diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-10 19:57:59 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-11 09:22:30 +0200 |
| commit | 7c7774dfd034efa911f03b4a88de8ec01a4c282a (patch) | |
| tree | 5cb9b934922d3b1de741993b45d24ced232002ff | |
| parent | c44580b1a6b177acfce74ee54d79f745baa1a6de (diff) | |
| download | gnutls-new-web-pages.tar.gz | |
Included static page generation into treenew-web-pages
Also create a CI task to generate the web site and upload
to gnutls.gitlab.io.
178 files changed, 3969 insertions, 315 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b20a8a1cac..52daee8d22 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,305 +1,14 @@ -image: fedora:24 - -Fedora/x86_64/minimal: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && ./configure --with-included-libtasn1 - --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-rsa-export - --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication - --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-openpgp-authentication - --disable-ocsp --disable-session-tickets --disable-non-suiteb-curves - --disable-nls --disable-crywrap --disable-libdane --without-p11-kit --without-tpm - --disable-ssl3-support --disable-ssl2-support --without-zlib --disable-doc --disable-tests --enable-openssl-compatibility && make -j4 - tags: - - shared - except: - - tags - -Fedora/x86_64/ubsan: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && CFLAGS="-fsanitize=undefined -fno-sanitize-recover -g -std=c99 - -O2" LDFLAGS="-static-libubsan" ./configure --disable-doc --disable-valgrind-tests --disable-non-suiteb-curves --disable-guile --enable-code-coverage - && make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -Fedora/x86_64/no-SSL-3.0: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && mkdir -p build && cd build && - ../configure --disable-ssl3-support --disable-ssl2-support --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-valgrind-tests --enable-code-coverage && - make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/guile/tests/*.log - - build/tests/*.log - - build/tests/*/*.log - -# Needs gnutls' headers due to some abi-checker issue with resolving deps -Fedora/x86_64/ABI-check: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y gnutls-devel - - make autoreconf && mkdir -p build && cd build && - ../configure --disable-doc --disable-cxx --disable-guile --disable-non-suiteb-curves && make -j4 && make abi-check - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/logs/gnutls-dane/*/log.txt - - build/logs/gnutls/*/log.txt - -Fedora/x86_64/clang: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && - CC=clang ./configure --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-valgrind-tests && - make -j4 && make check -C tests -j4 - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - guile/tests/*.log - - tests/*.log - - tests/*/*.log - -Fedora/x86_64/FIPS140-2: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && mkdir -p build && cd build && - ../configure --disable-non-suiteb-curves --enable-fips140-mode --enable-code-coverage --disable-doc --disable-valgrind-tests && - make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - when: on_failure - paths: - - guile/tests/*.log - - build/tests/*.log - - build/tests/*/*.log - -Fedora/x86_64/valgrind: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && rm -f tests/suite/mini-eagain2.c && ./configure - --disable-non-suiteb-curves --enable-code-coverage --disable-doc && make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -Fedora/x86_64/asan: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man net-tools - - dnf install -y clang libasan-static nodejs softhsm datefudge lcov openssl-devel libasan dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp - - make autoreconf && CFLAGS="-fsanitize=address -g -O2" LDFLAGS="-static-libasan" - ./configure --disable-doc --enable-code-coverage --disable-valgrind-tests --disable-non-suiteb-curves --disable-guile && - make -j4 && make check -j4 && make local-code-coverage-output - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -MinGW32/DLLs: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine.i686 mingw32-p11-kit mingw32-nettle mingw32-libtasn1 mingw32-gcc mingw32-gmp mingw32-libidn util-linux - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && - mingw32-configure --disable-nls --enable-local-libopts --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw32-make -j4 && mingw32-make -C tests check -j4 -# Combine generated apps and DLLs. -#libintl and iconv are a dependency of libidn -#libwinpthread is required by libgcc -#libffi is required by libp11-kit - - mkdir -p win32-build/bin && mkdir -p win32-build/lib/includes && - cp lib/.libs/*.dll src/.libs/*.exe win32-build/bin && - i686-w64-mingw32-strip --strip-unneeded win32-build/bin/*.dll && - i686-w64-mingw32-strip win32-build/bin/*.exe && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libtasn1-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libidn-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libintl-*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/iconv*.dll win32-build/bin && - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win32-build/bin && - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win32-build/lib && - cp lib/includes/gnutls/*.h win32-build/lib/includes - tags: - - shared - only: - - tags - artifacts: - paths: - - win32-build/ - -MinGW64/DLLs: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine mingw64-nettle mingw64-libtasn1 mingw64-p11-kit mingw64-gcc mingw64-gmp mingw64-libidn util-linux - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && - mingw64-configure --disable-nls --enable-local-libopts --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw64-make -j4 && mingw64-make -C tests check -j4 -# Combine generated apps and DLLs. -#libintl and iconv are a dependency of libidn -#libwinpthread is required by libgcc -#libffi is required by libp11-kit - - mkdir -p win64-build/bin && mkdir -p win64-build/lib/includes && - cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin && - x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll && - x86_64-w64-mingw32-strip win64-build/bin/*.exe && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libtasn1-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libintl-*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/iconv*.dll win64-build/bin && - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin && - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib && - cp lib/includes/gnutls/*.h win64-build/lib/includes - tags: - - shared - only: - - tags - artifacts: - paths: - - win64-build/ - -MinGW64: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine mingw64-nettle mingw64-p11-kit mingw64-libtasn1 mingw64-gcc mingw64-gmp mingw64-libidn util-linux - - dnf install -y "http://people.redhat.com/nmavrogi/fedora/mingw64-libcmocka-1.0.1-1.fc24.noarch.rpm" - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && mkdir -p build && cd build && - mingw64-configure --enable-local-libopts --without-p11-kit --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw64-make -j4 && mingw64-make -C tests check -j4 - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/*.log - - build/tests/*.log - - build/tests/*/*.log - -MinGW32: - script: - - dnf install -y git which autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools - - dnf install -y clang libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - dnf install -y wine.i686 mingw32-p11-kit mingw32-nettle mingw32-libtasn1 mingw32-gcc mingw32-gmp mingw32-libidn util-linux - - dnf install -y "http://people.redhat.com/nmavrogi/fedora/mingw32-libcmocka-1.0.1-1.fc24.noarch.rpm" - - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - - make autoreconf && rm -f tests/suite/mini-eagain2.c && mkdir -p build && cd build && - mingw32-configure --enable-local-libopts --without-p11-kit --disable-non-suiteb-curves --disable-doc --disable-valgrind-tests && - mingw32-make -j4 && mingw32-make -C tests check -j4 - tags: - - shared - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - build/*.log - - build/tests/*.log - - build/tests/*/*.log - -FreeBSD10/x86_64: - script: - - gmake autoreconf && rm -f tests/suite/mini-eagain2.c && LIBS="-L/usr/local/lib" ./configure - --disable-guile --disable-doc --disable-valgrind-tests && gmake -j4 && gmake check -j4 - tags: - - freebsd - except: - - tags - artifacts: - expire_in: 1 week - when: on_failure - paths: - - tests/*.log - - tests/*/*.log - -# We need a clean 32-bit fedora for testing -Fedora/x86: - image: nickcis/fedora-32:23 +pages: + image: debian:stretch script: - - linux32 dnf install -y autoconf libtool gettext-devel automake autogen nettle-devel p11-kit-devel autogen-libopts-devel trousers-devel guile-devel libtasn1-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel bison help2man xz net-tools libseccomp-devel libubsan libubsan-static nodejs softhsm datefudge lcov openssl-devel dieharder mbedtls-utils openssl libcmocka-devel socat xz ppp abi-compliance-checker valgrind - - make autoreconf && mkdir -p build && cd build && - ../configure --build=i686-redhat-linux --target=i686-redhat-linux --disable-cxx --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-valgrind-tests --enable-code-coverage && - make -j4 && make check -j4 && make local-code-coverage-output + - apt-get update + - apt-get install -y git-core make autoconf automake autogen libtool gettext autopoint libp11-kit-dev nettle-dev libtspi-dev libtasn1-6-dev libidn11-dev gawk gperf git2cl libunbound-dev dns-root-data bison help2man gtk-doc-tools + - apt-get install -y wml make perl texinfo texlive texlive-generic-recommended texlive-extra-utils help2man gtk-doc-tools texlive-latex-extra + - make autoreconf && ./configure --disable-tests --disable-manpages --enable-gtk-doc + - make -j4 && make web tags: - shared - except: - - tags artifacts: - expire_in: 1 week - when: on_failure paths: - - build/*.log - - build/tests/*.log - - build/tests/*/*.log + - www/public @@ -127,7 +127,7 @@ ChangeLog: cat .clcopying >> ChangeLog tag = $(PACKAGE)_`echo $(VERSION) | sed 's/\./_/g'` -htmldir = ../www-$(PACKAGE) +htmldir = www/public release: syntax-check prepare upload web upload-web @@ -140,16 +140,14 @@ prepare: git tag -u b565716f! -m $(VERSION) $(tag) upload-tarballs: - git push - git push --tags - build-aux/gnupload --to alpha.gnu.org:$(PACKAGE) $(distdir).tar.xz - build-aux/gnupload --to alpha.gnu.org:$(PACKAGE) $(distdir).tar.lz - cp $(distdir).tar.xz $(distdir).tar.xz.sig ../releases/$(PACKAGE)/ - cp $(distdir).tar.lz $(distdir).tar.lz.sig ../releases/$(PACKAGE)/ - + gpg --sign --detached $(distdir).tar.xz + scp $(distdir).tar.xz* trithemius.gnupg.org:/home/ftp/gcrypt/gnutls/v$(MAJOR_VERSION).$(MINOR_VERSION) web: echo generating documentation for $(PACKAGE) + rm -rf $(htmldir) + mkdir -p $(htmldir)/manual + mkdir -p $(htmldir)/reference make -C doc gnutls.html cd doc && cp gnutls.html *.png ../$(htmldir)/manual/ cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/html_node/ --css-include=./texinfo.css gnutls.texi @@ -160,14 +158,8 @@ web: make -C doc gnutls-guile.html gnutls-guile.pdf cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/gnutls-guile/ --css-include=./texinfo.css gnutls-guile.texi cd doc && cp gnutls-guile.pdf gnutls-guile.html ../$(htmldir)/manual/ - #cd doc/doxygen && doxygen && cd ../.. && cp -v doc/doxygen/html/* $(htmldir)/devel/doxygen/ && cd doc/doxygen/latex && make refman.pdf && cd ../../../ && cp doc/doxygen/latex/refman.pdf $(htmldir)/devel/doxygen/$(PACKAGE).pdf - -cp -v doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp doc/reference/html/*.css $(htmldir)/reference/ - #cp -v doc/cyclo/cyclo-$(PACKAGE).html $(htmldir)/cyclo/ - -upload-web: - cd $(htmldir) && \ - cvs commit -m "Update." manual/ reference/ \ - doxygen/ devel/ cyclo/ + -cp -v doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp* doc/reference/html/*.css $(htmldir)/reference/ + cd www && $(MAKE) ASM_SOURCES_XXX := \ lib/accelerated/x86/XXX/cpuid-x86_64.s \ diff --git a/www/Makefile b/www/Makefile new file mode 100644 index 0000000000..efe2d2cc36 --- /dev/null +++ b/www/Makefile @@ -0,0 +1,57 @@ +# Release process: +# 1. Add a news entry in news-entries (see news/entries/README) +# 2. Updated the documentation ('make web' in the gnutls source) +# 3. Type 'make' +# 4. Type 'make tweet' + +WML=wml +WMLFLAGS=-DTABLE_BGCOLOR="\#e5e5e5" -DTABLE_HDCOLOR="\#ccbcbc" \ + -DTABLE_BGCOLOR2="\#e0d7d7" -DWHITE="\#ffffff" -DEMAIL=\"bugs@gnutls.org\" \ + -DSTABLE_VER="3.4" -DSTABLE_OLD_VER="3.3" -DSTABLE_ABI="3.4.0" -DSTABLE_OLD_ABI="3.0.0" \ + -DSTABLE_NEXT_VER="3.5" -DSTABLE_NEXT_ABI="3.5.0" + +COMMON=common.wml bottom.wml head.wml rawnews.wml +OUTPUT=public/index.html public/contrib.html public/devel.html public/support.html \ + public/download.html public/gnutls-logo.html public/news.html \ + public/documentation.html public/help.html public/openpgp.html \ + public/security.html public/commercial.html public/soc.html public/faq.html \ + manual/index.html public/css/layout.css + +all: $(OUTPUT) public/news.atom + +.PHONY: clean rest manual/index.html security.html public/css + +public/css: + mkdir -p $@ + cp css/*.css $@ + +public/manual/index.html: manual-index.html.bak + @cp -f manual-index.html.bak $@ + +NEWS_FILES=$(shell ls news-entries/*.xml) + +public/news.atom: $(NEWS_FILES) scripts/atom.pl + perl scripts/atom.pl >$@ + +public/security.html: security.wml rawsecurity.wml $(COMMON) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/news.html: news.wml $(COMMON) $(NEWS_FILES) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/index.html: gnutls.wml $(COMMON) $(NEWS_FILES) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/%.html: %.wml $(COMMON) + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +public/css/%.css: css/%.cwml $(COMMON) public/css + $(WML) $(WMLFLAGS) $< > $@.tmp + mv $@.tmp $@ + +clean: + rm -f *~ $(OUTPUT) diff --git a/www/bottom.wml b/www/bottom.wml new file mode 100644 index 0000000000..aab07d86ac --- /dev/null +++ b/www/bottom.wml @@ -0,0 +1,53 @@ +</div> + +<!-- <p id="backtotop"><a href="#header">back to top</a></p> --> + +</div> +<!-- end server/footer-text.html --> + + +<div id="footer"> + +<table width="100%" class="transparent"> +<tr> +<td> +<p> +Please send broken links and other corrections or suggestions to +<a href="mailto:$(EMAIL)"><em>$(EMAIL)</em></a>. +</p> +<!-- +<p> +Copyright © 2011-2015 Free Software Foundation, Inc.<br> +Copyright © 2012-2015 Nikos Mavrogiannopoulos<br> +Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice, and the copyright notice, are preserved.<br> +</p> +--> +</td> +<!-- +<td> +<a href="http://flattr.com/thing/291598/GnuTLS" target="_blank"><img src="http://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a> + + <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> + <input type="hidden" name="cmd" value="_xclick" /> + <input type="hidden" name="business" value="simon@josefsson.org" /> + <input type="hidden" name="item_name" value="Donation for development" /> + <input type="hidden" name="item_number" value="GnuTLS" /> + <input type="hidden" name="no_shipping" value="1" /> + <input type="hidden" name="cn" value="Comment" /> + <input type="hidden" name="currency_code" value="EUR" /> + <input type="hidden" name="tax" value="0" /> + <input type="hidden" name="bn" value="PP-DonationsBF" /> + <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif" name="submit" alt="Paypal" /> + </form> + </center> + +</td> +--> + +</tr> +</table> + +</div> + +</body> +</html> diff --git a/www/commercial.wml b/www/commercial.wml new file mode 100644 index 0000000000..2b3411ac15 --- /dev/null +++ b/www/commercial.wml @@ -0,0 +1,93 @@ +#include 'common.wml' page="Commercial support" + +<ul> + <li><a name="about"><b>About Commercial Support</b></a> + + <p>The GnuTLS project is community developed, and everyone is + welcome to contribute under certain conditions. There + is <a href="support.html">free support</a> available. + + <p>Some companies are offering paid services to meet specific + needs. This page contain links to companies that wishes to + announce their interest in working with GnuTLS and related + software.</p> + + <p>The information comes from the people who asked to be listed; + we do not include any information we know to be false, but we + cannot check out any of the information; we are transmitting it + to you as it was given to us and do not promise it is correct. + Also, this is not an endorsement of the people listed here. We + have no opinions and usually no information about the abilities + of any specific person. We provide this list to enable you to + contact service providers and decide for yourself whether to + hire one.</p> + + <li><a name="list"><b>Companies offering GnuTLS support</b></a> + + <p><center> + <table class="news" border="0" cellspacing="1" width="80%"> + <tr> + <th>Company</th> + <th>Location</th> + <th>Information</th> + </tr> + + <tr> + <td>Simon Josefsson Datakonsult AB</td> + <td>Stockholm, Sweden</td> + <td>Offers customized development of new features (e.g., + TLS extensions, new cipher suites), porting GnuTLS to new + platforms, help with integrating GnuTLS in your own + project, security audits, and more.<br> + <br> + <b>Web:</b> + <a href="http://josefsson.org/"> + http://josefsson.org/</a><br> + <b>E-mail:</b> + <a href="mailto:simon@josefsson.org"> + simon@josefsson.org</a> + </td> + </tr> + <tr> + <td>Red Hat, Inc.</td> + <td>Worldwide</td> + <td>Offers customized development of new features and support + of GnuTLS for its customers.</br> + <br> + <b>Web:</b> + <a href="http://access.redhat.com/"> + http://access.redhat.com/</a><br> + </td> + </tr> + </table> + </center></p> + + <li><a name="add"><b>List yourself</b></a> + + <p>Before we will list your name, we ask that you agree informally + to the following terms:</p> + + <ol> + <li>You will not restrict (except by copyleft) the use or + distribution of any software, documentation, or other + technical information you supply anyone in the course of + modifying, extending, or supporting free software. This + includes any information specifically designed to ameliorate + the use of free software. + + <li>You will not take advantage of contact made through this + page to advertise an unrelated business (e.g., sales of + proprietary information). You may spontaneously mention your + availability for general consulting, but you should not + promote a specific unrelated business unless the client asks. + </ol> + + <p>If you want to be listed here, + please <a href="mailto:$(EMAIL)">contact us</a>. The + information is listed in the order we receive requests. We + might eventually divide the list up by geographic location or + type of service.</p> + +</ul> + +#include 'bottom.wml' diff --git a/www/common.wml b/www/common.wml new file mode 100644 index 0000000000..1b51558ea2 --- /dev/null +++ b/www/common.wml @@ -0,0 +1,62 @@ +#include 'head.wml' +#use wml::std::tags + +<perl> +sub print_li_header { +my $page = $_[0]; +my $path = $_[1]; +my $name = $_[2]; +my $_name; + +if ($page ne $name) { + $_name =~ s/\s/_/g; + print "<li id=\"tab$_name\"><a href=\"$path\">$name</a></li>\n"; +} else { + print "<li id=\"joinfsftab\"><a href=\"$path\">$name</a></li>\n"; +} + +return; +} +</perl> + + +<!--<div id="null-wrapper"> --> + +<!-- begin of body-include-2 --> + <div id="header"> + <div class="inner" style="position: relative;"> +<table width="100%" class="transparent"> + <tr><td> + <a href="$(path)gnutls-logo.html"> + <img alt="Gnutls Logo" src="$(path)graphics/gnutls-logo.png" align="Left" border="0" /> + </a> + </td> + <td> + <h1>The GnuTLS Transport Layer Security Library</h1> + </td> + </tr> + </table> + </div> + </div> + +<div id="navigation"> + <div class="inner"> + + + <ul> + <:= &print_li_header("$(page)","$(path)index.html","Overview") :> + <:= &print_li_header("$(page)","$(path)news.html","News") :> +<!-- <:= &print_li_header("$(page)","$(path)soc.html","Summer of code") :> --> + <:= &print_li_header("$(page)","$(path)download.html","Download") :> + <:= &print_li_header("$(page)","$(path)support.html","Support") :> + <:= &print_li_header("$(page)","$(path)devel.html","Development") :> + <:= &print_li_header("$(page)","$(path)documentation.html","Documentation") :> + <:= &print_li_header("$(page)","$(path)security.html","Security advisories") :> +<!-- <:= &print_li_header("$(page)","$(path)commercial.html","Commercial support") :>--> + <:= &print_li_header("$(page)","$(path)contrib.html","Authors") :> +</ul> + + </div><!-- /inner --> +</div><!-- /navigation --> + +<div id="content" class="inner"> diff --git a/www/contrib.wml b/www/contrib.wml new file mode 100644 index 0000000000..31862b1e0f --- /dev/null +++ b/www/contrib.wml @@ -0,0 +1,17 @@ +#include 'common.wml' page="Authors" + +<p> GnuTLS is available because of the efforts of many people. The current maintainer is +<a href="http://nikmav.blogspot.com">Nikos Mavrogiannopoulos</a>, reachable at +<a href="mailto:nmav@gnutls.org">nmav@gnutls.org</a>. +</p> + +<p> +<a href="https://gitlab.com/gnutls/gnutls/blob/master/AUTHORS"> +[People who have contributed to gnutls]</a> + +<a href="https://gitlab.com/gnutls/gnutls/blob/master/THANKS"> +[People we would like to thank]</a> + +<a href="help.html">[How can I help?]</a> + +#include 'bottom.wml' diff --git a/www/css/combo.css b/www/css/combo.css new file mode 100644 index 0000000000..a42f2cf10a --- /dev/null +++ b/www/css/combo.css @@ -0,0 +1,18 @@ +/* Please do not edit this file. Instead, see +http://developer.yahoo.com/yui/2/ for future releases of YUI version 2 +*/ + +/* +Copyright (c) 2009, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.net/yui/license.txt +version: 2.7.0 +*/ + +html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,button,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,code,dfn,em,strong,th,var,optgroup{font-style:inherit;font-weight:inherit;}del,ins{text-decoration:none;}li{list-style:none;}caption,th{text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym{border:0;font-variant:normal;}sup{vertical-align:baseline;}sub{vertical-align:baseline;}legend{color:#000;}input,button,textarea,select,optgroup,option{font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;}input,button,textarea,select{*font-size:100%;}body{font-family:sans-serif;font:13px/1.231;*font-size:small;*font:x-small;}select,input,button,textarea,button{font:99%;font-family:sans-serif;}table{font-size:inherit;font:100%;}pre,code,kbd,samp,tt{font-family:monospace;*font-size:108%;line-height:100%;}body{text-align:center;}#doc,#doc2,#doc3,#doc4,.yui-t1,.yui-t2,.yui-t3,.yui-t4,.yui-t5,.yui-t6,.yui-t7{margin:auto;text-align:left;width:57.69em;*width:56.25em;}#doc2{width:73.076em;*width:71.25em;}#doc3{margin:auto 10px;width:auto;}#doc4{width:74.923em;*width:73.05em;}.yui-b{position:relative;}.yui-b{_position:static;}#yui-main .yui-b{position:static;}#yui-main,.yui-g .yui-u .yui-g{width:100%;}.yui-t1 #yui-main,.yui-t2 #yui-main,.yui-t3 #yui-main{float:right;margin-left:-25em;}.yui-t4 #yui-main,.yui-t5 #yui-main,.yui-t6 #yui-main{float:left;margin-right:-25em;}.yui-t1 .yui-b{float:left;width:12.30769em;*width:12.00em;}.yui-t1 #yui-main .yui-b{margin-left:13.30769em;*margin-left:13.05em;}.yui-t2 .yui-b{float:left;width:13.8461em;*width:13.50em;}.yui-t2 #yui-main .yui-b{margin-left:14.8461em;*margin-left:14.55em;}.yui-t3 .yui-b{float:left;width:23.0769em;*width:22.50em;}.yui-t3 #yui-main .yui-b{margin-left:24.0769em;*margin-left:23.62em;}.yui-t4 .yui-b{float:right;width:13.8456em;*width:13.50em;}.yui-t4 #yui-main .yui-b{margin-right:14.8456em;*margin-right:14.55em;}.yui-t5 .yui-b{float:right;width:18.4615em;*width:18.00em;}.yui-t5 #yui-main .yui-b{margin-right:19.4615em;*margin-right:19.125em;}.yui-t6 .yui-b{float:right;width:23.0769em;*width:22.50em;}.yui-t6 #yui-main .yui-b{margin-right:24.0769em;*margin-right:23.62em;}.yui-t7 #yui-main .yui-b{display:block;margin:0 0 1em 0;}#yui-main .yui-b{float:none;width:auto;}.yui-gb .yui-u,.yui-g .yui-gb .yui-u,.yui-gb .yui-g,.yui-gb .yui-gb,.yui-gb .yui-gc,.yui-gb .yui-gd,.yui-gb .yui-ge,.yui-gb .yui-gf,.yui-gc .yui-u,.yui-gc .yui-g,.yui-gd .yui-u{float:left;}.yui-g .yui-u,.yui-g .yui-g,.yui-g .yui-gb,.yui-g .yui-gc,.yui-g .yui-gd,.yui-g .yui-ge,.yui-g .yui-gf,.yui-gc .yui-u,.yui-gd .yui-g,.yui-g .yui-gc .yui-u,.yui-ge .yui-u,.yui-ge .yui-g,.yui-gf .yui-g,.yui-gf .yui-u{float:right;}.yui-g div.first,.yui-gb div.first,.yui-gc div.first,.yui-gd div.first,.yui-ge div.first,.yui-gf div.first,.yui-g .yui-gc div.first,.yui-g .yui-ge div.first,.yui-gc div.first div.first{float:left;}.yui-g .yui-u,.yui-g .yui-g,.yui-g .yui-gb,.yui-g .yui-gc,.yui-g .yui-gd,.yui-g .yui-ge,.yui-g .yui-gf{width:49.1%;}.yui-gb .yui-u,.yui-g .yui-gb .yui-u,.yui-gb .yui-g,.yui-gb .yui-gb,.yui-gb .yui-gc,.yui-gb .yui-gd,.yui-gb .yui-ge,.yui-gb .yui-gf,.yui-gc .yui-u,.yui-gc .yui-g,.yui-gd .yui-u{width:32%;margin-left:1.99%;}.yui-gb .yui-u{*margin-left:1.9%;*width:31.9%;}.yui-gc div.first,.yui-gd .yui-u{width:66%;}.yui-gd div.first{width:32%;}.yui-ge div.first,.yui-gf .yui-u{width:74.2%;}.yui-ge .yui-u,.yui-gf div.first{width:24%;}.yui-g .yui-gb div.first,.yui-gb div.first,.yui-gc div.first,.yui-gd div.first{margin-left:0;}.yui-g .yui-g .yui-u,.yui-gb .yui-g .yui-u,.yui-gc .yui-g .yui-u,.yui-gd .yui-g .yui-u,.yui-ge .yui-g .yui-u,.yui-gf .yui-g .yui-u{width:49%;*width:48.1%;*margin-left:0;}.yui-g .yui-g .yui-u{width:48.1%;}.yui-g .yui-gb div.first,.yui-gb .yui-gb div.first{*margin-right:0;*width:32%;_width:31.7%;}.yui-g .yui-gc div.first,.yui-gd .yui-g{width:66%;}.yui-gb .yui-g div.first{*margin-right:4%;_margin-right:1.3%;}.yui-gb .yui-gc div.first,.yui-gb .yui-gd div.first{*margin-right:0;}.yui-gb .yui-gb .yui-u,.yui-gb .yui-gc .yui-u{*margin-left:1.8%;_margin-left:4%;}.yui-g .yui-gb .yui-u{_margin-left:1.0%;}.yui-gb .yui-gd .yui-u{*width:66%;_width:61.2%;}.yui-gb .yui-gd div.first{*width:31%;_width:29.5%;}.yui-g .yui-gc .yui-u,.yui-gb .yui-gc .yui-u{width:32%;_float:right;margin-right:0;_margin-left:0;}.yui-gb .yui-gc div.first{width:66%;*float:left;*margin-left:0;}.yui-gb .yui-ge .yui-u,.yui-gb .yui-gf .yui-u{margin:0;}.yui-gb .yui-gb .yui-u{_margin-left:.7%;}.yui-gb .yui-g div.first,.yui-gb .yui-gb div.first{*margin-left:0;}.yui-gc .yui-g .yui-u,.yui-gd .yui-g .yui-u{*width:48.1%;*margin-left:0;}.yui-gb .yui-gd div.first{width:32%;}.yui-g .yui-gd div.first{_width:29.9%;}.yui-ge .yui-g{width:24%;}.yui-gf .yui-g{width:74.2%;}.yui-gb .yui-ge div.yui-u,.yui-gb .yui-gf div.yui-u{float:right;}.yui-gb .yui-ge div.first,.yui-gb .yui-gf div.first{float:left;}.yui-gb .yui-ge .yui-u,.yui-gb .yui-gf div.first{*width:24%;_width:20%;}.yui-gb .yui-ge div.first,.yui-gb .yui-gf .yui-u{*width:73.5%;_width:65.5%;}.yui-ge div.first .yui-gd .yui-u{width:65%;}.yui-ge div.first .yui-gd div.first{width:32%;}#hd:after,#bd:after,#ft:after,.yui-g:after,.yui-gb:after,.yui-gc:after,.yui-gd:after,.yui-ge:after,.yui-gf:after{content:".";display:block;height:0;clear:both;visibility:hidden;}#hd,#bd,#ft,.yui-g,.yui-gb,.yui-gc,.yui-gd,.yui-ge,.yui-gf{zoom:1;}/* +Copyright (c) 2009, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.net/yui/license.txt +version: 2.7.0 +*/ +body{margin:10px;}h1{font-size:138.5%;}h2{font-size:123.1%;}h3{font-size:108%;}h1,h2,h3{margin:1em 0;}h1,h2,h3,h4,h5,h6,strong,dt{font-weight:bold;}optgroup{font-weight:normal;}abbr,acronym{border-bottom:1px dotted #000;cursor:help;}em{font-style:italic;}del{text-decoration:line-through;}blockquote,ul,ol,dl{margin:1em;}ol,ul,dl{margin-left:2em;}ol li{list-style:decimal outside;}ul li{list-style:disc outside;}dl dd{margin-left:1em;}th,td{border:1px solid #000;padding:.5em;}th{font-weight:bold;text-align:center;}caption{margin-bottom:.5em;text-align:center;}sup{vertical-align:super;}sub{vertical-align:sub;}p,fieldset,table,pre{margin-bottom:1em;}button,input[type="checkbox"],input[type="radio"],input[type="reset"],input[type="submit"]{padding:1px;} diff --git a/www/css/layout.css b/www/css/layout.css new file mode 100644 index 0000000000..3a0bdebe33 --- /dev/null +++ b/www/css/layout.css @@ -0,0 +1,548 @@ + +/* +layout.css -- css stylesheet used on www.gnu.org + +Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. +*/ + +/* NOTE: Changes to this file will affect the entire site, often in +unexpected ways. Please mail patches to www-discuss@gnu.org rather +than commit changes directly. */ + +html, body{ + padding: 0; + margin: 0; + background-color: #fff; + color: #35382a; + text-align: inherit; + font-size: 100%; +} + +a[href] { color: blue } +a[href]:visited { color: purple } +a[href]:active, a[href]:hover { color: red } + +/* For the note saying the page is a translation. */ +.trans-disclaimer { + text-align: center; + font-weight: bold; + text-decoration: underline; +} + +/* For outdated translations */ +#outdated { + margin-top: 0.5em ; + margin-bottom: 0.5em ; + padding: 0.5em; + border:2px solid red; + background: #FFFFCC; +} +#outdated p { margin: 0.2em; } +/* In the out-of-date notice, we use <br> elements to separate + translatable texts from automatically generated items. */ +#outdated br { display: none } + +/* the urgent div should be enabled when we have something urgent to +appear on every page - these typically come from johns, peterb or rms +at the fsf */ + +#urgent{ + +background-color:#ff3; +line-height: 3em; +font-size: 0.9em; +text-align: center; +border-bottom: 5px solid #333; + } + +#urgent a, #urgent a:visited{ +color: blue; text-decoration: underline !important; +} + +#urgent a:hover{ background-color: red; } + + #wrapper{ + margin: 0; + background-color: transparent; + padding: 0em; + position: relative; + } + +a:hover{ color: red; } + +/* This specifies the basic width of our web pages. Don't change it + without discussion on www-discuss. The magic 74.92 is for + consistency with fsf.org. */ +.inner { margin: auto; width: 99%; max-width:74.92em; } + +#logo{background:url(/graphics/topbanner.png) no-repeat;border:0;float: left;margin:0em;padding:0;} +#logo:lang(ar) {background:url(/graphics/topbanner.ar.png) no-repeat; float: right;} + +#logo a { display:block;text-decoration:none;overflow:hidden;border:0;margin:0;padding:0;padding-top:101px;height:0px !important;width:550px;cursor:pointer;} + +#fsf-logo{ position: absolute; top: 0; right: 25px; } + +#links{ display: none !important; } + +#links{ position: absolute; top: 5px; right: 1em; border-left: 1px + solid #333; padding-left: 1em;height: 90px; overflow: hidden; } + +#links ul{ padding-left: 1em; padding-top: 1em; } + +#links li { line-height: 1.6em; font-size: 0.9em; } + +#content { background-color: #fff; padding-bottom: 1.8em; margin-top: 0.5em; text-align: left; } + +#header { background-color: #fff; text-align: left; } + +#content .home { margin-bottom: 10px; } + +#content:lang(ar), #content:lang(fa), #searcher:lang(he) {text-align: right;} + +#navigation{ background-color: #bd0000; border-bottom: 5px solid #333; clear: both; } + +#navigation:after{ clear: both; content: ""; display: block; height: 0px; visibility: hidden; width: 0px; } + +#navigation ul{font-size: 0.8em; margin: 1.1em auto; padding-top: 1.1em } + +#navigation li{display: inline; } + +#navigation li a {color: white; text-decoration: none; font-weight: bold; padding: .9em;} + +#navigation li a:hover{ background-color: maroon; color: yellow; } + +#joinfsftab a{color: yellow !important} + +#content h2 { + background-color: transparent; color: #520000; font-size: 2em; + margin-bottom: 0.3em; font-weight:bold; text-align: center; margin: 0; margin-bottom: 12px; } + +#content h3, #content h4, #content h5, #content h6 {line-height: 1.5em;} + +#content h3{ font-size: 1.6em; } + +#content h4{ font-size: 1.3em; } + +#content h5{ font-size: 1.1em; } + +#content h6{ font-size: 1em; } + +.caption{ color: #3465a4; font-size: 1.5em !important; margin:0; } + +.netscape4{ + display: none !important; + height: 0; +} + +#translations{ background-color: #fff; + padding: 0; line-height: 1.6em; color: #000; } + +#translations h3, #translations h4{ font-size: 1em; font-weight: bold; margin-bottom: 0.5em; padding: 0; } + +#translations li { direction: ltr; display: inline-block; + padding-left: 0.25em; padding-right: 0.25em; } + +/* Highlight the link to the original page */ +#translations li:first-child { font-size: 1.1em; font-weight: bold; } +#translations li:first-child a { color: #008 !important; } + +#translations a{ color: blue !important; } + +#footer { background-color: #fff; border-top: 5px solid #444; padding:1em; color: #000; margin-top: 1em; } + +#footer a{ color: blue; } + +#footer p{ margin-bottom: 0.7em; } + +#footer, #translations { font-size: 0.9em; } + +.announcement{ font-size: 1.1em; font-weight: bold; padding-left: 1em; margin-left: 1em; border-left: 1em solid #eee; margin-bottom: 1em; } + +img{ border: 0; } + +#rms-image{ +width: 200px; +height: 219px; +float: right; +margin-left: 1em; margin-bottom: 1em; +border: 1px solid #ddd; +background-image: url('/graphics/rms2005chrys.jpg'); +} + +.lyrics{background-color: #eee; font-style: italic; width: 25em; padding: 2em; border: 2px solid #e5e5e5; margin-left: 2em;} + + #gplv3-dogear{ + position: absolute; + top: -1px; + left: -1px; + } + + #gplv3-dogear h3{margin: 0;} + + #gplv3-dogear a{ + background-image: url('/graphics/dogear.png'); + border: 0; + display: block; + text-decoration: none; + overflow: hidden; + height: 0px !important; + width: 64px; + padding: 0; + padding-top: 64px; + cursor: pointer; + + } + +.nocenter{ text-align: left; } + +#print-this-article p{ text-align: center; } + +#content ul, #fsf-campaigns ul{ list-style: square; margin-left: 1.4em; } + +#content ol{ list-style: decimal; margin-left: 1.9em; } + +#content li, #fsf-campaigns li, #content dd, #content p, #content pre, #content dt, #content code, #content address{ + line-height: 1.3em; } + +address{ margin-bottom: 1em; } + +/* separate the "term" from subsequent "description" */ +dt { margin-bottom: 1em; } +/* separate the "description" from subsequent list item + when the final <dd> child is an anonymous box */ +dd { margin-bottom: 2em; } +/* separate anonymous box (used to be the first element in <dd>) + from subsequent <p> */ +dd p { margin-top: 1em; } + +#bottom-links{ background-color: #fff; font-size: 0.8em;} + +#bottom-links li{ display: inline; margin-right: 1em; line-height: 2em; } + +#backtotop{ padding-bottom: 1em; background-color: #fff; } + +#backtotop p{ text-align: right; } + +blockquote{ margin: 1em; font-style: italic; } + +#toplinks{font-size: 80%; padding: 4px; z-index: 999; top: 0; left: 0; } + +#toplinks a{ font-weight: bold; color: #888; } + +#toplinks a:hover, #toplinks a:active{color: blue;} + +.center{ text-align:center; } + +.big{ font-size: 130%; padding-top: 0.7em; } + +.inline-list li { display: inline } + +#searcher{ float: right; margin-right: 1em; line-height: 3em; color: white; text-transform: uppercase; font-weight: bold; background-color: maroon; padding-left: 1em; padding-right: 1em;} + +#searcher:lang(ar), #searcher:lang(fa), #searcher:lang(he) {float: left;} + +#searcher, #searcher input{ font-size: 0.8em; } + +.highlight, .highlight-para{background-color: #ff6;} + +#takeactionhomepage{ + + background-color: #fdb144; + color: black; + margin-bottom: 0.5em; + font-size: 90%; + padding: 1em; +} + +#takeactionhomepage h1{text-align: center !important; border: 0 !important; color: black; font-size: 2em !important; padding-top: 0.2em;} + +#takeactionhomepage ul{list-style: none !important; text-align: center; margin: 0 !important; padding: 0 !important; } + +#takeactionhomepage li{line-height: 1.3em; list-style: none !important;} + +#fssbox {text-align: center; float: right; font-size: 80%;} +#fssbox:lang(ar) {float: left;} + +#fssbox p{ margin-bottom: 0px;} + +#content h2 a{color: yellow !important;} + +acronym, abbr {border-bottom: 1px dotted #111;} + +.pad {margin-bottom: 1em;} + +.layout-table * { border: 0; } + +#fpnav ul{list-style: none; margin: 0 !important; padding: 0 !important;} + +#fpnav li{display: block; text-align: left; margin-right: 1em; font-size: 0.9em;} + +#fpnav li a{display: block; padding-top: 6px; padding-bottom: 6px;} + +#fpnav li a:hover{text-decoration: none; background-color: yellow;} + +.pad td{padding-left: 1em; padding-right: 1em;} + +.imgright{ float: right; margin: 12px; } + +.imgleft { float: left; margin: 12px; } + +.c { text-align: center; } + +.listing, +.stx table { + /* The default table for document listings. Contains name, document types, modification times etc in a file-browser-like fashion */ + border-collapse: collapse; + border-left: 1px solid #666666; + border-bottom: 1px solid #666666; + margin: 1em 0em 1em 0em; +} +.listing th, +.stx table th { + background: #d40; + color: white; + font-weight: bold !important; + border-top: 1px solid #666666; + border-bottom: 1px solid #666666; + border-right: 1px solid #666666; + font-weight: normal; + padding: 1em; +} + +.listing td a { display: block; } + +.listing .top { + border-top: 1px solid #666666; + text-align: right ! important; + padding: 0em 0em 1em 0em; +} +.listing .odd { + /*every second line should be shaded */ + background-color: transparent; +} +.listing .even { + background-color: #ededed; +} +.listing .listingCheckbox { + text-align: center; +} +.listing td, +.stx table td { + border-right: 1px solid #666666; + padding: 1em; + text-align: center; + line-height: 1.3em +} +.listing a:hover { + text-decoration: underline; +} +.listing img { + vertical-align: middle; +} + +.listing { width: 100%; } + +#fsf-links { margin: 1em auto; border: 1px solid #ccc; padding: 5px; } + +#fsf-links li a{ color: #555; text-decoration: none; } + +#fsf-links ul li { + list-style: none; + padding: 0.3em 0.7em; + font-weight: bold; + display: inline-block; +} + +#fsf-links li{ font-size: 13px } + +#fsf-links li a:hover{ color: #0063DC; } + +#fsf-links ul { padding: 0; margin: 0; text-align: center; } + +.button { border: 3px solid #999; + border-left-color: #ccc; + border-top-color: #ccc; + font-weight: bold; + margin-bottom: 10px; + -moz-border-radius: 0.4em; + -khtml-border-radius: 0.4em; + } + +.button a{ display: block; text-decoration: none; color: #333; padding: 0.25em;} + +.button a:hover{ color: red;} + +.large { font-size: 36px; background-color: #aacb50; } + +.small { font-size: 22px; background-color: #89b1bd; } + +.emph-box { background-color: #ececec; border: 0px solid #ccc; padding: 12px; } +.emph-box:target { background-color: #ff8; } + +.emph-box p { font-size: 0.9em } + +.emph-box h4 { text-align: center; font-size: 28px !important; margin-bottom: 12px;} + +#windows7sins { width: 310px; text-align: center; float: right; margin: 12px; } + +.highlight-para { padding: 1em; } + +/* This is used in pages of lists, such as gnu-linux.faq.html, + to give readers a hint that they can link directly to a given item. + We make it less obtrusive than the item heading it follows. */ +.anchor-reference-id { font-size: 70%; font-weight: normal; } + +/* emacs-page */ +/* Items specific to education */ + +/* definitions for /education-specific navigation bar */ +ul#edu-navigation { + text-align: center; + /* the selected colors are the same as for h2 */ + background-color: #3465a4; + color: white; + /* right and left extents should be the same as for h2; + the top separation is determined via h2 margin-bottom */ + margin: 0; + margin-bottom: 1.7em; +} + +#edu-navigation li { + display: inline; + list-style-type: none; +} + +#edu-navigation li a { + /* font size and padding are set to make the navigation bar + remain a single line when window is 921 pixels or wider */ + font-size: 12.8px; + padding: 0 10px; + display: inline-block; + background-color: #3465a4; + color: white; + text-decoration: none; + font-weight: bold; +} + +#edu-navigation li a:hover, #edu-navigation li.active a { + background-color: #006; + color: yellow; +} + +/* let edu-navigation bar approach closer to h2 */ +div#education-content h2 { margin-bottom: 1px; } + +/* breadcrumb for /education */ +p.edu-breadcrumb { + line-height: 150% !important; + padding-left: 10px; +} + +/* styles for subsections of /education "Case Studies" */ + +div.edu-cases { + border-top: 5px ridge #3465a4; + border-bottom: 5px ridge #3465a4; + margin-right: 4em; + margin-left: 4em; + margin-bottom: 1em; +} + +/* make h3 for edu-cases look like h4 for other pages */ +div.edu-cases h3 { + font-size: 1.3em !important; + margin: 0; +} + +div.edu-cases ul, div.edu-cases ol { + padding-left: 3em; + margin-right: 3em; +} + +/* End items specific to education */ + +/* GnuTLS tables */ +table.transparent { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: white; +} +table.transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.transparent td { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.news-transparent { + border-width: 3px; + border-spacing: 5px; + border-style: none; + border-color: #ccbcbc; + border-collapse: separate; + background-color: transparent; +} +table.news-transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: transparent; + -moz-border-radius: ; +} +table.news-transparent td { + border-width: 1px; + padding: 3px; + border-style: solid; + border-color: #e0d7d7; + background-color: transparent; + -moz-border-radius: ; +} +table.news { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: #e5e5e5; +} +table.news th { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: #ccbcbc; + -moz-border-radius: ; +} +table.news td { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: #e0d7d7; + -moz-border-radius: ; +} diff --git a/www/css/layout.cwml b/www/css/layout.cwml new file mode 100644 index 0000000000..a4591ee83e --- /dev/null +++ b/www/css/layout.cwml @@ -0,0 +1,549 @@ +<protect> +/* +layout.css -- css stylesheet used on www.gnu.org + +Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. +*/ + +/* NOTE: Changes to this file will affect the entire site, often in +unexpected ways. Please mail patches to www-discuss@gnu.org rather +than commit changes directly. */ + +html, body{ + padding: 0; + margin: 0; + background-color: #fff; + color: #35382a; + text-align: inherit; + font-size: 100%; +} + +a[href] { color: blue } +a[href]:visited { color: purple } +a[href]:active, a[href]:hover { color: red } + +/* For the note saying the page is a translation. */ +.trans-disclaimer { + text-align: center; + font-weight: bold; + text-decoration: underline; +} + +/* For outdated translations */ +#outdated { + margin-top: 0.5em ; + margin-bottom: 0.5em ; + padding: 0.5em; + border:2px solid red; + background: #FFFFCC; +} +#outdated p { margin: 0.2em; } +/* In the out-of-date notice, we use <br> elements to separate + translatable texts from automatically generated items. */ +#outdated br { display: none } + +/* the urgent div should be enabled when we have something urgent to +appear on every page - these typically come from johns, peterb or rms +at the fsf */ + +#urgent{ + +background-color:#ff3; +line-height: 3em; +font-size: 0.9em; +text-align: center; +border-bottom: 5px solid #333; + } + +#urgent a, #urgent a:visited{ +color: blue; text-decoration: underline !important; +} + +#urgent a:hover{ background-color: red; } + + #wrapper{ + margin: 0; + background-color: transparent; + padding: 0em; + position: relative; + } + +a:hover{ color: red; } + +/* This specifies the basic width of our web pages. Don't change it + without discussion on www-discuss. The magic 74.92 is for + consistency with fsf.org. */ +.inner { margin: auto; width: 99%; max-width:74.92em; } + +#logo{background:url(/graphics/topbanner.png) no-repeat;border:0;float: left;margin:0em;padding:0;} +#logo:lang(ar) {background:url(/graphics/topbanner.ar.png) no-repeat; float: right;} + +#logo a { display:block;text-decoration:none;overflow:hidden;border:0;margin:0;padding:0;padding-top:101px;height:0px !important;width:550px;cursor:pointer;} + +#fsf-logo{ position: absolute; top: 0; right: 25px; } + +#links{ display: none !important; } + +#links{ position: absolute; top: 5px; right: 1em; border-left: 1px + solid #333; padding-left: 1em;height: 90px; overflow: hidden; } + +#links ul{ padding-left: 1em; padding-top: 1em; } + +#links li { line-height: 1.6em; font-size: 0.9em; } + +#content { background-color: #fff; padding-bottom: 1.8em; margin-top: 0.5em; text-align: left; } + +#header { background-color: #fff; text-align: left; } + +#content .home { margin-bottom: 10px; } + +#content:lang(ar), #content:lang(fa), #searcher:lang(he) {text-align: right;} + +#navigation{ background-color: #bd0000; border-bottom: 5px solid #333; clear: both; } + +#navigation:after{ clear: both; content: ""; display: block; height: 0px; visibility: hidden; width: 0px; } + +#navigation ul{font-size: 0.8em; margin: 1.1em auto; padding-top: 1.1em } + +#navigation li{display: inline; } + +#navigation li a {color: white; text-decoration: none; font-weight: bold; padding: .9em;} + +#navigation li a:hover{ background-color: maroon; color: yellow; } + +#joinfsftab a{color: yellow !important} + +#content h2 { + background-color: transparent; color: #520000; font-size: 2em; + margin-bottom: 0.3em; font-weight:bold; text-align: center; margin: 0; margin-bottom: 12px; } + +#content h3, #content h4, #content h5, #content h6 {line-height: 1.5em;} + +#content h3{ font-size: 1.6em; } + +#content h4{ font-size: 1.3em; } + +#content h5{ font-size: 1.1em; } + +#content h6{ font-size: 1em; } + +.caption{ color: #3465a4; font-size: 1.5em !important; margin:0; } + +.netscape4{ + display: none !important; + height: 0; +} + +#translations{ background-color: #fff; + padding: 0; line-height: 1.6em; color: #000; } + +#translations h3, #translations h4{ font-size: 1em; font-weight: bold; margin-bottom: 0.5em; padding: 0; } + +#translations li { direction: ltr; display: inline-block; + padding-left: 0.25em; padding-right: 0.25em; } + +/* Highlight the link to the original page */ +#translations li:first-child { font-size: 1.1em; font-weight: bold; } +#translations li:first-child a { color: #008 !important; } + +#translations a{ color: blue !important; } + +#footer { background-color: #fff; border-top: 5px solid #444; padding:1em; color: #000; margin-top: 1em; } + +#footer a{ color: blue; } + +#footer p{ margin-bottom: 0.7em; } + +#footer, #translations { font-size: 0.9em; } + +.announcement{ font-size: 1.1em; font-weight: bold; padding-left: 1em; margin-left: 1em; border-left: 1em solid #eee; margin-bottom: 1em; } + +img{ border: 0; } + +#rms-image{ +width: 200px; +height: 219px; +float: right; +margin-left: 1em; margin-bottom: 1em; +border: 1px solid #ddd; +background-image: url('/graphics/rms2005chrys.jpg'); +} + +.lyrics{background-color: #eee; font-style: italic; width: 25em; padding: 2em; border: 2px solid #e5e5e5; margin-left: 2em;} + + #gplv3-dogear{ + position: absolute; + top: -1px; + left: -1px; + } + + #gplv3-dogear h3{margin: 0;} + + #gplv3-dogear a{ + background-image: url('/graphics/dogear.png'); + border: 0; + display: block; + text-decoration: none; + overflow: hidden; + height: 0px !important; + width: 64px; + padding: 0; + padding-top: 64px; + cursor: pointer; + + } + +.nocenter{ text-align: left; } + +#print-this-article p{ text-align: center; } + +#content ul, #fsf-campaigns ul{ list-style: square; margin-left: 1.4em; } + +#content ol{ list-style: decimal; margin-left: 1.9em; } + +#content li, #fsf-campaigns li, #content dd, #content p, #content pre, #content dt, #content code, #content address{ + line-height: 1.3em; } + +address{ margin-bottom: 1em; } + +/* separate the "term" from subsequent "description" */ +dt { margin-bottom: 1em; } +/* separate the "description" from subsequent list item + when the final <dd> child is an anonymous box */ +dd { margin-bottom: 2em; } +/* separate anonymous box (used to be the first element in <dd>) + from subsequent <p> */ +dd p { margin-top: 1em; } + +#bottom-links{ background-color: #fff; font-size: 0.8em;} + +#bottom-links li{ display: inline; margin-right: 1em; line-height: 2em; } + +#backtotop{ padding-bottom: 1em; background-color: #fff; } + +#backtotop p{ text-align: right; } + +blockquote{ margin: 1em; font-style: italic; } + +#toplinks{font-size: 80%; padding: 4px; z-index: 999; top: 0; left: 0; } + +#toplinks a{ font-weight: bold; color: #888; } + +#toplinks a:hover, #toplinks a:active{color: blue;} + +.center{ text-align:center; } + +.big{ font-size: 130%; padding-top: 0.7em; } + +.inline-list li { display: inline } + +#searcher{ float: right; margin-right: 1em; line-height: 3em; color: white; text-transform: uppercase; font-weight: bold; background-color: maroon; padding-left: 1em; padding-right: 1em;} + +#searcher:lang(ar), #searcher:lang(fa), #searcher:lang(he) {float: left;} + +#searcher, #searcher input{ font-size: 0.8em; } + +.highlight, .highlight-para{background-color: #ff6;} + +#takeactionhomepage{ + + background-color: #fdb144; + color: black; + margin-bottom: 0.5em; + font-size: 90%; + padding: 1em; +} + +#takeactionhomepage h1{text-align: center !important; border: 0 !important; color: black; font-size: 2em !important; padding-top: 0.2em;} + +#takeactionhomepage ul{list-style: none !important; text-align: center; margin: 0 !important; padding: 0 !important; } + +#takeactionhomepage li{line-height: 1.3em; list-style: none !important;} + +#fssbox {text-align: center; float: right; font-size: 80%;} +#fssbox:lang(ar) {float: left;} + +#fssbox p{ margin-bottom: 0px;} + +#content h2 a{color: yellow !important;} + +acronym, abbr {border-bottom: 1px dotted #111;} + +.pad {margin-bottom: 1em;} + +.layout-table * { border: 0; } + +#fpnav ul{list-style: none; margin: 0 !important; padding: 0 !important;} + +#fpnav li{display: block; text-align: left; margin-right: 1em; font-size: 0.9em;} + +#fpnav li a{display: block; padding-top: 6px; padding-bottom: 6px;} + +#fpnav li a:hover{text-decoration: none; background-color: yellow;} + +.pad td{padding-left: 1em; padding-right: 1em;} + +.imgright{ float: right; margin: 12px; } + +.imgleft { float: left; margin: 12px; } + +.c { text-align: center; } + +.listing, +.stx table { + /* The default table for document listings. Contains name, document types, modification times etc in a file-browser-like fashion */ + border-collapse: collapse; + border-left: 1px solid #666666; + border-bottom: 1px solid #666666; + margin: 1em 0em 1em 0em; +} +.listing th, +.stx table th { + background: #d40; + color: white; + font-weight: bold !important; + border-top: 1px solid #666666; + border-bottom: 1px solid #666666; + border-right: 1px solid #666666; + font-weight: normal; + padding: 1em; +} + +.listing td a { display: block; } + +.listing .top { + border-top: 1px solid #666666; + text-align: right ! important; + padding: 0em 0em 1em 0em; +} +.listing .odd { + /*every second line should be shaded */ + background-color: transparent; +} +.listing .even { + background-color: #ededed; +} +.listing .listingCheckbox { + text-align: center; +} +.listing td, +.stx table td { + border-right: 1px solid #666666; + padding: 1em; + text-align: center; + line-height: 1.3em +} +.listing a:hover { + text-decoration: underline; +} +.listing img { + vertical-align: middle; +} + +.listing { width: 100%; } + +#fsf-links { margin: 1em auto; border: 1px solid #ccc; padding: 5px; } + +#fsf-links li a{ color: #555; text-decoration: none; } + +#fsf-links ul li { + list-style: none; + padding: 0.3em 0.7em; + font-weight: bold; + display: inline-block; +} + +#fsf-links li{ font-size: 13px } + +#fsf-links li a:hover{ color: #0063DC; } + +#fsf-links ul { padding: 0; margin: 0; text-align: center; } + +.button { border: 3px solid #999; + border-left-color: #ccc; + border-top-color: #ccc; + font-weight: bold; + margin-bottom: 10px; + -moz-border-radius: 0.4em; + -khtml-border-radius: 0.4em; + } + +.button a{ display: block; text-decoration: none; color: #333; padding: 0.25em;} + +.button a:hover{ color: red;} + +.large { font-size: 36px; background-color: #aacb50; } + +.small { font-size: 22px; background-color: #89b1bd; } + +.emph-box { background-color: #ececec; border: 0px solid #ccc; padding: 12px; } +.emph-box:target { background-color: #ff8; } + +.emph-box p { font-size: 0.9em } + +.emph-box h4 { text-align: center; font-size: 28px !important; margin-bottom: 12px;} + +#windows7sins { width: 310px; text-align: center; float: right; margin: 12px; } + +.highlight-para { padding: 1em; } + +/* This is used in pages of lists, such as gnu-linux.faq.html, + to give readers a hint that they can link directly to a given item. + We make it less obtrusive than the item heading it follows. */ +.anchor-reference-id { font-size: 70%; font-weight: normal; } + +/* emacs-page */ +/* Items specific to education */ + +/* definitions for /education-specific navigation bar */ +ul#edu-navigation { + text-align: center; + /* the selected colors are the same as for h2 */ + background-color: #3465a4; + color: white; + /* right and left extents should be the same as for h2; + the top separation is determined via h2 margin-bottom */ + margin: 0; + margin-bottom: 1.7em; +} + +#edu-navigation li { + display: inline; + list-style-type: none; +} + +#edu-navigation li a { + /* font size and padding are set to make the navigation bar + remain a single line when window is 921 pixels or wider */ + font-size: 12.8px; + padding: 0 10px; + display: inline-block; + background-color: #3465a4; + color: white; + text-decoration: none; + font-weight: bold; +} + +#edu-navigation li a:hover, #edu-navigation li.active a { + background-color: #006; + color: yellow; +} + +/* let edu-navigation bar approach closer to h2 */ +div#education-content h2 { margin-bottom: 1px; } + +/* breadcrumb for /education */ +p.edu-breadcrumb { + line-height: 150% !important; + padding-left: 10px; +} + +/* styles for subsections of /education "Case Studies" */ + +div.edu-cases { + border-top: 5px ridge #3465a4; + border-bottom: 5px ridge #3465a4; + margin-right: 4em; + margin-left: 4em; + margin-bottom: 1em; +} + +/* make h3 for edu-cases look like h4 for other pages */ +div.edu-cases h3 { + font-size: 1.3em !important; + margin: 0; +} + +div.edu-cases ul, div.edu-cases ol { + padding-left: 3em; + margin-right: 3em; +} + +/* End items specific to education */ +</protect> + +/* GnuTLS tables */ +table.transparent { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: white; +} +table.transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.transparent td { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: white; + -moz-border-radius: ; +} +table.news-transparent { + border-width: 3px; + border-spacing: 5px; + border-style: none; + border-color: $(TABLE_HDCOLOR); + border-collapse: separate; + background-color: transparent; +} +table.news-transparent th { + border-width: 0px; + padding: 1px; + border-style: inset; + border-color: gray; + background-color: transparent; + -moz-border-radius: ; +} +table.news-transparent td { + border-width: 1px; + padding: 3px; + border-style: solid; + border-color: $(TABLE_BGCOLOR2); + background-color: transparent; + -moz-border-radius: ; +} +table.news { + border-width: 0px; + border-spacing: 2px; + border-style: none; + border-color: white; + border-collapse: separate; + background-color: $(TABLE_BGCOLOR); +} +table.news th { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: $(TABLE_HDCOLOR); + -moz-border-radius: ; +} +table.news td { + border-width: 0px; + padding:10px 5px; + border-style: inset; + border-color: gray; + background-color: $(TABLE_BGCOLOR2); + -moz-border-radius: ; +} diff --git a/www/css/mini.css b/www/css/mini.css new file mode 100644 index 0000000000..ccf254ae22 --- /dev/null +++ b/www/css/mini.css @@ -0,0 +1,12 @@ +/* Please do not edit this file. Instead, see +http://developer.yahoo.com/yui/2/ for future releases of YUI version 2 +*/ + +/* +Copyright (c) 2009, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.net/yui/license.txt +version: 2.8.0r4 +*/ +html{color:#000;background:#FFF;}body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,code,form,fieldset,legend,input,button,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,caption,cite,code,dfn,em,strong,th,var,optgroup{font-style:inherit;font-weight:inherit;}del,ins{text-decoration:none;}li{list-style:none;}caption,th{text-align:left;}h1,h2,h3,h4,h5,h6{font-size:100%;font-weight:normal;}q:before,q:after{content:'';}abbr,acronym{border:0;font-variant:normal;}sup{vertical-align:baseline;}sub{vertical-align:baseline;}legend{color:#000;}input,button,textarea,select,optgroup,option{font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;}input,button,textarea,select{*font-size:100%;} +body{margin:10px;}h1{font-size:138.5%;}h2{font-size:123.1%;}h3{font-size:108%;}h1,h2,h3{margin:1em 0;}h1,h2,h3,h4,h5,h6,strong,dt{font-weight:bold;}optgroup{font-weight:normal;}abbr,acronym{border-bottom:1px dotted #000;cursor:help;}em{font-style:italic;}del{text-decoration:line-through;}blockquote,ul,ol,dl{margin:1em;}ol,ul,dl{margin-left:2em;}ol li{list-style:decimal outside;}ul li{list-style:disc outside;}dl dd{margin-left:1em;}th,td{border:1px solid #000;padding:.5em;}th{font-weight:bold;text-align:center;}caption{margin-bottom:.5em;text-align:center;}sup{vertical-align:super;}sub{vertical-align:sub;}p,fieldset,table,pre{margin-bottom:1em;}button,input[type="checkbox"],input[type="radio"],input[type="reset"],input[type="submit"]{padding:1px;} diff --git a/www/css/print.css b/www/css/print.css new file mode 100644 index 0000000000..5b0252e8d2 --- /dev/null +++ b/www/css/print.css @@ -0,0 +1,79 @@ +/* +print.css -- css stylesheet used on www.gnu.org + +Copyright (C) 2006, 2007 Free Software Foundation + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +*/ +#header, #navigation, #links, #toplinks, .netscape4, #fsf-links, +#backtotop, #translations, #searcher, #footer, #mission-statement, +#Disclaimer { display: none !important; } + + + +.inner{ width: 100%; } + +body { + font-family: Baskerville, Georgia, Garamond, Times, serif; + font-size: 11pt !important; + border: 0; +} + +h1, h2, h3, h4, h5, h6 +{ + border: none; + font-family: Baskerville, Georgia, Garamond, Times, serif; +} + +div, p, ul, dl, ol { + width: auto !important; +} + +ul, ol, dl { + padding-right: 0.5em; +} + +ul { + list-style-type: square; +} + + +.documentDescription { + font-weight: bold; +} + +pre { + border: 1pt dotted black; + white-space: pre; + font-size: 8pt; + overflow: auto; + padding: 1em 0; +} + +table.listing, +table.listing td { + border: 1pt solid black; + border-collapse: collapse; +} + +a { + color: Black !important; + padding: 0 !important; + text-decoration: none !important; +} + +a:link, a:visited { + color: #520; + background: transparent; +} diff --git a/www/devel.wml b/www/devel.wml new file mode 100644 index 0000000000..92be1d40a0 --- /dev/null +++ b/www/devel.wml @@ -0,0 +1,69 @@ +#include 'common.wml' page="Development" + +<h1>Reporting bugs</h1> +To report a bug, in addition to describing the issue, please: +<ul> +<li>Provide the version of the library the bug is present on (the oldest supported release is $(STABLE_OLD_VER).x), and try to detect the version the bug was introduced, e.g., using git-bisect.</li> +<li>Provide a way to reproduce the issue; e.g., a small program which reproduces it.</li> +<li>Use <a href="https://gitlab.com/gnutls/gnutls/issues">our issue tracker</a> +or the <a href="mailto:$(EMAIL)">bug report address</a> for non-public issues.</li> +</ul> +That would help us to address your issue. + +<h1>API and ABI</h1> +<p> +Our goal is to deliver a stable API and ABI for the library, but on certain +major releases we have decided to break the ABI in order to deprecate old APIs and avoid clutter. +To ensure API and ABI stability we rely on abi-compliance-checker and other +tools. +</p> + + +<h1>Development</h1> +<p>To follow development it is easier to subscribe <a href="support.html">on the mailing lists</a>; the <a href="https://gitlab.com/gnutls/gnutls/wikis/home">wiki pages</a> +may also contain information on new developments and plans. +To browse the source code a web interface exists at <a href="https://gitlab.com/gnutls/gnutls/">gitlab.com</a>. +If you want to build the latest GnuTLS code from the repository, use the following commands: +</p> +<table> +<tr><td><pre> +$ git clone https://gitlab.com/gnutls/gnutls.git +$ cd gnutls +$ git submodule update --init +$ make bootstrap # Will generate ./configure script +$ ./configure --enable-gcc-warnings --enable-gtk-doc --enable-gtk-doc-pdf +$ make +$ make check +</code></td></tr> +</table> + +<p>You will need several developer tools, which are listed in +<a href="https://gitlab.com/gnutls/gnutls/blob/master/README.md"> +README</a>. +</p> + +<p>If you wish to contribute, you may read more about +<a href="https://gitlab.com/gnutls/gnutls/blob/master/CONTRIBUTING.md"> +our coding style</a>. +Note that when contributing code that is not assigned to FSF, you will need to +assert that the contribution is in accordance to the <a href="https://gitlab.com/gnutls/gnutls/blob/master/doc/DCO.txt">Developer's +Certificate of Origin</a>. That can be done by sending a mail with your real name that contains +the DCO to the gnutls-devel mailing list. Then just make sure that your contributions (patches), +contain a "Signed-off-by" line, with your name and e-mail address. +</p> + + +<p>Some additional resources: +<ul> +<li><a href="https://gitlab.com/gnutls/gnutls/blob/master/NEWS">most recent NEWS</a></li> +<!-- <li><a href="http://hydra.nixos.org/jobset/gnu/gnutls-master">Continously Hydra builds</a></li>--> +</ul> + +<!-- +<p> +<script type="text/javascript" +src="http://www.ohloh.net/p/5718/widgets/project_basic_stats.js"></script> +</p> +--> + +#include 'bottom.wml' diff --git a/www/documentation.wml b/www/documentation.wml new file mode 100644 index 0000000000..297b556042 --- /dev/null +++ b/www/documentation.wml @@ -0,0 +1,57 @@ +#include 'common.wml' page="Documentation" + +<p>The GnuTLS manual for the latest stable version is available in many formats. +You can also get a hard copy of the manual +<a href="http://www.lulu.com/product/paperback/the-gnutls-manual/16364798">at lulu.com</a>. + +<!-- Here are quick links to popular formats:--> +</p> + +<p> +<table class="transparent" border=0 width=80%> +<tr> +<td> +<ul> + <li><a href="manual/gnutls.html">HTML</a> - entirely on one web page.</li> + <li><a href="manual/html_node/index.html">HTML</a> - with one web page per + node.</li> + <li><a href="manual/gnutls.pdf">PDF file</a>.</li> + <li><a href="manual/gnutls.epub">EPUB file</a>.</li> +</ul> +</td> +<td> +<a href="http://www.lulu.com/commerce/index.php?fBuyContent=10847678"><img src="http://static.lulu.com/images/services/buy_now_buttons/us/book.gif?20110726123424" border="0" alt="Support independent publishing: Buy this book on Lulu."></a> +</td> +</tr> +</table> +</p> + +<p>The manual for + the <a href="http://www.gnu.org/software/guile/guile.html">GNU Guile</a> + bindings of GnuTLS is available in the following formats: + + <ul> + <li><a href="manual/gnutls-guile.html">HTML</a> - entirely on one web page.</li> + <li><a href="manual/gnutls-guile/index.html">HTML</a> - with one web page per + node.</li> + <li><a href="manual/gnutls-guile.pdf">PDF file</a>.</li> + </ul> +</p> + +<p><i>The following formats are available but may be incomplete -- help is needed to maintain them</i>. +<ul> + <li><a href="reference/">GTK-DOC HTML</a>.</li> + <li><a href="reference/gnutls.devhelp2">GNOME Devhelp</a>.</li> +</ul> +</p> +<p> + + +<i>Other resources</i>. +<ul> + <li><a href="faq.html">Frequently asked questions</a></li> +</ul> +<p> + + +#include 'bottom.wml' diff --git a/www/download.wml b/www/download.wml new file mode 100644 index 0000000000..c83352422d --- /dev/null +++ b/www/download.wml @@ -0,0 +1,150 @@ +#include 'common.wml' page="Download" + +<p> +<center> + <table class="transparent" border=0 width=80%> + <tr><td> + Required libraries: + <ul> + <li><a href="http://www.lysator.liu.se/~nisse/nettle/">libnettle</a> crypto back-end</li> + <li><a href="http://gmplib.org/">gmplib</a> arithmetic library<sup><a href="#fn1" id="ref1">1</a></sup></li> + + </td><td> + Optional libraries: + <ul> + <li><a href="http://www.gnu.org/software/libtasn1/">libtasn1</a> ASN.1 parsing - a copy is included in GnuTLS</li> + <li><a href="http://p11-glue.freedesktop.org/p11-kit.html">p11-kit</a> for PKCS #11 support</li> + <li><a href="http://trousers.sourceforge.net/">trousers</a> for TPM support</li> + <li><a href="http://www.gnu.org/software/libidn/">libidn</a> for Internationalized Domain Names support</li> + <li><a href="http://unbound.net/">libunbound</a> for DNSSEC/DANE functionality</li> + <li><a href="http://www.zlib.net/">zlib</a> for compression</li> + </ul> + </td></tr> + </table> +</center> +</p> + +<perl> +sub print_ver { +my $name = $_[0]; +my $abi = $_[1]; +my $version = $_[2]; + +if ($version ne '') { +print " <tr> + <td>$name</td><td>${version}.x</td> + <td>$abi</td> + <td><a href=\"ftp://ftp.gnutls.org/gcrypt/gnutls/v${version}\"> + ftp://ftp.gnutls.org/gcrypt/gnutls/v${version}</a> (<a href=\"http://www.gnupg.org/download/mirrors.en.html\">mirror list</a>)</td> + </tr>\n" if ("${version}" ne ""); +} +return; +} + +</perl> + + +<p> + +<center> + +<h1>Downloading the GnuTLS library</h1> + + All the new releases are signed + with <a href="http://members.hellug.gr/nmav/pgpkeys.asc">Nikos'</a> + OpenPGP key. + +<table class="news" border=0 cellspacing=1 width=80%> + + <tr> + <th>Release</th> + <th>Version</th> + <th>ABI</th> + <th>Location</th> + </tr> + + +<:= &print_ver("Next stable<sup><a href=\"#fn2\" id=\"ref2\">2</a></sup>", "$(STABLE_NEXT_ABI)", "$(STABLE_NEXT_VER)") :> +<:= &print_ver("Current stable", "$(STABLE_ABI)", "$(STABLE_VER)") :> +<:= &print_ver("Previous stable", "$(STABLE_OLD_ABI)", "$(STABLE_OLD_VER)") :> + +</table> + +</p> + +<p> +<h1>GnuTLS for Windows</h1> + +<table class="news" border=0 cellspacing=1 width=80%> + + <tr> + <th>Description</th> + <th>Location</th> + </tr> + + <tr> + <td>Latest precompiled version</td> + <td> + <a href="ftp://ftp.gnutls.org/gcrypt/gnutls/w32/">ftp://ftp.gnutls.org/gcrypt/gnutls/w32/</a> + </td> + </tr> + +<!-- + <tr> + <td> + <a href="ftp://ftp.gnu.org/gnu/gnutls/w32/">ftp://ftp.gnu.org/gnu/gnutls/w32/</a> + </td> + <td>gnu.org FTP server, see <a href="http://www.gnu.org/prep/ftp.html"> + list of mirrors</a></td> + <td>USA</td> + <td><a href="http://www.fsf.org">FSF</a></td> + </tr> +--> + +</table> +</p> +<p> +<h1>GnuTLS in other languages than C</h1> + +<table class="news" border=0 cellspacing=1 width=80%> + + <tr> + <th>Language</th> + <th>Location</th> + </tr> + <tr> + <td>C++</td> + <td><a href="http://www.libcxx.org">LibCXX</a><br> + The GnuTLS distribution also includes a (limited) C++ interface. + </td> + </tr> + <tr> + <td>Python</td> + <td><a href="http://pypi.python.org/pypi/python-gnutls/">python-gnutls</a></td> + </tr> + <tr> + <td>PHP</td> + <td><a href="https://github.com/netaware/php5-gnutls">PHP5-gnutls</a></td> + </tr> + <tr> + <td>Guile (scheme)</td> + <td>Included in the GnuTLS distribution</td> + </tr> + +</table> +</center> +</p> + + +<p> +<sup id="fn1">1. Gmplib 6 is under LGPLv3 or GPLv2. <a href="ftp://ftp.gmplib.org/pub/gmp/gmp-4.2.1.tar.bz2">Older versions of gmplib</a> under LGPLv2 are also supported.</sup> +<br> +<sup id="fn2">2. Stable-next will be the next stable release; while it is believed to be sufficiently stable it is not as well tested as the stable branch.</sup> +</p> +<!-- <p> + Daily snapshots are available from + <a href="http://daily.josefsson.org/gnutls/"> + http://daily.josefsson.org/gnutls/</a>. +</p> --> + +#include 'bottom.wml' diff --git a/www/faq.wml b/www/faq.wml new file mode 100644 index 0000000000..424061322c --- /dev/null +++ b/www/faq.wml @@ -0,0 +1,91 @@ +#include 'common.wml' page="Frequently asked questions" + +<p>Answers to common questions follow. +</p> + +<div class="emph-box" id="prime-not-acceptable"> + <h1><a href="#prime-not-acceptable">The software I use outputs the following error: +"The Diffie-Hellman prime sent by the server is not acceptable (not long enough)" +and the connection is terminated.</a></h1> + <p><b>Answer:</b> +The server you have tried to connect negotiates Diffie-Hellman (DH) ciphersuites +but offers a small and insecure DH group. This means that any connection data +could be decrypted in weeks or even hours by a determined adversary. For that +reason GnuTLS will refuse to communicate such servers. To work around the issue disable Diffie-Hellman +ciphersuites on the client (by using "NORMAL:-DHE-RSA" as a priority string); +this will force connecting using the plain RSA ciphersuites, at the cost +of losing perfect forward secrecy. + </p> + <p> +Note that currently in the NORMAL priority string, the minimum acceptable +size of DH group is set to be at 1008 bits. This is a very low size for +today's threats but unfortunately there are many popular Internet servers +providing such a weak security level. To increase the security level use +the SECURE128 or better priority strings, at the risk of a failed connection +with an insecure server. To avoid this issue, newer versions of GnuTLS prioritize the elliptic +curve DH ciphersuites that have no such issues (since the curve is negotiated +as part of the handshake). +</p> +</div> + +<br> + +<div class="emph-box" id="key-usage-violation"> +<h1><a href="#key-usage-violation">"The software I use outputs the following error: +"Key usage violation in certificate has been detected." +and the connection is terminated.</a></h1> + +<p><b>Answer:</b> +The server you have tried to connect has its certificate marked for +encryption-only but the server uses it with a ciphersuite that requires signing (or vice-versa). This is +either due to an attack, or due to a serious server misconfiguration. +Contact the server administrator. <br/> +Because this misconfiguration problem is widespread, other TLS/SSL +implementations used by popular browsers tolerate the violation, and several +servers negotiate ciphersuites not allowed by the certificate, newer +versions of GnuTLS will also allow such key usage violations (and will only output a warning message). +</p> +</div> + +<br> + +<div class="emph-box" id="key-usage-violation2"> +<h1><a href="#key-usage-violation2">"The server software I use outputs the following error: +"Insufficient credentials for that request." after a client connects.</a></h1> + +<p><b>Answer:</b> +If the server uses an X.509 certificate with an RSA key, then most probably the server certificate doesn't allow +any of the ciphersuites requested by the client (this is related to <a href="#key-usage-violation">key-usage-violation</a>). +There are three possibilities: +<ul> +<li>The server has a priority string that incorrectly restricts the available ciphersuites to +the set not allowed by the certificate. Solution: If the server has a certificate with the +Key Usage extension and digitalSignature set, make sure that DHE-RSA and ECDHE-RSA key exchange +methods are enabled. If the keyEncipherment flag is set, then make sure that the RSA key exchange is enabled.</li> +<li>The client requires only encryption ciphersuites (i.e., RSA) but the server certificate only +allows ciphersuites with signing (e.g., DHE-RSA). Solution: If the server has the Key Usage extension +with digitalSignature set, replace or (better) add another server certificate with keyEncipherment set. +</li> +<li>The client requires only signing ciphersuites (e.g., DHE-RSA) but the server certificate only +allows ciphersuites with encryption (i.e., RSA). That is the server has the Key Usage extension +with keyEncipherment set. Solution: If the server has the Key Usage extension +with keyEncipherment set, replace or (better) add another server certificate with digitalSignature set.</li> +</ul> + +Note that while having a single certificate with the Key Usage extension unset, or with both +digitalSignature and keyEncipherment flags would solve the issue; it is considered bad practice +to use a single key/certificate for both RSA encryption and signatures. +</p> +</div> + +<div class="emph-box" id="Dual_EC_DRBG_info"> +<h1><a href="#Dual_EC_DRBG_info">I heard about the backdoor in http://en.wikipedia.org/wiki/Dual_EC_DRBG, does it affect GnuTLS?</a></h1> + +<p><b>Answer:</b> +GnuTLS never supported the Dual EC random generator, hence this issue does not affect GnuTLS. +</p> +</div> + +<br> + +#include 'bottom.wml' diff --git a/www/gnutls-logo.wml b/www/gnutls-logo.wml new file mode 100644 index 0000000000..5a2db5ba32 --- /dev/null +++ b/www/gnutls-logo.wml @@ -0,0 +1,30 @@ +#include 'common.wml' page="Logo" + +<p> +This logo consists of two well known symbols, a lock transported on a truck. +The truck symbolizes the "Transport Layer" and the lock stands for "Security". + +</p> + + +<p> +We would like to thank Claus Schrammel for the design of this GnuTLS logo. +</p> +<p> + +This picture is available in the following formats: +<UL> + <LI>PNG <A HREF="graphics/gnutls-logo.png">small</A>, + <A HREF="graphics/gnutls-logo-icon.png">icon</A>, + <A HREF="graphics/gnutls-logo-icon2.png">another icon + (contributed by Daniel Kahn Gillmor)</A>, + <A HREF="graphics/gnutls-logo-nobackground.png">without background</A>, + <A HREF="graphics/gnutls-logo-large.png">large</A>, + <A HREF="graphics/gnutls-logo-scalable.png">scalable</A>, + <A HREF="graphics/gnutls-logo-letters.png">large with letters</A>.</li> + <LI>SVG <A HREF="graphics/gnutls-logo.svg">scalable (contributed by Daniel Kahn Gillmor)</A></li> +</UL> + +</P> + +#include 'bottom.wml' diff --git a/www/gnutls.wml b/www/gnutls.wml new file mode 100644 index 0000000000..160dd25463 --- /dev/null +++ b/www/gnutls.wml @@ -0,0 +1,68 @@ +#include 'common.wml' page="Overview" + +<table class="transparent" border="0" cellspacing="1" width="100%"> +<tr><td> + <p> + Welcome to <i>GnuTLS</i> project pages + </p> +<ul> + <li><a name="overview"><b>Overview</b></a> + <p> GnuTLS is a secure communications library implementing the <a href="http://datatracker.ietf.org/wg/tls/charter/">SSL, TLS and DTLS protocols</a> + and technologies around them. It provides a simple C language application programming interface (API) + to access the secure communications protocols as well as APIs to parse and + write X.509, PKCS #12, OpenPGP and other required structures. It is + aimed to be portable and efficient with focus on security and interoperability. + </p></li> + + <li><a name="features"><b>Features</b></a> + <ul> + <li>Support for <a href="http://tools.ietf.org/html/rfc5247">TLS 1.2</a>, TLS 1.1, TLS 1.0, and SSL 3.0 protocols</li> + <li>Support for <a href="http://tools.ietf.org/html/rfc6347">DTLS 1.2</a>, and DTLS 1.0, protocols</li> + <li>Support for certificate path validation, as well as <a href="http://www.gnutls.org/manual/html_node/Verifying-a-certificate-using-DANE.html#Verifying-a-certificate-using-DANE">DANE</a> and <a href="http://www.gnutls.org/manual/html_node/Verifying-a-certificate-using-trust-on-first-use-authentication.html#Verifying-a-certificate-using-trust-on-first-use-authentication">trust on first use</a>.</li> + <li>Support for the <a href="http://www.gnutls.org/manual/html_node/OCSP-certificate-status-checking.html">Online Certificate Status Protocol (OCSP)</a>.</li> + <li>Support for multiple certificate types including X.509 and <a href="openpgp.html">OpenPGP</a> certificates.</li> + <li>Support for public key methods, including RSA and Elliptic curves, as well as password and key authentication methods such as <a href="http://www.gnutls.org/manual/html_node/Authentication-using-SRP.html#Authentication-using-SRP">SRP</a> and <a href="http://www.gnutls.org/manual/html_node/Authentication-using-PSK.html#Authentication-using-PSK">PSK</a> protocols.</li> + <li>Support for all the strong encryption algorithms, including AES and Camellia. + <li>Support for CPU-assisted cryptography with VIA padlock and AES-NI instruction sets. + <li>Support for cryptographic accelerator drivers via <a href="http://www.cryptodev-linux.org/">/dev/crypto</a>. + <li>Supports natively <a href="http://www.gnutls.org/manual/html_node/Smart-cards-and-HSMs.html#Smart-cards-and-HSMs">HSMs and cryptographic tokens</a>, via PKCS #11 and the <a href="http://www.gnutls.org/manual/html_node/Trusted-Platform-Module.html#Trusted-Platform-Module">Trusted Platform Module (TPM)</a>.</li> + <li>Runs on most Unix platforms and Windows.</li> + </ul> + </li> + + <li><a name="license"><b>License</b></a> + <p>The core library licensed under + the <a href="http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html">GNU + Lesser General Public License version 2.1</a> (LGPLv2.1+). The + LGPL license is compatible with a wide range of free licenses, + and even permit you to use GnuTLS in non-free proprietary + programs. </p> </li> +</ul> + +<ul> + <li><a name="documentation"><b>Documentation:</b></a> + <p> + You can obtain <a href="http://www.lulu.com/shop/nikos-mavrogiannopoulos-and-simon-josefsson/the-gnutls-manual/paperback/product-18963264.html"> + GnuTLS' manual at lulu.com</a> or download + <a href="$(path)documentation.html">any of the electronic formats</a>. + </p> +</ul> + + <p> + For more information on GnuTLS features, see the <a + href="https://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations"> + wikipedia article comparing different TLS implementations</a>. +</p> + +</td> +<td> + +<div class="emph-box"> +#include 'rawnews.wml' MAX_NEWS=4 TABLE_CLASS=news-transparent +</div> + +</td> +</tr> +</table> + +#include 'bottom.wml' diff --git a/www/graphics/gnutls-logo-icon.png b/www/graphics/gnutls-logo-icon.png Binary files differnew file mode 100644 index 0000000000..9cfb01624e --- /dev/null +++ b/www/graphics/gnutls-logo-icon.png diff --git a/www/graphics/gnutls-logo-icon2.png b/www/graphics/gnutls-logo-icon2.png Binary files differnew file mode 100644 index 0000000000..3f5c0460dc --- /dev/null +++ b/www/graphics/gnutls-logo-icon2.png diff --git a/www/graphics/gnutls-logo-large.png b/www/graphics/gnutls-logo-large.png Binary files differnew file mode 100644 index 0000000000..7b82218348 --- /dev/null +++ b/www/graphics/gnutls-logo-large.png diff --git a/www/graphics/gnutls-logo-letters.png b/www/graphics/gnutls-logo-letters.png Binary files differnew file mode 100644 index 0000000000..08fb33a4e6 --- /dev/null +++ b/www/graphics/gnutls-logo-letters.png diff --git a/www/graphics/gnutls-logo-nobackground.png b/www/graphics/gnutls-logo-nobackground.png Binary files differnew file mode 100644 index 0000000000..b6af9d0f15 --- /dev/null +++ b/www/graphics/gnutls-logo-nobackground.png diff --git a/www/graphics/gnutls-logo-scalable.png b/www/graphics/gnutls-logo-scalable.png Binary files differnew file mode 100644 index 0000000000..1fd1f96c81 --- /dev/null +++ b/www/graphics/gnutls-logo-scalable.png diff --git a/www/graphics/gnutls-logo.png b/www/graphics/gnutls-logo.png Binary files differnew file mode 100644 index 0000000000..2819b76796 --- /dev/null +++ b/www/graphics/gnutls-logo.png diff --git a/www/graphics/gnutls-logo.svg b/www/graphics/gnutls-logo.svg new file mode 100644 index 0000000000..f3a5521391 --- /dev/null +++ b/www/graphics/gnutls-logo.svg @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!-- Created with Inkscape (http://www.inkscape.org/) --> +<svg + xmlns:dc="http://purl.org/dc/elements/1.1/" + xmlns:cc="http://web.resource.org/cc/" + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" + xmlns:svg="http://www.w3.org/2000/svg" + xmlns="http://www.w3.org/2000/svg" + xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" + xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" + width="312.88843" + height="285.61639" + id="svg2" + sodipodi:version="0.32" + inkscape:version="0.45.1" + version="1.0" + sodipodi:docbase="/home/dkg/src/gnutls/gnutls/doc" + sodipodi:docname="gnutls-logo.svg" + inkscape:output_extension="org.inkscape.output.svg.inkscape"> + <defs + id="defs4" /> + <sodipodi:namedview + inkscape:document-units="in" + pagecolor="#ffffff" + bordercolor="#666666" + borderopacity="1.0" + inkscape:pageopacity="0.0" + inkscape:pageshadow="2" + inkscape:zoom="0.55656566" + inkscape:cx="382.5" + inkscape:cy="226.23043" + inkscape:current-layer="layer1" + id="namedview6" + inkscape:window-width="1024" + inkscape:window-height="767" + inkscape:window-x="0" + inkscape:window-y="0" /> + <metadata + id="metadata8"> + <rdf:RDF> + <cc:Work + rdf:about=""> + <dc:format>image/svg+xml</dc:format> + <dc:type + rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> + </cc:Work> + </rdf:RDF> + </metadata> + <g + inkscape:label="Layer 1" + inkscape:groupmode="layer" + id="layer1" + transform="translate(-62.944441,-55.704099)"> + <path + style="fill:#000000" + d="M 111.93797,340.45884 C 100.35987,336.66037 93.008461,326.60929 92.966401,314.52036 C 92.923801,302.275 100.60924,292.23087 112.71421,288.71186 C 129.50663,283.83017 146.23489,296.9254 146.13136,314.87149 C 146.07433,324.75756 140.36367,333.97245 131.44444,338.57077 C 127.09978,340.81067 116.22018,341.86373 111.93797,340.45884 z M 179.44444,338.97513 C 162.47463,331.03788 157.92247,310.72833 170.03019,296.97323 C 182.69659,282.58345 205.11346,285.52725 214.25149,302.7804 C 217.32006,308.57406 217.27874,320.16822 214.16855,326.04879 C 207.17514,339.27154 192.08678,344.88831 179.44444,338.97513 z M 314.94444,339.30851 C 301.00197,332.8381 294.5644,316.26174 300.88064,303.09506 C 308.76209,286.66559 331.55003,282.63822 343.97301,295.47924 C 360.62391,312.69046 349.83382,339.99235 325.94444,341.09645 C 320.99034,341.32542 318.3742,340.90019 314.94444,339.30851 z M 62.944441,276.33331 L 274.98304,276.33331 L 274.44444,182.31002 L 352.39896,182.83331 L 375.83288,246.83331 L 375.44444,311.83331 L 366.81271,312.12052 L 358.18098,312.40773 L 357.48208,308.68228 C 355.68752,299.11641 348.33276,289.57262 339.16955,284.91928 C 330.81751,280.67789 319.46923,280.93801 310.14687,285.58453 C 301.92461,289.68273 293.15527,301.95653 293.00031,309.58331 L 292.94444,312.33331 L 258.06315,312.33331 L 223.18187,312.33331 L 221.99723,307.58331 C 216.70718,286.37196 194.56718,275.89005 175.3385,285.49332 C 167.27827,289.51879 157.99066,306.10853 157.95421,312.33331 C 152.72824,312.29155 154.94524,312.39896 151.52955,312.33331 C 150.61696,306.6263 146.38343,294.96263 141.62637,290.66492 C 131.35799,281.38806 117.55287,279.29773 105.55678,285.20339 C 101.59469,287.15392 97.477741,290.19267 95.030431,292.97296 C 91.122301,297.41283 86.944441,308.36443 86.944441,312.33331 L 62.944441,312.33331 L 62.944441,276.33331 z M 345.46824,194.33331 L 292.94444,194.33331 L 292.94444,246.33331 L 362.77328,246.33331 L 345.46824,194.33331 z M 80.337451,147.9151 L 92.888971,146.33331 L 92.883231,134.08331 C 92.876151,118.97289 94.987771,109.93947 101.45331,97.421 C 118.93928,63.56494 158.003,47.60884 193.68855,59.74628 C 215.07057,67.01877 231.64435,82.42522 240.35852,103.12917 C 244.51909,113.01425 245.91356,120.74968 245.92966,134.03341 L 245.94444,146.2335 L 257.44444,146.83331 L 257.9603,265.33331 L 80.944441,265.33331 C 79.930297,226.24089 82.4951,186.98062 80.337451,147.9151 z M 176.78029,209.03932 L 179.34303,206.93632 C 185.60218,201.8 186.25148,192.03048 180.75013,185.76479 C 175.1306,179.36449 166.47456,178.79911 159.69259,184.38937 C 152.91498,189.97605 152.58998,199.52656 158.95097,206.18273 L 161.96138,209.33284 L 150.89139,231.40578 L 187.8804,231.17231 L 176.78029,209.03932 z M 227.88377,137.08331 C 227.71,119.65907 223.22128,105.9577 214.13607,95.11991 C 197.60761,75.40301 170.01057,68.87006 146.44444,79.09551 C 123.57515,89.0186 111.01349,109.54759 110.9618,137.08331 L 110.94444,146.33331 L 227.97601,146.33331 L 227.88377,137.08331 z " + id="path2222" + sodipodi:nodetypes="cssssccsssccsssccccccccccsscccccsccssscccccccccccsssccccccccssccccccsscccc" /> + </g> +</svg> diff --git a/www/graphics/logo-sponsor.png b/www/graphics/logo-sponsor.png Binary files differnew file mode 100644 index 0000000000..ce652f96b5 --- /dev/null +++ b/www/graphics/logo-sponsor.png diff --git a/www/graphics/pgp1.png b/www/graphics/pgp1.png Binary files differnew file mode 100644 index 0000000000..c8140f87cb --- /dev/null +++ b/www/graphics/pgp1.png diff --git a/www/graphics/tree1.png b/www/graphics/tree1.png Binary files differnew file mode 100644 index 0000000000..27c6d8ba12 --- /dev/null +++ b/www/graphics/tree1.png diff --git a/www/head.wml b/www/head.wml new file mode 100644 index 0000000000..9a8f915886 --- /dev/null +++ b/www/head.wml @@ -0,0 +1,24 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + +<head> +<meta http-equiv="content-type" content="text/html; charset=utf-8" /> +<link rel="icon" type="image/png" href="graphics/gnutls-logo-icon.png" /> +<meta name="DC.title" content="gnutls.org" /> +$(extra_head) + +<title>GnuTLS</title> +<!-- start of banner.html --> +<!-- start of head-include-2.html --> + +<link rel="stylesheet" href="css/combo.css" media="screen" /> +<link rel="stylesheet" href="css/layout.css" media="screen" /> + +<link rel="stylesheet" href="css/mini.css" media="handheld" /> + +<link rel="stylesheet" href="css/print.css" media="print" /> +<!-- end of head-include-2.html --> +</head> +<body> + diff --git a/www/help.wml b/www/help.wml new file mode 100644 index 0000000000..070e5fd3d1 --- /dev/null +++ b/www/help.wml @@ -0,0 +1,44 @@ +#include 'common.wml' page="How to help" + +<h1>How can I help?</h1> +<p> +You are always welcome to contribute to <b>GnuTLS</b>. If there +is something you can do, and you may think we need it, then +contact us. Some ideas +are listed below. +</p> + +<ul> +<li> +If you're a developer, you may want to help us with <a href="https://gitlab.com/gnutls/gnutls/blob/master/doc/TODO">open issues</a>. +</li> + +<li> +If you're a web developer, you may want to help us with these +web pages. +</li> + +<li> +If you can do extensive beta testing, then don't hesitate to stress gnutls! + +</li> + +<li> +If you can audit code, we need you. +</li> + +<li> +If you can write, you may want to help us to +produce good documentation. +</li> + +<li> +If you can offer hardware or devices (especially devices with cryptographic accelerators), we can you use, don't hesitate +to do it. +</li> + +</ul> + +<p> + +#include 'bottom.wml' diff --git a/www/manual-index.html.bak b/www/manual-index.html.bak new file mode 100644 index 0000000000..69cfc8caa0 --- /dev/null +++ b/www/manual-index.html.bak @@ -0,0 +1,4 @@ +<html> +<meta http-equiv="refresh" content="0;url=http://www.gnutls.org/documentation.html"> + +</html> diff --git a/www/news-entries/2012-01-20.xml b/www/news-entries/2012-01-20.xml new file mode 100644 index 0000000000..90db2efe4a --- /dev/null +++ b/www/news-entries/2012-01-20.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5720"> +GnuTLS 3.0.12</a> was released. This release adds support for OCSP on the current +stable branch. diff --git a/www/news-entries/2012-02-18.xml b/www/news-entries/2012-02-18.xml new file mode 100644 index 0000000000..eb85ddbfc1 --- /dev/null +++ b/www/news-entries/2012-02-18.xml @@ -0,0 +1,5 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5843"> +GnuTLS 3.0.13</a> was released. This release adds support for a new helper interface +to support trust on first use (SSH-like authentication), on-line OCSP verification +in included programs and several updates in the Datagram TLS layer. + diff --git a/www/news-entries/2012-02-24.xml b/www/news-entries/2012-02-24.xml new file mode 100644 index 0000000000..f50ed251ae --- /dev/null +++ b/www/news-entries/2012-02-24.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5866"> +GnuTLS 3.0.14</a> was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-03-02.xml b/www/news-entries/2012-03-02.xml new file mode 100644 index 0000000000..3c7459fa27 --- /dev/null +++ b/www/news-entries/2012-03-02.xml @@ -0,0 +1,10 @@ +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"> + GnuTLS v3.0.15</a> was released, a bug-fix release on the current + stable branch. +</p> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"> + GnuTLS 2.12.17</a> was released, a bug-fix release on the previous + stable branch. +</p>
\ No newline at end of file diff --git a/www/news-entries/2012-03-16.xml b/www/news-entries/2012-03-16.xml new file mode 100644 index 0000000000..1758c138f1 --- /dev/null +++ b/www/news-entries/2012-03-16.xml @@ -0,0 +1,9 @@ +<p><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932"> +GnuTLS v3.0.16</a> was released, a bug-fix release on the current +stable branch. +</p> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5931"> + GnuTLS 2.12.18</a> was released, a bug-fix release on the previous + stable branch. +</p> diff --git a/www/news-entries/2012-03-17.xml b/www/news-entries/2012-03-17.xml new file mode 100644 index 0000000000..20797b5995 --- /dev/null +++ b/www/news-entries/2012-03-17.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5945"> +GnuTLS 3.0.17</a> was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-03-18.xml b/www/news-entries/2012-03-18.xml new file mode 100644 index 0000000000..40d8f4a9f6 --- /dev/null +++ b/www/news-entries/2012-03-18.xml @@ -0,0 +1,3 @@ +GnuTLS participates in the <a href="http://code.google.com/soc/">Google summer of +code</a>. Feel free to apply or forward our <a href="soc.html">our ideas for projects</a> +to interested students. diff --git a/www/news-entries/2012-03-19.xml b/www/news-entries/2012-03-19.xml new file mode 100644 index 0000000000..fc9ac205c7 --- /dev/null +++ b/www/news-entries/2012-03-19.xml @@ -0,0 +1,2 @@ +<a href="http://lists.gnu.org/archive/html/help-libtasn1/2012-03/msg00000.html"> +Libtasn1 2.12</a> was released, which includes an important security fix. diff --git a/www/news-entries/2012-03-21.xml b/www/news-entries/2012-03-21.xml new file mode 100644 index 0000000000..a13a499ea5 --- /dev/null +++ b/www/news-entries/2012-03-21.xml @@ -0,0 +1 @@ +<a href="security.html">Added security advisories</a> on the TLS record handling and libtasn1 issues. diff --git a/www/news-entries/2012-04-02.xml b/www/news-entries/2012-04-02.xml new file mode 100644 index 0000000000..405d5352dc --- /dev/null +++ b/www/news-entries/2012-04-02.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6018"> +GnuTLS 3.0.18</a> was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-04-22.xml b/www/news-entries/2012-04-22.xml new file mode 100644 index 0000000000..06dd4ff373 --- /dev/null +++ b/www/news-entries/2012-04-22.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6095"> +GnuTLS 3.0.19</a> was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-05-05.xml b/www/news-entries/2012-05-05.xml new file mode 100644 index 0000000000..67737ec2e5 --- /dev/null +++ b/www/news-entries/2012-05-05.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6115"> + GnuTLS 2.12.19</a> was released, a bug-fix release on the previous + stable branch. diff --git a/www/news-entries/2012-06-05.xml b/www/news-entries/2012-06-05.xml new file mode 100644 index 0000000000..b2e0ad3d0a --- /dev/null +++ b/www/news-entries/2012-06-05.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6162"> +GnuTLS 3.0.20</a> was released, a minor feature update and bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-06-10.xml b/www/news-entries/2012-06-10.xml new file mode 100644 index 0000000000..2b015fa038 --- /dev/null +++ b/www/news-entries/2012-06-10.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6169"> +GnuTLS 2.12.20</a> was released, a bug-fix release on the previous +stable branch. diff --git a/www/news-entries/2012-07-02.xml b/www/news-entries/2012-07-02.xml new file mode 100644 index 0000000000..4dae4208f9 --- /dev/null +++ b/www/news-entries/2012-07-02.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6180"> +GnuTLS 3.0.21</a> was released, a minor feature update and bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-08-04.xml b/www/news-entries/2012-08-04.xml new file mode 100644 index 0000000000..02a3373b51 --- /dev/null +++ b/www/news-entries/2012-08-04.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6226"> +GnuTLS 3.0.22</a> was released, a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2012-08-15.xml b/www/news-entries/2012-08-15.xml new file mode 100644 index 0000000000..a6ede8c69b --- /dev/null +++ b/www/news-entries/2012-08-15.xml @@ -0,0 +1,3 @@ +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6248"> +GnuTLS 3.1.0</a> was released, a major feature update release, introducing +a new stable branch. diff --git a/www/news-entries/2012-09-02.xml b/www/news-entries/2012-09-02.xml new file mode 100644 index 0000000000..20d01669e3 --- /dev/null +++ b/www/news-entries/2012-09-02.xml @@ -0,0 +1,9 @@ +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6281"> +GnuTLS 3.1.1</a> was released, a bug fix release in the new stable branch +with several optimizations in the elliptic curve subsystem. +</p> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6280"> +GnuTLS 3.0.23</a> was released, a bug fix release in the old stable branch. +</p> diff --git a/www/news-entries/2012-09-13.xml b/www/news-entries/2012-09-13.xml new file mode 100644 index 0000000000..9dc80c3f42 --- /dev/null +++ b/www/news-entries/2012-09-13.xml @@ -0,0 +1,2 @@ +<a href="security.html">Added a security advisory</a> on the "CRIME" attack +on TLS.
\ No newline at end of file diff --git a/www/news-entries/2012-09-26.xml b/www/news-entries/2012-09-26.xml new file mode 100644 index 0000000000..e68bebaf83 --- /dev/null +++ b/www/news-entries/2012-09-26.xml @@ -0,0 +1,11 @@ +<title>GnuTLS 3.0.24 and 3.1.2</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6334"> +GnuTLS 3.1.2</a> was released. This release includes feature +updates, notably support for the DTLS heartbeat message, and bug fixes +in the current stable branch. +</p> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6333"> +GnuTLS 3.0.24</a> was released, a bug fix release in the old stable branch. +</p> diff --git a/www/news-entries/2012-10-12.xml b/www/news-entries/2012-10-12.xml new file mode 100644 index 0000000000..248ca09512 --- /dev/null +++ b/www/news-entries/2012-10-12.xml @@ -0,0 +1,10 @@ +<title>GnuTLS 3.0.25 and 3.1.3</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6360"> +GnuTLS 3.1.3</a> was released. This release includes support for the DANE +protocol and the OCSP status request extension. +</p> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6359"> +GnuTLS 3.0.25</a> was released, a bug fix release in the old stable branch. +</p> diff --git a/www/news-entries/2012-11-09.xml b/www/news-entries/2012-11-09.xml new file mode 100644 index 0000000000..eac60bbf87 --- /dev/null +++ b/www/news-entries/2012-11-09.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 2.12.21 and 3.0.26</title> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6418"> +GnuTLS 2.12.21</a> and <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6419"> +GnuTLS 3.0.26</a> were released, bug-fix releases on the previous +stable branches. diff --git a/www/news-entries/2012-11-10.xml b/www/news-entries/2012-11-10.xml new file mode 100644 index 0000000000..5ef7ffb1e5 --- /dev/null +++ b/www/news-entries/2012-11-10.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.1.4</title> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6420"> +GnuTLS 3.1.4</a> was released. This release includes support +for the DTLS-SRTP, updates on the DANE library, and several +simplifications on the existing API. diff --git a/www/news-entries/2012-11-24.xml b/www/news-entries/2012-11-24.xml new file mode 100644 index 0000000000..c54cbacee9 --- /dev/null +++ b/www/news-entries/2012-11-24.xml @@ -0,0 +1,4 @@ +<title>GnuTLS 3.1.5</title> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6438"> +GnuTLS 3.1.5</a> was released. This release adds support for UCS-2 +encoded DNs, improvements in smart card key generation and few bug-fixes. diff --git a/www/news-entries/2012-11-25.xml b/www/news-entries/2012-11-25.xml new file mode 100644 index 0000000000..95ff4cc08b --- /dev/null +++ b/www/news-entries/2012-11-25.xml @@ -0,0 +1,3 @@ +<title>GnuTLS manual for 3.1.5</title> +The <a href="http://www.lulu.com/shop/nikos-mavrogiannopoulos-and-simon-josefsson/the-gnutls-manual/paperback/product-20532307.html"> +GnuTLS paperback manual</a> for was updated for version 3.1.5. diff --git a/www/news-entries/2012-12-10.xml b/www/news-entries/2012-12-10.xml new file mode 100644 index 0000000000..8ce17e7c0b --- /dev/null +++ b/www/news-entries/2012-12-10.xml @@ -0,0 +1,3 @@ +<title>GnuTLS has moved</title> +The GnuTLS project <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6459"> +has moved its infrastructure</a>. diff --git a/www/news-entries/2013-01-02.xml b/www/news-entries/2013-01-02.xml new file mode 100644 index 0000000000..4b448b4e43 --- /dev/null +++ b/www/news-entries/2013-01-02.xml @@ -0,0 +1,4 @@ +<title>GnuTLS 3.1.6</title> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6512"> +GnuTLS 3.1.6</a> was released. This is a bug-fix release on the current +stable branch. diff --git a/www/news-entries/2013-01-03.xml b/www/news-entries/2013-01-03.xml new file mode 100644 index 0000000000..64921d796e --- /dev/null +++ b/www/news-entries/2013-01-03.xml @@ -0,0 +1,4 @@ +<title>GnuTLS 3.0.27</title> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6514"> +GnuTLS 3.0.27</a> was released. This is a bug-fix release on the previous +stable branch. diff --git a/www/news-entries/2013-01-05.xml b/www/news-entries/2013-01-05.xml new file mode 100644 index 0000000000..b2629a461a --- /dev/null +++ b/www/news-entries/2013-01-05.xml @@ -0,0 +1,4 @@ +<title>GnuTLS 2.12.22</title> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6518"> +GnuTLS 2.12.22</a> was released. This is a bug-fix release on the previous +stable branch. diff --git a/www/news-entries/2013-02-04.xml b/www/news-entries/2013-02-04.xml new file mode 100644 index 0000000000..9c7ba23e6b --- /dev/null +++ b/www/news-entries/2013-02-04.xml @@ -0,0 +1,9 @@ +<title>GnuTLS 3.1.7, 3.0.28 and 2.12.23</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6580">GnuTLS 3.1.7</a>, +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6578">GnuTLS 3.0.28</a> and +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6579">GnuTLS 2.12.23</a> were released. +</p> +<p> +<a href="security.html#GNUTLS-SA-2013-1">Security advisory GNUTLS-SA-2013-1</a> is issued. +</p> diff --git a/www/news-entries/2013-02-10.xml b/www/news-entries/2013-02-10.xml new file mode 100644 index 0000000000..89f12430a6 --- /dev/null +++ b/www/news-entries/2013-02-10.xml @@ -0,0 +1,7 @@ +<title>GnuTLS 3.1.8</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6623">GnuTLS +3.1.8</a> was released. This is bug fix release on the current +stable branch. GnuTLS 3.1.7 inadvertently increased the security level of +the priority string NORMAL. This release restores it to the previous level. +</p> diff --git a/www/news-entries/2013-02-27.xml b/www/news-entries/2013-02-27.xml new file mode 100644 index 0000000000..d960f39ab3 --- /dev/null +++ b/www/news-entries/2013-02-27.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.1.9</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6669">GnuTLS 3.1.9</a> was released. This is bug fix release on the current +stable branch. +</p> diff --git a/www/news-entries/2013-03-22.xml b/www/news-entries/2013-03-22.xml new file mode 100644 index 0000000000..faed14fcd6 --- /dev/null +++ b/www/news-entries/2013-03-22.xml @@ -0,0 +1,9 @@ +<title>GnuTLS 3.0.29 and 3.1.10</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6693">GnuTLS 3.0.29</a> +and <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6694">GnuTLS +3.1.10</a> were released. The license of GnuTLS 3.1.10 was changed to +LGPLv2.1, and the <a +href="http://www.lulu.com/shop/nikos-mavrogiannopoulos-and-simon-josefsson/the-gnutls-manual/paperback/product-20935513.html">paperback manual +was updated</a> for version 3.1.10. +</p> diff --git a/www/news-entries/2013-05-10.xml b/www/news-entries/2013-05-10.xml new file mode 100644 index 0000000000..dce4d7e551 --- /dev/null +++ b/www/news-entries/2013-05-10.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.1.11 and 3.2.0</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6723">GnuTLS +3.1.11</a>, and <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6725">GnuTLS +3.2.0</a> were released. +</p> diff --git a/www/news-entries/2013-05-16.xml b/www/news-entries/2013-05-16.xml new file mode 100644 index 0000000000..ca64f259e7 --- /dev/null +++ b/www/news-entries/2013-05-16.xml @@ -0,0 +1,5 @@ +<title>The addition of salsa20 and UMAC in GnuTLS</title> +We are planning into pushing forward the standardization of +<a +href="http://nmav.gnutls.org/2013/05/salsa20-and-umac-in-tls.html">Salsa20 +and UMAC</a> as used in GnuTLS 3.2.0. diff --git a/www/news-entries/2013-05-29.xml b/www/news-entries/2013-05-29.xml new file mode 100644 index 0000000000..bd2b39038d --- /dev/null +++ b/www/news-entries/2013-05-29.xml @@ -0,0 +1,2 @@ +<a href="http://www.gnutls.org/security.html#GNUTLS-SA-2013-2">Posted a security advisory</a> on a vulnerability +on gnutls 2.12.23. diff --git a/www/news-entries/2013-06-01.xml b/www/news-entries/2013-06-01.xml new file mode 100644 index 0000000000..f774fba8a8 --- /dev/null +++ b/www/news-entries/2013-06-01.xml @@ -0,0 +1,11 @@ +<title>GnuTLS 3.0.30, 3.1.12 and 3.2.1</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6775">GnuTLS 3.0.30</a>, +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6776">GnuTLS 3.1.12</a>, and +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6774">GnuTLS 3.2.1</a> +were released. +</p> +<p> +<a href="http://www.lulu.com/shop/nikos-mavrogiannopoulos-and-simon-josefsson/the-gnutls-manual/paperback/product-21048042.html">The +paperback manual</a> was updated. +</p>
\ No newline at end of file diff --git a/www/news-entries/2013-07-13.xml b/www/news-entries/2013-07-13.xml new file mode 100644 index 0000000000..789bc5f5f5 --- /dev/null +++ b/www/news-entries/2013-07-13.xml @@ -0,0 +1,7 @@ +<title>GnuTLS 3.0.31 and 3.1.13</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6837">GnuTLS 3.0.31</a>, +and +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6836">GnuTLS 3.1.13</a>, +were released. +</p> diff --git a/www/news-entries/2013-07-14.xml b/www/news-entries/2013-07-14.xml new file mode 100644 index 0000000000..a09672a15a --- /dev/null +++ b/www/news-entries/2013-07-14.xml @@ -0,0 +1,7 @@ +<title>GnuTLS 3.2.2</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6838">GnuTLS +3.2.2</a>, +was released. This release adds features and fixes bugs in the current +stable branch. +</p> diff --git a/www/news-entries/2013-07-30.xml b/www/news-entries/2013-07-30.xml new file mode 100644 index 0000000000..02022a366a --- /dev/null +++ b/www/news-entries/2013-07-30.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.2.3</title> +<p> +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6915">GnuTLS +3.2.3</a>, +was released. This is a bug-fix release in the current +stable branch. +</p> diff --git a/www/news-entries/2013-08-02.xml b/www/news-entries/2013-08-02.xml new file mode 100644 index 0000000000..ef28e62a22 --- /dev/null +++ b/www/news-entries/2013-08-02.xml @@ -0,0 +1,5 @@ +<title>Version naming change</title> +<p> +<a href="download.html">A naming scheme is introduced</a> on the releases to properly show their intended +purpose. +</p> diff --git a/www/news-entries/2013-08-31.xml b/www/news-entries/2013-08-31.xml new file mode 100644 index 0000000000..add5790fdf --- /dev/null +++ b/www/news-entries/2013-08-31.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.2.4, 3.1.14 and 3.0.32</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6968">GnuTLS 3.2.4</a>, +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6967">GnuTLS 3.1.14</a>, +and +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6966">GnuTLS 3.0.32</a>, +were released. +</p> diff --git a/www/news-entries/2013-10-23.xml b/www/news-entries/2013-10-23.xml new file mode 100644 index 0000000000..2d407fb679 --- /dev/null +++ b/www/news-entries/2013-10-23.xml @@ -0,0 +1,11 @@ +<title>GnuTLS 3.2.5 and 3.1.15</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7050">GnuTLS 3.2.5</a> +and +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7049">GnuTLS 3.1.15</a>, +were released. +</p> +<p> +Added <a href="http://www.gnutls.org/faq.html">answers to frequently asked +questions</a>. +</p> diff --git a/www/news-entries/2013-10-24.xml b/www/news-entries/2013-10-24.xml new file mode 100644 index 0000000000..799a27d708 --- /dev/null +++ b/www/news-entries/2013-10-24.xml @@ -0,0 +1,2 @@ +<a href="http://www.gnutls.org/security.html#GNUTLS-SA-2013-3">Posted a security advisory</a> on a vulnerability +of the DANE library in gnutls 3.1.x and 3.2.x. diff --git a/www/news-entries/2013-10-31.xml b/www/news-entries/2013-10-31.xml new file mode 100644 index 0000000000..d19e0ad302 --- /dev/null +++ b/www/news-entries/2013-10-31.xml @@ -0,0 +1,13 @@ +<title>GnuTLS 3.2.6 and 3.1.16</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7084">GnuTLS +3.2.6</a>, +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7083">GnuTLS +3.1.16</a>, were released and +the <a href="http://www.lulu.com/commerce/index.php?fBuyContent=10847678"> +paperback manual</a> has been updated. +</p> +<p> +The <a href="http://www.gnutls.org/security.html#GNUTLS-SA-2013-3">GNUTLS-SA-2013-3</a> security advisory +has been updated. +</p> diff --git a/www/news-entries/2013-11-23.xml b/www/news-entries/2013-11-23.xml new file mode 100644 index 0000000000..c6fb88bef8 --- /dev/null +++ b/www/news-entries/2013-11-23.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.2.7 and 3.1.17</title> +<p> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7109">GnuTLS +3.2.7</a>, and <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7108">GnuTLS +3.1.17</a>, were released. +</p> diff --git a/www/news-entries/2013-12-20.xml b/www/news-entries/2013-12-20.xml new file mode 100644 index 0000000000..9cf9f0af14 --- /dev/null +++ b/www/news-entries/2013-12-20.xml @@ -0,0 +1,7 @@ +<title>GnuTLS 3.2.8 and 3.1.18</title> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7189">GnuTLS +3.2.8</a> which adds new features and optimizations in the next stable branch; +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7190">GnuTLS +3.1.18</a>, is a bug-fix release on the current stable branch. +</p> diff --git a/www/news-entries/2014-01-24.xml b/www/news-entries/2014-01-24.xml new file mode 100644 index 0000000000..6e8968b673 --- /dev/null +++ b/www/news-entries/2014-01-24.xml @@ -0,0 +1,7 @@ +<title>GnuTLS 3.2.9 and 3.1.19</title> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7241">GnuTLS +3.2.9</a> which is a bugfix release in the current stable branch; +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7242">GnuTLS +3.1.19</a>, is a bug-fix release on the previous stable branch. +</p> diff --git a/www/news-entries/2014-01-31.xml b/www/news-entries/2014-01-31.xml new file mode 100644 index 0000000000..9cda5e27ed --- /dev/null +++ b/www/news-entries/2014-01-31.xml @@ -0,0 +1,7 @@ +<title>GnuTLS 3.2.10 and 3.1.20</title> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7250">GnuTLS +3.2.10</a> which is a bugfix release in the current stable branch; +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7251">GnuTLS +3.1.20</a>, is a bug-fix release on the previous stable branch. +</p> diff --git a/www/news-entries/2014-02-13.xml b/www/news-entries/2014-02-13.xml new file mode 100644 index 0000000000..ec07b5f0e5 --- /dev/null +++ b/www/news-entries/2014-02-13.xml @@ -0,0 +1,11 @@ +<title>GnuTLS 3.2.11 and 3.1.21</title> +<p> +Added security advisory <a href="security.html#GNUTLS-SA-2014-1">GNUTLS-SA-2014-1</a>. +</p> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7300">GnuTLS +3.2.11</a> which is a bugfix release in the current stable branch; +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7301">GnuTLS +3.1.21</a>, is a bug-fix release on the previous stable branch. +</p> diff --git a/www/news-entries/2014-03-03.xml b/www/news-entries/2014-03-03.xml new file mode 100644 index 0000000000..29e739af46 --- /dev/null +++ b/www/news-entries/2014-03-03.xml @@ -0,0 +1,12 @@ +<title>GnuTLS 3.2.12 and 3.1.22</title> +<p> +Added important security advisory <a +href="security.html#GNUTLS-SA-2014-2">GNUTLS-SA-2014-2</a>. +</p> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7341">GnuTLS +3.2.12</a> which is a bugfix release in the current stable branch; +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7340">GnuTLS +3.1.22</a>, is a bug-fix release on the previous stable branch. +</p> diff --git a/www/news-entries/2014-03-04.xml b/www/news-entries/2014-03-04.xml new file mode 100644 index 0000000000..fcf0806f51 --- /dev/null +++ b/www/news-entries/2014-03-04.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.2.12.1</title> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7343">GnuTLS +3.2.12.1</a> which reverts an ABI change in the previous release. +</p> diff --git a/www/news-entries/2014-03-07.xml b/www/news-entries/2014-03-07.xml new file mode 100644 index 0000000000..fbc7b78884 --- /dev/null +++ b/www/news-entries/2014-03-07.xml @@ -0,0 +1,6 @@ +<title>Audit competition</title> +<p> +Announced a <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7361">GnuTLS audit +competition</a>. Pick a task and join us. +</p> diff --git a/www/news-entries/2014-03-27.xml b/www/news-entries/2014-03-27.xml new file mode 100644 index 0000000000..20b0e90ccb --- /dev/null +++ b/www/news-entries/2014-03-27.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.3.0pre0</title> +<p> +Released <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7399">GnuTLS +3.3.0pre0</a> which is a pre-release of the next stable branch. +</p> diff --git a/www/news-entries/2014-04-07.xml b/www/news-entries/2014-04-07.xml new file mode 100644 index 0000000000..cba81d1800 --- /dev/null +++ b/www/news-entries/2014-04-07.xml @@ -0,0 +1,9 @@ +<title>GnuTLS 3.2.13 and 3.1.23</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7414">GnuTLS +3.2.13</a> which is a bugfix release in the current stable branch; +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7415">GnuTLS +3.1.23</a>, is a bug-fix release on the previous stable branch. +</p> diff --git a/www/news-entries/2014-04-10.xml b/www/news-entries/2014-04-10.xml new file mode 100644 index 0000000000..2af01533d6 --- /dev/null +++ b/www/news-entries/2014-04-10.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.0</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7418">GnuTLS +3.3.0</a> which is the first release in the next stable branch of GnuTLS. +</p> diff --git a/www/news-entries/2014-04-19.xml b/www/news-entries/2014-04-19.xml new file mode 100644 index 0000000000..4641db5e93 --- /dev/null +++ b/www/news-entries/2014-04-19.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.1</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7443">GnuTLS +3.3.1</a> which is a bug fix release on the next stable branch of GnuTLS. +</p> diff --git a/www/news-entries/2014-05-06.xml b/www/news-entries/2014-05-06.xml new file mode 100644 index 0000000000..2275fd630f --- /dev/null +++ b/www/news-entries/2014-05-06.xml @@ -0,0 +1,13 @@ +<title>GnuTLS 3.3.2, 3.2.14 and 3.1.24</title> +<p> +Released <a +href="http://lists.gnutls.org/pipermail/gnutls-help/2014-May/003468.html">GnuTLS +3.3.2</a>, +<a +href="http://lists.gnutls.org/pipermail/gnutls-help/2014-May/003467.html">GnuTLS +3.2.14</a>, +<a +href="http://lists.gnutls.org/pipermail/gnutls-help/2014-May/003466.html">GnuTLS +3.1.24</a>, which are bug-fix releases on the next, current and previous stable +branches respectively. +</p> diff --git a/www/news-entries/2014-05-30.xml b/www/news-entries/2014-05-30.xml new file mode 100644 index 0000000000..f46945005d --- /dev/null +++ b/www/news-entries/2014-05-30.xml @@ -0,0 +1,17 @@ +<title>GnuTLS 3.3.3, 3.2.15 and 3.1.25</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7494">GnuTLS +3.3.3</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7493">GnuTLS +3.2.15</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7492">GnuTLS +3.1.25</a>, which are bug-fix releases on the next, current and previous stable +branches respectively. +</p> +<p> +<a href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">Posted a security advisory</a> on a vulnerability +on the client side of the gnutls library. +</p> diff --git a/www/news-entries/2014-05-31.xml b/www/news-entries/2014-05-31.xml new file mode 100644 index 0000000000..ec8a631e5e --- /dev/null +++ b/www/news-entries/2014-05-31.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.4</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7494">GnuTLS +3.3.4</a>, which fixes an issue in the hardware acceleration on certain CPUs. +</p> diff --git a/www/news-entries/2014-06-26.xml b/www/news-entries/2014-06-26.xml new file mode 100644 index 0000000000..eec71f2fb8 --- /dev/null +++ b/www/news-entries/2014-06-26.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.5</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7542">GnuTLS +3.3.5</a>, which adds new features and fixes bugs in the next stable release. +</p> diff --git a/www/news-entries/2014-07-23.xml b/www/news-entries/2014-07-23.xml new file mode 100644 index 0000000000..bb80eb3ede --- /dev/null +++ b/www/news-entries/2014-07-23.xml @@ -0,0 +1,11 @@ +<title>GnuTLS 3.3.6 and 3.2.16</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7582">GnuTLS +3.3.6</a>, +and <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7581">GnuTLS +3.2.16</a>, +which are bug-fix releases on the next, and current stable +branches respectively. +</p> diff --git a/www/news-entries/2014-07-29.xml b/www/news-entries/2014-07-29.xml new file mode 100644 index 0000000000..64665421c2 --- /dev/null +++ b/www/news-entries/2014-07-29.xml @@ -0,0 +1,6 @@ +<title>Plan for GnuTLS 3.4</title> +<p> +The development plans for GnuTLS 3.4 are +<a href="https://www.gitorious.org/gnutls/pages/Plan3_4">posted on the wiki +pages</a> on gitorious. +</p> diff --git a/www/news-entries/2014-08-24.xml b/www/news-entries/2014-08-24.xml new file mode 100644 index 0000000000..19b4bd813c --- /dev/null +++ b/www/news-entries/2014-08-24.xml @@ -0,0 +1,13 @@ +<title>GnuTLS 3.3.7, 3.2.17 and 3.1.26</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7610">GnuTLS +3.3.7</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7609">GnuTLS +3.2.17</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7608">GnuTLS +3.1.26</a>, which are bug-fix releases on the next, current and previous stable +branches respectively. +</p> diff --git a/www/news-entries/2014-08-31.xml b/www/news-entries/2014-08-31.xml new file mode 100644 index 0000000000..cbd14fb5fc --- /dev/null +++ b/www/news-entries/2014-08-31.xml @@ -0,0 +1,7 @@ +<title>New paperback manual for 3.3.7</title> +<p> +Updated GnuTLS' +<a +href="http://www.lulu.com/shop/nikos-mavrogiannopoulos-and-simon-josefsson/the-gnutls-manual/paperback/product-21784651.html">the +paperback manual for version 3.3.7</a>. +</p> diff --git a/www/news-entries/2014-09-18.xml b/www/news-entries/2014-09-18.xml new file mode 100644 index 0000000000..9992e948a8 --- /dev/null +++ b/www/news-entries/2014-09-18.xml @@ -0,0 +1,10 @@ +<title>GnuTLS 3.3.8 and 3.2.18</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7664">GnuTLS +3.3.8</a>, and +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7663">3.2.18</a>, +which are bug-fix releases on the next, and current stable +branches respectively. +</p> diff --git a/www/news-entries/2014-10-13.xml b/www/news-entries/2014-10-13.xml new file mode 100644 index 0000000000..3f3d4df976 --- /dev/null +++ b/www/news-entries/2014-10-13.xml @@ -0,0 +1,13 @@ +<title>GnuTLS 3.3.9, 3.2.19, and 3.1.17</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7728">GnuTLS +3.3.9</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7727">3.2.19</a>, and +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7726">3.1.17</a>, +which are bug-fix releases on the current and old stable +branches respectively. The GnuTLS branch 3.3.x is the new +stable branch. +</p> diff --git a/www/news-entries/2014-10-16.xml b/www/news-entries/2014-10-16.xml new file mode 100644 index 0000000000..1f82fbdbea --- /dev/null +++ b/www/news-entries/2014-10-16.xml @@ -0,0 +1,5 @@ +<title>POODLE attack</title> +<p> +<a href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-4">Posted a security advisory</a> on +the POODLE attack. +</p> diff --git a/www/news-entries/2014-11-10.xml b/www/news-entries/2014-11-10.xml new file mode 100644 index 0000000000..60d9548d3e --- /dev/null +++ b/www/news-entries/2014-11-10.xml @@ -0,0 +1,17 @@ +<title>GnuTLS 3.3.10, 3.2.20 and 3.1.28</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7779">GnuTLS +3.3.10</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7778">GnuTLS +3.2.20</a>, +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7777">GnuTLS +3.1.28</a>, which are bug-fix releases on the current and previous stable +branches respectively. +</p> +<p> +<a href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-5">Posted a security advisory</a> on a vulnerability +of the gnutls library. +</p> diff --git a/www/news-entries/2014-12-03.xml b/www/news-entries/2014-12-03.xml new file mode 100644 index 0000000000..d86fe2e2d9 --- /dev/null +++ b/www/news-entries/2014-12-03.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.3.10, 3.2.20 and 3.1.28</title> +<p> +Posted +an <a href="http://nmav.gnutls.org/2014/12/a-quick-overview-of-gnutls-development.html">overview of GnuTLS development for 2014. +</p> diff --git a/www/news-entries/2014-12-11.xml b/www/news-entries/2014-12-11.xml new file mode 100644 index 0000000000..aa625111af --- /dev/null +++ b/www/news-entries/2014-12-11.xml @@ -0,0 +1,10 @@ +<title>GnuTLS 3.3.11, 3.2.21</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7837">GnuTLS +3.3.11</a>, and +<a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7836">3.2.21</a>, +which are bug-fix releases on the current and old stable +branches respectively. +</p> diff --git a/www/news-entries/2015-01-17.xml b/www/news-entries/2015-01-17.xml new file mode 100644 index 0000000000..1acbd84123 --- /dev/null +++ b/www/news-entries/2015-01-17.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.12</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7967">GnuTLS +3.3.12</a>, a bug-fix release on the stable branch. +</p> diff --git a/www/news-entries/2015-02-25.xml b/www/news-entries/2015-02-25.xml new file mode 100644 index 0000000000..4c90aa1b98 --- /dev/null +++ b/www/news-entries/2015-02-25.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.13</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8031">GnuTLS +3.3.13</a>, a bug-fix release on the stable branch. +</p> diff --git a/www/news-entries/2015-03-04.xml b/www/news-entries/2015-03-04.xml new file mode 100644 index 0000000000..c75e1a3d48 --- /dev/null +++ b/www/news-entries/2015-03-04.xml @@ -0,0 +1,5 @@ +<title>GnuTLS goes to gitlab</title> +<p> +The source code has been <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8043">moved to +gitlab</a>. +</p> diff --git a/www/news-entries/2015-03-11.xml b/www/news-entries/2015-03-11.xml new file mode 100644 index 0000000000..09159580b1 --- /dev/null +++ b/www/news-entries/2015-03-11.xml @@ -0,0 +1,5 @@ +<title>Signature forgery</title> +<p> +<a href="http://www.gnutls.org/security.html#GNUTLS-SA-2015-1">Posted a security advisory</a> on +a signature forgery attack on old versions of GnuTLS. +</p> diff --git a/www/news-entries/2015-03-30.xml b/www/news-entries/2015-03-30.xml new file mode 100644 index 0000000000..103a10a5b8 --- /dev/null +++ b/www/news-entries/2015-03-30.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.3.14</title> +<p> +Released <a +href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8077">GnuTLS +3.3.14</a>, a bug-fix release on the stable branch. +</p> diff --git a/www/news-entries/2015-04-08.xml b/www/news-entries/2015-04-08.xml new file mode 100644 index 0000000000..feface1cf7 --- /dev/null +++ b/www/news-entries/2015-04-08.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.4.0</title> +<p> +Released <a href="http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007535.html">GnuTLS +3.4.0</a> which is the first release of the new stable-next branch. +</p> diff --git a/www/news-entries/2015-05-03.xml b/www/news-entries/2015-05-03.xml new file mode 100644 index 0000000000..3ddd8c0e77 --- /dev/null +++ b/www/news-entries/2015-05-03.xml @@ -0,0 +1,12 @@ +<title>GnuTLS 3.4.1</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8137">GnuTLS +3.3.15</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8138">GnuTLS +3.4.1</a> which are bug fix releases in the current and next stable branches. +</p> +<p> +Added <a +href="security.html#GNUTLS-SA-2015-2">GnuTLS-SA-2015-2</a> security advisory. +</p> diff --git a/www/news-entries/2015-06-16.xml b/www/news-entries/2015-06-16.xml new file mode 100644 index 0000000000..f3640aa331 --- /dev/null +++ b/www/news-entries/2015-06-16.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.4.2</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8189">GnuTLS +3.4.2</a> which adds new features and fixes bugs in next stable branch. +</p> diff --git a/www/news-entries/2015-07-12.xml b/www/news-entries/2015-07-12.xml new file mode 100644 index 0000000000..83913448f6 --- /dev/null +++ b/www/news-entries/2015-07-12.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.4.3</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8235">GnuTLS +3.3.16</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8236">GnuTLS +3.4.3</a> which are bug fix releases in the current and next stable branches. +</p> diff --git a/www/news-entries/2015-08-10.xml b/www/news-entries/2015-08-10.xml new file mode 100644 index 0000000000..9b0ee9c214 --- /dev/null +++ b/www/news-entries/2015-08-10.xml @@ -0,0 +1,12 @@ +<title>GnuTLS 3.4.4</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8268">GnuTLS +3.3.17</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8267">GnuTLS +3.4.4</a> which are bug fix releases in the current and next stable branches. +</p> +<p> +Added the <a +href="security.html#GNUTLS-SA-2015-3">GnuTLS-SA-2015-3</a> security advisory. +</p> diff --git a/www/news-entries/2015-09-02.xml b/www/news-entries/2015-09-02.xml new file mode 100644 index 0000000000..6023445cc3 --- /dev/null +++ b/www/news-entries/2015-09-02.xml @@ -0,0 +1,5 @@ +<title>GnuTLS-SA-2015-4</title> +<p> +Added the <a +href="security.html#GNUTLS-SA-2015-4">GnuTLS-SA-2015-4</a> security advisory. +</p> diff --git a/www/news-entries/2015-09-12.xml b/www/news-entries/2015-09-12.xml new file mode 100644 index 0000000000..bff93bb057 --- /dev/null +++ b/www/news-entries/2015-09-12.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.4.5</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8303">GnuTLS +3.3.18</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8304">GnuTLS +3.4.5</a> which are bug fix releases in the current and next stable branches. +</p> diff --git a/www/news-entries/2015-09-20.xml b/www/news-entries/2015-09-20.xml new file mode 100644 index 0000000000..e3edc8b114 --- /dev/null +++ b/www/news-entries/2015-09-20.xml @@ -0,0 +1,5 @@ +<title>GnuTLS ABI report</title> +<p> +Added <a href="http://www.gnutls.org/abi-tracker/timeline/gnutls/index.html">ABI +tracker report for the main library</a>. +</p> diff --git a/www/news-entries/2015-10-20.xml b/www/news-entries/2015-10-20.xml new file mode 100644 index 0000000000..ed4ab379c1 --- /dev/null +++ b/www/news-entries/2015-10-20.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.4.6</title> +<p> +Released +<a href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8323">GnuTLS +3.4.6</a> a bug fix release in the next stable branch. +</p> diff --git a/www/news-entries/2015-11-22.xml b/www/news-entries/2015-11-22.xml new file mode 100644 index 0000000000..589bfbb96a --- /dev/null +++ b/www/news-entries/2015-11-22.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.4.7</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8350">GnuTLS +3.3.19</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8351">GnuTLS +3.4.7</a> which are bug fix releases in the current and next stable branches. +</p> diff --git a/www/news-entries/2015-11-23.xml b/www/news-entries/2015-11-23.xml new file mode 100644 index 0000000000..a9d1829a9a --- /dev/null +++ b/www/news-entries/2015-11-23.xml @@ -0,0 +1,4 @@ +<title>GnuTLS 3.4.x</title> +<p> +Added a description of the new <a href="http://nmav.gnutls.org/2015/11/an-overview-of-gnutls-34x.html"> features in GnuTLS 3.4.x</a>. +</p> diff --git a/www/news-entries/2015-11-29.xml b/www/news-entries/2015-11-29.xml new file mode 100644 index 0000000000..a41f5517ed --- /dev/null +++ b/www/news-entries/2015-11-29.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.4.x</title> +<p> +GnuTLS 3.4.x is marked as the <a href="download.html">current stable +release</a>. +</p> diff --git a/www/news-entries/2016-01-08.xml b/www/news-entries/2016-01-08.xml new file mode 100644 index 0000000000..0cb14326f1 --- /dev/null +++ b/www/news-entries/2016-01-08.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.4.8</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8418">GnuTLS +3.3.20</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8419">GnuTLS +3.4.8</a> which are bug fix releases in the previous and current stable branches. +</p> diff --git a/www/news-entries/2016-02-03.xml b/www/news-entries/2016-02-03.xml new file mode 100644 index 0000000000..e12ea4ec62 --- /dev/null +++ b/www/news-entries/2016-02-03.xml @@ -0,0 +1,9 @@ +<title>GnuTLS 3.4.9</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8425">GnuTLS +3.3.21</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8426">GnuTLS +3.4.9</a> which are bug fix releases in the previous and current stable branches. +The former disables RC4 from the default priorities. +</p> diff --git a/www/news-entries/2016-03-03.xml b/www/news-entries/2016-03-03.xml new file mode 100644 index 0000000000..d38cc8c2aa --- /dev/null +++ b/www/news-entries/2016-03-03.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.4.10</title> +<p> +Released +<a href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8482">GnuTLS +3.4.10</a> a bug fix release of the current stable branch. +</p> diff --git a/www/news-entries/2016-03-10.xml b/www/news-entries/2016-03-10.xml new file mode 100644 index 0000000000..fddd515b6c --- /dev/null +++ b/www/news-entries/2016-03-10.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.3.22</title> +<p> +Released +<a href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8496">GnuTLS 3.3.22</a> a bug fix release of the previous stable branch. +</p> diff --git a/www/news-entries/2016-04-11.xml b/www/news-entries/2016-04-11.xml new file mode 100644 index 0000000000..f23edcad91 --- /dev/null +++ b/www/news-entries/2016-04-11.xml @@ -0,0 +1,5 @@ +<title>GnuTLS 3.4.11</title> +<p> +Released +<a href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8522">GnuTLS 3.4.11</a> a bug fix release on the current stable branch. +</p> diff --git a/www/news-entries/2016-05-09.xml b/www/news-entries/2016-05-09.xml new file mode 100644 index 0000000000..096e5c9e3c --- /dev/null +++ b/www/news-entries/2016-05-09.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.5.0</title> +<p> +Released <a href="http://permalink.gmane.org/gmane.network.gnutls.general/4127">GnuTLS 3.5.0</a> +which is the first release of the new stable-next branch. An overview of the most prominent changes +is provided <a href="http://nmav.gnutls.org/2016/05/gnutls-3-5-0.html">at Nikos' blog</a>. +</p> diff --git a/www/news-entries/2016-05-20.xml b/www/news-entries/2016-05-20.xml new file mode 100644 index 0000000000..33498a2359 --- /dev/null +++ b/www/news-entries/2016-05-20.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.4.12</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8543">GnuTLS +3.3.23</a> and <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8542">GnuTLS +3.4.12</a> which are bug fix releases in the previous and current stable branches. +</p> diff --git a/www/news-entries/2016-06-06.xml b/www/news-entries/2016-06-06.xml new file mode 100644 index 0000000000..5a9308dc93 --- /dev/null +++ b/www/news-entries/2016-06-06.xml @@ -0,0 +1,8 @@ +<title>GnuTLS 3.4.13</title> +<p> +Released +<a href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8572">GnuTLS 3.4.13</a> a bug fix release on the current stable branch. +</p> +<p> +Added <a href="security.html#GNUTLS-SA-2016-1">GnuTLS-SA-2016-1</a> security advisory. +</p> diff --git a/www/news-entries/2016-06-14.xml b/www/news-entries/2016-06-14.xml new file mode 100644 index 0000000000..a24dc85da8 --- /dev/null +++ b/www/news-entries/2016-06-14.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.5.1</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8582">GnuTLS +3.5.1</a> a feature update release in the next stable branche. +</p> diff --git a/www/news-entries/2016-07-06.xml b/www/news-entries/2016-07-06.xml new file mode 100644 index 0000000000..99cb194cb9 --- /dev/null +++ b/www/news-entries/2016-07-06.xml @@ -0,0 +1,14 @@ +<title>GnuTLS 3.5.2</title> +<p> +Released <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8595">GnuTLS +3.3.24</a>, <a +href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8593">GnuTLS +3.4.14</a>, +and <a href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8594">GnuTLS +3.5.2</a> which are bug fix releases in the old, current and next stable branches. +</p> +<p> +Added the <a +href="security.html#GNUTLS-SA-2016-2">GnuTLS-SA-2016-2</a> security advisory. +</p> diff --git a/www/news-entries/2016-08-09.xml b/www/news-entries/2016-08-09.xml new file mode 100644 index 0000000000..24fcb6b462 --- /dev/null +++ b/www/news-entries/2016-08-09.xml @@ -0,0 +1,6 @@ +<title>GnuTLS 3.5.3</title> +<p> +Released +<a href="https://lists.gnupg.org/pipermail/gnutls-devel/2016-August/008126.html">GnuTLS +3.5.3</a>, a minor enhancement and bug fix release in next stable branch. +</p> diff --git a/www/news-entries/2016-09-08.xml b/www/news-entries/2016-09-08.xml new file mode 100644 index 0000000000..ddc7355e3e --- /dev/null +++ b/www/news-entries/2016-09-08.xml @@ -0,0 +1,12 @@ +<title>GnuTLS 3.5.4</title> +<p> +Released <a +href="https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008153.html">GnuTLS +3.4.15</a>, +and <a href="https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008152.html">GnuTLS +3.5.4</a> which are bug fix releases in the current and next stable branches. +</p> +<p> +Added the <a +href="security.html#GNUTLS-SA-2016-3">GnuTLS-SA-2016-3</a> security advisory. +</p> diff --git a/www/news-entries/README b/www/news-entries/README new file mode 100644 index 0000000000..cadfc9abeb --- /dev/null +++ b/www/news-entries/README @@ -0,0 +1,10 @@ +Format should be as below. Note that for twitter submission to be successful +only one URL must exist in the notes, and the notes should be less than 160 +chars. + +<title>XXX</title> +<p> +<a href="http://link.example.com">GnuTLS X.Y.Z was released.</a> +My release notes in multiple +lines +</p> diff --git a/www/news.wml b/www/news.wml new file mode 100644 index 0000000000..d87fb3df87 --- /dev/null +++ b/www/news.wml @@ -0,0 +1,30 @@ +#include 'common.wml' page="News" + +<p> +<center> + <table class="transparent" border=0 width=80%> + <tr><td> +The project news are also available via an <a href="http://www.gnutls.org/news.atom">atom feed</a>. + </td> +<td> +<a href="https://twitter.com/GnuTLS" class="twitter-follow-button" data-show-count="false">Follow @GnuTLS</a> +<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> +</td> +</tr> + </table> + +</center> + +</p> + +#include 'rawnews.wml' MAX_NEWS=15 TABLE_CLASS=news + +<p>See also the +the <a href="https://gitlab.com/gnutls/gnutls/blob/master/NEWS">live NEWS file</a> +or the <a href="https://gitlab.com/gnutls/gnutls/commits/master">live git shortlog</a>. +</p> + +</center> + +#include 'bottom.wml' + diff --git a/www/openpgp.wml b/www/openpgp.wml new file mode 100644 index 0000000000..99e84d76df --- /dev/null +++ b/www/openpgp.wml @@ -0,0 +1,100 @@ +#include 'head.wml' + +<h1>GnuTLS OpenPGP key support</h1> + +<p> +Currently GnuTLS has experimental support for OpenPGP keys. +OpenPGP keys are similar to X.509 certificates, in the sense that hold +public key parameters. However they also allow for non-hierarchical trust +models. This is not like an other new feature. It is more like a policy +change. Here follows a description of both models. +<p> + +<h2>The X.509 trust model</h2> +<img src="graphics/tree1.png" border=0 align=right> +Currently the X.509 protocols which are used for Certificate +authentication, users have to be certified in a hierarchical way. + +The model can be described by Certificate Authority (CA from now on), that +signs people's and object's certificates. +An object might be a user, a server, of even an other CA. A user who trusts the +Certificate Authority's decisions, will be able to trust an other user, +by just checking if the other user's certificate is signed by the trusted CA. + +<p> +See the <a href="graphics/tree1.png">figure1</a> for a graphical representation. +In that figure a Central (Root) CA, certifies +two subordinate CAs, which then certify Alice, Bob and a server. +In that case, if Alice trusts the "Root CA" then she also trusts +Bob's certificate and the server's certificate. + + +<p> +The only requirement in that model is that a user must somehow +have the trusted CA's certificate available. + +<p> +In the real world there are several Certificate Authorities, which certify people, +and objects, often for money. Thus users have to decide which of the CAs to +trust. One should note that the security of a model where someone +trusts several CAs, is equal to the security of the least secure CA. +<p> + +Unfortunately the trusted CAs decision is barely done by users, in practice. +This decision of trusted CAs is done mostly by application programmers +and administrators. A good example of this is the included CA certificates +in popular web browsers. +<p> + +<h2>The Openpgp trust model</h2> +<img src="graphics/pgp1.png" border=0 align=left> +The OpenPGP key authentication relies on a distributed trust model, +called the "web of trust". The "web of trust" uses a decentralized system of trusted +introducers, which are the same as a CA. OpenPGP allows anyone to sign +anyone's else public key. When Alice signs Bob's key, she is introducing +Bob's key to anyone who trusts Alice. If someone trusts Alice to introduce +keys, then Alice is a trusted introducer in the mind of that observer. + +<p> +See the <a href="graphics/pgp1.png">figure2</a> which shows graphically the +above case. The normal arrows indicate the sign operation, while the dot +arrows indicate trust. Thus since Dave trusts Alice to be an introducer, and Alice +signed Bob's key, Dave also trusts Bob's key to be the real one. + +<p> +There are some key points that are important in that model. In the example +Alice has to sign Bob's key, only if she is sure that the key belongs +to Bob. Otherwise she may also make Dave falsely believe that this +is Bob's key. Dave has also the responsibility to know who to trust. +This model is similar to real life relations. +<p> +Just see how Charlie behaves in the previous example. +Although he has signed Bob's key - because he knows, somehow, that it belongs to +Bob - he does not trust Bob to be an introducer. +Charlie decided to trust only Kevin, for some reason. A reason could be +that Bob is lazy enough, and signs other people's keys without being sure +that they belong to the actual owner. + +<p> +Note that Certificate Authorities may exist in the OpenPGP model, although +they are not required. + +<p> +<h2>Conclusion</h2> +In TLS and SSL traditionally the X.509 trust model is used. As shown +above this model has several restrictions comparing to the openpgp trust model. +Especially in distributed environments where the concept of authorities is +not clear, the use of the Openpgp trust model has obvious advantages. +<p> +We believe that users should have the freedom to choose the trust model that suits +best their needs, thus in GnuTLS we have implemented both. We have also +proposed modifications to the TLS protocol for OpenPGP keys to the IETF TLS +working group. + +<p> +<hr> +Return to <a href="index.html">GnuTLS' home page</a>. + +<p> + +#include 'bottom.wml' diff --git a/www/rawnews.wml b/www/rawnews.wml new file mode 100644 index 0000000000..22350cf02f --- /dev/null +++ b/www/rawnews.wml @@ -0,0 +1,46 @@ +#use wml::std::tags + +<perl> +sub read_news { +my $max = $_[0]; +my $key, $date; + +require 'scripts/lib-news.pl'; + +my %title_hash = (); +my %summary_hash = (); + +parse_news(\%title_hash, \%summary_hash); + +foreach $key (sort {$b cmp $a} keys %summary_hash) { + print "<tr>\n<td><div class=\"emph-box\" id=\"$key\">$key</div></td>\n<td>$summary_hash{$key}</td>\n</tr>\n"; + $max--; + + last if ($max <= 0); +} + +return; +} + +sub print_table_header { +my $type = $_[0]; + +if ($type eq 'news') { + print "<table class=\"$type\" width=\"90%\">\n"; + print "<tr><th>Date</th><th>Comment</th></tr>\n"; +} else { + print "News flashes \n"; + print '<a href="https://twitter.com/GnuTLS" class="twitter-follow-button" data-show-count="false">Follow @GnuTLS</a> + <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>'; + print "\n<table class=\"$type\" width=\"95%\">\n"; +} +return; +} +</perl> + +<center> + <:= &print_table_header("$(TABLE_CLASS)") :> + + <:= &read_news($(MAX_NEWS)) :> + +</table> diff --git a/www/rawsecurity.wml b/www/rawsecurity.wml new file mode 100644 index 0000000000..837c24be04 --- /dev/null +++ b/www/rawsecurity.wml @@ -0,0 +1,42 @@ +#use wml::std::tags + +<perl> +sub read_advisories { + +my $directory = './security-entries'; + +opendir (DIR, $directory) or die $!; + +print "<table class=\"news\" width=\"90%\">\n"; +print "<tr><th>Tag</th><th>Other identifiers</th><th>Description</th><th>Information</th>\n"; + +my %advisories = (); + +while (my $file = readdir(DIR)) { + next if ($file =~ m/^\./); + next if ($file =~ m/~/); + next if (-d "$directory/$file"); + #$file =~ m/(.*).xml$/; + + my $contents = `cat $directory/$file`; + $advisories{$file} = $contents; + +} +closedir DIR; + +my $key; +foreach $key (sort {$b cmp $a} keys %advisories) { + print "<tr>\n<td><div class=\"emph-box\" id=\"$key\">$key</div></td>\n$advisories{$key}\n</tr>\n"; +} + +print "</table>\n"; +return; +} + +</perl> + +<center> + + <:= &read_advisories() :> + +</table> diff --git a/www/scripts/atom.pl b/www/scripts/atom.pl new file mode 100644 index 0000000000..9bbe9bf833 --- /dev/null +++ b/www/scripts/atom.pl @@ -0,0 +1,73 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use POSIX qw(strftime); +use HTML::Parser; + +my $max = 20; +my $directory = './news-entries'; +my $base = "http://www.gnutls.org"; +my $self = "$base/news.atom"; +my $direct = "$base/news.html"; + +sub print_author () +{ +print " <author>\n"; +print " <name>Nikos Mavrogiannopoulos</name>\n"; +print " <email>nmav\@gnutls.org</email>\n"; +print " </author>\n"; +} + +my $now_string = strftime "%Y-%m-%dT%H:%M:%S+00:00", localtime; + +print "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"; +print "<feed xmlns=\"http://www.w3.org/2005/Atom\">\n"; + +print "<id>$self</id>\n"; +print "<link href=\"$self\" rel=\"self\"/> \n"; +print "<title>GnuTLS - News</title>\n"; +#print "<subtitle>The latest reports from http://www.gnutls.org</subtitle>\n"; +print "<updated>$now_string</updated>\n"; +#print_author(); + +my $date; +my $contents; +my $id; +my $title; + +my $mode = ''; + +require 'scripts/lib-news.pl'; + +my %title_hash = (); +my %summary_hash = (); + +parse_news(\%title_hash, \%summary_hash); + +foreach my $key (sort {$b cmp $a} keys %summary_hash) { + $date = $id = $key; + $date .= "T00:00:00+00:00"; + $title = $title_hash{$key}; + if (!defined($title) || $title eq '') { + $title = "News $id"; + } + $contents = $summary_hash{$key}; + + print "\n <entry>\n"; + print " <id>"; + print "$direct#$id"; + print "</id>\n"; + print " <link rel='alternate' href='$direct#$id'/>\n"; + print " <title>$title</title>\n"; + print " <updated>$date</updated>\n"; + print_author(); + print " <content type='xhtml' xml:base='$base/news-entries/$id.xml'><div xmlns='http://www.w3.org/1999/xhtml'>\n"; + print "$contents\n </div>\n"; + print " </content>\n </entry>\n"; + + $max--; + last if ($max <= 0); +} + +print "</feed>\n"; diff --git a/www/scripts/lib-news.pl b/www/scripts/lib-news.pl new file mode 100644 index 0000000000..0edb607251 --- /dev/null +++ b/www/scripts/lib-news.pl @@ -0,0 +1,162 @@ +use strict; +use warnings; +use POSIX qw(strftime); +use HTML::Parser; + +my $s_refhash; +my $t_refhash; + +my $directory = './news-entries'; +#my $base = "http://www.gnutls.org"; +#my $self = "$base/news.atom"; +#my $direct = "$base/news.html"; + +my $mode = ''; +my $date =''; + +sub start_handler +{ + my $tagname = shift; + my $rtext = shift; + if ($tagname ne "title") { + $s_refhash->{$date} .= $rtext; + return; + } + $mode = 'title'; +} + +sub text_handler +{ + my $txt = shift; + + if ($mode eq 'title') { + $t_refhash->{$date} .= $txt; + return; + } + + $s_refhash->{$date} .= $txt; +} + +sub end_handler +{ + my $tagname = shift; + my $rtext = shift; + if ($tagname eq "title") { + $mode = ''; + return; + } + + $s_refhash->{$date} .= $rtext; +} + +#input is one reference to a title hash and a reference to summary hash. + +sub parse_news +{ + my @c; + + $t_refhash = $_[0]; + $s_refhash = $_[1]; + + opendir (DIR, $directory) or die $!; + + while (my $file = readdir(DIR)) { + next if ($file =~ m/^\./); + next if ($file =~ m/~/); + next if (-d "$directory/$file"); + $file =~ m/(.*).xml$/; + $date = $1; + next if (!defined($date) || $date eq ''); + + @c = (); + + my $p = HTML::Parser->new(api_version => 3); + $p->handler( start => \&start_handler, "tagname,text,self"); + $p->handler( text=> \&text_handler, "dtext,self"); + $p->handler( end => \&end_handler, "tagname,text,self"); + $p->parse_file("$directory/$file") || die $!; + } + + closedir DIR; +} + +sub start_tweet_handler +{ + my $tagname = shift; + my $rtext = shift; + my $attr_ref = shift; + + if ($tagname eq "a" && defined($attr_ref)) { + $t_refhash->{$date} = $attr_ref->{"href"}; + return; + } + + if ($tagname ne "title" && defined($rtext)) { + $s_refhash->{$date} .= $rtext; + return; + } + + $mode = 'title'; +} + +sub text_tweet_handler +{ + my $txt = shift; + + if ($mode ne 'title') { + $s_refhash->{$date} .= $txt; + return; + } +} + +sub end_tweet_handler +{ + my $tagname = shift; + my $rtext = shift; + if ($tagname eq "title") { + $mode = ''; + return; + } + + if (defined($rtext)) { + $s_refhash->{$date} .= $rtext; + } +} + + +#input is a hash for summary and a hash for URLs +sub fetch_non_tweeted +{ + my @c; + + $s_refhash = $_[0]; + $t_refhash = $_[1]; + + opendir (DIR, $directory) or die $!; + + while (my $file = readdir(DIR)) { + next if ($file =~ m/^\./); + next if ($file =~ m/~/); + next if (-d "$directory/$file"); + next if (-e "$directory/$file.tweet"); + $file =~ m/(.*).xml$/; + $date = $1; + next if (!defined($date) || $date eq ''); + + @c = (); + + my $p = HTML::Parser->new(api_version => 3); + $p->handler( start => \&start_tweet_handler, "tagname,dtext,attr,self"); + $p->handler( text=> \&text_tweet_handler, "dtext,self"); + $p->handler( end => \&end_tweet_handler, "tagname,dtext,self"); + $p->parse_file("$directory/$file") || die $!; + + system("touch $directory/$file.tweet"); + system("git add $directory/$file.tweet"); + } + + closedir DIR; +} + +1; + diff --git a/www/scripts/tweet.pl b/www/scripts/tweet.pl new file mode 100755 index 0000000000..81576b7f0c --- /dev/null +++ b/www/scripts/tweet.pl @@ -0,0 +1,73 @@ +#!/usr/bin/perl + +use Net::Twitter; +use Scalar::Util 'blessed'; +#use WWW::Shorten 'TinyURL'; + +if (!-e 'scripts/passwords.pl') { + print "You need passwords.pl for this script\n"; + exit; +} + +require 'scripts/lib-news.pl'; + +require 'scripts/passwords.pl'; + +my $nt = Net::Twitter->new( + traits => [qw/OAuth API::REST/], + consumer_key => $consumer_key, + consumer_secret => $consumer_secret, + access_token => $token, + access_token_secret => $token_secret, + ssl => 1, +); + +my %tt1 = (); #contents +my %tt2 = (); #url + +fetch_non_tweeted(\%tt1, \%tt2); + +foreach my $key (sort {$b cmp $a} keys %tt1) { + my $contents = $tt1{$key}; + my $lurl = $tt2{$key}; + my $url; + my $result; + + chomp $contents; + $contents =~ s/^\s+//; + $contents =~ s/\s+$//; + $contents =~ s/\s+/ /g; + chomp $contents; + + + #$url = makeashorterlink($lurl); + $url = $lurl; + #length of URL is twitter is 20 + my $url_length = 20; + + $message = "$contents $url\n"; + + if ($message eq ' ') { + next; + } + + if (length($message) >= 140) { + my $t = substr($contents, 0, 140-$url_length-4); + $message = $t . "... $url"; + + print "Updating status to: $message\n"; + $result = $nt->update("$message"); + } else { + print "Updating status to: $message (" . length($message).")\n"; + $result = $nt->update("$message"); + } + + if ( my $err = $@ ) { + die $@ unless blessed $err && $err->isa('Net::Twitter::Error'); + + warn "HTTP Response Code: ", $err->code, "\n", + "HTTP Message......: ", $err->message, "\n", + "Twitter error.....: ", $err->error, "\n"; + } + +} diff --git a/www/security-entries/GNUTLS-SA-2005-1 b/www/security-entries/GNUTLS-SA-2005-1 new file mode 100644 index 0000000000..78197536b9 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2005-1 @@ -0,0 +1,7 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1431">CVE-2005-1431</a></td> + <td>Denial of service</td> + <td><a href="http://lists.gnu.org/archive/html/help-gnutls/2005-04/msg00039.html">Announcement</a><br> +<a href="http://lists.gnu.org/archive/html/help-gnutls/2005-05/msg00004.html"> + Write-up by Éric Leblond</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 1.0.25 or 1.2.3.</td> diff --git a/www/security-entries/GNUTLS-SA-2006-1 b/www/security-entries/GNUTLS-SA-2006-1 new file mode 100644 index 0000000000..f23115b042 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-1 @@ -0,0 +1,5 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645">CVE-2006-0645</a></td> + <td>Denial of service?</td> + <td><a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html">Libtasn1 Announcement</a><br> + <b>Recommendation:</b> Upgrade to Libtasn1 0.2.18 and GnuTLS 1.2.10 (stable) or 1.3.4 (experimental).</td> diff --git a/www/security-entries/GNUTLS-SA-2006-2 b/www/security-entries/GNUTLS-SA-2006-2 new file mode 100644 index 0000000000..38a12ba8ff --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-2 @@ -0,0 +1,5 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7239">CVE-2006-7239</a></td> + <td>Denial of service?</td> + <td><a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html">Details</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 1.4.2.</td> diff --git a/www/security-entries/GNUTLS-SA-2006-3 b/www/security-entries/GNUTLS-SA-2006-3 new file mode 100644 index 0000000000..7ae221a349 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-3 @@ -0,0 +1,6 @@ + <td></td> + <td>None</td> + <td><a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001203.html">Announcement</a><br> + <a href="http://www.bell-labs.com/user/bleichen/papers/pkcs.ps">Bleichenbacher's Crypto 98 paper</a><br> + <b>Recommendation:</b> + No action required, see the <a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html">post where this advisory is essentially withdrawn</a>.</td> diff --git a/www/security-entries/GNUTLS-SA-2006-4 b/www/security-entries/GNUTLS-SA-2006-4 new file mode 100644 index 0000000000..73abfeb6ae --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2006-4 @@ -0,0 +1,8 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790">CVE-2006-4790</a><br>(<a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4790">via NVD</a>) + </td> + <td>False positive in verifying signature</td> + <td><a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html">Announcement</a><br> + <a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001212.html">Updated patch</a><br> + <a href="http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001240.html">Original report</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 1.4.4.</td> diff --git a/www/security-entries/GNUTLS-SA-2008-1 b/www/security-entries/GNUTLS-SA-2008-1 new file mode 100644 index 0000000000..be76be5fc9 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2008-1 @@ -0,0 +1,11 @@ + <td> + <a href="https://www.cert.fi/haavoittuvuudet/advisory-gnutls.html">CERT-FI announcement</a><br> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948">CVE-2008-1948</a>, + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949">CVE-2008-1949</a>, + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950">CVE-2008-1950</a> + </td> + <td>Remote Denial of Service</td> + <td><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2803">Announcement and Patch</a><br> + <a href="http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html">Updated announcement and Patch</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 2.2.5 or apply the + patch in the second link.</td> diff --git a/www/security-entries/GNUTLS-SA-2008-2 b/www/security-entries/GNUTLS-SA-2008-2 new file mode 100644 index 0000000000..d186061f66 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2008-2 @@ -0,0 +1,12 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2377"> + CVE-2008-2377</a> + </td> + <td>Local denial of service<br> + Server can trigger crash in GnuTLS clients?</td> + <td><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947">Announcement</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2948"> + Detailed analysis and patch</a><br> + <a href="https://savannah.gnu.org/support/?106491">Another report that suggest it can be exploited by hostile servers</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 2.4.1 or apply the + patch.</td> diff --git a/www/security-entries/GNUTLS-SA-2008-3 b/www/security-entries/GNUTLS-SA-2008-3 new file mode 100644 index 0000000000..17b259c985 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2008-3 @@ -0,0 +1,17 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"> + CVE-2008-4989</a> + </td> + <td>Remote X.509 Trust Chain Validation error</td> + <td><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215">Announcement of v2.6.1 and patch</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3217"> + Detailed analysis</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248"> + Announcement of v2.6.2 and updated patch.</a><br> + <a href="http://article.gmane.org/gmane.network.gnutls.general/1499"> + Announcement of updated patch and 2.6.3 release candidate.</a><br> + <a href="http://article.gmane.org/gmane.network.gnutls.general/1500"> + Announcement of v2.6.3.</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3411"> + Announcement of v2.6.4 and v2.4.3.</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 2.6.4 or, if you still use the 2.4.x branch, 2.4.3, or later.</td> diff --git a/www/security-entries/GNUTLS-SA-2009-1 b/www/security-entries/GNUTLS-SA-2009-1 new file mode 100644 index 0000000000..08b3ac6033 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-1 @@ -0,0 +1,9 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415"> + CVE-2009-1415</a> + </td> + <td>Double/invalid free in GnuTLS 2.6.x on certain errors</td> + <td><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515">Security advisory including patch</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514"> + Announcement of v2.6.6 that includes patch.</a><br> + <b>Recommendation:</b> If you are using GnuTLS 2.6.x, upgrade to GnuTLS 2.6.6.</td> diff --git a/www/security-entries/GNUTLS-SA-2009-2 b/www/security-entries/GNUTLS-SA-2009-2 new file mode 100644 index 0000000000..1e9f19dc98 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-2 @@ -0,0 +1,9 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416"> + CVE-2009-1416</a> + </td> + <td>GnuTLS 2.6.x DSA keys are corrupt</td> + <td><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516">Security advisory including patch</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514"> + Announcement of v2.6.6 that includes patch.</a><br> + <b>Recommendation:</b> If you are using GnuTLS 2.6.x, upgrade to GnuTLS 2.6.6.</td> diff --git a/www/security-entries/GNUTLS-SA-2009-3 b/www/security-entries/GNUTLS-SA-2009-3 new file mode 100644 index 0000000000..e53747a277 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-3 @@ -0,0 +1,11 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417"> + CVE-2009-1417</a> + </td> + <td>No checking of certificate activation/expiration times</td> + <td><a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517">Security advisory including patch</a><br> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514"> + Announcement of v2.6.6 that includes patch.</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 2.6.6 or later. If you + still use the 2.4.x branch or earlier branches, apply the + patch.</td> diff --git a/www/security-entries/GNUTLS-SA-2009-4 b/www/security-entries/GNUTLS-SA-2009-4 new file mode 100644 index 0000000000..1ba4ef3e78 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-4 @@ -0,0 +1,15 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730"> + CVE-2009-2730</a> + </td> + <td>False positive in certificate hostname validation</td> + <td><a href="http://article.gmane.org/gmane.network.gnutls.general/1743"> + Announcement of v2.8.3 that solves the problem.</a><br> + <a href="http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html"> + Analysis of the vulnerability and minimal patch.</a><br> + <a href="http://lists.gnu.org/archive/html/gnutls-devel/2009-08/msg00062.html"> + How to check if your GnuTLS library is vulnerable.</a><br> + Back-ported patches for earlier releases: + <a href="http://article.gmane.org/gmane.comp.security.oss.general/1994">[1]</a> + <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3790">[2]</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 2.8.3 or later.</td> diff --git a/www/security-entries/GNUTLS-SA-2009-5 b/www/security-entries/GNUTLS-SA-2009-5 new file mode 100644 index 0000000000..aeb0171d33 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2009-5 @@ -0,0 +1,10 @@ + <td> + <a href="http://www.kb.cert.org/vuls/id/120541">CERT VU#120541</a><br> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"> + CVE-2009-3555</a> + </td> + <td>Plaintext injection attack</td> + <td><a href="http://thread.gmane.org/gmane.network.gnutls.general/1838"> + Mailing list discussion</a> + <p><b>Recommendation:</b> Disable support for TLS renegotiation + in application servers, or better upgrade to GnuTLS 2.10.x.</td> diff --git a/www/security-entries/GNUTLS-SA-2010-1 b/www/security-entries/GNUTLS-SA-2010-1 new file mode 100644 index 0000000000..8ada1fc2df --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2010-1 @@ -0,0 +1,12 @@ + + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0731"> + CVE-2010-0731</a> + </td> + <td>Remote Denial of Service</td> + <td><a href="https://bugzilla.redhat.com/show_bug.cgi?id=573028"> + RedHat bugzilla report</a><br> + <a href="http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230"> + Mailing list discussion</a> + <p>This vulnerability is on a deprecated since 2006 version of GnuTLS. We keep the information here because this version was included in some distributions. +<b>Recommendation:</b> Upgrade to the latest stable branch.</td> diff --git a/www/security-entries/GNUTLS-SA-2011-1 b/www/security-entries/GNUTLS-SA-2011-1 new file mode 100644 index 0000000000..94dd5cec16 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2011-1 @@ -0,0 +1,10 @@ + <td> + <a href="http://www.ekoparty.org/2011/juliano-rizzo.php"> + Rizzo attack on TLS</a> + </td> + <td>Plaintext recovery</td> + <td><a href="http://lists.gnu.org/archive/html/gnutls-devel/2011-09/msg00064.html"> + Mailing list discussion</a> +<br> +<b>Recommendation:</b> Make use of TLS 1.1 or TLS 1.2 protocols that are not vulnerable to the attack. +TLS 1.1 is enabled by default in GnuTLS since version 2.0.0 (released in 2007). If this is not possible, disable CBC ciphers.</td> diff --git a/www/security-entries/GNUTLS-SA-2011-2 b/www/security-entries/GNUTLS-SA-2011-2 new file mode 100644 index 0000000000..2cf35fbd66 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2011-2 @@ -0,0 +1,13 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128"> + CVE-2011-4128</a> + </td> + <td>Possible buffer overflow/Denial of service</td> + <td> <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596"> + Mailing list discussion</a> +<br> +Note that this vulnerability is triggered by TLS clients that utilize the session resumption +functions in a particular way. Clients that perform session resumption using the +same steps as in <a href="http://www.gnutls.org/manual/html_node/Client-with-Resume-capability-example.html#Client-with-Resume-capability-example">the example +code of GnuTLS documentation</a> are not vulnerable. A preliminary analysis found no vulnerable clients. +<b>Recommendation:</b> Upgrade to GnuTLS 3.0.7 or 2.12.14. diff --git a/www/security-entries/GNUTLS-SA-2012-1 b/www/security-entries/GNUTLS-SA-2012-1 new file mode 100644 index 0000000000..7c816bcce0 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-1 @@ -0,0 +1,13 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0390"> + CVE-2012-0390</a> + </td> + <td>Timing attack (DTLS)</td> + <td> <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5657"> + Announcement of GnuTLS 3.0.11</a><br> +<a href="http://www.isg.rhul.ac.uk/~kp/dtls.pdf"> + The paper describing the attack</a><br> +This vulnerability allows an attacker to perform partial plaintext recovery +using a timing attack in CBC-mode encryption. The attack is applicable to Datagram TLS (DTLS). +<br> +<b>Recommendation:</b> Upgrade to GnuTLS 3.0.11. diff --git a/www/security-entries/GNUTLS-SA-2012-2 b/www/security-entries/GNUTLS-SA-2012-2 new file mode 100644 index 0000000000..7b4126eed1 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-2 @@ -0,0 +1,9 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573"> + CVE-2012-1573</a> + </td> + <td>Possible buffer overflow/Denial of service</td> + <td>TLS record handling vulnerability fixed in <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912">GnuTLS 3.0.15</a>.<br> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959"> + Write-up by Mu Dynamics</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS 3.0.17 or 2.12.18.</td> diff --git a/www/security-entries/GNUTLS-SA-2012-3 b/www/security-entries/GNUTLS-SA-2012-3 new file mode 100644 index 0000000000..e9b4262554 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-3 @@ -0,0 +1,9 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569"> + CVE-2012-1569</a> + </td> + <td>Denial of service</td> + <td>This vulnerability is in the libtasn1 library and affects the DER length decoding which is fixed in <a href="http://lists.gnu.org/archive/html/help-libtasn1/2012-03/msg00000.html">2.12 release</a>.<br> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959"> + Write-up by Mu Dynamics</a><br> + <b>Recommendation:</b> Upgrade to libtasn1 2.12.</td> diff --git a/www/security-entries/GNUTLS-SA-2012-4 b/www/security-entries/GNUTLS-SA-2012-4 new file mode 100644 index 0000000000..07ee30e331 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2012-4 @@ -0,0 +1,34 @@ + <td> + <a href="http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/"> + "CRIME" attack</a><br> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"> + CVE-2012-4929</a> + </td> + <td>Possible plaintext recovery</td> + <td><p>There is an attack on TLS called "CRIME" which +takes advantage of compression and may recover plaintext under certain +circumstances.</p> +<p> +<b>Who is affected by this attack?</b> +<ul> +<li>Clients or servers that use compression and provide the ability to +an adversary to inject data (multiple times) in their session.</li> +</ul> +</p><p> +<b>How to mitigate the attack?</b> +<ul> +<li>Do not enable compression (GnuTLS doesn't enable it by default)</li> +<li>When using compression use the CBC ciphers that include a random +padding up to 255 bytes. That would increase the number of trials an +attacker needs to perform significantly.</li> +</ul> +</p> +Note that using compression provides <a href="https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/abstracts/barghavan.pdf">information to an attacker</a> on the plaintext. +<br> +<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6304">Security advisory</a> +<br> +<a href="http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/">A description of the attack</a> +<br> +<a href="http://bridge.grumpy-troll.org/2012/09/tls-crime-beast-and-you-programmer.html">Another analysis of the attack</a> +<br> +</td> diff --git a/www/security-entries/GNUTLS-SA-2013-1 b/www/security-entries/GNUTLS-SA-2013-1 new file mode 100644 index 0000000000..ec89fe4b6b --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2013-1 @@ -0,0 +1,35 @@ + <td> + <a href="http://www.isg.rhul.ac.uk/tls/"> + TLS CBC padding timing attack</a><br> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619"> + CVE-2013-1619</a> + </td> + <td>Possible plaintext recovery</td> + <td><p> +Nadhem Alfardan and Kenny Paterson devised an attack that recovers +some bits of the plaintext of a GnuTLS session that utilizes that CBC +ciphersuites, by using timing information. +</p> +<p> +In order for the attack to work the client must operate as follows. +It connects to a server, it sends some (encrypted) data that will be +intercepted by the attacker, who will terminate the client's connection +abnormally (i.e. the client will receive a premature termination error). +The client should repeat that, multiple times. +</p> +<p> +<b>Who is affected by this attack?</b> +<ul> +<li>Clients that repeatedly reconnect and transfer the same data, after +a TLS fatal error occurs.</li> +</ul> +</p><p> +<b>How to mitigate the attack?</b> +<ul> +<li>Do not enable the CBC ciphersuites, prefer ARCFOUR or GCM modes.</li> +<li>Upgrade to the latest GnuTLS version (3.1.7, 3.0.28, or 2.12.23).</li> +</ul> + +<a href="http://nikmav.blogspot.be/2013/02/time-is-money-for-cbc-ciphersuites.html">Write-up by Nikos</a><br> +</p> +</td> diff --git a/www/security-entries/GNUTLS-SA-2013-2 b/www/security-entries/GNUTLS-SA-2013-2 new file mode 100644 index 0000000000..21c3f5f197 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2013-2 @@ -0,0 +1,8 @@ + <td> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116"> + CVE-2013-2116</a> + </td> + <td>Denial of service</td> + <td>This vulnerability affects gnutls 2.12.23 and its TLS record decoding.<br> + + <b>Recommendation:</b> Apply <a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754">the patch</a> or upgrade to gnutls 3.x.</td> diff --git a/www/security-entries/GNUTLS-SA-2013-3 b/www/security-entries/GNUTLS-SA-2013-3 new file mode 100644 index 0000000000..1ad458b857 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2013-3 @@ -0,0 +1,8 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466"> + CVE-2013-4466</a> + </td> + <td>Denial of service</td> + <td>This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that +returns more 4 DANE entries could corrupt the memory of a requesting client.<br> + + <b>Recommendation:</b> Upgrade to the latest gnutls version (3.1.16 or 3.2.6)</td> diff --git a/www/security-entries/GNUTLS-SA-2014-1 b/www/security-entries/GNUTLS-SA-2014-1 new file mode 100644 index 0000000000..f66cbfd4b0 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-1 @@ -0,0 +1,26 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959"> + CVE-2014-1959</a> + </td> + <td>Certificate verification issue</td> + <td><p>Suman Jana reported a vulnerability that affects the certificate verification +functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as +a CA certificate by default (something that deviates from the documented +behavior). +</p> + +<p> +<b>Who is affected by this attack?</b> +<ul> +<li>Anyone who has a CA that issues X.509 version 1 certificates in his +trusted list.</li> +</ul> +</p><p> +<b>How to mitigate the attack?</b> +<ul> +<li>Apply <a +href="https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c">this +patch</a> or upgrade to the latest GnuTLS version (3.2.11 or 3.1.21).</li> +</ul> + +</p> + diff --git a/www/security-entries/GNUTLS-SA-2014-2 b/www/security-entries/GNUTLS-SA-2014-2 new file mode 100644 index 0000000000..a96acc4cb2 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-2 @@ -0,0 +1,31 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092"> + CVE-2014-0092</a> + </td> + <td>Certificate verification issue</td> + <td><p>A vulnerability was discovered that affects the certificate verification +functions of all gnutls versions. A specially crafted certificate could +bypass certificate validation checks. The vulnerability was discovered +during an audit of GnuTLS for Red Hat. +</p> + +<p> +<b>Who is affected by this attack?</b> +<ul> +<li>Anyone using certificate authentication in any version of GnuTLS.</li> +</ul> +</p><p> +<b>How are past sessions affected?</b> +<ul> +<li>The vulnerability to be exploited it requires an active man-in-the-middle attacker. +Past sessions are not affected unless they were under such an attack.</li> +</ul> +</p><p> +<b>How to mitigate the attack?</b> +<ul> +<li>Upgrade to the latest GnuTLS version (<a href="http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7341">3.2.12</a> or 3.1.22), or +apply the patch for <a href="https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b">GnuTLS 2.12.x</a>. +</li> +</ul> + +</p> + diff --git a/www/security-entries/GNUTLS-SA-2014-3 b/www/security-entries/GNUTLS-SA-2014-3 new file mode 100644 index 0000000000..480a708532 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-3 @@ -0,0 +1,12 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466"> + CVE-2014-3466</a> + </td> + <td>Memory corruption</td> + <td>This vulnerability affects the client side of the gnutls library. A server that +sends a specially crafted ServerHello could corrupt the memory of a requesting client.<br> + +<a href="http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/"> + Analysis at radare.today</a><br> + + <b>Recommendation:</b> Upgrade to the latest gnutls version (3.1.25, 3.2.15 +or 3.3.4)</td> diff --git a/www/security-entries/GNUTLS-SA-2014-4 b/www/security-entries/GNUTLS-SA-2014-4 new file mode 100644 index 0000000000..69b1c65f3e --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-4 @@ -0,0 +1,16 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"> + CVE-2014-3566</a> + </td> + <td>Possible plaintext recovery</td> + <td>This is a vulnerability on the SSL 3.0 protocol (called POODLE), which can be + exploited when TLS clients use a non-standard insecure protocol + negotiation (it affects mostly browsers). Clients performing the + standard TLS handshake as documented by GnuTLS are not affected.<br> + +<a href="http://nmav.gnutls.org/2014/10/what-about-poodle.html"> + Write-up by Nikos</a><br> + + <b>Recommendation:</b> For clients using the documented +handshake process no action is required. Clients that use the non-standard insecure +negotiation should not negotiate SSL 3.0. In all cases it recommended +to disable SSL 3.0 using a priority string such as "NORMAL:-VERS-SSL3.0".</td> diff --git a/www/security-entries/GNUTLS-SA-2014-5 b/www/security-entries/GNUTLS-SA-2014-5 new file mode 100644 index 0000000000..524443d766 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2014-5 @@ -0,0 +1,11 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8564"> + CVE-2014-8564</a> + </td> + <td>Denial of service</td> + <td>Sean Burford reported that the encoding of elliptic curves parameters + GnuTLS 3 is vulnerable to a denial of service (heap + corruption). It affects clients and servers which print information about + the peer's public key, e.g., the key ID, and can be exploited via + a specially crafted X.509 certificate.<br> + + <b>Recommendation:</b> Upgrade to GnuTLS 3.3.10, 3.2.20 or 3.1.28.</td> diff --git a/www/security-entries/GNUTLS-SA-2015-1 b/www/security-entries/GNUTLS-SA-2015-1 new file mode 100644 index 0000000000..a470f06fc6 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-1 @@ -0,0 +1,12 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282"> + CVE-2015-0282</a> + </td> + <td>Signature forgery</td> + <td>This issue only affects versions of GnuTLS prior to 3.1.0 (released in 2012). + These versions don't verify the RSA PKCS #1 signature algorithm to + match the signature algorithm in the certificate, leading to a potential + downgrade to a disallowed algorithm, such as MD5, without detecting it.<br> + + <b>Recommendation:</b> Upgrade to GnuTLS 3.1.0, or later. +A patch will be included in gnutls_2_12_x branch for the users of that +version that cannot upgrade.</td> diff --git a/www/security-entries/GNUTLS-SA-2015-2 b/www/security-entries/GNUTLS-SA-2015-2 new file mode 100644 index 0000000000..de8dcc60d2 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-2 @@ -0,0 +1,15 @@ + <td><a href="http://seclists.org/oss-sec/2015/q3/374"> + No CVE assigned</a> +</td> + <td>ServerKeyExchange signature issue</td> + <td><a + href="http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8132">Karthikeyan Bhargavan + reported</a> that a ServerKeyExchange signature + sent by the server is not verified to be in the acceptable by the client + set of algorithms. That has the effect of allowing MD5 signatures + (which are disabled by default) in the ServerKeyExchange message. It is not believed that this bug can + be exploited because a fraudulent signature has to be generated in real-time which is not + known to be possible. However, since attacks can only get better it is + recommended to update to a GnuTLS version which addresses the issue.<br> + + <b>Recommendation:</b> Upgrade to GnuTLS 3.4.1, or 3.3.15.</td> diff --git a/www/security-entries/GNUTLS-SA-2015-3 b/www/security-entries/GNUTLS-SA-2015-3 new file mode 100644 index 0000000000..72725b7033 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-3 @@ -0,0 +1,10 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251"> + CVE-2015-6251</a></td> + <td>Double free in certificate DN decoding</td> + <td>Kurt Roeckx reported that decoding a specific certificate with very + long DistinguishedName (DN) entries leads to double free, which may result to a denial of + service. Since the DN decoding occurs in almost all applications using + certificates it is recommended to upgrade the latest GnuTLS version + fixing the issue.<br/> + + <b>Recommendation:</b> Upgrade to GnuTLS 3.4.4, or 3.3.17.</td> diff --git a/www/security-entries/GNUTLS-SA-2015-4 b/www/security-entries/GNUTLS-SA-2015-4 new file mode 100644 index 0000000000..4598228922 --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2015-4 @@ -0,0 +1,8 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3308"> + CVE-2015-3308</a></td> + <td>Double free in CRL distribution points decoding of a certificate</td> + <td>Robert Święcki reported that decoding a specially crafted + certificate with certain CRL distribution points format can lead to a + double free. This issue was fixed in GnuTLS 3.3.14. + + <b>Recommendation:</b> Upgrade to GnuTLS 3.3.14, or later versions.</td> diff --git a/www/security-entries/GNUTLS-SA-2016-1 b/www/security-entries/GNUTLS-SA-2016-1 new file mode 100644 index 0000000000..3a104ebafc --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2016-1 @@ -0,0 +1,8 @@ + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4456">CVE-2016-4456</a></td> + <td>File overwrite by setuid programs</td> + <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite + and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 + with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed + in GnuTLS 3.4.13 by switching to secure_getenv() where available. + + <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td> diff --git a/www/security-entries/GNUTLS-SA-2016-2 b/www/security-entries/GNUTLS-SA-2016-2 new file mode 100644 index 0000000000..0e84fe13ee --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2016-2 @@ -0,0 +1,22 @@ + <td><!--<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959"> + CVE-2014-1959</a>--> + </td> + <td>Certificate verification issue</td> + <td><p>We discoverd a vulnerability that affects certificate verification +when GnuTLS is used in combination with the p11-kit trust module. +That issue affects gnutls 3.3.23, 3.4.12 and later versions. +</p> + +<p> +<b>Who is affected by this vulnerability?</b> +<ul> +<li>GnuTLS installations which are configured to utilize the p11-kit trust store (i.e., when compiled with --with-default-trust-store-pkcs11).</li> +</ul> +</p><p> +<b>How to mitigate the vulnerability?</b> +<ul> +<li>Disable the trust store verification or upgrade to GnuTLS 3.3.24, 3.4.14 and later versions.</li> +</ul> + +</p> + diff --git a/www/security-entries/GNUTLS-SA-2016-3 b/www/security-entries/GNUTLS-SA-2016-3 new file mode 100644 index 0000000000..41e2e4989b --- /dev/null +++ b/www/security-entries/GNUTLS-SA-2016-3 @@ -0,0 +1,14 @@ + <td><!--<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959"> + CVE-2014-1959</a>--> + </td> + <td>OCSP validation issue</td> + <td><p>Stefan Bühler discovered an issue that affects validation +of certificates using OCSP responses, which can falsely report a certificate +as valid under certain circumstances. +That issue affects gnutls 3.3.24, 3.4.14, 3.5.3 and previous versions. +<a href="http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html"> + Write-up by Stefan Bühler</a><br> + <b>Recommendation:</b> Upgrade to GnuTLS versions 3.4.15, 3.5.4 or apply the patch referenced in the mail above.</td> + +</p> + diff --git a/www/security.wml b/www/security.wml new file mode 100644 index 0000000000..54db6f4fe4 --- /dev/null +++ b/www/security.wml @@ -0,0 +1,39 @@ +#include 'common.wml' page="Security advisories" + +<ul> + <li><a name="about"><b>About Security Advisories</b></a> + + <p>Although, the core GnuTLS team does not have resources to + analyse the background and impact of security issues in depth, + we do take security seriously. All known information on security incidents + is collected and published in this page. + + <p>Our idea is to turn writing security advisory into an open + process where everyone can contribute. Everyone is invited to + analyse the impact of discovered bugs, and, of course, also to + study the code for new bugs. + + <p>All serious analysis of bugs will be posted on this page. + + <p>If this level of support is inadequate for your needs, + <a href="commercial.html">customized commercial support</a> is + available. + + <li><a name="report"><b>Reporting security problems</b></a> + + <p>Send non-public reports to <a + href="contrib.html">the maintainers</a>. All + other reports should be sent to <a href="support.html">one of the + mailing lists</a>. + </ul> +<center> +<p> +<h2>Advisories</h2></p> +<p> + +#include 'rawsecurity.wml' TABLE_CLASS=news + +</center> + + +#include 'bottom.wml' diff --git a/www/soc.wml b/www/soc.wml new file mode 100644 index 0000000000..580fa91513 --- /dev/null +++ b/www/soc.wml @@ -0,0 +1,88 @@ +#include 'common.wml' page="Summer of code" + +<p> This year we participate in Google Summer of code under +<a href="http://www.gnu.org/software/soc-projects/ideas-2012.html">the GNU project umbrella</a>. +To discuss ideas you may use the <a href="https://lists.gnu.org/mailman/listinfo/gnutls-devel">gnutls mailing lists</a>. +To propose a project follow the information in the +<a href="http://www.google-melange.com/gsoc/homepage/google/gsoc2012">Google summer of code 2012 site</a>. +</p> + +<p> + <a name="about"><b>GnuTLS project ideas for summer of code</b></a> + <ul> + <li><b>Strict certificate path validation.</b> + <p> + Currently GnuTLS implements a simple and straightforward + certificate path validation algorithm. However a complete + validation algorithm, such as the one described in <a href="http://tools.ietf.org/html/rfc5280">RFC5280</a>, + requires the consideration of several factors that are currently ignored + (certificate policies, path constraints etc). + The target of this project is to implement the complete certificate path validation algorithm from RFC5280. + </p> + <p> + <b>Difficulty:</b> medium<br> + <b>Requirements:</b> C, git<br> + <b>Recommended:</b> familiarity with gnutls' internals<br> + <b>Mentors:</b> <a href="mailto:nmav@gnutls.org">Nikos Mavrogiannopoulos</a>, <a href="mailto:dkg@fifthhorseman.net">Daniel Kahn Gillmor</a><br> + </p> + </li> + + <li><b>RSASSA-PSS signature scheme.</b> + <p> + Currently GnuTLS implements the PKCS #1 1.5 signature algorithm for + certificate and CRL signatures. This target of this project is to + enhance GnuTLS to support the <a href="http://tools.ietf.org/html/rfc3447">PKCS #1, RSASSA-PSS signature + scheme</a>. + </p> + <p> + <b>Difficulty:</b> medium<br> + <b>Requirements:</b> C, git<br> + <b>Recommended:</b> familiarity with gnutls' internals<br> + <b>Mentors:</b> <a href="mailto:nmav@gnutls.org">Nikos Mavrogiannopoulos</a>, <a href="mailto:dkg@fifthhorseman.net">Daniel Kahn Gillmor</a><br> + </p> + </li> + + <li><b>TLS and DTLS extensions.</b> + <p> + Two extensions are to be implemented: +<ol> +<li>DTLS Heartbeat +<li>Certificate status request +</ol> +The former is an extension to the datagram TLS protocol described in <a href="http://tools.ietf.org/html/rfc6520">RFC6520</a> to support heartbeat messages in order to identify the status of the peer (dead or not). The latter provides a way for an HTTPS server to provide a fresh OCSP response to the client, described in RFC6066. This saves the client from the burden of having to connect to the CAs OCSP server in order to get a fresh certificate status. + </p> + <p> + <b>Difficulty:</b> medium<br> + <b>Requirements:</b> C, git<br> + <b>Mentors:</b> <a href="mailto:nmav@gnutls.org">Nikos Mavrogiannopoulos</a>, <a href="mailto:dkg@fifthhorseman.net">Daniel Kahn Gillmor</a><br> + </p> + </li> + + <li><b>Faster elliptic curve scalar multiplication.</b> + <p> +Improve the scalar multiplication in elliptic curves by implementing the <a href="http://www.bmoeller.de/pdf/fastexp-icisc2002.pdf">wNAF based method</a> as well as the <a href="http://www.iacr.org/archive/ches2009/57470302/57470302.pdf">Yao-DBNS method</a>. + </p> + <p> + <b>Difficulty:</b> medium<br> + <b>Requirements:</b> C, git<br> + <b>Recommended:</b> mathematics background<br> + <b>Mentors:</b> <a href="mailto:nmav@gnutls.org">Nikos Mavrogiannopoulos</a>, <a href="mailto:dkg@fifthhorseman.net">Daniel Kahn Gillmor</a><br> + </p> + </li> + + <li><b>Implementation of additional encryption schemas for PKCS #12 and PKCS #8</b> + <p> +Improve the support for encrypted private keys and certificates, by implementing the algorithms and formats used by other popular implementations (openssl, windows). + </p> + <p> + <b>Difficulty:</b> medium<br> + <b>Requirements:</b> C, git<br> + <b>Recommended:</b> familiarity with gnutls' internals<br> + <b>Mentors:</b> <a href="mailto:nmav@gnutls.org">Nikos Mavrogiannopoulos</a>, <a href="mailto:dkg@fifthhorseman.net">Daniel Kahn Gillmor</a><br> + </p> + </li> + + </ul> +</p> + +#include 'bottom.wml' diff --git a/www/support.wml b/www/support.wml new file mode 100644 index 0000000000..217672a45d --- /dev/null +++ b/www/support.wml @@ -0,0 +1,71 @@ +#include 'common.wml' page="Support" + + <center> + + <table class="transparent" border=0 cellspacing="1" width=100%> + <tr><td> +<ul> + <li><a href="commercial.html">Commercial support options.</a></li> + <li>Other support options are through our public mailing lists and +our answers to <a href="faq.html">frequently asked questions</a>. + </li> +</ul> + + </td> + </tr> + <tr><td> + </td> + </tr> + <tr><td> + + <table class="news" border=0 cellspacing=1 width=80%> + <tbody> + + <tr> + <th>List</th> + <th>Description</th> + <th>Archives</th> + </tr> + + <tr> + <td><a href="http://lists.gnutls.org/mailman/listinfo/gnutls-help">gnutls-help@lists.gnutls.org</a></td> + <td>General mailing list to discuss and ask questions related to GnuTLS.</td> + <td><ul> + <li><a href="http://lists.gnutls.org/pipermail/gnutls-help/">Official archives</a></li> + <li><a href="http://news.gmane.org/gmane.network.gnutls.general">Gmane archive (web)</a></li> + <!-- <li><a href="news://gmane.org/gmane.network.gnutls.general">Gmane archive (news)</a></li>--> + <li><a href="http://dir.gmane.org/gmane.network.gnutls.general">Gmane archive (searchable)</a></li> + </ul></td> + </tr> + + <tr> + <td><a href="http://lists.gnutls.org/mailman/listinfo/gnutls-devel">gnutls-devel@lists.gnutls.org</a></td> + <td>Mailing list for discussions related to improving GnuTLS.</td> + <td><ul> + <li><a href="http://lists.gnutls.org/pipermail/gnutls-devel/">Official archives</a></li> + <li><a href="http://news.gmane.org/gmane.comp.encryption.gpg.gnutls.devel">Gmane archive (web)</a></li> + <!-- <li><a href="news://gmane.org/gmane.comp.encryption.gpg.gnutls.devel">Gmane archive (news)</a></li>--> + <li><a href="http://dir.gmane.org/gmane.comp.encryption.gpg.gnutls.devel">Gmane archive (searchable)</a></li> + </ul></td> + </tr> + +<!-- + <tr> + <td><a href="http://lists.gnutls.org/mailman/listinfo/gnutls-commits">gnutls-commits@lists.gnutls.org</a></td> + <td>Track development by watching commit messages.</td> + <td><ul> + <li><a href="http://lists.gnutls.org/mailman/private/gnutls-commits/">Official archives</a></li> + <li><a href="http://news.gmane.org/gmane.comp.encryption.gpg.gnutls.cvs">Gmane archive (web)</a></li> + <li><a href="news://gmane.org/gmane.comp.encryption.gpg.gnutls.cvs">Gmane archive (news)</a></li> + </ul></td> + </tr> +--> + </tbody> + </table> + </center> + + <p><b>To report bugs see <a href="devel.html">the developer information pages</a></b>. </p> + </td></tr> +</table> + +#include 'bottom.wml' |
