From owner-svn-doc-head@freebsd.org Thu Jan 24 17:47:50 2019 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C9FD14B747E; Thu, 24 Jan 2019 17:47:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 34F46755C8; Thu, 24 Jan 2019 17:47:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 239BB2BD24; Thu, 24 Jan 2019 17:47:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x0OHln9h063117; Thu, 24 Jan 2019 17:47:49 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x0OHlnrv063113; Thu, 24 Jan 2019 17:47:49 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201901241747.x0OHlnrv063113@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Thu, 24 Jan 2019 17:47:49 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52777 - head/en_US.ISO8859-1/htdocs/security X-SVN-Group: doc-head X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: head/en_US.ISO8859-1/htdocs/security X-SVN-Commit-Revision: 52777 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 34F46755C8 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.97)[-0.975,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2019 17:47:50 -0000 Author: gjb Date: Thu Jan 24 17:47:48 2019 New Revision: 52777 URL: https://svnweb.freebsd.org/changeset/doc/52777 Log: - Add templates for security advisories and errata notices to the tree. - Link to the templates on the reporting.html page. Suggested by: emaste Discussed with: secteam (emaste, remko) Sponsored by: The FreeBSD Foundation Added: head/en_US.ISO8859-1/htdocs/security/advisory-template.txt (contents, props changed) head/en_US.ISO8859-1/htdocs/security/errata-template.txt (contents, props changed) Modified: head/en_US.ISO8859-1/htdocs/security/Makefile head/en_US.ISO8859-1/htdocs/security/reporting.xml Modified: head/en_US.ISO8859-1/htdocs/security/Makefile ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/Makefile Thu Jan 24 08:13:11 2019 (r52776) +++ head/en_US.ISO8859-1/htdocs/security/Makefile Thu Jan 24 17:47:48 2019 (r52777) @@ -11,6 +11,8 @@ SUBDIR= advisories SUBDIR+= patches DATA= so_public_key.asc +DATA= advisory-template.txt +DATA= errata-template.txt DOCS= charter.xml DOCS+= security.xml DOCS+= advisories.xml Added: head/en_US.ISO8859-1/htdocs/security/advisory-template.txt ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/en_US.ISO8859-1/htdocs/security/advisory-template.txt Thu Jan 24 17:47:48 2019 (r52777) @@ -0,0 +1,140 @@ +============================================================================= +FreeBSD-SA-ADVISORY_TEMPLATE Security Advisory + The FreeBSD Project + +Topic: + +Category: < core | contrib > +Module: +Announced: 2019-XX-XX +Credits: +Affects: + +Corrected: 2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX) + 2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX) +CVE Name: CVE-XXXX-XXXX + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + + + +II. Problem Description + + + +III. Impact + + + +IV. Workaround + + +No workaround is available. + +<... but some systems are unaffected:> +No workaround is available. + + + + +V. Solution + + + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +[XX Needs reboot? Mention please] + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +[XX Needs reboot? Mention please] + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch +# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch.asc +# gpg --verify XXXX.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + + + +c) Recompile the operating system using buildworld and installworld as +described in . + + + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + + + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + + + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +------------------------------------------------------------------------- +stable/12/ rXXXXXX +releng/12.0/ rXXXXXX +stable/11/ rXXXXXX +releng/11.2/ rXXXXXX +------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + +The latest revision of this advisory is available at + Added: head/en_US.ISO8859-1/htdocs/security/errata-template.txt ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/en_US.ISO8859-1/htdocs/security/errata-template.txt Thu Jan 24 17:47:48 2019 (r52777) @@ -0,0 +1,140 @@ +============================================================================= +FreeBSD-EN-ERRATA_TEMPLATE Errata Notice + The FreeBSD Project + +Topic: + +Category: < core | contrib > +Module: +Announced: 2019-XX-XX +Credits: +Affects: + +Corrected: 2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX) + 2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + + + +II. Problem Description + + + +III. Impact + + + +IV. Workaround + + +No workaround is available. + +<... but some systems are unaffected:> +No workaround is available. + + + + +V. Solution + + + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. +[XX Needs reboot? Mention please] + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +[XX Needs reboot? Mention please] + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch +# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc +# gpg --verify XXXX.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + + + +c) Recompile the operating system using buildworld and installworld as +described in . + + + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + + + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart all daemons that use the library, or reboot the system. + + + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +------------------------------------------------------------------------- +stable/12/ rXXXXXX +releng/12.0/ rXXXXXX +stable/11/ rXXXXXX +releng/11.2/ rXXXXXX +------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + +The latest revision of this advisory is available at + Modified: head/en_US.ISO8859-1/htdocs/security/reporting.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/reporting.xml Thu Jan 24 08:13:11 2019 (r52776) +++ head/en_US.ISO8859-1/htdocs/security/reporting.xml Thu Jan 24 17:47:48 2019 (r52777) @@ -49,6 +49,13 @@
  • Example code if possible.
    • +

    Whenever possible, including the background, problem + description, impact, and workaround (if applicable) using the + templates for security advisories and errata notices as appropriate + would also be helpful.

    +

    After this information has been reported the Security Officer or a Security Team delegate will get back to you.