.github/workflows/doc_manual.yml

@@ -13,26 +13,11 @@ jobs:
   # This workflow contains a single job called "greet"
   build_doc_site:
     # The type of runner that the job will run on
-    runs-on: [ ubuntu-22.04-self-hosted ]
+    runs-on: [ doc-builder-22.04 ]
 #    runs-on: [ self-hosted ]
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    # Runs a single command using the runners shell
-    - name: Show auth
-      run: gcloud auth list
-    - name: store secrets file
-      run: |
-          cat << EOF > /tmp/key.json
-          ${{ secrets.SERVICE_ACCOUNT_KEY }}
-          EOF
-    - name: activate service account
-      run: gcloud auth activate-service-account --key-file=/tmp/key.json
-    - name: Show auth
-      run: gcloud auth list
-    - name: Trigger doc build
-      run: gcloud run jobs execute pu-cdn-build-doc-job-production --region europe-north1 --wait
-    - name: Remove service account
-      run: gcloud auth revoke
-    - name: Remove access key file
-      run: rm -f /tmp/key.json
+      # Runs a single command using the runners shell
+      - name: Build_web
+        run: /scripts/build_doc.sh

.github/workflows/web_build.yml

@@ -7,31 +7,16 @@ on:
   push:
     branches:
       - master
-      - automation
 jobs:
   # This workflow contains a single job called "greet"
   build_web_site:
     # The type of runner that the job will run on
-    runs-on: [ ubuntu-22.04-self-hosted ]
+    runs-on: [ web-builder-22.04 ]
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Runs a single command using the runners shell
-      - name: Show available accounts
-        run: gcloud auth list
-      - name: Store service account key file
-        run: |
-          cat << EOF > /tmp/key.json
-          ${{ secrets.SERVICE_ACCOUNT_KEY }}
-          EOF
-      - name: Activate service account
-        run: gcloud auth activate-service-account --key-file=/tmp/key.json
-      - name: Show available accounts
-        run: gcloud auth list
-      - name: Trigger web build
-        run: gcloud run jobs execute pu-cdn-build-web-job-production --region europe-north1 --wait
-      - name: Remove service account
-        run: gcloud auth revoke
-      - name: Remove service account key file
-        run: rm -f /tmp/key.json
+      - name: Build_web
+        run: /scripts/build_web.sh
+
 

.htaccess

@@ -15,6 +15,7 @@ Redirect permanent /policies/codingstyle.html /policies/technical/coding-style.h
 Redirect permanent /policies/secpolicy.html /policies/general/security-policy.html
 Redirect permanent /policies/travel.html /policies/general/travel-policy.html
 Redirect permanent /policies/platformpolicy.html /policies/general/platform-policy.html
+Redirect permanent /community/thanks.html /support/acks.html
 
 <Files *.md5>
 ForceType application/binary

Makefile

@@ -36,14 +36,14 @@ PERSONDB=FORCE
 ##  need to make the distinction, because certain files are produced
 ##  differently.
 SERIES1=
-SERIES3=3.2 3.1 3.0
+SERIES3=3.3 3.2 3.1 3.0
 SERIES=$(SERIES3) $(SERIES1)
 ##  Older series.  The second type is for source listings
 OLDSERIES=1.1.1 1.1.0 1.0.2 1.0.1 1.0.0 0.9.8 0.9.7 0.9.6
 OLDSERIES2=1.1.1 1.1.0 1.0.2 1.0.1 1.0.0 0.9.x
 ##  Series for manual layouts, named similar to SERIES1, SERIES3, SERIES
 MANSERIES1=1.1.1 1.0.2
-MANSERIES3=3.2 3.1 3.0
+MANSERIES3=3.3 3.2 3.1 3.0
 MANSERIES=$(MANSERIES3) $(MANSERIES1)
 
 ##  Future series, i.e. a series that hasn't had any final release yet.
@@ -128,11 +128,11 @@ TECHNICAL_POLICIES=$(filter-out $(CHECKOUTS)/technical-policies/policies/README.
 	@rm -f $@
 	./bin/from-tt $<
 
-all: suball subdocs manmastertts mancross manhtml sitemap akamai-purge
+all: suball subdocs manmastertts mancross manhtml akamai-purge
 
 suball: $(SIMPLE) $(SRCLISTS)
 
-relupd: suball docs sitemap akamai-purge
+relupd: suball docs akamai-purge
 
 docs: subdocs manpagetts mancross manhtml
 
@@ -389,16 +389,12 @@ policies/glossary.html: $(GLOSSARY) bin/md-to-html5 policies/dirdata.yaml
 ##
 ##  $(SIMPLE) -- SIMPLE GENERATED FILES
 ##
-.PHONY: sitemap
+.PHONY:
 newsflash.inc: news/newsflash.inc
 	@rm -f $@
 	head -7 $< >$@
 index.md: newsflash.inc inc/legalities.md
 
-sitemap sitemap.txt: bin/mk-sitemap Makefile
-	@rm -f sitemap.txt
-	./bin/mk-sitemap master $(SERIES) > sitemap.txt
-
 community/committers.inc: $(PERSONDB) bin/mk-committers Makefile
 	@rm -f $@
 	wget -q https://api.openssl.org/0/Group/commit/Members

about.md

@@ -10,89 +10,6 @@ security and privacy tools. Our dedicated team is at the helm of the OpenSSL
 project, ensuring secure digital interactions. Here, you'll meet the individuals
 who are collectively shaping a safer, privacy-respecting digital future.
 
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 954 498.57">
-  <defs>
-    <style>
-      svg {
-        background-image: url(/img/faces/openssl2023.png);
-        background-size: contain;
-        background-repeat: no-repeat;
-      }
-
-      path {
-        fill: transparent;
-        cursor: pointer;
-        transition: fill 0.2s
-      }
-
-      svg a:focus,
-      svg a:hover {
-        outline: none;
-      }
-
-      svg a:focus path,
-      svg a:hover path {
-        fill: rgba(30, 222, 121, 0.25);
-        cursor: pointer;
-      }
-    </style>
-  </defs>
-  <g>
-    <title>Anton Arapov</title>
-    <a>
-      <path transform="translate(0,-50)" d="M147.21 157.69L157.85 154.86L167.78 160.53L167.78 191.74L184.09 196.7L197.57 230.74L197.57 260.53L186.93 286.77L188.35 334.29L181.96 337.84L183.38 395.28L172.39 395.28L163.52 361.24L163.52 343.51L150.76 315.85L147.21 337.13L140.83 339.96L128.77 390.32L118.84 395.28L116.01 364.08L120.26 337.84L120.97 278.26L103.95 244.22L107.5 232.87L118.13 199.54L140.83 192.45L147.21 157.69z" />
-    </a>
-  </g>
-  <g>
-    <title>Tim Hudson</title>
-    <a>
-      <path transform="translate(0,-50)" d="M416.02 176.67L431.22 183.64L431.22 212.76L447.05 220.36L460.98 252.02L460.98 296.98L460.98 311.55L453.38 316.61L444.51 305.22L445.78 286.85L442.61 292.55L445.78 329.28L443.25 349.54L445.15 372.97L438.5 399.57L450.85 411.6L426.78 411.6L420.45 364.11L411.59 362.21L411.59 332.44L403.99 360.31L397.66 363.47L388.79 411.6L367.26 411.6L376.76 396.4L372.96 362.21L367.26 356.51L375.49 314.08L362.83 308.38L362.83 267.22L379.93 217.2L398.29 215.3L399.56 193.13L400.82 183L416.02 176.67z" />
-    </a>
-  </g>
-  <g>
-    <title>Hugo Landau</title>
-    <a>
-      <path transform="translate(0,-50)" d="M484.41 158.94L491.37 166.54L502.14 169.07L504.67 177.3L494.54 188.7L494.54 195.67L513.54 202L523.03 249.49L523.03 281.79L510.37 310.28L516.7 394.5L512.27 400.83L514.8 410.33L499.61 410.33L484.41 326.11L476.97 367.27L477 407.16L459.71 410.33L459.71 347.01L455.91 315.98L463.51 303.95L461.61 279.25L461.61 255.82L455.91 236.19L448.95 221.63L453.38 207.06L471.11 197.57L471.74 190.6L464.14 189.97L464.78 172.87L471.11 165.27L476.97 158.94L484.41 158.94z" />
-    </a>
-  </g>
-  <g>
-    <title>Paul Dale</title>
-    <a>
-      <path transform="translate(0,-50)" d="M578.13 183L586.36 189.97L590.16 202L587.62 213.4L604.72 221L618.65 235.56L609.79 290.65L603.45 310.28L598.39 359.04L593.96 383.1L591.42 400.2L598.39 413.5L583.82 413.5L581.29 389.43L573.69 353.97L569.89 362.84L566.09 383.1L562.93 398.3L562.93 410.33L553.43 417.3L545.2 417.3L545.2 409.06L551.53 401.47L547.73 372.34L549.63 356.51L542.66 356.51L542.66 319.15L542.66 303.95L538.23 275.31L529.37 262.79L525.57 257.09L534.43 231.13L553.43 217.83L563.56 216.56L562.29 207.06L561.03 195.67L565.46 186.8L572.11 183L578.13 183z" />
-    </a>
-  </g>
-  <g>
-    <title>Tam Dale</title>
-    <a>
-      <path transform="translate(0,-50)" d="M652.21 179.84L661.71 179.84L664.24 188.07L675.64 195.67L675.64 204.53L663.93 212.76L668.04 219.1L680.71 219.1L692.74 242.53L696.54 268.49L696.54 310.91L685.77 321.68L682.61 386.27L668.68 397.67L674.38 416.66L661.08 416.66L655.38 400.83L652.21 416.66L635.75 416.66L635.75 401.47L628.15 397.67L618.02 317.88L612.95 307.11L612.95 286.85L612.95 262.16L618.02 243.16L623.72 225.43L643.98 219.73L643.35 211.5L634.48 207.7L634.48 198.83L641.45 191.87L642.71 182.37L652.21 179.84z" />
-    </a>
-  </g>
-  <g>
-    <title>Richard Levitte</title>
-    <a>
-      <path transform="translate(0,-50)" d="M730.73 168.44L742.76 171.6L742.76 177.94L751 177.94L753.53 188.07L749.1 196.3L742.13 200.1L742.13 206.43L756.69 210.86L768.09 219.73L778.22 238.73L771.26 243.79L774.43 264.06L764.93 297.62L768.09 341.94L778.22 400.2L772.53 400.2L784.56 414.76L765.56 414.76L761.13 405.9L754.16 405.9L748.46 347.64L736.43 317.25L730.73 350.81L736.43 398.3L736.43 414.76L719.33 417.3L716.17 410.33L725.03 405.26L709.84 353.97L709.84 322.95L704.14 296.35L696.54 267.85L696.54 245.06L692.11 236.83L703.5 217.2L725.67 207.7L724.4 201.37L718.7 193.77L713 194.4L714.9 183L721.87 171.6L730.73 168.44z" />
-    </a>
-  </g>
-  <g>
-    <title>Mark J Cox</title>
-    <a>
-      <path transform="translate(0,-50)" d="M820.65 148.17L832.68 150.71L835.21 160.21L843.45 160.21L843.45 167.17L835.21 167.17L832.05 176.67L835.85 183.64L855.48 193.13L866.24 231.76L873.84 275.31L873.84 299.52L865.61 299.52L861.81 279.89L850.41 243.16L847.25 275.07L847.25 307.11L844.08 335.61L847.25 361.57L847.25 398.3L844.08 404L847.25 416.03L832.68 416.03L825.08 395.13L820.65 402.73L823.18 416.03L794.06 416.03L790.26 409.06L803.55 400.2L799.75 364.11L799.75 342.58L794.69 301.42L786.46 302.68L780.76 291.92L783.29 279.25L783.29 243.79L789.62 208.33L791.52 193.13L806.09 186.8L813.69 184.27L813.05 177.94L807.35 169.7L801.65 167.8L807.35 161.47L809.25 151.97L820.65 148.17z" />
-    </a>
-  </g>
-  <g>
-    <title>Matt Caswell</title>
-    <a>
-      <path transform="translate(0,-50)" d="M290.48 194.57L313.17 184.64L309.62 173.3L301.82 173.3L306.79 160.53L306.79 160.53L313.17 151.31L328.06 151.31L342.25 157.69L342.25 169.04L333.74 179.68L335.87 187.48L355.01 194.57L360.69 220.11L354.3 220.11L346.5 253.44L345.79 339.25L346.5 365.5L344.38 393.86L360.69 408.76L332.32 408.76L330.9 376.13L322.39 332.16L318.13 312.3L307.5 335L303.95 361.95L296.86 383.94L296.86 408.76L282.67 413.72L273.45 413.72L276.29 404.5L284.8 396.7L288.35 342.09L288.35 310.89L289.77 270.46L284.8 244.22L287.64 220.81L279.84 218.69" />
-    </a>
-  </g>
-  <g>
-    <title>Tomáš Mráz</title>
-    <a>
-      <path transform="translate(0,-50)" d="M203.95 232.87L207.86 222.84L215.3 203.79L236.57 196.7L233.03 177.55L242.25 161.24L248.63 161.24L257.85 171.17L260.69 181.81L257.85 193.16L275.58 202.37L284.8 223.65L284.8 237.13L281.26 244.22L280.55 281.81L281.96 297.41L279.84 307.34L269.91 310.18L269.91 339.25L262.82 339.25L264.23 362.66L253.6 395.99L263.52 408.76L263.52 415.14L240.83 410.18L241.54 391.03L244.38 376.13L244.38 361.95L239.41 341.38L232.32 349.89L232.32 364.08L227.35 386.77L228.06 408.76L215.3 415.14L207.5 410.18L216.01 399.54L216.01 376.84L212.46 344.93L206.79 302.37L199.7 298.83L203.95 271.88L205.37 239.25" />
-    </a>
-  </g>
-</svg>
-
 ## Anton Arapov
 Joining the OpenSSL team in February 2023, I brought along experience from
 previous roles in Red Hat. At Red Hat, I had the opportunity to grow from an

bin/cvejsontohtml.py

@@ -213,8 +213,9 @@ def getbasefor(fixedin):
                     commitId = git.split(";")[-1].split("=")[-1]
                     git = f"https://github.com/openssl/openssl/commit/{commitId}"
                 if (
-                    fixedin.startswith("1.0.2") and fixedin[5] >= "w"
-                ):  # 1.0.2w and above hack
+                    (fixedin.startswith("1.0.2") and fixedin[5] >= "v")
+                    or (fixedin.startswith("1.1.1") and fixedin[5] >= "x")
+                ):  # 1.0.2v/1.1.1x and above hack
                     allissues += (
                         '<a href="/support/contracts.html?giturl=%s">(premium support)</a> '
                         % (git)

bin/md-to-html5

@@ -156,7 +156,9 @@ for f in "$@"; do
         title="$title_prefix/$dir/$base.html"
         top=$(echo "$dir" | sed -E -e 's|[^/]+|..|g')/
     fi
-
+    if [ "$base" = "err404" ]; then
+      top="/"
+    fi
     # is it an index file?
     def_isindex=
     if [ -n "$index" ] || [ "$base" = "index" ]; then
@@ -177,7 +179,8 @@ for f in "$@"; do
         input_file="$HERE/../$f"
     fi
 
-    pandoc -t html5 -f markdown --template="$template" \
+    pandoc -t html5 -f markdown-markdown_in_html_blocks \
+        --template="$template" \
         --highlight-style="$highlightstyle" \
         --tab-stop=8 --shift-heading-level-by=1 \
         -M author-meta='OpenSSL Foundation, Inc.' \

bin/strip-man-html

@@ -15,7 +15,5 @@ $contents = $`;                 # </body> and everything after is stripped
 
 # Adapt all H tags to be wrapped inside H1 and H2
 $contents =~ s@(</?h)(\d)(\s|>)@$1.($2 + 2).$3@emg;
-#added from /bin/fix-man-html
-$contents =~ s|\]\(|\&rbrack;(|g; # ]( suggests a markdown link
 
 print $contents;

community/dirdata.yaml

@@ -15,5 +15,4 @@ sidebar: |
   -   [Wiki](https://wiki.openssl.org)
   -   [Blog](/blog)
   -   [Binaries and Engines](binaries.html)
-  -   [Thanks!](thanks.html)
 ---

community/mailinglists.md

@@ -8,33 +8,29 @@ be a member of the list to post to it. Anything you post to a list,
 including the E-mail address you posted from, will be sent to and seen
 by all other members of the list.
 
-<p>
-
-| List                                                                          | Purpose                                                                           |
+| **List**                                                                      | **Purpose**                                                                       |
 |-------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|
 | [openssl-announce](https://mta.openssl.org/mailman/listinfo/openssl-announce) | Official Project Announcements; low-volume read-only.                             |
 | [openssl-project](https://mta.openssl.org/mailman/listinfo/openssl-project)   | Discussion about the organization and structure of the project itself. Moderated. |
 | [openssl-commits](https://mta.openssl.org/mailman/listinfo/openssl-commits)   | Commits to the source repository and build results; read-only.                    |
 | [openssl-dev](https://mta.openssl.org/mailman/listinfo/openssl-dev)           | This is now a read-only list, and is archived.                                    |
 | [openssl-users](https://mta.openssl.org/mailman/listinfo/openssl-users)       | Any questions about building, using, etc., OpenSSL itself.                        |
 
-</p>
+<p>&nbsp;</p>
 
 ## Archives
 
 Public archives can be found at the following locations:
 
-<p>
-
-| List                 | Archives                                                                                                                                                                |
+| **List**             | **Archives**                                                                                                                                                            |
 |----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | openssl-announce     | <https://marc.info/?l=openssl-announce><br /><https://www.mail-archive.com/openssl-announce@openssl.org/>                                                               |
 | openssl-users        | <https://marc.info/?l=openssl-users><br /><https://www.mail-archive.com/openssl-users@openssl.org/><br /><https://groups.google.com/groups?group=mailing.openssl.users> |
 | openssl-project      | <https://marc.info/?l=openssl-project><br /><https://www.mail-archive.com/openssl-project@openssl.org/>                                                                 |
 | openssl-dev archives | <https://marc.info/?l=openssl-dev><br /><https://www.mail-archive.com/openssl-dev@openssl.org/><br /><https://groups.google.com/groups?group=mailing.openssl.dev>       |
 | openssl-commits      | <https://marc.info/?l=openssl-cvs><br /><https://groups.google.com/groups?group=mailing.openssl.cvs>                                                                    |
 
-</p>
+<p>&nbsp;</p>
 
 Archives can also be found at our [mail server](https://mta.openssl.org/),
 under the page for each mailing list.

inc/pandoc-body-epilogue.html5

@@ -7,7 +7,7 @@ $else$
                     : <a href="">$breadcrumb$</a>
 $endif$
 $endif$
-                    <br/><a href="$top$sitemap.txt">Sitemap</a>
+                    <br/><a href="$top$sitemap.xml">Sitemap</a>
                 </footer>
             </article>
         </div>

news/fips-cve.md

@@ -11,14 +11,19 @@ relevance to it:
 
 **CVE ID** | **Fixed** | **FIPS?** | **Notes**
 ----- | --: | :-: | :---------------
-[CVE-2023-6237] | 3.0.13<br>3.1.5<br>3.2.1 | **yes** | EVP_PKEY_public_check() can take a long time
-[CVE-2023-6129] | 3.0.13<br>3.1.5<br>3.2.1 | no | 3.0.13, 3.1.5 and 3.2.1 are not released yet
-[CVE-2023-5678] | 3.0.13<br>3.1.5 | no | 3.0.13 and 3.1.5 are not released yet
+[CVE-2024-4741] | 3.0.14<br>3.1.6<br>3.2.2<br>3.3.1 | no |
+[CVE-2024-4603] | 3.0.14<br>3.1.6<br>3.2.2<br>3.3.1 | **yes** | EVP_PKEY_public_check() can take a long time. **Workaround:** First check the value returned by EVP_PKEY_get_bits() and reject too large keys.
+[CVE-2024-2511] | 3.0.14<br>3.1.6<br>3.2.2 | no |
+[CVE-2024-0727] | 3.0.13<br>3.1.5<br>3.2.1 | no |
+[CVE-2023-6237] | 3.0.13<br>3.1.5<br>3.2.1 | **yes** | EVP_PKEY_public_check() can take a long time. **Workaround:** First check the value returned by EVP_PKEY_get_bits() and reject too large keys.
+[CVE-2023-6129] | 3.0.13<br>3.1.5<br>3.2.1 | no |
+[CVE-2023-5678] | 3.0.13<br>3.1.5 | no |
 [CVE-2023-5363] | 3.0.12<br>3.1.4 | no |
 [CVE-2023-4807] | 3.0.11<br>3.1.3 | no |
 [CVE-2023-3817] | 3.0.10<br>3.1.2 | no |
 [CVE-2023-3446] | 3.0.10<br>3.1.2 | no |
 [CVE-2023-2975] | 3.0.10<br>3.1.2 | no |
+| | | | **Release of 3.0.9 FIPS provider**
 [CVE-2023-2650] | 3.0.9<br>3.1.1 | no |
 [CVE-2023-1255] | 3.0.9<br>3.1.1 | **yes** | Possible denial of service on Arm 64 (aarch64) using AES XTS mode
 [CVE-2023-0466] | 3.0.9<br>3.1.1 | no |
@@ -49,6 +54,10 @@ relevance to it:
 [CVE-2021-4044] | 3.0.1 | no |
 | | | | **Release of 3.0.0 FIPS provider**
 
+[CVE-2024-4714]: /news/vulnerabilities.html#CVE-2024-4741
+[CVE-2024-4603]: /news/vulnerabilities.html#CVE-2024-4603
+[CVE-2024-2511]: /news/vulnerabilities.html#CVE-2024-2511
+[CVE-2024-0727]: /news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: /news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: /news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: /news/vulnerabilities.html#CVE-2023-5678