0.9.8zf is now <a href="ROOT/source/">available</a>, including bug and security fixes
-22-Jan-2015: OpenSSL 1.0.2 is now <a href="ROOT/source/">available</a>, a major release
+12-Jun-2015: OpenSSL 1.0.2c is now available, including bug fixes
+12-Jun-2015: OpenSSL 1.0.1o is now available, including bug fixes
+11-Jun-2015: <a href="secadv/20150611.txt">Security Advisory</a>: five security fixes
+11-Jun-2015: OpenSSL 1.0.2b is now available, including bug and security fixes
+11-Jun-2015: OpenSSL 1.0.1n is now available, including bug and security fixes
+11-Jun-2015: OpenSSL 1.0.0s is now available, including bug and security fixes
+11-Jun-2015: OpenSSL 0.9.8zg is now available, including bug and security fixes
+19-Mar-2015: <a href="secadv/20150319.txt">Security Advisory</a>: twelve security fixes
+19-Mar-2015: OpenSSL 1.0.2a is now available, including bug and security fixes
+19-Mar-2015: OpenSSL 1.0.1m is now available, including bug and security fixes
+19-Mar-2015: OpenSSL 1.0.0r is now available, including bug and security fixes
+19-Mar-2015: OpenSSL 0.9.8zf is now available, including bug and security fixes
+22-Jan-2015: OpenSSL 1.0.2 is now available, a major release
15-Jan-2015: New releases to resolve Windows/OpenVMS compilation problems:
-15-Jan-2015: OpenSSL 1.0.1l is now <a href="ROOT/source/">available</a>, including bug fixes
-15-Jan-2015: OpenSSL 1.0.0q is now <a href="ROOT/source/">available</a>, including bug fixes
-15-Jan-2015: OpenSSL 0.9.8ze is now <a href="ROOT/source/">available</a>, including bug fixes
-08-Jan-2015: <a href="ROOT/news/secadv_20150108.txt">Security Advisory</a>: eight security fixes
-08-Jan-2015: OpenSSL 1.0.1k is now <a href="ROOT/source/">available</a>, including bug and security fixes
-08-Jan-2015: OpenSSL 1.0.0p is now <a href="ROOT/source/">available</a>, including bug and security fixes
-08-Jan-2015: OpenSSL 0.9.8zd is now <a href="ROOT/source/">available</a>, including bug and security fixes
-15-Oct-2014: <a href="ROOT/news/secadv_20141015.txt">Security Advisory</a>: four security fixes
-15-Oct-2014: OpenSSL 1.0.1j is now <a href="ROOT/source/">available</a>, including bug and security fixes
-15-Oct-2014: OpenSSL 1.0.0o is now <a href="ROOT/source/">available</a>, including bug and security fixes
-15-Oct-2014: OpenSSL 0.9.8zc is now <a href="ROOT/source/">available</a>, including bug and security fixes
-25-Sep-2014: Beta 3 of OpenSSL 1.0.2 is now <a href="ROOT/source/">available</a>, please test it now
-06-Aug-2014: <a href="ROOT/news/secadv_20140806.txt">Security Advisory</a>: nine security fixes
-06-Aug-2014: OpenSSL 1.0.1i is now <a href="ROOT/source/">available</a>, including bug and security fixes
-06-Aug-2014: OpenSSL 1.0.0n is now <a href="ROOT/source/">available</a>, including bug and security fixes
-06-Aug-2014: OpenSSL 0.9.8zb is now <a href="ROOT/source/">available</a>, including bug and security fixes
-22-Jul-2014: Beta 2 of OpenSSL 1.0.2 is now <a href="ROOT/source/">available</a>, please test it now
-30-Jun-2014: <a href="ROOT/about/roadmap.html">Project roadmap</a> released
-24-Jun-2014: <a href="ROOT/about/">Team status changes</a> including six new development team members
-05-Jun-2014: <a href="ROOT/news/secadv_20140605.txt">Security Advisory</a>: seven security fixes
-05-Jun-2014: OpenSSL 1.0.1h is now <a href="ROOT/source/">available</a>, including bug and security fixes
-05-Jun-2014: OpenSSL 1.0.0m is now <a href="ROOT/source/">available</a>, including bug and security fixes
-05-Jun-2014: OpenSSL 0.9.8za is now <a href="ROOT/source/">available</a>, including bug and security fixes
-23-Apr-2014: <a href="ROOT/about/">Team status changes</a> including new team member: Steve Marquess
-07-Apr-2014: <a href="ROOT/news/secadv_20140407.txt">Security Advisory</a>: Heartbeat overflow issue.
-07-Apr-2014: OpenSSL 1.0.1g is now <a href="ROOT/source/">available</a>, including bug and security fixes
-24-Feb-2014: Beta 1 of OpenSSL 1.0.2 is now <a href="ROOT/source/">available</a>, please test it now
-06-Jan-2014: OpenSSL 1.0.0l is now <a href="ROOT/source/">available</a>, including bug and security fixes
-06-Jan-2014: OpenSSL 1.0.1f is now <a href="ROOT/source/">available</a>, including bug and security fixes
-03-Jan-2014: UPDATE: site defacement <a href="ROOT/news/secadv_hack.txt">final details.</a>
-11-Feb-2013: OpenSSL 1.0.1e is now <a href="ROOT/source/">available</a>, including bug fixes
-05-Feb-2013: <a href="ROOT/news/secadv_20130205.txt">Security Advisory</a>: three security fixes
-05-Feb-2013: OpenSSL 1.0.1d is now <a href="ROOT/source/">available</a>, including bug and security fixes
-05-Feb-2013: OpenSSL 1.0.0k is now <a href="ROOT/source/">available</a>, including security fixes
-05-Feb-2013: OpenSSL 0.9.8y is now <a href="ROOT/source/">available</a>, including security fixes
-10-May-2012: <a href="ROOT/news/secadv_20120510.txt">Security Advisory</a>: TLS/DTLS DoS issue
-10-May-2012: OpenSSL 1.0.1c is now <a href="ROOT/source/">available</a>, including bug and security fixes
-10-May-2012: OpenSSL 1.0.0j is now <a href="ROOT/source/">available</a>, including security fixes
-10-May-2012: OpenSSL 0.9.8x is now <a href="ROOT/source/">available</a>, including security fixes
-26-Apr-2012: OpenSSL 1.0.1b is now <a href="ROOT/source/">available</a>, including important bug fixes
-25-Apr-2012: <a href="ROOT/news/notice_20120425.txt">Notice</a>:OpenSSL 1.0.1a compilation problems with non x86 platforms
-24-Apr-2012: OpenSSL 0.9.8w is now <a href="ROOT/source/">available</a>, including security fixes
-24-Apr-2012: <a href="ROOT/news/secadv_20120424.txt">Security Advisory</a>: ASN1 incomplete fix for OpenSSL 0.9.8
-19-Apr-2012: OpenSSL 1.0.1a is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-19-Apr-2012: OpenSSL 1.0.0i is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-19-Apr-2012: OpenSSL 0.9.8v is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-19-Apr-2012: <a href="ROOT/news/secadv_20120419.txt">Security Advisory</a>: ASN1 overflow vulnerability
-14-Mar-2012: OpenSSL 1.0.1 is now <a href="ROOT/source/">available</a>, including new features
-12-Mar-2012: <a href="ROOT/news/secadv_20120312.txt">Security Advisory</a>: PKCS7/CMS MMA issue
-12-Mar-2012: OpenSSL 0.9.8u is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-12-Mar-2012: OpenSSL 1.0.0h is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-23-Feb-2012: Beta 3 of OpenSSL 1.0.1 is now <a href="ROOT/source/">available</a>, please test it now
-19-Jan-2012: Beta 2 of OpenSSL 1.0.1 is now <a href="ROOT/source/">available</a>, please test it now
-18-Jan-2012: <a href="ROOT/news/secadv_20120118.txt">Security Advisory</a>: DTLS DoS issue
-18-Jan-2012: OpenSSL 1.0.0g is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-18-Jan-2012: OpenSSL 0.9.8t is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-04-Jan-2012: <a href="ROOT/news/secadv_20120104.txt">Security Advisory</a>: six security fixes
-04-Jan-2012: OpenSSL 0.9.8s is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-04-Jan-2012: OpenSSL 1.0.0f is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-03-Jan-2012: Beta 1 of OpenSSL 1.0.1 is now <a href="ROOT/source/">available</a>, please test it now
-06-Sep-2011: OpenSSL 1.0.0e is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-06-Sep-2011: <a href="ROOT/news/secadv_20110906.txt">Security Advisory</a>: two security fixes
-08-Feb-2011: <a href="ROOT/news/secadv_20110208.txt">Security Advisory</a>: OCSP stapling vulnerability
-08-Feb-2011: OpenSSL 1.0.0d is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-08-Feb-2011: OpenSSL 0.9.8r is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-09-Dec-2010: OpenSSL FIPS 140-2 module 1.2.2 is now <a href="ROOT/source/">available</a>.
-02-Dec-2010: <a href="ROOT/news/secadv_20101202.txt">Security Advisory</a>: ciphersuite downgrade fix
-02-Dec-2010: OpenSSL 1.0.0c is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-02-Dec-2010: OpenSSL 0.9.8q is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-16-Nov-2010: OpenSSL 1.0.0b is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-16-Nov-2010: OpenSSL 0.9.8p is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-16-Nov-2010: <a href="ROOT/news/secadv_20101116.txt">Security Advisory</a>: buffer overrun fix
-01-Jun-2010: OpenSSL 0.9.8o is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-01-Jun-2010: OpenSSL 1.0.0a is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-01-Jun-2010: <a href="ROOT/news/secadv_20100601.txt">Security Advisory</a>: two security fixes
-29-Mar-2010: OpenSSL 1.0.0 is now <a href="ROOT/source/">available</a>, a major release
-24-Mar-2010: <a href="ROOT/news/secadv_20100324.txt">Security Advisory</a>: "Record of death" security fix
-24-Mar-2010: OpenSSL 0.9.8n is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-25-Feb-2010: OpenSSL 0.9.8m is now <a href="ROOT/source/">available</a>, including important bug and security fixes
-24-Jun-2009: Commercial support for OpenSSL is now <a href="ROOT/support/funding/contract.html">available</a>
-25-Mar-2009: OpenSSL 0.9.8k is now <a href="ROOT/source/">available</a>, including important bug fixes
-25-Mar-2009: <a href="ROOT/news/secadv_20090325.txt">Security Advisory</a>: Three moderate severity security issues
-07-Jan-2009: OpenSSL 0.9.8j is now <a href="ROOT/source/">available</a>, including important bug fixes
-07-Jan-2009: <a href="ROOT/news/secadv_20090107.txt">Security Advisory</a>: incorrect checks for malformed signatures
-18-Nov-2008: OpenSSL FIPS 140-2 module 1.2 is now <a href="ROOT/source/">available</a>
-15-Sep-2008: OpenSSL 0.9.8i is now <a href="ROOT/source/">available</a>, including important bug fixes
-28-May-2008: <a href="ROOT/news/secadv_20080528.txt">Security Advisory</a>: Two moderate severity security issues
-28-May-2008: OpenSSL 0.9.8h is now <a href="ROOT/source/">available</a>, including security and bug fixes
-29-Nov-2007: <a href="ROOT/news/secadv_20071129.txt">Security Advisory</a>: FIPS 1.1.1 module PRNG security issue
-19-Oct-2007: OpenSSL 0.9.8g is now <a href="ROOT/source/">available</a>, including bug fixes
-12-Oct-2007: <a href="ROOT/news/secadv_20071012.txt">Security Advisory</a>: Various security issues
-11-Oct-2007: OpenSSL 0.9.8f is now <a href="ROOT/source/">available</a>, including security and bug fixes
-23-Feb-2007: OpenSSL 0.9.8e is now <a href="ROOT/source/">available</a>, including important bugfixes
-23-Feb-2007: OpenSSL 0.9.7m is now <a href="ROOT/source/">available</a>, including important bugfixes
-28-Sep-2006: <a href="ROOT/news/secadv_20060928.txt">Security Advisory</a>: Various security issues
-28-Sep-2006: OpenSSL 0.9.8d is now <a href="ROOT/source/">available</a>, including security fixes
-28-Sep-2006: OpenSSL 0.9.7l is now <a href="ROOT/source/">available</a>, including security fixes
-05-Sep-2006: <a href="ROOT/news/secadv_20060905.txt">Security Advisory</a>: RSA Signature Forgery
-05-Sep-2006: OpenSSL 0.9.8c is now <a href="ROOT/source/">available</a>, including security fix
-05-Sep-2006: OpenSSL 0.9.7k is now <a href="ROOT/source/">available</a>, including security fix
-04-May-2006: OpenSSL 0.9.8b is now <a href="ROOT/source/">available</a>, including important bugfixes
-04-May-2006: OpenSSL 0.9.7j is now <a href="ROOT/source/">available</a>, including important bugfixes
-15-oct-2005: OpenSSL 0.9.7i is now <a href="ROOT/source/">available</a>, contains compatibility fix
-11-oct-2005: <a href="ROOT/news/secadv_20051011.txt">Security Advisory</a>: Potential SSL 2.0 rollback
-11-oct-2005: OpenSSL 0.9.8a is now <a href="ROOT/source/">available</a>, including security fix
-11-oct-2005: OpenSSL 0.9.7h is now <a href="ROOT/source/">available</a>, including security fix
-05-jul-2005: OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, a major release
-21-jun-2005: Beta 6 of OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, please test it now
-13-jun-2005: Beta 5 of OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, please test it now
-06-jun-2005: Beta 4 of OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, please test it now
-31-may-2005: Beta 3 of OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, please test it now
-24-may-2005: Beta 2 of OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, please test it now
-19-may-2005: Beta 1 of OpenSSL 0.9.8 is now <a href="ROOT/source/">available</a>, please test it now
-11-apr-2005: OpenSSL 0.9.7g is now <a href="ROOT/source/">available</a>, including important bugfixes
-22-mar-2005: OpenSSL 0.9.7f is now <a href="ROOT/source/">available</a>, including important bugfixes
-25-oct-2004: OpenSSL 0.9.7e is now <a href="ROOT/source/">available</a>, including important bugfixes
-17-mar-2004: <a href="ROOT/news/secadv_20040317.txt">Security Advisory</a>: Denial of Service flaws in 0.9.6l and 0.9.7c
-17-mar-2004: OpenSSL 0.9.7d is now <a href="ROOT/source/">available</a>, including important bugfixes
-17-mar-2004: OpenSSL 0.9.6m is now <a href="ROOT/source/">available</a>, including security fix
-17-mar-2004: OpenSSL 0.9.6m [engine] is now <a href="ROOT/source/">available</a>, including security fix
-04-nov-2003: OpenSSL 0.9.6l is now <a href="ROOT/source/">available</a>, including security fix
-04-nov-2003: OpenSSL 0.9.6l [engine] is now <a href="ROOT/source/">available</a>, including security fix
-04-nov-2003: <a href="ROOT/news/secadv_20031104.txt">Security Advisory</a>: Denial of Service in ASN.1 parsing in 0.9.6k.
-30-sep-2003: OpenSSL 0.9.7c is now <a href="ROOT/source/">available</a>, including important bugfixes
-30-sep-2003: OpenSSL 0.9.6k is now <a href="ROOT/source/">available</a>, including important bugfixes
-30-sep-2003: OpenSSL 0.9.6k [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-30-sep-2003: <a href="ROOT/news/secadv_20030930.txt">Security Advisory</a>: Vulnerabilities in ASN.1 parsing.
-10-apr-2003: OpenSSL 0.9.7b is now <a href="ROOT/source/">available</a>, including important bugfixes
-10-apr-2003: OpenSSL 0.9.6j is now <a href="ROOT/source/">available</a>, including important bugfixes
-10-apr-2003: OpenSSL 0.9.6j [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-19-Mar-2003: <a href="ROOT/news/secadv_20030319.txt">Security Advisory</a>: Klima-Pokorny-Rosa attack.
-17-Mar-2003: <a href="ROOT/news/secadv_20030317.txt">Security Advisory</a>: timing attacks, RSA blinding.
-19-feb-2003: OpenSSL 0.9.7a is now <a href="ROOT/source/">available</a>, including important bugfixes
-19-feb-2003: OpenSSL 0.9.6i is now <a href="ROOT/source/">available</a>, including important bugfixes
-19-feb-2003: OpenSSL 0.9.6i [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-19-feb-2003: <a href="ROOT/news/secadv_20030219.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6i and 0.9.7a
-31-Dec-2002: OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, a major release
-17-dec-2002: Beta 6 of OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, please test it now
-5-dec-2002: Beta 5 of OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, please test it now
-5-dec-2002: OpenSSL 0.9.6h is now <a href="ROOT/source/">available</a>, including important bugfixes
-5-dec-2002: OpenSSL 0.9.6h [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-19-Nov-2002: Beta 4 of OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, please test it now
-9-aug-2002: OpenSSL 0.9.6g is now <a href="ROOT/source/">available</a>, including important bugfixes
-9-aug-2002: OpenSSL 0.9.6g [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-8-aug-2002: OpenSSL 0.9.6f is now <a href="ROOT/source/">available</a>, including important bugfixes
-8-aug-2002: OpenSSL 0.9.6f [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-30-Jul-2002: OpenSSL 0.9.6e is now <a href="ROOT/source/">available</a>, including important bugfixes
-30-Jul-2002: OpenSSL 0.9.6e [engine] is now <a href="ROOT/source/">available</a>, including important bugfixes
-30-Jul-2002: <a href="ROOT/news/secadv_20020730.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6e
-30-Jul-2002: Beta 3 of OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, please test it now
-16-jun-2002: Beta 2 of OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, please test it now
-01-jun-2002: Beta 1 of OpenSSL 0.9.7 is now <a href="ROOT/source/">available</a>, please test it now
-9-may-2002: OpenSSL 0.9.6d is now <a href="ROOT/source/">available</a>, a minor release
-9-may-2002: OpenSSL 0.9.6d [engine] is now <a href="ROOT/source/">available</a>, a minor release
-17-apr-2002: Beta 1 of OpenSSL 0.9.6d is now <a href="ROOT/source/">available</a>, please test it now
-17-apr-2002: Beta 1 of OpenSSL 0.9.6d [engine] is now <a href="ROOT/source/">available</a>, please test it now
+15-Jan-2015: OpenSSL 1.0.1l is now available, including bug fixes
+15-Jan-2015: OpenSSL 1.0.0q is now available, including bug fixes
+15-Jan-2015: OpenSSL 0.9.8ze is now available, including bug fixes
+08-Jan-2015: <a href="secadv/20150108.txt">Security Advisory</a>: eight security fixes
+08-Jan-2015: OpenSSL 1.0.1k is now available, including bug and security fixes
+08-Jan-2015: OpenSSL 1.0.0p is now available, including bug and security fixes
+08-Jan-2015: OpenSSL 0.9.8zd is now available, including bug and security fixes
+15-Oct-2014: <a href="secadv/20141015.txt">Security Advisory</a>: four security fixes
+15-Oct-2014: OpenSSL 1.0.1j is now available, including bug and security fixes
+15-Oct-2014: OpenSSL 1.0.0o is now available, including bug and security fixes
+15-Oct-2014: OpenSSL 0.9.8zc is now available, including bug and security fixes
+25-Sep-2014: Beta 3 of OpenSSL 1.0.2 is now available, please test it now
+06-Aug-2014: <a href="secadv/20140806.txt">Security Advisory</a>: nine security fixes
+06-Aug-2014: OpenSSL 1.0.1i is now available, including bug and security fixes
+06-Aug-2014: OpenSSL 1.0.0n is now available, including bug and security fixes
+06-Aug-2014: OpenSSL 0.9.8zb is now available, including bug and security fixes
+22-Jul-2014: Beta 2 of OpenSSL 1.0.2 is now available, please test it now
+30-Jun-2014: Project roadmap released
+24-Jun-2014: Team status changes including six new development team members
+05-Jun-2014: <a href="secadv/20140605.txt">Security Advisory</a>: seven security fixes
+05-Jun-2014: OpenSSL 1.0.1h is now available, including bug and security fixes
+05-Jun-2014: OpenSSL 1.0.0m is now available, including bug and security fixes
+05-Jun-2014: OpenSSL 0.9.8za is now available, including bug and security fixes
+23-Apr-2014: Team status changes including new team member: Steve Marquess
+07-Apr-2014: <a href="secadv/20140407.txt">Security Advisory</a>: Heartbeat overflow issue.
+07-Apr-2014: OpenSSL 1.0.1g is now available, including bug and security fixes
+24-Feb-2014: Beta 1 of OpenSSL 1.0.2 is now available, please test it now
+06-Jan-2014: OpenSSL 1.0.0l is now available, including bug and security fixes
+06-Jan-2014: OpenSSL 1.0.1f is now available, including bug and security fixes
+03-Jan-2014: UPDATE: site defacement <a href="secadv/hack.txt">final details.</a>
+11-Feb-2013: OpenSSL 1.0.1e is now available, including bug fixes
+05-Feb-2013: <a href="secadv/20130205.txt">Security Advisory</a>: three security fixes
+05-Feb-2013: OpenSSL 1.0.1d is now available, including bug and security fixes
+05-Feb-2013: OpenSSL 1.0.0k is now available, including security fixes
+05-Feb-2013: OpenSSL 0.9.8y is now available, including security fixes
+10-May-2012: <a href="secadv/20120510.txt">Security Advisory</a>: TLS/DTLS DoS issue
+10-May-2012: OpenSSL 1.0.1c is now available, including bug and security fixes
+10-May-2012: OpenSSL 1.0.0j is now available, including security fixes
+10-May-2012: OpenSSL 0.9.8x is now available, including security fixes
+26-Apr-2012: OpenSSL 1.0.1b is now available, including important bug fixes
+25-Apr-2012: Notice: OpenSSL 1.0.1a compilation problems with non x86 platforms
+24-Apr-2012: OpenSSL 0.9.8w is now available, including security fixes
+24-Apr-2012: <a href="secadv/20120424.txt">Security Advisory</a>: ASN1 incomplete fix for OpenSSL 0.9.8
+19-Apr-2012: OpenSSL 1.0.1a is now available, including important bug and security fixes
+19-Apr-2012: OpenSSL 1.0.0i is now available, including important bug and security fixes
+19-Apr-2012: OpenSSL 0.9.8v is now available, including important bug and security fixes
+19-Apr-2012: <a href="secadv/20120419.txt">Security Advisory</a>: ASN1 overflow vulnerability
+14-Mar-2012: OpenSSL 1.0.1 is now available, including new features
+12-Mar-2012: <a href="secadv/20120312.txt">Security Advisory</a>: PKCS7/CMS MMA issue
+12-Mar-2012: OpenSSL 0.9.8u is now available, including important bug and security fixes
+12-Mar-2012: OpenSSL 1.0.0h is now available, including important bug and security fixes
+23-Feb-2012: Beta 3 of OpenSSL 1.0.1 is now available, please test it now
+19-Jan-2012: Beta 2 of OpenSSL 1.0.1 is now available, please test it now
+18-Jan-2012: <a href="secadv/20120118.txt">Security Advisory</a>: DTLS DoS issue
+18-Jan-2012: OpenSSL 1.0.0g is now available, including important bug and security fixes
+18-Jan-2012: OpenSSL 0.9.8t is now available, including important bug and security fixes
+04-Jan-2012: <a href="secadv/20120104.txt">Security Advisory</a>: six security fixes
+04-Jan-2012: OpenSSL 0.9.8s is now available, including important bug and security fixes
+04-Jan-2012: OpenSSL 1.0.0f is now available, including important bug and security fixes
+03-Jan-2012: Beta 1 of OpenSSL 1.0.1 is now available, please test it now
+06-Sep-2011: OpenSSL 1.0.0e is now available, including important bug and security fixes
+06-Sep-2011: <a href="secadv/20110906.txt">Security Advisory</a>: two security fixes
+08-Feb-2011: <a href="secadv/20110208.txt">Security Advisory</a>: OCSP stapling vulnerability
+08-Feb-2011: OpenSSL 1.0.0d is now available, including important bug and security fixes
+08-Feb-2011: OpenSSL 0.9.8r is now available, including important bug and security fixes
+09-Dec-2010: OpenSSL FIPS 140-2 module 1.2.2 is now available.
+02-Dec-2010: <a href="secadv/20101202.txt">Security Advisory</a>: ciphersuite downgrade fix
+02-Dec-2010: OpenSSL 1.0.0c is now available, including important bug and security fixes
+02-Dec-2010: OpenSSL 0.9.8q is now available, including important bug and security fixes
+16-Nov-2010: OpenSSL 1.0.0b is now available, including important bug and security fixes
+16-Nov-2010: OpenSSL 0.9.8p is now available, including important bug and security fixes
+16-Nov-2010: <a href="secadv/20101116.txt">Security Advisory</a>: buffer overrun fix
+01-Jun-2010: OpenSSL 0.9.8o is now available, including important bug and security fixes
+01-Jun-2010: OpenSSL 1.0.0a is now available, including important bug and security fixes
+01-Jun-2010: <a href="secadv/20100601.txt">Security Advisory</a>: two security fixes
+29-Mar-2010: OpenSSL 1.0.0 is now available, a major release
+24-Mar-2010: <a href="secadv/20100324.txt">Security Advisory</a>: "Record of death" security fix
+24-Mar-2010: OpenSSL 0.9.8n is now available, including important bug and security fixes
+25-Feb-2010: OpenSSL 0.9.8m is now available, including important bug and security fixes
+24-Jun-2009: Commercial support for OpenSSL is now available
+25-Mar-2009: OpenSSL 0.9.8k is now available, including important bug fixes
+25-Mar-2009: <a href="secadv/20090325.txt">Security Advisory</a>: Three moderate severity security issues
+07-Jan-2009: OpenSSL 0.9.8j is now available, including important bug fixes
+07-Jan-2009: <a href="secadv/20090107.txt">Security Advisory</a>: incorrect checks for malformed signatures
+18-Nov-2008: OpenSSL FIPS 140-2 module 1.2 is now available
+15-Sep-2008: OpenSSL 0.9.8i is now available, including important bug fixes
+28-May-2008: <a href="secadv/20080528.txt">Security Advisory</a>: Two moderate severity security issues
+28-May-2008: OpenSSL 0.9.8h is now available, including security and bug fixes
+29-Nov-2007: <a href="secadv/20071129.txt">Security Advisory</a>: FIPS 1.1.1 module PRNG security issue
+19-Oct-2007: OpenSSL 0.9.8g is now available, including bug fixes
+12-Oct-2007: <a href="secadv/20071012.txt">Security Advisory</a>: Various security issues
+11-Oct-2007: OpenSSL 0.9.8f is now available, including security and bug fixes
+23-Feb-2007: OpenSSL 0.9.8e is now available, including important bugfixes
+23-Feb-2007: OpenSSL 0.9.7m is now available, including important bugfixes
+28-Sep-2006: <a href="secadv/20060928.txt">Security Advisory</a>: Various security issues
+28-Sep-2006: OpenSSL 0.9.8d is now available, including security fixes
+28-Sep-2006: OpenSSL 0.9.7l is now available, including security fixes
+05-Sep-2006: <a href="secadv/20060905.txt">Security Advisory</a>: RSA Signature Forgery
+05-Sep-2006: OpenSSL 0.9.8c is now available, including security fix
+05-Sep-2006: OpenSSL 0.9.7k is now available, including security fix
+04-May-2006: OpenSSL 0.9.8b is now available, including important bugfixes
+04-May-2006: OpenSSL 0.9.7j is now available, including important bugfixes
+15-oct-2005: OpenSSL 0.9.7i is now available, contains compatibility fix
+11-oct-2005: <a href="secadv/20051011.txt">Security Advisory</a>: Potential SSL 2.0 rollback
+11-oct-2005: OpenSSL 0.9.8a is now available, including security fix
+11-oct-2005: OpenSSL 0.9.7h is now available, including security fix
+05-jul-2005: OpenSSL 0.9.8 is now available, a major release
+21-jun-2005: Beta 6 of OpenSSL 0.9.8 is now available, please test it now
+13-jun-2005: Beta 5 of OpenSSL 0.9.8 is now available, please test it now
+06-jun-2005: Beta 4 of OpenSSL 0.9.8 is now available, please test it now
+31-may-2005: Beta 3 of OpenSSL 0.9.8 is now available, please test it now
+24-may-2005: Beta 2 of OpenSSL 0.9.8 is now available, please test it now
+19-may-2005: Beta 1 of OpenSSL 0.9.8 is now available, please test it now
+11-apr-2005: OpenSSL 0.9.7g is now available, including important bugfixes
+22-mar-2005: OpenSSL 0.9.7f is now available, including important bugfixes
+25-oct-2004: OpenSSL 0.9.7e is now available, including important bugfixes
+17-mar-2004: <a href="secadv/20040317.txt">Security Advisory</a>: Denial of Service flaws in 0.9.6l and 0.9.7c
+17-mar-2004: OpenSSL 0.9.7d is now available, including important bugfixes
+17-mar-2004: OpenSSL 0.9.6m is now available, including security fix
+17-mar-2004: OpenSSL 0.9.6m [engine] is now available, including security fix
+04-nov-2003: OpenSSL 0.9.6l is now available, including security fix
+04-nov-2003: OpenSSL 0.9.6l [engine] is now available, including security fix
+04-nov-2003: <a href="secadv/20031104.txt">Security Advisory</a>: Denial of Service in ASN.1 parsing in 0.9.6k.
+30-sep-2003: OpenSSL 0.9.7c is now available, including important bugfixes
+30-sep-2003: OpenSSL 0.9.6k is now available, including important bugfixes
+30-sep-2003: OpenSSL 0.9.6k [engine] is now available, including important bugfixes
+30-sep-2003: <a href="secadv/20030930.txt">Security Advisory</a>: Vulnerabilities in ASN.1 parsing.
+10-apr-2003: OpenSSL 0.9.7b is now available, including important bugfixes
+10-apr-2003: OpenSSL 0.9.6j is now available, including important bugfixes
+10-apr-2003: OpenSSL 0.9.6j [engine] is now available, including important bugfixes
+19-Mar-2003: <a href="secadv/20030319.txt">Security Advisory</a>: Klima-Pokorny-Rosa attack.
+17-Mar-2003: <a href="secadv/20030317.txt">Security Advisory</a>: timing attacks, RSA blinding.
+19-feb-2003: OpenSSL 0.9.7a is now available, including important bugfixes
+19-feb-2003: OpenSSL 0.9.6i is now available, including important bugfixes
+19-feb-2003: OpenSSL 0.9.6i [engine] is now available, including important bugfixes
+19-feb-2003: <a href="secadv/20030219.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6i and 0.9.7a
+31-Dec-2002: OpenSSL 0.9.7 is now available, a major release
+17-dec-2002: Beta 6 of OpenSSL 0.9.7 is now available, please test it now
+5-dec-2002: Beta 5 of OpenSSL 0.9.7 is now available, please test it now
+5-dec-2002: OpenSSL 0.9.6h is now available, including important bugfixes
+5-dec-2002: OpenSSL 0.9.6h [engine] is now available, including important bugfixes
+19-Nov-2002: Beta 4 of OpenSSL 0.9.7 is now available, please test it now
+9-aug-2002: OpenSSL 0.9.6g is now available, including important bugfixes
+9-aug-2002: OpenSSL 0.9.6g [engine] is now available, including important bugfixes
+8-aug-2002: OpenSSL 0.9.6f is now available, including important bugfixes
+8-aug-2002: OpenSSL 0.9.6f [engine] is now available, including important bugfixes
+30-Jul-2002: OpenSSL 0.9.6e is now available, including important bugfixes
+30-Jul-2002: OpenSSL 0.9.6e [engine] is now available, including important bugfixes
+30-Jul-2002: <a href="secadv/20020730.txt">Security Advisory</a>: Vulnerabilities in OpenSSL versions before 0.9.6e
+30-Jul-2002: Beta 3 of OpenSSL 0.9.7 is now available, please test it now
+16-jun-2002: Beta 2 of OpenSSL 0.9.7 is now available, please test it now
+01-jun-2002: Beta 1 of OpenSSL 0.9.7 is now available, please test it now
+9-may-2002: OpenSSL 0.9.6d is now available, a minor release
+9-may-2002: OpenSSL 0.9.6d [engine] is now available, a minor release
+17-apr-2002: Beta 1 of OpenSSL 0.9.6d is now available, please test it now
+17-apr-2002: Beta 1 of OpenSSL 0.9.6d [engine] is now available, please test it now
13-Feb-2002: OpenSSL 0.9.7 is now in feature freeze. A release plan will come later
-21-Dec-2001: OpenSSL 0.9.6c [engine] is now <a href="ROOT/source/">available</a>, a major release
-21-Dec-2001: OpenSSL 0.9.6c is now <a href="ROOT/source/">available</a>, a major release
-09-Jul-2001: OpenSSL 0.9.6b [engine] is now <a href="ROOT/source/">available</a>, a major release
-09-Jul-2001: OpenSSL 0.9.6b is now <a href="ROOT/source/">available</a>, a major release
-05-Apr-2001: OpenSSL 0.9.6a [engine] is now <a href="ROOT/source/">available</a>, a major release
-05-Apr-2001: OpenSSL 0.9.6a is now <a href="ROOT/source/">available</a>, a major release
-30-Mar-2001: Beta 3 of OpenSSL 0.9.6a is now <a href="ROOT/source/">available</a>, please test it now
-30-Mar-2001: Beta 3 of OpenSSL 0.9.6a [engine] is now <a href="ROOT/source/">available</a>, please test it now
-21-Mar-2001: Beta 2 of OpenSSL 0.9.6a is now <a href="ROOT/source/">available</a>, please test it now
-21-Mar-2001: Beta 2 of OpenSSL 0.9.6a [engine] is now <a href="ROOT/source/">available</a>, please test it now
-13-Mar-2001: Beta 1 of OpenSSL 0.9.6a is now <a href="ROOT/source/">available</a>, please test it now
-13-Mar-2001: Beta 1 of OpenSSL 0.9.6a [engine] is now <a href="ROOT/source/">available</a>, please test it now
-04-Nov-2000: New <a href="ROOT/about/">development team member</a>: Lutz Jänicke
-24-Sep-2000: OpenSSL 0.9.6 is now <a href="ROOT/source/">available</a>, a major release
-21-Sep-2000: Beta 3 of OpenSSL 0.9.6 is now <a href="ROOT/source/">available</a>, please test it now
-21-Sep-2000: Beta 3 of OpenSSL 0.9.6 [engine] is now <a href="ROOT/source/">available</a>, please test it now
-17-Sep-2000: Beta 2 of OpenSSL 0.9.6 is now <a href="ROOT/source/">available</a>, please test it now
-17-Sep-2000: Beta 2 of OpenSSL 0.9.6 [engine] is now <a href="ROOT/source/">available</a>, please test it now
-11-Sep-2000: Beta 1 of OpenSSL 0.9.6 is now <a href="ROOT/source/">available</a>, please test it now
-11-Sep-2000: Beta 1 of OpenSSL 0.9.6 [engine] is now <a href="ROOT/source/">available</a>, please test it now
-09-Sep-2000: A release plan for OpenSSL 0.9.6 is now <a href="ROOT/news/state.html">available</a>
-01-Apr-2000: OpenSSL 0.9.5a is now <a href="ROOT/source/">available</a>, a bugfix release
-23-Mar-2000: Beta 2 of OpenSSL 0.9.5a is now <a href="ROOT/source/">available</a>, please test it now
-20-Mar-2000: Beta 1 of OpenSSL 0.9.5a is now <a href="ROOT/source/">available</a>, please test it now
-29-Feb-2000: FAQ: <a href="ROOT/support/faq.html#6">Why do I get a "PRNG not seeded" error message?</a>
-28-Feb-2000: OpenSSL 0.9.5 is now <a href="ROOT/source/">available</a>, a major release
-27-Feb-2000: Beta 2 of OpenSSL 0.9.5 is now <a href="ROOT/source/">available</a>, please test it now
-24-Feb-2000: New <a href="ROOT/about/">development team member</a>: Geoff Thorpe
-24-Feb-2000: Beta 1 of OpenSSL 0.9.5 is now <a href="ROOT/source/">available</a>, please test it now
-11-Nov-1999: New <a href="ROOT/about/">development team member</a>: Richard Levitte
-09-Aug-1999: OpenSSL 0.9.4 is now <a href="ROOT/source/">available</a>, a major release
-15-Jul-1999: New <a href="ROOT/about/">development team member</a>: Andy Polyakov
-29-May-1999: OpenSSL 0.9.3a is now <a href="ROOT/source/">available</a>, a minor bugfix release
-25-May-1999: <a href="ROOT/news/">OpenSSL 0.9.3</a> is now <a href="ROOT/source/">available</a>
-10-May-1999: Test <a href="ftp://ftp.openssl.org/snapshot/">snapshots</a> now to make OpenSSL 0.9.3 a success!
-06-Apr-1999: RSAref-related <a href="ROOT/source/openssl-0.9.2b-rsaoaep.patch">patch</a> for OpenSSL 0.9.2b available
-29-Mar-1999: New <a href="ROOT/about/">development team members</a>: Ulf, Bodo and Holger.
-22-Mar-1999: Long-awaited <a href="ROOT/news/">OpenSSL 0.9.2b</a> now <a href="ROOT/source/">available</a>
-04-Mar-1999: Important <a href="ROOT/source/openssl-0.9.1c-bnrec.patch">patch</a> for OpenSSL 0.9.1c available
-28-Feb-1999: Added: <a href="ROOT/source/mirror.html">How To</a> establish an FTP mirror
-20-Feb-1999: Daily <a href="ftp://ftp.openssl.org/snapshot/">snapshot tarballs</a> now available
-15-Feb-1999: New: <a href="ROOT/support/">archives</a> of our mailing lists
-10-Feb-1999: <a href="ROOT/support/">Web form</a> for subscribing to our mailing lists
-02-Feb-1999: Added list of <a href="ROOT/related/apps.html">OpenSSL Applications</a>
-16-Jan-1999: The first <a href="ROOT/source/">FTP Mirrors</a> are available
-31-Dec-1998: New: Browsing <a href="ROOT/source/cvs/">interface</a> to the CVS repository
-29-Dec-1998: Designed the new <a href="http://www.openssl.org/">www.openssl.org</a> website
-27-Dec-1998: Established the OpenSSL <a href="ROOT/support/">mailing lists</a>
-26-Dec-1998: Established the <a href="ROOT/source/repos.html">CVS Repository</a> environment
-23-Dec-1998: Released OpenSSL <a href="ROOT/source/openssl-0.9.1c.tar.gz">0.9.1c</a>
+21-Dec-2001: OpenSSL 0.9.6c [engine] is now available, a major release
+21-Dec-2001: OpenSSL 0.9.6c is now available, a major release
+09-Jul-2001: OpenSSL 0.9.6b [engine] is now available, a major release
+09-Jul-2001: OpenSSL 0.9.6b is now available, a major release
+05-Apr-2001: OpenSSL 0.9.6a [engine] is now available, a major release
+05-Apr-2001: OpenSSL 0.9.6a is now available, a major release
+30-Mar-2001: Beta 3 of OpenSSL 0.9.6a is now available, please test it now
+30-Mar-2001: Beta 3 of OpenSSL 0.9.6a [engine] is now available, please test it now
+21-Mar-2001: Beta 2 of OpenSSL 0.9.6a is now available, please test it now
+21-Mar-2001: Beta 2 of OpenSSL 0.9.6a [engine] is now available, please test it now
+13-Mar-2001: Beta 1 of OpenSSL 0.9.6a is now available, please test it now
+13-Mar-2001: Beta 1 of OpenSSL 0.9.6a [engine] is now available, please test it now
+04-Nov-2000: New development team member: Lutz Jänicke
+24-Sep-2000: OpenSSL 0.9.6 is now available, a major release
+21-Sep-2000: Beta 3 of OpenSSL 0.9.6 is now available, please test it now
+21-Sep-2000: Beta 3 of OpenSSL 0.9.6 [engine] is now available, please test it now
+17-Sep-2000: Beta 2 of OpenSSL 0.9.6 is now available, please test it now
+17-Sep-2000: Beta 2 of OpenSSL 0.9.6 [engine] is now available, please test it now
+11-Sep-2000: Beta 1 of OpenSSL 0.9.6 is now available, please test it now
+11-Sep-2000: Beta 1 of OpenSSL 0.9.6 [engine] is now available, please test it now
+09-Sep-2000: A release plan for OpenSSL 0.9.6 is now available
+01-Apr-2000: OpenSSL 0.9.5a is now available, a bugfix release
+23-Mar-2000: Beta 2 of OpenSSL 0.9.5a is now available, please test it now
+20-Mar-2000: Beta 1 of OpenSSL 0.9.5a is now available, please test it now
+29-Feb-2000: FAQ: Why do I get a "PRNG not seeded" error message?
+28-Feb-2000: OpenSSL 0.9.5 is now available, a major release
+27-Feb-2000: Beta 2 of OpenSSL 0.9.5 is now available, please test it now
+24-Feb-2000: New development team member: Geoff Thorpe
+24-Feb-2000: Beta 1 of OpenSSL 0.9.5 is now available, please test it now
+11-Nov-1999: New development team member: Richard Levitte
+09-Aug-1999: OpenSSL 0.9.4 is now available, a major release
+15-Jul-1999: New development team member: Andy Polyakov
+29-May-1999: OpenSSL 0.9.3a is now available, a minor bugfix release
+25-May-1999: OpenSSL 0.9.3 is now available
+10-May-1999: Test snapshots now to make OpenSSL 0.9.3 a success!
+06-Apr-1999: RSAref-related patch for OpenSSL 0.9.2b available
+29-Mar-1999: New development team members: Ulf, Bodo and Holger.
+22-Mar-1999: Long-awaited OpenSSL 0.9.2b now available
+04-Mar-1999: Important patch for OpenSSL 0.9.1c available
+28-Feb-1999: Added: How To establish an FTP mirror
+20-Feb-1999: Daily snapshot tarballs now available
+15-Feb-1999: New: archives of our mailing lists
+10-Feb-1999: Web form for subscribing to our mailing lists
+02-Feb-1999: Added list of OpenSSL Applications
+16-Jan-1999: The first FTP Mirrors are available
+31-Dec-1998: New: Browsing interface to the CVS repository
+29-Dec-1998: Designed the new www.openssl.org website
+27-Dec-1998: Established the OpenSSL mailing lists
+26-Dec-1998: Established the CVS Repository environment
+23-Dec-1998: Released OpenSSL 0.9.1c
23-Dec-1998: Official start of the OpenSSL project
diff --git a/news/newslog.html b/news/newslog.html
new file mode 100644
index 0000000..942c80e
--- /dev/null
+++ b/news/newslog.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Newslog</h2></header>
+ <div class="entry-content">
+ <p>
+ Here is a terse log of all OpenSSL announcements.
+ They are almost release notices.
+ </p>
+ <table class="newsflash" width="90%">
+ <!--#include virtual="newsflash.inc"-->
+ </table>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">News</a>
+ : <a href="">Newslog</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/news/notice_20120425.txt b/news/notice_20120425.txt
deleted file mode 100644
index 08043dc..0000000
--- a/news/notice_20120425.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-Since the release of OpenSSL 1.0.1a a couple of significant problems have
-become apparent.
-
-1. Compilation on non x86 and x86_64 platforms fails in the file
- e_rc4_hmac_md5.c
-
-2. Attempts to use ciphers in FIPS capable builds outside FIPS mode fails.
-
-A release of OpenSSL 1.0.1b will be made in the near future to address this
-and any other reported problems.
-
-Anyone not wishing to wait should use the most recent 1.0.1-stable snapshot
-from ftp://ftp.openssl.org/snapshot/
-
diff --git a/news/openssl-0.9.8-notes.wml b/news/openssl-0.9.8-notes.wml
deleted file mode 100644
index 023e900..0000000
--- a/news/openssl-0.9.8-notes.wml
+++ /dev/null
@@ -1,4 +0,0 @@
-
-#use wml::openssl area=news page=openssl-0.9.8-notes
-<notes>
-
diff --git a/news/openssl-1.0.0-notes.wml b/news/openssl-1.0.0-notes.wml
deleted file mode 100644
index b5a713a..0000000
--- a/news/openssl-1.0.0-notes.wml
+++ /dev/null
@@ -1,4 +0,0 @@
-
-#use wml::openssl area=news page=openssl-1.0.0-notes
-<notes>
-
diff --git a/news/openssl-1.0.1-notes.wml b/news/openssl-1.0.1-notes.wml
deleted file mode 100644
index 3cf610d..0000000
--- a/news/openssl-1.0.1-notes.wml
+++ /dev/null
@@ -1,5 +0,0 @@
-
-#use wml::openssl area=news page=openssl-1.0.1-notes
-
-<notes>
-
diff --git a/news/openssl-1.0.2-notes.wml b/news/openssl-1.0.2-notes.wml
deleted file mode 100644
index 8ee9568..0000000
--- a/news/openssl-1.0.2-notes.wml
+++ /dev/null
@@ -1,4 +0,0 @@
-
-#use wml::openssl area=news page=openssl-1.0.2-notes
-
-<notes>
diff --git a/news/openssl-notes.wml b/news/openssl-notes.wml
deleted file mode 100644
index 9452174..0000000
--- a/news/openssl-notes.wml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-#use wml::openssl area=news page=openssl-notes
-
-<title>OpenSSL Release Notes</title>
-
-<h1>OpenSSL Release Notes</h1>
-
-The major changes for all branches of the OpenSSL toolkit are summarised below. The contents reflect the state of the <tt>NEWS</tt> file inside the git
-repository.
-
-<p>
-Additional details of changes can be found in the
-<a href="https://github.com/openssl/openssl/blob/master/CHANGES">
-change log.</a>.
-<p>
-The complete list of changes can be found in the
-<a href="https://github.com/openssl/openssl/commits/master">commit log</a>.
-<p>
-
-<notes minversion="" maxversion="X" dirname="openssl">
diff --git a/news/openssl-old-notes.wml b/news/openssl-old-notes.wml
deleted file mode 100644
index 9c2f238..0000000
--- a/news/openssl-old-notes.wml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-#use wml::openssl area=news page=openssl-old-notes
-
-<title>OpenSSL Release Notes</title>
-
-<h1>OpenSSL Old Branch Release notes</h1>
-
-The major changes in the 0.9.7 and earlier branches of the OpenSSL
-toolkit are summarised below. The contents reflect the state of the
-<tt>NEWS</tt> file inside the git repository. <b>Note:</b> these branches
-are considered obsolete and are no longer maintained.
-<p>
-Additional details of changes to OpenSSL 0.9.7 and earlier can be found in the
-<a href="https://github.com/openssl/openssl/blob/OpenSSL_0_9_7-stable/CHANGES">
-change log</a>.
-<p>
-
-A complete list of changes to OpenSSL 0.9.7 and earlier can be found in the
-<a href="https://github.com/openssl/openssl/commits/OpenSSL_0_9_7-stable">
-commit log</a>.
-<p>
-
-
-<notes minversion="" maxversion="0.9.7" dirname="openssl-0.9.8-stable">
-
diff --git a/news/patch-CAN-2005-2969.txt b/news/patch-CAN-2005-2969.txt
deleted file mode 100644
index 65dc393..0000000
--- a/news/patch-CAN-2005-2969.txt
+++ /dev/null
@@ -1,13 +0,0 @@
---- ssl/s23_srvr.c 25 Sep 2002 15:36:09 -0000 1.32.2.5
-+++ ssl/s23_srvr.c 11 Oct 2005 00:00:00 -0000
-@@ -575,9 +575,7 @@
- }
-
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-- use_sslv2_strong ||
-- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
-+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
- s->s2->ssl2_rollback=0;
- else
- /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/news/patch-CVE-2006-4339.txt b/news/patch-CVE-2006-4339.txt
deleted file mode 100644
index 203d1c5..0000000
--- a/news/patch-CVE-2006-4339.txt
+++ /dev/null
@@ -1,53 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-
-http://www.openssl.org/news/secadv_20060905.txt
-
-(This patch was updated Tue Sep 5 15:54:30 UTC 2006 to also work
-against 0.9.6)
-
-(This patch was updated Wed Sep 6 08:37:55 UTC 2006 to remove the
-changes to rsa_eay.c/rsa.h/rsa_err.c which were not necessary to
-correct this vulnerability)
-
-Index: crypto/rsa/rsa_sign.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_sign.c,v
-retrieving revision 1.21
-diff -u -r1.21 rsa_sign.c
-- - - --- crypto/rsa/rsa_sign.c 26 Apr 2005 22:07:17 -0000 1.21
-+++ crypto/rsa/rsa_sign.c 4 Sep 2006 15:16:57 -0000
-@@ -185,6 +185,23 @@
- sig=d2i_X509_SIG(NULL,&p,(long)i);
-
- if (sig == NULL) goto err;
-+
-+ /* Excess data can be used to create forgeries */
-+ if(p != s+i)
-+ {
-+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-+ goto err;
-+ }
-+
-+ /* Parameters to the signature algorithm can also be used to
-+ create forgeries */
-+ if(sig->algor->parameter
-+ && sig->algor->parameter->type != V_ASN1_NULL)
-+ {
-+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-+ goto err;
-+ }
-+
- sigtype=OBJ_obj2nid(sig->algor->algorithm);
-
-
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2.2 (GNU/Linux)
-
-iQCVAwUBRP6JWe6tTP1JpWPZAQLssAP+LZH3morviQ2DEN7yWRpVuCsP31850Ma7
-9OjH1wEkAbA3rX2XmDxYFd6dJBanksgdXUqLHlm8w8Q9aA+FKPmyFSaQ74N7nHgE
-iDGws5w1PE1U/sigQvz9FoY5DgCU0l/L+MOoj+UaIiueafLCgO4VpwB1EftXymsS
-eCQDyyI37rE=
-=MXpR
------END PGP SIGNATURE-----
diff --git a/news/patch-CVE-2007-3108.txt b/news/patch-CVE-2007-3108.txt
deleted file mode 100644
index abf0196..0000000
--- a/news/patch-CVE-2007-3108.txt
+++ /dev/null
@@ -1,126 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-- --- openssl-0.9.8e/crypto/bn/bn_mont.c 2006-06-16 03:01:14.000000000 +0200
-+++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c 2007-06-29 10:13:25.000000000 +0200
-@@ -176,7 +176,6 @@
-
- max=(nl+al+1); /* allow for overflow (no?) XXX */
- if (bn_wexpand(r,max) == NULL) goto err;
-- - if (bn_wexpand(ret,max) == NULL) goto err;
-
- r->neg=a->neg^n->neg;
- np=n->d;
-@@ -228,19 +227,70 @@
- }
- bn_correct_top(r);
-
-- - /* mont->ri will be a multiple of the word size */
-- -#if 0
-- - BN_rshift(ret,r,mont->ri);
-- -#else
-- - ret->neg = r->neg;
-- - x=ri;
-+ /* mont->ri will be a multiple of the word size and below code
-+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-+ if (r->top <= ri)
-+ {
-+ ret->top=0;
-+ retn=1;
-+ goto err;
-+ }
-+ al=r->top-ri;
-+
-+# define BRANCH_FREE 1
-+# if BRANCH_FREE
-+ if (bn_wexpand(ret,ri) == NULL) goto err;
-+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
-+ ret->neg=r->neg;
-+
- rp=ret->d;
-- - ap= &(r->d[x]);
-- - if (r->top < x)
-- - al=0;
-- - else
-- - al=r->top-x;
-+ ap=&(r->d[ri]);
-+
-+ {
-+ size_t m1,m2;
-+
-+ v=bn_sub_words(rp,ap,np,ri);
-+ /* this ----------------^^ works even in al<ri case
-+ * thanks to zealous zeroing of top of the vector in the
-+ * beginning. */
-+
-+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-+ /* in other words if subtraction result is real, then
-+ * trick unconditional memcpy below to perform in-place
-+ * "refresh" instead of actual copy. */
-+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
-+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
-+ m1|=m2; /* (al!=ri) */
-+ m1|=(0-(size_t)v); /* (al!=ri || v) */
-+ m1&=~m2; /* (al!=ri || v) && !al>ri */
-+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-+ }
-+
-+ /* 'i<ri' is chosen to eliminate dependency on input data, even
-+ * though it results in redundant copy in al<ri case. */
-+ for (i=0,ri-=4; i<ri; i+=4)
-+ {
-+ BN_ULONG t1,t2,t3,t4;
-+
-+ t1=nrp[i+0];
-+ t2=nrp[i+1];
-+ t3=nrp[i+2]; ap[i+0]=0;
-+ t4=nrp[i+3]; ap[i+1]=0;
-+ rp[i+0]=t1; ap[i+2]=0;
-+ rp[i+1]=t2; ap[i+3]=0;
-+ rp[i+2]=t3;
-+ rp[i+3]=t4;
-+ }
-+ for (ri+=4; i<ri; i++)
-+ rp[i]=nrp[i], ap[i]=0;
-+# else
-+ if (bn_wexpand(ret,al) == NULL) goto err;
- ret->top=al;
-+ ret->neg=r->neg;
-+
-+ rp=ret->d;
-+ ap=&(r->d[ri]);
- al-=4;
- for (i=0; i<al; i+=4)
- {
-@@ -258,7 +308,7 @@
- al+=4;
- for (; i<al; i++)
- rp[i]=ap[i];
-- -#endif
-+# endif
- #else /* !MONT_WORD */
- BIGNUM *t1,*t2;
-
-@@ -278,10 +328,12 @@
- if (!BN_rshift(ret,t2,mont->ri)) goto err;
- #endif /* MONT_WORD */
-
-+#if !defined(BRANCH_FREE) || BRANCH_FREE==0
- if (BN_ucmp(ret, &(mont->N)) >= 0)
- {
- if (!BN_usub(ret,ret,&(mont->N))) goto err;
- }
-+#endif
- retn=1;
- bn_check_top(ret);
- err:
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.5 (GNU/Linux)
-
-iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA
-7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj
-zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz
-iBDdynBpa+s=
-=aquq
------END PGP SIGNATURE-----
diff --git a/news/patch-CVE-2007-5502-1.txt b/news/patch-CVE-2007-5502-1.txt
deleted file mode 100644
index d7fcfe5..0000000
--- a/news/patch-CVE-2007-5502-1.txt
+++ /dev/null
@@ -1,20 +0,0 @@
---- fips-1.0/rand/@fips_rand.c 2007-11-01 17:12:07.000000000 -0400
-+++ fips-1.0/rand/fips_rand.c 2007-11-01 17:18:04.000000000 -0400
-@@ -205,6 +205,7 @@
- n_seed=0;
- o_seed=0;
- key_init=0;
-+ key_set=0;
- }
-
- void FIPS_rand_seed(const void *buf_, FIPS_RAND_SIZE_T num)
---- fips-1.0/rand/@fips_rand_selftest.c 2007-11-01 17:16:41.000000000 -0400
-+++ fips-1.0/rand/fips_rand_selftest.c 2007-11-01 17:17:07.000000000 -0400
-@@ -114,6 +114,7 @@
- }
- }
- FIPS_test_mode(0,NULL);
-+ FIPS_rand_method()->cleanup();
- return 1;
- }
-
diff --git a/news/patch-CVE-2007-5502-2.txt b/news/patch-CVE-2007-5502-2.txt
deleted file mode 100644
index f80290b..0000000
--- a/news/patch-CVE-2007-5502-2.txt
+++ /dev/null
@@ -1,29 +0,0 @@
---- fips-1.0/@fips.c 2007-11-29 07:09:47.000000000 -0500
-+++ fips-1.0/fips.c 2007-11-29 07:10:37.000000000 -0500
-@@ -265,18 +265,16 @@
- goto end;
- }
-
-- /* automagically seed PRNG if not already seeded */
-- if(!FIPS_rand_seeded())
-+ /* Always automagically seed PRNG */
-+ FIPS_rand_method()->cleanup();
-+ if(RAND_bytes(buf,sizeof buf) <= 0)
- {
-- if(RAND_bytes(buf,sizeof buf) <= 0)
-- {
-- fips_selftest_fail = 1;
-- ret = 0;
-- goto end;
-- }
-- FIPS_set_prng_key(buf,buf+8);
-- FIPS_rand_seed(buf+16,8);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
- }
-+ FIPS_set_prng_key(buf,buf+8);
-+ FIPS_rand_seed(buf+16,8);
-
- /* now switch into FIPS mode */
- fips_set_rand_check(FIPS_rand_method());
diff --git a/news/patch_20020730_0_9_6d.txt b/news/patch_20020730_0_9_6d.txt
deleted file mode 100644
index 39db0ed..0000000
--- a/news/patch_20020730_0_9_6d.txt
+++ /dev/null
@@ -1,518 +0,0 @@
-Index: CHANGES
-===================================================================
-RCS file: /e/openssl/cvs/openssl/CHANGES,v
-retrieving revision 1.618.2.158
-diff -u -r1.618.2.158 CHANGES
---- CHANGES 2002/05/09 22:40:31 1.618.2.158
-+++ CHANGES 2002/07/30 09:14:15
-@@ -2,6 +2,35 @@
- OpenSSL CHANGES
- _______________
-
-+ Changes in security patch
-+
-+Changes marked "(CHATS)" were sponsored by the Defense Advanced
-+Research Projects Agency (DARPA) and Air Force Research Laboratory,
-+Air Force Materiel Command, USAF, under agreement number
-+F30602-01-2-0537.
-+
-+ *) Add various sanity checks to asn1_get_length() to reject
-+ the ASN1 length bytes if they exceed sizeof(long), will appear
-+ negative or the content length exceeds the length of the
-+ supplied buffer. (CAN-2002-0659)
-+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-+
-+ *) Assertions for various potential buffer overflows, not known to
-+ happen in practice.
-+ [Ben Laurie (CHATS)]
-+
-+ *) Various temporary buffers to hold ASCII versions of integers were
-+ too small for 64 bit platforms. (CAN-2002-0655)
-+ [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
-+
-+ *) Remote buffer overflow in SSL3 protocol - an attacker could
-+ supply an oversized session ID to a client. (CAN-2002-0656)
-+ [Ben Laurie (CHATS)]
-+
-+ *) Remote buffer overflow in SSL2 protocol - an attacker could
-+ supply an oversized client master key. (CAN-2002-0656)
-+ [Ben Laurie (CHATS)]
-+
- Changes between 0.9.6c and 0.9.6d [9 May 2002]
-
- *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
-Index: crypto/cryptlib.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v
-retrieving revision 1.20.2.4
-diff -u -r1.20.2.4 cryptlib.c
---- crypto/cryptlib.c 2001/11/23 20:57:59 1.20.2.4
-+++ crypto/cryptlib.c 2002/07/30 09:14:15
-@@ -491,3 +491,11 @@
- #endif
-
- #endif
-+
-+void OpenSSLDie(const char *file,int line,const char *assertion)
-+ {
-+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-+ file,line,assertion);
-+ abort();
-+ }
-+
-Index: crypto/cryptlib.h
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v
-retrieving revision 1.8
-diff -u -r1.8 cryptlib.h
---- crypto/cryptlib.h 2000/05/02 12:35:04 1.8
-+++ crypto/cryptlib.h 2002/07/30 09:14:16
-@@ -89,6 +89,14 @@
- #define X509_CERT_DIR_EVP "SSL_CERT_DIR"
- #define X509_CERT_FILE_EVP "SSL_CERT_FILE"
-
-+/* size of string represenations */
-+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-+#define HEX_SIZE(type) ((sizeof(type)*2)
-+
-+/* die if we have to */
-+void OpenSSLDie(const char *file,int line,const char *assertion);
-+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
-+
- #ifdef __cplusplus
- }
- #endif
-Index: crypto/asn1/asn1_lib.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
-retrieving revision 1.19.2.1
-diff -u -r1.19.2.1 asn1_lib.c
---- crypto/asn1/asn1_lib.c 2001/03/30 13:42:32 1.19.2.1
-+++ crypto/asn1/asn1_lib.c 2002/08/02 00:00:00
-@@ -124,15 +124,13 @@
- (int)(omax+ *pp));
-
- #endif
--#if 0
-- if ((p+ *plength) > (omax+ *pp))
-+ if (*plength > (omax - (p - *pp)))
- {
- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
- /* Set this so that even if things are not long enough
- * the values are set correctly */
- ret|=0x80;
- }
--#endif
- *pp=p;
- return(ret|inf);
- err:
-@@ -159,6 +157,8 @@
- i= *p&0x7f;
- if (*(p++) & 0x80)
- {
-+ if (i > sizeof(long))
-+ return 0;
- if (max-- == 0) return(0);
- while (i-- > 0)
- {
-@@ -170,6 +170,8 @@
- else
- ret=i;
- }
-+ if (ret < 0)
-+ return 0;
- *pp=p;
- *rl=ret;
- return(1);
-@@ -407,7 +409,7 @@
-
- void asn1_add_error(unsigned char *address, int offset)
- {
-- char buf1[16],buf2[16];
-+ char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
-
- sprintf(buf1,"%lu",(unsigned long)address);
- sprintf(buf2,"%d",offset);
-Index: crypto/conf/conf_def.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v
-retrieving revision 1.3
-diff -u -r1.3 conf_def.c
---- crypto/conf/conf_def.c 2000/06/06 15:21:12 1.3
-+++ crypto/conf/conf_def.c 2002/07/30 09:14:18
-@@ -67,6 +67,7 @@
- #include "conf_def.h"
- #include <openssl/buffer.h>
- #include <openssl/err.h>
-+#include "cryptlib.h"
-
- static char *eat_ws(CONF *conf, char *p);
- static char *eat_alpha_numeric(CONF *conf, char *p);
-@@ -180,12 +181,12 @@
- static int def_load(CONF *conf, BIO *in, long *line)
- {
- #define BUFSIZE 512
-- char btmp[16];
- int bufnum=0,i,ii;
- BUF_MEM *buff=NULL;
- char *s,*p,*end;
- int again,n;
- long eline=0;
-+ char btmp[DECIMAL_SIZE(eline)+1];
- CONF_VALUE *v=NULL,*tv;
- CONF_VALUE *sv=NULL;
- char *section=NULL,*buf;
-Index: crypto/objects/obj_dat.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v
-retrieving revision 1.16.2.2
-diff -u -r1.16.2.2 obj_dat.c
---- crypto/objects/obj_dat.c 2002/04/18 11:52:28 1.16.2.2
-+++ crypto/objects/obj_dat.c 2002/07/30 09:14:19
-@@ -428,7 +428,7 @@
- unsigned long l;
- unsigned char *p;
- const char *s;
-- char tbuf[32];
-+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
-
- if (buf_len <= 0) return(0);
-
-Index: ssl/s2_clnt.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
-retrieving revision 1.27.2.4
-diff -u -r1.27.2.4 s2_clnt.c
---- ssl/s2_clnt.c 2001/11/10 10:43:51 1.27.2.4
-+++ ssl/s2_clnt.c 2002/07/30 09:14:25
-@@ -116,6 +116,7 @@
- #include <openssl/buffer.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl2_get_client_method(int ver);
- static int get_server_finished(SSL *s);
-@@ -517,6 +518,7 @@
- }
-
- s->s2->conn_id_length=s->s2->tmp.conn_id_length;
-+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
- return(1);
- }
-@@ -618,6 +620,7 @@
- /* make key_arg data */
- i=EVP_CIPHER_iv_length(c);
- sess->key_arg_length=i;
-+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
- if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
-
- /* make a master key */
-@@ -625,6 +628,7 @@
- sess->master_key_length=i;
- if (i > 0)
- {
-+ die(i <= sizeof sess->master_key);
- if (RAND_bytes(sess->master_key,i) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-@@ -668,6 +672,7 @@
- d+=enc;
- karg=sess->key_arg_length;
- s2n(karg,p); /* key arg size */
-+ die(karg <= sizeof sess->key_arg);
- memcpy(d,sess->key_arg,(unsigned int)karg);
- d+=karg;
-
-@@ -688,6 +693,7 @@
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_CLIENT_FINISHED;
-+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
-
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
-@@ -944,6 +950,8 @@
- {
- if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
- {
-+ die(s->session->session_id_length
-+ <= sizeof s->session->session_id);
- if (memcmp(buf,s->session->session_id,
- (unsigned int)s->session->session_id_length) != 0)
- {
-Index: ssl/s2_lib.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v
-retrieving revision 1.29.2.2
-diff -u -r1.29.2.2 s2_lib.c
---- ssl/s2_lib.c 2000/12/26 12:06:47 1.29.2.2
-+++ ssl/s2_lib.c 2002/07/30 09:14:25
-@@ -62,6 +62,7 @@
- #include <openssl/rsa.h>
- #include <openssl/objects.h>
- #include <openssl/md5.h>
-+#include "cryptlib.h"
-
- static long ssl2_default_timeout(void );
- const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
-@@ -425,10 +426,14 @@
- #endif
-
- km=s->s2->key_material;
-+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
- for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
- {
- MD5_Init(&ctx);
-
-+ die(s->session->master_key_length >= 0
-+ && s->session->master_key_length
-+ < sizeof s->session->master_key);
- MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
- MD5_Update(&ctx,&c,1);
- c++;
-@@ -463,6 +468,7 @@
- /* state=s->rwstate;*/
- error=s->error;
- s->error=0;
-+ die(error >= 0 && error <= 3);
- i=ssl2_write(s,&(buf[3-error]),error);
- /* if (i == error) s->rwstate=state; */
-
-Index: ssl/s2_srvr.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
-retrieving revision 1.25.2.5
-diff -u -r1.25.2.5 s2_srvr.c
---- ssl/s2_srvr.c 2001/11/14 21:19:47 1.25.2.5
-+++ ssl/s2_srvr.c 2002/07/30 09:14:26
-@@ -116,6 +116,7 @@
- #include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl2_get_server_method(int ver);
- static int get_client_master_key(SSL *s);
-@@ -417,11 +418,18 @@
- n2s(p,i); s->s2->tmp.clear=i;
- n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i); s->session->key_arg_length=i;
-+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
-+ {
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-+ SSL_R_KEY_ARG_TOO_LONG);
-+ return -1;
-+ }
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
- }
-
- /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
- p=(unsigned char *)s->init_buf->data;
-+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
- keya=s->session->key_arg_length;
- len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-@@ -502,6 +510,7 @@
- #endif
-
- if (is_export) i+=s->s2->tmp.clear;
-+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
- s->session->master_key_length=i;
- memcpy(s->session->master_key,p,(unsigned int)i);
- return(1);
-@@ -649,6 +658,7 @@
- p+=s->s2->tmp.session_id_length;
-
- /* challenge */
-+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
- memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
- return(1);
- mem_err:
-@@ -800,6 +810,7 @@
- }
-
- /* SSL2_ST_GET_CLIENT_FINISHED_B */
-+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- len = 1 + (unsigned long)s->s2->conn_id_length;
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
-@@ -825,6 +836,7 @@
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_VERIFY;
-+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
- memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
- /* p+=s->s2->challenge_length; */
-
-@@ -844,6 +856,8 @@
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_FINISHED;
-
-+ die(s->session->session_id_length
-+ <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,
- (unsigned int)s->session->session_id_length);
- /* p+=s->session->session_id_length; */
-Index: ssl/s3_clnt.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
-retrieving revision 1.31.2.6
-diff -u -r1.31.2.6 s3_clnt.c
---- ssl/s3_clnt.c 2002/01/14 23:42:35 1.31.2.6
-+++ ssl/s3_clnt.c 2002/07/30 09:14:27
-@@ -117,6 +117,7 @@
- #include <openssl/sha.h>
- #include <openssl/evp.h>
- #include "ssl_locl.h"
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl3_get_client_method(int ver);
- static int ssl3_client_hello(SSL *s);
-@@ -545,6 +546,7 @@
- *(p++)=i;
- if (i != 0)
- {
-+ die(i <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-@@ -625,6 +627,14 @@
-
- /* get the session-id */
- j= *(p++);
-+
-+ if(j > sizeof s->session->session_id)
-+ {
-+ al=SSL_AD_ILLEGAL_PARAMETER;
-+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
-+ goto f_err;
-+ }
-
- if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
- {
-Index: ssl/s3_srvr.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
-retrieving revision 1.49.2.14
-diff -u -r1.49.2.14 s3_srvr.c
---- ssl/s3_srvr.c 2002/04/13 22:49:26 1.49.2.14
-+++ ssl/s3_srvr.c 2002/07/30 09:14:28
-@@ -122,6 +122,7 @@
- #include <openssl/evp.h>
- #include <openssl/x509.h>
- #include "ssl_locl.h"
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl3_get_server_method(int ver);
- static int ssl3_get_client_hello(SSL *s);
-@@ -948,6 +949,7 @@
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
-+ die(sl <= sizeof s->session->session_id);
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-Index: ssl/ssl.h
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
-retrieving revision 1.85.2.12
-diff -u -r1.85.2.12 ssl.h
---- ssl/ssl.h 2002/01/14 23:42:42 1.85.2.12
-+++ ssl/ssl.h 2002/07/30 09:14:29
-@@ -1478,6 +1478,7 @@
- #define SSL_R_INVALID_COMMAND 280
- #define SSL_R_INVALID_PURPOSE 278
- #define SSL_R_INVALID_TRUST 279
-+#define SSL_R_KEY_ARG_TOO_LONG 1112
- #define SSL_R_LENGTH_MISMATCH 159
- #define SSL_R_LENGTH_TOO_SHORT 160
- #define SSL_R_LIBRARY_BUG 274
-@@ -1546,6 +1547,7 @@
- #define SSL_R_SHORT_READ 219
- #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
- #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
- #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
- #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
- #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-Index: ssl/ssl_asn1.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v
-retrieving revision 1.8
-diff -u -r1.8 ssl_asn1.c
---- ssl/ssl_asn1.c 2000/06/01 22:19:19 1.8
-+++ ssl/ssl_asn1.c 2002/07/30 09:14:29
-@@ -62,6 +62,7 @@
- #include <openssl/objects.h>
- #include <openssl/x509.h>
- #include "ssl_locl.h"
-+#include "cryptlib.h"
-
- typedef struct ssl_session_asn1_st
- {
-@@ -275,6 +276,7 @@
- os.length=i;
-
- ret->session_id_length=os.length;
-+ die(os.length <= sizeof ret->session_id);
- memcpy(ret->session_id,os.data,os.length);
-
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-Index: ssl/ssl_err.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
-retrieving revision 1.28.2.6
-diff -u -r1.28.2.6 ssl_err.c
---- ssl/ssl_err.c 2001/11/10 01:15:29 1.28.2.6
-+++ ssl/ssl_err.c 2002/07/30 09:14:30
-@@ -1,6 +1,6 @@
- /* ssl/ssl_err.c */
- /* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
-@@ -275,6 +275,7 @@
- {SSL_R_INVALID_COMMAND ,"invalid command"},
- {SSL_R_INVALID_PURPOSE ,"invalid purpose"},
- {SSL_R_INVALID_TRUST ,"invalid trust"},
-+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
- {SSL_R_LENGTH_MISMATCH ,"length mismatch"},
- {SSL_R_LENGTH_TOO_SHORT ,"length too short"},
- {SSL_R_LIBRARY_BUG ,"library bug"},
-@@ -343,6 +344,7 @@
- {SSL_R_SHORT_READ ,"short read"},
- {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
- {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
-+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
- {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
- {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
- {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
-Index: ssl/ssl_sess.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
-retrieving revision 1.30.2.2
-diff -u -r1.30.2.2 ssl_sess.c
---- ssl/ssl_sess.c 2002/02/10 12:52:57 1.30.2.2
-+++ ssl/ssl_sess.c 2002/07/30 09:14:30
-@@ -60,6 +60,7 @@
- #include <openssl/lhash.h>
- #include <openssl/rand.h>
- #include "ssl_locl.h"
-+#include "cryptlib.h"
-
- static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
- static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-@@ -199,6 +200,7 @@
- ss->session_id_length=0;
- }
-
-+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
- memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
- ss->sid_ctx_length=s->sid_ctx_length;
- s->session=ss;
diff --git a/news/patch_20020730_0_9_7.txt b/news/patch_20020730_0_9_7.txt
deleted file mode 100644
index c61909a..0000000
--- a/news/patch_20020730_0_9_7.txt
+++ /dev/null
@@ -1,665 +0,0 @@
-Index: CHANGES
-===================================================================
-RCS file: /e/openssl/cvs/openssl/CHANGES,v
-retrieving revision 1.977.2.42
-diff -u -r1.977.2.42 CHANGES
---- CHANGES 2002/07/16 09:18:25 1.977.2.42
-+++ CHANGES 2002/07/30 09:54:48
-@@ -4,6 +4,38 @@
-
- Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
-
-+Changes marked "(CHATS)" were sponsored by the Defense Advanced
-+Research Projects Agency (DARPA) and Air Force Research Laboratory,
-+Air Force Materiel Command, USAF, under agreement number
-+F30602-01-2-0537.
-+
-+ *) Add various sanity checks to asn1_get_length() to reject
-+ the ASN1 length bytes if they exceed sizeof(long), will appear
-+ negative or the content length exceeds the length of the
-+ supplied buffer. (CAN-2002-0659)
-+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-+
-+ *) Assertions for various potential buffer overflows, not known to
-+ happen in practice.
-+ [Ben Laurie (CHATS)]
-+
-+ *) Various temporary buffers to hold ASCII versions of integers were
-+ too small for 64 bit platforms. (CAN-2002-0655)
-+ [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
-+
-+ *) Remote buffer overflow in SSL3 protocol - an attacker could
-+ supply an oversized master key in Kerberos-enabled versions.
-+ (CAN-2002-0657)
-+ [Ben Laurie (CHATS)]
-+
-+ *) Remote buffer overflow in SSL3 protocol - an attacker could
-+ supply an oversized session ID to a client. (CAN-2002-0656)
-+ [Ben Laurie (CHATS)]
-+
-+ *) Remote buffer overflow in SSL2 protocol - an attacker could
-+ supply an oversized client master key. (CAN-2002-0656)
-+ [Ben Laurie (CHATS)]
-+
- *) Add appropriate support for separate platform-dependent build
- directories. The recommended way to make a platform-dependent
- build directory is the following (tested on Linux), maybe with
-@@ -1654,6 +1686,12 @@
- [Richard Levitte]
-
- Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
-+
-+ *) Add various sanity checks to asn1_get_length() to reject
-+ the ASN1 length bytes if they exceed sizeof(long), will appear
-+ negative or the content length exceeds the length of the
-+ supplied buffer.
-+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-
- *) Fix cipher selection routines: ciphers without encryption had no flags
- for the cipher strength set and where therefore not handled correctly
-Index: crypto/cryptlib.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v
-retrieving revision 1.32
-diff -u -r1.32 cryptlib.c
---- crypto/cryptlib.c 2001/11/24 04:02:42 1.32
-+++ crypto/cryptlib.c 2002/07/30 09:54:50
-@@ -492,3 +492,11 @@
- #endif
-
- #endif
-+
-+void OpenSSLDie(const char *file,int line,const char *assertion)
-+ {
-+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-+ file,line,assertion);
-+ abort();
-+ }
-+
-Index: crypto/cryptlib.h
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v
-retrieving revision 1.10
-diff -u -r1.10 cryptlib.h
---- crypto/cryptlib.h 2001/02/22 14:44:54 1.10
-+++ crypto/cryptlib.h 2002/07/30 09:54:50
-@@ -89,6 +89,14 @@
- #define X509_CERT_DIR_EVP "SSL_CERT_DIR"
- #define X509_CERT_FILE_EVP "SSL_CERT_FILE"
-
-+/* size of string represenations */
-+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-+#define HEX_SIZE(type) ((sizeof(type)*2)
-+
-+/* die if we have to */
-+void OpenSSLDie(const char *file,int line,const char *assertion);
-+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
-+
- #ifdef __cplusplus
- }
- #endif
-Index: crypto/asn1/asn1_lib.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
-retrieving revision 1.20.2.1
-diff -u -r1.20.2.1 asn1_lib.c
---- crypto/asn1/asn1_lib.c 2002/06/13 17:38:46 1.20.2.1
-+++ crypto/asn1/asn1_lib.c 2002/08/02 00:00:00
-@@ -124,15 +124,13 @@
- (int)(omax+ *pp));
-
- #endif
--#if 0
-- if ((p+ *plength) > (omax+ *pp))
-+ if (*plength > (omax - (p - *pp)))
- {
- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
- /* Set this so that even if things are not long enough
- * the values are set correctly */
- ret|=0x80;
- }
--#endif
- *pp=p;
- return(ret|inf);
- err:
-@@ -159,6 +157,8 @@
- i= *p&0x7f;
- if (*(p++) & 0x80)
- {
-+ if (i > sizeof(long))
-+ return 0;
- if (max-- == 0) return(0);
- while (i-- > 0)
- {
-@@ -170,6 +170,8 @@
- else
- ret=i;
- }
-+ if (ret < 0)
-+ return 0;
- *pp=p;
- *rl=ret;
- return(1);
-@@ -407,7 +409,7 @@
-
- void asn1_add_error(unsigned char *address, int offset)
- {
-- char buf1[16],buf2[16];
-+ char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
-
- sprintf(buf1,"%lu",(unsigned long)address);
- sprintf(buf2,"%d",offset);
-Index: crypto/conf/conf_def.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v
-retrieving revision 1.12
-diff -u -r1.12 conf_def.c
---- crypto/conf/conf_def.c 2002/01/24 16:15:17 1.12
-+++ crypto/conf/conf_def.c 2002/07/30 09:54:51
-@@ -67,6 +67,7 @@
- #include "conf_def.h"
- #include <openssl/buffer.h>
- #include <openssl/err.h>
-+#include "cryptlib.h"
-
- static char *eat_ws(CONF *conf, char *p);
- static char *eat_alpha_numeric(CONF *conf, char *p);
-@@ -208,12 +209,12 @@
- static int def_load_bio(CONF *conf, BIO *in, long *line)
- {
- #define BUFSIZE 512
-- char btmp[16];
- int bufnum=0,i,ii;
- BUF_MEM *buff=NULL;
- char *s,*p,*end;
- int again,n;
- long eline=0;
-+ char btmp[DECIMAL_SIZE(eline)+1];
- CONF_VALUE *v=NULL,*tv;
- CONF_VALUE *sv=NULL;
- char *section=NULL,*buf;
-Index: crypto/conf/conf_mod.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_mod.c,v
-retrieving revision 1.8.2.6
-diff -u -r1.8.2.6 conf_mod.c
---- crypto/conf/conf_mod.c 2002/05/08 15:13:24 1.8.2.6
-+++ crypto/conf/conf_mod.c 2002/07/30 09:54:52
-@@ -230,7 +230,7 @@
- {
- if (!(flags & CONF_MFLAGS_SILENT))
- {
-- char rcode[10];
-+ char rcode[DECIMAL_SIZE(ret)+1];
- CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
- sprintf(rcode, "%-8d", ret);
- ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
-Index: crypto/engine/hw_cswift.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/engine/hw_cswift.c,v
-retrieving revision 1.17.2.1
-diff -u -r1.17.2.1 hw_cswift.c
---- crypto/engine/hw_cswift.c 2002/06/21 02:48:52 1.17.2.1
-+++ crypto/engine/hw_cswift.c 2002/07/30 09:54:53
-@@ -501,7 +501,7 @@
- goto err;
- default:
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -518,7 +518,7 @@
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
- &res, 1)) != SW_OK)
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -608,7 +608,7 @@
- goto err;
- default:
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -625,7 +625,7 @@
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
- &res, 1)) != SW_OK)
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -740,7 +740,7 @@
- goto err;
- default:
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -758,7 +758,7 @@
- &res, 1);
- if(sw_status != SW_OK)
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -852,7 +852,7 @@
- goto err;
- default:
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-@@ -874,7 +874,7 @@
- &res, 1);
- if(sw_status != SW_OK)
- {
-- char tmpbuf[20];
-+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
-Index: crypto/objects/obj_dat.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v
-retrieving revision 1.23.2.3
-diff -u -r1.23.2.3 obj_dat.c
---- crypto/objects/obj_dat.c 2002/05/30 16:49:44 1.23.2.3
-+++ crypto/objects/obj_dat.c 2002/07/30 09:54:53
-@@ -436,7 +436,7 @@
- unsigned long l;
- unsigned char *p;
- const char *s;
-- char tbuf[32];
-+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
-
- if (buf_len <= 0) return(0);
-
-Index: ssl/s2_clnt.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
-retrieving revision 1.37
-diff -u -r1.37 s2_clnt.c
---- ssl/s2_clnt.c 2002/01/12 15:56:10 1.37
-+++ ssl/s2_clnt.c 2002/07/30 09:55:01
-@@ -116,6 +116,7 @@
- #include <openssl/buffer.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl2_get_client_method(int ver);
- static int get_server_finished(SSL *s);
-@@ -535,6 +536,7 @@
- }
-
- s->s2->conn_id_length=s->s2->tmp.conn_id_length;
-+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
- return(1);
- }
-@@ -636,6 +638,7 @@
- /* make key_arg data */
- i=EVP_CIPHER_iv_length(c);
- sess->key_arg_length=i;
-+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
- if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
-
- /* make a master key */
-@@ -643,6 +646,7 @@
- sess->master_key_length=i;
- if (i > 0)
- {
-+ die(i <= sizeof sess->master_key);
- if (RAND_bytes(sess->master_key,i) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-@@ -686,6 +690,7 @@
- d+=enc;
- karg=sess->key_arg_length;
- s2n(karg,p); /* key arg size */
-+ die(karg <= sizeof sess->key_arg);
- memcpy(d,sess->key_arg,(unsigned int)karg);
- d+=karg;
-
-@@ -706,6 +711,7 @@
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_CLIENT_FINISHED;
-+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
-
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
-@@ -978,6 +984,8 @@
- {
- if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
- {
-+ die(s->session->session_id_length
-+ <= sizeof s->session->session_id);
- if (memcmp(buf,s->session->session_id,
- (unsigned int)s->session->session_id_length) != 0)
- {
-Index: ssl/s2_lib.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v
-retrieving revision 1.39.2.1
-diff -u -r1.39.2.1 s2_lib.c
---- ssl/s2_lib.c 2002/07/10 06:40:18 1.39.2.1
-+++ ssl/s2_lib.c 2002/07/30 09:55:01
-@@ -63,6 +63,7 @@
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/md5.h>
-+#include "cryptlib.h"
-
- static long ssl2_default_timeout(void );
- const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
-@@ -428,10 +429,14 @@
- #endif
- EVP_MD_CTX_init(&ctx);
- km=s->s2->key_material;
-+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
- for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
- {
- EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
-
-+ die(s->session->master_key_length >= 0
-+ && s->session->master_key_length
-+ < sizeof s->session->master_key);
- EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
- EVP_DigestUpdate(&ctx,&c,1);
- c++;
-@@ -467,6 +472,7 @@
- /* state=s->rwstate;*/
- error=s->error;
- s->error=0;
-+ die(error >= 0 && error <= 3);
- i=ssl2_write(s,&(buf[3-error]),error);
- /* if (i == error) s->rwstate=state; */
-
-Index: ssl/s2_srvr.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
-retrieving revision 1.36
-diff -u -r1.36 s2_srvr.c
---- ssl/s2_srvr.c 2002/01/12 15:56:11 1.36
-+++ ssl/s2_srvr.c 2002/07/30 09:55:02
-@@ -116,6 +116,7 @@
- #include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl2_get_server_method(int ver);
- static int get_client_master_key(SSL *s);
-@@ -417,11 +418,18 @@
- n2s(p,i); s->s2->tmp.clear=i;
- n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i); s->session->key_arg_length=i;
-+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
-+ {
-+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-+ SSL_R_KEY_ARG_TOO_LONG);
-+ return -1;
-+ }
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
- }
-
- /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
- p=(unsigned char *)s->init_buf->data;
-+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
- keya=s->session->key_arg_length;
- len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-@@ -504,6 +512,7 @@
- #endif
-
- if (is_export) i+=s->s2->tmp.clear;
-+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
- s->session->master_key_length=i;
- memcpy(s->session->master_key,p,(unsigned int)i);
- return(1);
-@@ -670,6 +679,7 @@
- p+=s->s2->tmp.session_id_length;
-
- /* challenge */
-+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
- memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
- return(1);
- mem_err:
-@@ -826,6 +836,7 @@
- }
-
- /* SSL2_ST_GET_CLIENT_FINISHED_B */
-+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
- len = 1 + (unsigned long)s->s2->conn_id_length;
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
-@@ -853,6 +864,7 @@
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_VERIFY;
-+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
- memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
- /* p+=s->s2->challenge_length; */
-
-@@ -872,6 +884,8 @@
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_FINISHED;
-
-+ die(s->session->session_id_length
-+ <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,
- (unsigned int)s->session->session_id_length);
- /* p+=s->session->session_id_length; */
-Index: ssl/s3_clnt.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
-retrieving revision 1.53.2.2
-diff -u -r1.53.2.2 s3_clnt.c
---- ssl/s3_clnt.c 2002/07/10 06:57:48 1.53.2.2
-+++ ssl/s3_clnt.c 2002/07/30 09:55:03
-@@ -117,6 +117,7 @@
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/md5.h>
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl3_get_client_method(int ver);
- static int ssl3_client_hello(SSL *s);
-@@ -545,6 +546,7 @@
- *(p++)=i;
- if (i != 0)
- {
-+ die(i <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-@@ -626,6 +628,14 @@
- /* get the session-id */
- j= *(p++);
-
-+ if(j > sizeof s->session->session_id)
-+ {
-+ al=SSL_AD_ILLEGAL_PARAMETER;
-+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
-+ goto f_err;
-+ }
-+
- if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
- {
- /* SSLref returns 16 :-( */
-@@ -1588,6 +1598,7 @@
- SSL_MAX_MASTER_KEY_LENGTH);
- EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
- outl += padl;
-+ die(outl <= sizeof epms);
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- /* KerberosWrapper.EncryptedPreMasterSecret */
-Index: ssl/s3_srvr.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
-retrieving revision 1.85.2.5
-diff -u -r1.85.2.5 s3_srvr.c
---- ssl/s3_srvr.c 2002/07/10 06:57:50 1.85.2.5
-+++ ssl/s3_srvr.c 2002/07/30 13:36:36
-@@ -123,6 +123,7 @@
- #include <openssl/x509.h>
- #include <openssl/krb5_asn.h>
- #include <openssl/md5.h>
-+#include "cryptlib.h"
-
- static SSL_METHOD *ssl3_get_server_method(int ver);
- static int ssl3_get_client_hello(SSL *s);
-@@ -964,6 +965,7 @@
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
-+ die(sl <= sizeof s->session->session_id);
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-@@ -1559,8 +1561,8 @@
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
-- + EVP_MAX_IV_LENGTH + 1];
-- int padl, outl = sizeof(pms);
-+ + EVP_MAX_BLOCK_LENGTH];
-+ int padl, outl;
- krb5_timestamp authtime = 0;
- krb5_ticket_times ttimes;
-
-@@ -1582,6 +1584,16 @@
- enc_pms.length = i;
- enc_pms.data = (char *)p;
- p+=enc_pms.length;
-+
-+ /* Note that the length is checked again below,
-+ ** after decryption
-+ */
-+ if(enc_pms.length > sizeof pms)
-+ {
-+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+ SSL_R_DATA_LENGTH_TOO_LONG);
-+ goto err;
-+ }
-
- if (n != enc_ticket.length + authenticator.length +
- enc_pms.length + 6)
-Index: ssl/ssl.h
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
-retrieving revision 1.126.2.7
-diff -u -r1.126.2.7 ssl.h
---- ssl/ssl.h 2002/07/04 08:50:31 1.126.2.7
-+++ ssl/ssl.h 2002/07/30 09:55:05
-@@ -1650,6 +1650,7 @@
- #define SSL_R_INVALID_COMMAND 280
- #define SSL_R_INVALID_PURPOSE 278
- #define SSL_R_INVALID_TRUST 279
-+#define SSL_R_KEY_ARG_TOO_LONG 1112
- #define SSL_R_KRB5 1104
- #define SSL_R_KRB5_C_CC_PRINC 1094
- #define SSL_R_KRB5_C_GET_CRED 1095
-@@ -1729,6 +1730,7 @@
- #define SSL_R_SHORT_READ 219
- #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
- #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
- #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
- #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
- #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-Index: ssl/ssl_asn1.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v
-retrieving revision 1.9.2.2
-diff -u -r1.9.2.2 ssl_asn1.c
---- ssl/ssl_asn1.c 2002/07/10 06:57:51 1.9.2.2
-+++ ssl/ssl_asn1.c 2002/07/30 09:55:05
-@@ -62,6 +62,7 @@
- #include <openssl/asn1_mac.h>
- #include <openssl/objects.h>
- #include <openssl/x509.h>
-+#include "cryptlib.h"
-
- typedef struct ssl_session_asn1_st
- {
-@@ -296,6 +297,7 @@
- os.length=i;
-
- ret->session_id_length=os.length;
-+ die(os.length <= sizeof ret->session_id);
- memcpy(ret->session_id,os.data,os.length);
-
- M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
-Index: ssl/ssl_err.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
-retrieving revision 1.41
-diff -u -r1.41 ssl_err.c
---- ssl/ssl_err.c 2001/11/10 01:16:28 1.41
-+++ ssl/ssl_err.c 2002/07/30 09:55:06
-@@ -1,6 +1,6 @@
- /* ssl/ssl_err.c */
- /* ====================================================================
-- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
-@@ -275,6 +275,7 @@
- {SSL_R_INVALID_COMMAND ,"invalid command"},
- {SSL_R_INVALID_PURPOSE ,"invalid purpose"},
- {SSL_R_INVALID_TRUST ,"invalid trust"},
-+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
- {SSL_R_KRB5 ,"krb5"},
- {SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
- {SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
-@@ -354,6 +355,7 @@
- {SSL_R_SHORT_READ ,"short read"},
- {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
- {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
-+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
- {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
- {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
- {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
-Index: ssl/ssl_sess.c
-===================================================================
-RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
-retrieving revision 1.40
-diff -u -r1.40 ssl_sess.c
---- ssl/ssl_sess.c 2002/02/10 12:46:41 1.40
-+++ ssl/ssl_sess.c 2002/07/30 09:55:06
-@@ -60,6 +60,7 @@
- #include <openssl/lhash.h>
- #include <openssl/rand.h>
- #include "ssl_locl.h"
-+#include "cryptlib.h"
-
- static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
- static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-@@ -250,6 +251,7 @@
- ss->session_id_length=0;
- }
-
-+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
- memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
- ss->sid_ctx_length=s->sid_ctx_length;
- s->session=ss;
diff --git a/news/pgpkey.html b/news/pgpkey.html
new file mode 100644
index 0000000..4e15e38
--- /dev/null
+++ b/news/pgpkey.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>PGP Key</h2></header>
+ <div class="entry-content">
+ <p>
+ Mail sent to
+ <a href="mailto:openssl-security at openssl.org">openssl-security at openssl.org</a>
+ can be encrypted with our team PGP key, below.
+ The plain-text document of the key is available
+ here:
+ <a href="openssl-security.asc">openssl-security.asc</a>
+ </p>
+ <pre>
+ <!--#include virtual="openssl-security.asc">
+ </pre>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">News</a>
+ : <a href="">PGP Key</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/news/secadv_20020730.txt b/news/secadv/20020730.txt
similarity index 100%
rename from news/secadv_20020730.txt
rename to news/secadv/20020730.txt
diff --git a/news/secadv_20030219.txt b/news/secadv/20030219.txt
similarity index 100%
rename from news/secadv_20030219.txt
rename to news/secadv/20030219.txt
diff --git a/news/secadv_20030317.txt b/news/secadv/20030317.txt
similarity index 100%
rename from news/secadv_20030317.txt
rename to news/secadv/20030317.txt
diff --git a/news/secadv_20030319.txt b/news/secadv/20030319.txt
similarity index 100%
rename from news/secadv_20030319.txt
rename to news/secadv/20030319.txt
diff --git a/news/secadv_20030930.txt b/news/secadv/20030930.txt
similarity index 100%
rename from news/secadv_20030930.txt
rename to news/secadv/20030930.txt
diff --git a/news/secadv_20031104.txt b/news/secadv/20031104.txt
similarity index 100%
rename from news/secadv_20031104.txt
rename to news/secadv/20031104.txt
diff --git a/news/secadv_20040317.txt b/news/secadv/20040317.txt
similarity index 100%
rename from news/secadv_20040317.txt
rename to news/secadv/20040317.txt
diff --git a/news/secadv_20051011.txt b/news/secadv/20051011.txt
similarity index 100%
rename from news/secadv_20051011.txt
rename to news/secadv/20051011.txt
diff --git a/news/secadv_20060905.txt b/news/secadv/20060905.txt
similarity index 100%
rename from news/secadv_20060905.txt
rename to news/secadv/20060905.txt
diff --git a/news/secadv_20060928.txt b/news/secadv/20060928.txt
similarity index 100%
rename from news/secadv_20060928.txt
rename to news/secadv/20060928.txt
diff --git a/news/secadv_20071012.txt b/news/secadv/20071012.txt
similarity index 100%
rename from news/secadv_20071012.txt
rename to news/secadv/20071012.txt
diff --git a/news/secadv_20071129.txt b/news/secadv/20071129.txt
similarity index 100%
rename from news/secadv_20071129.txt
rename to news/secadv/20071129.txt
diff --git a/news/secadv_20080528.txt b/news/secadv/20080528.txt
similarity index 100%
rename from news/secadv_20080528.txt
rename to news/secadv/20080528.txt
diff --git a/news/secadv_20090107.txt b/news/secadv/20090107.txt
similarity index 100%
rename from news/secadv_20090107.txt
rename to news/secadv/20090107.txt
diff --git a/news/secadv_20090325.txt b/news/secadv/20090325.txt
similarity index 100%
rename from news/secadv_20090325.txt
rename to news/secadv/20090325.txt
diff --git a/news/secadv_20091111.txt b/news/secadv/20091111.txt
similarity index 100%
rename from news/secadv_20091111.txt
rename to news/secadv/20091111.txt
diff --git a/news/secadv_20100324.txt b/news/secadv/20100324.txt
similarity index 100%
rename from news/secadv_20100324.txt
rename to news/secadv/20100324.txt
diff --git a/news/secadv_20100601.txt b/news/secadv/20100601.txt
similarity index 100%
rename from news/secadv_20100601.txt
rename to news/secadv/20100601.txt
diff --git a/news/secadv_20101116-2.txt b/news/secadv/20101116-2.txt
similarity index 100%
rename from news/secadv_20101116-2.txt
rename to news/secadv/20101116-2.txt
diff --git a/news/secadv_20101116.txt b/news/secadv/20101116.txt
similarity index 100%
rename from news/secadv_20101116.txt
rename to news/secadv/20101116.txt
diff --git a/news/secadv_20101202.txt b/news/secadv/20101202.txt
similarity index 100%
rename from news/secadv_20101202.txt
rename to news/secadv/20101202.txt
diff --git a/news/secadv_20110208.txt b/news/secadv/20110208.txt
similarity index 100%
rename from news/secadv_20110208.txt
rename to news/secadv/20110208.txt
diff --git a/news/secadv_20110906.txt b/news/secadv/20110906.txt
similarity index 100%
rename from news/secadv_20110906.txt
rename to news/secadv/20110906.txt
diff --git a/news/secadv_20120104.txt b/news/secadv/20120104.txt
similarity index 100%
rename from news/secadv_20120104.txt
rename to news/secadv/20120104.txt
diff --git a/news/secadv_20120118.txt b/news/secadv/20120118.txt
similarity index 100%
rename from news/secadv_20120118.txt
rename to news/secadv/20120118.txt
diff --git a/news/secadv_20120312.txt b/news/secadv/20120312.txt
similarity index 100%
rename from news/secadv_20120312.txt
rename to news/secadv/20120312.txt
diff --git a/news/secadv_20120419.txt b/news/secadv/20120419.txt
similarity index 100%
rename from news/secadv_20120419.txt
rename to news/secadv/20120419.txt
diff --git a/news/secadv_20120424.txt b/news/secadv/20120424.txt
similarity index 100%
rename from news/secadv_20120424.txt
rename to news/secadv/20120424.txt
diff --git a/news/secadv_20120510.txt b/news/secadv/20120510.txt
similarity index 100%
rename from news/secadv_20120510.txt
rename to news/secadv/20120510.txt
diff --git a/news/secadv_20130204.txt b/news/secadv/20130204.txt
similarity index 100%
rename from news/secadv_20130204.txt
rename to news/secadv/20130204.txt
diff --git a/news/secadv_20130205.txt b/news/secadv/20130205.txt
similarity index 100%
rename from news/secadv_20130205.txt
rename to news/secadv/20130205.txt
diff --git a/news/secadv_20140407.txt b/news/secadv/20140407.txt
similarity index 100%
rename from news/secadv_20140407.txt
rename to news/secadv/20140407.txt
diff --git a/news/secadv_20140605.txt b/news/secadv/20140605.txt
similarity index 100%
rename from news/secadv_20140605.txt
rename to news/secadv/20140605.txt
diff --git a/news/secadv_20140806.txt b/news/secadv/20140806.txt
similarity index 100%
rename from news/secadv_20140806.txt
rename to news/secadv/20140806.txt
diff --git a/news/secadv_20141015.txt b/news/secadv/20141015.txt
similarity index 100%
rename from news/secadv_20141015.txt
rename to news/secadv/20141015.txt
diff --git a/news/secadv_20150108.txt b/news/secadv/20150108.txt
similarity index 100%
rename from news/secadv_20150108.txt
rename to news/secadv/20150108.txt
diff --git a/news/secadv_20150319.txt b/news/secadv/20150319.txt
similarity index 100%
rename from news/secadv_20150319.txt
rename to news/secadv/20150319.txt
diff --git a/news/secadv_20150611.txt b/news/secadv/20150611.txt
similarity index 100%
rename from news/secadv_20150611.txt
rename to news/secadv/20150611.txt
diff --git a/news/secadv_20150709.txt b/news/secadv/20150709.txt
similarity index 100%
rename from news/secadv_20150709.txt
rename to news/secadv/20150709.txt
diff --git a/news/secadv_hack.txt b/news/secadv/hack.txt
similarity index 100%
rename from news/secadv_hack.txt
rename to news/secadv/hack.txt
diff --git a/news/secadv_prng.txt b/news/secadv/prng.txt
similarity index 100%
rename from news/secadv_prng.txt
rename to news/secadv/prng.txt
diff --git a/news/sidebar.inc b/news/sidebar.inc
new file mode 100644
index 0000000..704c645
--- /dev/null
+++ b/news/sidebar.inc
@@ -0,0 +1,18 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">News</a></h1>
+ <ul>
+ <li>
+ <a href="newslog.html">Newslog</a>
+ </li>
+ <li>
+ <a href="vulnerabilities">Vulnerabilities</a>
+ </li>
+ <li>
+ <a href="changelog.html">Changelog</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
diff --git a/news/state.wml b/news/state.wml
deleted file mode 100644
index 9ae6860..0000000
--- a/news/state.wml
+++ /dev/null
@@ -1,31 +0,0 @@
-
-#use wml::openssl area=news page=state
-
-<title>News, Project State</title>
-
-<h1>Project State</h1>
-
-Here is a short summary of the current development and release state
-of the OpenSSL project as of July, 2015.
-The latest releases can always be found at
-<a href="https://www.openssl.org/source">https://www.openssl.org/source</a>.
-
-<ul>
-
-<li>On July 9, we released version <b>1.0.2d</b>. This is the most
-recent security fixes for the current major release branch.
-We also released version <b>1.0.1p</b> which has the same fixes for
-that branch.
-<br>
-
-<li>In 2014, we declared <b>1.0.0</b> and <b>0.9.8</b> to be end of life, with
-all updates ending at the end of 2015. Until then, only security fixes will
-be released for those branches.
-<br>
-
-<li>Our next major release is <b>1.1.0</b>. It is currently in development.
-It is the master branch, available at
-<a href="https://github.com/openssl/openssl">https://github.com/openssl/openssl</a> (as are all other release branches).
-<br>
-
-</ul>
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 9a41b1e..8dbb358 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -22,7 +22,7 @@
enabling them to use a valid leaf certificate to act as a CA and
"issue" an invalid certificate.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150709.txt"/>
+ <advisory url="/news/secadv/20150709.txt"/>
<reported source="Adam Langley and David Benjamin (Google/BoringSSL)"/>
</issue>
<issue public="20150611">
@@ -81,7 +81,7 @@
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150611.txt"/>
+ <advisory url="/news/secadv/20150611.txt"/>
<reported source="Joseph Birr-Pixton"/>
</issue>
@@ -171,7 +171,7 @@
authentication enabled may be affected if they use custom verification
callbacks.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150611.txt"/>
+ <advisory url="/news/secadv/20150611.txt"/>
<reported source="Robert Swiecki (Google) and (independently) Hanno Böck"/>
</issue>
@@ -257,7 +257,7 @@
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150611.txt"/>
+ <advisory url="/news/secadv/20150611.txt"/>
<reported source="Michal Zalewski (Google)"/>
</issue>
@@ -341,7 +341,7 @@
This can be used to perform denial of service against any system which
verifies signedData messages using the CMS code.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150611.txt"/>
+ <advisory url="/news/secadv/20150611.txt"/>
<reported source="Johannes Bauer"/>
</issue>
@@ -423,7 +423,7 @@
reuse a previous ticket then a race condition can occur potentially leading to
a double free of the ticket data.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150611.txt"/>
+ <advisory url="/news/secadv/20150611.txt"/>
<reported source="Emilia Käsper (OpenSSL)"/>
</issue>
@@ -487,7 +487,7 @@
free, resulting in a segmentation fault or potentially, memory
corruption.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150611.txt"/>
+ <advisory url="/news/secadv/20150611.txt"/>
<reported source="Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google)"/>
</issue>
<issue public="20150319">
@@ -501,7 +501,7 @@ ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and re
invalid signature algorithms extension a NULL pointer dereference will occur.
This can be exploited in a DoS attack against the server.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source=" David Ramos (Stanford University)"/>
</issue>
@@ -522,7 +522,7 @@ will only result in a failed connection. However if some other BIO is used then
it is likely that a segmentation fault will be triggered, thus enabling a
potential DoS attack.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Daniel Danner and Rainer Mueller"/>
</issue>
@@ -540,7 +540,7 @@ fault. Errors processing the initial ClientHello can trigger this scenario. An
example of such an error could be that a DTLS1.0 only client is attempting to
connect to a DTLS1.2 only server.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Per Allansson"/>
</issue>
@@ -594,7 +594,7 @@ certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Stephen Henson (OpenSSL development team)"/>
</issue>
@@ -614,7 +614,7 @@ certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Brian Carpenter"/>
</issue>
@@ -694,7 +694,7 @@ Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Emilia Käsper (OpenSSL development team)"/>
</issue>
@@ -777,7 +777,7 @@ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Michal Zalewski (Google)"/>
</issue>
@@ -841,7 +841,7 @@ untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Robert Dugal, also David Ramos, also Huzaifa Sidhpurwala (Red Hat)"/>
</issue>
@@ -921,7 +921,7 @@ A malicious client can trigger an OPENSSL_assert in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Sean Burford (Google) and Emilia Käsper (OpenSSL development team)"/>
</issue>
@@ -937,7 +937,7 @@ If client auth is used then a server can seg fault in the event of a DHE
ciphersuite being selected and a zero length ClientKeyExchange message being
sent by the client. This could be exploited in a DoS attack.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Matt Caswell (OpenSSL development team)"/>
</issue>
@@ -953,7 +953,7 @@ an unseeded PRNG. If the handshake succeeds then the client random that has been
been generated from a PRNG with insufficient entropy and therefore the output
may be predictable.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Matt Caswell (OpenSSL development team)"/>
</issue>
@@ -1036,7 +1036,7 @@ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="The BoringSSL project"/>
</issue>
@@ -1115,7 +1115,7 @@ X509_to_X509_REQ NULL pointer deref.
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150319.txt"/>
+ <advisory url="/news/secadv/20150319.txt"/>
<reported source="Brian Carpenter"/>
</issue>
@@ -1157,7 +1157,7 @@ the certificate key is invalid. This function is rarely used in practice.
memory leak could be exploited by an attacker in a Denial of Service
attack through memory exhaustion.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Chris Mueller"/>
</issue>
@@ -1175,7 +1175,7 @@ the certificate key is invalid. This function is rarely used in practice.
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Frank Schmirler"/>
</issue>
@@ -1245,7 +1245,7 @@ the certificate key is invalid. This function is rarely used in practice.
ciphersuite using an ECDSA certificate if the server key exchange message
is omitted. This effectively removes forward secrecy from the ciphersuite.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Karthikeyan Bhargavan of the PROSECCO team at INRIA"/>
</issue>
@@ -1315,7 +1315,7 @@ the certificate key is invalid. This function is rarely used in practice.
non-export RSA key exchange ciphersuite. A server could present a weak
temporary key and downgrade the security of the session.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Karthikeyan Bhargavan of the PROSECCO team at INRIA"/>
</issue>
@@ -1358,7 +1358,7 @@ the certificate key is invalid. This function is rarely used in practice.
certificates containing DH keys: these are extremely rare and hardly ever
encountered.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Karthikeyan Bhargavan of the PROSECCO team at INRIA"/>
</issue>
@@ -1437,7 +1437,7 @@ the certificate key is invalid. This function is rarely used in practice.
applications that rely on the uniqueness of the fingerprint (e.g.
certificate blacklists) may be affected.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program/Konrad Kraszewski from Google"/>
</issue>
@@ -1526,7 +1526,7 @@ the certificate key is invalid. This function is rarely used in practice.
attacker cannot control when the bug triggers, or no private key material
is involved.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20150108.txt"/>
+ <advisory url="/news/secadv/20150108.txt"/>
<reported source="Pieter Wuille (Blockstream)"/>
</issue>
@@ -1552,7 +1552,7 @@ the certificate key is invalid. This function is rarely used in practice.
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20141015.txt"/>
+ <advisory url="/news/secadv/20141015.txt"/>
<reported source="LibreSSL project"/>
</issue>
@@ -1614,7 +1614,7 @@ the certificate key is invalid. This function is rarely used in practice.
tickets an attacker could exploit this issue in a Denial Of Service
attack.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20141015.txt"/>
+ <advisory url="/news/secadv/20141015.txt"/>
</issue>
<issue public="20141015">
<cve name=""/> <!-- this is deliberate -->
@@ -1754,7 +1754,7 @@ the certificate key is invalid. This function is rarely used in practice.
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20141015.txt"/>
+ <advisory url="/news/secadv/20141015.txt"/>
<reported source="Akamai Technologies"/>
</issue>
<issue public="20140806">
@@ -1820,7 +1820,7 @@ X509_name_oneline, X509_name_print_ex, to leak some information from the
stack. Applications may be affected if they echo pretty printing output to the
attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
<reported source="Ivan Fratric (Google)"/>
</issue>
@@ -1844,7 +1844,7 @@ could lead to a Denial of Service.
<affects base="1.0.1" version="1.0.1h"/>
<fixed base="1.0.1" version="1.0.1i" date="20140806">
</fixed>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
<reported source="Joonas Kuorilehto and Riku Hietamäki (Codenomicon)"/>
</issue>
@@ -1881,7 +1881,7 @@ to freed memory.</description>
<fixed base="1.0.0" version="1.0.0n" date="20140806">
</fixed>
<reported source="Gabor Tyukasz (LogMeIn Inc)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20140806">
@@ -1935,7 +1935,7 @@ processing DTLS packets due to memory being freed twice. This could lead to a
Denial of Service attack.
</description>
<reported source="Adam Langley and Wan-Teh Chang (Google)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20140806">
@@ -2002,7 +2002,7 @@ processing DTLS handshake messages. This could lead to a Denial of
Service attack.
</description>
<reported source="Adam Langley (Google)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20140806">
@@ -2052,7 +2052,7 @@ By sending carefully crafted DTLS packets an attacker could cause OpenSSL to
leak memory. This could lead to a Denial of Service attack.
</description>
<reported source="Adam Langley (Google)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20140806">
@@ -2120,7 +2120,7 @@ pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and
sending carefully crafted handshake messages.
</description>
<reported source="Felix Gröbert (Google)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20140806">
@@ -2144,7 +2144,7 @@ downgrade to TLS 1.0 even if both the server and the client support a higher
protocol version, by modifying the client's TLS records.
</description>
<reported source="David Benjamin and Adam Langley (Google)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20140806">
@@ -2167,7 +2167,7 @@ an internal buffer. Only applications which are explicitly set up for SRP
use are affected.
</description>
<reported source="Sean Devlin and Watson Ladd (Cryptography Services, NCC Group)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140806.txt"/>
+ <advisory url="/news/secadv/20140806.txt"/>
</issue>
<issue public="20020730">
@@ -2178,7 +2178,7 @@ use are affected.
<affects base="0.9.6" version="0.9.6c"/>
<affects base="0.9.6" version="0.9.6d"/>
<fixed base="0.9.6" version="0.9.6e" date="20020730"/>
- <advisory url="http://www.openssl.org/news/secadv_20020730.txt"/>
+ <advisory url="/news/secadv/20020730.txt"/>
<reported source="OpenSSL Group (A.L. Digital)"/>
<description>
Inproper handling of ASCII representations of integers on
@@ -2195,7 +2195,7 @@ service or possibly execute arbitrary code.
<affects base="0.9.6" version="0.9.6c"/>
<affects base="0.9.6" version="0.9.6d"/>
<fixed base="0.9.6" version="0.9.6e" date="20020730"/>
- <advisory url="http://www.openssl.org/news/secadv_20020730.txt"/>
+ <advisory url="/news/secadv/20020730.txt"/>
<reported source="OpenSSL Group (A.L. Digital)"/>
<description>
A buffer overflow allowed remote attackers to execute
@@ -2206,7 +2206,7 @@ large session ID in SSL3.
<issue public="20020730">
<cve name="2002-0657"/>
- <advisory url="http://www.openssl.org/news/secadv_20020730.txt"/>
+ <advisory url="/news/secadv/20020730.txt"/>
<reported source="OpenSSL Group (A.L. Digital)"/>
<description>
A buffer overflow when Kerberos is enabled allowed attackers
@@ -2256,7 +2256,7 @@ s2_srvr.c.
<affects base="0.9.6" version="0.9.6h"/>
<fixed base="0.9.7" version="0.9.7a" date="20030219"/>
<fixed base="0.9.6" version="0.9.6i" date="20030219"/>
- <advisory url="http://www.openssl.org/news/secadv_20030219.txt"/>
+ <advisory url="/news/secadv/20030219.txt"/>
<description>
sl3_get_record in s3_pkt.c did not perform a MAC computation if an
incorrect block cipher padding was used, causing an information leak
@@ -2283,7 +2283,7 @@ plaintext, aka the "Vaudenay timing attack."
<affects base="0.9.7" version="0.9.7a"/>
<fixed base="0.9.6" version="0.9.6j" date="20030410"/>
<fixed base="0.9.7" version="0.9.7b" date="20030410"/>
- <advisory url="http://www.openssl.org/news/secadv_20030319.txt"/>
+ <advisory url="/news/secadv/20030319.txt"/>
<description>
The SSL and TLS components allowed remote attackers to perform an
unauthorized RSA private key operation via a modified Bleichenbacher
@@ -2308,7 +2308,7 @@ relationship between ciphertext and the associated plaintext, aka the
<affects base="0.9.6" version="0.9.6i"/>
<affects base="0.9.7" version="0.9.7"/>
<affects base="0.9.7" version="0.9.7a"/>
- <advisory url="http://www.openssl.org/news/secadv_20030317.txt"/>
+ <advisory url="/news/secadv/20030317.txt"/>
<fixed base="0.9.7" version="0.9.7b" date="20030410"/>
<fixed base="0.9.6" version="0.9.6j" date="20030410"/>
<description>
@@ -2338,7 +2338,7 @@ multiplication algorithms ("Karatsuba" and normal).
<affects base="0.9.7" version="0.9.7b"/>
<fixed base="0.9.7" version="0.9.7c" date="20030930"/>
<fixed base="0.9.6" version="0.9.6k" date="20030930"/>
- <advisory url="http://www.openssl.org/news/secadv_20030930.txt"/>
+ <advisory url="/news/secadv/20030930.txt"/>
<reported source="NISCC"/>
<description>
An integer overflow could allow remote attackers to cause a denial of
@@ -2365,7 +2365,7 @@ values.
<affects base="0.9.6" version="0.9.6j"/>
<fixed base="0.9.6" version="0.9.6k" date="20030930"/>
<fixed base="0.9.7" version="0.9.7c" date="20030930"/>
- <advisory url="http://www.openssl.org/news/secadv_20030930.txt"/>
+ <advisory url="/news/secadv/20030930.txt"/>
<reported source="NISCC"/>
<description>
Incorrect tracking of the number of characters in certain
@@ -2381,7 +2381,7 @@ read past the end of a buffer when the long form is used.
<affects base="0.9.7" version="0.9.7a"/>
<affects base="0.9.7" version="0.9.7b"/>
<fixed base="0.9.7" version="0.9.7c" date="20030930"/>
- <advisory url="http://www.openssl.org/news/secadv_20030930.txt"/>
+ <advisory url="/news/secadv/20030930.txt"/>
<reported source="NISCC"/>
<description>
Certain ASN.1 encodings that were rejected as invalid by the parser could
@@ -2394,7 +2394,7 @@ corrupting the stack, leading to a crash.
<cve name="2003-0851"/>
<affects base="0.9.6" version="0.9.6k"/>
<fixed base="0.9.6" version="0.9.6l" date="20031104"/>
- <advisory url="http://www.openssl.org/news/secadv_20031104.txt"/>
+ <advisory url="/news/secadv/20031104.txt"/>
<reported source="Novell"/>
<description>
A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to
@@ -2425,7 +2425,7 @@ SSL/TLS enabled server which is configured to accept them.
<affects base="0.9.7" version="0.9.7c"/>
<fixed base="0.9.7" version="0.9.7d" date="20040317"/>
<fixed base="0.9.6" version="0.9.6m" date="20040317"/>
- <advisory url="http://www.openssl.org/news/secadv_20040317.txt"/>
+ <advisory url="/news/secadv/20040317.txt"/>
<reported source="OpenSSL group"/>
<description>
The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the
@@ -2441,7 +2441,7 @@ OpenSSL library in such a way as to cause a crash.
<affects base="0.9.6" version="0.9.6a"/>
<affects base="0.9.6" version="0.9.6b"/>
<affects base="0.9.6" version="0.9.6c"/>
- <advisory url="http://www.openssl.org/news/secadv_20030317.txt"/>
+ <advisory url="/news/secadv/20030317.txt"/>
<reported source="OpenSSL group"/>
<description>
The Codenomicon TLS Test Tool found that some unknown message types
@@ -2457,7 +2457,7 @@ of service (infinite loop).
<affects base="0.9.7" version="0.9.7c"/>
<fixed base="0.9.7" version="0.9.7d" date="20040317"/>
<reported source="OpenSSL group (Stephen Henson)"/>
- <advisory url="http://www.openssl.org/news/secadv_20040317.txt"/>
+ <advisory url="/news/secadv/20040317.txt"/>
<description>
A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites.
A remote attacker could perform a carefully crafted SSL/TLS handshake
@@ -2530,7 +2530,7 @@ distribution.
<fixed base="0.9.7" version="0.9.7h" date="20051011"/>
<fixed base="0.9.8" version="0.9.8a" date="20051011"/>
- <advisory url="http://www.openssl.org/news/secadv_20051011.txt"/>
+ <advisory url="/news/secadv/20051011.txt"/>
<reported source="researcher"/>
<description>
@@ -2573,7 +2573,7 @@ downgrade to SSL 2.0 even if both parties support better protocols.
<fixed base="0.9.7" version="0.9.7k" date="20060905"/>
<fixed base="0.9.8" version="0.9.8c" date="20060905"/>
- <advisory url="http://www.openssl.org/news/secadv_20060905.txt"/>
+ <advisory url="/news/secadv/20060905.txt"/>
<reported source="openssl"/>
<description>
@@ -2605,7 +2605,7 @@ verified by OpenSSL.
<fixed base="0.9.7" version="0.9.7l" date="20060928"/>
<fixed base="0.9.8" version="0.9.8d" date="20060928"/>
- <advisory url="http://www.openssl.org/news/secadv_20060928.txt"/>
+ <advisory url="/news/secadv/20060928.txt"/>
<reported source="openssl"/>
<description>
@@ -2650,7 +2650,7 @@ consumes system memory
<fixed base="0.9.7" version="0.9.7l" date="20060928"/>
<fixed base="0.9.8" version="0.9.8d" date="20060928"/>
- <advisory url="http://www.openssl.org/news/secadv_20060928.txt"/>
+ <advisory url="/news/secadv/20060928.txt"/>
<reported source="openssl"/>
<description>
@@ -2695,7 +2695,7 @@ service attack.
<fixed base="0.9.7" version="0.9.7l" date="20060928"/>
<fixed base="0.9.8" version="0.9.8d" date="20060928"/>
- <advisory url="http://www.openssl.org/news/secadv_20060928.txt"/>
+ <advisory url="/news/secadv/20060928.txt"/>
<reported source="openssl"/>
<description>
@@ -2740,7 +2740,7 @@ application that uses this function and overrun a buffer.
<fixed base="0.9.7" version="0.9.7l" date="20060928"/>
<fixed base="0.9.8" version="0.9.8d" date="20060928"/>
- <advisory url="http://www.openssl.org/news/secadv_20060928.txt"/>
+ <advisory url="/news/secadv/20060928.txt"/>
<reported source="openssl"/>
<description>
@@ -2759,7 +2759,7 @@ server, that server could cause the client to crash.
<affects base="0.9.8" version="0.9.8d"/>
<affects base="0.9.8" version="0.9.8e"/>
<fixed base="0.9.8" version="0.9.8f" date="20071012"/>
- <advisory url="http://www.openssl.org/news/secadv_20071012.txt"/>
+ <advisory url="/news/secadv/20071012.txt"/>
<reported source="Andy Polyakov"/>
<description>
@@ -2779,7 +2779,7 @@ not been verified.
<affects base="0.9.8" version="0.9.8d"/>
<affects base="0.9.8" version="0.9.8e"/>
<fixed base="0.9.8" version="0.9.8f" date="20071012"/>
- <advisory url="http://www.openssl.org/news/secadv_20071012.txt"/>
+ <advisory url="/news/secadv/20071012.txt"/>
<reported source="Moritz Jodeit"/>
<description>
@@ -2793,7 +2793,7 @@ only when applications are compiled for debugging.
<issue public="20071129">
<cve name="2007-5502"/>
- <advisory url="http://www.openssl.org/news/secadv_20071129.txt"/>
+ <advisory url="/news/secadv/20071129.txt"/>
<reported source="Geoff Lowe"/>
<description>
@@ -2810,7 +2810,7 @@ randomness.
<affects base="0.9.8" version="0.9.8f"/>
<affects base="0.9.8" version="0.9.8g"/>
<fixed base="0.9.8" version="0.9.8h" date="20080528"/>
- <advisory url="http://www.openssl.org/news/secadv_20080528.txt"/>
+ <advisory url="/news/secadv/20080528.txt"/>
<reported source="codenomicon"/>
<description>
Testing using the Codenomicon TLS test suite discovered a flaw in the
@@ -2826,7 +2826,7 @@ packet to a server application using OpenSSL and cause it to crash.
<affects base="0.9.8" version="0.9.8f"/>
<affects base="0.9.8" version="0.9.8g"/>
<fixed base="0.9.8" version="0.9.8h" date="20080528"/>
- <advisory url="http://www.openssl.org/news/secadv_20080528.txt"/>
+ <advisory url="/news/secadv/20080528.txt"/>
<reported source="codenomicon"/>
<description>
Testing using the Codenomicon TLS test suite discovered a flaw if the
@@ -2850,7 +2850,7 @@ the client to crash.
<affects base="0.9.8" version="0.9.8h"/>
<affects base="0.9.8" version="0.9.8i"/>
<fixed base="0.9.8" version="0.9.8j" date="20090107"/>
- <advisory url="http://www.openssl.org/news/secadv_20090107.txt"/>
+ <advisory url="/news/secadv/20090107.txt"/>
<reported source="google"/>
<description>
@@ -2880,7 +2880,7 @@ vulnerable client, bypassing validation.
<affects base="0.9.8" version="0.9.8i"/>
<affects base="0.9.8" version="0.9.8j"/>
<fixed base="0.9.8" version="0.9.8k" date="20090325"/>
- <advisory url="http://www.openssl.org/news/secadv_20090325.txt"/>
+ <advisory url="/news/secadv/20090325.txt"/>
<description>
The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will crash with an invalid memory access if the
@@ -2896,7 +2896,7 @@ this bug, including SSL servers, clients and S/MIME software.
<affects base="0.9.8" version="0.9.8i"/>
<affects base="0.9.8" version="0.9.8j"/>
<fixed base="0.9.8" version="0.9.8k" date="20090325"/>
- <advisory url="http://www.openssl.org/news/secadv_20090325.txt"/>
+ <advisory url="/news/secadv/20090325.txt"/>
<reported source="Ivan Nestlerode, IBM"/>
<description>
The function CMS_verify() does not correctly handle an error condition
@@ -2921,7 +2921,7 @@ checked.
<affects base="0.9.8" version="0.9.8j"/>
<fixed base="0.9.8" version="0.9.8k" date="20090325"/>
<reported source="Paolo Ganci"/>
- <advisory url="http://www.openssl.org/news/secadv_20090325.txt"/>
+ <advisory url="/news/secadv/20090325.txt"/>
<description>
When a malformed ASN1 structure is received it's contents are freed up and
zeroed and an error condition returned. On a small number of platforms where
@@ -2967,7 +2967,7 @@ A remote attacker could use this flaw to cause a DTLS server to crash
<affects base="0.9.8" version="0.9.8k"/>
<affects base="0.9.8" version="0.9.8l"/>
<fixed base="0.9.8" version="0.9.8m" date="20100120"/>
- <advisory url="http://www.openssl.org/news/secadv_20091111.txt"/>
+ <advisory url="/news/secadv/20091111.txt"/>
<description>
Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.
</description>
@@ -3111,7 +3111,7 @@ cipher suites during the TLS handshake
<affects base="0.9.8" version="0.9.8l"/>
<affects base="0.9.8" version="0.9.8m"/>
<fixed base="0.9.8" version="0.9.8n" date="20100324"/>
- <advisory url="http://www.openssl.org/news/secadv_20100324.txt"/>
+ <advisory url="/news/secadv/20100324.txt"/>
<reported source="Bodo Moeller and Adam Langley (Google)"/>
<description>
In TLS connections, certain incorrectly formatted records can cause an
@@ -3131,7 +3131,7 @@ OpenSSL client or server to crash due to a read attempt at NULL.
<affects base="0.9.8" version="0.9.8n"/>
<fixed base="0.9.8" version="0.9.8o" date="20100601"/>
<fixed base="1.0.0" version="1.0.0a" date="20100601"/>
- <advisory url="http://www.openssl.org/news/secadv_20100601.txt"/>
+ <advisory url="/news/secadv/20100601.txt"/>
<reported source="Ronald Moesbergen"/>
<description>
A flaw in the handling of CMS structures containing OriginatorInfo was found which
@@ -3144,7 +3144,7 @@ disabled by default in OpenSSL 0.9.8 versions.
<cve name="2010-1633"/>
<affects base="1.0.0" version="1.0.0"/>
<fixed base="1.0.0" version="1.0.0a" date="20100601"/>
- <advisory url="http://www.openssl.org/news/secadv_20100601.txt"/>
+ <advisory url="/news/secadv/20100601.txt"/>
<reported source="Peter-Michael Hager"/>
<description>
An invalid Return value check in pkey_rsa_verifyrecover was
@@ -3176,7 +3176,7 @@ an error code. This could lead to an information leak.
<affects base="1.0.0" version="1.0.0a"/>
<fixed base="1.0.0" version="1.0.0b" date="20101116"/>
<fixed base="0.9.8" version="0.9.8p" date="20101116"/>
- <advisory url="http://www.openssl.org/news/secadv_20101116.txt"/>
+ <advisory url="/news/secadv/20101116.txt"/>
<reported source="Rob Hulswit"/>
<description>
@@ -3196,7 +3196,7 @@ affected.
<affects base="1.0.0" version="1.0.0a"/>
<affects base="1.0.0" version="1.0.0b"/>
<fixed base="1.0.0" version="1.0.0c" date="20101202"/>
- <advisory url="http://www.openssl.org/news/secadv_20101202.txt"/>
+ <advisory url="/news/secadv/20101202.txt"/>
<reported source="Sebastian Martini"/>
<description>
An error in OpenSSL's experimental J-PAKE implementation which could
@@ -3230,7 +3230,7 @@ J-PAKE to be experimental and is not compiled by default.
<affects base="1.0.0" version="1.0.0b"/>
<fixed base="1.0.0" version="1.0.0c" date="20101202"/>
<fixed base="0.9.8" version="0.9.8q" date="20101202"/>
- <advisory url="http://www.openssl.org/news/secadv_20101202.txt"/>
+ <advisory url="/news/secadv/20101202.txt"/>
<reported source="Martin Rex"/>
<description>
A flaw in the OpenSSL SSL/TLS server code where an old bug workaround
@@ -3251,7 +3251,7 @@ applications enable this by using the SSL_OP_ALL option).
<affects base="1.0.0" version="1.0.0c"/>
<affects base="1.0.0" version="1.0.0d"/>
<fixed base="1.0.0" version="1.0.0e" date="20110906"/>
- <advisory url="http://www.openssl.org/news/secadv_20110906.txt"/>
+ <advisory url="/news/secadv/20110906.txt"/>
<reported source="Kaspar Brand"/>
<description>
Under certain circumstances OpenSSL's internal certificate
@@ -3290,7 +3290,7 @@ checking (such as Apache) are not affected.
<affects base="1.0.0" version="1.0.0c"/>
<affects base="1.0.0" version="1.0.0d"/>
<fixed base="1.0.0" version="1.0.0e" date="20110906"/>
- <advisory url="http://www.openssl.org/news/secadv_20110906.txt"/>
+ <advisory url="/news/secadv/20110906.txt"/>
<reported source="Adam Langley"/>
<description>
OpenSSL server code for ephemeral ECDH ciphersuites is not
@@ -3331,7 +3331,7 @@ enabled in the configuration.
<affects base="1.0.0" version="1.0.0e"/>
<fixed base="1.0.0" version="1.0.0f" date="20120104"/>
<fixed base="0.9.8" version="0.9.8s" date="20120104"/>
- <advisory url="http://www.openssl.org/news/secadv_20120104.txt"/>
+ <advisory url="/news/secadv/20120104.txt"/>
<reported source="Nadhem Alfardan and Kenny Paterson"/>
<description>
OpenSSL was susceptable an extension of the
@@ -3364,7 +3364,7 @@ decryption processing.
<affects base="0.9.8" version="0.9.8q"/>
<affects base="0.9.8" version="0.9.8r"/>
<fixed base="0.9.8" version="0.9.8s" date="20120104"/>
- <advisory url="http://www.openssl.org/news/secadv_20120104.txt"/>
+ <advisory url="/news/secadv/20120104.txt"/>
<reported source="Ben Laurie"/>
<description>
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy
@@ -3402,7 +3402,7 @@ unless this flag is set. Users of OpenSSL 1.0.0 are not affected
<affects base="1.0.0" version="1.0.0e"/>
<fixed base="1.0.0" version="1.0.0f" date="20120104"/>
<fixed base="0.9.8" version="0.9.8s" date="20120104"/>
- <advisory url="http://www.openssl.org/news/secadv_20120104.txt"/>
+ <advisory url="/news/secadv/20120104.txt"/>
<reported source="Adam Langley"/>
<description>
OpenSSL failed to clear the bytes used as
@@ -3440,7 +3440,7 @@ the contents of memory in some circumstances.
<affects base="1.0.0" version="1.0.0e"/>
<fixed base="1.0.0" version="1.0.0f" date="20120104"/>
<fixed base="0.9.8" version="0.9.8s" date="20120104"/>
- <advisory url="http://www.openssl.org/news/secadv_20120104.txt"/>
+ <advisory url="/news/secadv/20120104.txt"/>
<reported source="Andrew Chi"/>
<description>
RFC 3779 data can be included in certificates, and if it is malformed,
@@ -3479,7 +3479,7 @@ denial-of-service attack. Builds of OpenSSL are only vulnerable if configured w
<affects base="1.0.0" version="1.0.0e"/>
<fixed base="1.0.0" version="1.0.0f" date="20120104"/>
<fixed base="0.9.8" version="0.9.8s" date="20120104"/>
- <advisory url="http://www.openssl.org/news/secadv_20120104.txt"/>
+ <advisory url="/news/secadv/20120104.txt"/>
<reported source="George Kadianakis"/>
<description>
Support for handshake restarts for server gated cryptograpy (SGC) can
@@ -3496,7 +3496,7 @@ be used in a denial-of-service attack.
<affects base="1.0.0" version="1.0.0d"/>
<affects base="1.0.0" version="1.0.0e"/>
<fixed base="1.0.0" version="1.0.0f" date="20120104"/>
- <advisory url="http://www.openssl.org/news/secadv_20120104.txt"/>
+ <advisory url="/news/secadv/20120104.txt"/>
<reported source="Andrey Kulikov"/>
<description>
A malicious TLS client can send an invalid set of GOST parameters
@@ -3512,7 +3512,7 @@ Only users of the OpenSSL GOST ENGINE are affected by this bug.
<affects base="1.0.0" version="1.0.0f"/>
<fixed base="1.0.0" version="1.0.0g" date="20120118"/>
<fixed base="0.9.8" version="0.9.8t" date="20120118"/>
- <advisory url="http://www.openssl.org/news/secadv_20120118.txt"/>
+ <advisory url="/news/secadv/20120118.txt"/>
<reported source="Antonio Martin"/>
<description>
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
@@ -3553,7 +3553,7 @@ service attack. Only DTLS applications are affected.
<affects base="1.0.0" version="1.0.0g"/>
<fixed base="1.0.0" version="1.0.0h" date="20120312"/>
<fixed base="0.9.8" version="0.9.8u" date="20120312"/>
- <advisory url="http://www.openssl.org/news/secadv_20120312.txt"/>
+ <advisory url="/news/secadv/20120312.txt"/>
<reported source="Ivan Nestlerode"/>
<description>
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
@@ -3583,7 +3583,7 @@ SSL/TLS applications are not affected by this issue.
<affects base="1.0.0" version="1.0.0c"/>
<fixed base="1.0.0" version="1.0.0d" date="20110208"/>
<fixed base="0.9.8" version="0.9.8r" date="20110208"/>
- <advisory url="http://www.openssl.org/news/secadv_20110208.txt"/>
+ <advisory url="/news/secadv/20110208.txt"/>
<reported source="Neel Mehta"/>
<description>
A buffer over-read flaw was discovered in the way OpenSSL parsed the
@@ -3597,7 +3597,7 @@ server using the affected OpenSSL functionality.
<cve name="2012-2131"/>
<affects base="0.9.8" version="0.9.8v"/>
<fixed base="0.9.8" version="0.9.8w" date="20120424"/>
- <advisory url="http://www.openssl.org/news/secadv_20120424.txt"/>
+ <advisory url="/news/secadv/20120424.txt"/>
<reported source="Red Hat"/>
<description>
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
@@ -3644,7 +3644,7 @@ contain a patch sufficient to correct CVE-2012-2110.
<fixed base="1.0.1" version="1.0.1a" date="20120419"/>
<fixed base="1.0.0" version="1.0.0i" date="20120419"/>
<fixed base="0.9.8" version="0.9.8v" date="20120419"/>
- <advisory url="http://www.openssl.org/news/secadv_20120419.txt"/>
+ <advisory url="/news/secadv/20120419.txt"/>
<reported source="Tavis Ormandy"/>
<description>
Multiple numeric conversion errors, leading to a buffer overflow, were
@@ -3697,7 +3697,7 @@ potentially, execute arbitrary code.
<fixed base="1.0.1" version="1.0.1c" date="20120510"/>
<fixed base="1.0.0" version="1.0.0j" date="20120510"/>
<fixed base="0.9.8" version="0.9.8x" date="20120510"/>
- <advisory url="http://www.openssl.org/news/secadv_20120510.txt"/>
+ <advisory url="/news/secadv/20120510.txt"/>
<reported source="Codenomicon"/>
<description>
An integer underflow flaw, leading to a buffer over-read, was found in
@@ -3753,7 +3753,7 @@ peer.
<fixed base="1.0.1" version="1.0.1d" date="20130205"/>
<fixed base="1.0.0" version="1.0.0k" date="20130205"/>
<fixed base="0.9.8" version="0.9.8y" date="20130205"/>
- <advisory url="http://www.openssl.org/news/secadv_20130205.txt"/>
+ <advisory url="/news/secadv/20130205.txt"/>
<reported source="Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London"/>
<description>
A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could
@@ -3769,7 +3769,7 @@ arising during MAC processing.
<affects base="1.0.1" version="1.0.1b"/>
<affects base="1.0.1" version="1.0.1c"/>
<fixed base="1.0.1" version="1.0.1d" date="20130205"/>
- <advisory url="http://www.openssl.org/news/secadv_20130205.txt"/>
+ <advisory url="/news/secadv/20130205.txt"/>
<reported source="Adam Langley and Wolfgang Ettlinger"/>
<description>
A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on
@@ -3821,7 +3821,7 @@ AES-NI supporting platforms can be exploited in a DoS attack.
<fixed base="1.0.1" version="1.0.1d" date="20130205"/>
<fixed base="1.0.0" version="1.0.0k" date="20130205"/>
<fixed base="0.9.8" version="0.9.8y" date="20130205"/>
- <advisory url="http://www.openssl.org/news/secadv_20130205.txt"/>
+ <advisory url="/news/secadv/20130205.txt"/>
<reported source="Stephen Henson"/>
<description>
A flaw in the OpenSSL handling of OCSP response verification can be exploited in
@@ -3968,7 +3968,7 @@ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
<affects base="1.0.1" version="1.0.1f"/>
<fixed base="1.0.1" version="1.0.1g" date="20140409">
</fixed>
- <advisory url="http://www.openssl.org/news/secadv_20140407.txt"/>
+ <advisory url="/news/secadv/20140407.txt"/>
<reported source="Neel Mehta"/>
<description>
A missing bounds check in the handling of the TLS heartbeat extension can be
@@ -4037,7 +4037,7 @@ issue did not affect versions of OpenSSL prior to 1.0.1.
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20140605.txt"/>
+ <advisory url="/news/secadv/20140605.txt"/>
<reported source="KIKUCHI Masashi (Lepidum Co. Ltd.)"/>
</issue>
@@ -4096,7 +4096,7 @@ issue did not affect versions of OpenSSL prior to 1.0.1.
<fixed base="0.9.8" version="0.9.8za" date="20140605">
</fixed>
<description>By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.</description>
- <advisory url="http://www.openssl.org/news/secadv_20140605.txt"/>
+ <advisory url="/news/secadv/20140605.txt"/>
<reported source="Imre Rad (Search-Lab Ltd.)"/>
</issue>
@@ -4143,7 +4143,7 @@ issue did not affect versions of OpenSSL prior to 1.0.1.
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected.
</description>
- <advisory url="http://www.openssl.org/news/secadv_20140605.txt"/>
+ <advisory url="/news/secadv/20140605.txt"/>
<reported source="Jüri Aedla"/>
</issue>
@@ -4177,7 +4177,7 @@ issue did not affect versions of OpenSSL prior to 1.0.1.
cause a denial of service via a NULL pointer dereference. This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.</description>
- <advisory url="http://www.openssl.org/news/secadv_20140605.txt"/>
+ <advisory url="/news/secadv/20140605.txt"/>
</issue>
<issue public="20140408">
@@ -4211,7 +4211,7 @@ attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.</description>
- <advisory url="http://www.openssl.org/news/secadv_20140605.txt"/>
+ <advisory url="/news/secadv/20140605.txt"/>
</issue>
<issue public="20140530">
@@ -4271,7 +4271,7 @@ default and not common.</description>
<description>OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.</description>
<reported source="Felix Gröbert and Ivan Fratrić (Google)"/>
- <advisory url="http://www.openssl.org/news/secadv_20140605.txt"/>
+ <advisory url="/news/secadv/20140605.txt"/>
</issue>
</security>
diff --git a/news/vulnerabilities.xsl b/news/vulnerabilities.xsl
deleted file mode 100644
index 375f3c6..0000000
--- a/news/vulnerabilities.xsl
+++ /dev/null
@@ -1,129 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
-
- <xsl:output indent="yes" encoding="UTF-8" method="xml" omit-xml-declaration="yes"/>
-
-<xsl:include href="./vulnerabilitiesdates.xsl"/>
-
-<xsl:key name="unique-date" match="@public" use="substring(.,1,4)"/>
-<xsl:key name="unique-base" match="@base" use="."/>
-
-<xsl:template match="security">
- <xsl:text>## Do not edit this file, instead edit vulnerabilities.xml
-## then create it using
-## xsltproc vulnerabilities.xsl vulnerabilities.xml
-##
-
-</xsl:text>
- <xsl:text>#use wml::openssl area=news page=vulnerabilities
-
-</xsl:text>
-<title>OpenSSL vulnerabilities</title>
-
-<h1>OpenSSL vulnerabilities</h1>
-
-<h2>Reporting a security vulnerability</h2>
-
-<p>If you think you have found a security vulnerability then please send
- it to the OpenSSL team using the private security list
- <a href="mailto:openssl-security at openssl.org">openssl-security at openssl.org</a>.
- Encrypting your report is not necessary, but you can either use the
- <a href="openssl-security.asc">team PGP key</a>. If you wish to
- limit the initial disclosure, send it encrypted to specific team
- members.</p>
-
-<p>Any mail sent to that address that is not about a security vulnerability will be ignored. In general, bugs that are only present in the openssl
- command-line utility are not considered security issues.</p>
-
-<h2>Notification of security vulnerabilities</h2>
-
-<p>Please read the <a href="../about/secpolicy.html">OpenSSL Security Policy</a>.</p>
-
-<p>To get notified when an OpenSSL update addresses a security vulnerability please subscribe to the
-<a href="https://www.openssl.org/support/community.html">openssl-announce mailing list</a></p>
-
-<h2>Security vulnerabilities and advisories</h2>
-
-<p>This section lists all security vulnerabilities fixed in released
-versions of OpenSSL since 0.9.6a was released on 5th April 2001.
-</p>
-<p>Note: OpenSSL 0.9.6 versions and 0.9.7 versions are no longer supported and will not
-receive security updates</p>
-
-<xsl:for-each select="issue/@public[generate-id()=generate-id(key('unique-date',substring(.,1,4)))]">
- <xsl:sort select="." order="descending"/>
-<xsl:variable name="year" select="substring(.,1,4)"/>
-<h2><xsl:value-of select="$year"/></h2>
- <dl>
- <xsl:apply-templates select="../../issue[substring(@public,1,4)=$year]">
- <xsl:sort select="./@public" order="descending"/>
- </xsl:apply-templates>
- </dl>
- </xsl:for-each>
-</xsl:template>
-
-<xsl:template match="issue">
- <dt>
- <xsl:apply-templates select="cve"/>
- <xsl:if test="impact/@severity">
- [<xsl:value-of select="impact/@severity"/> severity]
- </xsl:if>
-<xsl:call-template name="dateformat">
- <xsl:with-param name="date" select="@public"/>
-</xsl:call-template>
-<p/>
-</dt><dd>
- <xsl:copy-of select="description"/>
- <xsl:if test="advisory/@url">
- <a href="{advisory/@url}">(original advisory)</a><xsl:text>. </xsl:text>
- </xsl:if>
- <xsl:if test="reported/@source">
- Reported by <xsl:value-of select="reported/@source"/>.
- </xsl:if>
- </dd>
- <p/>
- <xsl:for-each select="fixed">
- <dd>Fixed in OpenSSL
- <xsl:value-of select="@version"/>
- <xsl:if test="git/@hash">
- <xsl:text> </xsl:text><a href="https://github.com/openssl/openssl/commit/{git/@hash}">(git commit)</a><xsl:text> </xsl:text>
- </xsl:if>
- <xsl:variable name="mybase" select="@base"/>
- <xsl:for-each select="../affects[@base=$mybase]|../maybeaffects[@base=$mybase]">
- <xsl:sort select="@version" order="descending"/>
- <xsl:if test="position() =1">
- <xsl:text> (Affected </xsl:text>
- </xsl:if>
- <xsl:value-of select="@version"/>
- <xsl:if test="name() = 'maybeaffects'">
- <xsl:text>?</xsl:text>
- </xsl:if>
- <xsl:if test="position() != last()">
- <xsl:text>, </xsl:text>
- </xsl:if>
- <xsl:if test="position() = last()">
- <xsl:text>) </xsl:text>
- </xsl:if>
- </xsl:for-each>
- </dd>
- </xsl:for-each>
- <p/>
-</xsl:template>
-
-<xsl:template match="cve">
-<xsl:if test="@name != ''">
-<b><a name="{@name}">
-<xsl:if test="@description = 'full'">
-The Common Vulnerabilities and Exposures project
-has assigned the name
-</xsl:if>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-{@name}">CVE-<xsl:value-of select="@name"/>: </a>
-<xsl:if test="@description = 'full'">
- to this issue.
-</xsl:if>
-</a></b>
-</xsl:if>
-</xsl:template>
-</xsl:stylesheet>
-
-
diff --git a/news/vulnerabilitiesdates.xsl b/news/vulnerabilitiesdates.xsl
deleted file mode 100644
index 80364c5..0000000
--- a/news/vulnerabilitiesdates.xsl
+++ /dev/null
@@ -1,54 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
-
-<xsl:template name="dateformat">
-
- <xsl:param name="date" select="."/>
-
- <xsl:variable name="day" select="number(substring($date,7,2))"/>
- <xsl:variable name="month" select="number(substring($date,5,2))"/>
- <xsl:variable name="year" select="number(substring($date,1,4))"/>
-
- <xsl:if test="$day > 0">
- <xsl:value-of select="$day" />
-
- <xsl:choose>
- <xsl:when test="$day=1 or $day=21 or $day=31">st</xsl:when>
- <xsl:when test="$day=2 or $day=22">nd</xsl:when>
- <xsl:when test="$day=3 or $day=23">rd</xsl:when>
- <xsl:otherwise>th</xsl:otherwise>
- </xsl:choose>
-
- <xsl:text> </xsl:text>
- </xsl:if>
-
- <xsl:call-template name="whatmonth">
- <xsl:with-param name="month" select="$month"/>
- </xsl:call-template>
-
- <xsl:if test="$year>0">
- <xsl:text> </xsl:text>
- <xsl:value-of select="$year"/>
- </xsl:if>
-
-</xsl:template>
-
-<xsl:template name="whatmonth">
-<xsl:param name="month" select="."/>
- <xsl:choose>
- <xsl:when test="$month=01">January</xsl:when>
- <xsl:when test="$month=02">February</xsl:when>
- <xsl:when test="$month=03">March</xsl:when>
- <xsl:when test="$month=04">April</xsl:when>
- <xsl:when test="$month=05">May</xsl:when>
- <xsl:when test="$month=06">June</xsl:when>
- <xsl:when test="$month=07">July</xsl:when>
- <xsl:when test="$month=08">August</xsl:when>
- <xsl:when test="$month=09">September</xsl:when>
- <xsl:when test="$month=10">October</xsl:when>
- <xsl:when test="$month=11">November</xsl:when>
- <xsl:when test="$month=12">December</xsl:when>
- </xsl:choose>
-</xsl:template>
-
-</xsl:stylesheet>
diff --git a/openssl.wml b/openssl.wml
deleted file mode 100644
index 2adc21b..0000000
--- a/openssl.wml
+++ /dev/null
@@ -1,603 +0,0 @@
-##
-## openssl.wml -- WML Template for the www.openssl.org website
-## Written by Ralf S. Engelschall <rse at engelschall.com>
-##
-## Usage: #use wml::openssl area=<area_name> [page=<page_name>]
-##
-
-#use wml::std::tags
-#use wml::std::info
-#use wml::des::navbar
-#use wml::des::space
-
-##
-## The Global Page Layout
-##
-
-# start of page header
-[PAGE_HEAD:\
-<html>
-<head>
-
-# insert information about the webpage
-<info style=comment domainname="openssl.org"
- copyright="1998-2014 The OpenSSL Project, http://www.openssl.org/">
-<info style=meta domainname="openssl.org"
- copyright="1998-2014 The OpenSSL Project, http://www.openssl.org/">
-
-# insert overideable title container
-<title*>OpenSSL: {#PAGE_TITLE#}</title*>
-# predefine it to show errors
-..PAGE_TITLE!>>Error: Undefined Title !!<<..
-# define override tag
-<define-tag title endtag=required>
-..PAGE_TITLE>>%body<<..
-</define-tag>
-
-# define a style-sheet for adjusting some HTML layouting things
-# to conform to some typographically stronger conventions.
-<style type="text/css"><!--
-BODY { position: absolute; left: 0px; top: 0px; background: #666699; }
-A { text-decoration: none; font-weight: bold; }
-A:link { text-decoration: none; font-weight: bold; color: #666699; }
-A:visited { text-decoration: none; font-weight: bold; color: #666699; }
-A:hover { text-decoration: none; font-weight: bold; color: #666699; text-decoration: underline; }
-\#red { color: #cc3333; }
-\#sf { font-family: arial,helvetica; font-variant: normal; font-style: normal; }
-\#sfl { font-weight: bold; font-family: arial,helvetica; font-size: 16pt; \
- line-height: 16pt; font-variant: normal; font-style: normal; }
-H1 { font-weight: bold; font-size: 18pt; line-height: 18pt; \
- font-family: arial,helvetica; font-variant: normal; font-style: normal; }
-H2 { font-weight: bold; font-size: 14pt; line-height: 14pt; \
- font-family: arial,helvetica; font-variant: normal; font-style: normal; }
-H3 { font-weight: bold; font-size: 12pt; line-height: 12pt; \
- font-family: arial,helvetica; font-variant: normal; font-style: normal; }
---></style>
-
-# end of header and start of physical body
-# (use additionally use colors here for older browsers)
-</head>
-<body link="#6666cc" alink="#6666cc" vlink="#6666cc" bgcolor="#666699" text="#000000"
- marginheight=0 leftmargin=0 rightmargin=0 topmargin=0>
-
-# now define the page layout by a nested table
-# structure consisting of a 5x5 cell grid.
-<table width=100% cellspacing=0 cellpadding=0 border=0>
- # visually: the top line of the page
- <tr>\
- <td align=left width=100 bgcolor="#666699"><img src="$(IMG)/page-head-tl.jpg" alt="OpenSSL"></td>\
- <td align=left colspan=2 width=600 bgcolor="#666699"><img src="$(IMG)/page-head-tm.jpg" alt=""></td>\
- <td align=right width=20 bgcolor="#666699"> </td>\
- <td align=right width=50 bgcolor="#666699"> </td>\
- </tr>
- # visually: the top of the white body with the subnavbar
- <tr>\
- <td align=left width=100><img src="$(IMG)/page-head-bl.jpg"></td>\
- <td align=left width=20><img src="$(IMG)/page-head-bm.jpg"></td>\
- <td align=left width=100% bgcolor="#ffffff">\
- {#PAGE_SUBNAVBAR#}\
- </td>\
- <td align=right width=20><img src="$(IMG)/page-corner-tr.gif"></td>\
- <td align=right width=50 bgcolor="#666699"> </td>\
- </tr>
- # visually: the left main navigation bar and the white body
- <tr>\
- <td align=left valign=top width=100 bgcolor="#666699">{#PAGE_NAVBAR#}</td>\
- <td align=left valign=top width=20 bgcolor="#ffffff"> </td>\
- <td align=left valign=top bgcolor="#ffffff">\
- <br>
- :PAGE_HEAD][PAGE_BODY:
- {#PAGE_BODY#}
- :PAGE_BODY][PAGE_FOOT:\
- </td>\
- <td align=right width=20 bgcolor="#ffffff"> </td>\
- <td align=right width=50 bgcolor="#666699"> </td>\
- </tr>
- # visually: the bottom of the white body
- <tr>\
- <td align=left valign=top width=100 bgcolor="#666699"> </td>\
- <td align=left width=20><img src="$(IMG)/page-corner-bl.gif"></td>\
- <td align=left valign=top bgcolor="#ffffff"> </td>\
- <td align=right width=20><img src="$(IMG)/page-corner-br.gif"></td>\
- <td align=right width=50 bgcolor="#666699"> </td>\
- </tr>
- # visually: the bottom of the page (only for esthetical
- # reasons, i.e. the page doesn't end with the white body)
- <tr>\
- <td colspan=5 bgcolor="#666699"> </td>\
- </tr>
-</table>
-
-# the physical end of the body
-</body>
-</html>
-:PAGE_FOOT]
-
-##
-## The main Navigation Bar [left, vertically]
-##
-
-# define the navigation bar through a grammar
-<navbar:define name=navbar imgstar="n:s:s"
- imgbase="$(IMG)" urlbase="$(ROOT)">
- # bar header
- <navbar:header>
- </navbar:header>
- # button prolog
- <navbar:prolog>
- <tr><td>
- </navbar:prolog>
- # the buttons itself
- <navbar:button id=title url="." txt="Home" img=page-navbar-ti-*.jpg>
- <navbar:button id=source url=source/ txt="Download" img=page-navbar-so-*.jpg>
- <navbar:button id=about url=about/ txt="About" img=page-navbar-ab-*.jpg>
- <navbar:button id=news url=news/ txt="News" img=page-navbar-ne-*.jpg>
- <navbar:button id=FAQ url=support/faq.html txt="FAQ" img=page-navbar-fq-*.jpg>
- <navbar:button id=docs url=docs/ txt="Documents" img=page-navbar-do-*.jpg>
- <navbar:button id=support url=support/ txt="Support" img=page-navbar-su-*.jpg>
- # button epilog
- <navbar:epilog>
- </td></tr>
- </navbar:epilog>
- # bar footer
- <navbar:footer>
- </navbar:footer>
-</navbar:define>
-
-# and then immediately render it into its layout location
-# (Hint: The top and buttom images have to be part of the table
-# structure because only this way we can put them 0pt to the
-# buttons without a gap)
-..PAGE_NAVBAR>>\
- <table cellspacing=0 cellpadding=0 border=0>\
- <tr><td><img src="$(IMG)/page-navbar-top.jpg"></td></tr>
- # render it!
- <navbar:render name=navbar select=$(area) $(page:+subselected)>
- <tr><td><img src="$(IMG)/page-navbar-bot.jpg"><br><p></td></tr>
- </table>
-<<..
-
-##
-## The Sub Navigation Bar (SNB) [top, horizontally]
-##
-
-# define the <snb>...</snb> container tag
-<define-tag snb endtag=required>
- # 1. define the navigation bar through a grammar
- <navbar:define name=snb urlbase="$(SNB_ROOT)"
- txtcol_normal="#666666" txtcol_select="#000000">
- # bar header
- <navbar:header>\
- <table cellspacing=0 cellpadding=0 border=0>
- <tr>
- </navbar:header>
- # button prolog (normal)
- <navbar:prolog>\
- <td><font face="Arial,Helvetica">
- </navbar:prolog>
- # button prolog (selected)
- <navbar:prolog type=S>\
- <td bgcolor="#f0f0f0"> <font face="Arial,Helvetica"><b>
- </navbar:prolog>
- # ...here the <snb_button> tags will occur...
- %body
- # button epilog (normal)
- <navbar:epilog>\
- </font> </td><td>|</td>
- </navbar:epilog>
- # button epilog (selected)
- <navbar:epilog type=S>\
- </b></font> </td><td>|</td>
- </navbar:epilog>
- # last button epilog (normal)
- <navbar:epilog pos=last>\
- </font> </td><td></td>
- </navbar:epilog>
- # last button epilog (selected)
- <navbar:epilog type=S pos=last>\
- </b></font> </td><td></td>
- </navbar:epilog>
- # bar footer
- <navbar:footer>\
- </tr>
- </table>
- </navbar:footer>
- </navbar:define>
- # 2. render the navigation bar and divert
- # divert it into it's final location
- ..PAGE_SUBNAVBAR>>\
- <navbar:render name=snb select="$(page)">\
- <<..
-</define-tag>
-
-# define the <snb_button> tag for the <snb> container
-# (this is for consistency with the tag names)
-<define-tag snb_button>
- <navbar:button %attributes>
-</define-tag>
-
-# predefine the contents of the SNB location
-# by diverting a whitespace character to it.
-# This prevents the table to be folded.
-..PAGE_SUBNAVBAR!>>
-
-<<..
-
-# and now the final WML trick: When the page=<page_name>
-# attribute is specified for this template, we read in the SNB
-# spec-file which now can use the <snb>..</snb> and
-# <snb_button> tags to actually define and render a SNB. This
-# is accomplished by doing some sort of a conditional #include. ;-)
-$(page:*# )$(page:+#include ")$(SNB_RC:-.wmlsnb)$(page:+")
-
-##
-## Useful tags (for convenience purposes only)
-##
-
-# define a <item> tag for <ul>/<ol> item similar to <li> but
-# which is nice for URL lists like the Related area where
-# we want a special layout.
-<define-tag item>
-<preserve name>
-<preserve url>
-<preserve aio>
-<preserve info>
-<set-var aio=*>
-<set-var %attributes>
-<li><imgdot width=1 height=18>\
- <a href="<get-var url>"><font size=+1 face="Arial,Helvetica"><b><get-var name></b></font></a>
- <ifeq "<get-var aio>" "" <img src="aio.gif" alt="[all-in-one]" align=absmiddle>>
- <br>
- <a href="<get-var url>"><font size=-1><get-var url></font></a><br>
- <ifeq "<get-var info>" "" "" "<get-var info>">
-<restore info>
-<restore aio>
-<restore url>
-<restore name>
-</define-tag>
-
-# define a <filelist> tag which can be used to create a file listing which
-# is optically more compact than the stuff Apache's mod_autoindex creates.
-# Especially the current version is marked red, too.
-<define-tag filelist>
-<pre>
-<b> Bytes Timestamp Filename</b>
-<b>________ ____________________ ____________________________</b>
-<:
- at HI = ();
-open(FP, "<index.current");
-while (<FP>) {
- s|\s*\n$||;
- push(@HI, $_);
-}
-close(FP);
-sub ls {
- my ($pat) = @_;
- my (@F, @R, $f, @S, @T);
- @F = sort { (stat($a))[9] <=> (stat($b))[9]; } (glob($pat));
- @R = ();
- foreach $f (@F) {
- next if ($f =~ m|^index.*|);
- if ('%1' ne '') {
- if (! %1 $f) {
- next;
- }
- }
- @S = stat($f);
- $f = "$f/" if (-d $f);
- @T = localtime($S[9]);
- my @moy = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
- 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
- push(@R, sprintf("%"."8d %"."s %"."2d %"."02d:%"."02d:%"."02d %"."d %"."s\n",
- $S[7], $moy[$T[4]], $T[3], $T[2], $T[1], $T[0], 1900+$T[5], $f));
- }
- return @R;
-}
- at L = &ls("%0");
-foreach $l (@L) {
- next if ($l =~ m|^\s*$|);
- $l =~ s|(\s+)(\S+[^/])(\s*\n)$|$1."<a href=\"$2\">$2</a>".$3|e;
- $l =~ s|(\s+)(\S+/)(\s*\n)$|$1."<a href=\"$2\"><b>$2</b></a>".$3|e;
- foreach $hi (@HI) {
- $l =~ s|^(.*$hi.*)$|<font color="#cc3333">$1 <b>[LATEST]</b></font>|;
- $l =~ s|>($hi)<|><font color="#cc3333">$1</font><|;
- }
- print $l;
-}
-:>
-</pre>
-</define-tag>
-
-<define-tag rfilelist>
-<pre>
-<b> Bytes Timestamp Filename</b>
-<b>________ ____________________ ____________________________</b>
-<:
- at HI = ();
-open(FP, "<index.current");
-while (<FP>) {
- s|\s*\n$||;
- s/#.*$//;
- next if (/^\s*$/);
- # If line is of form "last <regex>" look for last
- # matching filename in the list.
- # This means "last openssl-1*.tar.gz" will automatically
- # mark the last version of OpenSSL as the latest without
- # the need to manually update index.current on each release.
- if (/^\s*last\s*(\S+)\s*$/) {
- # Get list of all file, skip betas
- my @list = sort grep(!/beta/, glob($1));
- my $lastfile = pop @list;
- push(@HI, $lastfile) if (-f $lastfile);
- } elsif (-f $_) {
- push(@HI, $_);
- }
-}
-close(FP);
-sub ls {
- my ($pat) = @_;
- my (@F, @R, $f, @S, @T);
- @F = sort { (stat($b))[9] <=> (stat($a))[9]; } (glob($pat));
- @R = ();
- foreach $f (@F) {
- next if ($f =~ m|^index.*|);
- if ('%1' ne '') {
- if (! %1 $f) {
- next;
- }
- }
- @S = stat($f);
- $f = "$f/" if (-d $f);
- @T = localtime($S[9]);
- my @moy = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
- 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
- push(@R, sprintf("%"."8d %"."s %"."2d %"."02d:%"."02d:%"."02d %"."d %"."s\n",
- $S[7], $moy[$T[4]], $T[3], $T[2], $T[1], $T[0], 1900+$T[5], $f));
- }
- return @R;
-}
- at L = &ls("%0");
-foreach $l (@L) {
- next if ($l =~ m|^\s*$|);
- if ($l =~ m|(\s+)(\S+[^/])(\s*\n)$|) {
- my $h = $`.$1;
- my $f = $2;
- my $t = $3;
- my $r = "<a href=\"$f\">$f</a>";
- if (-f "$f.md5") { $r .= " (<a href=\"$f.md5\">MD5</a>)"; }
- if (-f "$f.sha1") { $r .= " (<a href=\"$f.sha1\">SHA1</a>)"; }
- if (-f "$f.sha256") { $r .= " (<a href=\"$f.sha256\">SHA256</a>)"; }
- if (-f "$f.asc") { $r .= " (<a href=\"$f.asc\">PGP sign</a>)"; }
- $l = $h.$r.$t;
- }
- $l =~ s|(\s+)(\S+/)(\s*\n)$|$1."<a href=\"$2\"><b>$2</b></a>".$3|e;
- foreach $hi (@HI) {
- $l =~ s|^(.*$hi.*)$|<font color="#cc3333">$1 <b>[LATEST]</b></font>|;
- $l =~ s|>($hi)<|><font color="#cc3333"><span class="latest">$1</span></font><|;
- }
- print $l;
-}
-:>
-</pre>
-</define-tag>
-
-<define-tag notes>
-<preserve minversion>
-<preserve maxversion>
-<preserve filename>
-<set-var %attributes>
-<:
-
-my $minversion = "<get-var minversion>";
-my $maxversion = "<get-var maxversion>";
-my $dirname = "<get-var dirname>";
-my $file;
-my $custompage = 0;
-
-if ($maxversion eq "") {
- $minversion="<get-var WML_SRC_FILENAME>";
- $minversion =~ s/^.*-(\d+\.\d+\.\d+)-.*$/$1/;
- $maxversion = $minversion;
-} else {
- $custompage = 1;
-}
-
-
-my $dir = defined $ENV{PODSHOME} ? "$ENV{PODSHOME}/../.." : "/var/cache/openssl/checkouts";
-if ($dirname ne "") {
- $file = "${dir}/$dirname/NEWS";
- $custompage = 1;
-} else {
- $file = "${dir}/openssl-${minversion}-stable/NEWS";
-}
-# For testing
-$file = $ENV{NEWSTEST} if defined $ENV{NEWSTEST};
-if ($custompage == 0) {
- my $brname = $minversion;
- $brname =~ tr/./_/;
- $brname = "OpenSSL_${brname}-stable";
- print <<"END"
-<title>OpenSSL $minversion Release Notes.</title>
-<h1>OpenSSL $minversion Branch Release notes</h1>
-
-The major changes and known issues for the $minversion branch of the OpenSSL
-toolkit are summarised below. The contents reflect the current state of the
-<tt>NEWS</tt> file inside the git repository.
-<p>
-Additional details of changes can be found in the
-<a href="https://github.com/openssl/openssl/blob/$brname/CHANGES">
-change log.</a>.
-<p>
-The complete list of changes can be found in the
-<a href="https://github.com/openssl/openssl/commits/$brname">commit log</a>.
-<p>
-
-END
-}
-
-my $copy = 0;
-my $in_ul = 0;
-open(FP, "<$file") || die "Can't open $file";
-while (<FP>) {
- if (/^\s*Major changes between.*(\d+\.\d+\.\d+)\D.*$/ ||
- /^\s*Known issues in.*(\d+\.\d+\.\d+)\D.*$/) {
- if ($1 ge $minversion && $1 le $maxversion) {
- $copy = 1;
- s|^(.*)$|<b>$1</b>|;
- if ($in_ul) {
- print "</ul>\n";
- $in_ul = 0;
- }
- print;
- next;
- } elsif ($copy) {
- last;
- }
- }
- if ($copy) {
- s/&/&/g;
- s/</</g;
- s/>/>/g;
- if (s/^\s+o\s+/<li>/ && !$in_ul) {
- print "<ul>\n";
- $in_ul = 1;
- }
- s/CVE-(\d{4}-\d{4})/<a href=vulnerabilities.html#$1>CVE-$1<\/a>/g;
- print;
- }
-
-}
-close(FP);
-print "</ul>";
-:>
-<restore minversion>
-<restore maxversion>
-<restore filename>
-</define-tag>
-
-#
-<define-tag newsflash>
-<preserve from>
-<preserve max>
-<preserve more>
-<set-var %attributes>
-<table width=550 cellspacing=0 cellpadding=1 border=0>
-<tr><td><font face="Arial,Helvetica"><b>Date</b></font></td> <td> <font face="Arial,Helvetica"><b>Newsflash</b></font></td></tr>
-<tr><td><hr noshade size=1></td> <td><hr noshade size=1></td></tr>
-<:
- open(FP, "< <get-var from>") || die;
- my $max = ("<get-var max>" eq '' ? 9999 : "<get-var max>");
- @COL = (
- '#ffffff',
- '#f0f0f0',
- );
- $ncol = 1;
- $n = 0;
- while (<FP>) {
- $ncol = ($ncol + 1) % 2;
- $col = $COL[$ncol];
- s|="ROOT|="$(ROOT)|g;
- if (m|^(.+?):(.+)|) {
- print "<tr bgcolor=\"$col\">\n";
- print " <td align=right><font face=\"Arial,Helvetica\"><b>$1:</b></font></td> <td> $2</td>\n";
- print "</tr>\n";
- }
- $n++;
- last if ($n >= $max);
- }
- close(FP);
-:>
-<ifeq "<get-var more>" "" "" <group
-<tr>
- <td> </td> <td align=right><a href="<get-var more>">more...</a></td>
-</tr>
->>
-</table>
-<restore more>
-<restore max>
-<restore from>
-</define-tag>
-
-# define a <disclaimer> tag which displays the usual disclaimer stuff
-<define-tag disclaimer>
-<font face="Arial,Helvetica" size=-1>
-This software package uses strong cryptography, so even if it is created,
-maintained and distributed from liberal countries in Europe (where it is legal
-to do this), it falls under certain export/import and/or use restrictions in
-some other parts of the world.
-<p>
-PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
-SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL
-DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD.
-SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM
-THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE
-AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO
-ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL
-ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT
-IS YOUR RESPONSIBILITY.
-</font>
-<p>
-<font face="Arial,Helvetica" size=-1>
-CREDIT INFORMATION:
-This product includes cryptographic software written by Eric Young.
-This product includes software written by Tim Hudson (tjh at cryptsoft.com).
-</font>
-</define-tag>
-
-# a tag displaying the used tools
-<define-tag website-tools>
-<font face="Arial,Helvetica" size=-1>
-Website designed by
-<a href="http://www.engelschall.com/">Ralf S. Engelschall</a>
-and generated with
-<a href="http://thewml.org/"><font color="#000000">
-Website META Language</font></a> (WML).<br>
-All markup code and graphics on this website
-are Copyright © 1999-2014 <a href="http://www.openssl.org/">The OpenSSL Project</a>,
-All rights reserved.<br>
-This website is served by an
-<a href="http://www.apache.org/"><font color="#000000">Apache</font></a>/
-<a href="http://www.modssl.org/"><font color="#000000">mod_ssl</font></a>
-webserver environment.<br>
-</font>
-</define-tag>
-
-# construct an absolute URL out of a relative URL
-# (essential for the mirroring of the website!)
-<define-tag absolute>
-<:{
- my ($cwd, $baseurl, $basedir, $subdir, $page, $url);
-
- # determine current working directory
- $cwd = '<get-var WML_SRC_DIRNAME>';
-
- # determine base URL
- $baseurl = '<get-var BASE_URL>' || 'file://';
-
- # determine base directory
- $basedir = '<get-var BASE_DIR>' || '<get-var WML_SRC_DIRNAME>';
- $basedir = &canonpath("$cwd/$basedir") if ($basedir !~ m|^/|);
-
- # determine subdir from base dir to current working dir
- $subdir = &relpath($basedir, $cwd);
-
- # determine document
- $page = '%0';
-
- # construct final URL
- $url = "$baseurl/$subdir/$page";
- $url = &canonurl($url);
-
- # replace this tag with the constructed URL
- print $url;
-}:>
-</define-tag>
-
-##
-## Finally, the layout is now rendered, so divert all
-## following stuff (the code in the local file after the #use
-## for this template!) into the white body area.
-##
-
-..PAGE_BODY>>
-
diff --git a/about/buglist.txt b/policies/buglist.txt
similarity index 100%
rename from about/buglist.txt
rename to policies/buglist.txt
diff --git a/policies/cla.html b/policies/cla.html
new file mode 100644
index 0000000..77ff892
--- /dev/null
+++ b/policies/cla.html
@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Contributor Agreements</h2></header>
+ <div class="entry-content">
+ <p>
+ As we described in
+ <a href="http://www.openssl.org/blog/blog/2015/08/01/cla/">a recent blog post</a>,
+ we will soon require almost every
+ contributor to have a signed Contributor License Agreement (CLA)
+ on file. We are following the practice of
+ <a href="https://www.apache.org">the Apache Sofware Foundation</a>.
+ You can see their CLA policy
+ <a href="https://www.apache.org/licenses/#clas">here</a>.
+ Or, you can just read the following paragraphs :)
+ </p>
+
+ <p>
+ OpenSSL desires that all contributors of ideas, code, or
+ documentation complete, sign, and submit (via postal mail, fax
+ or email) an Individual CLA [<a href="openssl_icla.pdf">PDF</a>].
+ The purpose of this agreement is to clearly define
+ the terms under which intellectual property has been contributed
+ to OpenSSL and thereby allow us to defend the project should
+ there be a legal dispute regarding the software at some future
+ time.</p>
+
+ <p>
+ The ICLA is not tied to any employer you may have, so we
+ recommend you use a personal email address in the contact
+ details, rather than a work address.
+ </p>
+
+ <p>
+ For a corporation that has assigned employees to work on OpenSSL,
+ a Corporate CLA [<a href="openssl_ccla.pdf">PDF</a>]
+ is available for contributing intellectual property via
+ the corporation, that may have been assigned as part of an
+ employment agreement. Note that a Corporate CLA does not
+ cover any individual contributions which are not owned by the
+ corporation signing the CCLA.
+ </p>
+
+ <p>
+ Your Full name will be published unless you provide an alternative
+ Public name. For example if your full name is Andrew Bernard Charles
+ Dickens, but you wish to be known as Andrew Dickens, please enter
+ the latter as your Public name. If you do not wish to have your
+ name listed as a contributor, use <em>Anonymous</em>.
+ We reserve the right to reject rude or obscene nick-names.
+ The email address and other contact details are not published.
+ </p>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Policies</a>
+ : <a href="">Contributor Agreements</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
+
diff --git a/policies/codingstyle.html b/policies/codingstyle.html
new file mode 100644
index 0000000..70a417e
--- /dev/null
+++ b/policies/codingstyle.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Coding Style</h2></header>
+ <div class="entry-content">
+ <p>
+ The plain-text document version of this document is available
+ here:
+ <a href="codingstyle.txt">codingstyle.txt</a>
+ </p>
+ <pre>
+ <!--#include virtual="codingstyle.txt" -->
+ </pre>
+ </div>
+
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href="">Policies</a>
+ : <a href="">Coding Style.</a><br/>
+ <a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/about/codingstyle.txt b/policies/codingstyle.txt
similarity index 100%
rename from about/codingstyle.txt
rename to policies/codingstyle.txt
diff --git a/policies/index.html b/policies/index.html
new file mode 100644
index 0000000..811aea2
--- /dev/null
+++ b/policies/index.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Policies</h2></header>
+ <div class="entry-content">
+ <p>
+ In this section we try to document as many of our
+ policies and procedures as possible.
+ We do this for two reasons:
+ <ul>
+ <li>
+ First, we want to to make sure everyone knows how the project is
+ run. For example, when we announce a forthcoming fix for a
+ high-severity bug, the
+ <a href="secpolicy.html">Security Policy</a> explains what
+ that means.</li>
+ <li>
+ Second, it helps us be consistent. For example,
+ the <a href="releasestrat.html">Release Strategy</a> defines the
+ plan of record of when, and how long, various releases will be
+ supported.</li>
+ </ul>
+ <p>
+ Put another way, by being as transparent as possible,
+ we hope to reduce the chance that people are surprised by
+ what we do, and we hope to help maintain predictable
+ behavior within the project.
+ </p>
+ <p>
+ The <a href="roadmap.html">Roadmap</a> describes our overall
+ goals and plans for OpenSSL. It is a living document and is
+ expected to change over time. Objectives and dates should be
+ considered aspirational.</p>
+ <p>
+ If you want to contribute code or fixes to the project,
+ please read the <a href="codingstyle.html">Coding Style</a>
+ page. For legal obligations of contributors, see the
+ page on <a href="cla.html">Contributor Agreements</a>.
+ </po>
+ </div>
+
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href="">Policies</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/licenses/openssl_ccla.pdf b/policies/openssl_ccla.pdf
similarity index 100%
copy from licenses/openssl_ccla.pdf
copy to policies/openssl_ccla.pdf
diff --git a/licenses/openssl_icla.pdf b/policies/openssl_icla.pdf
similarity index 100%
copy from licenses/openssl_icla.pdf
copy to policies/openssl_icla.pdf
diff --git a/policies/releasestrat.html b/policies/releasestrat.html
new file mode 100644
index 0000000..1041334
--- /dev/null
+++ b/policies/releasestrat.html
@@ -0,0 +1,106 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header>
+ <h2>Release Strategy</h2>
+ <h5>
+ First issued 23rd December 2014<br/>
+ Last modified 9th August 2015
+ </h5>
+ </header>
+
+ <div class="entry-content">
+
+ <p>
+ As of release 1.0.0 the OpenSSL versioning scheme was improved
+ to better meet developers' and vendors' expectations. Letter
+ releases, such as 1.0.1a, exclusively contain bug and security
+ fixes and no new features. Minor releases that change the
+ last digit, e.g. 1.0.1 vs. 1.0.2, can and are likely to
+ contain new features, but in a way that does not break binary
+ compatibility. This means that an application compiled and
+ dynamically linked with 1.0.0 does not need to be recompiled
+ when the shared library is updated to 1.0.2. It should be
+ noted that some features are transparent to the application
+ such as the maximum negotiated TLS version and cipher suites,
+ performance improvements and so on. There is no need to
+ recompile applications to benefit from these features.</p>
+
+ <p>Binary compatibility also allows other possibilities. For
+ example, consider an application that wishes to utilize
+ a new cipher provided in a specific 1.0.x release, but it
+ is also desirable to maintain the application in a 1.0.0
+ context. Customarily this would be resolved at compile time
+ resulting in two binary packages targeting different OpenSSL
+ versions. However, depending on the feature, it might be
+ possible to check for its availability at run-time, thus cutting
+ down on the maintenance of multiple binary packages. Admittedly
+ it takes a certain discipline and some extra coding, but we
+ would like to encourage such practice. This is because we
+ want to see later releases being adopted faster, because new
+ features can improve security.</p>
+
+ <p>With regards to current and future releases the OpenSSL
+ project has adopted the following policy:</p>
+
+ <ul>
+ <li>Support for version 0.9.8 will cease on 2015-12-31. No
+ further releases of 0.9.8 will be made after that
+ date. Security fixes only will be applied to 0.9.8 until
+ then.</li>
+ <li>Support for version 1.0.0 will cease on 2015-12-31. No
+ further releases of 1.0.0 will be made after that
+ date. Security fixes only will be applied to 1.0.0 until
+ then.</li>
+ </ul>
+
+ <p>We may designate a release as a Long Term Support (LTS)
+ release. LTS releases will be supported for at least five years
+ and we will specify one at least every four years. Non-LTS
+ releases will be supported for at least two years.</p>
+
+ <p>As implied by the above paragraphs, during the final year
+ of support, we do not commit to anything other than security
+ fixes. Before that, bug and security fixes will be applied
+ as appropriate.</p>
+
+ <ul>
+ <li>Version 1.0.1 will be supported until 2016-12-31.</li>
+ <li>Version 1.0.2 will be supported until 2019-12-31.</li>
+ </ul>
+
+ <p>At this time, we are not planning a 1.0.3 release.</p>
+
+ <p>Version 1.1.0 will (moderately) break source compatibility
+ (for example we will make most structures opaque etc). We
+ expect a preview version to be available mid 2015, with an
+ expected release by the end of 2015. Preview means that we
+ are not planning or expecting major API changes between the
+ preview release and the final release (but are not categorically
+ precluding that possibility).</p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href="/policies">Policies</a>
+ : <a href="">Release Strategy</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+</div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/policies/roadmap.html b/policies/roadmap.html
new file mode 100644
index 0000000..bf2ef63
--- /dev/null
+++ b/policies/roadmap.html
@@ -0,0 +1,421 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header>
+ <h2>Project Roadmap</h2>
+ <h5>
+ First issued 30th June 2014<br/>
+ Last modified 8th August 2015
+ </h5>
+ </header>
+
+ <div class="entry-content">
+ <p>
+ This document is intended to outline the OpenSSL project
+ roadmap. It is a living document and is expected to change
+ over time. Objectives and dates should be considered
+ aspirational.</p>
+ <p>
+ The OpenSSL project is increasingly perceived as slow-moving
+ and insular. This roadmap will attempt to address this by
+ setting out some objectives for improvement, along with
+ defined timescales.</p>
+
+ <h3><a name='toc'>Table of Contents:</a></h3>
+
+ <ol>
+ <li><a href="#current">Current Issues</a></li>
+ <li><a href="#objectives">Objectives</a></li>
+ <li><a href="#forthcoming">Forthcoming Features</a></li>
+ <li><a href="#update">Roadmap Update History</a></li>
+ </ol></p>
+ <p> </p>
+
+
+ <h3><a name="current">Current Issues</a> <a href="#toc"><img src="/img/up.gif"/></a></h3>
+ <p>
+ The OpenSSL project is currently experiencing a number of issues.
+ These are:</p>
+ <ol>
+ <li><em>RT Backlog</em><br/>
+ Over a period of some considerable time open tickets have
+ been building up in RT (our bug tracking system) to the
+ point that now there are a very significant number of
+ them. A large proportion of these issues have been open
+ for years. Some of these have in fact been dealt with and
+ should be closed, but this has not been recorded in the
+ system. Most however have not been looked at.
+ </li>
+ <li><em>Incomplete/incorrect documentation</em><br/>
+ Documentation of OpenSSL is patchy at best. Some areas are
+ well documented, while many others suffer from incomplete
+ or incorrect documentation. There are also many areas
+ which have no documentation at all.
+ </li>
+ <li><em>Library complexity</em><br/>
+ The OpenSSL libraries and applications are complex,
+ both from a maintainer's perspective and from a user's
+ perspective. The public API contains many things which
+ should probably be internal. The code has been ported
+ to a large number of platforms, many of which are no
+ longer relevant to us today, and this complicates the
+ codebase. Some parts of the code have been in place for
+ a very long time, and are in need of a refresh. It is
+ further complicated by the support for FIPS.
+ This complexity causes maintenance problems, and
+ can also be the source of obscure and difficult to spot
+ security vulnerabilities. It can also make users' lives
+ much more difficult especially when combined with (2)
+ above.
+ The current memory management code has
+ also been a source of problems and vulnerabilities.
+ </li>
+ <li><em>Inconsistent coding style</em><br/>
+ There have been numerous developers working on the codebase
+ over many years. There are many different styles used within
+ the code, which is confusing and makes maintenance more
+ difficult than it should be. Even if strictly consistent,
+ the current code layout is unusual and idiosyncratic and
+ unlike any other open source software.
+ </li>
+ <li><em>Lack of code review</em><br/>
+ We don't have a code review system and we don't mandate code
+ reviews.
+ </li>
+ <li><em>No clear release plan</em><br/>
+ Historically OpenSSL has made new feature releases on
+ an infrequent basis and no forward plan of releases has
+ been published. It is difficult for users to plan for new
+ releases, and understand when new features might become
+ available, or when support will end for a release. In
+ addition a large number of stable releases are maintained
+ by the OpenSSL development team - diverting effort away
+ from the most up to date versions.
+ </li>
+ <li><em>No clear platform strategy</em><br/>
+ Historically OpenSSL has supported a very wide range of
+ platforms. Typically platform support has been added through
+ "ifdef" conditional compilation on a per platform
+ basis. This approach has led to a number of problems:
+ <ul>
+ <li>
+ The code has become very cluttered and is difficult to
+ effectively maintain</li>
+ <li>
+ There is support still in the code for a number of legacy
+ platforms which are unlikely to be widely deployed today -
+ if the code even still works on those platforms</li>
+ <li>
+ In practice the development team do not have access to many of
+ the platforms that the codebase supports and testing typically
+ takes place on a very limited set (usually Linux, FreeBSD and
+ Windows)</li>
+ </ul>
+ <del>
+ <li>
+ <em>No published security strategy</em><br/>
+ We do not have a well-known and published approach for how we
+ appropriately inform all interested parties of security
+ advisories.</li>
+ </del>
+ </ol>
+
+ <p></p>
+
+ <h3><a name="objectives">Objectives</a> <a href="#toc"><img src="/img/up.gif"/></a></h3>
+ <p>
+ Each of the issues identified above can be translated into
+ high level objectives. Some of these objectives can be
+ achieved more easily and quickly than others.</p>
+ <p>
+ <em>An important principle is that the priority and focus of
+ effort will be on achieving these objectives over and above
+ the delivery of new features.</em></p>
+
+ <h4>RT Backlog</h4>
+ <ol>
+ <li>
+ Manage all newly submitted RT tickets in a timely
+ manner such as an initial response within four working
+ days. (Timescale: Now)</li>
+ <li>
+ Reduce over time the existing RT backlog (Timescale:
+ Ongoing). This may include the mass closure of very old
+ tickets, such as those raised before the release of any
+ currently supported version.
+ <p><em>Update (8th September 2014)</em>:
+ we have made a great deal of progress on the backlog.
+ A <a href="ticket-activity.png">graph of ticket activity</a>
+ is available, as is the <a href="buglist.txt">raw data</a>
+ for every bug showing when it was open, and resolved. We
+ will update these files periodically.</p></li>
+ </ol>
+
+ <h4>Incomplete/incorrect documentation</h4>
+ <ol>
+ <li>
+ Provide complete documentation for all of the public
+ API (excluding deprecated APIs) (Timescale: Within one year).
+ </li>
+ <li>Some parts of the API have historically been public but were
+ not intended for public use, such as low level cipher and digest
+ APIs. These parts may not be documented, and if they are will be
+ marked as deprecated (Timescale: within nine months).</li>
+ <li>This may include introducing a new documentation system.</li>
+ </ol>
+
+ <h4>Library complexity</h4>
+ <ol>
+ <li>
+ Review and revise the public API with a view to reducing complexity
+ (Timescale: Within one year)</li>
+ <li>
+ Document a platform strategy: see below (Timescale: Within three
+ months)</li>
+ <li>
+ <del>Review and refactor the FIPS code to make it far less
+ intrusive (Timescale: Within one year)</del>
+ <br>Objective met (2015): The FIPS code has been removed from the
+ master branch, and will be re-integrated more cleanly during
+ a future validation.
+ </li>
+ <li>
+ <del>Review and refactor the memory management code.
+ (Timescale: Within six months)</del>
+ <br>Objective met (2015): All use of dynamic memory allocation has
+ been cleaned up and made consistent, and the internal memory
+ pool has been removed.
+ </li>
+ </ol>
+
+ <h4>Inconsistent coding style</h4>
+ <ol>
+ <li>
+ Define a clear coding standard for the project. This will cover not
+ only code layout but also items such as how to handle platform
+ dependencies, unit testing and optional code. (Timescale: Within
+ three months).</li>
+ <li>
+ <del>Format the entire codebase according to the agreed standard.
+ (Timescale: Within three months of coding standard being
+ defined).</del>
+ <br>Objective met (2015): All release branches were
+ reformatted using a script included in the release.
+ </li>
+ <li>
+ Refactor code to follow other parts of the style guide. (Timescale:
+ Within one year)</li>
+ </ol>
+
+ <h4>Code review</h4>
+ <ol>
+ <li>
+ <del>
+ Agree and implement a process such that all new commits
+ should first be reviewed by a team member conversant
+ with the relevant code and updated until the reviewer's
+ issues are addressed. This is contingent on recruiting
+ sufficient team members that reviewers are more-or-less
+ always available. (Timescale: Within three months)
+ </del>
+ <br>Objective met (16th July 2014): All changes are first reviewed by
+ another team member prior to being committed to the public openssl
+ repository.
+ </li>
+ <li>
+ <del>
+ Agree on a code review system. (Timescale: Within six months)
+ </del>
+ <br>Objective met (2015): We use
+ <a href="https://gitlab.com">GitLab</a>.
+ </li>
+ </ol>
+
+ <h4>Audit</h4>
+ <p>
+ Externally audit the current code base. (Timescale: Dependent on
+ external body)</p>
+ <p>Update (14th October 2014):
+ Auditors selected and funded; schedule being worked on.</p>
+
+ <h4>Static/Dynamic Analysis</h4>
+ <p>
+ Regularly audit the code using appropriate analysis tools.
+ (Timescale: Within six months)
+ </p>
+
+ <h4>Release Strategy</h4>
+ <del>
+ <p>
+ We intend to develop a release strategy which will set out our plans
+ for how frequently we plan to release, and when. It will also cover
+ how long releases will be supported for, and when their EOL (End Of
+ Life) will be. (Timescale: Within three months)</p>
+ <p>
+ There are a number of objectives that we would be seeking to address
+ within the release strategy. Some of these objectives compete with
+ each other, and so from necessity there will have to be compromises.
+ The objectives are:
+ <ol>
+ <li>
+ We need security fix releases with very low chance of breaking
+ anything. This is largely met by prohibiting new features in stable
+ branches (i.e. letter releases).</li>
+ <li>
+ If something is broken in a release a fixed version should be made
+ available shortly afterwards (i.e. more letter releases more
+ often)</li>
+ <li>
+ We need a way to get new binary compatible features into OpenSSL
+ relatively quickly.</li>
+ <li>
+ We don't want to have to maintain too many branches. This is likely
+ to include a timescale for the EOL of version 0.9.8</li>
+ <li>
+ We need a way to refactor code and make necessary binary
+ incompatible changes, deprecating APIs etc.</li>
+ </ol>
+ </del>
+ Objective met (2015): We have announced a
+ <a href="releasestrat.html">release strategiy</a>
+ which includes end-of-life and long-term support definitions.
+ Also, our
+ <a href="secpolicy.html">security policy</a> has relevant
+ information.
+ </p>
+
+ <h4>Platform Strategy</h4>
+ <p>
+ Moving forward OpenSSL will adopt the following policy:</p>
+ <ul>
+ <li>
+ There will be a defined set of primary platforms. The primary
+ platforms will be Linux and FreeBSD. A primary platform is one where
+ most development occurs.</li>
+ <li>
+ In addition there will be a list of secondary platforms which are
+ supported by the development team.</li>
+ <li>
+ Platform specific code will be moved out of the main codebase
+ (removing overuse of "ifdef").</li>
+ <li>
+ Legacy platforms that are unlikely to have wide deployment will be
+ removed from the code.</li>
+ <li>
+ Non-supported platforms requiring regular maintenance activities
+ will eventually be removed from the code after first seeking
+ community owners to support the platforms in platform specific
+ repositories.</li>
+ </ul>
+ <p>
+ Necessary criteria for a platform to be included in the secondary
+ platform list includes:</p>
+ <ul>
+ <li>
+ Currency, i.e. a platform is widely deployed and in current use</li>
+ <li>
+ Vendor support</li>
+ <li>
+ Available to the dev team, i.e. the dev team have access to a
+ suitable environment in which to test builds and deal with tickets
+ and issues</li>
+ <li>
+ Dev team ownership, i.e. at least one person on the team is willing
+ to take some responsibility for a platform.</li>
+ </ul>
+ <p>
+ In addition the secondary list will be as small as possible so as not
+ to spread the development team too thinly.</p>
+ <p>
+ The secondary platforms are still to be defined but will be based on
+ the above criteria. For each primary/secondary platform, we should
+ have, at least, a continuous integration box and a dev machine we can
+ access for test/debug. We will seek support from the platform vendors
+ or the community to provide access to these platforms. The secondary
+ platform list will change over time, but an initial list will be
+ produced within three months.</p>
+ <p>
+ The Platform Strategy will be phased in over a period of time based
+ on how quickly we can refactor the code.</p>
+
+ <h4>Security Strategy</h4>
+ <p>
+ <del>
+ We will be documenting a security strategy which will define our
+ policy on how we make security fixes, and what (if any)
+ pre-notification of forthcoming security releases will be provided
+ (and to whom) (Timescale: Within two months)
+ </del>
+ <br>Objective met (7th September 2014): The OpenSSL security policy
+ is available <a href="secpolicy.html">here</a>.
+ </p>
+
+ <h3><a name="forthcoming">Forthcoming Features</a> <a href="#toc"><img src="/img/up.gif"/></a></h3>
+ <p>The primary focus of effort will be on achieving the
+ objectives detailed above, however we are evaluating the following
+ new features.</p>
+
+ <ul>
+ <li>IPv6 support</li>
+ <li>AEAD updates (API review, Poly/ChaCha support, /dev/crypto
+ operations coalescing)</li>
+ <li>TLS 1.3.</li>
+ <li>Certificate Transparency support</li>
+ <li>Support for new ciphersuites e.g., CCM</li>
+ <li>Extended SSL_CONF support</li>
+ <li>DANE support</li>
+ <li>Security levels (currently experimental in master)</li>
+ <li>OCB</li>
+ <li>FIPS code review and refactor</li>
+ <li>Support for emerging platforms, e.g. ARMv8, POWER8</li>
+ <li>Built-in multi-threaded support for two major threading
+ "flavours," POSIX threads and Win32</li>
+ </ul>
+ <p></p>
+
+ <h3><a name="update">Roadmap Update History</a> <a href="#toc"><img src="/img/up.gif"/></a></h3>
+ <p>
+ The following changes have been made since the roadmap was first
+ issued 30-June-2014.
+ </p>
+ <ul>
+ <li>8-August-2015.
+ Many updates, for what happened in 2015.</li>
+ <li>14-October-2014.
+ Updated audit; added TLS 1.3 and Certificate
+ Transparency to features.</li>
+ <li>8-September-2014.
+ Updated status on the RT backlog objective.</li>
+ <li>7-September-2014.
+ Updated security policy section.</li>
+ <li>16-July-2014.
+ Updated code review section.</li>
+ <li>1-July-2014.
+ Noted RT is our bug tracking system.</li>
+ </ul>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href="/policies"> Policies</a>
+ : <a href="">Roadmap</a>.
+ <br><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+</div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
+
diff --git a/policies/secpolicy.html b/policies/secpolicy.html
new file mode 100644
index 0000000..832510d
--- /dev/null
+++ b/policies/secpolicy.html
@@ -0,0 +1,201 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header>
+ <h2>Security Policy</h2>
+ <h5>
+ Last modified 7th September 2014
+ </h5>
+ </header>
+ <div class="entry-content">
+
+ <h2>Introduction</h2>
+
+ <p>Recent flaws have captured the attention of the media
+ and highlighted how much of the internet infrastructure is
+ based on OpenSSL. We've never published our policy on how
+ we internally handle security issues; that process being
+ based on experience and has evolved over the years.</p>
+
+ <h2>Reporting security issues</h2>
+
+ <p>
+ We have an email address which can be used to notify
+ us of possible security vulnerabilities. A subset of
+ OpenSSL team members receive this mail, and messages
+ can be sent using PGP encryption. Full details are at <a
+ href="/news/vulnerabilities.html">https://www.openssl.org/news/vulnerabilities.html</a>
+ </p>
+
+ <p>
+ When we are notified about an issue we engage resources
+ within the OpenSSL team to investigate and prioritise it.
+ We may also utilise resources from the employers of our team
+ members, as well as others we have worked with before.
+ </p>
+
+ <h2>Background</h2>
+
+ <p>
+ Everyone would like to get advance notice of security issues
+ in OpenSSL. This is a complex topic and we need to set out
+ some background with our findings:
+ </p>
+ <ul>
+ <li>The more people you tell in advance the higher the
+ likelihood that a leak will occur. We have seen this
+ happen before, both with OpenSSL and other projects.</li>
+
+ <li>A huge number of products from an equally large number of
+ organisations use OpenSSL. It's not just secure websites, you're
+ just as likely to find OpenSSL inside your smart TV, car, or
+ fridge.</li>
+
+ <li>We strongly believe that the right to advance patches/info
+ should not be based in any way on paid membership to some forum.
+ You can not pay us to get security patches in advance.</li>
+
+ <li>We can benefit from peer review of the patches and advisory.
+ Keeping security issues private means they can't get the level
+ of testing or scrutiny that they otherwise would.</li>
+
+ <li>It is not acceptable for organisations to use advance notice
+ in marketing as a competitive advantage. For example "if you
+ had bought our product/used our service you would have been
+ protected a week ago".</li>
+
+ <li>There are actually not a large number of serious
+ vulnerabilities in OpenSSL which make it worth spending
+ significant time keeping our own list of vendors we trust, or
+ signing framework agreements, or dealing with changes, and
+ policing the policy. This is a significant amount of effort per
+ issue that is better spent on other things.</li>
+
+ <li>We have previously used third parties to handle notification
+ for us including CPNI, oCERT, or CERT/CC, but none were
+ suitable.</li>
+
+ <li>It's in the best interests of the Internet as a whole to get
+ fixes for OpenSSL security issues out quickly. OpenSSL embargoes
+ should be measured in days and weeks, not months or years.</li>
+
+ <li>Many sites affected by OpenSSL issues will be running a
+ version of OpenSSL they got from some vendor (and likely bundled
+ with an operating system). The most effective way for these
+ sites to get protected is to get an updated version from that
+ vendor. Sites who use their own OpenSSL compilations should be
+ able to handle a quick patch and recompile once the issue is
+ public.</li>
+ </ul>
+
+ <h2>Internal handling of security issues</h2>
+
+ <p>This leads us to our policy for security issues notified
+ to us or found by our team which are not yet public.</p>
+
+ <p>"private" means kept within the OpenSSL development
+ team.</p>
+
+ <p>We will determine the risk of each issue being addressed.
+ We will take into account our experience dealing with past
+ issues, versions affected, common defaults, and use cases.
+ We divide the issues into the following categories:</p>
+
+ <ul>
+ <li>
+ <em>LOW Severity.</em>
+ This includes issues such as those that only affect the
+ openssl command line utility, unlikely configurations, or hard
+ to exploit timing (side channel) attacks. These will in general
+ be fixed immediately in latest development versions, and may be
+ backported to older versions that are still getting updates. We
+ will update the vulnerabilities page and note the issue CVE in
+ the changelog and commit message, but they may not trigger new
+ releases.</li>
+ <li>
+ <em>MODERATE Severity.</em>
+ This includes issues like crashes in client applications,
+ flaws in protocols that are less commonly used (such as DTLS),
+ and local flaws. These will in general be kept private until
+ the next release, and that release will be scheduled so that it
+ can roll up several such flaws at one time.</li>
+ <li><em>HIGH Severity.</em>
+ This includes issues affecting common configurations which are
+ also likely to be exploitable. Examples include a server DoS, a
+ significant leak of server memory, and remote code execution.
+ These issues will be kept private and will trigger a new release
+ of all supported versions. We will attempt to keep the time
+ these issues are private to a minimum; our aim would be no
+ longer than a month where this is something under our control,
+ and significantly quicker if there is a significant risk or we
+ are aware the issue is being exploited.</li>
+ </ul>
+
+ <p>During the investigation of issues we may work with individuals
+ and organisations who are not on the development team. We do this
+ because past experience has shown that they can add value to our
+ understanding of the issue and the ability to test patches. In
+ cases where protocols are affected this is the best way to
+ mitigate the risk that a poorly reviewed update causes signficiant
+ breakage, or to detect if issues are being exploited in the wild.
+ We have a strict policy on what these organisations and
+ individuals can do with the information and will review the need
+ on a case by case basis.</p>
+
+ <h2>Prenotification policy</h2>
+
+ <p>Where we are planning an update that fixes security issues
+ we will notify the openssl-announce list and update the home
+ page to give our scheduled update release date and time and
+ the severity of issues being fixed by the update. No futher
+ information about the issues will be given. This is to aid
+ organisations that need to ensure they have staff available
+ to handle triaging our announcement and what it means to
+ their organisation.</p>
+
+ <p>For updates that include high severity issues we will
+ also prenotify with more details and patches. Our policy
+ is to let the organisations that have a general purpose OS
+ that uses OpenSSL have a few days notice in order to prepare
+ packages for their users and feedback test results.</p>
+
+ <p>We use the mailing list described at <a
+ href="http://oss-security.openwall.org/wiki/mailing-lists/distros">http://oss-security.openwall.org/wiki/mailing-lists/distros</a>
+ for this. We may also include other organisations that
+ would otherwise qualify for list membership. We may
+ withdraw notifying individual organisations from future
+ prenotifications if they leak issues before they are public
+ or over time do not add value (value can be added by providing
+ feedback, corrections, test results, etc.)</p>
+
+ <p>Finally, note that not all security issues are notified to
+ us directly; some come from third parties such as companies
+ that pay for vulnerabilities, some come from country CERTs.
+ These intermediaries, or the researchers themselves, may
+ follow a different style of notification. This is within their
+ rights and outside of the control of the OpenSSL team.</p>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Policies</a>
+ : <a href="">Security Policy</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+ <!--#include virtual="/inc/footer.inc" -->
+ </body>
+ </html>
+
diff --git a/policies/sidebar.inc b/policies/sidebar.inc
new file mode 100644
index 0000000..8610c5f
--- /dev/null
+++ b/policies/sidebar.inc
@@ -0,0 +1,24 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">Policies</a></h1>
+ <ul>
+ <li>
+ <a href="roadmap.html">Roadmap</a>
+ </li>
+ <li>
+ <a href="releasestrat.html">Release Strategy</a>
+ </li>
+ <li>
+ <a href="secpolicy.html">Security Policy</a>
+ </li>
+ <li>
+ <a href="codingstyle.html">Coding Style</a>
+ </li>
+ <li>
+ <a href="cla.html">Contributor Agreements</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
diff --git a/about/ticket-activity.png b/policies/ticket-activity.png
similarity index 100%
rename from about/ticket-activity.png
rename to policies/ticket-activity.png
diff --git a/run-changelog.pl b/run-changelog.pl
deleted file mode 100644
index c8dc392..0000000
--- a/run-changelog.pl
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/perl
-
-$|++;
-$page = '';
-$page .= $_ while (<STDIN>);
-
-$page =~ s|^.+?(Changes.+?\n+)|$1|s;
-$page =~ s|&|&\;|sg; # escape with useless backslash
-$page =~ s|<|<\;|sg;
-$page =~ s|>|>\;|sg;
-$page =~ s|(Changes between.+?)\n|<b>$1</b>\n|sg;
-
-print "<pre>$page</pre>";
-
-exit(0);
diff --git a/run-fundingfaq.pl b/run-fundingfaq.pl
deleted file mode 100755
index b380028..0000000
--- a/run-fundingfaq.pl
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/perl
-## read a FAQ file and pretty-print it as html
-
-$|++;
-# TOC
-$i=0; $l=""; $n=0;
-print "<ul>\n";
-print "<ol>\n";
-while (<STDIN>) {
- escape($_);
- last if /^=+$/;
- next if /^\w*$/;
- if (/^\[([^\[]+)\] (.*)/) {
- $l=$1;
- $n=0;
- print "</ol>\n";
- print "<li><a href=\"#$l\">$1</a> $2\n";
- print "<ol>\n";
- } elsif (/^\* (.*)/) {
- $n++;
- print "<li><a href=\"#$l$n\">$1</a>\n";
- }
-}
-print "</ol>\n";
-print "</ul>\n\n";
-
-# Contents
-$l=""; $n=0; $pre=0; $snip=0;
-while (<STDIN>) {
- next if /^=+$/;
- if (/^----- snip:start -----/) {
- print "<pre><listing>" unless $snip;
- $snip=1;
- }
- if ($snip) {
- escape($_);
- print;
- }
- if ($snip && /^----- snip:end -----/) {
- print "</listing></pre>";
- $snip=0;
- goto cont;
- }
- if ($snip) {
- goto cont;
- }
- if (/<URL:/ and not /<URL:.*>/) {
- chomp;
- $_ .= <STDIN>;
- }
- s/<URL: *(.*?)>/\@\@\@$1\@\@\@/;
- escape($_);
- s|\s\*(\S+)\*\s| <i>$1</i> |;
- s/\@\@\@(.+)\((\S+)\)\@\@\@/<a href=\"$2\">$1<\/a>/;
- s/\@\@\@(.*?)\@\@\@/<a href=\"$1\">$1<\/a>/;
- if (s/\((.?)\)/XX$1XX/g) {
- while (/([A-Za-z_\.]*)XX(.?)XX/) {
- foreach $section ("apps", "ssl", "crypto") {
- if (-f "../docs/$section/$1.html") {
- s|([A-Za-z_\.]*)XX(.?)XX|<a href=\"../docs/$section/$1.html\">$1($2)</a>|;
- goto found;
- }
- }
- s/XX(.?)XX/($1)/;
- found:
- }
- }
- if (/^\[([^\[]+)\] =+/) {
- $l=$1;
- $n=0;
- print "<hr>\n";
- print "<h2>[<a name=\"$l\">$1</a>]</h2>\n";
- } elsif (/^\* (.*)/) {
- $n++;
- print "\n<h2><i><a name=\"$l$n\">$n. $1</a></i></h2>\n";
- } elsif (/^$/) {
- print "<p>";
- } elsif (/^ /) {
- print "<pre>" unless $pre;
- $pre=1;
- print;
- } else {
- print "</pre>\n" if $pre;
- $pre=0;
- print;
- }
- cont:
-}
-
-exit(0);
-
-sub escape
-{
- s/\&/\&/g;
- s/\</\</g;
- s/\>/\>/g;
-}
diff --git a/sidebar.inc b/sidebar.inc
new file mode 100644
index 0000000..1b3d6b6
--- /dev/null
+++ b/sidebar.inc
@@ -0,0 +1,31 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">Home</a></h1>
+ <ul>
+ <li>
+ <a href="source">Downloads: Source code</a>
+ </li>
+ <li>
+ <a href="docs">Docs: FAQ, FIPS, manpages, ...</a>
+ </li>
+ <li>
+ <a href="news">News: Latest information</a>
+ </li>
+ <li>
+ <a href="policies">Policies: How we operate</a>
+ </li>
+ <li>
+ <a href="community">Community: Blog, bugs, email, ...</a>
+ </li>
+ <li>
+ <a href="support">Support: Commercial support and contracting</a>
+ </li>
+ <li>
+ <a href="support/acks.html">Sponsor Acknowledgements</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
+
diff --git a/source/.gitignore b/source/.gitignore
deleted file mode 100644
index 24294ee..0000000
--- a/source/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-*.html
-*.gz
-*.gz.asc
-*.gz.md5
-*.gz.sha1
-*.tar.gz.sig
-*.patch
diff --git a/source/.wmlrc b/source/.wmlrc
deleted file mode 100644
index ab44064..0000000
--- a/source/.wmlrc
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## .wmlrc -- Local RC file for WML
-##
-
-# define where the URL root of the Sub Navigation Bar (SNB)
-# is located [SNB_ROOT] and where it's buttons are defined [SNB_RC]
--DSNB_ROOT~.
--DSNB_RC=.wmlsnb
--I.
-
diff --git a/source/.wmlsnb b/source/.wmlsnb
deleted file mode 100644
index e9cfd83..0000000
--- a/source/.wmlsnb
+++ /dev/null
@@ -1,12 +0,0 @@
-##
-## .wmlsnb -- Sub Navigation Bar Specification for WML
-##
-
-<snb>
- <snb_button id=tarballs txt="Tarballs" url=".">
- <snb_button id=license txt="License" url="license.html">
- <snb_button id=rt txt="Bugs" url="/support/rt.html">
- <snb_button id=repos txt="Repository" url="repos.html">
- <snb_button id=mirror txt="Mirror" url="mirror.html">
-</snb>
-
diff --git a/source/gitrepo.html b/source/gitrepo.html
new file mode 100644
index 0000000..2077ae7
--- /dev/null
+++ b/source/gitrepo.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Git Repository</h2></header>
+
+ <div class="entry-content">
+ <p>The OpenSSL software is developed using a Git repository.
+ Read-only access to the repository is available at
+ git.openssl.org. We also maintain a downstream clone on GitHub, at
+ <a
+ href="https://github.com/openssl/openssl">https://github.com/openssl/openssl</a>
+ on GitHub. This repository is updated with every commit and is
+ accessible through a number of protocols.</p>
+
+ <p>On the OpenSSL repository we only support the <em>git</em>
+ protocol. Use the following command to clone the git repository
+ including all available branches and tags:
+ <code><pre>
+
+$ git clone git://git.openssl.org/openssl.git
+ </pre></code>
+ </p>
+
+ <p>Access to the specific branches is possible via the standard branch
+ and checkout commands. See the discussion of branch naming below for
+ more information.</p>
+
+ <p>On Windows, once the repository is cloned, you should ensure
+ that line endings are set correctly:</p>
+
+ <code><pre>
+
+$ cd openssl
+$ git config core.autocrlf false
+$ git config core.eol lf
+$ git checkout .
+ </pre></code>
+
+ <h3>Git branch names and tagging</h3>
+
+ <p>The <em>master</em> branch, also known as the development branch,
+ contains the latest bleeding edge code. There are also several
+ <em>stable</em> branches where stable releases come from. These take
+ the form <em>OpenSSL_x_y_z-stable</em> so for example the 1.0.0 stable
+ branch is <em>OpenSSL_1_0_0-stable</em>. When an actual release is
+ made it is tagged in the form <em>OpenSSL_x_y_zp</em> or a beta
+ <em>OpenSSL_x_y_xp-betan</em> though you should normally just download
+ the release tarball. Tags and branches are occasionally used for other
+ purposes such as testing experimental or unstable code before it is
+ merged into another branch.</p>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Downloads</a>
+ : <a href="">Git Repository</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/source/index.current b/source/index.current
deleted file mode 100644
index 7f0cb26..0000000
--- a/source/index.current
+++ /dev/null
@@ -1,2 +0,0 @@
-# Set latest tarball automatically
-last openssl-1*.tar.gz
diff --git a/source/index.html b/source/index.html
new file mode 100644
index 0000000..0a84ecf
--- /dev/null
+++ b/source/index.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Downloads</h2></header>
+ <div class="entry-content">
+ <p>Our development is maintained in a
+ <a href="gitrepo.html">git repository</a>, which is
+ accessible over the network and cloned on GitHub.
+ Please familiarize yourself with the
+ <a href="license.html">license</a>.
+ </p>
+
+ <p>The table below lists the latest releases for every branch.
+ The most recent previous releases can be found at
+ <a href="ftp://ftp.openssl.org/source/">ftp://ftp.openssl.org/source/</a>
+ and all releases can be found at
+ <a href="old">/source/old</a>.
+ A list of mirror sites can be found <a href="mirror.html">here</a>.
+ </p>
+
+ <table>
+ <tr>
+ <td>KBytes </td>
+ <td>Date </td>
+ <td>File </td>
+ </tr>
+ <!--#include virtual="index.inc" -->
+ </table>
+ <p> </p>
+
+ <p>When building a release for the first time, please make sure
+ to look at the README and INSTALL files in the distribution.
+ If you have problems, look at the FAQ, which can also be
+ found <a href="/news/faq.html">online</a>.</p>
+
+ <p>
+ Each day we make a snapshot of each development branch.
+ They can be found at
+ <a href="ftp://ftp.openssl.org/snapshot/">ftp://ftp.openssl.org/snapshot/</a>.
+ These snapshots are provided for convenience only. When you really
+ want to keep yourself up-to-date please clone the git repository
+ instead.</p>
+
+ <!--#include virtual="/inc/legalities.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Downloads</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/source/index.wml b/source/index.wml
deleted file mode 100644
index 59c571a..0000000
--- a/source/index.wml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-#use wml::openssl area=source page=tarballs
-
-<title>Source, Tarballs</title>
-
-<h1>Tarballs</h1>
-
-<p>
-The table below lists the latest releases for every branch.
-Old releases can be found at
-<a href="old">https://www.openssl.org/source/old</a>.
-</p>
-
-<p>
-Alternatively, you can find all distribution tarballs in our FTP area,
-<a href="ftp://ftp.openssl.org/source/">ftp://ftp.openssl.org/source/</a>.
-A list of FTP mirror sites can be found <a href="mirror.html">here</a>.
-</p>
-
-<p>
-Development snapshots can be found at
-<a href="ftp://ftp.openssl.org/snapshot/">ftp://ftp.openssl.org/snapshot/</a>.
-
-<p>
-We also maintain a clone at GitHub,
-<a href="https://github.com/openssl/openssl">https://github.com/openssl/openssl</a>.
-
-
-<p>
-<rfilelist "openssl-*.gz">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/license.html b/source/license.html
new file mode 100644
index 0000000..a2ce2e4
--- /dev/null
+++ b/source/license.html
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>License</h2></header>
+ <div class="entry-content">
+ <p>
+ This is a copy of the current LICENSE file from
+ the main repository.
+ The plain-text document version of this document is available
+ here:
+ <a href="license.txt">license.txt</a>
+ </p>
+ <pre>
+ <!--#include virtual="license.txt" -->
+ </pre>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Downloads</a>
+ : <a href="">License</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
diff --git a/source/license.wml b/source/license.wml
deleted file mode 100644
index 88143d9..0000000
--- a/source/license.wml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-#use wml::openssl area=source page=license
-
-<title>Source, License</title>
-
-<h1>License</h1>
-This is a copy of the current LICENSE file inside the CVS repository.
-<p>
-
-<pre>
-#include "license.inc"
-</pre>
diff --git a/source/mirror.html b/source/mirror.html
new file mode 100644
index 0000000..58e282b
--- /dev/null
+++ b/source/mirror.html
@@ -0,0 +1,74 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Mirrors</h2></header>
+ <div class="entry-content">
+ <p>You can download the latest distribution files from the
+ following FTP areas:</p>
+ <table>
+ <tr><td>Locale</td><td>URL</td></tr>
+
+ <tr><td>DE</td><td><a
+ href="ftp://ftp.openssl.org/source/">ftp://ftp.openssl.org/source/</a></td></tr>
+ <tr><td>CH</td><td><a
+ href="ftp://mirror.switch.ch/mirror/openssl/">ftp://mirror.switch.ch/mirror/openssl/</a></td></tr>
+ <tr><td>CH</td><td><a
+ href="http://mirror.switch.ch/ftp/mirror/openssl/">http://mirror.switch.ch/ftp/mirror/openssl/</a></td></tr>
+ <tr><td>DE</td><td><a
+ href="ftp://ftp.pca.dfn.de/pub/tools/net/openssl/">ftp://ftp.pca.dfn.de/pub/tools/net/openssl/</a></td></tr>
+ <tr><td>NO</td><td><a
+ href="ftp://sunsite.uio.no/pub/security/openssl/">ftp://sunsite.uio.no/pub/security/openssl/</a></td></tr>
+ <tr><td>SE</td><td><a
+ href="ftp://ftp.sunet.se/pub/security/tools/net/openssl/">ftp://ftp.sunet.se/pub/security/tools/net/openssl/</a></td></tr>
+ <tr><td>AT</td><td><a
+ href="ftp://gd.tuwien.ac.at/infosys/security/openssl/">ftp://gd.tuwien.ac.at/infosys/security/openssl/</a></td></tr>
+ <tr><td>HU</td><td><a
+ href="ftp://ftp.kfki.hu/pub/packages/security/openssl/">ftp://ftp.kfki.hu/pub/packages/security/openssl/</a></td></tr>
+ <tr><td>PL</td><td><a
+ href="ftp://guest.kuria.katowice.pl/pub/openssl/">ftp://guest.kuria.katowice.pl/pub/openssl/</a></td></tr>
+ <tr><td>CZ</td><td><a
+ href="ftp://ftp.fi.muni.cz/pub/openssl/">ftp://ftp.fi.muni.cz/pub/openssl/</a></td></tr>
+ <tr><td>HR</td><td><a
+ href="ftp://ftp.linux.hr/pub/openssl/">ftp://ftp.linux.hr/pub/openssl/</a></td></tr>
+ <tr><td>DE</td><td><a
+ href="http://openssl.initrd.net/">http://openssl.initrd.net/</a></td></tr>
+ <tr><td>PL</td><td><a
+ href="rsync://ftp.tpnet.pl/pub/security/openssl/">rsync://ftp.tpnet.pl/pub/security/openssl/</a></td></tr>
+ <tr><td>CA</td><td><a
+ href="http://openssl.skazkaforyou.com/">http://openssl.skazkaforyou.com/</a></td></tr>
+ <tr><td>CA</td><td><a
+ href="http://openssl.raffsoftware.com/">http://openssl.raffsoftware.com/</a></td></tr>
+ <tr><td>DE</td><td><a
+ href="http://artfiles.org/openssl.org/">http://artfiles.org/openssl.org/</a></td></tr>
+
+ </table>
+
+ <p> </p>
+ <h3>No additional mirrors</h3>
+ <p>We are not interested in taking on additional mirrors at the
+ time.</p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Downloads</a>
+ : <a href="">Mirrors</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/source/mirror.wml b/source/mirror.wml
deleted file mode 100644
index 4a1c52f..0000000
--- a/source/mirror.wml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-#use wml::openssl area=source page=mirror
-
-#use wml::std::box
-#use wml::fmt::verbatim
-#use wml::std::href
-
-<title>Source, FTP Mirrors</title>
-
-<h1>FTP Mirrors</h1>
-
-<h2>Available Mirrors</h2>
-
-You can download the latest distribution files from the following FTP areas:
-
-#include 'mirror.inc'
-
-<h2>No additional mirrors</h2>
-
-We are not interested in taking on additional mirrors at the time.
diff --git a/source/old/0.9.x/index.html b/source/old/0.9.x/index.html
new file mode 100644
index 0000000..dc74bce
--- /dev/null
+++ b/source/old/0.9.x/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Old 0.9.x Releases</h2></header>
+ <div class="entry-content">
+ <p>Here are the old 0.9.x releases.</p>
+ <!--#include virtual="index.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Source</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+
+
+ </div>
+ <!--NO NO #include virtual="sidebar.inc" -->
+ </div>
+ <!--#include virtual="/inc/legalities.inc" -->
+
+</div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/source/old/0.9.x/index.wml b/source/old/0.9.x/index.wml
deleted file mode 100644
index ebd4c81..0000000
--- a/source/old/0.9.x/index.wml
+++ /dev/null
@@ -1,16 +0,0 @@
-#use wml::openssl area=source page=old/0.9.x
-
-<title>Old 0.9.x Releases</title>
-
-<h1>Old 0.9.x Releases</h1>
-
-<p>
-The table below lists the outdated 0.9.x releases.
-</p>
-
-<p>
-<rfilelist "*.gz">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/old/1.0.0/index.html b/source/old/1.0.0/index.html
new file mode 100644
index 0000000..a040259
--- /dev/null
+++ b/source/old/1.0.0/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Old 1.0.0 Releases</h2></header>
+ <div class="entry-content">
+ <p>Here are the old 1.0.0 releases.</p>
+ <!--#include virtual="index.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Source</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+
+
+ </div>
+ <!--NO NO #include virtual="sidebar.inc" -->
+ </div>
+ <!--#include virtual="/inc/legalities.inc" -->
+
+</div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/source/old/1.0.0/index.wml b/source/old/1.0.0/index.wml
deleted file mode 100644
index d3cb9b5..0000000
--- a/source/old/1.0.0/index.wml
+++ /dev/null
@@ -1,16 +0,0 @@
-#use wml::openssl area=source page=old/1.0.0
-
-<title>Old 1.0.0 Releases</title>
-
-<h1>Old 1.0.0 Releases</h1>
-
-<p>
-The table below lists the outdated 1.0.0 releases.
-</p>
-
-<p>
-<rfilelist "*.gz">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/old/1.0.1/index.html b/source/old/1.0.1/index.html
new file mode 100644
index 0000000..5028934
--- /dev/null
+++ b/source/old/1.0.1/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Old 1.0.1 Releases</h2></header>
+ <div class="entry-content">
+ <p>Here are the old 1.0.1 releases.</p>
+ <!--#include virtual="index.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Source</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+
+
+ </div>
+ <!--NO NO #include virtual="sidebar.inc" -->
+ </div>
+ <!--#include virtual="/inc/legalities.inc" -->
+
+</div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/source/old/1.0.1/index.wml b/source/old/1.0.1/index.wml
deleted file mode 100644
index ba8b064..0000000
--- a/source/old/1.0.1/index.wml
+++ /dev/null
@@ -1,16 +0,0 @@
-#use wml::openssl area=source page=old/1.0.1
-
-<title>Old 1.0.1 Releases</title>
-
-<h1>Old 1.0.1 Releases</h1>
-
-<p>
-The table below lists the outdated 1.0.1 releases.
-</p>
-
-<p>
-<rfilelist "*.gz">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/old/1.0.2/index.html b/source/old/1.0.2/index.html
new file mode 100644
index 0000000..b238dcf
--- /dev/null
+++ b/source/old/1.0.2/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Old 1.0.2 Releases</h2></header>
+ <div class="entry-content">
+ <p>Here are the old 1.0.2 releases.</p>
+ <!--#include virtual="index.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Source</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+
+
+ </div>
+ <!--NO NO #include virtual="sidebar.inc" -->
+ </div>
+ <!--#include virtual="/inc/legalities.inc" -->
+
+</div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/source/old/1.0.2/index.wml b/source/old/1.0.2/index.wml
deleted file mode 100644
index 1876079..0000000
--- a/source/old/1.0.2/index.wml
+++ /dev/null
@@ -1,16 +0,0 @@
-#use wml::openssl area=source page=old/1.0.2
-
-<title>Old 1.0.2 Releases</title>
-
-<h1>Old 1.0.2 Releases</h1>
-
-<p>
-The table below lists the outdated 1.0.2 releases.
-</p>
-
-<p>
-<rfilelist "*.gz">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/old/fips/index.html b/source/old/fips/index.html
new file mode 100644
index 0000000..1ade710
--- /dev/null
+++ b/source/old/fips/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Old XXX Releases</h2></header>
+ <div class="entry-content">
+ <p>Here are the old xxx releases.</p>
+ <!--#include virtual="index.inc" -->
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Source</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+
+
+ </div>
+ <!--NO NO #include virtual="sidebar.inc" -->
+ </div>
+ <!--#include virtual="/inc/legalities.inc" -->
+
+</div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/source/old/fips/index.wml b/source/old/fips/index.wml
deleted file mode 100644
index 6df3f3e..0000000
--- a/source/old/fips/index.wml
+++ /dev/null
@@ -1,16 +0,0 @@
-#use wml::openssl area=source page=old/fips
-
-<title>Old FIPS Releases</title>
-
-<h1>Old FIPS Releases</h1>
-
-<p>
-The table below lists the outdated FIPS releases.
-</p>
-
-<p>
-<rfilelist "*.gz">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/old/index.html b/source/old/index.html
new file mode 100644
index 0000000..4d2b267
--- /dev/null
+++ b/source/old/index.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Old Releases</h2></header>
+ <div class="entry-content">
+ <p>Here are the old releases.</p>
+ <ul>
+ <li><a href="0.9.x">0.9.x</a></li>
+ <li><a href="1.0.0">1.0.0</a></li>
+ <li><a href="1.0.1">1.0.1</a></li>
+ <li><a href="1.0.2">1.0.2</a></li>
+ <li><a href="fips">fips</a></li>
+ </ul>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Source</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+
+
+ </div>
+ <!--NO NO #include virtual="sidebar.inc" -->
+ </div>
+ <!--#include virtual="/inc/legalities.inc" -->
+
+</div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/source/old/index.wml b/source/old/index.wml
deleted file mode 100644
index a8213de..0000000
--- a/source/old/index.wml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-#use wml::openssl area=source page=old
-
-<title>Old Releases</title>
-
-<h1>Old Releases</h1>
-
-<p>
-The table below lists the different release branches.
-</p>
-
-<p>
-<rfilelist "*">
-
-<h2>Legalities</h2>
-
-<disclaimer>
diff --git a/source/repos.wml b/source/repos.wml
deleted file mode 100644
index 7b62ea0..0000000
--- a/source/repos.wml
+++ /dev/null
@@ -1,87 +0,0 @@
-
-#use wml::openssl area=source page=repos
-
-#use wml::std::box
-#use wml::fmt::verbatim
-#use wml::std::href
-
-<title>Source, Repository</title>
-
-<h1>Git repository</h1>
-
-The OpenSSL package is developed in a Git-based repository.
-It is available via Git mechanisms at git.openssl.org or at
-<a href="https://github.com/openssl/openssl">
-https://github.com/openssl/openssl</a> on GitHub.
-
-<h2>Fetching Git repository snapshot tarballs</h2>
-
-Tarballs containing snapshots of the latest git repository states can be found
-under <a
-href="ftp://ftp.openssl.org/snapshot/">ftp://ftp.openssl.org/snapshot/</a>.
-They are created on a daily basis. These snapshots are provided for
-convenience only. When you really want to keep yourself up-to-date please use
-the bandwidth-friendly git service to directly clone the git repository
-instead.
-
-<h2>Anonymous Git access</h2>
-
-Read only access to the respository is possible using the git protocol.
-Use the following command to clone the git repository including all
-available branches and tags:
-
- <p>
- <box bgcolor="#f0f0f0">
- <b><verbatim>
-$ git clone git://git.openssl.org/openssl.git
- </verbatim></b>
- </box>
- <p>
-
-Access to the specific branches is possible via standard git methods
-using the git branch and git checkout commands.
-See the discussion of branch naming below for more information.<br/><br/>
-
-On Windows, once the repository is cloned, you should ensure that line endings
-are set correctly:
-
- <p>
- <box bgcolor="#f0f0f0">
- <b><verbatim>
-$ cd openssl
-$ git config core.autocrlf false
-$ git config core.eol lf
-$ git checkout .
- </verbatim></b>
- </box>
- <p>
-
-<h3>git mirror sites</h2>
-
-A mirror at github is updated every 15 minutes. Github provides access
-via additional protocols.
-
-<p>
-<href url="https://github.com/openssl/openssl">
-</p>
-
-<h3>Git branch names and tagging</h2>
-
-The <b>master</b> (also known as the development branch) contains the latest
-bleeding edge code. There are also several <i>stable</i> branches where stable
-releases come from. These take the form <b>OpenSSL_x_y_z-stable</b> so for
-example the 1.0.0 stable branch is <b>OpenSSL_1_0_0-stable</b>. When an
-actual release is made it is tagged in the form <b>OpenSSL_x_y_zp</b> or
-a beta <b>OpenSSL_x_y_xp-betan</b> though you should normally just download
-the release tarball. Tags and branches are occasionally used for other
-purposes such as testing experimental or unstable code before it is merged
-into another branch.
-
-<h1>CVS (Legacy) repository</h1>
-
-All of the development history has been converted to Git.
-The CVS source code repository is frozen and the final version is available
-at
-<p>
-<href url="http://cvs.openssl.org/">
-</p>
diff --git a/source/sidebar.inc b/source/sidebar.inc
new file mode 100644
index 0000000..4eab542
--- /dev/null
+++ b/source/sidebar.inc
@@ -0,0 +1,18 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">Downloads</a></h1>
+ <ul>
+ <li>
+ <a href="gitrepo.html">Git Repository</a>
+ </li>
+ <li>
+ <a href="license.html">License</a>
+ </li>
+ <li>
+ <a href="mirror.html">Mirror Sites</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
diff --git a/support/.wmlrc b/support/.wmlrc
deleted file mode 100644
index ab44064..0000000
--- a/support/.wmlrc
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## .wmlrc -- Local RC file for WML
-##
-
-# define where the URL root of the Sub Navigation Bar (SNB)
-# is located [SNB_ROOT] and where it's buttons are defined [SNB_RC]
--DSNB_ROOT~.
--DSNB_RC=.wmlsnb
--I.
-
diff --git a/support/.wmlsnb b/support/.wmlsnb
deleted file mode 100644
index 1523827..0000000
--- a/support/.wmlsnb
+++ /dev/null
@@ -1,14 +0,0 @@
-##
-## .wmlsnb -- Sub Navigation Bar Specification for WML
-##
-
-<snb>
- <snb_button id=support txt="Support" url="index.html">
- <snb_button id=community txt="Join" url="community.html">
- <snb_button id=rt txt="Bugs" url="rt.html">
- <snb_button id=donations txt="Donations" url="donations.html">
- <snb_button id=funding txt="Funding" url="funding/contract.html">
- <snb_button id=consulting txt="Consulting" url="consulting.html">
- <snb_button id=acknowledgments txt="Acknowledgments" url="acknowledgments.html">
-</snb>
-
diff --git a/support/acknowledgments.wml b/support/acknowledgments.wml
deleted file mode 100644
index 151c2fe..0000000
--- a/support/acknowledgments.wml
+++ /dev/null
@@ -1,192 +0,0 @@
-
-#use wml::openssl area=support page=acknowledgments
-
-<title>Sponsorship and Patronage Acknowledgments</title>
-
-<h1>Sponsor Acknowledgments</h1>
-
-The OpenSSL project depends on volunteer efforts and financial support from the end user community. That support
-comes in the form of
-<a href="donations.html">donations and paid sponsorships</font></a>,
-<a href="funding/contract.html">software support contracts</font></a>,
-<a href="consulting.html">paid consulting services</font></a>,
-and
-<a href="consulting.html">commissioned software development</font></a>.
-Since all these activities support the continued development and improvement of OpenSSL
-we consider all these clients and customers as sponsors of the OpenSSL project.
-<p>
-
-
-<br>
-We would like to identify and thank the following such sponsors for their past or current significant
-support of the OpenSSL project. Except as noted sponsors are listed within categories in order of overall contribution value:
-<br>
-
-<hr noshade size=1>
-Exceptional support:
-<br>
-<br>
-<br>
-<table>
- <tr>
-
- <td>
- <a href="http://www.linux-foundation.org/">
- <img src="$(IMG)/lf-logo-med.png" align=center border=0>
- </a>
- <a href="http://www.linuxfoundation.org/programs/core-infrastructure-initiative">
- <img src="$(IMG)/cii-logo-med.png" align=center border=0>
- </a>
- <br>
- <br>
- <br>
- <br>
- <a href="http://www.smartisan.com/">
- <img src="$(IMG)/smartisan-logo-med.png" align=center border=0>
- </a>
- <br>
- <br>
- </td>
-
- </tr>
-</table>
-<hr noshade size=1>
-Platinum sponsors (listed chronologically, left to right). The sustainable funding provided by these sponsorships allows long term planning:
-<br>
-<br>
-<br>
-<table>
- #<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
- <tr>
-
- <td>
- <a href="http://company.nokia.com/en">
- <img src="$(IMG)/nokia-logo-med.jpg" align=center border=0>
- </a>
- <a href="http://www.huawei.com/">
- <img src="$(IMG)/huawei-logo-med.jpg" align=center border=0>
- </a>
- <a href="http://www.oracle.com/">
- <img src="$(IMG)/oracle-logo-med.jpg" align=center border=0>
- </a>
- <br>
- <br>
- </td>
-
- </tr>
-</table>
-
-
-<hr noshade size=1>
-Major sustaining support:
-<br>
-<br>
-<br>
-<table>
- #<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
- <tr>
-
- <td>
- <a href="https://www.akamai.com/">
- <img src="$(IMG)/akamai-logo-med.png" align=center border=0>
- </a>
- <br>
- <br>
- </td>
-
- </tr>
-</table>
-
-
-<hr noshade size=1>
-Major support:
-<br>
-<br>
-<br>
-<table>
-#<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
- <tr>
-
- <td>
- <a href="https://www.globalsign.com/">
- <img src="$(IMG)/globalsign-logo-med.jpg" align=center border=0>
- </a>
- <br>
- <br>
- <br>
- <br>
- <a href="http://www.qualys.com/">
- <img src="$(IMG)/qualsys-logo-med.jpg" align=center border=0>
- </a>
- <br>
- <br>
- </td>
-
- </tr>
-</table>
-
-<hr noshade size=1>
-Very significant support:
-<br>
-<br>
-<table>
- <tr>
-
- <td>
- <a href="http://www.opengear.com/">
- <img src="$(IMG)/opengear-logo-med.jpg" align=center border=0>
- </a>
- <br>
- <br>
- </td>
-
- <br>
- <br>
-
- </tr>
-</table>
-
-<hr noshade size=1>
-Significant support:
-<br>
-<br>
-<table>
- <tr>
-
- <td>
- <a href="http://www.psw.net/">
- <img src="$(IMG)/psw-logo.gif" alt="SSL-Zertifikate" align=center border=0>
- </a>
- <br>
- <br>
- <br>
- <br>
- <a href="https://miltonsecurity.com/">
- <img src="$(IMG)/milton-logo-med.jpg" alt="Milton Security" align=center border=0>
- </a>
- <br>
- <br>
- <br>
- <br>
- <a href="http://acano.com/">
- <img src="$(IMG)/acano-logo.jpg" align=center border=0>
- </a>
- <br>
- <br>
- </td>
-
- <br>
- <br>
-
- </tr>
-</table>
-
-<hr size=1>
-
-<br>
-<br>
-Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for
-inclusion here have requested to remain anonymous.
-<p>
-Additional sponsorship or financial support of any kind is always welcome; for more information please
-contact the <a href="../about/openssl-contact.html">OpenSSL Software Foundation</a>
diff --git a/support/acks.html b/support/acks.html
new file mode 100644
index 0000000..1368ee1
--- /dev/null
+++ b/support/acks.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+<div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Sponsor Acknowledgements</h2></header>
+ <div class="entry-content">
+ <p>The OpenSSL project depends on volunteer efforts and financial
+ support from the end user community. That support can comes
+ in the form of donations, contracts, and volunteer contributions.
+ Since all of these activities support the continued development
+ and improvement of OpenSSL, we consider all of them to be
+ sponsors of the OpenSSL project.</p>
+
+ <p>We would like to identify and thank the following such sponsors
+ for their past or current significant support of the OpenSSL
+ project. Except as noted sponsors are listed within categories in
+ order of overall contribution value. Please note that we ask
+ permission to identify sponsors and that some sponsors we consider
+ eligible for inclusion here have requested to remain anonymous.</p>
+
+ <hr noshade size=1>
+ <p>Exceptional support:</p>
+ <a href="http://www.linux-foundation.org/"><img src="/img/lf-logo-med.png"></a>
+
+ <a href="http://www.linuxfoundation.org/programs/core-infrastructure-initiative"><img src="/img/cii-logo-med.png"></a>
+ <a href="http://www.smartisan.com/"><img src="/img/smartisan-logo-med.png"></a>
+
+ <hr noshade size=1>
+ <p>Platinum sponsors (listed chronologically). The
+ sustainable funding provided by these sponsorships allows long term
+ planning:</p>
+ <a href="http://company.nokia.com/en"><img src="/img/nokia-logo-med.jpg"></a>
+ <a href="http://www.huawei.com/"><img src="/img/huawei-logo-med.jpg"></a>
+ <a href="http://www.oracle.com/"><img src="/img/oracle-logo-med.jpg"></a>
+
+ <hr noshade size=1>
+ <p>Major sustaining support:</p>
+ <a href="https://www.akamai.com/"><img src="/img/akamai-logo-med.png"></a>
+
+ <hr noshade size=1>
+ <p>Major support:</p>
+ <a href="https://www.globalsign.com/"><img src="/img/globalsign-logo-med.jpg"></a>
+ <a href="http://www.qualys.com/"><img src="/img/qualsys-logo-med.jpg"></a>
+
+ <hr noshade size=1>
+ <p>Very significant support:</p>
+ <a href="http://www.opengear.com/"><img src="/img/opengear-logo-med.jpg"></a>
+
+ <hr noshade size=1>
+ <p>Significant support:</p>
+ <a href="http://www.psw.net/"><img src="/img/psw-logo.gif" alt="SSL-Zertifikate"></a>
+ <a href="https://miltonsecurity.com/"><img src="/img/milton-logo-med.jpg" alt="Milton Security"></a>
+ <a href="http://acano.com/"><img src="/img/acano-logo.jpg"></a>
+
+ </p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Support</a>
+ : <a href="">Acknowledgements</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/support/community.wml b/support/community.wml
deleted file mode 100644
index c9dde79..0000000
--- a/support/community.wml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-#use wml::openssl area=support page=community
-
-<title>Support, Mailing Lists</title>
-
-<h1>Mailing List Update</h1>
-
-We have moved all mailing lists over from to a new server and
-using <a href="http://www.gnu.org/software/mailman/">MailMan</a>.
-If you find any issues please contact postmaster at openssl.org.
-
-We will be installing better DNS names soon.
-
-<h2>Overview</h2>
-
-Here is an overview of the public mailing lists.
-Anyone can join.
-
-<p>
-<table cellspacing=0 cellpadding=2 border=0>
-<tr>
- <td><b id=sf>List </b></td>
- <td><b id=sf>Usage</b></td>
-</tr>
-<tr>
- <td><hr noshade size=1></td>
- <td><hr noshade size=1></td>
-</tr>
-<tr>
- <td>openssl-announce</td>
- <td>Official Project Announcements; low-volume read-only.</td>
-</tr>
- <td>openssl-commits</td>
- <td>Commits to the source repository; read-only</td>
-</tr>
-<tr>
- <td>openssl-dev</td>
- <td>Discussions on development of the OpenSSL library.
- This is not the place for application development questions!</td>
-</tr>
-<tr>
- <td>openssl-users</td>
- <td>Application Development, installing and configuring OpenSSL,
- etc.</td>
-</tr>
-</table>
-
-<p>
-In addition, there is a list dedicated to the "discussion of the effort to
-improve unit/automated testing for OpenSSL." It is a Google group,
-available at
-<a href="https://groups.google.com/forum/#!forum/openssl-testing">
-https://groups.google.com/forum/#!forum/openssl-testing
-<a>
-
-<h2>Subscription</h2>
-
-To join any list, visit
-<a href="https://mta.openssl.org">https://mta.openssl.org</a>.
-
-<h2>Archive</h2>
-
-The mailing lists are automatically archived at the following locations:
-
-<ul>
-<li><b>openssl-announce</b>:<br>
- - <a href="http://marc.info/?l=openssl-announce">
- http://marc.info/?l=openssl-announce</a><br>
- - <a href="http://www.mail-archive.com/openssl-announce@openssl.org/">
- http://www.mail-archive.com/openssl-announce@openssl.org/</a><br>
-<li><b>openssl-users</b>:<br>
- - <a href="http://marc.info/?l=openssl-users">
- http://marc.info/?l=openssl-users</a><br>
- - <a href="http://www.mail-archive.com/openssl-users@openssl.org/">
- http://www.mail-archive.com/openssl-users@openssl.org/</a><br>
- - <a href="http://groups.google.com/groups?group=mailing.openssl.users">
- http://groups.google.com/groups?group=mailing.openssl.users</a><br>
-<li><b>openssl-dev</b>:<br>
- - <a href="http://marc.info/?l=openssl-dev">
- http://marc.info/?l=openssl-dev</a><br>
- - <a href="http://www.mail-archive.com/openssl-dev@openssl.org/">
- http://www.mail-archive.com/openssl-dev@openssl.org/</a><br>
- - <a href="http://groups.google.com/groups?group=mailing.openssl.dev">
- http://groups.google.com/groups?group=mailing.openssl.dev</a><br>
-<li><b>openssl-commits</b>:<br>
- - <a href="http://marc.info/?l=openssl-cvs">
- http://marc.info/?l=openssl-cvs</a><br>
- - <a href="http://groups.google.com/groups?group=mailing.openssl.cvs">
- http://groups.google.com/groups?group=mailing.openssl.cvs</a><br>
-</ul>
-
diff --git a/support/consulting.wml b/support/consulting.wml
deleted file mode 100644
index 12e773d..0000000
--- a/support/consulting.wml
+++ /dev/null
@@ -1,68 +0,0 @@
-
-#use wml::openssl area=support page=consulting
-
-<title>Consulting</title>
-<h1>Consulting</h1>
-
-Does your company use the OpenSSL toolkit and need some help porting it to a new platform? Do you
-need a new feature added? Are you developing new cryptographic functionality for your product?
-<p>
-
-Even if you have experienced in-house software development personnel you may find that the OpenSSL
-team can provide cost-effective solutions to your OpenSSL related challenges. No one knows OpenSSL
-like the people who write and maintain it and work with it every day.
-
-Also, the income they earn though their paid consulting work supports their unpaid work on OpenSSL,
-so by hiring OpenSSL team members you are not only solving your own problems but also helping to
-ensure the long term viability of the OpenSSL product.
-<p>
-While our passion is open source, part of that passion is seeing our software widely used. We
-understand the requirements of commercial industry and will work under and respect appropriate
-non-disclosure agreements.
-<p>
-OpenSSL team members have recently performed or are currently performing the following work.
-Those sponsors willing to be identified are shown in parentheses:
-
-<p>
-<ul style=list-style-type:circle>
- <li> RFC3850, RFC3851, RFC3852 and RFC3394: CMS support (2008)
- <p>
- <li> RFC3280 and PKITS compliance (Google, 2008)
- <p>
- <li> RFC4507bis: stateless session resumption (Google, 2007)
- <p>
- <li> CryptoAPI ENGINE support (2008)
- <p>
- <li> RFC3546: OCSP stapling (2007)
- <p>
- <li> Open source based FIPS 140-2 validation (Symantec and others, 2008-2010)
- <p>
- <li> Change letter for validation #1051 to support cross-compilation (Opengear, 2010)
- <p>
- <li> Change letter for validation #1051 to support newer 64 bit Windows (2010)
-</ul>
-
-We have extensive experience in obtaining FIPS 140-2 validations for OpenSSL based cryptographic
-modules. We can assist you in utilising the open source based validated module (#1051), we
-can obtain a change letter modification to that validated module to suit your specific
-circumstances, or we can obtain a complete new validation with your company as the vendor of
-record. We can provide a complete turnkey service handling all arrangements with the test labs
-and CMVP, or we can work with your existing test lab.
-
-If you are not familiar with the validation and change letter process give us a call; you
-may well find that the cost of obtaining FIPS 140-2 validation status for the OpenSSL based software
-you currently use is less than the cost of a license for a commercial equivalent.
-<p>
-All of our commercial work is performed under formal contracts with fully specified deliverables,
-conventional milestones and deadlines, progress reporting, and invoicing -- no PayPal payments to
-some unknown pseudonym.
-<p>
-Since we consider all sources of financial support to be OpenSSL sponsors and patrons, clients
-purchasing any of our commercial services will at their discretion be identified and credited in
-several formats such as our
-<a href=acknowledgments.html>acknowledgments</a> page, in the source distribution release notes, and
-in mailing list announcements.
-
-<p>
-For further information please contact our consulting organization, <a href="funding/support-contact.html">OpenSSL Software Services</a>.
-
diff --git a/support/contracts.html b/support/contracts.html
new file mode 100644
index 0000000..ea3e2f3
--- /dev/null
+++ b/support/contracts.html
@@ -0,0 +1,168 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+
+<body>
+<!--#include virtual="/inc/banner.inc" -->
+
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Support Contracts</h2></header>
+ <div class="entry-content">
+ <p>In addition to <a href="/community">community</a> support,
+ <a href="/community/contacts.html">OpenSSL Software Services</a>
+ offers three different type of support contract. If you
+ have specific requirements not addressed by any of these plans,
+ or for more information, discuss custom arrangements.</p>
+
+ <p>Please see the <a href="#definitions">list of definitions</a>
+ at the bottom of the page for the definitions used below.</p>
+
+ <dl>
+ <dt><a href="#premium">Premium</a>
+ Enterprise Level Support</dt>
+ <dd>Designed for the large enterprise utilising OpenSSL
+ extensively in product lines or critical infrastructure.</dd>
+ <dt><a href="#vendor"><dt>Vendor</a> Support</dt>
+ <dd>Designed for organisations requiring support of product
+ lines using OpenSSL or for customised in-house versions of
+ OpenSSL.</dd>
+ <dt><a href="#basic"><dt>Basic</a> Support<dt>
+ <dd>Basic technical support for application development shops or
+ end users.</dd>
+ </dl>
+ <p> </p>
+
+ <h3><a name="premium">Premium Level Support</a></h3>
+ <p>US$50,000 annually</p>
+ <ul>
+ <li>All technical support requests handled directly by a Designated Responder
+ <li>24x7x365 availability
+ <li>Four Support Administrators
+ <li>Unlimited Service Requests
+ <li>Custom patch preparation and creation
+ <li>OpenSSL FIPS Object Module support included
+ <li>FIPS validation support
+ </ul>
+ <p>The premium support plan is designed for the large enterprise
+ using OpenSSL as an essential component of multiple products or
+ product lines or in support of in-house or commercially provided
+ services. Many prospective Premium Level customers have already
+ hired individual OpenSSL team members for specific tasks. The
+ typical large enterprise customer has a capable in-house technical
+ staff but still finds it cost-effective to engage the world class
+ talent of OpenSSL authors and maintainers. Customisation of
+ OpenSSL by prospective Schedule A customers is common, as are
+ "private label" FIPS 140-2 validations.</p>
+ <p>Note we don't expect to sell very many of the premium support
+ plans, but those few customers will receive careful attention for
+ both immediate problems and long range strategic interests.</p>
+
+ <h3><a name="vendor">Vendor Level Support</a></h3>
+ <p>US$20,000 annually</p>
+ <ul>
+ <li>Institutional Response with escalation to Designated Responder as appropriate.
+ <li>12x5 availability
+ <li>Two Support Administrators
+ <li>Limit of four Service Requests per month
+ <li>Custom patch preparation
+ <li>OpenSSL FIPS Object Module support included
+ <li>FIPS validation support excluded
+ </ul>
+ <p>This plan is designed for the medium enterprise using OpenSSL
+ for a single product or product line. The prospective Vendor Level
+ Support customer has a proficient technical staff but no specific
+ expertise in cryptography or OpenSSL. Technical support is
+ provided for use of the unmodified OpenSSL FIPS Object Module, but
+ not for validations of derivative software.</p>
+
+ <h3><a name="basic">Basic Support</a></h3>
+ <p>US$10,000 annually</p>
+ <ul>
+ <li>Institutional Response only
+ <li>8x5 availability
+ <li>One Support Administrator
+ <li>Limit of one unique Service Request per month
+ <li>OpenSSL FIPS Object Module support excluded
+ <li>FIPS validation support excluded
+ </ul>
+ <p>This plan is designed for the medium to small enterprise
+ relying on stock OpenSSL for significant products or services and
+ lacking internal resources for effectively addressing all
+ operational and application development issues.</p>
+
+ <h3><a name="definitions">Support Terms</a></h3>
+ <dl>
+ <dt>Customer Contacts</dt>
+ <dd>customer personnel familiar with the customer's software
+ environment coordinating technical support correspondence
+ between the customer and OSF personnel for a specific service
+ request. The Customer Contacts are the sole liaisons for such
+ technical correspondence with the OSF. It is recommended that
+ the Customer Contacts be knowledgeable about the customer
+ environment and use of the OpenSSL software and have an
+ understanding of the problem for which support services are
+ requested.</dd>
+
+ <dt>Designated Responder</dt>
+ <dd>All technical support is provided by OpenSSL team members or
+ their close collaborators in the OpenSSL developer community. A
+ designated responder is an OpenSSL team member directly handling
+ a support request and communicating directly with the Customer
+ Contact.</dd>
+
+ <dt>Institutional Response</dt>
+ <dd>Technical support correspondence originating or reviewed by
+ one or more OpenSSL team members but communicated indirectly by
+ other OSF personnel.</dd>
+
+ <dt>Patch Preparation</dt>
+ <dd>The preparation of a patch changeset from existing changes
+ committed to the OpenSSL source code repository.</dd>
+
+ <dt>Patch Creation</dt>
+ <dd>The coding of new source code modifications or additions not
+ already committed to the OpenSSL source code repository. The
+ resolution of problems identified in the OpenSSL software itself
+ will generally be resolved by committing the code modifications
+ to the OpenSSL source code repository; such modifications
+ automatically define a patch. For support plan options custom
+ software modifications may be performed that are specific to the
+ customer environment. Such custom modifications will not be
+ committed to the publicly available source code repository and
+ will be delivered to the customer as custom patches.</dd>
+
+ <dt>Service Request</dt>
+ <dd>A specific request for support initiated by a Support
+ Administrator and assigned a service request number by the
+ OSF.</dd>
+
+ <dt>Support Administrator</dt>
+ <dd>An individual designated by the customer to submit requests
+ for technical support to the OSF. The number of individuals
+ that can be designated as support administrators varies with the
+ support plan option. The support administrator may be a
+ Customer Contact in the context of a specific Service Request,
+ or may designate a Customer Contact for Service Requests.</dd>
+
+ </dl>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Support</a>
+ : <a href="">Contracts</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+
+</html>
diff --git a/support/donations-cn.wml b/support/donations-cn.html
similarity index 98%
rename from support/donations-cn.wml
rename to support/donations-cn.html
index eef9802..48b9c69 100644
--- a/support/donations-cn.wml
+++ b/support/donations-cn.html
@@ -15,7 +15,7 @@ We accept donations in any amount via PayPal and UnionPay:
<input type="hidden" name="hosted_button_id" value="JFMKAASZ9XL2N">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal payment">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
-<img alt="" border="0" src="UnionPay.jpg" align="center">
+<img alt="" border="0" src="/img/unionpay.jpg" align="center">
</form>
<br>
diff --git a/support/donations.html b/support/donations.html
new file mode 100644
index 0000000..1f8fc2d
--- /dev/null
+++ b/support/donations.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Donations</h2></header>
+ <div class="entry-content">
+ <p>Your donation to the OpenSSL team will support the ongoing
+ development activities of the team members.</p>
+
+ <p>Please note that the
+ <a href="/community/contacts.html">OpenSSL Software Foundation</a>
+ (OSF) is incorporated in the the state of Delaware, United States,
+ as a non-profit corporation. It does not qualify as a tax-exempt
+ charitable organisation under Section 501(c)(3) of the U.S.
+ Internal Revenue Code. We looked into it and concluded that
+ 501(c)(3) status would require more of an investment in time and
+ money than we can justify at present. This means that, for
+ individuals within the U.S., donations to the OSF are not
+ tax-deductible. Corporate donations can of course be written off
+ as a business expense.</p>
+
+ <p>In addition to direct financial contributions in the form of
+ donations or sponsorship you may also support the OpenSSL project
+ financially with the purchase of a
+ <a href="contracts.html"> support contract</a>, or by hiring OSF
+ for consulting services or custom software development. We
+ consider all sources of funding to be sponsors, because we use all
+ such funding, whether donations or pay for services rendered, for
+ the same purpose -- to improve and maintain the OpenSSL
+ product.</p>
+
+ <table>
+ <tr><td>Level</td><td>Acknowledgement</td></tr>
+ <tr><td>Platinum<br>$50,000/yr</td>
+ <td>Prominent logo placement on openssl.org<br>
+ OpenSSL sponsor logo for your use<br>
+ Acknowledgement on openssl.org<br>
+ Acknowledgement in source distributions</td></tr>
+
+ <tr><td>Gold<br>$20,000/yr</td>
+ <td>Logo placement on openssl.org<br>
+ OpenSSL sponsor logo for your use<br>
+ Acknowledgement on openssl.org<br>
+ Acknowledgement in source distributions</td></tr>
+
+ <tr><td>Silver<br>$10,000/yr</td>
+ <td>Acknowledgement on openssl.org<br>
+ Acknowledgement in source distributions</td></tr>
+
+ <tr><td>Contributing <br>$5,000/yr</td>
+ <td>Acknowledgement in source distributions</td></tr>
+ </table>
+ <p> </p>
+
+We also accept donations in any amount via credit card or PayPal:
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
+<input type="hidden" name="cmd" value="_s-xclick">
+<input type="hidden" name="hosted_button_id" value="JFMKAASZ9XL2N">
+<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal payment">
+<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
+</form>
+
+<p>
+<a href="donations-cn.html">
+来自中国的捐款者请点击这里,我们为您提供了中文版的捐款指南。
+</a>
+</p>
+
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Support</a>
+ : <a href="">Donations</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/support/donations.wml b/support/donations.wml
deleted file mode 100644
index 33f0662..0000000
--- a/support/donations.wml
+++ /dev/null
@@ -1,106 +0,0 @@
-
-#use wml::openssl area=support page=donations
-
-<title>Donations</title>
-
-<h1>Donations and Sponsorship</h1>
-
-<p>Your donation to the OpenSSL team will support the ongoing development activities of the team members.
-</p>
-
-<p>Please note that the <a href="../about/openssl-contact.html">OpenSSL
-Software Foundation</a> (OSF) is incorporated in the the state of Delaware,
-United States, as a non-profit corporation. It does not qualify as
-a tax-exempt charitable organisation under Section 501(c)(3) of the U.S. Internal
-Revenue Code. We looked into it and concluded that 501(c)(3) status
-would require more of an investment in time and money than we can justify
-at present. This means that, for individuals within the U.S., donations
-to the OSF are not tax-deductible. Corporate donations can of course be
-written off as a business expense. </p>
-
-<p>In addition to direct financial contributions in the form of donations or sponsorship you may also
-support the OpenSSL project financially with the purchase of a <a href="funding/contract.html"> support contract</a>,
-or by <a href="consulting.html">hiring us</a> for consulting services or custom software development. We consider all
-sources of funding to be sponsors, because we use all such funding, whether donations or pay for services rendered, for the same purpose -- to improve and maintain the OpenSSL product.
-</p>
-
-<table>
-<tr><td><b id=sf>Sponsorship Level</b></td><td><b id=sf>Acknowledgement</b></td></tr>
-<tr><td><hr noshade size=1></td><td><hr noshade size=1></td></tr>
-<tr>
-
-<td>
-Platinum<br>
-$50,000/yr<br>
-<br>
-<br>
-<br>
-
-Gold<br>
-$20,000/yr<br>
-<br>
-<br>
-<br>
-
-Silver<br>
-$10,000/yr<br>
-<br>
-<br>
-
-Contributing Sponsor<br>
-$5,000/yr<br>
-<br>
-<br>
-</td>
-
-<td valign=top>
-Prominent logo placement on openssl.org<br>
-OpenSSL sponsor logo for your use<br>
-Acknowledgement on openssl.org<br>
-Acknowledgement in source distributions<br>
-<br>
-
-Logo placement on openssl.org<br>
-OpenSSL sponsor logo for your use<br>
-Acknowledgement on openssl.org<br>
-Acknowledgement in source distributions<br>
-<br>
-
-Acknowledgement on openssl.org<br>
-Acknowledgement in source distributions<br>
-<br>
-<br>
-
-Acknowledgement in source distributions<br>
-<br>
-<br>
-<br>
-</td>
-
-</tr>
-</table>
-
-We also accept donations in any amount via credit card or PayPal:
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
-<input type="hidden" name="cmd" value="_s-xclick">
-<input type="hidden" name="hosted_button_id" value="JFMKAASZ9XL2N">
-<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal payment">
-<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
-</form>
-
-<br>
-<br>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<a href="donations-cn.html">
-来自中国的捐款者请点击这里,我们为您提供了中文版的捐款指南。
-</a>
-<br>
-<br>
-
-<br>
-<br>
-(the Bitcoin option has been temporarily removed)<br>
-<br>
-<br>
-As noted above these donations are currently <em>not</em> tax-deductible!<br>
-For further information please contact the <a href="../about/openssl-contact.html">OpenSSL Software Foundation</a>.
diff --git a/support/faq.wml b/support/faq.wml
deleted file mode 100644
index 7520718..0000000
--- a/support/faq.wml
+++ /dev/null
@@ -1,8 +0,0 @@
-
-#use wml::openssl area=support page=faq
-
-<title>Support, Frequently Asked Questions</title>
-
-<h1>Frequently Asked Questions</h1>
-
-<!--#include virtual="/support/faq.inc" -->
diff --git a/support/funding/contract.wml b/support/funding/contract.wml
deleted file mode 100644
index d45b6b1..0000000
--- a/support/funding/contract.wml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-#use wml::openssl area=support page=funding
-
-<title>Support Contracts</title>
-
-<h1>Support Contracts</h1>
-
-Technical support for OpenSSL has long been available through the online collaborative <a href="../community.html">community</a>
-of OpenSSL team members, other software developers familiar with OpenSSL and cryptography, and knowledgeable users.
-However, some commercial and government organisations have expressed a desire for a more formal technical support service.
-<p>
-In order to satisfy this demand the OpenSSL team has partnered with a new for-profit corporation formed for
-the purpose of offering formal paid software support contracts. This new business entity, the OpenSSL Software Foundation (OSF),
-is incorporated in the United States and acts as the legal agent for the OpenSSL team members providing the technical
-support services.
-<p>
-For more details on this formal support contract offering please see the <a href="support-faq.html">support contract FAQ</a>.
-<p>
-At present four different type of support contract are offered. If you have specific requirements not addressed
-by any of these plans please contact the <a href="support-contact.html">OSF</a> to discuss
-custom arrangements.
-<ul style=list-style-type:circle>
-<li><a href="support-premium.html"><font id=sfl>Premium</font></a> Enterprise Level Support<br>
- Designed for the large enterprise utilising OpenSSL extensively in product lines or critical infrastructure.
-<p>
-<li><a href="support-vendor.html"><font id=sfl>Vendor</font></a> Support<br>
- Designed for organisations requiring support of product lines using OpenSSL or for customised in-house versions of OpenSSL.
-<p>
-<li><a href="support-basic.html"><font id=sfl>Basic</font></a> Support<br>
- Basic technical support for application development shops or end users.
-<p>
-<li><a href="support-incident.html"><font id=sfl>Incident Based</font></a> Support<br>
- Per-incident support.
-<p>
-</ul>
-For further information please contact <a href="support-contact.html">OpenSSL Software Services</a>.
-
diff --git a/support/funding/support-basic.wml b/support/funding/support-basic.wml
deleted file mode 100644
index e9bc9be..0000000
--- a/support/funding/support-basic.wml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Basic Support Contract</title>
-
-<h1>Basic Level Support</h1>
-<p>
-US$10,000 annually
-<p>
-(<a href="support-definitions.html">definitions</a> of terms)
-<p>
-<ul>
-<li>Institutional Response only
-<li>8x5 availability
-<li>One Support Administrator
-<li>Limit of one unique Service Request per month
-<li>OpenSSL FIPS Object Module support excluded
-<li>FIPS validation support excluded
-</ul>
-<p>
-This plan is designed for the medium to small enterprise relying on stock OpenSSL for significant
-products or services and lacking internal resources for effectively addressing all operational and application development issues.
diff --git a/support/funding/support-contact.wml b/support/funding/support-contact.wml
deleted file mode 100644
index b66b75a..0000000
--- a/support/funding/support-contact.wml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Support Contract Contact Info</title>
-
-<h1>Support Contract Queries</h1>
-
-Direct queries concerning support contracts, donations or consulting services to:<br>
-<br>
-OpenSSL Software Services, Inc.<br>
-40 E Main St, Suite 744<br>
-Newark DE 19711<br>
-USA<br>
-+1 240-215-3103<br>
-<a href="mailto:info at opensslservices.com">info at opensslservices.com</a>
-<p>
-You will probably wind up talking to Steve Marquess who currently handles OpenSSL commercial contracting, he is
-reachable directly at <a href="mailto:marquess at openssl.com">marquess at openssl.com</a> or
-the telephone number above.
diff --git a/support/funding/support-definitions.wml b/support/funding/support-definitions.wml
deleted file mode 100644
index b8e8ccf..0000000
--- a/support/funding/support-definitions.wml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Support Contract Definitions</title>
-
-<h1>Definitions</h1>
-<p>
-Terms used in the description of the support contract options.
-<p>
-<ul>
-<li><font id=sf>Customer Contacts</font>: customer personnel familiar with the customer's software environment coordinating technical support correspondence between the customer and OSF personnel for a specific service request. The Customer Contacts are the sole liaisons for such technical correspondence with the OSF. It is recommended that the Customer Contacts be knowledgeable about the customer environment and use of the OpenSSL software and have an understanding of the problem for which support services are requested.
-<p>
-<li><font id=sf>Designated Responder</font>: All technical support is provided by OpenSSL team members or their close collaborators in the OpenSSL developer community. A designated responder is an OpenSSL team member directly handling a support request and communicating directly with the Customer Contact.
-<p>
-<li><font id=sf>Institutional Response</font>: Technical support correspondence originating or reviewed by one or more OpenSSL team members but communicated indirectly by other OSF personnel.
-<p>
-<li><font id=sf>Patch Preparation</font>: The preparation of a patch changeset from existing changes committed to the OpenSSL source code repository.
-<p>
-<li><font id=sf>Patch Creation</font>: The coding of new source code modifications or additions not already committed to the OpenSSL source code repository. The resolution of problems identified in the OpenSSL software itself will generally be resolved by committing the code modifications to the OpenSSL source code repository; such modifications automatically define a patch. For support plan options custom software modifications may be performed that are specific to the customer environment. Such custom modifications will not be committed to the publicly available source code repository and will be delivered to the customer as custom patches.
-<p>
-<li><font id=sf>Service Request</font>: A specific request for support initiated by a Support Administrator and assigned a service request number by the OSF.
-<p>
-<li><font id=sf>Support Administrator</font>: An individual designated by the customer to submit requests for technical support to the OSF. The number of individuals that can be designated as support administrators varies with the support plan option. The support administrator may be a Customer Contact in the context of a specific Service Request, or may designate a Customer Contact for Service Requests.
-</ul>
diff --git a/support/funding/support-faq.txt b/support/funding/support-faq.txt
deleted file mode 100644
index 64b9e69..0000000
--- a/support/funding/support-faq.txt
+++ /dev/null
@@ -1,229 +0,0 @@
-OpenSSL Support Contracts - Frequently Asked Questions
---------------------------------------
-
-[General] General questions
-
-* How does this commercialisation impact the OpenSSL mission?
-* What is the target market?
-* Why pay for support when I can get it for free?
-* Can we just send a donation instead?
-* Why hasn't this been done before?
-
-[Plans] The support plans
-
-* What is covered by the support plans?
-* What if we need new features not covered by the support plan?
-* What about support for FIPS140 and the OpenSSL FIPS Object Module?
-* Why is there no per-incident support option?
-* Will subscribers have an inside track on vulnerability announcements?
-
-[Services] Consulting Services
-
-* What about other types of consulting services?
-* What is a "private label" validation?
-
-[Legal and Financial] Legal questions
-
-* Who or what exactly am I contracting with?
-* Where does the money for support contract subscriptions go?
-* Are the support plans listed on a GSA schedule?
-
-[Miscellaneous]
-
-* What if we need help with proprietary or sensitive information?
-* Why the separate domain name?
-
-===============================================================================
-
-[General] ========================================================================
-
-* How does this commercialisation impact the OpenSSL mission?
-
-It doesn't. OpenSSL is not being commercialised and there will *not* be
-separate "paid" and "free" versions of the software.
-
-The OpenSSL mission of providing a high quality open source
-cryptographic library for use by anyone under a very business friendly license
-will not change. The same OpenSSL team members will continue to improve and
-maintain the OpenSSL product for general use as always.
-
-The only commercial aspect that has been introduced is that corporate,
-institutional, and government users now have the option of purchasing
-commercial software support for the same open source product that is freely
-available to everyone. These paid support subscriptions help support the OpenSSL
-team members actively working on the OpenSSL product and so indirectly benefit
-the entire user community.
-
-* What is the target market?
-
-We are primarily targeting the commercial vendors with a significant stake in
-the OpenSSL product who wish to have an assured level of support and to
-sponsor the continued development and maintenance of OpenSSL. We anticipate
-that our typical customer will fit most of the follow criteria:
-
-a) Is a medium to large software product or services vendor,
-b) Uses OpenSSL as an important component of those products or services,
-c) Has an interest in the future stability and development of OpenSSL,
-d) Has significant on-house technical expertise but recognises that
-specialised external support wold be cost-effective
-
-* Why pay for support when I can get it for free?
-
-Why indeed? If you're satisfied with the extensive support available from the
-@@@collaborative community(../community.html)@@@ and the expertise, proficiency, and resource availability of your
-current technical staff then this service is not designed for you.
-
-This support contract option is designed for companies that do not have, or
-cannot spare, the in-house technical resources for utilising or customising
-OpenSSL, who want the assurance that appropriate technical assistance will
-be available when needed, and who may not want their technical queries and
-discussions seen by the entire world.
-
-* Can we just send a donation instead?
-
-Absolutely, @@@donations(../donations.html)@@@ are welcome and will help make
-OpenSSL a better product. Please note that the OSF is not a qualified
-non-profit entity under the U.S. tax code and hence donations from individuals are not
-tax-deductible. We looked into 501(c)(3) tax exemption; it costs more and
-takes a long time. Since our primary purpose is to provide services to the
-commercial and government markets and not to solicit charitable
-contributions we have elected to defer pursuit of tax exempt status for now.
-
-* Why hasn't this been done before?
-
-Sloth and inertia, basically. Although the demand for such a service has been
-apparent for some time it took a while to work out how to structure a solution
-that addressed the legal, financial, and operational issues.
-
-[Plans] =======================================================================
-
-* What is covered by the support plans?
-
-All of the support plans are designed to provide technical assistance with use
-of relatively recently released versions of the OpenSSL product for platforms
-supported by those versions. Assistance with using the existing API,
-compile/link errors, runtime problem diagnosis, and portability issues for
-currently supported platforms would all be covered under the
-terms of the support contract. Porting to completely new platforms,
-development of new functionality, or use of OpenSSL in a context clearly not
-anticipated at the time of release is not covered by the standard plans.
-
-Merging of bug or vulnerability fixes from a newer release or the development
-trunk to an older supported release will *generally* be covered (the exception
-being modifications involving significant interface incompatibilities).
-
-* What if we need new features not covered by the support plan?
-
-The incorporation of completely new functionality (new cryptographic
-algorithms, implementation of new RFCs, etc.) is not covered. However, the
-OSF can quote a separate development task on a time-and-materials or hourly
-rate basis.
-
-* What about support for FIPS140 and the OpenSSL FIPS Object Module?
-
-The OpenSSL FIPS Object Module validations are based on source code derived
-from the baseline OpenSSL product but are not synonymous with that product.
-FIPS 140-2 presents some unique challenges transcending the more purely
-technical issues of OpenSSL proper. FPS 140-2 is also of interest to a
-relatively small subset of the user community.
-
-The standard support plans will cover operational problems with OpenSSL in "FIPS
-compatible" mode but do not cover building of the validated FIPS Object Module
-itself. Support for the FIPS Object Module, including assistance with
-building a validated module for a specific platform (if possible) is available
-with the Premium plan or as a separate support plan that can be negotiated to
-suit your specific requirements.
-
-* Why is there no per-incident support option?
-
-We are a very low overhead organisation with no front office to handle a
-significant volume of new customer contacts. All OSF personnel are
-primarily or exclusively dedicated to providing technical services; we could
-only support per-incident customers at the expense of the annual support plan
-subscribers. At this point we don't have a feel for the potential demand for
-per-incident support and so can't justify the additional staffing such support
-may require. We may reconsider this position at some point
-
-* Will subscribers have an inside track on vulnerability announcements?
-
-The OpenSSL team will not be deliberately withholding any information from the
-general open source community for the benefit of paid support plan
-subscribers. We are not changing our mission!
-
-For some types of vulnerabilities the OpenSSL team will work on a fix before
-making any public announcement. Support plan subscribers will not have any
-special access to the unannounced details of such vulnerabilities. However,
-we will alert subscribers to the fact that a patch will be required as soon as
-we can do so, and will prepare appropriate patches in advance to the extent
-our knowledge of your specific situation permits.
-
-[Services] =======================================================================
-
-* What about other types of consulting services?
-
-OpenSSL team members have been providing consulting and custom software
-development services on an ad-hoc basis for many years. In fact, it was the
-increasing demand for such services that led to the creation of the OpenSSL
-Software Foundation. Consulting service contracts can be provided on a hourly rate
-for one or more OpenSSL team members, or we can prepare a fixed-price proposal
-for clearly defined deliverables.
-
-* What is a "private label" validation?
-
-Even though the OpenSSL FIPS Object Module FIPS 140-2 validations were designed for direct
-use by commercial software vendors, for various reasons some vendors prefer to obtain
-separate validations for their OpenSSL derived software. That sounds wasteful, and it
-is, but in fact the majority of all level 1 FIPS 140-2 validated software products are
-based on OpenSSL. Due to our extensive experience in such validations we can cost-effectively
-provide the documentation and CMVP test lab interaction for private label validations.
-
-[Legal and Financial] =======================================================================
-
-* Who or what exactly am I contracting with?
-
-There is no formal legal entity corresponding with the OpenSSL team itself,
-which is an informal collaborative association of individuals around the
-world. We created a legal entity to represent the OpenSSL team members
-actively participating in the support contract initiative. That entity, the
-OpenSSL Software Foundation (OSF) will execute the formal support contract
-agreements and handle the associated business functions. The actual technical
-support will be provided by OpenSSL team members.
-
-* Where does the money for support contract subscriptions go?
-
-It all goes to the people directly providing the technical support services
-and to current active OpenSSL team members. There is no investor or parent
-company syphoning off revenue for other purposes; the OpenSSL Software
-Foundation was created specifically to support the activities of the OpenSSL
-team.
-
-Even though not all OpenSSL team members will be directly participating in or directly
-benefiting from the support subscription business all have consented to the arrangement
-and all will have full access to the financial records (tax
-filings and bank statements) of the OSF.
-
-* Are the support plans listed on a GSA schedule?
-
-Sorry, no. Frankly the paperwork requirements are too intimidating at this
-point, and the significant costs of meeting them would have to be passed on
-to all of our customers. Perhaps someday.
-
-[Miscellaneous] =======================================================================
-
-* What if we need help with proprietary or sensitive information?
-
-We recognise that some vendors do not wish to reveal details of their software
-products or business plans. We will respect non-disclosure restrictions
-provided such restrictions do not constrain our ability to write and maintain OpenSSL
-or other software.
-
-* Why the separate domain name?
-
-We're conducting business using the *opensslfoundation.com* domain name instead
-of the *openssl.org* domain name because we
-want to distinguish the new for-pay support and service activities from the
-traditional OpenSSL project which will continue as before. We would like
-to have used the *openssl.com* domain name but it is taken by someone not
-associated with the OpenSSL team.
-
-===============================================================================
diff --git a/support/funding/support-faq.wml b/support/funding/support-faq.wml
deleted file mode 100644
index 88eab91..0000000
--- a/support/funding/support-faq.wml
+++ /dev/null
@@ -1,7 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Support Contract FAQ</title>
-<h1>Support Contract FAQ</h1>
-
-<!--#include virtual="/support/funding/support-faq.inc" -->
diff --git a/support/funding/support-incident.wml b/support/funding/support-incident.wml
deleted file mode 100644
index 24273f1..0000000
--- a/support/funding/support-incident.wml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Support Contract Contact Info</title>
-
-<h1>Support Contract Queries</h1>
-
-At this point in time we are not offering per-incident support services, only because we want to focus our potentially limited
-resources on annual support contract subscribers. If you are interested in such support we'd still like to hear from you, and
-we may re-evaluate our position as we see what workload and resource commitments we encounter.
diff --git a/support/funding/support-premium.wml b/support/funding/support-premium.wml
deleted file mode 100644
index 156f338..0000000
--- a/support/funding/support-premium.wml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Premium Support Contract</title>
-
-<h1>Premium Level Support</h1>
-<p>
-US$50,000 annually
-<p>
-(<a href="support-definitions.html">definitions</a> of terms)
-<p>
-<ul>
-<li>All technical support requests handled directly by a Designated Responder
-<li>24x7x365 availability
-<li>Four Support Administrators
-<li>Unlimited Service Requests
-<li>Custom patch preparation and creation
-<li>OpenSSL FIPS Object Module support included
-<li>FIPS validation support
-</ul>
-<p>
-The premium support plan is designed for the large enterprise using OpenSSL as an essential component of
-multiple products or product lines or in support of in-house or commercially provided services.
-Many prospective Premium Level customers have already hired individual OpenSSL team members for specific tasks.
-The typical large enterprise customer has a capable in-house technical staff but still finds it cost-effective
-to engage the world class talent of OpenSSL authors and maintainers. Customisation of OpenSSL by prospective
-Schedule A customers is common, as are “private label” FIPS 140-2 validations.
-<p>
-Note we don't expect to sell very many of the premium support plans, but those few customers will receive careful
-attention for both immediate problems and long range strategic interests.
diff --git a/support/funding/support-vendor.wml b/support/funding/support-vendor.wml
deleted file mode 100644
index fb04c9d..0000000
--- a/support/funding/support-vendor.wml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>Vendor Support Contract</title>
-
-<h1>Vendor Level Support</h1>
-<p>
-US$20,000 annually
-<p>
-(<a href="support-definitions.html">definitions</a> of terms)
-<p>
-<ul>
-<li>Institutional Response with escalation to Designated Responder as appropriate.
-<li>12x5 availability
-<li>Two Support Administrators
-<li>Limit of four Service Requests per month
-<li>Custom patch preparation
-<li>OpenSSL FIPS Object Module support included
-<li>FIPS validation support excluded
-</ul>
-<p>
-This plan is designed for the medium enterprise using OpenSSL for a single product or product line.
-The prospective Vendor Level Support customer has a proficient technical staff but no specific expertise in cryptography or OpenSSL.
-Technical support is provided for use of the unmodified OpenSSL FIPS Object Module, but not for validations of derivative software.
diff --git a/support/funding/wishlist.wml b/support/funding/wishlist.wml
deleted file mode 100644
index a363400..0000000
--- a/support/funding/wishlist.wml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-#use wml::openssl area=funding page=index
-
-<title>New Development Wish List</title>
-
-<h1>Wish List</h1>
-<p>
-Most of the OpenSSL team have full time day jobs and so are precluded from tackling some ambitious improvements
-that would otherwise attract their attention. If and when we have the manpower available
-some of the new initiatives to improve OpenSSL that will be addressed are:
-<p>
-<ul>
-<li>Support for TLS v1.1 and 1.2.
-<p>
-<li>New algorithm schemes PSS and OAEP.
-<p>
-<li>Streaming ASN1 decode including CMS support.
-<p>
-<li>A new FIPS Object Module API that will be OpenSSL version independent and built from a separate source tarball.
-</ul>
diff --git a/support/index.html b/support/index.html
new file mode 100644
index 0000000..837f4a3
--- /dev/null
+++ b/support/index.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>Commercial Support</h2></header>
+ <div class="entry-content">
+ <p>OpenSSL is a a collaborative effort of a worldwide
+ <a href="/community">community</a> of volunteers. We are always
+ grateful to receive support for the project.</p>
+
+ <p>In addition to joining the community, you can make a
+ direct <a href="donations.html">donation</a>
+ to the project. Your contribution will help fund members of our
+ development team. Significant sponsors have a say in the future
+ direction of OpenSSL as well as acknowledgements and logo
+ placements. We would like to take this opportunity to
+ <a href="acks.html">acknowledge</a> those who have provided
+ financial support.</p>
+
+ <p>We provide commercial
+ <a href="contracts.html">support contracts</a>
+ of various types.
+ Some members of the development team are also available
+ for custom OpenSSL-related developent work. Please contact
+ <a href="/community/contacts.html">OpenSSL Software Services</a>
+ for more information.</p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">Support</a>
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
diff --git a/support/index.wml b/support/index.wml
deleted file mode 100644
index d3ec74d..0000000
--- a/support/index.wml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-#use wml::openssl area=support page=index
-
-<title>Supporting OpenSSL</title>
-
-<h1>OpenSSL Support</h1>
-
-OpenSSL is a a collaborative effort of a worldwide community of volunteers. We are always happy to receive support for the project in many forms as long as the core mission of providing a high quality software product to all commercial and non-commercial users is not compromised.
-In addition to routine maintenance and development your support could help tackle projects on our <a href="funding/wishlist.html">wish list</a>.
-<p>
-You can contribute to the OpenSSL project in any of the following ways:
-
-<p>
-<ul>
-<li><a href="community.html"><font id=sfl>Join</font></a> the online community via public mailing lists<br>
- Participate in the online community of developers, testers, and contributing end users working to make OpenSSL a better product.
-<p>
-<li><a href="donations.html"><font id=sfl>Donate</font></a> to the OpenSSL project<br>
- Your donation will help add new capabilities to OpenSSL. Significant sponsors have a say in the future direction of OpenSSL as well as acknowledgements and logo placements.
-<p>
-<li><a href="funding/contract.html"><font id=sfl>Fund</font></a> the OpenSSL project via a support contract<br>
- Obtain the protection of formal support contract coverage for your commercial or government enterprise and support ongoing OpenSSL development.
-<p>
-<li><a href="consulting.html"><font id=sfl>Hire</font></a> individual OpenSSL team members<br>
- Some OpenSSL team members are available for custom consultancy contract work.
-<p>
-</ul>
-
diff --git a/support/majordomo.wml b/support/majordomo.wml
deleted file mode 100644
index cec470f..0000000
--- a/support/majordomo.wml
+++ /dev/null
@@ -1,8 +0,0 @@
-#!wml -oPAGE_HEADuPAGE_BODY:majordomo.head.html -oPAGE_FOOT:majordomo.foot.html
-
-#use wml::openssl area=support page=lists
-
-<title>Support, Mailing Lists</title>
-
-<h1>OpenSSL Mailing Lists</h1>
-
diff --git a/support/other.wml b/support/other.wml
deleted file mode 100644
index 00210fe..0000000
--- a/support/other.wml
+++ /dev/null
@@ -1,36 +0,0 @@
-
-#use wml::openssl area=related page=commercial
-
-<title>Related, Commercial</title>
-
-<h1>Other OpenSSL Realted Commercial Services</h1>
-
-These are commercial offers with respect to OpenSSL, e.g. people/organizations
-offering support.
-
-<p>
-
-<b>Disclaimer:</b>
-The offers listed below are not necessarily related to the OpenSSL
-team. Neither the sorting nor the pure fact of being listed does
-in any way provide a statement about the quality of the offering.
-
-<p>
-
-If you want yourself or your company to be listed here, please send a
-message to
-<a href="mailto:openssl-info at openssl.org">openssl-info at openssl.org</a>.
-The message needs to include the company name, and information string
-and a URL.
-
-<ul>
- <item name="Linux4biz"
- info="Linux4biz specialises in all aspects of apache and openssl deployment, support and security."
- url="http://www.linux4biz.net/">
- <item name="Secure Endpoints Inc."
- info="Expert consulting and software development services, OpenSSL and more"
- url="http://www.secure-endpoints.com/">
- <item name="dmp|cda"
- info="Websolutions including OpenSSL and more"
- url="http://www.dmpcda.de/">
-</ul>
diff --git a/support/rt.wml b/support/rt.wml
deleted file mode 100644
index c3a705c..0000000
--- a/support/rt.wml
+++ /dev/null
@@ -1,55 +0,0 @@
-
-#use wml::openssl area=support page=rt
-
-<title>Support, Request Tracker</title>
-
-<h1>OpenSSL Request Tracker</h1>
-
-We have set up a request tracker at
-<a href="http://rt.openssl.org/">http://rt.openssl.org/</a>
-offering read-only access using the account <tt>guest</tt> with the
-password <tt>guest</tt>.
-
-The username and password can also be specified in the URL, as can a link
-to a specific bug. For example:
-<a href="http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1">
-http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1</a>
-
-<h2>List of Bugs/Requests</h2>
-
-Please see the
-<a href="http://rt.openssl.org/NoAuth/Buglist.html">list</a>
-of new or open bugs and requests.
-
-<h2>Sending a Request</h2>
-
-To create a new bug or enhancement request, send email to
-<a href="mailto:rt at openssl.org">rt at openssl.org</a>, clearly indicating
-the type of request (bug report, patch, contribution, enhancement request,
-...) the operating system and version of OpenSSL affected.
-If you have a patch or diff, please send it as an attachment, and not
-inline in the message body.
-
-The easiest way to respond to an existing request is to reply to the relevant
-message in <tt>openssl-dev at openssl.org</tt>. To help avoid duplicate copies,
-edit the recipient list so that only
-<tt>rt at openssl.org</tt> is listed and remove any quoted material.
-You can also create a new email by having the subject line start with a
-special prefix.
-For example to reply to ID #9999
-you'd send a message to <tt>rt at openssl.org</tt> including <tt>[openssl.org #9999]</tt> in the subject.
-
-<h2>Gateways</h2>
-
-Incoming requests are added to the request tracker. The request tracker
-automatically forwards incoming requests to the
-<tt>openssl-dev at openssl.org</tt>
-mailing list for information of the community and public discussion.
-Replies sent to <tt>rt at openssl.org</tt> keeping the ticket in the
-subject line unchanged will be recorded and added to the ticket by the
-request tracker, then forwarded to <tt>openssl-dev at openssl.org</tt>.
-
-<h2>Request Tracker Software</h2>
-
-The request tracker is using the RT software, available from
-<a href="http://www.bestpractical.com/rt/">http://www.bestpractical.com/rt/</a>.
diff --git a/support/sidebar.inc b/support/sidebar.inc
new file mode 100644
index 0000000..c3ac2b8
--- /dev/null
+++ b/support/sidebar.inc
@@ -0,0 +1,18 @@
+<!-- sidebar.inc -->
+<aside class="sidebar">
+ <section>
+ <h1><a href=".">Commercial Support</a></h1>
+ <ul>
+ <li>
+ <a href="donations.html">Donations</a>
+ </li>
+ <li>
+ <a href="acks.html">Acknowledgements</a>
+ </li>
+ <li>
+ <a href="contracts.html">Support Contracts</a>
+ </li>
+ </ul>
+ </section>
+</aside>
+<!-- end -->
diff --git a/template-file.html b/template-file.html
new file mode 100644
index 0000000..298c5a0
--- /dev/null
+++ b/template-file.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html lang="en">
+<!--#include virtual="/inc/head.inc" -->
+<body>
+ <!--#include virtual="/inc/banner.inc" -->
+ <div id="main">
+ <div id="content">
+ <div class="blog-index">
+ <article>
+ <header><h2>XXX name</h2></header>
+ <div class="entry-content">
+ <p>
+
+ </p>
+ </div>
+ <footer>
+ You are here: <a href="/">Home</a>
+ : <a href=".">XXX-subdirname</a>
+ <!--
+ : <a href="">xxx topic name</a>
+ -->
+ <br/><a href="/sitemap.txt">Sitemap</a>
+ </footer>
+ </article>
+ </div>
+ <!--#include virtual="sidebar.inc" -->
+ </div>
+ </div>
+<!--#include virtual="/inc/footer.inc" -->
+</body>
+</html>
More information about the openssl-commits
mailing list