From 7c7774dfd034efa911f03b4a88de8ec01a4c282a Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 10 Sep 2016 19:57:59 +0200 Subject: Included static page generation into tree Also create a CI task to generate the web site and upload to gnutls.gitlab.io. --- .gitlab-ci.yml | 307 +---------------- cfg.mk | 24 +- www/Makefile | 57 ++++ www/bottom.wml | 53 +++ www/commercial.wml | 93 +++++ www/common.wml | 62 ++++ www/contrib.wml | 17 + www/css/combo.css | 18 + www/css/layout.css | 548 +++++++++++++++++++++++++++++ www/css/layout.cwml | 549 ++++++++++++++++++++++++++++++ www/css/mini.css | 12 + www/css/print.css | 79 +++++ www/devel.wml | 69 ++++ www/documentation.wml | 57 ++++ www/download.wml | 150 ++++++++ www/faq.wml | 91 +++++ www/gnutls-logo.wml | 30 ++ www/gnutls.wml | 68 ++++ www/graphics/gnutls-logo-icon.png | Bin 0 -> 161 bytes www/graphics/gnutls-logo-icon2.png | Bin 0 -> 481 bytes www/graphics/gnutls-logo-large.png | Bin 0 -> 1183 bytes www/graphics/gnutls-logo-letters.png | Bin 0 -> 1409 bytes www/graphics/gnutls-logo-nobackground.png | Bin 0 -> 1895 bytes www/graphics/gnutls-logo-scalable.png | Bin 0 -> 1983 bytes www/graphics/gnutls-logo.png | Bin 0 -> 1503 bytes www/graphics/gnutls-logo.svg | 60 ++++ www/graphics/logo-sponsor.png | Bin 0 -> 3674 bytes www/graphics/pgp1.png | Bin 0 -> 20235 bytes www/graphics/tree1.png | Bin 0 -> 19928 bytes www/head.wml | 24 ++ www/help.wml | 44 +++ www/manual-index.html.bak | 4 + www/news-entries/2012-01-20.xml | 3 + www/news-entries/2012-02-18.xml | 5 + www/news-entries/2012-02-24.xml | 3 + www/news-entries/2012-03-02.xml | 10 + www/news-entries/2012-03-16.xml | 9 + www/news-entries/2012-03-17.xml | 3 + www/news-entries/2012-03-18.xml | 3 + www/news-entries/2012-03-19.xml | 2 + www/news-entries/2012-03-21.xml | 1 + www/news-entries/2012-04-02.xml | 3 + www/news-entries/2012-04-22.xml | 3 + www/news-entries/2012-05-05.xml | 3 + www/news-entries/2012-06-05.xml | 3 + www/news-entries/2012-06-10.xml | 3 + www/news-entries/2012-07-02.xml | 3 + www/news-entries/2012-08-04.xml | 3 + www/news-entries/2012-08-15.xml | 3 + www/news-entries/2012-09-02.xml | 9 + www/news-entries/2012-09-13.xml | 2 + www/news-entries/2012-09-26.xml | 11 + www/news-entries/2012-10-12.xml | 10 + www/news-entries/2012-11-09.xml | 5 + www/news-entries/2012-11-10.xml | 5 + www/news-entries/2012-11-24.xml | 4 + www/news-entries/2012-11-25.xml | 3 + www/news-entries/2012-12-10.xml | 3 + www/news-entries/2013-01-02.xml | 4 + www/news-entries/2013-01-03.xml | 4 + www/news-entries/2013-01-05.xml | 4 + www/news-entries/2013-02-04.xml | 9 + www/news-entries/2013-02-10.xml | 7 + www/news-entries/2013-02-27.xml | 5 + www/news-entries/2013-03-22.xml | 9 + www/news-entries/2013-05-10.xml | 6 + www/news-entries/2013-05-16.xml | 5 + www/news-entries/2013-05-29.xml | 2 + www/news-entries/2013-06-01.xml | 11 + www/news-entries/2013-07-13.xml | 7 + www/news-entries/2013-07-14.xml | 7 + www/news-entries/2013-07-30.xml | 8 + www/news-entries/2013-08-02.xml | 5 + www/news-entries/2013-08-31.xml | 8 + www/news-entries/2013-10-23.xml | 11 + www/news-entries/2013-10-24.xml | 2 + www/news-entries/2013-10-31.xml | 13 + www/news-entries/2013-11-23.xml | 6 + www/news-entries/2013-12-20.xml | 7 + www/news-entries/2014-01-24.xml | 7 + www/news-entries/2014-01-31.xml | 7 + www/news-entries/2014-02-13.xml | 11 + www/news-entries/2014-03-03.xml | 12 + www/news-entries/2014-03-04.xml | 5 + www/news-entries/2014-03-07.xml | 6 + www/news-entries/2014-03-27.xml | 5 + www/news-entries/2014-04-07.xml | 9 + www/news-entries/2014-04-10.xml | 6 + www/news-entries/2014-04-19.xml | 6 + www/news-entries/2014-05-06.xml | 13 + www/news-entries/2014-05-30.xml | 17 + www/news-entries/2014-05-31.xml | 6 + www/news-entries/2014-06-26.xml | 6 + www/news-entries/2014-07-23.xml | 11 + www/news-entries/2014-07-29.xml | 6 + www/news-entries/2014-08-24.xml | 13 + www/news-entries/2014-08-31.xml | 7 + www/news-entries/2014-09-18.xml | 10 + www/news-entries/2014-10-13.xml | 13 + www/news-entries/2014-10-16.xml | 5 + www/news-entries/2014-11-10.xml | 17 + www/news-entries/2014-12-03.xml | 5 + www/news-entries/2014-12-11.xml | 10 + www/news-entries/2015-01-17.xml | 6 + www/news-entries/2015-02-25.xml | 6 + www/news-entries/2015-03-04.xml | 5 + www/news-entries/2015-03-11.xml | 5 + www/news-entries/2015-03-30.xml | 6 + www/news-entries/2015-04-08.xml | 5 + www/news-entries/2015-05-03.xml | 12 + www/news-entries/2015-06-16.xml | 6 + www/news-entries/2015-07-12.xml | 8 + www/news-entries/2015-08-10.xml | 12 + www/news-entries/2015-09-02.xml | 5 + www/news-entries/2015-09-12.xml | 8 + www/news-entries/2015-09-20.xml | 5 + www/news-entries/2015-10-20.xml | 6 + www/news-entries/2015-11-22.xml | 8 + www/news-entries/2015-11-23.xml | 4 + www/news-entries/2015-11-29.xml | 5 + www/news-entries/2016-01-08.xml | 8 + www/news-entries/2016-02-03.xml | 9 + www/news-entries/2016-03-03.xml | 6 + www/news-entries/2016-03-10.xml | 5 + www/news-entries/2016-04-11.xml | 5 + www/news-entries/2016-05-09.xml | 6 + www/news-entries/2016-05-20.xml | 8 + www/news-entries/2016-06-06.xml | 8 + www/news-entries/2016-06-14.xml | 6 + www/news-entries/2016-07-06.xml | 14 + www/news-entries/2016-08-09.xml | 6 + www/news-entries/2016-09-08.xml | 12 + www/news-entries/README | 10 + www/news.wml | 30 ++ www/openpgp.wml | 100 ++++++ www/rawnews.wml | 46 +++ www/rawsecurity.wml | 42 +++ www/scripts/atom.pl | 73 ++++ www/scripts/lib-news.pl | 162 +++++++++ www/scripts/tweet.pl | 73 ++++ www/security-entries/GNUTLS-SA-2005-1 | 7 + www/security-entries/GNUTLS-SA-2006-1 | 5 + www/security-entries/GNUTLS-SA-2006-2 | 5 + www/security-entries/GNUTLS-SA-2006-3 | 6 + www/security-entries/GNUTLS-SA-2006-4 | 8 + www/security-entries/GNUTLS-SA-2008-1 | 11 + www/security-entries/GNUTLS-SA-2008-2 | 12 + www/security-entries/GNUTLS-SA-2008-3 | 17 + www/security-entries/GNUTLS-SA-2009-1 | 9 + www/security-entries/GNUTLS-SA-2009-2 | 9 + www/security-entries/GNUTLS-SA-2009-3 | 11 + www/security-entries/GNUTLS-SA-2009-4 | 15 + www/security-entries/GNUTLS-SA-2009-5 | 10 + www/security-entries/GNUTLS-SA-2010-1 | 12 + www/security-entries/GNUTLS-SA-2011-1 | 10 + www/security-entries/GNUTLS-SA-2011-2 | 13 + www/security-entries/GNUTLS-SA-2012-1 | 13 + www/security-entries/GNUTLS-SA-2012-2 | 9 + www/security-entries/GNUTLS-SA-2012-3 | 9 + www/security-entries/GNUTLS-SA-2012-4 | 34 ++ www/security-entries/GNUTLS-SA-2013-1 | 35 ++ www/security-entries/GNUTLS-SA-2013-2 | 8 + www/security-entries/GNUTLS-SA-2013-3 | 8 + www/security-entries/GNUTLS-SA-2014-1 | 26 ++ www/security-entries/GNUTLS-SA-2014-2 | 31 ++ www/security-entries/GNUTLS-SA-2014-3 | 12 + www/security-entries/GNUTLS-SA-2014-4 | 16 + www/security-entries/GNUTLS-SA-2014-5 | 11 + www/security-entries/GNUTLS-SA-2015-1 | 12 + www/security-entries/GNUTLS-SA-2015-2 | 15 + www/security-entries/GNUTLS-SA-2015-3 | 10 + www/security-entries/GNUTLS-SA-2015-4 | 8 + www/security-entries/GNUTLS-SA-2016-1 | 8 + www/security-entries/GNUTLS-SA-2016-2 | 22 ++ www/security-entries/GNUTLS-SA-2016-3 | 14 + www/security.wml | 39 +++ www/soc.wml | 88 +++++ www/support.wml | 71 ++++ 178 files changed, 3969 insertions(+), 315 deletions(-) create mode 100644 www/Makefile create mode 100644 www/bottom.wml create mode 100644 www/commercial.wml create mode 100644 www/common.wml create mode 100644 www/contrib.wml create mode 100644 www/css/combo.css create mode 100644 www/css/layout.css create mode 100644 www/css/layout.cwml create mode 100644 www/css/mini.css create mode 100644 www/css/print.css create mode 100644 www/devel.wml create mode 100644 www/documentation.wml create mode 100644 www/download.wml create mode 100644 www/faq.wml create mode 100644 www/gnutls-logo.wml create mode 100644 www/gnutls.wml create mode 100644 www/graphics/gnutls-logo-icon.png create mode 100644 www/graphics/gnutls-logo-icon2.png create mode 100644 www/graphics/gnutls-logo-large.png create mode 100644 www/graphics/gnutls-logo-letters.png create mode 100644 www/graphics/gnutls-logo-nobackground.png create mode 100644 www/graphics/gnutls-logo-scalable.png create mode 100644 www/graphics/gnutls-logo.png create mode 100644 www/graphics/gnutls-logo.svg create mode 100644 www/graphics/logo-sponsor.png create mode 100644 www/graphics/pgp1.png create mode 100644 www/graphics/tree1.png create mode 100644 www/head.wml create mode 100644 www/help.wml create mode 100644 www/manual-index.html.bak create mode 100644 www/news-entries/2012-01-20.xml create mode 100644 www/news-entries/2012-02-18.xml create mode 100644 www/news-entries/2012-02-24.xml create mode 100644 www/news-entries/2012-03-02.xml create mode 100644 www/news-entries/2012-03-16.xml create mode 100644 www/news-entries/2012-03-17.xml create mode 100644 www/news-entries/2012-03-18.xml create mode 100644 www/news-entries/2012-03-19.xml create mode 100644 www/news-entries/2012-03-21.xml create mode 100644 www/news-entries/2012-04-02.xml create mode 100644 www/news-entries/2012-04-22.xml create mode 100644 www/news-entries/2012-05-05.xml create mode 100644 www/news-entries/2012-06-05.xml create mode 100644 www/news-entries/2012-06-10.xml create mode 100644 www/news-entries/2012-07-02.xml create mode 100644 www/news-entries/2012-08-04.xml create mode 100644 www/news-entries/2012-08-15.xml create mode 100644 www/news-entries/2012-09-02.xml create mode 100644 www/news-entries/2012-09-13.xml create mode 100644 www/news-entries/2012-09-26.xml create mode 100644 www/news-entries/2012-10-12.xml create mode 100644 www/news-entries/2012-11-09.xml create mode 100644 www/news-entries/2012-11-10.xml create mode 100644 www/news-entries/2012-11-24.xml create mode 100644 www/news-entries/2012-11-25.xml create mode 100644 www/news-entries/2012-12-10.xml create mode 100644 www/news-entries/2013-01-02.xml create mode 100644 www/news-entries/2013-01-03.xml create mode 100644 www/news-entries/2013-01-05.xml create mode 100644 www/news-entries/2013-02-04.xml create mode 100644 www/news-entries/2013-02-10.xml create mode 100644 www/news-entries/2013-02-27.xml create mode 100644 www/news-entries/2013-03-22.xml create mode 100644 www/news-entries/2013-05-10.xml create mode 100644 www/news-entries/2013-05-16.xml create mode 100644 www/news-entries/2013-05-29.xml create mode 100644 www/news-entries/2013-06-01.xml create mode 100644 www/news-entries/2013-07-13.xml create mode 100644 www/news-entries/2013-07-14.xml create mode 100644 www/news-entries/2013-07-30.xml create mode 100644 www/news-entries/2013-08-02.xml create mode 100644 www/news-entries/2013-08-31.xml create mode 100644 www/news-entries/2013-10-23.xml create mode 100644 www/news-entries/2013-10-24.xml create mode 100644 www/news-entries/2013-10-31.xml create mode 100644 www/news-entries/2013-11-23.xml create mode 100644 www/news-entries/2013-12-20.xml create mode 100644 www/news-entries/2014-01-24.xml create mode 100644 www/news-entries/2014-01-31.xml create mode 100644 www/news-entries/2014-02-13.xml create mode 100644 www/news-entries/2014-03-03.xml create mode 100644 www/news-entries/2014-03-04.xml create mode 100644 www/news-entries/2014-03-07.xml create mode 100644 www/news-entries/2014-03-27.xml create mode 100644 www/news-entries/2014-04-07.xml create mode 100644 www/news-entries/2014-04-10.xml create mode 100644 www/news-entries/2014-04-19.xml create mode 100644 www/news-entries/2014-05-06.xml create mode 100644 www/news-entries/2014-05-30.xml create mode 100644 www/news-entries/2014-05-31.xml create mode 100644 www/news-entries/2014-06-26.xml create mode 100644 www/news-entries/2014-07-23.xml create mode 100644 www/news-entries/2014-07-29.xml create mode 100644 www/news-entries/2014-08-24.xml create mode 100644 www/news-entries/2014-08-31.xml create mode 100644 www/news-entries/2014-09-18.xml create mode 100644 www/news-entries/2014-10-13.xml create mode 100644 www/news-entries/2014-10-16.xml create mode 100644 www/news-entries/2014-11-10.xml create mode 100644 www/news-entries/2014-12-03.xml create mode 100644 www/news-entries/2014-12-11.xml create mode 100644 www/news-entries/2015-01-17.xml create mode 100644 www/news-entries/2015-02-25.xml create mode 100644 www/news-entries/2015-03-04.xml create mode 100644 www/news-entries/2015-03-11.xml create mode 100644 www/news-entries/2015-03-30.xml create mode 100644 www/news-entries/2015-04-08.xml create mode 100644 www/news-entries/2015-05-03.xml create mode 100644 www/news-entries/2015-06-16.xml create mode 100644 www/news-entries/2015-07-12.xml create mode 100644 www/news-entries/2015-08-10.xml create mode 100644 www/news-entries/2015-09-02.xml create mode 100644 www/news-entries/2015-09-12.xml create mode 100644 www/news-entries/2015-09-20.xml create mode 100644 www/news-entries/2015-10-20.xml create mode 100644 www/news-entries/2015-11-22.xml create mode 100644 www/news-entries/2015-11-23.xml create mode 100644 www/news-entries/2015-11-29.xml create mode 100644 www/news-entries/2016-01-08.xml create mode 100644 www/news-entries/2016-02-03.xml create mode 100644 www/news-entries/2016-03-03.xml create mode 100644 www/news-entries/2016-03-10.xml create mode 100644 www/news-entries/2016-04-11.xml create mode 100644 www/news-entries/2016-05-09.xml create mode 100644 www/news-entries/2016-05-20.xml create mode 100644 www/news-entries/2016-06-06.xml create mode 100644 www/news-entries/2016-06-14.xml create mode 100644 www/news-entries/2016-07-06.xml create mode 100644 www/news-entries/2016-08-09.xml create mode 100644 www/news-entries/2016-09-08.xml create mode 100644 www/news-entries/README create mode 100644 www/news.wml create mode 100644 www/openpgp.wml create mode 100644 www/rawnews.wml create mode 100644 www/rawsecurity.wml create mode 100644 www/scripts/atom.pl create mode 100644 www/scripts/lib-news.pl create mode 100755 www/scripts/tweet.pl create mode 100644 www/security-entries/GNUTLS-SA-2005-1 create mode 100644 www/security-entries/GNUTLS-SA-2006-1 create mode 100644 www/security-entries/GNUTLS-SA-2006-2 create mode 100644 www/security-entries/GNUTLS-SA-2006-3 create mode 100644 www/security-entries/GNUTLS-SA-2006-4 create mode 100644 www/security-entries/GNUTLS-SA-2008-1 create mode 100644 www/security-entries/GNUTLS-SA-2008-2 create mode 100644 www/security-entries/GNUTLS-SA-2008-3 create mode 100644 www/security-entries/GNUTLS-SA-2009-1 create mode 100644 www/security-entries/GNUTLS-SA-2009-2 create mode 100644 www/security-entries/GNUTLS-SA-2009-3 create mode 100644 www/security-entries/GNUTLS-SA-2009-4 create mode 100644 www/security-entries/GNUTLS-SA-2009-5 create mode 100644 www/security-entries/GNUTLS-SA-2010-1 create mode 100644 www/security-entries/GNUTLS-SA-2011-1 create mode 100644 www/security-entries/GNUTLS-SA-2011-2 create mode 100644 www/security-entries/GNUTLS-SA-2012-1 create mode 100644 www/security-entries/GNUTLS-SA-2012-2 create mode 100644 www/security-entries/GNUTLS-SA-2012-3 create mode 100644 www/security-entries/GNUTLS-SA-2012-4 create mode 100644 www/security-entries/GNUTLS-SA-2013-1 create mode 100644 www/security-entries/GNUTLS-SA-2013-2 create mode 100644 www/security-entries/GNUTLS-SA-2013-3 create mode 100644 www/security-entries/GNUTLS-SA-2014-1 create mode 100644 www/security-entries/GNUTLS-SA-2014-2 create mode 100644 www/security-entries/GNUTLS-SA-2014-3 create mode 100644 www/security-entries/GNUTLS-SA-2014-4 create mode 100644 www/security-entries/GNUTLS-SA-2014-5 create mode 100644 www/security-entries/GNUTLS-SA-2015-1 create mode 100644 www/security-entries/GNUTLS-SA-2015-2 create mode 100644 www/security-entries/GNUTLS-SA-2015-3 create mode 100644 www/security-entries/GNUTLS-SA-2015-4 create mode 100644 www/security-entries/GNUTLS-SA-2016-1 create mode 100644 www/security-entries/GNUTLS-SA-2016-2 create mode 100644 www/security-entries/GNUTLS-SA-2016-3 create mode 100644 www/security.wml create mode 100644 www/soc.wml create mode 100644 www/support.wml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b20a8a1cac..52daee8d22 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,305 +1,14 @@ -image: fedora:24 - -Fedora/x86_64/minimal: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && ./configure --with-included-libtasn1 - --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-rsa-export - --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication - --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-openpgp-authentication - --disable-ocsp --disable-session-tickets --disable-non-suiteb-curves - --disable-nls --disable-crywrap --disable-libdane --without-p11-kit --without-tpm - --disable-ssl3-support --disable-ssl2-support --without-zlib --disable-doc --disable-tests --enable-openssl-compatibility && make -j4 - tags: - - shared - except: - - tags - -Fedora/x86_64/ubsan: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && CFLAGS="-fsanitize=undefined -fno-sanitize-recover -g -std=c99 - -O2" LDFLAGS="-static-libubsan" ./configure --disable-doc --disable-valgrind-tests --disable-non-suiteb-curves --disable-guile --enable-code-coverage - && make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -Fedora/x86_64/no-SSL-3.0: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && mkdir -p build && cd build && - ../configure --disable-ssl3-support --disable-ssl2-support --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-valgrind-tests --enable-code-coverage && - make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/guile/tests/*.log - - build/tests/*.log - - build/tests/*/*.log - -# Needs gnutls' headers due to some abi-checker issue with resolving deps -Fedora/x86_64/ABI-check: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y gnutls-devel - - make autoreconf && mkdir -p build && cd build && - ../configure --disable-doc --disable-cxx --disable-guile --disable-non-suiteb-curves && make -j4 && make abi-check - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/logs/gnutls-dane/*/log.txt - - build/logs/gnutls/*/log.txt - -Fedora/x86_64/clang: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && - CC=clang ./configure --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-valgrind-tests && - make -j4 && make check -C tests -j4 - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - guile/tests/*.log - - tests/*.log - - tests/*/*.log - -Fedora/x86_64/FIPS140-2: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && mkdir -p build && cd build && - ../configure --disable-non-suiteb-curves --enable-fips140-mode --enable-code-coverage --disable-doc --disable-valgrind-tests && - make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - when: on_failure - paths: - - guile/tests/*.log - - build/tests/*.log - - build/tests/*/*.log - -Fedora/x86_64/valgrind: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && rm -f tests/suite/mini-eagain2.c && ./configure - --disable-non-suiteb-curves --enable-code-coverage --disable-doc && make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -Fedora/x86_64/asan: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man net-tools - - dnf install -y clang libasan-static nodejs softhsm datefudge lcov openssl-devel libasan dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp - - make autoreconf && CFLAGS="-fsanitize=address -g -O2" LDFLAGS="-static-libasan" - ./configure --disable-doc --enable-code-coverage --disable-valgrind-tests --disable-non-suiteb-curves --disable-guile && - make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -MinGW32/DLLs: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine.i686 mingw32-p11-kit mingw32-nettle mingw32-libtasn1 mingw32-gcc mingw32-gmp mingw32-libidn util-linux - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && - mingw32-configure --disable-nls --enable-local-libopts --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw32-make -j4 && mingw32-make -C tests check -j4 -# Combine generated apps and DLLs. -#libintl and iconv are a dependency of libidn -#libwinpthread is required by libgcc -#libffi is required by libp11-kit - - mkdir -p win32-build/bin && mkdir -p win32-build/lib/includes && - cp lib/.libs/*.dll src/.libs/*.exe win32-build/bin && - i686-w64-mingw32-strip --strip-unneeded win32-build/bin/*.dll && - i686-w64-mingw32-strip win32-build/bin/*.exe && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libtasn1-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libidn-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libintl-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/iconv*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win32-build/bin && - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win32-build/lib && - cp lib/includes/gnutls/*.h win32-build/lib/includes - tags: - - shared - only: - - tags - artifacts: - paths: - - win32-build/ - -MinGW64/DLLs: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine mingw64-nettle mingw64-libtasn1 mingw64-p11-kit mingw64-gcc mingw64-gmp mingw64-libidn util-linux - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && - mingw64-configure --disable-nls --enable-local-libopts --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw64-make -j4 && mingw64-make -C tests check -j4 -# Combine generated apps and DLLs. -#libintl and iconv are a dependency of libidn -#libwinpthread is required by libgcc -#libffi is required by libp11-kit - - mkdir -p win64-build/bin && mkdir -p win64-build/lib/includes && - cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin && - x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll && - x86_64-w64-mingw32-strip win64-build/bin/*.exe && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libtasn1-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libintl-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/iconv*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin && - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib && - cp lib/includes/gnutls/*.h win64-build/lib/includes - tags: - - shared - only: - - tags - artifacts: - paths: - - win64-build/ - -MinGW64: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine mingw64-nettle mingw64-p11-kit mingw64-libtasn1 mingw64-gcc mingw64-gmp mingw64-libidn util-linux - - dnf install -y "http://people.redhat.com/nmavrogi/fedora/mingw64-libcmocka-1.0.1-1.fc24.noarch.rpm" - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && mkdir -p build && cd build && - mingw64-configure --enable-local-libopts --without-p11-kit --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw64-make -j4 && mingw64-make -C tests check -j4 - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/*.log - - build/tests/*.log - - build/tests/*/*.log - -MinGW32: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine.i686 mingw32-p11-kit mingw32-nettle mingw32-libtasn1 mingw32-gcc mingw32-gmp mingw32-libidn util-linux - - dnf install -y "http://people.redhat.com/nmavrogi/fedora/mingw32-libcmocka-1.0.1-1.fc24.noarch.rpm" - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && mkdir -p build && cd build && - mingw32-configure --enable-local-libopts --without-p11-kit --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw32-make -j4 && mingw32-make -C tests check -j4 - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/*.log - - build/tests/*.log - - build/tests/*/*.log - -FreeBSD10/x86_64: - script: - - gmake autoreconf && rm -f tests/suite/mini-eagain2.c && LIBS="-L/usr/local/lib" ./configure - --disable-guile --disable-doc --disable-valgrind-tests && gmake -j4 && gmake check -j4 - tags: - - freebsd - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -# We need a clean 32-bit fedora for testing -Fedora/x86: - image: nickcis/fedora-32:23 +pages: + image: debian:stretch script: - - linux32 dnf install -y autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && mkdir -p build && cd build && - ../configure --build=i686-redhat-linux --target=i686-redhat-linux --disable-cxx --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-valgrind-tests --enable-code-coverage && - make -j4 && make check -j4 && make local-code-coverage-output + - apt-get update + - apt-get install -y git-core make autoconf automake autogen libtool gettext autopoint libp11-kit-dev nettle-dev libtspi-dev libtasn1-6-dev libidn11-dev gawk gperf git2cl libunbound-dev dns-root-data bison help2man gtk-doc-tools + - apt-get install -y wml make perl texinfo texlive texlive-generic-recommended texlive-extra-utils help2man gtk-doc-tools texlive-latex-extra + - make autoreconf && ./configure --disable-tests --disable-manpages --enable-gtk-doc + - make -j4 && make web tags: - shared - except: - - tags artifacts: - expire_in: 1 week - when: on_failure paths: - - build/*.log - - build/tests/*.log - - build/tests/*/*.log + - www/public diff --git a/cfg.mk b/cfg.mk index cdd6b81c11..0ca2364357 100644 --- a/cfg.mk +++ b/cfg.mk @@ -127,7 +127,7 @@ ChangeLog: cat .clcopying >> ChangeLog tag = $(PACKAGE)_`echo $(VERSION) | sed 's/\./_/g'` -htmldir = ../www-$(PACKAGE) +htmldir = www/public release: syntax-check prepare upload web upload-web @@ -140,16 +140,14 @@ prepare: git tag -u b565716f! -m $(VERSION) $(tag) upload-tarballs: - git push - git push --tags - build-aux/gnupload --to alpha.gnu.org:$(PACKAGE) $(distdir).tar.xz - build-aux/gnupload --to alpha.gnu.org:$(PACKAGE) $(distdir).tar.lz - cp $(distdir).tar.xz $(distdir).tar.xz.sig ../releases/$(PACKAGE)/ - cp $(distdir).tar.lz $(distdir).tar.lz.sig ../releases/$(PACKAGE)/ - + gpg --sign --detached $(distdir).tar.xz + scp $(distdir).tar.xz* trithemius.gnupg.org:/home/ftp/gcrypt/gnutls/v$(MAJOR_VERSION).$(MINOR_VERSION) web: echo generating documentation for $(PACKAGE) + rm -rf $(htmldir) + mkdir -p $(htmldir)/manual + mkdir -p $(htmldir)/reference make -C doc gnutls.html cd doc && cp gnutls.html *.png ../$(htmldir)/manual/ cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/html_node/ --css-include=./texinfo.css gnutls.texi @@ -160,14 +158,8 @@ web: make -C doc gnutls-guile.html gnutls-guile.pdf cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/gnutls-guile/ --css-include=./texinfo.css gnutls-guile.texi cd doc && cp gnutls-guile.pdf gnutls-guile.html ../$(htmldir)/manual/ - #cd doc/doxygen && doxygen && cd ../.. && cp -v doc/doxygen/html/* $(htmldir)/devel/doxygen/ && cd doc/doxygen/latex && make refman.pdf && cd ../../../ && cp doc/doxygen/latex/refman.pdf $(htmldir)/devel/doxygen/$(PACKAGE).pdf - -cp -v doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp doc/reference/html/*.css $(htmldir)/reference/ - #cp -v doc/cyclo/cyclo-$(PACKAGE).html $(htmldir)/cyclo/ - -upload-web: - cd $(htmldir) && \ - cvs commit -m "Update." manual/ reference/ \ - doxygen/ devel/ cyclo/ + -cp -v doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp* doc/reference/html/*.css $(htmldir)/reference/ + cd www && $(MAKE) ASM_SOURCES_XXX := \ lib/accelerated/x86/XXX/cpuid-x86_64.s \ diff --git a/www/Makefile b/www/Makefile new file mode 100644 index 0000000000..efe2d2cc36 --- /dev/null +++ b/www/Makefile @@ -0,0 +1,57 @@ +# Release process: +# 1. Add a news entry in news-entries (see news/entries/README) +# 2. Updated the documentation ('make web' in the gnutls source) +# 3. Type 'make' +# 4. Type 'make tweet' + +WML=wml +WMLFLAGS=-DTABLE_BGCOLOR="\#e5e5e5" -DTABLE_HDCOLOR="\#ccbcbc" \ + -DTABLE_BGCOLOR2="\#e0d7d7" -DWHITE="\#ffffff" -DEMAIL=\"bugs@gnutls.org\" \ + -DSTABLE_VER="3.4" -DSTABLE_OLD_VER="3.3" -DSTABLE_ABI="3.4.0" -DSTABLE_OLD_ABI="3.0.0" \ + -DSTABLE_NEXT_VER="3.5" -DSTABLE_NEXT_ABI="3.5.0" + +COMMON=common.wml bottom.wml head.wml rawnews.wml +OUTPUT=public/index.html public/contrib.html public/devel.html public/support.html \ + public/download.html public/gnutls-logo.html public/news.html \ + public/documentation.html public/help.html public/openpgp.html \ + public/security.html public/commercial.html public/soc.html public/faq.html \ + manual/index.html public/css/layout.css + +all: $(OUTPUT) public/news.atom + +.PHONY: clean rest manual/index.html security.html public/css + +public/css: + mkdir -p $@ + cp css/*.css $@ + +public/manual/index.html: manual-index.html.bak + @cp -f manual-index.html.bak $@ + +NEWS_FILES=$(shell ls news-entries/*.xml) + +public/news.atom: $(NEWS_FILES) scripts/atom.pl + perl scripts/atom.pl >$@ + +public/security.html: security.wml rawsecurity.wml $(COMMON) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/news.html: news.wml $(COMMON) $(NEWS_FILES) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/index.html: gnutls.wml $(COMMON) $(NEWS_FILES) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/%.html: %.wml $(COMMON) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/css/%.css: css/%.cwml $(COMMON) public/css + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +clean: + rm -f *~ $(OUTPUT) diff --git a/www/bottom.wml b/www/bottom.wml new file mode 100644 index 0000000000..aab07d86ac --- /dev/null +++ b/www/bottom.wml @@ -0,0 +1,53 @@ + + + + + + + + + + + + diff --git a/www/commercial.wml b/www/commercial.wml new file mode 100644 index 0000000000..2b3411ac15 --- /dev/null +++ b/www/commercial.wml @@ -0,0 +1,93 @@ +#include 'common.wml' page="Commercial support" + + + +#include 'bottom.wml' diff --git a/www/common.wml b/www/common.wml new file mode 100644 index 0000000000..1b51558ea2 --- /dev/null +++ b/www/common.wml @@ -0,0 +1,62 @@ +#include 'head.wml' +#use wml::std::tags + + +sub print_li_header { +my $page = $_[0]; +my $path = $_[1]; +my $name = $_[2]; +my $_name; + +if ($page ne $name) { + $_name =~ s/\s/_/g; + print "
  • $name
    • \n"; +} else { + print "
  • $name
    • \n"; +} + +return; +} +     + + + + + + + + + +
    diff --git a/www/contrib.wml b/www/contrib.wml new file mode 100644 index 0000000000..31862b1e0f --- /dev/null +++ b/www/contrib.wml @@ -0,0 +1,17 @@ +#include 'common.wml' page="Authors" + +

    GnuTLS is available because of the efforts of many people. The current maintainer is +Nikos Mavrogiannopoulos, reachable at +nmav@gnutls.org. +

    + +

    + +[People who have contributed to gnutls] +  + +[People we would like to thank] +  +[How can I help?] + +#include 'bottom.wml' diff --git a/www/css/combo.css b/www/css/combo.css new file mode 100644 index 0000000000..a42f2cf10a --- /dev/null +++ b/www/css/combo.css @@ -0,0 +1,18 @@ +/* Please do not edit this file. Instead, see +http://developer.yahoo.com/yui/2/ for future releases of YUI version 2 +*/ + +/* +Copyright (c) 2009, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.net/yui/license.txt +version: 2.7.0 +*/ + +html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,button,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,code,dfn,em,strong,th,var,optgroup{font-style:inherit;font-weight:inherit;}del,ins{text-decoration:none;}li{list-style:none;}caption,th{text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym{border:0;font-variant:normal;}sup{vertical-align:baseline;}sub{vertical-align:baseline;}legend{color:#000;}input,button,textarea,select,optgroup,option{font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;}input,button,textarea,select{*font-size:100%;}body{font-family:sans-serif;font:13px/1.231;*font-size:small;*font:x-small;}select,input,button,textarea,button{font:99%;font-family:sans-serif;}table{font-size:inherit;font:100%;}pre,code,kbd,samp,tt{font-family:monospace;*font-size:108%;line-height:100%;}body{text-align:center;}#doc,#doc2,#doc3,#doc4,.yui-t1,.yui-t2,.yui-t3,.yui-t4,.yui-t5,.yui-t6,.yui-t7{margin:auto;text-align:left;width:57.69em;*width:56.25em;}#doc2{width:73.076em;*width:71.25em;}#doc3{margin:auto 10px;width:auto;}#doc4{width:74.923em;*width:73.05em;}.yui-b{position:relative;}.yui-b{_position:static;}#yui-main .yui-b{position:static;}#yui-main,.yui-g .yui-u .yui-g{width:100%;}.yui-t1 #yui-main,.yui-t2 #yui-main,.yui-t3 #yui-main{float:right;margin-left:-25em;}.yui-t4 #yui-main,.yui-t5 #yui-main,.yui-t6 #yui-main{float:left;margin-right:-25em;}.yui-t1 .yui-b{float:left;width:12.30769em;*width:12.00em;}.yui-t1 #yui-main .yui-b{margin-left:13.30769em;*margin-left:13.05em;}.yui-t2 .yui-b{float:left;width:13.8461em;*width:13.50em;}.yui-t2 #yui-main .yui-b{margin-left:14.8461em;*margin-left:14.55em;}.yui-t3 .yui-b{float:left;width:23.0769em;*width:22.50em;}.yui-t3 #yui-main .yui-b{margin-left:24.0769em;*margin-left:23.62em;}.yui-t4 .yui-b{float:right;width:13.8456em;*width:13.50em;}.yui-t4 #yui-main .yui-b{margin-right:14.8456em;*margin-right:14.55em;}.yui-t5 .yui-b{float:right;width:18.4615em;*width:18.00em;}.yui-t5 #yui-main .yui-b{margin-right:19.4615em;*margin-right:19.125em;}.yui-t6 .yui-b{float:right;width:23.0769em;*width:22.50em;}.yui-t6 #yui-main .yui-b{margin-right:24.0769em;*margin-right:23.62em;}.yui-t7 #yui-main .yui-b{display:block;margin:0 0 1em 0;}#yui-main .yui-b{float:none;width:auto;}.yui-gb .yui-u,.yui-g .yui-gb .yui-u,.yui-gb .yui-g,.yui-gb .yui-gb,.yui-gb .yui-gc,.yui-gb .yui-gd,.yui-gb .yui-ge,.yui-gb .yui-gf,.yui-gc .yui-u,.yui-gc .yui-g,.yui-gd .yui-u{float:left;}.yui-g .yui-u,.yui-g .yui-g,.yui-g .yui-gb,.yui-g .yui-gc,.yui-g .yui-gd,.yui-g .yui-ge,.yui-g .yui-gf,.yui-gc .yui-u,.yui-gd .yui-g,.yui-g .yui-gc .yui-u,.yui-ge .yui-u,.yui-ge .yui-g,.yui-gf .yui-g,.yui-gf .yui-u{float:right;}.yui-g div.first,.yui-gb div.first,.yui-gc div.first,.yui-gd div.first,.yui-ge div.first,.yui-gf div.first,.yui-g .yui-gc div.first,.yui-g .yui-ge div.first,.yui-gc div.first div.first{float:left;}.yui-g .yui-u,.yui-g .yui-g,.yui-g .yui-gb,.yui-g .yui-gc,.yui-g .yui-gd,.yui-g .yui-ge,.yui-g .yui-gf{width:49.1%;}.yui-gb .yui-u,.yui-g .yui-gb .yui-u,.yui-gb .yui-g,.yui-gb .yui-gb,.yui-gb .yui-gc,.yui-gb .yui-gd,.yui-gb .yui-ge,.yui-gb .yui-gf,.yui-gc .yui-u,.yui-gc .yui-g,.yui-gd .yui-u{width:32%;margin-left:1.99%;}.yui-gb .yui-u{*margin-left:1.9%;*width:31.9%;}.yui-gc div.first,.yui-gd .yui-u{width:66%;}.yui-gd div.first{width:32%;}.yui-ge div.first,.yui-gf .yui-u{width:74.2%;}.yui-ge .yui-u,.yui-gf div.first{width:24%;}.yui-g .yui-gb div.first,.yui-gb div.first,.yui-gc div.first,.yui-gd div.first{margin-left:0;}.yui-g .yui-g .yui-u,.yui-gb .yui-g .yui-u,.yui-gc .yui-g .yui-u,.yui-gd .yui-g .yui-u,.yui-ge .yui-g .yui-u,.yui-gf .yui-g .yui-u{width:49%;*width:48.1%;*margin-left:0;}.yui-g .yui-g .yui-u{width:48.1%;}.yui-g .yui-gb div.first,.yui-gb .yui-gb div.first{*margin-right:0;*width:32%;_width:31.7%;}.yui-g .yui-gc div.first,.yui-gd .yui-g{width:66%;}.yui-gb .yui-g div.first{*margin-right:4%;_margin-right:1.3%;}.yui-gb .yui-gc div.first,.yui-gb .yui-gd div.first{*margin-right:0;}.yui-gb .yui-gb .yui-u,.yui-gb .yui-gc .yui-u{*margin-left:1.8%;_margin-left:4%;}.yui-g .yui-gb .yui-u{_margin-left:1.0%;}.yui-gb .yui-gd .yui-u{*width:66%;_width:61.2%;}.yui-gb .yui-gd div.first{*width:31%;_width:29.5%;}.yui-g .yui-gc .yui-u,.yui-gb .yui-gc .yui-u{width:32%;_float:right;margin-right:0;_margin-left:0;}.yui-gb .yui-gc div.first{width:66%;*float:left;*margin-left:0;}.yui-gb .yui-ge .yui-u,.yui-gb .yui-gf .yui-u{margin:0;}.yui-gb .yui-gb .yui-u{_margin-left:.7%;}.yui-gb .yui-g div.first,.yui-gb .yui-gb div.first{*margin-left:0;}.yui-gc .yui-g .yui-u,.yui-gd .yui-g .yui-u{*width:48.1%;*margin-left:0;}.yui-gb .yui-gd div.first{width:32%;}.yui-g .yui-gd div.first{_width:29.9%;}.yui-ge .yui-g{width:24%;}.yui-gf .yui-g{width:74.2%;}.yui-gb .yui-ge div.yui-u,.yui-gb .yui-gf div.yui-u{float:right;}.yui-gb .yui-ge div.first,.yui-gb .yui-gf div.first{float:left;}.yui-gb .yui-ge .yui-u,.yui-gb .yui-gf div.first{*width:24%;_width:20%;}.yui-gb .yui-ge div.first,.yui-gb .yui-gf .yui-u{*width:73.5%;_width:65.5%;}.yui-ge div.first .yui-gd .yui-u{width:65%;}.yui-ge div.first .yui-gd div.first{width:32%;}#hd:after,#bd:after,#ft:after,.yui-g:after,.yui-gb:after,.yui-gc:after,.yui-gd:after,.yui-ge:after,.yui-gf:after{content:".";display:block;height:0;clear:both;visibility:hidden;}#hd,#bd,#ft,.yui-g,.yui-gb,.yui-gc,.yui-gd,.yui-ge,.yui-gf{zoom:1;}/* +Copyright (c) 2009, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.net/yui/license.txt +version: 2.7.0 +*/ +body{margin:10px;}h1{font-size:138.5%;}h2{font-size:123.1%;}h3{font-size:108%;}h1,h2,h3{margin:1em 0;}h1,h2,h3,h4,h5,h6,strong,dt{font-weight:bold;}optgroup{font-weight:normal;}abbr,acronym{border-bottom:1px dotted #000;cursor:help;}em{font-style:italic;}del{text-decoration:line-through;}blockquote,ul,ol,dl{margin:1em;}ol,ul,dl{margin-left:2em;}ol li{list-style:decimal outside;}ul li{list-style:disc outside;}dl dd{margin-left:1em;}th,td{border:1px solid #000;padding:.5em;}th{font-weight:bold;text-align:center;}caption{margin-bottom:.5em;text-align:center;}sup{vertical-align:super;}sub{vertical-align:sub;}p,fieldset,table,pre{margin-bottom:1em;}button,input[type="checkbox"],input[type="radio"],input[type="reset"],input[type="submit"]{padding:1px;} diff --git a/www/css/layout.css b/www/css/layout.css new file mode 100644 index 0000000000..3a0bdebe33 --- /dev/null +++ b/www/css/layout.css @@ -0,0 +1,548 @@ + +/* +layout.css -- css stylesheet used on www.gnu.org + +Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. +*/ + +/* NOTE: Changes to this file will affect the entire site, often in +unexpected ways. Please mail patches to www-discuss@gnu.org rather +than commit changes directly. */ + +html, body{ + padding: 0; + margin: 0; + background-color: #fff; + color: #35382a; + text-align: inherit; + font-size: 100%; +} + +a[href] { color: blue } +a[href]:visited { color: purple } +a[href]:active, a[href]:hover { color: red } + +/* For the note saying the page is a translation. */ +.trans-disclaimer { + text-align: center; + font-weight: bold; + text-decoration: underline; +} + +/* For outdated translations */ +#outdated { + margin-top: 0.5em ; + margin-bottom: 0.5em ; + padding: 0.5em; + border:2px solid red; + background: #FFFFCC; +} +#outdated p { margin: 0.2em; } +/* In the out-of-date notice, we use
    elements to separate + translatable texts from automatically generated items. */ +#outdated br { display: none } + +/* the urgent div should be enabled when we have something urgent to +appear on every page - these typically come from johns, peterb or rms +at the fsf */ + +#urgent{ + +background-color:#ff3; +line-height: 3em; +font-size: 0.9em; +text-align: center; +border-bottom: 5px solid #333; + } + +#urgent a, #urgent a:visited{ +color: blue; text-decoration: underline !important; +} + +#urgent a:hover{ background-color: red; } + + #wrapper{ + margin: 0; + background-color: transparent; + padding: 0em; + position: relative; + } + +a:hover{ color: red; } + +/* This specifies the basic width of our web pages. Don't change it + without discussion on www-discuss. The magic 74.92 is for + consistency with fsf.org. */ +.inner { margin: auto; width: 99%; max-width:74.92em; } + +#logo{background:url(/graphics/topbanner.png) no-repeat;border:0;float: left;margin:0em;padding:0;} +#logo:lang(ar) {background:url(/graphics/topbanner.ar.png) no-repeat; float: right;} + +#logo a { display:block;text-decoration:none;overflow:hidden;border:0;margin:0;padding:0;padding-top:101px;height:0px !important;width:550px;cursor:pointer;} + +#fsf-logo{ position: absolute; top: 0; right: 25px; } + +#links{ display: none !important; } + +#links{ position: absolute; top: 5px; right: 1em; border-left: 1px + solid #333; padding-left: 1em;height: 90px; overflow: hidden; } + +#links ul{ padding-left: 1em; padding-top: 1em; } + +#links li { line-height: 1.6em; font-size: 0.9em; } + +#content { background-color: #fff; padding-bottom: 1.8em; margin-top: 0.5em; text-align: left; } + +#header { background-color: #fff; text-align: left; } + +#content .home { margin-bottom: 10px; } + +#content:lang(ar), #content:lang(fa), #searcher:lang(he) {text-align: right;} + +#navigation{ background-color: #bd0000; border-bottom: 5px solid #333; clear: both; } + +#navigation:after{ clear: both; content: ""; display: block; height: 0px; visibility: hidden; width: 0px; } + +#navigation ul{font-size: 0.8em; margin: 1.1em auto; padding-top: 1.1em } + +#navigation li{display: inline; } + +#navigation li a {color: white; text-decoration: none; font-weight: bold; padding: .9em;} + +#navigation li a:hover{ background-color: maroon; color: yellow; } + +#joinfsftab a{color: yellow !important} + +#content h2 { + background-color: transparent; color: #520000; font-size: 2em; + margin-bottom: 0.3em; font-weight:bold; text-align: center; margin: 0; margin-bottom: 12px; } + +#content h3, #content h4, #content h5, #content h6 {line-height: 1.5em;} + +#content h3{ font-size: 1.6em; } + +#content h4{ font-size: 1.3em; } + +#content h5{ font-size: 1.1em; } + +#content h6{ font-size: 1em; } + +.caption{ color: #3465a4; font-size: 1.5em !important; margin:0; } + +.netscape4{ + display: none !important; + height: 0; +} + +#translations{ background-color: #fff; + padding: 0; line-height: 1.6em; color: #000; } + +#translations h3, #translations h4{ font-size: 1em; font-weight: bold; margin-bottom: 0.5em; padding: 0; } + +#translations li { direction: ltr; display: inline-block; + padding-left: 0.25em; padding-right: 0.25em; } + +/* Highlight the link to the original page */ +#translations li:first-child { font-size: 1.1em; font-weight: bold; } +#translations li:first-child a { color: #008 !important; } + +#translations a{ color: blue !important; } + +#footer { background-color: #fff; border-top: 5px solid #444; padding:1em; color: #000; margin-top: 1em; } + +#footer a{ color: blue; } + +#footer p{ margin-bottom: 0.7em; } + +#footer, #translations { font-size: 0.9em; } + +.announcement{ font-size: 1.1em; font-weight: bold; padding-left: 1em; margin-left: 1em; border-left: 1em solid #eee; margin-bottom: 1em; } + +img{ border: 0; } + +#rms-image{ +width: 200px; +height: 219px; +float: right; +margin-left: 1em; margin-bottom: 1em; +border: 1px solid #ddd; +background-image: url('/graphics/rms2005chrys.jpg'); +} + +.lyrics{background-color: #eee; font-style: italic; width: 25em; padding: 2em; border: 2px solid #e5e5e5; margin-left: 2em;} + + #gplv3-dogear{ + position: absolute; + top: -1px; + left: -1px; + } + + #gplv3-dogear h3{margin: 0;} + + #gplv3-dogear a{ + background-image: url('/graphics/dogear.png'); + border: 0; + display: block; + text-decoration: none; + overflow: hidden; + height: 0px !important; + width: 64px; + padding: 0; + padding-top: 64px; + cursor: pointer; + + } + +.nocenter{ text-align: left; } + +#print-this-article p{ text-align: center; } + +#content ul, #fsf-campaigns ul{ list-style: square; margin-left: 1.4em; } + +#content ol{ list-style: decimal; margin-left: 1.9em; } + +#content li, #fsf-campaigns li, #content dd, #content p, #content pre, #content dt, #content code, #content address{ + line-height: 1.3em; } + +address{ margin-bottom: 1em; } + +/* separate the "term" from subsequent "description" */ +dt { margin-bottom: 1em; } +/* separate the "description" from subsequent list item + when the final

    child is an anonymous box */ +dd { margin-bottom: 2em; } +/* separate anonymous box (used to be the first element in
    ) + from subsequent

    */ +dd p { margin-top: 1em; } + +#bottom-links{ background-color: #fff; font-size: 0.8em;} + +#bottom-links li{ display: inline; margin-right: 1em; line-height: 2em; } + +#backtotop{ padding-bottom: 1em; background-color: #fff; } + +#backtotop p{ text-align: right; } + +blockquote{ margin: 1em; font-style: italic; } + +#toplinks{font-size: 80%; padding: 4px; z-index: 999; top: 0; left: 0; } + +#toplinks a{ font-weight: bold; color: #888; } + +#toplinks a:hover, #toplinks a:active{color: blue;} + +.center{ text-align:center; } + +.big{ font-size: 130%; padding-top: 0.7em; } + +.inline-list li { display: inline } + +#searcher{ float: right; margin-right: 1em; line-height: 3em; color: white; text-transform: uppercase; font-weight: bold; background-color: maroon; padding-left: 1em; padding-right: 1em;} + +#searcher:lang(ar), #searcher:lang(fa), #searcher:lang(he) {float: left;} + +#searcher, #searcher input{ font-size: 0.8em; } + +.highlight, .highlight-para{background-color: #ff6;} + +#takeactionhomepage{ + + background-color: #fdb144; + color: black; + margin-bottom: 0.5em; + font-size: 90%; + padding: 1em; +} + +#takeactionhomepage h1{text-align: center !important; border: 0 !important; color: black; font-size: 2em !important; padding-top: 0.2em;} + +#takeactionhomepage ul{list-style: none !important; text-align: center; margin: 0 !important; padding: 0 !important; } + +#takeactionhomepage li{line-height: 1.3em; list-style: none !important;} + +#fssbox {text-align: center; float: right; font-size: 80%;} +#fssbox:lang(ar) {float: left;} + +#fssbox p{ margin-bottom: 0px;} + +#content h2 a{color: yellow !important;} + +acronym, abbr {border-bottom: 1px dotted #111;} + +.pad {margin-bottom: 1em;} + +.layout-table * { border: 0; } + +#fpnav ul{list-style: none; margin: 0 !important; padding: 0 !important;} + +#fpnav li{display: block; text-align: left; margin-right: 1em; font-size: 0.9em;} + +#fpnav li a{display: block; padding-top: 6px; padding-bottom: 6px;} + +#fpnav li a:hover{text-decoration: none; background-color: yellow;} + +.pad td{padding-left: 1em; padding-right: 1em;} + +.imgright{ float: right; margin: 12px; } + +.imgleft { float: left; margin: 12px; } + +.c { text-align: center; } + +.listing, +.stx table { + /* The default table for document listings. Contains name, document types, modification times etc in a file-browser-like fashion */ + border-collapse: collapse; + border-left: 1px solid #666666; + border-bottom: 1px solid #666666; + margin: 1em 0em 1em 0em; +} +.listing th, +.stx table th { + background: #d40; + color: white; + font-weight: bold !important; + border-top: 1px solid #666666; + border-bottom: 1px solid #666666; + border-right: 1px solid #666666; + font-weight: normal; + padding: 1em; +} + +.listing td a { display: block; } + +.listing .top { + border-top: 1px solid #666666; + text-align: right ! important; + padding: 0em 0em 1em 0em; +} +.listing .odd { + /*every second line should be shaded */ + background-color: transparent; +} +.listing .even { + background-color: #ededed; +} +.listing .listingCheckbox { + text-align: center; +} +.listing td, +.stx table td { + border-right: 1px solid #666666; + padding: 1em; + text-align: center; + line-height: 1.3em +} +.listing a:hover { + text-decoration: underline; +} +.listing img { + vertical-align: middle; +} + +.listing { width: 100%; } + +#fsf-links { margin: 1em auto; border: 1px solid #ccc; padding: 5px; } + +#fsf-links li a{ color: #555; text-decoration: none; } + +#fsf-links ul li { + list-style: none; + padding: 0.3em 0.7em; + font-weight: bold; + display: inline-block; +} + +#fsf-links li{ font-size: 13px } + +#fsf-links li a:hover{ color: #0063DC; } + +#fsf-links ul { padding: 0; margin: 0; text-align: center; } + +.button { border: 3px solid #999; + border-left-color: #ccc; + border-top-color: #ccc; + font-weight: bold; + margin-bottom: 10px; + -moz-border-radius: 0.4em; + -khtml-border-radius: 0.4em; + } + +.button a{ display: block; text-decoration: none; color: #333; padding: 0.25em;} + +.button a:hover{ color: red;} + +.large { font-size: 36px; background-color: #aacb50; } + +.small { font-size: 22px; background-color: #89b1bd; } + +.emph-box { background-color: #ececec; border: 0px solid #ccc; padding: 12px; } +.emph-box:target { background-color: #ff8; } + +.emph-box p { font-size: 0.9em } + +.emph-box h4 { text-align: center; font-size: 28px !important; margin-bottom: 12px;} + +#windows7sins { width: 310px; text-align: center; float: right; margin: 12px; } + +.highlight-para { padding: 1em; } + +/* This is used in pages of lists, such as gnu-linux.faq.html, + to give readers a hint that they can link directly to a given item. + We make it less obtrusive than the item heading it follows. */ +.anchor-reference-id { font-size: 70%; font-weight: normal; } + +/* emacs-page */ +/* Items specific to education */ + +/* definitions for /education-specific navigation bar */ +ul#edu-navigation { + text-align: center; + /* the selected colors are the same as for h2 */ + background-color: #3465a4; + color: white; + /* right and left extents should be the same as for h2; + the top separation is determined via h2 margin-bottom */ + margin: 0; + margin-bottom: 1.7em; +} + +#edu-navigation li { + display: inline; + list-style-type: none; +} + +#edu-navigation li a { + /* font size and padding are set to make the navigation bar + remain a single line when window is 921 pixels or wider */ + font-size: 12.8px; + padding: 0 10px; + display: inline-block; + background-color: #3465a4; + color: white; + text-decoration: none; + font-weight: bold; +} + +#edu-navigation li a:hover, #edu-navigation li.active a { + background-color: #006; + color: yellow; +} + +/* let edu-navigation bar approach closer to h2 */ +div#education-content h2 { margin-bottom: 1px; } + +/* breadcrumb for /education */ +p.edu-breadcrumb { + line-height: 150% !important; + padding-left: 10px; +} + +/* styles for subsections of /education "Case Studies" */ + +div.edu-cases { + border-top: 5px ridge #3465a4; + border-bottom: 5px ridge #3465a4; + margin-right: 4em; + margin-left: 4em; + margin-bottom: 1em; +} + +/* make h3 for edu-cases look like h4 for other pages */ +div.edu-cases h3 { + font-size: 1.3em !important; + margin: 0; +} + +div.edu-cases ul, div.edu-cases ol { + padding-left: 3em; + margin-right: 3em; +} + +/* End items specific to education */ + +/* GnuTLS tables */ +table.transparent { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: white; +} +table.transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.transparent td { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.news-transparent { + border-width: 3px; + border-spacing: 5px; + border-style: none; + border-color: #ccbcbc; + border-collapse: separate; + background-color: transparent; +} +table.news-transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: transparent; + -moz-border-radius: ; +} +table.news-transparent td { + border-width: 1px; + padding: 3px; + border-style: solid; + border-color: #e0d7d7; + background-color: transparent; + -moz-border-radius: ; +} +table.news { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: #e5e5e5; +} +table.news th { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: #ccbcbc; + -moz-border-radius: ; +} +table.news td { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: #e0d7d7; + -moz-border-radius: ; +} diff --git a/www/css/layout.cwml b/www/css/layout.cwml new file mode 100644 index 0000000000..a4591ee83e --- /dev/null +++ b/www/css/layout.cwml @@ -0,0 +1,549 @@ + +/* +layout.css -- css stylesheet used on www.gnu.org + +Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. +*/ + +/* NOTE: Changes to this file will affect the entire site, often in +unexpected ways. Please mail patches to www-discuss@gnu.org rather +than commit changes directly. */ + +html, body{ + padding: 0; + margin: 0; + background-color: #fff; + color: #35382a; + text-align: inherit; + font-size: 100%; +} + +a[href] { color: blue } +a[href]:visited { color: purple } +a[href]:active, a[href]:hover { color: red } + +/* For the note saying the page is a translation. */ +.trans-disclaimer { + text-align: center; + font-weight: bold; + text-decoration: underline; +} + +/* For outdated translations */ +#outdated { + margin-top: 0.5em ; + margin-bottom: 0.5em ; + padding: 0.5em; + border:2px solid red; + background: #FFFFCC; +} +#outdated p { margin: 0.2em; } +/* In the out-of-date notice, we use
    elements to separate + translatable texts from automatically generated items. */ +#outdated br { display: none } + +/* the urgent div should be enabled when we have something urgent to +appear on every page - these typically come from johns, peterb or rms +at the fsf */ + +#urgent{ + +background-color:#ff3; +line-height: 3em; +font-size: 0.9em; +text-align: center; +border-bottom: 5px solid #333; + } + +#urgent a, #urgent a:visited{ +color: blue; text-decoration: underline !important; +} + +#urgent a:hover{ background-color: red; } + + #wrapper{ + margin: 0; + background-color: transparent; + padding: 0em; + position: relative; + } + +a:hover{ color: red; } + +/* This specifies the basic width of our web pages. Don't change it + without discussion on www-discuss. The magic 74.92 is for + consistency with fsf.org. */ +.inner { margin: auto; width: 99%; max-width:74.92em; } + +#logo{background:url(/graphics/topbanner.png) no-repeat;border:0;float: left;margin:0em;padding:0;} +#logo:lang(ar) {background:url(/graphics/topbanner.ar.png) no-repeat; float: right;} + +#logo a { display:block;text-decoration:none;overflow:hidden;border:0;margin:0;padding:0;padding-top:101px;height:0px !important;width:550px;cursor:pointer;} + +#fsf-logo{ position: absolute; top: 0; right: 25px; } + +#links{ display: none !important; } + +#links{ position: absolute; top: 5px; right: 1em; border-left: 1px + solid #333; padding-left: 1em;height: 90px; overflow: hidden; } + +#links ul{ padding-left: 1em; padding-top: 1em; } + +#links li { line-height: 1.6em; font-size: 0.9em; } + +#content { background-color: #fff; padding-bottom: 1.8em; margin-top: 0.5em; text-align: left; } + +#header { background-color: #fff; text-align: left; } + +#content .home { margin-bottom: 10px; } + +#content:lang(ar), #content:lang(fa), #searcher:lang(he) {text-align: right;} + +#navigation{ background-color: #bd0000; border-bottom: 5px solid #333; clear: both; } + +#navigation:after{ clear: both; content: ""; display: block; height: 0px; visibility: hidden; width: 0px; } + +#navigation ul{font-size: 0.8em; margin: 1.1em auto; padding-top: 1.1em } + +#navigation li{display: inline; } + +#navigation li a {color: white; text-decoration: none; font-weight: bold; padding: .9em;} + +#navigation li a:hover{ background-color: maroon; color: yellow; } + +#joinfsftab a{color: yellow !important} + +#content h2 { + background-color: transparent; color: #520000; font-size: 2em; + margin-bottom: 0.3em; font-weight:bold; text-align: center; margin: 0; margin-bottom: 12px; } + +#content h3, #content h4, #content h5, #content h6 {line-height: 1.5em;} + +#content h3{ font-size: 1.6em; } + +#content h4{ font-size: 1.3em; } + +#content h5{ font-size: 1.1em; } + +#content h6{ font-size: 1em; } + +.caption{ color: #3465a4; font-size: 1.5em !important; margin:0; } + +.netscape4{ + display: none !important; + height: 0; +} + +#translations{ background-color: #fff; + padding: 0; line-height: 1.6em; color: #000; } + +#translations h3, #translations h4{ font-size: 1em; font-weight: bold; margin-bottom: 0.5em; padding: 0; } + +#translations li { direction: ltr; display: inline-block; + padding-left: 0.25em; padding-right: 0.25em; } + +/* Highlight the link to the original page */ +#translations li:first-child { font-size: 1.1em; font-weight: bold; } +#translations li:first-child a { color: #008 !important; } + +#translations a{ color: blue !important; } + +#footer { background-color: #fff; border-top: 5px solid #444; padding:1em; color: #000; margin-top: 1em; } + +#footer a{ color: blue; } + +#footer p{ margin-bottom: 0.7em; } + +#footer, #translations { font-size: 0.9em; } + +.announcement{ font-size: 1.1em; font-weight: bold; padding-left: 1em; margin-left: 1em; border-left: 1em solid #eee; margin-bottom: 1em; } + +img{ border: 0; } + +#rms-image{ +width: 200px; +height: 219px; +float: right; +margin-left: 1em; margin-bottom: 1em; +border: 1px solid #ddd; +background-image: url('/graphics/rms2005chrys.jpg'); +} + +.lyrics{background-color: #eee; font-style: italic; width: 25em; padding: 2em; border: 2px solid #e5e5e5; margin-left: 2em;} + + #gplv3-dogear{ + position: absolute; + top: -1px; + left: -1px; + } + + #gplv3-dogear h3{margin: 0;} + + #gplv3-dogear a{ + background-image: url('/graphics/dogear.png'); + border: 0; + display: block; + text-decoration: none; + overflow: hidden; + height: 0px !important; + width: 64px; + padding: 0; + padding-top: 64px; + cursor: pointer; + + } + +.nocenter{ text-align: left; } + +#print-this-article p{ text-align: center; } + +#content ul, #fsf-campaigns ul{ list-style: square; margin-left: 1.4em; } + +#content ol{ list-style: decimal; margin-left: 1.9em; } + +#content li, #fsf-campaigns li, #content dd, #content p, #content pre, #content dt, #content code, #content address{ + line-height: 1.3em; } + +address{ margin-bottom: 1em; } + +/* separate the "term" from subsequent "description" */ +dt { margin-bottom: 1em; } +/* separate the "description" from subsequent list item + when the final

    child is an anonymous box */ +dd { margin-bottom: 2em; } +/* separate anonymous box (used to be the first element in
    ) + from subsequent

    */ +dd p { margin-top: 1em; } + +#bottom-links{ background-color: #fff; font-size: 0.8em;} + +#bottom-links li{ display: inline; margin-right: 1em; line-height: 2em; } + +#backtotop{ padding-bottom: 1em; background-color: #fff; } + +#backtotop p{ text-align: right; } + +blockquote{ margin: 1em; font-style: italic; } + +#toplinks{font-size: 80%; padding: 4px; z-index: 999; top: 0; left: 0; } + +#toplinks a{ font-weight: bold; color: #888; } + +#toplinks a:hover, #toplinks a:active{color: blue;} + +.center{ text-align:center; } + +.big{ font-size: 130%; padding-top: 0.7em; } + +.inline-list li { display: inline } + +#searcher{ float: right; margin-right: 1em; line-height: 3em; color: white; text-transform: uppercase; font-weight: bold; background-color: maroon; padding-left: 1em; padding-right: 1em;} + +#searcher:lang(ar), #searcher:lang(fa), #searcher:lang(he) {float: left;} + +#searcher, #searcher input{ font-size: 0.8em; } + +.highlight, .highlight-para{background-color: #ff6;} + +#takeactionhomepage{ + + background-color: #fdb144; + color: black; + margin-bottom: 0.5em; + font-size: 90%; + padding: 1em; +} + +#takeactionhomepage h1{text-align: center !important; border: 0 !important; color: black; font-size: 2em !important; padding-top: 0.2em;} + +#takeactionhomepage ul{list-style: none !important; text-align: center; margin: 0 !important; padding: 0 !important; } + +#takeactionhomepage li{line-height: 1.3em; list-style: none !important;} + +#fssbox {text-align: center; float: right; font-size: 80%;} +#fssbox:lang(ar) {float: left;} + +#fssbox p{ margin-bottom: 0px;} + +#content h2 a{color: yellow !important;} + +acronym, abbr {border-bottom: 1px dotted #111;} + +.pad {margin-bottom: 1em;} + +.layout-table * { border: 0; } + +#fpnav ul{list-style: none; margin: 0 !important; padding: 0 !important;} + +#fpnav li{display: block; text-align: left; margin-right: 1em; font-size: 0.9em;} + +#fpnav li a{display: block; padding-top: 6px; padding-bottom: 6px;} + +#fpnav li a:hover{text-decoration: none; background-color: yellow;} + +.pad td{padding-left: 1em; padding-right: 1em;} + +.imgright{ float: right; margin: 12px; } + +.imgleft { float: left; margin: 12px; } + +.c { text-align: center; } + +.listing, +.stx table { + /* The default table for document listings. Contains name, document types, modification times etc in a file-browser-like fashion */ + border-collapse: collapse; + border-left: 1px solid #666666; + border-bottom: 1px solid #666666; + margin: 1em 0em 1em 0em; +} +.listing th, +.stx table th { + background: #d40; + color: white; + font-weight: bold !important; + border-top: 1px solid #666666; + border-bottom: 1px solid #666666; + border-right: 1px solid #666666; + font-weight: normal; + padding: 1em; +} + +.listing td a { display: block; } + +.listing .top { + border-top: 1px solid #666666; + text-align: right ! important; + padding: 0em 0em 1em 0em; +} +.listing .odd { + /*every second line should be shaded */ + background-color: transparent; +} +.listing .even { + background-color: #ededed; +} +.listing .listingCheckbox { + text-align: center; +} +.listing td, +.stx table td { + border-right: 1px solid #666666; + padding: 1em; + text-align: center; + line-height: 1.3em +} +.listing a:hover { + text-decoration: underline; +} +.listing img { + vertical-align: middle; +} + +.listing { width: 100%; } + +#fsf-links { margin: 1em auto; border: 1px solid #ccc; padding: 5px; } + +#fsf-links li a{ color: #555; text-decoration: none; } + +#fsf-links ul li { + list-style: none; + padding: 0.3em 0.7em; + font-weight: bold; + display: inline-block; +} + +#fsf-links li{ font-size: 13px } + +#fsf-links li a:hover{ color: #0063DC; } + +#fsf-links ul { padding: 0; margin: 0; text-align: center; } + +.button { border: 3px solid #999; + border-left-color: #ccc; + border-top-color: #ccc; + font-weight: bold; + margin-bottom: 10px; + -moz-border-radius: 0.4em; + -khtml-border-radius: 0.4em; + } + +.button a{ display: block; text-decoration: none; color: #333; padding: 0.25em;} + +.button a:hover{ color: red;} + +.large { font-size: 36px; background-color: #aacb50; } + +.small { font-size: 22px; background-color: #89b1bd; } + +.emph-box { background-color: #ececec; border: 0px solid #ccc; padding: 12px; } +.emph-box:target { background-color: #ff8; } + +.emph-box p { font-size: 0.9em } + +.emph-box h4 { text-align: center; font-size: 28px !important; margin-bottom: 12px;} + +#windows7sins { width: 310px; text-align: center; float: right; margin: 12px; } + +.highlight-para { padding: 1em; } + +/* This is used in pages of lists, such as gnu-linux.faq.html, + to give readers a hint that they can link directly to a given item. + We make it less obtrusive than the item heading it follows. */ +.anchor-reference-id { font-size: 70%; font-weight: normal; } + +/* emacs-page */ +/* Items specific to education */ + +/* definitions for /education-specific navigation bar */ +ul#edu-navigation { + text-align: center; + /* the selected colors are the same as for h2 */ + background-color: #3465a4; + color: white; + /* right and left extents should be the same as for h2; + the top separation is determined via h2 margin-bottom */ + margin: 0; + margin-bottom: 1.7em; +} + +#edu-navigation li { + display: inline; + list-style-type: none; +} + +#edu-navigation li a { + /* font size and padding are set to make the navigation bar + remain a single line when window is 921 pixels or wider */ + font-size: 12.8px; + padding: 0 10px; + display: inline-block; + background-color: #3465a4; + color: white; + text-decoration: none; + font-weight: bold; +} + +#edu-navigation li a:hover, #edu-navigation li.active a { + background-color: #006; + color: yellow; +} + +/* let edu-navigation bar approach closer to h2 */ +div#education-content h2 { margin-bottom: 1px; } + +/* breadcrumb for /education */ +p.edu-breadcrumb { + line-height: 150% !important; + padding-left: 10px; +} + +/* styles for subsections of /education "Case Studies" */ + +div.edu-cases { + border-top: 5px ridge #3465a4; + border-bottom: 5px ridge #3465a4; + margin-right: 4em; + margin-left: 4em; + margin-bottom: 1em; +} + +/* make h3 for edu-cases look like h4 for other pages */ +div.edu-cases h3 { + font-size: 1.3em !important; + margin: 0; +} + +div.edu-cases ul, div.edu-cases ol { + padding-left: 3em; + margin-right: 3em; +} + +/* End items specific to education */ + + +/* GnuTLS tables */ +table.transparent { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: white; +} +table.transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.transparent td { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.news-transparent { + border-width: 3px; + border-spacing: 5px; + border-style: none; + border-color: $(TABLE_HDCOLOR); + border-collapse: separate; + background-color: transparent; +} +table.news-transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: transparent; + -moz-border-radius: ; +} +table.news-transparent td { + border-width: 1px; + padding: 3px; + border-style: solid; + border-color: $(TABLE_BGCOLOR2); + background-color: transparent; + -moz-border-radius: ; +} +table.news { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: $(TABLE_BGCOLOR); +} +table.news th { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: $(TABLE_HDCOLOR); + -moz-border-radius: ; +} +table.news td { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: $(TABLE_BGCOLOR2); + -moz-border-radius: ; +} diff --git a/www/css/mini.css b/www/css/mini.css new file mode 100644 index 0000000000..ccf254ae22 --- /dev/null +++ b/www/css/mini.css @@ -0,0 +1,12 @@ +/* Please do not edit this file. Instead, see +http://developer.yahoo.com/yui/2/ for future releases of YUI version 2 +*/ + +/* +Copyright (c) 2009, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.net/yui/license.txt +version: 2.8.0r4 +*/ +html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,button,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,em,strong,th,var,optgroup{font-style:inherit;font-weight:inherit;}del,ins{text-decoration:none;}li{list-style:none;}caption,th{text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym{border:0;font-variant:normal;}sup{vertical-align:baseline;}sub{vertical-align:baseline;}legend{color:#000;}input,button,textarea,select,optgroup,option{font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;}input,button,textarea,select{*font-size:100%;} +body{margin:10px;}h1{font-size:138.5%;}h2{font-size:123.1%;}h3{font-size:108%;}h1,h2,h3{margin:1em 0;}h1,h2,h3,h4,h5,h6,strong,dt{font-weight:bold;}optgroup{font-weight:normal;}abbr,acronym{border-bottom:1px dotted #000;cursor:help;}em{font-style:italic;}del{text-decoration:line-through;}blockquote,ul,ol,dl{margin:1em;}ol,ul,dl{margin-left:2em;}ol li{list-style:decimal outside;}ul li{list-style:disc outside;}dl dd{margin-left:1em;}th,td{border:1px solid #000;padding:.5em;}th{font-weight:bold;text-align:center;}caption{margin-bottom:.5em;text-align:center;}sup{vertical-align:super;}sub{vertical-align:sub;}p,fieldset,table,pre{margin-bottom:1em;}button,input[type="checkbox"],input[type="radio"],input[type="reset"],input[type="submit"]{padding:1px;} diff --git a/www/css/print.css b/www/css/print.css new file mode 100644 index 0000000000..5b0252e8d2 --- /dev/null +++ b/www/css/print.css @@ -0,0 +1,79 @@ +/* +print.css -- css stylesheet used on www.gnu.org + +Copyright (C) 2006, 2007 Free Software Foundation + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +*/ +#header, #navigation, #links, #toplinks, .netscape4, #fsf-links, +#backtotop, #translations, #searcher, #footer, #mission-statement, +#Disclaimer { display: none !important; } + + + +.inner{ width: 100%; } + +body { + font-family: Baskerville, Georgia, Garamond, Times, serif; + font-size: 11pt !important; + border: 0; +} + +h1, h2, h3, h4, h5, h6 +{ + border: none; + font-family: Baskerville, Georgia, Garamond, Times, serif; +} + +div, p, ul, dl, ol { + width: auto !important; +} + +ul, ol, dl { + padding-right: 0.5em; +} + +ul { + list-style-type: square; +} + + +.documentDescription { + font-weight: bold; +} + +pre { + border: 1pt dotted black; + white-space: pre; + font-size: 8pt; + overflow: auto; + padding: 1em 0; +} + +table.listing, +table.listing td { + border: 1pt solid black; + border-collapse: collapse; +} + +a { + color: Black !important; + padding: 0 !important; + text-decoration: none !important; +} + +a:link, a:visited { + color: #520; + background: transparent; +} diff --git a/www/devel.wml b/www/devel.wml new file mode 100644 index 0000000000..92be1d40a0 --- /dev/null +++ b/www/devel.wml @@ -0,0 +1,69 @@ +#include 'common.wml' page="Development" + +

    Reporting bugs

    +To report a bug, in addition to describing the issue, please: +
      +
    • Provide the version of the library the bug is present on (the oldest supported release is $(STABLE_OLD_VER).x), and try to detect the version the bug was introduced, e.g., using git-bisect.
      • +
    • Provide a way to reproduce the issue; e.g., a small program which reproduces it.
      • +
    • Use our issue tracker +or the bug report address for non-public issues.
      • +
    +That would help us to address your issue. + +

    API and ABI

    +

    +Our goal is to deliver a stable API and ABI for the library, but on certain +major releases we have decided to break the ABI in order to deprecate old APIs and avoid clutter. +To ensure API and ABI stability we rely on abi-compliance-checker and other +tools. +

    + + +

    Development

    +

    To follow development it is easier to subscribe on the mailing lists; the wiki pages +may also contain information on new developments and plans. +To browse the source code a web interface exists at gitlab.com. +If you want to build the latest GnuTLS code from the repository, use the following commands: +

    + + +
    +$ git clone https://gitlab.com/gnutls/gnutls.git
+$ cd gnutls
+$ git submodule update --init
+$ make bootstrap # Will generate ./configure script
+$ ./configure --enable-gcc-warnings --enable-gtk-doc --enable-gtk-doc-pdf
+$ make
+$ make check
+
    + +

    You will need several developer tools, which are listed in + +README. +

    + +

    If you wish to contribute, you may read more about + +our coding style. +Note that when contributing code that is not assigned to FSF, you will need to +assert that the contribution is in accordance to the Developer's +Certificate of Origin. That can be done by sending a mail with your real name that contains +the DCO to the gnutls-devel mailing list. Then just make sure that your contributions (patches), +contain a "Signed-off-by" line, with your name and e-mail address. +

    + + +

    Some additional resources: +

    + + + +#include 'bottom.wml' diff --git a/www/documentation.wml b/www/documentation.wml new file mode 100644 index 0000000000..297b556042 --- /dev/null +++ b/www/documentation.wml @@ -0,0 +1,57 @@ +#include 'common.wml' page="Documentation" + +

    The GnuTLS manual for the latest stable version is available in many formats. +You can also get a hard copy of the manual +at lulu.com. + + +

    + +

    + + + + + +
    + + +Support independent publishing: Buy this book on Lulu. +
    +

    + +

    The manual for + the GNU Guile + bindings of GnuTLS is available in the following formats: + +

      +
    • HTML - entirely on one web page.
      • +
    • HTML - with one web page per + node.
      • +
    • PDF file.
      • +
    +

    + +

    The following formats are available but may be incomplete -- help is needed to maintain them. +

    +

    +

    + + +Other resources. +

    +

    + + +#include 'bottom.wml' diff --git a/www/download.wml b/www/download.wml new file mode 100644 index 0000000000..c83352422d --- /dev/null +++ b/www/download.wml @@ -0,0 +1,150 @@ +#include 'common.wml' page="Download" + +

    +

    + + +
    + Required libraries: + + Optional libraries: +
      +
    • libtasn1 ASN.1 parsing - a copy is included in GnuTLS
      • +
    • p11-kit for PKCS #11 support
      • +
    • trousers for TPM support
      • +
    • libidn for Internationalized Domain Names support
      • +
    • libunbound for DNSSEC/DANE functionality
      • +
    • zlib for compression
      • +
    +
    +
    +

    + + +sub print_ver { +my $name = $_[0]; +my $abi = $_[1]; +my $version = $_[2]; + +if ($version ne '') { +print " + $name${version}.x + $abi + + ftp://ftp.gnutls.org/gcrypt/gnutls/v${version} (mirror list) + \n" if ("${version}" ne ""); +} +return; +} + + + + +

    + +

    + +

    Downloading the GnuTLS library

    + + All the new releases are signed + with Nikos' + OpenPGP key. + + + + + + + + + + + +<:= &print_ver("Next stable2", "$(STABLE_NEXT_ABI)", "$(STABLE_NEXT_VER)") :> +<:= &print_ver("Current stable", "$(STABLE_ABI)", "$(STABLE_VER)") :> +<:= &print_ver("Previous stable", "$(STABLE_OLD_ABI)", "$(STABLE_OLD_VER)") :> + +
    ReleaseVersionABILocation
    + +

    + +

    +

    GnuTLS for Windows

    + + + + + + + + + + + + + + + +
    DescriptionLocation
    Latest precompiled version + ftp://ftp.gnutls.org/gcrypt/gnutls/w32/ +
    +

    +

    +

    GnuTLS in other languages than C

    + + + + + + + + + + + + + + + + + + + + + + + + +
    LanguageLocation
    C++LibCXX
    + The GnuTLS distribution also includes a (limited) C++ interface. +
    Pythonpython-gnutls
    PHPPHP5-gnutls
    Guile (scheme)Included in the GnuTLS distribution
    +
    +

    + + +

    +1. Gmplib 6 is under LGPLv3 or GPLv2. Older versions of gmplib under LGPLv2 are also supported. +
    +2. Stable-next will be the next stable release; while it is believed to be sufficiently stable it is not as well tested as the stable branch. +

    + + +#include 'bottom.wml' diff --git a/www/faq.wml b/www/faq.wml new file mode 100644 index 0000000000..424061322c --- /dev/null +++ b/www/faq.wml @@ -0,0 +1,91 @@ +#include 'common.wml' page="Frequently asked questions" + +

    Answers to common questions follow. +

    + +
    +

    The software I use outputs the following error: +"The Diffie-Hellman prime sent by the server is not acceptable (not long enough)" +and the connection is terminated.

    +

    Answer: +The server you have tried to connect negotiates Diffie-Hellman (DH) ciphersuites +but offers a small and insecure DH group. This means that any connection data +could be decrypted in weeks or even hours by a determined adversary. For that +reason GnuTLS will refuse to communicate such servers. To work around the issue disable Diffie-Hellman +ciphersuites on the client (by using "NORMAL:-DHE-RSA" as a priority string); +this will force connecting using the plain RSA ciphersuites, at the cost +of losing perfect forward secrecy. +

    +

    +Note that currently in the NORMAL priority string, the minimum acceptable +size of DH group is set to be at 1008 bits. This is a very low size for +today's threats but unfortunately there are many popular Internet servers +providing such a weak security level. To increase the security level use +the SECURE128 or better priority strings, at the risk of a failed connection +with an insecure server. To avoid this issue, newer versions of GnuTLS prioritize the elliptic +curve DH ciphersuites that have no such issues (since the curve is negotiated +as part of the handshake). +

    +
    + +
    + +
    +

    "The software I use outputs the following error: +"Key usage violation in certificate has been detected." +and the connection is terminated.

    + +

    Answer: +The server you have tried to connect has its certificate marked for +encryption-only but the server uses it with a ciphersuite that requires signing (or vice-versa). This is +either due to an attack, or due to a serious server misconfiguration. +Contact the server administrator.
    +Because this misconfiguration problem is widespread, other TLS/SSL +implementations used by popular browsers tolerate the violation, and several +servers negotiate ciphersuites not allowed by the certificate, newer +versions of GnuTLS will also allow such key usage violations (and will only output a warning message). +

    +
    + +
    + +
    +

    "The server software I use outputs the following error: +"Insufficient credentials for that request." after a client connects.

    + +

    Answer: +If the server uses an X.509 certificate with an RSA key, then most probably the server certificate doesn't allow +any of the ciphersuites requested by the client (this is related to key-usage-violation). +There are three possibilities: +

      +
    • The server has a priority string that incorrectly restricts the available ciphersuites to +the set not allowed by the certificate. Solution: If the server has a certificate with the +Key Usage extension and digitalSignature set, make sure that DHE-RSA and ECDHE-RSA key exchange +methods are enabled. If the keyEncipherment flag is set, then make sure that the RSA key exchange is enabled.
      • +
    • The client requires only encryption ciphersuites (i.e., RSA) but the server certificate only +allows ciphersuites with signing (e.g., DHE-RSA). Solution: If the server has the Key Usage extension +with digitalSignature set, replace or (better) add another server certificate with keyEncipherment set. +
      • +
    • The client requires only signing ciphersuites (e.g., DHE-RSA) but the server certificate only +allows ciphersuites with encryption (i.e., RSA). That is the server has the Key Usage extension +with keyEncipherment set. Solution: If the server has the Key Usage extension +with keyEncipherment set, replace or (better) add another server certificate with digitalSignature set.
      • +
    + +Note that while having a single certificate with the Key Usage extension unset, or with both +digitalSignature and keyEncipherment flags would solve the issue; it is considered bad practice +to use a single key/certificate for both RSA encryption and signatures. +

    +
    + +
    +

    I heard about the backdoor in http://en.wikipedia.org/wiki/Dual_EC_DRBG, does it affect GnuTLS?

    + +

    Answer: +GnuTLS never supported the Dual EC random generator, hence this issue does not affect GnuTLS. +

    +
    + +
    + +#include 'bottom.wml' diff --git a/www/gnutls-logo.wml b/www/gnutls-logo.wml new file mode 100644 index 0000000000..5a2db5ba32 --- /dev/null +++ b/www/gnutls-logo.wml @@ -0,0 +1,30 @@ +#include 'common.wml' page="Logo" + +

    +This logo consists of two well known symbols, a lock transported on a truck. +The truck symbolizes the "Transport Layer" and the lock stands for "Security". + +

    + + +

    +We would like to thank Claus Schrammel for the design of this GnuTLS logo. +

    +

    + +This picture is available in the following formats: +

    + +

    + +#include 'bottom.wml' diff --git a/www/gnutls.wml b/www/gnutls.wml new file mode 100644 index 0000000000..160dd25463 --- /dev/null +++ b/www/gnutls.wml @@ -0,0 +1,68 @@ +#include 'common.wml' page="Overview" + + + + + +
    +

    + Welcome to GnuTLS project pages +

    +
      +
    • Overview +

      GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols + and technologies around them. It provides a simple C language application programming interface (API) + to access the secure communications protocols as well as APIs to parse and + write X.509, PKCS #12, OpenPGP and other required structures. It is + aimed to be portable and efficient with focus on security and interoperability. +

      • + +
    • Features +
        +
      • Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols
        • +
      • Support for DTLS 1.2, and DTLS 1.0, protocols
        • +
      • Support for certificate path validation, as well as DANE and trust on first use.
        • +
      • Support for the Online Certificate Status Protocol (OCSP).
        • +
      • Support for multiple certificate types including X.509 and OpenPGP certificates.
        • +
      • Support for public key methods, including RSA and Elliptic curves, as well as password and key authentication methods such as SRP and PSK protocols.
        • +
      • Support for all the strong encryption algorithms, including AES and Camellia. +
      • Support for CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. +
      • Support for cryptographic accelerator drivers via /dev/crypto. +
      • Supports natively HSMs and cryptographic tokens, via PKCS #11 and the Trusted Platform Module (TPM).
        • +
      • Runs on most Unix platforms and Windows.
        • +
      +
      • + +
    • License +

      The core library licensed under + the GNU + Lesser General Public License version 2.1 (LGPLv2.1+). The + LGPL license is compatible with a wide range of free licenses, + and even permit you to use GnuTLS in non-free proprietary + programs.

      • +
    + + + +

    + For more information on GnuTLS features, see the + wikipedia article comparing different TLS implementations. +

    + +    		 + +
    +#include 'rawnews.wml' MAX_NEWS=4 TABLE_CLASS=news-transparent +
    + +
    + +#include 'bottom.wml' diff --git a/www/graphics/gnutls-logo-icon.png b/www/graphics/gnutls-logo-icon.png new file mode 100644 index 0000000000..9cfb01624e Binary files /dev/null and b/www/graphics/gnutls-logo-icon.png differ diff --git a/www/graphics/gnutls-logo-icon2.png b/www/graphics/gnutls-logo-icon2.png new file mode 100644 index 0000000000..3f5c0460dc Binary files /dev/null and b/www/graphics/gnutls-logo-icon2.png differ diff --git a/www/graphics/gnutls-logo-large.png b/www/graphics/gnutls-logo-large.png new file mode 100644 index 0000000000..7b82218348 Binary files /dev/null and b/www/graphics/gnutls-logo-large.png differ diff --git a/www/graphics/gnutls-logo-letters.png b/www/graphics/gnutls-logo-letters.png new file mode 100644 index 0000000000..08fb33a4e6 Binary files /dev/null and b/www/graphics/gnutls-logo-letters.png differ diff --git a/www/graphics/gnutls-logo-nobackground.png b/www/graphics/gnutls-logo-nobackground.png new file mode 100644 index 0000000000..b6af9d0f15 Binary files /dev/null and b/www/graphics/gnutls-logo-nobackground.png differ diff --git a/www/graphics/gnutls-logo-scalable.png b/www/graphics/gnutls-logo-scalable.png new file mode 100644 index 0000000000..1fd1f96c81 Binary files /dev/null and b/www/graphics/gnutls-logo-scalable.png differ diff --git a/www/graphics/gnutls-logo.png b/www/graphics/gnutls-logo.png new file mode 100644 index 0000000000..2819b76796 Binary files /dev/null and b/www/graphics/gnutls-logo.png differ diff --git a/www/graphics/gnutls-logo.svg b/www/graphics/gnutls-logo.svg new file mode 100644 index 0000000000..f3a5521391 --- /dev/null +++ b/www/graphics/gnutls-logo.svg @@ -0,0 +1,60 @@ + + + + + + + + + image/svg+xml + + + + + + + + diff --git a/www/graphics/logo-sponsor.png b/www/graphics/logo-sponsor.png new file mode 100644 index 0000000000..ce652f96b5 Binary files /dev/null and b/www/graphics/logo-sponsor.png differ diff --git a/www/graphics/pgp1.png b/www/graphics/pgp1.png new file mode 100644 index 0000000000..c8140f87cb Binary files /dev/null and b/www/graphics/pgp1.png differ diff --git a/www/graphics/tree1.png b/www/graphics/tree1.png new file mode 100644 index 0000000000..27c6d8ba12 Binary files /dev/null and b/www/graphics/tree1.png differ diff --git a/www/head.wml b/www/head.wml new file mode 100644 index 0000000000..9a8f915886 --- /dev/null +++ b/www/head.wml @@ -0,0 +1,24 @@ + + + + + + + +$(extra_head) + +GnuTLS + + + + + + + + + + + + + diff --git a/www/help.wml b/www/help.wml new file mode 100644 index 0000000000..070e5fd3d1 --- /dev/null +++ b/www/help.wml @@ -0,0 +1,44 @@ +#include 'common.wml' page="How to help" + +

    How can I help?

    +

    +You are always welcome to contribute to GnuTLS. If there +is something you can do, and you may think we need it, then +contact us. Some ideas +are listed below. +

    + +
      +
    • +If you're a developer, you may want to help us with open issues. +
      • + +
    • +If you're a web developer, you may want to help us with these +web pages. +
      • + +
    • +If you can do extensive beta testing, then don't hesitate to stress gnutls! + +
      • + +
    • +If you can audit code, we need you. +
      • + +
    • +If you can write, you may want to help us to +produce good documentation. +
      • + +
    • +If you can offer hardware or devices (especially devices with cryptographic accelerators), we can you use, don't hesitate +to do it. +
      • + +
    + +

    + +#include 'bottom.wml' diff --git a/www/manual-index.html.bak b/www/manual-index.html.bak new file mode 100644 index 0000000000..69cfc8caa0 --- /dev/null +++ b/www/manual-index.html.bak @@ -0,0 +1,4 @@ + + + + diff --git a/www/news-entries/2012-01-20.xml b/www/news-entries/2012-01-20.xml new file mode 100644 index 0000000000..90db2efe4a --- /dev/null +++ b/www/news-entries/2012-01-20.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.12 was released. This release adds support for OCSP on the current +stable branch. diff --git a/www/news-entries/2012-02-18.xml b/www/news-entries/2012-02-18.xml new file mode 100644 index 0000000000..eb85ddbfc1 --- /dev/null +++ b/www/news-entries/2012-02-18.xml @@ -0,0 +1,5 @@ + +GnuTLS 3.0.13 was released. This release adds support for a new helper interface +to support trust on first use (SSH-like authentication), on-line OCSP verification +in included programs and several updates in the Datagram TLS layer. + diff --git a/www/news-entries/2012-02-24.xml b/www/news-entries/2012-02-24.xml new file mode 100644 index 0000000000..f50ed251ae --- /dev/null +++ b/www/news-entries/2012-02-24.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.14 was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-03-02.xml b/www/news-entries/2012-03-02.xml new file mode 100644 index 0000000000..3c7459fa27 --- /dev/null +++ b/www/news-entries/2012-03-02.xml @@ -0,0 +1,10 @@ +

    + + GnuTLS v3.0.15 was released, a bug-fix release on the current + stable branch. +

    +

    + + GnuTLS 2.12.17 was released, a bug-fix release on the previous + stable branch. +

    \ No newline at end of file diff --git a/www/news-entries/2012-03-16.xml b/www/news-entries/2012-03-16.xml new file mode 100644 index 0000000000..1758c138f1 --- /dev/null +++ b/www/news-entries/2012-03-16.xml @@ -0,0 +1,9 @@ +

    +GnuTLS v3.0.16 was released, a bug-fix release on the current +stable branch. +

    +

    + + GnuTLS 2.12.18 was released, a bug-fix release on the previous + stable branch. +

    diff --git a/www/news-entries/2012-03-17.xml b/www/news-entries/2012-03-17.xml new file mode 100644 index 0000000000..20797b5995 --- /dev/null +++ b/www/news-entries/2012-03-17.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.17 was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-03-18.xml b/www/news-entries/2012-03-18.xml new file mode 100644 index 0000000000..40d8f4a9f6 --- /dev/null +++ b/www/news-entries/2012-03-18.xml @@ -0,0 +1,3 @@ +GnuTLS participates in the Google summer of +code. Feel free to apply or forward our our ideas for projects +to interested students. diff --git a/www/news-entries/2012-03-19.xml b/www/news-entries/2012-03-19.xml new file mode 100644 index 0000000000..fc9ac205c7 --- /dev/null +++ b/www/news-entries/2012-03-19.xml @@ -0,0 +1,2 @@ + +Libtasn1 2.12 was released, which includes an important security fix. diff --git a/www/news-entries/2012-03-21.xml b/www/news-entries/2012-03-21.xml new file mode 100644 index 0000000000..a13a499ea5 --- /dev/null +++ b/www/news-entries/2012-03-21.xml @@ -0,0 +1 @@ +Added security advisories on the TLS record handling and libtasn1 issues. diff --git a/www/news-entries/2012-04-02.xml b/www/news-entries/2012-04-02.xml new file mode 100644 index 0000000000..405d5352dc --- /dev/null +++ b/www/news-entries/2012-04-02.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.18 was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-04-22.xml b/www/news-entries/2012-04-22.xml new file mode 100644 index 0000000000..06dd4ff373 --- /dev/null +++ b/www/news-entries/2012-04-22.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.19 was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-05-05.xml b/www/news-entries/2012-05-05.xml new file mode 100644 index 0000000000..67737ec2e5 --- /dev/null +++ b/www/news-entries/2012-05-05.xml @@ -0,0 +1,3 @@ + + GnuTLS 2.12.19 was released, a bug-fix release on the previous + stable branch. diff --git a/www/news-entries/2012-06-05.xml b/www/news-entries/2012-06-05.xml new file mode 100644 index 0000000000..b2e0ad3d0a --- /dev/null +++ b/www/news-entries/2012-06-05.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.20 was released, a minor feature update and bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-06-10.xml b/www/news-entries/2012-06-10.xml new file mode 100644 index 0000000000..2b015fa038 --- /dev/null +++ b/www/news-entries/2012-06-10.xml @@ -0,0 +1,3 @@ + +GnuTLS 2.12.20 was released, a bug-fix release on the previous +stable branch. diff --git a/www/news-entries/2012-07-02.xml b/www/news-entries/2012-07-02.xml new file mode 100644 index 0000000000..4dae4208f9 --- /dev/null +++ b/www/news-entries/2012-07-02.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.21 was released, a minor feature update and bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-08-04.xml b/www/news-entries/2012-08-04.xml new file mode 100644 index 0000000000..02a3373b51 --- /dev/null +++ b/www/news-entries/2012-08-04.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.0.22 was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-08-15.xml b/www/news-entries/2012-08-15.xml new file mode 100644 index 0000000000..a6ede8c69b --- /dev/null +++ b/www/news-entries/2012-08-15.xml @@ -0,0 +1,3 @@ + +GnuTLS 3.1.0 was released, a major feature update release, introducing +a new stable branch. diff --git a/www/news-entries/2012-09-02.xml b/www/news-entries/2012-09-02.xml new file mode 100644 index 0000000000..20d01669e3 --- /dev/null +++ b/www/news-entries/2012-09-02.xml @@ -0,0 +1,9 @@ +

    + +GnuTLS 3.1.1 was released, a bug fix release in the new stable branch +with several optimizations in the elliptic curve subsystem. +

    +

    + +GnuTLS 3.0.23 was released, a bug fix release in the old stable branch. +

    diff --git a/www/news-entries/2012-09-13.xml b/www/news-entries/2012-09-13.xml new file mode 100644 index 0000000000..9dc80c3f42 --- /dev/null +++ b/www/news-entries/2012-09-13.xml @@ -0,0 +1,2 @@ +Added a security advisory on the "CRIME" attack +on TLS. \ No newline at end of file diff --git a/www/news-entries/2012-09-26.xml b/www/news-entries/2012-09-26.xml new file mode 100644 index 0000000000..e68bebaf83 --- /dev/null +++ b/www/news-entries/2012-09-26.xml @@ -0,0 +1,11 @@ +GnuTLS 3.0.24 and 3.1.2 +

    + +GnuTLS 3.1.2 was released. This release includes feature +updates, notably support for the DTLS heartbeat message, and bug fixes +in the current stable branch. +

    +

    + +GnuTLS 3.0.24 was released, a bug fix release in the old stable branch. +

    diff --git a/www/news-entries/2012-10-12.xml b/www/news-entries/2012-10-12.xml new file mode 100644 index 0000000000..248ca09512 --- /dev/null +++ b/www/news-entries/2012-10-12.xml @@ -0,0 +1,10 @@ +GnuTLS 3.0.25 and 3.1.3 +

    + +GnuTLS 3.1.3 was released. This release includes support for the DANE +protocol and the OCSP status request extension. +

    +

    + +GnuTLS 3.0.25 was released, a bug fix release in the old stable branch. +

    diff --git a/www/news-entries/2012-11-09.xml b/www/news-entries/2012-11-09.xml new file mode 100644 index 0000000000..eac60bbf87 --- /dev/null +++ b/www/news-entries/2012-11-09.xml @@ -0,0 +1,5 @@ +GnuTLS 2.12.21 and 3.0.26 + +GnuTLS 2.12.21 and +GnuTLS 3.0.26 were released, bug-fix releases on the previous +stable branches. diff --git a/www/news-entries/2012-11-10.xml b/www/news-entries/2012-11-10.xml new file mode 100644 index 0000000000..5ef7ffb1e5 --- /dev/null +++ b/www/news-entries/2012-11-10.xml @@ -0,0 +1,5 @@ +GnuTLS 3.1.4 + +GnuTLS 3.1.4 was released. This release includes support +for the DTLS-SRTP, updates on the DANE library, and several +simplifications on the existing API. diff --git a/www/news-entries/2012-11-24.xml b/www/news-entries/2012-11-24.xml new file mode 100644 index 0000000000..c54cbacee9 --- /dev/null +++ b/www/news-entries/2012-11-24.xml @@ -0,0 +1,4 @@ +GnuTLS 3.1.5 + +GnuTLS 3.1.5 was released. This release adds support for UCS-2 +encoded DNs, improvements in smart card key generation and few bug-fixes. diff --git a/www/news-entries/2012-11-25.xml b/www/news-entries/2012-11-25.xml new file mode 100644 index 0000000000..95ff4cc08b --- /dev/null +++ b/www/news-entries/2012-11-25.xml @@ -0,0 +1,3 @@ +GnuTLS manual for 3.1.5 +The +GnuTLS paperback manual for was updated for version 3.1.5. diff --git a/www/news-entries/2012-12-10.xml b/www/news-entries/2012-12-10.xml new file mode 100644 index 0000000000..8ce17e7c0b --- /dev/null +++ b/www/news-entries/2012-12-10.xml @@ -0,0 +1,3 @@ +GnuTLS has moved +The GnuTLS project +has moved its infrastructure. diff --git a/www/news-entries/2013-01-02.xml b/www/news-entries/2013-01-02.xml new file mode 100644 index 0000000000..4b448b4e43 --- /dev/null +++ b/www/news-entries/2013-01-02.xml @@ -0,0 +1,4 @@ +GnuTLS 3.1.6 + +GnuTLS 3.1.6 was released. This is a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2013-01-03.xml b/www/news-entries/2013-01-03.xml new file mode 100644 index 0000000000..64921d796e --- /dev/null +++ b/www/news-entries/2013-01-03.xml @@ -0,0 +1,4 @@ +GnuTLS 3.0.27 + +GnuTLS 3.0.27 was released. This is a bug-fix release on the previous +stable branch. diff --git a/www/news-entries/2013-01-05.xml b/www/news-entries/2013-01-05.xml new file mode 100644 index 0000000000..b2629a461a --- /dev/null +++ b/www/news-entries/2013-01-05.xml @@ -0,0 +1,4 @@ +GnuTLS 2.12.22 + +GnuTLS 2.12.22 was released. This is a bug-fix release on the previous +stable branch. diff --git a/www/news-entries/2013-02-04.xml b/www/news-entries/2013-02-04.xml new file mode 100644 index 0000000000..9c7ba23e6b --- /dev/null +++ b/www/news-entries/2013-02-04.xml @@ -0,0 +1,9 @@ +GnuTLS 3.1.7, 3.0.28 and 2.12.23 +

    +GnuTLS 3.1.7, +GnuTLS 3.0.28 and +GnuTLS 2.12.23 were released. +

    +

    +Security advisory GNUTLS-SA-2013-1 is issued. +

    diff --git a/www/news-entries/2013-02-10.xml b/www/news-entries/2013-02-10.xml new file mode 100644 index 0000000000..89f12430a6 --- /dev/null +++ b/www/news-entries/2013-02-10.xml @@ -0,0 +1,7 @@ +GnuTLS 3.1.8 +

    +GnuTLS +3.1.8 was released. This is bug fix release on the current +stable branch. GnuTLS 3.1.7 inadvertently increased the security level of +the priority string NORMAL. This release restores it to the previous level. +

    diff --git a/www/news-entries/2013-02-27.xml b/www/news-entries/2013-02-27.xml new file mode 100644 index 0000000000..d960f39ab3 --- /dev/null +++ b/www/news-entries/2013-02-27.xml @@ -0,0 +1,5 @@ +GnuTLS 3.1.9 +

    +GnuTLS 3.1.9 was released. This is bug fix release on the current +stable branch. +

    diff --git a/www/news-entries/2013-03-22.xml b/www/news-entries/2013-03-22.xml new file mode 100644 index 0000000000..faed14fcd6 --- /dev/null +++ b/www/news-entries/2013-03-22.xml @@ -0,0 +1,9 @@ +GnuTLS 3.0.29 and 3.1.10 +

    +GnuTLS 3.0.29 +and GnuTLS +3.1.10 were released. The license of GnuTLS 3.1.10 was changed to +LGPLv2.1, and the paperback manual +was updated for version 3.1.10. +

    diff --git a/www/news-entries/2013-05-10.xml b/www/news-entries/2013-05-10.xml new file mode 100644 index 0000000000..dce4d7e551 --- /dev/null +++ b/www/news-entries/2013-05-10.xml @@ -0,0 +1,6 @@ +GnuTLS 3.1.11 and 3.2.0 +

    +GnuTLS +3.1.11, and GnuTLS +3.2.0 were released. +

    diff --git a/www/news-entries/2013-05-16.xml b/www/news-entries/2013-05-16.xml new file mode 100644 index 0000000000..ca64f259e7 --- /dev/null +++ b/www/news-entries/2013-05-16.xml @@ -0,0 +1,5 @@ +The addition of salsa20 and UMAC in GnuTLS +We are planning into pushing forward the standardization of +Salsa20 +and UMAC as used in GnuTLS 3.2.0. diff --git a/www/news-entries/2013-05-29.xml b/www/news-entries/2013-05-29.xml new file mode 100644 index 0000000000..bd2b39038d --- /dev/null +++ b/www/news-entries/2013-05-29.xml @@ -0,0 +1,2 @@ +Posted a security advisory on a vulnerability +on gnutls 2.12.23. diff --git a/www/news-entries/2013-06-01.xml b/www/news-entries/2013-06-01.xml new file mode 100644 index 0000000000..f774fba8a8 --- /dev/null +++ b/www/news-entries/2013-06-01.xml @@ -0,0 +1,11 @@ +GnuTLS 3.0.30, 3.1.12 and 3.2.1 +

    +GnuTLS 3.0.30, +GnuTLS 3.1.12, and +GnuTLS 3.2.1 +were released. +

    +

    +The +paperback manual was updated. +

    \ No newline at end of file diff --git a/www/news-entries/2013-07-13.xml b/www/news-entries/2013-07-13.xml new file mode 100644 index 0000000000..789bc5f5f5 --- /dev/null +++ b/www/news-entries/2013-07-13.xml @@ -0,0 +1,7 @@ +GnuTLS 3.0.31 and 3.1.13 +

    +GnuTLS 3.0.31, +and +GnuTLS 3.1.13, +were released. +

    diff --git a/www/news-entries/2013-07-14.xml b/www/news-entries/2013-07-14.xml new file mode 100644 index 0000000000..a09672a15a --- /dev/null +++ b/www/news-entries/2013-07-14.xml @@ -0,0 +1,7 @@ +GnuTLS 3.2.2 +

    +GnuTLS +3.2.2, +was released. This release adds features and fixes bugs in the current +stable branch. +

    diff --git a/www/news-entries/2013-07-30.xml b/www/news-entries/2013-07-30.xml new file mode 100644 index 0000000000..02022a366a --- /dev/null +++ b/www/news-entries/2013-07-30.xml @@ -0,0 +1,8 @@ +GnuTLS 3.2.3 +

    +GnuTLS +3.2.3, +was released. This is a bug-fix release in the current +stable branch. +

    diff --git a/www/news-entries/2013-08-02.xml b/www/news-entries/2013-08-02.xml new file mode 100644 index 0000000000..ef28e62a22 --- /dev/null +++ b/www/news-entries/2013-08-02.xml @@ -0,0 +1,5 @@ +Version naming change +

    +A naming scheme is introduced on the releases to properly show their intended +purpose. +

    diff --git a/www/news-entries/2013-08-31.xml b/www/news-entries/2013-08-31.xml new file mode 100644 index 0000000000..add5790fdf --- /dev/null +++ b/www/news-entries/2013-08-31.xml @@ -0,0 +1,8 @@ +GnuTLS 3.2.4, 3.1.14 and 3.0.32 +

    +GnuTLS 3.2.4, +GnuTLS 3.1.14, +and +GnuTLS 3.0.32, +were released. +

    diff --git a/www/news-entries/2013-10-23.xml b/www/news-entries/2013-10-23.xml new file mode 100644 index 0000000000..2d407fb679 --- /dev/null +++ b/www/news-entries/2013-10-23.xml @@ -0,0 +1,11 @@ +GnuTLS 3.2.5 and 3.1.15 +

    +GnuTLS 3.2.5 +and +GnuTLS 3.1.15, +were released. +

    +

    +Added answers to frequently asked +questions. +

    diff --git a/www/news-entries/2013-10-24.xml b/www/news-entries/2013-10-24.xml new file mode 100644 index 0000000000..799a27d708 --- /dev/null +++ b/www/news-entries/2013-10-24.xml @@ -0,0 +1,2 @@ +Posted a security advisory on a vulnerability +of the DANE library in gnutls 3.1.x and 3.2.x. diff --git a/www/news-entries/2013-10-31.xml b/www/news-entries/2013-10-31.xml new file mode 100644 index 0000000000..d19e0ad302 --- /dev/null +++ b/www/news-entries/2013-10-31.xml @@ -0,0 +1,13 @@ +GnuTLS 3.2.6 and 3.1.16 +

    +GnuTLS +3.2.6, +GnuTLS +3.1.16, were released and +the +paperback manual has been updated. +

    +

    +The GNUTLS-SA-2013-3 security advisory +has been updated. +

    diff --git a/www/news-entries/2013-11-23.xml b/www/news-entries/2013-11-23.xml new file mode 100644 index 0000000000..c6fb88bef8 --- /dev/null +++ b/www/news-entries/2013-11-23.xml @@ -0,0 +1,6 @@ +GnuTLS 3.2.7 and 3.1.17 +

    +GnuTLS +3.2.7, and GnuTLS +3.1.17, were released. +

    diff --git a/www/news-entries/2013-12-20.xml b/www/news-entries/2013-12-20.xml new file mode 100644 index 0000000000..9cf9f0af14 --- /dev/null +++ b/www/news-entries/2013-12-20.xml @@ -0,0 +1,7 @@ +GnuTLS 3.2.8 and 3.1.18 +

    +Released GnuTLS +3.2.8 which adds new features and optimizations in the next stable branch; +GnuTLS +3.1.18, is a bug-fix release on the current stable branch. +

    diff --git a/www/news-entries/2014-01-24.xml b/www/news-entries/2014-01-24.xml new file mode 100644 index 0000000000..6e8968b673 --- /dev/null +++ b/www/news-entries/2014-01-24.xml @@ -0,0 +1,7 @@ +GnuTLS 3.2.9 and 3.1.19 +

    +Released GnuTLS +3.2.9 which is a bugfix release in the current stable branch; +GnuTLS +3.1.19, is a bug-fix release on the previous stable branch. +

    diff --git a/www/news-entries/2014-01-31.xml b/www/news-entries/2014-01-31.xml new file mode 100644 index 0000000000..9cda5e27ed --- /dev/null +++ b/www/news-entries/2014-01-31.xml @@ -0,0 +1,7 @@ +GnuTLS 3.2.10 and 3.1.20 +

    +Released GnuTLS +3.2.10 which is a bugfix release in the current stable branch; +GnuTLS +3.1.20, is a bug-fix release on the previous stable branch. +

    diff --git a/www/news-entries/2014-02-13.xml b/www/news-entries/2014-02-13.xml new file mode 100644 index 0000000000..ec07b5f0e5 --- /dev/null +++ b/www/news-entries/2014-02-13.xml @@ -0,0 +1,11 @@ +GnuTLS 3.2.11 and 3.1.21 +

    +Added security advisory GNUTLS-SA-2014-1. +

    +

    +Released GnuTLS +3.2.11 which is a bugfix release in the current stable branch; +GnuTLS +3.1.21, is a bug-fix release on the previous stable branch. +

    diff --git a/www/news-entries/2014-03-03.xml b/www/news-entries/2014-03-03.xml new file mode 100644 index 0000000000..29e739af46 --- /dev/null +++ b/www/news-entries/2014-03-03.xml @@ -0,0 +1,12 @@ +GnuTLS 3.2.12 and 3.1.22 +

    +Added important security advisory GNUTLS-SA-2014-2. +

    +

    +Released GnuTLS +3.2.12 which is a bugfix release in the current stable branch; +GnuTLS +3.1.22, is a bug-fix release on the previous stable branch. +

    diff --git a/www/news-entries/2014-03-04.xml b/www/news-entries/2014-03-04.xml new file mode 100644 index 0000000000..fcf0806f51 --- /dev/null +++ b/www/news-entries/2014-03-04.xml @@ -0,0 +1,5 @@ +GnuTLS 3.2.12.1 +

    +Released GnuTLS +3.2.12.1 which reverts an ABI change in the previous release. +

    diff --git a/www/news-entries/2014-03-07.xml b/www/news-entries/2014-03-07.xml new file mode 100644 index 0000000000..fbc7b78884 --- /dev/null +++ b/www/news-entries/2014-03-07.xml @@ -0,0 +1,6 @@ +Audit competition +

    +Announced a GnuTLS audit +competition. Pick a task and join us. +

    diff --git a/www/news-entries/2014-03-27.xml b/www/news-entries/2014-03-27.xml new file mode 100644 index 0000000000..20b0e90ccb --- /dev/null +++ b/www/news-entries/2014-03-27.xml @@ -0,0 +1,5 @@ +GnuTLS 3.3.0pre0 +

    +Released GnuTLS +3.3.0pre0 which is a pre-release of the next stable branch. +

    diff --git a/www/news-entries/2014-04-07.xml b/www/news-entries/2014-04-07.xml new file mode 100644 index 0000000000..cba81d1800 --- /dev/null +++ b/www/news-entries/2014-04-07.xml @@ -0,0 +1,9 @@ +GnuTLS 3.2.13 and 3.1.23 +

    +Released GnuTLS +3.2.13 which is a bugfix release in the current stable branch; +GnuTLS +3.1.23, is a bug-fix release on the previous stable branch. +

    diff --git a/www/news-entries/2014-04-10.xml b/www/news-entries/2014-04-10.xml new file mode 100644 index 0000000000..2af01533d6 --- /dev/null +++ b/www/news-entries/2014-04-10.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.0 +

    +Released GnuTLS +3.3.0 which is the first release in the next stable branch of GnuTLS. +

    diff --git a/www/news-entries/2014-04-19.xml b/www/news-entries/2014-04-19.xml new file mode 100644 index 0000000000..4641db5e93 --- /dev/null +++ b/www/news-entries/2014-04-19.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.1 +

    +Released GnuTLS +3.3.1 which is a bug fix release on the next stable branch of GnuTLS. +

    diff --git a/www/news-entries/2014-05-06.xml b/www/news-entries/2014-05-06.xml new file mode 100644 index 0000000000..2275fd630f --- /dev/null +++ b/www/news-entries/2014-05-06.xml @@ -0,0 +1,13 @@ +GnuTLS 3.3.2, 3.2.14 and 3.1.24 +

    +Released GnuTLS +3.3.2, +GnuTLS +3.2.14, +GnuTLS +3.1.24, which are bug-fix releases on the next, current and previous stable +branches respectively. +

    diff --git a/www/news-entries/2014-05-30.xml b/www/news-entries/2014-05-30.xml new file mode 100644 index 0000000000..f46945005d --- /dev/null +++ b/www/news-entries/2014-05-30.xml @@ -0,0 +1,17 @@ +GnuTLS 3.3.3, 3.2.15 and 3.1.25 +

    +Released GnuTLS +3.3.3, +GnuTLS +3.2.15, +GnuTLS +3.1.25, which are bug-fix releases on the next, current and previous stable +branches respectively. +

    +

    +Posted a security advisory on a vulnerability +on the client side of the gnutls library. +

    diff --git a/www/news-entries/2014-05-31.xml b/www/news-entries/2014-05-31.xml new file mode 100644 index 0000000000..ec8a631e5e --- /dev/null +++ b/www/news-entries/2014-05-31.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.4 +

    +Released GnuTLS +3.3.4, which fixes an issue in the hardware acceleration on certain CPUs. +

    diff --git a/www/news-entries/2014-06-26.xml b/www/news-entries/2014-06-26.xml new file mode 100644 index 0000000000..eec71f2fb8 --- /dev/null +++ b/www/news-entries/2014-06-26.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.5 +

    +Released GnuTLS +3.3.5, which adds new features and fixes bugs in the next stable release. +

    diff --git a/www/news-entries/2014-07-23.xml b/www/news-entries/2014-07-23.xml new file mode 100644 index 0000000000..bb80eb3ede --- /dev/null +++ b/www/news-entries/2014-07-23.xml @@ -0,0 +1,11 @@ +GnuTLS 3.3.6 and 3.2.16 +

    +Released GnuTLS +3.3.6, +and GnuTLS +3.2.16, +which are bug-fix releases on the next, and current stable +branches respectively. +

    diff --git a/www/news-entries/2014-07-29.xml b/www/news-entries/2014-07-29.xml new file mode 100644 index 0000000000..64665421c2 --- /dev/null +++ b/www/news-entries/2014-07-29.xml @@ -0,0 +1,6 @@ +Plan for GnuTLS 3.4 +

    +The development plans for GnuTLS 3.4 are +posted on the wiki +pages on gitorious. +

    diff --git a/www/news-entries/2014-08-24.xml b/www/news-entries/2014-08-24.xml new file mode 100644 index 0000000000..19b4bd813c --- /dev/null +++ b/www/news-entries/2014-08-24.xml @@ -0,0 +1,13 @@ +GnuTLS 3.3.7, 3.2.17 and 3.1.26 +

    +Released GnuTLS +3.3.7, +GnuTLS +3.2.17, +GnuTLS +3.1.26, which are bug-fix releases on the next, current and previous stable +branches respectively. +

    diff --git a/www/news-entries/2014-08-31.xml b/www/news-entries/2014-08-31.xml new file mode 100644 index 0000000000..cbd14fb5fc --- /dev/null +++ b/www/news-entries/2014-08-31.xml @@ -0,0 +1,7 @@ +New paperback manual for 3.3.7 +

    +Updated GnuTLS' +the +paperback manual for version 3.3.7. +

    diff --git a/www/news-entries/2014-09-18.xml b/www/news-entries/2014-09-18.xml new file mode 100644 index 0000000000..9992e948a8 --- /dev/null +++ b/www/news-entries/2014-09-18.xml @@ -0,0 +1,10 @@ +GnuTLS 3.3.8 and 3.2.18 +

    +Released GnuTLS +3.3.8, and +3.2.18, +which are bug-fix releases on the next, and current stable +branches respectively. +

    diff --git a/www/news-entries/2014-10-13.xml b/www/news-entries/2014-10-13.xml new file mode 100644 index 0000000000..3f3d4df976 --- /dev/null +++ b/www/news-entries/2014-10-13.xml @@ -0,0 +1,13 @@ +GnuTLS 3.3.9, 3.2.19, and 3.1.17 +

    +Released GnuTLS +3.3.9, +3.2.19, and +3.1.17, +which are bug-fix releases on the current and old stable +branches respectively. The GnuTLS branch 3.3.x is the new +stable branch. +

    diff --git a/www/news-entries/2014-10-16.xml b/www/news-entries/2014-10-16.xml new file mode 100644 index 0000000000..1f82fbdbea --- /dev/null +++ b/www/news-entries/2014-10-16.xml @@ -0,0 +1,5 @@ +POODLE attack +

    +Posted a security advisory on +the POODLE attack. +

    diff --git a/www/news-entries/2014-11-10.xml b/www/news-entries/2014-11-10.xml new file mode 100644 index 0000000000..60d9548d3e --- /dev/null +++ b/www/news-entries/2014-11-10.xml @@ -0,0 +1,17 @@ +GnuTLS 3.3.10, 3.2.20 and 3.1.28 +

    +Released GnuTLS +3.3.10, +GnuTLS +3.2.20, +GnuTLS +3.1.28, which are bug-fix releases on the current and previous stable +branches respectively. +

    +

    +Posted a security advisory on a vulnerability +of the gnutls library. +

    diff --git a/www/news-entries/2014-12-03.xml b/www/news-entries/2014-12-03.xml new file mode 100644 index 0000000000..d86fe2e2d9 --- /dev/null +++ b/www/news-entries/2014-12-03.xml @@ -0,0 +1,5 @@ +GnuTLS 3.3.10, 3.2.20 and 3.1.28 +

    +Posted +an overview of GnuTLS development for 2014. +

    diff --git a/www/news-entries/2014-12-11.xml b/www/news-entries/2014-12-11.xml new file mode 100644 index 0000000000..aa625111af --- /dev/null +++ b/www/news-entries/2014-12-11.xml @@ -0,0 +1,10 @@ +GnuTLS 3.3.11, 3.2.21 +

    +Released GnuTLS +3.3.11, and +3.2.21, +which are bug-fix releases on the current and old stable +branches respectively. +

    diff --git a/www/news-entries/2015-01-17.xml b/www/news-entries/2015-01-17.xml new file mode 100644 index 0000000000..1acbd84123 --- /dev/null +++ b/www/news-entries/2015-01-17.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.12 +

    +Released GnuTLS +3.3.12, a bug-fix release on the stable branch. +

    diff --git a/www/news-entries/2015-02-25.xml b/www/news-entries/2015-02-25.xml new file mode 100644 index 0000000000..4c90aa1b98 --- /dev/null +++ b/www/news-entries/2015-02-25.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.13 +

    +Released GnuTLS +3.3.13, a bug-fix release on the stable branch. +

    diff --git a/www/news-entries/2015-03-04.xml b/www/news-entries/2015-03-04.xml new file mode 100644 index 0000000000..c75e1a3d48 --- /dev/null +++ b/www/news-entries/2015-03-04.xml @@ -0,0 +1,5 @@ +GnuTLS goes to gitlab +

    +The source code has been moved to +gitlab. +

    diff --git a/www/news-entries/2015-03-11.xml b/www/news-entries/2015-03-11.xml new file mode 100644 index 0000000000..09159580b1 --- /dev/null +++ b/www/news-entries/2015-03-11.xml @@ -0,0 +1,5 @@ +Signature forgery +

    +Posted a security advisory on +a signature forgery attack on old versions of GnuTLS. +

    diff --git a/www/news-entries/2015-03-30.xml b/www/news-entries/2015-03-30.xml new file mode 100644 index 0000000000..103a10a5b8 --- /dev/null +++ b/www/news-entries/2015-03-30.xml @@ -0,0 +1,6 @@ +GnuTLS 3.3.14 +

    +Released GnuTLS +3.3.14, a bug-fix release on the stable branch. +

    diff --git a/www/news-entries/2015-04-08.xml b/www/news-entries/2015-04-08.xml new file mode 100644 index 0000000000..feface1cf7 --- /dev/null +++ b/www/news-entries/2015-04-08.xml @@ -0,0 +1,5 @@ +GnuTLS 3.4.0 +

    +Released GnuTLS +3.4.0 which is the first release of the new stable-next branch. +

    diff --git a/www/news-entries/2015-05-03.xml b/www/news-entries/2015-05-03.xml new file mode 100644 index 0000000000..3ddd8c0e77 --- /dev/null +++ b/www/news-entries/2015-05-03.xml @@ -0,0 +1,12 @@ +GnuTLS 3.4.1 +

    +Released GnuTLS +3.3.15 and GnuTLS +3.4.1 which are bug fix releases in the current and next stable branches. +

    +

    +Added GnuTLS-SA-2015-2 security advisory. +

    diff --git a/www/news-entries/2015-06-16.xml b/www/news-entries/2015-06-16.xml new file mode 100644 index 0000000000..f3640aa331 --- /dev/null +++ b/www/news-entries/2015-06-16.xml @@ -0,0 +1,6 @@ +GnuTLS 3.4.2 +

    +Released GnuTLS +3.4.2 which adds new features and fixes bugs in next stable branch. +

    diff --git a/www/news-entries/2015-07-12.xml b/www/news-entries/2015-07-12.xml new file mode 100644 index 0000000000..83913448f6 --- /dev/null +++ b/www/news-entries/2015-07-12.xml @@ -0,0 +1,8 @@ +GnuTLS 3.4.3 +

    +Released GnuTLS +3.3.16 and GnuTLS +3.4.3 which are bug fix releases in the current and next stable branches. +

    diff --git a/www/news-entries/2015-08-10.xml b/www/news-entries/2015-08-10.xml new file mode 100644 index 0000000000..9b0ee9c214 --- /dev/null +++ b/www/news-entries/2015-08-10.xml @@ -0,0 +1,12 @@ +GnuTLS 3.4.4 +

    +Released GnuTLS +3.3.17 and GnuTLS +3.4.4 which are bug fix releases in the current and next stable branches. +

    +

    +Added the GnuTLS-SA-2015-3 security advisory. +

    diff --git a/www/news-entries/2015-09-02.xml b/www/news-entries/2015-09-02.xml new file mode 100644 index 0000000000..6023445cc3 --- /dev/null +++ b/www/news-entries/2015-09-02.xml @@ -0,0 +1,5 @@ +GnuTLS-SA-2015-4 +

    +Added the GnuTLS-SA-2015-4 security advisory. +

    diff --git a/www/news-entries/2015-09-12.xml b/www/news-entries/2015-09-12.xml new file mode 100644 index 0000000000..bff93bb057 --- /dev/null +++ b/www/news-entries/2015-09-12.xml @@ -0,0 +1,8 @@ +GnuTLS 3.4.5 +

    +Released GnuTLS +3.3.18 and GnuTLS +3.4.5 which are bug fix releases in the current and next stable branches. +

    diff --git a/www/news-entries/2015-09-20.xml b/www/news-entries/2015-09-20.xml new file mode 100644 index 0000000000..e3edc8b114 --- /dev/null +++ b/www/news-entries/2015-09-20.xml @@ -0,0 +1,5 @@ +GnuTLS ABI report +

    +Added ABI +tracker report for the main library. +

    diff --git a/www/news-entries/2015-10-20.xml b/www/news-entries/2015-10-20.xml new file mode 100644 index 0000000000..ed4ab379c1 --- /dev/null +++ b/www/news-entries/2015-10-20.xml @@ -0,0 +1,6 @@ +GnuTLS 3.4.6 +

    +Released +GnuTLS +3.4.6 a bug fix release in the next stable branch. +

    diff --git a/www/news-entries/2015-11-22.xml b/www/news-entries/2015-11-22.xml new file mode 100644 index 0000000000..589bfbb96a --- /dev/null +++ b/www/news-entries/2015-11-22.xml @@ -0,0 +1,8 @@ +GnuTLS 3.4.7 +

    +Released GnuTLS +3.3.19 and GnuTLS +3.4.7 which are bug fix releases in the current and next stable branches. +

    diff --git a/www/news-entries/2015-11-23.xml b/www/news-entries/2015-11-23.xml new file mode 100644 index 0000000000..a9d1829a9a --- /dev/null +++ b/www/news-entries/2015-11-23.xml @@ -0,0 +1,4 @@ +GnuTLS 3.4.x +

    +Added a description of the new features in GnuTLS 3.4.x. +

    diff --git a/www/news-entries/2015-11-29.xml b/www/news-entries/2015-11-29.xml new file mode 100644 index 0000000000..a41f5517ed --- /dev/null +++ b/www/news-entries/2015-11-29.xml @@ -0,0 +1,5 @@ +GnuTLS 3.4.x +

    +GnuTLS 3.4.x is marked as the current stable +release. +

    diff --git a/www/news-entries/2016-01-08.xml b/www/news-entries/2016-01-08.xml new file mode 100644 index 0000000000..0cb14326f1 --- /dev/null +++ b/www/news-entries/2016-01-08.xml @@ -0,0 +1,8 @@ +GnuTLS 3.4.8 +

    +Released GnuTLS +3.3.20 and GnuTLS +3.4.8 which are bug fix releases in the previous and current stable branches. +

    diff --git a/www/news-entries/2016-02-03.xml b/www/news-entries/2016-02-03.xml new file mode 100644 index 0000000000..e12ea4ec62 --- /dev/null +++ b/www/news-entries/2016-02-03.xml @@ -0,0 +1,9 @@ +GnuTLS 3.4.9 +

    +Released GnuTLS +3.3.21 and GnuTLS +3.4.9 which are bug fix releases in the previous and current stable branches. +The former disables RC4 from the default priorities. +

    diff --git a/www/news-entries/2016-03-03.xml b/www/news-entries/2016-03-03.xml new file mode 100644 index 0000000000..d38cc8c2aa --- /dev/null +++ b/www/news-entries/2016-03-03.xml @@ -0,0 +1,6 @@ +GnuTLS 3.4.10 +

    +Released +GnuTLS +3.4.10 a bug fix release of the current stable branch. +

    diff --git a/www/news-entries/2016-03-10.xml b/www/news-entries/2016-03-10.xml new file mode 100644 index 0000000000..fddd515b6c --- /dev/null +++ b/www/news-entries/2016-03-10.xml @@ -0,0 +1,5 @@ +GnuTLS 3.3.22 +

    +Released +GnuTLS 3.3.22 a bug fix release of the previous stable branch. +

    diff --git a/www/news-entries/2016-04-11.xml b/www/news-entries/2016-04-11.xml new file mode 100644 index 0000000000..f23edcad91 --- /dev/null +++ b/www/news-entries/2016-04-11.xml @@ -0,0 +1,5 @@ +GnuTLS 3.4.11 +

    +Released +GnuTLS 3.4.11 a bug fix release on the current stable branch. +

    diff --git a/www/news-entries/2016-05-09.xml b/www/news-entries/2016-05-09.xml new file mode 100644 index 0000000000..096e5c9e3c --- /dev/null +++ b/www/news-entries/2016-05-09.xml @@ -0,0 +1,6 @@ +GnuTLS 3.5.0 +

    +Released GnuTLS 3.5.0 +which is the first release of the new stable-next branch. An overview of the most prominent changes +is provided at Nikos' blog. +

    diff --git a/www/news-entries/2016-05-20.xml b/www/news-entries/2016-05-20.xml new file mode 100644 index 0000000000..33498a2359 --- /dev/null +++ b/www/news-entries/2016-05-20.xml @@ -0,0 +1,8 @@ +GnuTLS 3.4.12 +

    +Released GnuTLS +3.3.23 and GnuTLS +3.4.12 which are bug fix releases in the previous and current stable branches. +

    diff --git a/www/news-entries/2016-06-06.xml b/www/news-entries/2016-06-06.xml new file mode 100644 index 0000000000..5a9308dc93 --- /dev/null +++ b/www/news-entries/2016-06-06.xml @@ -0,0 +1,8 @@ +GnuTLS 3.4.13 +

    +Released +GnuTLS 3.4.13 a bug fix release on the current stable branch. +

    +

    +Added GnuTLS-SA-2016-1 security advisory. +

    diff --git a/www/news-entries/2016-06-14.xml b/www/news-entries/2016-06-14.xml new file mode 100644 index 0000000000..a24dc85da8 --- /dev/null +++ b/www/news-entries/2016-06-14.xml @@ -0,0 +1,6 @@ +GnuTLS 3.5.1 +

    +Released GnuTLS +3.5.1 a feature update release in the next stable branche. +

    diff --git a/www/news-entries/2016-07-06.xml b/www/news-entries/2016-07-06.xml new file mode 100644 index 0000000000..99cb194cb9 --- /dev/null +++ b/www/news-entries/2016-07-06.xml @@ -0,0 +1,14 @@ +GnuTLS 3.5.2 +

    +Released GnuTLS +3.3.24, GnuTLS +3.4.14, +and GnuTLS +3.5.2 which are bug fix releases in the old, current and next stable branches. +

    +

    +Added the GnuTLS-SA-2016-2 security advisory. +

    diff --git a/www/news-entries/2016-08-09.xml b/www/news-entries/2016-08-09.xml new file mode 100644 index 0000000000..24fcb6b462 --- /dev/null +++ b/www/news-entries/2016-08-09.xml @@ -0,0 +1,6 @@ +GnuTLS 3.5.3 +

    +Released +GnuTLS +3.5.3, a minor enhancement and bug fix release in next stable branch. +

    diff --git a/www/news-entries/2016-09-08.xml b/www/news-entries/2016-09-08.xml new file mode 100644 index 0000000000..ddc7355e3e --- /dev/null +++ b/www/news-entries/2016-09-08.xml @@ -0,0 +1,12 @@ +GnuTLS 3.5.4 +

    +Released GnuTLS +3.4.15, +and GnuTLS +3.5.4 which are bug fix releases in the current and next stable branches. +

    +

    +Added the GnuTLS-SA-2016-3 security advisory. +

    diff --git a/www/news-entries/README b/www/news-entries/README new file mode 100644 index 0000000000..cadfc9abeb --- /dev/null +++ b/www/news-entries/README @@ -0,0 +1,10 @@ +Format should be as below. Note that for twitter submission to be successful +only one URL must exist in the notes, and the notes should be less than 160 +chars. + +XXX +

    +GnuTLS X.Y.Z was released. +My release notes in multiple +lines +

    diff --git a/www/news.wml b/www/news.wml new file mode 100644 index 0000000000..d87fb3df87 --- /dev/null +++ b/www/news.wml @@ -0,0 +1,30 @@ +#include 'common.wml' page="News" + +

    +

    + + + + +
    +The project news are also available via an atom feed. + + + +
    + +
    + +

    + +#include 'rawnews.wml' MAX_NEWS=15 TABLE_CLASS=news + +

    See also the +the live NEWS file +or the live git shortlog. +

    + + + +#include 'bottom.wml' + diff --git a/www/openpgp.wml b/www/openpgp.wml new file mode 100644 index 0000000000..99e84d76df --- /dev/null +++ b/www/openpgp.wml @@ -0,0 +1,100 @@ +#include 'head.wml' + +

    GnuTLS OpenPGP key support

    + +

    +Currently GnuTLS has experimental support for OpenPGP keys. +OpenPGP keys are similar to X.509 certificates, in the sense that hold +public key parameters. However they also allow for non-hierarchical trust +models. This is not like an other new feature. It is more like a policy +change. Here follows a description of both models. +

    + +

    The X.509 trust model

    + +Currently the X.509 protocols which are used for Certificate +authentication, users have to be certified in a hierarchical way. + +The model can be described by Certificate Authority (CA from now on), that +signs people's and object's certificates. +An object might be a user, a server, of even an other CA. A user who trusts the +Certificate Authority's decisions, will be able to trust an other user, +by just checking if the other user's certificate is signed by the trusted CA. + +

    +See the figure1 for a graphical representation. +In that figure a Central (Root) CA, certifies +two subordinate CAs, which then certify Alice, Bob and a server. +In that case, if Alice trusts the "Root CA" then she also trusts +Bob's certificate and the server's certificate. + + +

    +The only requirement in that model is that a user must somehow +have the trusted CA's certificate available. + +

    +In the real world there are several Certificate Authorities, which certify people, +and objects, often for money. Thus users have to decide which of the CAs to +trust. One should note that the security of a model where someone +trusts several CAs, is equal to the security of the least secure CA. +

    + +Unfortunately the trusted CAs decision is barely done by users, in practice. +This decision of trusted CAs is done mostly by application programmers +and administrators. A good example of this is the included CA certificates +in popular web browsers. +

    + +

    The Openpgp trust model

    + +The OpenPGP key authentication relies on a distributed trust model, +called the "web of trust". The "web of trust" uses a decentralized system of trusted +introducers, which are the same as a CA. OpenPGP allows anyone to sign +anyone's else public key. When Alice signs Bob's key, she is introducing +Bob's key to anyone who trusts Alice. If someone trusts Alice to introduce +keys, then Alice is a trusted introducer in the mind of that observer. + +

    +See the figure2 which shows graphically the +above case. The normal arrows indicate the sign operation, while the dot +arrows indicate trust. Thus since Dave trusts Alice to be an introducer, and Alice +signed Bob's key, Dave also trusts Bob's key to be the real one. + +

    +There are some key points that are important in that model. In the example +Alice has to sign Bob's key, only if she is sure that the key belongs +to Bob. Otherwise she may also make Dave falsely believe that this +is Bob's key. Dave has also the responsibility to know who to trust. +This model is similar to real life relations. +

    +Just see how Charlie behaves in the previous example. +Although he has signed Bob's key - because he knows, somehow, that it belongs to +Bob - he does not trust Bob to be an introducer. +Charlie decided to trust only Kevin, for some reason. A reason could be +that Bob is lazy enough, and signs other people's keys without being sure +that they belong to the actual owner. + +

    +Note that Certificate Authorities may exist in the OpenPGP model, although +they are not required. + +

    +

    Conclusion

    +In TLS and SSL traditionally the X.509 trust model is used. As shown +above this model has several restrictions comparing to the openpgp trust model. +Especially in distributed environments where the concept of authorities is +not clear, the use of the Openpgp trust model has obvious advantages. +

    +We believe that users should have the freedom to choose the trust model that suits +best their needs, thus in GnuTLS we have implemented both. We have also +proposed modifications to the TLS protocol for OpenPGP keys to the IETF TLS +working group. + +

    +

    +Return to GnuTLS' home page. + +

    + +#include 'bottom.wml' diff --git a/www/rawnews.wml b/www/rawnews.wml new file mode 100644 index 0000000000..22350cf02f --- /dev/null +++ b/www/rawnews.wml @@ -0,0 +1,46 @@ +#use wml::std::tags + + +sub read_news { +my $max = $_[0]; +my $key, $date; + +require 'scripts/lib-news.pl'; + +my %title_hash = (); +my %summary_hash = (); + +parse_news(\%title_hash, \%summary_hash); + +foreach $key (sort {$b cmp $a} keys %summary_hash) { + print "\n

    $key
    \n$summary_hash{$key}\n\n"; + $max--; + + last if ($max <= 0); +} + +return; +} + +sub print_table_header { +my $type = $_[0]; + +if ($type eq 'news') { + print "\n"; + print "\n"; +} else { + print "News flashes  \n"; + print ' + '; + print "\n
    DateComment
    \n"; +} +return; +} + + +
    + <:= &print_table_header("$(TABLE_CLASS)") :> + + <:= &read_news($(MAX_NEWS)) :> + +
    diff --git a/www/rawsecurity.wml b/www/rawsecurity.wml new file mode 100644 index 0000000000..837c24be04 --- /dev/null +++ b/www/rawsecurity.wml @@ -0,0 +1,42 @@ +#use wml::std::tags + + +sub read_advisories { + +my $directory = './security-entries'; + +opendir (DIR, $directory) or die $!; + +print "\n"; +print "\n"; + +my %advisories = (); + +while (my $file = readdir(DIR)) { + next if ($file =~ m/^\./); + next if ($file =~ m/~/); + next if (-d "$directory/$file"); + #$file =~ m/(.*).xml$/; + + my $contents = `cat $directory/$file`; + $advisories{$file} = $contents; + +} +closedir DIR; + +my $key; +foreach $key (sort {$b cmp $a} keys %advisories) { + print "\n\n$advisories{$key}\n\n"; +} + +print "
    TagOther identifiersDescriptionInformation
    $key
    \n"; +return; +} + +     + +
    + + <:= &read_advisories() :> + + diff --git a/www/scripts/atom.pl b/www/scripts/atom.pl new file mode 100644 index 0000000000..9bbe9bf833 --- /dev/null +++ b/www/scripts/atom.pl @@ -0,0 +1,73 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use POSIX qw(strftime); +use HTML::Parser; + +my $max = 20; +my $directory = './news-entries'; +my $base = "http://www.gnutls.org"; +my $self = "$base/news.atom"; +my $direct = "$base/news.html"; + +sub print_author () +{ +print " \n"; +print " Nikos Mavrogiannopoulos\n"; +print " nmav\@gnutls.org\n"; +print " \n"; +} + +my $now_string = strftime "%Y-%m-%dT%H:%M:%S+00:00", localtime; + +print "\n"; +print "\n"; + +print "$self\n"; +print " \n"; +print "GnuTLS - News\n"; +#print "The latest reports from http://www.gnutls.org\n"; +print "$now_string\n"; +#print_author(); + +my $date; +my $contents; +my $id; +my $title; + +my $mode = ''; + +require 'scripts/lib-news.pl'; + +my %title_hash = (); +my %summary_hash = (); + +parse_news(\%title_hash, \%summary_hash); + +foreach my $key (sort {$b cmp $a} keys %summary_hash) { + $date = $id = $key; + $date .= "T00:00:00+00:00"; + $title = $title_hash{$key}; + if (!defined($title) || $title eq '') { + $title = "News $id"; + } + $contents = $summary_hash{$key}; + + print "\n \n"; + print " "; + print "$direct#$id"; + print "\n"; + print " \n"; + print " $title\n"; + print " $date\n"; + print_author(); + print "
    \n"; + print "$contents\n
    \n"; + print "     \n     \n"; + + $max--; + last if ($max <= 0); +} + +print "    \n"; diff --git a/www/scripts/lib-news.pl b/www/scripts/lib-news.pl new file mode 100644 index 0000000000..0edb607251 --- /dev/null +++ b/www/scripts/lib-news.pl @@ -0,0 +1,162 @@ +use strict; +use warnings; +use POSIX qw(strftime); +use HTML::Parser; + +my $s_refhash; +my $t_refhash; + +my $directory = './news-entries'; +#my $base = "http://www.gnutls.org"; +#my $self = "$base/news.atom"; +#my $direct = "$base/news.html"; + +my $mode = ''; +my $date =''; + +sub start_handler +{ + my $tagname = shift; + my $rtext = shift; + if ($tagname ne "title") { + $s_refhash->{$date} .= $rtext; + return; + } + $mode = 'title'; +} + +sub text_handler +{ + my $txt = shift; + + if ($mode eq 'title') { + $t_refhash->{$date} .= $txt; + return; + } + + $s_refhash->{$date} .= $txt; +} + +sub end_handler +{ + my $tagname = shift; + my $rtext = shift; + if ($tagname eq "title") { + $mode = ''; + return; + } + + $s_refhash->{$date} .= $rtext; +} + +#input is one reference to a title hash and a reference to summary hash. + +sub parse_news +{ + my @c; + + $t_refhash = $_[0]; + $s_refhash = $_[1]; + + opendir (DIR, $directory) or die $!; + + while (my $file = readdir(DIR)) { + next if ($file =~ m/^\./); + next if ($file =~ m/~/); + next if (-d "$directory/$file"); + $file =~ m/(.*).xml$/; + $date = $1; + next if (!defined($date) || $date eq ''); + + @c = (); + + my $p = HTML::Parser->new(api_version => 3); + $p->handler( start => \&start_handler, "tagname,text,self"); + $p->handler( text=> \&text_handler, "dtext,self"); + $p->handler( end => \&end_handler, "tagname,text,self"); + $p->parse_file("$directory/$file") || die $!; + } + + closedir DIR; +} + +sub start_tweet_handler +{ + my $tagname = shift; + my $rtext = shift; + my $attr_ref = shift; + + if ($tagname eq "a" && defined($attr_ref)) { + $t_refhash->{$date} = $attr_ref->{"href"}; + return; + } + + if ($tagname ne "title" && defined($rtext)) { + $s_refhash->{$date} .= $rtext; + return; + } + + $mode = 'title'; +} + +sub text_tweet_handler +{ + my $txt = shift; + + if ($mode ne 'title') { + $s_refhash->{$date} .= $txt; + return; + } +} + +sub end_tweet_handler +{ + my $tagname = shift; + my $rtext = shift; + if ($tagname eq "title") { + $mode = ''; + return; + } + + if (defined($rtext)) { + $s_refhash->{$date} .= $rtext; + } +} + + +#input is a hash for summary and a hash for URLs +sub fetch_non_tweeted +{ + my @c; + + $s_refhash = $_[0]; + $t_refhash = $_[1]; + + opendir (DIR, $directory) or die $!; + + while (my $file = readdir(DIR)) { + next if ($file =~ m/^\./); + next if ($file =~ m/~/); + next if (-d "$directory/$file"); + next if (-e "$directory/$file.tweet"); + $file =~ m/(.*).xml$/; + $date = $1; + next if (!defined($date) || $date eq ''); + + @c = (); + + my $p = HTML::Parser->new(api_version => 3); + $p->handler( start => \&start_tweet_handler, "tagname,dtext,attr,self"); + $p->handler( text=> \&text_tweet_handler, "dtext,self"); + $p->handler( end => \&end_tweet_handler, "tagname,dtext,self"); + $p->parse_file("$directory/$file") || die $!; + + system("touch $directory/$file.tweet"); + system("git add $directory/$file.tweet"); + } + + closedir DIR; +} + +1; + diff --git a/www/scripts/tweet.pl b/www/scripts/tweet.pl new file mode 100755 index 0000000000..81576b7f0c --- /dev/null +++ b/www/scripts/tweet.pl @@ -0,0 +1,73 @@ +#!/usr/bin/perl + +use Net::Twitter; +use Scalar::Util 'blessed'; +#use WWW::Shorten 'TinyURL'; + +if (!-e 'scripts/passwords.pl') { + print "You need passwords.pl for this script\n"; + exit; +} + +require 'scripts/lib-news.pl'; + +require 'scripts/passwords.pl'; + +my $nt = Net::Twitter->new( + traits => [qw/OAuth API::REST/], + consumer_key => $consumer_key, + consumer_secret => $consumer_secret, + access_token => $token, + access_token_secret => $token_secret, + ssl => 1, +); + +my %tt1 = (); #contents +my %tt2 = (); #url + +fetch_non_tweeted(\%tt1, \%tt2); + +foreach my $key (sort {$b cmp $a} keys %tt1) { + my $contents = $tt1{$key}; + my $lurl = $tt2{$key}; + my $url; + my $result; + + chomp $contents; + $contents =~ s/^\s+//; + $contents =~ s/\s+$//; + $contents =~ s/\s+/ /g; + chomp $contents; + + + #$url = makeashorterlink($lurl); + $url = $lurl; + #length of URL is twitter is 20 + my $url_length = 20; + + $message = "$contents $url\n"; + + if ($message eq ' ') { + next; + } + + if (length($message) >= 140) { + my $t = substr($contents, 0, 140-$url_length-4); + $message = $t . "... $url"; + + print "Updating status to: $message\n"; + $result = $nt->update("$message"); + } else { + print "Updating status to: $message (" . length($message).")\n"; + $result = $nt->update("$message"); + } + + if ( my $err = $@ ) { + die $@ unless blessed $err && $err->isa('Net::Twitter::Error'); + + warn "HTTP Response Code: ", $err->code, "\n", + "HTTP Message......: ", $err->message, "\n", + "Twitter error.....: ", $err->error, "\n"; + } + +} diff --git a/www/security-entries/GNUTLS-SA-2005-1 b/www/security-entries/GNUTLS-SA-2005-1 new file mode 100644 index 0000000000..78197536b9 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2005-1 @@ -0,0 +1,7 @@ + + CVE-2005-1431 + Denial of service + Announcement
    + + Write-up by Éric Leblond
    + Recommendation: Upgrade to GnuTLS 1.0.25 or 1.2.3. diff --git a/www/security-entries/GNUTLS-SA-2006-1 b/www/security-entries/GNUTLS-SA-2006-1 new file mode 100644 index 0000000000..f23115b042 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-1 @@ -0,0 +1,5 @@ + + CVE-2006-0645 + Denial of service? + Libtasn1 Announcement
    + Recommendation: Upgrade to Libtasn1 0.2.18 and GnuTLS 1.2.10 (stable) or 1.3.4 (experimental). diff --git a/www/security-entries/GNUTLS-SA-2006-2 b/www/security-entries/GNUTLS-SA-2006-2 new file mode 100644 index 0000000000..38a12ba8ff --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-2 @@ -0,0 +1,5 @@ + + CVE-2006-7239 + Denial of service? + Details
    + Recommendation: Upgrade to GnuTLS 1.4.2. diff --git a/www/security-entries/GNUTLS-SA-2006-3 b/www/security-entries/GNUTLS-SA-2006-3 new file mode 100644 index 0000000000..7ae221a349 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-3 @@ -0,0 +1,6 @@ + + None + Announcement
    + Bleichenbacher's Crypto 98 paper
    + Recommendation: + No action required, see the post where this advisory is essentially withdrawn. diff --git a/www/security-entries/GNUTLS-SA-2006-4 b/www/security-entries/GNUTLS-SA-2006-4 new file mode 100644 index 0000000000..73abfeb6ae --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-4 @@ -0,0 +1,8 @@ + + CVE-2006-4790
    (via NVD) + + False positive in verifying signature + Announcement
    + Updated patch
    + Original report
    + Recommendation: Upgrade to GnuTLS 1.4.4. diff --git a/www/security-entries/GNUTLS-SA-2008-1 b/www/security-entries/GNUTLS-SA-2008-1 new file mode 100644 index 0000000000..be76be5fc9 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2008-1 @@ -0,0 +1,11 @@ + + CERT-FI announcement
    + CVE-2008-1948, + CVE-2008-1949, + CVE-2008-1950 + + Remote Denial of Service + Announcement and Patch
    + Updated announcement and Patch
    + Recommendation: Upgrade to GnuTLS 2.2.5 or apply the + patch in the second link. diff --git a/www/security-entries/GNUTLS-SA-2008-2 b/www/security-entries/GNUTLS-SA-2008-2 new file mode 100644 index 0000000000..d186061f66 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2008-2 @@ -0,0 +1,12 @@ + + + CVE-2008-2377 + + Local denial of service
    + Server can trigger crash in GnuTLS clients? + Announcement
    + + Detailed analysis and patch
    + Another report that suggest it can be exploited by hostile servers
    + Recommendation: Upgrade to GnuTLS 2.4.1 or apply the + patch. diff --git a/www/security-entries/GNUTLS-SA-2008-3 b/www/security-entries/GNUTLS-SA-2008-3 new file mode 100644 index 0000000000..17b259c985 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2008-3 @@ -0,0 +1,17 @@ + + + CVE-2008-4989 + + Remote X.509 Trust Chain Validation error + Announcement of v2.6.1 and patch
    + + Detailed analysis
    + + Announcement of v2.6.2 and updated patch.
    + + Announcement of updated patch and 2.6.3 release candidate.
    + + Announcement of v2.6.3.
    + + Announcement of v2.6.4 and v2.4.3.
    + Recommendation: Upgrade to GnuTLS 2.6.4 or, if you still use the 2.4.x branch, 2.4.3, or later. diff --git a/www/security-entries/GNUTLS-SA-2009-1 b/www/security-entries/GNUTLS-SA-2009-1 new file mode 100644 index 0000000000..08b3ac6033 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-1 @@ -0,0 +1,9 @@ + + + CVE-2009-1415 + + Double/invalid free in GnuTLS 2.6.x on certain errors + Security advisory including patch
    + + Announcement of v2.6.6 that includes patch.
    + Recommendation: If you are using GnuTLS 2.6.x, upgrade to GnuTLS 2.6.6. diff --git a/www/security-entries/GNUTLS-SA-2009-2 b/www/security-entries/GNUTLS-SA-2009-2 new file mode 100644 index 0000000000..1e9f19dc98 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-2 @@ -0,0 +1,9 @@ + + + CVE-2009-1416 + + GnuTLS 2.6.x DSA keys are corrupt + Security advisory including patch
    + + Announcement of v2.6.6 that includes patch.
    + Recommendation: If you are using GnuTLS 2.6.x, upgrade to GnuTLS 2.6.6. diff --git a/www/security-entries/GNUTLS-SA-2009-3 b/www/security-entries/GNUTLS-SA-2009-3 new file mode 100644 index 0000000000..e53747a277 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-3 @@ -0,0 +1,11 @@ + + + CVE-2009-1417 + + No checking of certificate activation/expiration times + Security advisory including patch
    + + Announcement of v2.6.6 that includes patch.
    + Recommendation: Upgrade to GnuTLS 2.6.6 or later. If you + still use the 2.4.x branch or earlier branches, apply the + patch. diff --git a/www/security-entries/GNUTLS-SA-2009-4 b/www/security-entries/GNUTLS-SA-2009-4 new file mode 100644 index 0000000000..1ba4ef3e78 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-4 @@ -0,0 +1,15 @@ + + + CVE-2009-2730 + + False positive in certificate hostname validation + + Announcement of v2.8.3 that solves the problem.
    + + Analysis of the vulnerability and minimal patch.
    + + How to check if your GnuTLS library is vulnerable.
    + Back-ported patches for earlier releases: + [1] + [2]
    + Recommendation: Upgrade to GnuTLS 2.8.3 or later. diff --git a/www/security-entries/GNUTLS-SA-2009-5 b/www/security-entries/GNUTLS-SA-2009-5 new file mode 100644 index 0000000000..aeb0171d33 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-5 @@ -0,0 +1,10 @@ + + CERT VU#120541
    + + CVE-2009-3555 + + Plaintext injection attack + + Mailing list discussion +

    Recommendation: Disable support for TLS renegotiation + in application servers, or better upgrade to GnuTLS 2.10.x. diff --git a/www/security-entries/GNUTLS-SA-2010-1 b/www/security-entries/GNUTLS-SA-2010-1 new file mode 100644 index 0000000000..8ada1fc2df --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2010-1 @@ -0,0 +1,12 @@ + + + + CVE-2010-0731 + + Remote Denial of Service + + RedHat bugzilla report
    + + Mailing list discussion +

    This vulnerability is on a deprecated since 2006 version of GnuTLS. We keep the information here because this version was included in some distributions. +Recommendation: Upgrade to the latest stable branch. diff --git a/www/security-entries/GNUTLS-SA-2011-1 b/www/security-entries/GNUTLS-SA-2011-1 new file mode 100644 index 0000000000..94dd5cec16 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2011-1 @@ -0,0 +1,10 @@ + + + Rizzo attack on TLS + + Plaintext recovery + + Mailing list discussion +
    +Recommendation: Make use of TLS 1.1 or TLS 1.2 protocols that are not vulnerable to the attack. +TLS 1.1 is enabled by default in GnuTLS since version 2.0.0 (released in 2007). If this is not possible, disable CBC ciphers. diff --git a/www/security-entries/GNUTLS-SA-2011-2 b/www/security-entries/GNUTLS-SA-2011-2 new file mode 100644 index 0000000000..2cf35fbd66 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2011-2 @@ -0,0 +1,13 @@ + + + CVE-2011-4128 + + Possible buffer overflow/Denial of service + + Mailing list discussion +
    +Note that this vulnerability is triggered by TLS clients that utilize the session resumption +functions in a particular way. Clients that perform session resumption using the +same steps as in the example +code of GnuTLS documentation are not vulnerable. A preliminary analysis found no vulnerable clients. +Recommendation: Upgrade to GnuTLS 3.0.7 or 2.12.14. diff --git a/www/security-entries/GNUTLS-SA-2012-1 b/www/security-entries/GNUTLS-SA-2012-1 new file mode 100644 index 0000000000..7c816bcce0 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-1 @@ -0,0 +1,13 @@ + + + CVE-2012-0390 + + Timing attack (DTLS) + + Announcement of GnuTLS 3.0.11
    + + The paper describing the attack
    +This vulnerability allows an attacker to perform partial plaintext recovery +using a timing attack in CBC-mode encryption. The attack is applicable to Datagram TLS (DTLS). +
    +Recommendation: Upgrade to GnuTLS 3.0.11. diff --git a/www/security-entries/GNUTLS-SA-2012-2 b/www/security-entries/GNUTLS-SA-2012-2 new file mode 100644 index 0000000000..7b4126eed1 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-2 @@ -0,0 +1,9 @@ + + + CVE-2012-1573 + + Possible buffer overflow/Denial of service + TLS record handling vulnerability fixed in GnuTLS 3.0.15.
    + + Write-up by Mu Dynamics
    + Recommendation: Upgrade to GnuTLS 3.0.17 or 2.12.18. diff --git a/www/security-entries/GNUTLS-SA-2012-3 b/www/security-entries/GNUTLS-SA-2012-3 new file mode 100644 index 0000000000..e9b4262554 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-3 @@ -0,0 +1,9 @@ + + + CVE-2012-1569 + + Denial of service + This vulnerability is in the libtasn1 library and affects the DER length decoding which is fixed in 2.12 release.
    + + Write-up by Mu Dynamics
    + Recommendation: Upgrade to libtasn1 2.12. diff --git a/www/security-entries/GNUTLS-SA-2012-4 b/www/security-entries/GNUTLS-SA-2012-4 new file mode 100644 index 0000000000..07ee30e331 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-4 @@ -0,0 +1,34 @@ + + + "CRIME" attack
    + + CVE-2012-4929 + + Possible plaintext recovery +

    There is an attack on TLS called "CRIME" which +takes advantage of compression and may recover plaintext under certain +circumstances.

    +

    +Who is affected by this attack? +

      +
    • Clients or servers that use compression and provide the ability to +an adversary to inject data (multiple times) in their session.
      • +
    +

    +How to mitigate the attack? +

      +
    • Do not enable compression (GnuTLS doesn't enable it by default)
      • +
    • When using compression use the CBC ciphers that include a random +padding up to 255 bytes. That would increase the number of trials an +attacker needs to perform significantly.
      • +
    +

    +Note that using compression provides information to an attacker on the plaintext. +
    +Security advisory +
    +A description of the attack +
    +Another analysis of the attack +
    + diff --git a/www/security-entries/GNUTLS-SA-2013-1 b/www/security-entries/GNUTLS-SA-2013-1 new file mode 100644 index 0000000000..ec89fe4b6b --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2013-1 @@ -0,0 +1,35 @@ + + + TLS CBC padding timing attack
    + + CVE-2013-1619 + + Possible plaintext recovery +

    +Nadhem Alfardan and Kenny Paterson devised an attack that recovers +some bits of the plaintext of a GnuTLS session that utilizes that CBC +ciphersuites, by using timing information. +

    +

    +In order for the attack to work the client must operate as follows. +It connects to a server, it sends some (encrypted) data that will be +intercepted by the attacker, who will terminate the client's connection +abnormally (i.e. the client will receive a premature termination error). +The client should repeat that, multiple times. +

    +

    +Who is affected by this attack? +

      +
    • Clients that repeatedly reconnect and transfer the same data, after +a TLS fatal error occurs.
      • +
    +

    +How to mitigate the attack? +

      +
    • Do not enable the CBC ciphersuites, prefer ARCFOUR or GCM modes.
      • +
    • Upgrade to the latest GnuTLS version (3.1.7, 3.0.28, or 2.12.23).
      • +
    + +Write-up by Nikos
    +

    + diff --git a/www/security-entries/GNUTLS-SA-2013-2 b/www/security-entries/GNUTLS-SA-2013-2 new file mode 100644 index 0000000000..21c3f5f197 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2013-2 @@ -0,0 +1,8 @@ + + + CVE-2013-2116 + + Denial of service + This vulnerability affects gnutls 2.12.23 and its TLS record decoding.
    + + Recommendation: Apply the patch or upgrade to gnutls 3.x. diff --git a/www/security-entries/GNUTLS-SA-2013-3 b/www/security-entries/GNUTLS-SA-2013-3 new file mode 100644 index 0000000000..1ad458b857 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2013-3 @@ -0,0 +1,8 @@ + + CVE-2013-4466 + + Denial of service + This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that +returns more 4 DANE entries could corrupt the memory of a requesting client.
    + + Recommendation: Upgrade to the latest gnutls version (3.1.16 or 3.2.6) diff --git a/www/security-entries/GNUTLS-SA-2014-1 b/www/security-entries/GNUTLS-SA-2014-1 new file mode 100644 index 0000000000..f66cbfd4b0 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-1 @@ -0,0 +1,26 @@ + + CVE-2014-1959 + + Certificate verification issue +

    Suman Jana reported a vulnerability that affects the certificate verification +functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as +a CA certificate by default (something that deviates from the documented +behavior). +

    + +

    +Who is affected by this attack? +

      +
    • Anyone who has a CA that issues X.509 version 1 certificates in his +trusted list.
      • +
    +

    +How to mitigate the attack? +

      +
    • Apply this +patch or upgrade to the latest GnuTLS version (3.2.11 or 3.1.21).
      • +
    + +

    + diff --git a/www/security-entries/GNUTLS-SA-2014-2 b/www/security-entries/GNUTLS-SA-2014-2 new file mode 100644 index 0000000000..a96acc4cb2 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-2 @@ -0,0 +1,31 @@ + + CVE-2014-0092 + + Certificate verification issue +

    A vulnerability was discovered that affects the certificate verification +functions of all gnutls versions. A specially crafted certificate could +bypass certificate validation checks. The vulnerability was discovered +during an audit of GnuTLS for Red Hat. +

    + +

    +Who is affected by this attack? +

      +
    • Anyone using certificate authentication in any version of GnuTLS.
      • +
    +

    +How are past sessions affected? +

      +
    • The vulnerability to be exploited it requires an active man-in-the-middle attacker. +Past sessions are not affected unless they were under such an attack.
      • +
    +

    +How to mitigate the attack? +

      +
    • Upgrade to the latest GnuTLS version (3.2.12 or 3.1.22), or +apply the patch for GnuTLS 2.12.x. +
      • +
    + +

    + diff --git a/www/security-entries/GNUTLS-SA-2014-3 b/www/security-entries/GNUTLS-SA-2014-3 new file mode 100644 index 0000000000..480a708532 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-3 @@ -0,0 +1,12 @@ + + CVE-2014-3466 + + Memory corruption + This vulnerability affects the client side of the gnutls library. A server that +sends a specially crafted ServerHello could corrupt the memory of a requesting client.
    + + + Analysis at radare.today
    + + Recommendation: Upgrade to the latest gnutls version (3.1.25, 3.2.15 +or 3.3.4) diff --git a/www/security-entries/GNUTLS-SA-2014-4 b/www/security-entries/GNUTLS-SA-2014-4 new file mode 100644 index 0000000000..69b1c65f3e --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-4 @@ -0,0 +1,16 @@ + + CVE-2014-3566 + + Possible plaintext recovery + This is a vulnerability on the SSL 3.0 protocol (called POODLE), which can be + exploited when TLS clients use a non-standard insecure protocol + negotiation (it affects mostly browsers). Clients performing the + standard TLS handshake as documented by GnuTLS are not affected.
    + + + Write-up by Nikos
    + + Recommendation: For clients using the documented +handshake process no action is required. Clients that use the non-standard insecure +negotiation should not negotiate SSL 3.0. In all cases it recommended +to disable SSL 3.0 using a priority string such as "NORMAL:-VERS-SSL3.0". diff --git a/www/security-entries/GNUTLS-SA-2014-5 b/www/security-entries/GNUTLS-SA-2014-5 new file mode 100644 index 0000000000..524443d766 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-5 @@ -0,0 +1,11 @@ + + CVE-2014-8564 + + Denial of service + Sean Burford reported that the encoding of elliptic curves parameters + GnuTLS 3 is vulnerable to a denial of service (heap + corruption). It affects clients and servers which print information about + the peer's public key, e.g., the key ID, and can be exploited via + a specially crafted X.509 certificate.
    + + Recommendation: Upgrade to GnuTLS 3.3.10, 3.2.20 or 3.1.28. diff --git a/www/security-entries/GNUTLS-SA-2015-1 b/www/security-entries/GNUTLS-SA-2015-1 new file mode 100644 index 0000000000..a470f06fc6 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-1 @@ -0,0 +1,12 @@ + + CVE-2015-0282 + + Signature forgery + This issue only affects versions of GnuTLS prior to 3.1.0 (released in 2012). + These versions don't verify the RSA PKCS #1 signature algorithm to + match the signature algorithm in the certificate, leading to a potential + downgrade to a disallowed algorithm, such as MD5, without detecting it.
    + + Recommendation: Upgrade to GnuTLS 3.1.0, or later. +A patch will be included in gnutls_2_12_x branch for the users of that +version that cannot upgrade. diff --git a/www/security-entries/GNUTLS-SA-2015-2 b/www/security-entries/GNUTLS-SA-2015-2 new file mode 100644 index 0000000000..de8dcc60d2 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-2 @@ -0,0 +1,15 @@ + + No CVE assigned + + ServerKeyExchange signature issue + Karthikeyan Bhargavan + reported that a ServerKeyExchange signature + sent by the server is not verified to be in the acceptable by the client + set of algorithms. That has the effect of allowing MD5 signatures + (which are disabled by default) in the ServerKeyExchange message. It is not believed that this bug can + be exploited because a fraudulent signature has to be generated in real-time which is not + known to be possible. However, since attacks can only get better it is + recommended to update to a GnuTLS version which addresses the issue.
    + + Recommendation: Upgrade to GnuTLS 3.4.1, or 3.3.15. diff --git a/www/security-entries/GNUTLS-SA-2015-3 b/www/security-entries/GNUTLS-SA-2015-3 new file mode 100644 index 0000000000..72725b7033 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-3 @@ -0,0 +1,10 @@ + + CVE-2015-6251 + Double free in certificate DN decoding + Kurt Roeckx reported that decoding a specific certificate with very + long DistinguishedName (DN) entries leads to double free, which may result to a denial of + service. Since the DN decoding occurs in almost all applications using + certificates it is recommended to upgrade the latest GnuTLS version + fixing the issue.
    + + Recommendation: Upgrade to GnuTLS 3.4.4, or 3.3.17. diff --git a/www/security-entries/GNUTLS-SA-2015-4 b/www/security-entries/GNUTLS-SA-2015-4 new file mode 100644 index 0000000000..4598228922 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-4 @@ -0,0 +1,8 @@ + + CVE-2015-3308 + Double free in CRL distribution points decoding of a certificate + Robert Święcki reported that decoding a specially crafted + certificate with certain CRL distribution points format can lead to a + double free. This issue was fixed in GnuTLS 3.3.14. + + Recommendation: Upgrade to GnuTLS 3.3.14, or later versions. diff --git a/www/security-entries/GNUTLS-SA-2016-1 b/www/security-entries/GNUTLS-SA-2016-1 new file mode 100644 index 0000000000..3a104ebafc --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2016-1 @@ -0,0 +1,8 @@ + CVE-2016-4456 + File overwrite by setuid programs + Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite + and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 + with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed + in GnuTLS 3.4.13 by switching to secure_getenv() where available. + + Recommendation: Upgrade to GnuTLS 3.4.13, or later versions. diff --git a/www/security-entries/GNUTLS-SA-2016-2 b/www/security-entries/GNUTLS-SA-2016-2 new file mode 100644 index 0000000000..0e84fe13ee --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2016-2 @@ -0,0 +1,22 @@ + + + Certificate verification issue +

    We discoverd a vulnerability that affects certificate verification +when GnuTLS is used in combination with the p11-kit trust module. +That issue affects gnutls 3.3.23, 3.4.12 and later versions. +

    + +

    +Who is affected by this vulnerability? +

      +
    • GnuTLS installations which are configured to utilize the p11-kit trust store (i.e., when compiled with --with-default-trust-store-pkcs11).
      • +
    +

    +How to mitigate the vulnerability? +

      +
    • Disable the trust store verification or upgrade to GnuTLS 3.3.24, 3.4.14 and later versions.
      • +
    + +

    + diff --git a/www/security-entries/GNUTLS-SA-2016-3 b/www/security-entries/GNUTLS-SA-2016-3 new file mode 100644 index 0000000000..41e2e4989b --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2016-3 @@ -0,0 +1,14 @@ + + + OCSP validation issue +

    Stefan Bühler discovered an issue that affects validation +of certificates using OCSP responses, which can falsely report a certificate +as valid under certain circumstances. +That issue affects gnutls 3.3.24, 3.4.14, 3.5.3 and previous versions. + + Write-up by Stefan Bühler
    + Recommendation: Upgrade to GnuTLS versions 3.4.15, 3.5.4 or apply the patch referenced in the mail above. + +

    + diff --git a/www/security.wml b/www/security.wml new file mode 100644 index 0000000000..54db6f4fe4 --- /dev/null +++ b/www/security.wml @@ -0,0 +1,39 @@ +#include 'common.wml' page="Security advisories" + +
      +
    • About Security Advisories + +

      Although, the core GnuTLS team does not have resources to + analyse the background and impact of security issues in depth, + we do take security seriously. All known information on security incidents + is collected and published in this page. + +

      Our idea is to turn writing security advisory into an open + process where everyone can contribute. Everyone is invited to + analyse the impact of discovered bugs, and, of course, also to + study the code for new bugs. + +

      All serious analysis of bugs will be posted on this page. + +

      If this level of support is inadequate for your needs, + customized commercial support is + available. + +

    • Reporting security problems + +

      Send non-public reports to the maintainers. All + other reports should be sent to one of the + mailing lists. +

    +
    +

    +

    Advisories

    +

    + +#include 'rawsecurity.wml' TABLE_CLASS=news + +

    + + +#include 'bottom.wml' diff --git a/www/soc.wml b/www/soc.wml new file mode 100644 index 0000000000..580fa91513 --- /dev/null +++ b/www/soc.wml @@ -0,0 +1,88 @@ +#include 'common.wml' page="Summer of code" + +

    This year we participate in Google Summer of code under +the GNU project umbrella. +To discuss ideas you may use the gnutls mailing lists. +To propose a project follow the information in the +Google summer of code 2012 site. +

    + +

    + GnuTLS project ideas for summer of code +

      +
    • Strict certificate path validation. +

      + Currently GnuTLS implements a simple and straightforward + certificate path validation algorithm. However a complete + validation algorithm, such as the one described in RFC5280, + requires the consideration of several factors that are currently ignored + (certificate policies, path constraints etc). + The target of this project is to implement the complete certificate path validation algorithm from RFC5280. +

      +

      + Difficulty: medium
      + Requirements: C, git
      + Recommended: familiarity with gnutls' internals
      + Mentors: Nikos Mavrogiannopoulos, Daniel Kahn Gillmor
      +

      +
      • + +
    • RSASSA-PSS signature scheme. +

      + Currently GnuTLS implements the PKCS #1 1.5 signature algorithm for + certificate and CRL signatures. This target of this project is to + enhance GnuTLS to support the PKCS #1, RSASSA-PSS signature + scheme. +

      +

      + Difficulty: medium
      + Requirements: C, git
      + Recommended: familiarity with gnutls' internals
      + Mentors: Nikos Mavrogiannopoulos, Daniel Kahn Gillmor
      +

      +
      • + +
    • TLS and DTLS extensions. +

      + Two extensions are to be implemented: +

        +
      1. DTLS Heartbeat +
      2. Certificate status request +
      +The former is an extension to the datagram TLS protocol described in RFC6520 to support heartbeat messages in order to identify the status of the peer (dead or not). The latter provides a way for an HTTPS server to provide a fresh OCSP response to the client, described in RFC6066. This saves the client from the burden of having to connect to the CAs OCSP server in order to get a fresh certificate status. +

      +

      + Difficulty: medium
      + Requirements: C, git
      + Mentors: Nikos Mavrogiannopoulos, Daniel Kahn Gillmor
      +

      +
      • + +
    • Faster elliptic curve scalar multiplication. +

      +Improve the scalar multiplication in elliptic curves by implementing the wNAF based method as well as the Yao-DBNS method. +

      +

      + Difficulty: medium
      + Requirements: C, git
      + Recommended: mathematics background
      + Mentors: Nikos Mavrogiannopoulos, Daniel Kahn Gillmor
      +

      +
      • + +
    • Implementation of additional encryption schemas for PKCS #12 and PKCS #8 +

      +Improve the support for encrypted private keys and certificates, by implementing the algorithms and formats used by other popular implementations (openssl, windows). +

      +

      + Difficulty: medium
      + Requirements: C, git
      + Recommended: familiarity with gnutls' internals
      + Mentors: Nikos Mavrogiannopoulos, Daniel Kahn Gillmor
      +

      +
      • + +
    +

    + +#include 'bottom.wml' diff --git a/www/support.wml b/www/support.wml new file mode 100644 index 0000000000..217672a45d --- /dev/null +++ b/www/support.wml @@ -0,0 +1,71 @@ +#include 'common.wml' page="Support" + +
    + + + + + + + +
    + + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + +
    ListDescriptionArchives
    gnutls-help@lists.gnutls.orgGeneral mailing list to discuss and ask questions related to GnuTLS.
    gnutls-devel@lists.gnutls.orgMailing list for discussions related to improving GnuTLS.
    + + +

    To report bugs see the developer information pages.

    +
    + +#include 'bottom.wml' -- cgit v1.2.1