Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Jan 2019 17:47:49 +0000 (UTC)
From:      Glen Barber <gjb@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r52777 - head/en_US.ISO8859-1/htdocs/security
Message-ID:  <201901241747.x0OHlnrv063113@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: gjb
Date: Thu Jan 24 17:47:48 2019
New Revision: 52777
URL: https://svnweb.freebsd.org/changeset/doc/52777

Log:
  - Add templates for security advisories and errata notices to the
    tree.
  - Link to the templates on the reporting.html page.
  
  Suggested by:	emaste
  Discussed with:	secteam (emaste, remko)
  Sponsored by:	The FreeBSD Foundation

Added:
  head/en_US.ISO8859-1/htdocs/security/advisory-template.txt   (contents, props changed)
  head/en_US.ISO8859-1/htdocs/security/errata-template.txt   (contents, props changed)
Modified:
  head/en_US.ISO8859-1/htdocs/security/Makefile
  head/en_US.ISO8859-1/htdocs/security/reporting.xml

Modified: head/en_US.ISO8859-1/htdocs/security/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/security/Makefile	Thu Jan 24 08:13:11 2019	(r52776)
+++ head/en_US.ISO8859-1/htdocs/security/Makefile	Thu Jan 24 17:47:48 2019	(r52777)
@@ -11,6 +11,8 @@ SUBDIR=		advisories
 SUBDIR+=	patches
 
 DATA=	so_public_key.asc
+DATA=	advisory-template.txt
+DATA=	errata-template.txt
 DOCS=	charter.xml
 DOCS+=	security.xml
 DOCS+=	advisories.xml

Added: head/en_US.ISO8859-1/htdocs/security/advisory-template.txt
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/en_US.ISO8859-1/htdocs/security/advisory-template.txt	Thu Jan 24 17:47:48 2019	(r52777)
@@ -0,0 +1,140 @@
+=============================================================================
+FreeBSD-SA-ADVISORY_TEMPLATE                                Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          
+
+Category:       < core | contrib >
+Module:         <module name>
+Announced:      2019-XX-XX
+Credits:        
+Affects:        <affected versions>
+                <e.g., "All supported versions of FreeBSD.", "FreeBSD
+                12.0 and later.", "FreeBSD 12.x", or "FreeBSD 11.2">
+Corrected:      2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE)
+                2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX)
+                2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE)
+                2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX)
+CVE Name:       CVE-XXXX-XXXX
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+<brief description of what the affected bits are supposed to do>
+
+II.  Problem Description
+
+<detailed description of the problem>
+
+III. Impact
+
+<description as to why the above problem is bad>
+
+IV.  Workaround
+
+<If no workaround exists:>
+No workaround is available.
+
+<... but some systems are unaffected:>
+No workaround is available.  <insert simple description of some
+systems that are not vulnerable>
+
+<If a workaround exists:>
+<insert workaround here>
+
+V.   Solution
+
+<insert solution here>
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+[XX Needs reboot? Mention please]
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+[XX Needs reboot? Mention please]
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch
+# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch.asc
+# gpg --verify XXXX.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+<for a userland utility:>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+<for a daemons>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+<for a common library>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+<for a kernel vulnerability:>
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+-------------------------------------------------------------------------
+stable/12/                                                        rXXXXXX
+releng/12.0/                                                      rXXXXXX
+stable/11/                                                        rXXXXXX
+releng/11.2/                                                      rXXXXXX
+-------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<other info on vulnerability>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-XXXX-XXXX>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-XX:XX.XXXXX.asc>;

Added: head/en_US.ISO8859-1/htdocs/security/errata-template.txt
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/en_US.ISO8859-1/htdocs/security/errata-template.txt	Thu Jan 24 17:47:48 2019	(r52777)
@@ -0,0 +1,140 @@
+=============================================================================
+FreeBSD-EN-ERRATA_TEMPLATE                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          
+
+Category:       < core | contrib >
+Module:         <module name>
+Announced:      2019-XX-XX
+Credits:        
+Affects:        <affected versions>
+                <e.g., "All supported versions of FreeBSD.", "FreeBSD
+                12.0 and later.", "FreeBSD 12.x", or "FreeBSD 11.2">
+Corrected:      2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE)
+                2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX)
+                2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE)
+                2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+<brief description of what the affected bits are supposed to do>
+
+II.  Problem Description
+
+<detailed description of the problem>
+
+III. Impact
+
+<description as to why the above problem is bad>
+
+IV.  Workaround
+
+<If no workaround exists:>
+No workaround is available.
+
+<... but some systems are unaffected:>
+No workaround is available.  <insert simple description of some
+systems that are not vulnerable>
+
+<If a workaround exists:>
+<insert workaround here>
+
+V.   Solution
+
+<insert solution here>
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+[XX Needs reboot? Mention please]
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+[XX Needs reboot? Mention please]
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch
+# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc
+# gpg --verify XXXX.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+<for a userland utility:>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+<for a daemons>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+<for a common library>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+<for a kernel bug:>
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+-------------------------------------------------------------------------
+stable/12/                                                        rXXXXXX
+releng/12.0/                                                      rXXXXXX
+stable/11/                                                        rXXXXXX
+releng/11.2/                                                      rXXXXXX
+-------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<other info on the problem>
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>;

Modified: head/en_US.ISO8859-1/htdocs/security/reporting.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/security/reporting.xml	Thu Jan 24 08:13:11 2019	(r52776)
+++ head/en_US.ISO8859-1/htdocs/security/reporting.xml	Thu Jan 24 17:47:48 2019	(r52777)
@@ -49,6 +49,13 @@
 	<li>Example code if possible.</li>
       </ul>
 
+      <p>Whenever possible, including the background, problem
+	description, impact, and workaround (if applicable) using the
+	templates for <a
+	  href="advisory-template.txt">security advisories</a> and <a
+	  href="errata-template.txt">errata notices</a> as appropriate
+	would also be helpful.</p>
+
       <p>After this information has been reported the Security Officer
 	or a Security Team delegate will get back to you.</p>
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901241747.x0OHlnrv063113>