{{ page.title }} - {{ site.title }}

From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43061) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9er-0006O2-Fq for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gD9em-0000K9-QK for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36106) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gD9em-0000JW-E4 for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:12 -0400 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 18 Oct 2018 15:52:01 +0100 Message-Id: <20181018145203.11336-3-berrange@redhat.com> In-Reply-To: <20181018145203.11336-1-berrange@redhat.com> References: <20181018145203.11336-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [web PATCH 2/4] Introduce content and tools for managing security notices List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Prasad J Pandit , Paolo Bonzini , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Signed-off-by: Daniel P. Berrang=C3=A9 --- _config.yml | 4 + _includes/nav.html | 3 +- _layouts/secnotice.html | 22 ++ assets/css/style.css | 47 +++ secnotice/Makefile | 40 +++ secnotice/README-template.md | 78 +++++ secnotice/README.md | 20 ++ secnotice/_scripts/index-html.xsl | 72 +++++ secnotice/_scripts/index-xml | 28 ++ secnotice/_scripts/notice-html.xsl | 286 +++++++++++++++++++ secnotice/_scripts/notice-txt.xsl | 277 ++++++++++++++++++ secnotice/_scripts/report-vulnerable-tags.pl | 135 +++++++++ secnotice/template.xml | 50 ++++ 13 files changed, 1061 insertions(+), 1 deletion(-) create mode 100644 _layouts/secnotice.html create mode 100644 secnotice/Makefile create mode 100644 secnotice/README-template.md create mode 100644 secnotice/README.md create mode 100644 secnotice/_scripts/index-html.xsl create mode 100755 secnotice/_scripts/index-xml create mode 100644 secnotice/_scripts/notice-html.xsl create mode 100644 secnotice/_scripts/notice-txt.xsl create mode 100644 secnotice/_scripts/report-vulnerable-tags.pl create mode 100644 secnotice/template.xml diff --git a/_config.yml b/_config.yml index 0a0201c..6fddace 100644 --- a/_config.yml +++ b/_config.yml @@ -37,3 +37,7 @@ gems: exclude: - Gemfile - Gemfile.lock + - Makefile + - secalert/README.md + - secalert/README-template.md + - secalert/template.xml diff --git a/_includes/nav.html b/_includes/nav.html index 241d83e..350de6d 100644 --- a/_includes/nav.html +++ b/_includes/nav.html @@ -6,7 +6,8 @@

Download

Contribute

Documentation -

Blog

Blog +

Security Notices

=20 diff --git a/_layouts/secnotice.html b/_layouts/secnotice.html new file mode 100644 index 0000000..b30c036 --- /dev/null +++ b/_layouts/secnotice.html @@ -0,0 +1,22 @@ + + + + + {{ page.title }} - {{ site.title }} + {% include assets.html %} + + + + {% include nav.html %} + + {{ content }} + + {% include footer.html %} + {% include copyright.html %} + + + diff --git a/assets/css/style.css b/assets/css/style.css index b828887..dccffb0 100644 --- a/assets/css/style.css +++ b/assets/css/style.css @@ -590,3 +590,50 @@ { margin-top: 1.5em; } + +/***********************************************************************= **********/ +/* Security notices = */ +/***********************************************************************= **********/ + + body.secnotice #main + { + width: 50%; + } + + body.secnotice #sidebar + { + margin-top: 10em; + width: 30%; + } + + body.secnotice p.altformat + { + font-size: smaller; + color: inherit; + text-align: right; + } + + body.secnotice table.repository { + border-spacing: 0px; + } + + body.secnotice table.repository tbody th { + text-align: right; + } + + body.secnotice table.repository tbody th, + body.secnotice table.repository tbody td { + padding: 2px; + }=09 + + body.secnotice table.repository tbody td.fixedtag, + body.secnotice table.repository tbody td.mergedcommit { + background: rgb(240,255,240); + } + body.secnotice table.repository tbody td.fixedcommit { + background: rgb(240,240,255); + } + + body.secnotice table.repository thead { + background: rgb(240,240,240); + } diff --git a/secnotice/Makefile b/secnotice/Makefile new file mode 100644 index 0000000..fef2e8c --- /dev/null +++ b/secnotice/Makefile @@ -0,0 +1,40 @@ + +YEARS =3D $(wildcard 2???) + +INDEX_XML =3D index.xml $(YEARS:%=3D%/index.xml) +INDEX_HTML =3D $(INDEX_XML:%.xml=3D%.html) + +NOTICE_XML =3D $(wildcard */???.xml) +NOTICE_TXT =3D $(NOTICE_XML:%.xml=3D%.txt) +NOTICE_HTML =3D $(NOTICE_XML:%.xml=3D%.html) + +all: $(INDEX_XML) $(INDEX_HTML) $(NOTICE_TXT) $(NOTICE_HTML) + +index.xml: $(NOTICE_XML) _scripts/index-xml Makefile + mkdir -p `dirname $@` + _scripts/index-xml $(sort $(NOTICE_XML)) > $@ + +index.html: index.xml _scripts/index-html.xsl Makefile + xsltproc _scripts/index-html.xsl $< > $@ + +%/index.xml: $(NOTICE_XML) _scripts/index-xml Makefile + mkdir -p `dirname $@` + DIR=3D`echo $@ | sed -e 's,/index.xml,,'` + rm -f $@ + _scripts/index-xml $(sort $(wildcard $(@:%/index.xml=3D%/)???.xml)) > $= @ + +%/index.html: %/index.xml _scripts/index-html.xsl Makefile + xsltproc --stringparam permalink $(@:%/index.html=3D/secnotice/%/) _scr= ipts/index-html.xsl $< > $@ + +%.txt: %.xml _scripts/notice-txt.xsl Makefile + mkdir -p `dirname $@` + xsltproc _scripts/notice-txt.xsl $< > $@ + +%.html: %.xml _scripts/notice-html.xsl Makefile + mkdir -p `dirname $@` + xsltproc _scripts/notice-html.xsl $< > $@ + +clean: + rm -rf index.{xml,html} + rm -rf */index.{xml,html} + rm -rf */*.{txt,html} diff --git a/secnotice/README-template.md b/secnotice/README-template.md new file mode 100644 index 0000000..2b80dca --- /dev/null +++ b/secnotice/README-template.md @@ -0,0 +1,78 @@ +QEMU Security Notice Schema +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D + +The top level element of a QEMU security notice has a name of +``security-notice`` and is in an XML namespace of +``http://qemu.org/xmlns/security-notice/1.0`` + +Basic metadata +-------------- + +The ``id`` element content is a pair of 4 digit numbers uniquely identif= ying +the security issue. By convention the first 4 digit number is the year i= n which +it was reported and the second number is an integer value that is unique= within +the year, monotonically incrementing from 1. eg the 137th issue reported= in +2013 would have an id of ``2013-0137`` + +The ``summary`` element is a short, single line description of the flaw, +ideally 80 characters or less to make it suitable for use in email subje= ct +lines or git commit messages. + +The ``credits`` element provides information on persons involved with th= e flaw. +It permits the child elements ``reporter`` or ``patcher`` each of which = can be +repeated zero or more times. Both elements contain two further child ele= ments +``email`` and ``name`` with the former providing the email address and t= he +latter providing the full name. At least one of ``email`` and ``name`` m= ust +be provided. + +The ``lifecycle`` element provides date on key milestones in handling of= the +issue. It contains between one and three child elements, ``reported``, +``published`` and ``fixed``. The ``reported`` element says the date on w= hich +the QEMU security received notification of the issue. The ``published`` = element +says the date on which the issue was revealed to the public. The ``fixed= `` +element says the date on which the issue was patched in the primary code= branch +(typically GIT master). + +The ``reference`` element provides details of related resources. It will= have +one or more child elements which can be either ``advisory`` or ``bug``. = An +``advisory`` element includes a ``type`` and ``id`` attribute where ``ty= pe`` is +currently allowed to be ``CVE`` and ``id`` is the identifier of the repo= rt. A +``bug`` element includes ``tracker`` and ``id`` attributes where ``track= er`` is +allowed to be ``redhat``, ``debian`` or a short name for another vendors= ' bug +tracker. + +Descriptive data +---------------- + +There are three free form text elements providing descriptive data about= the +issue. The data will usually be inside a CDATA block. + +The ``description`` element content is an expanded version of the ``summ= ary`` +element content, describing what the flaw is. + +The ``impact`` element content describes the implications of the securit= y +issue. ie what can a malicious user do with the flaw. + +The ``workaround`` element content describes any steps that an administr= ator +can take to eliminate or at least mitigate the impact of the flaw. + + +Product data +------------ + +The ``product`` element provides information about the codebase of the a= ffected +products. The ``name`` attribute is the name of a QEMU product, typicall= y based +on the tar.gz archive name with the suffix stripped. This contains a chi= ld +``repository`` element which is a URL to the master GIT repository. Ther= e is +then one or more ``branch`` elements which details the state of affected +branches. + +The first child of the ``branch`` element is a ``name`` giving the branc= h name, +eg ``master``, ``v1.0.1-maint``, etc. There are then zero or more ``tag`= ` or +``change`` child elements with a ``state`` attribute of ``vulnerable`` o= r +``fixed``. The ``tag`` element content details the name of the GIT tag(s= ) on +that branch are vulnerable and which tags are fixed. The ``change`` elem= ent +content details the GIT hash of the change(s) which both introduce and f= ix the +flaw. The same vulnerable change hash may appear under multiple ``branch= `` +elements since branches will share large portions of their history. The = fix +hash will however usually be different. diff --git a/secnotice/README.md b/secnotice/README.md new file mode 100644 index 0000000..643076d --- /dev/null +++ b/secnotice/README.md @@ -0,0 +1,20 @@ +QEMU Security Notices +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +This directory records all QEMU Security Notices that are issued. + +Notices must only added to this directory once any embargo is lifted, si= nce the +GIT repository is fully public. + +Notices are written in XML in a file ``$YEAR/$NUM.xml`` eg ``2014/0001.x= ml``. +Assign numbers incrementally as new issues are reported. More details o= n the +XML format can be found in `README-schema.rst``. + +When a new notice is published for the first time, send the text renderi= ng of +the notice to the ``qemu-devel@nongnu.org`` + +When backporting security fixes to ``stable-X.Y`` branches, update the n= otice +with details of the backported changeset hash. + +When doing a formal stable release, update the notices included with the= release +tag name. diff --git a/secnotice/_scripts/index-html.xsl b/secnotice/_scripts/index= -html.xsl new file mode 100644 index 0000000..71ae716 --- /dev/null +++ b/secnotice/_scripts/index-html.xsl @@ -0,0 +1,72 @@ + + + + + + + + --- +title: QEMU Security Notices +permalink: +--- + +

+ If you believe you have identified a new security issue in QEMU, pl= ease + follow the securi= ty process + to report it in a non-public way. Do NOT use the b= ug tracker, + mailing lists, or IRC to report non-public security issues. +

+ +

+ Alternative formats: [xml] +

+ + + + + + + + + + + + + + + + + + + + + +

QSN-:

+ + diff --git a/secnotice/_scripts/index-xml b/secnotice/_scripts/index-xml new file mode 100755 index 0000000..67de29f --- /dev/null +++ b/secnotice/_scripts/index-xml @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright (C) 2013-2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see +# . + +set -e + +DIR=3D"$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +echo '' +for n in $@ +do + echo " " +done +echo '' diff --git a/secnotice/_scripts/notice-html.xsl b/secnotice/_scripts/noti= ce-html.xsl new file mode 100644 index 0000000..50ba802 --- /dev/null +++ b/secnotice/_scripts/notice-html.xsl @@ -0,0 +1,286 @@ + + + + + + + + + + + + + + + + --- +title: 'QSN-: ' +layout: secnotice +permalink: + + +--- + +

+ +

+ + + + + + + + + + +

+ + + + + +

+ Alternative formats: + + + + + + + + [xml] + + + + + + + + + + [text] + +

+ + + +

Lifecycle

+ + + + + + + + + + + + + +

Reported on:
Published on:
Fixed on:

+ + + +

Credits

+ + + + + + + 1"> + + + + + + + + + + + 1"> + + + + + +

Reported by:		+ <= /a> +
Patched by:		+ <= /a> +

+ + + + + + + CVE- + + + + + + - + + + + + + + + bug # + + + + +

Description

+ +

+ + + +

Impact

+ +

+ + + +

Mitigation

+ +

+ + + + + +

+ + + + + + + + + + + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Branch: + + + +
Fixed in:	+ + + +
Fixed by:	+ + + +
Merged by:	+ + + +
Broken in:	+ + + +
Broken by:	+ + + +

+ + + diff --git a/secnotice/_scripts/notice-txt.xsl b/secnotice/_scripts/notic= e-txt.xsl new file mode 100644 index 0000000..dc4c125 --- /dev/null +++ b/secnotice/_scripts/notice-txt.xsl @@ -0,0 +1,277 @@ + + + + + + + + + + + + + + + + + + + + + + + + 0 and $pos-now >=3D $wrap-col"> + + + + + + + + + + 0"> + + + + + + + + + + + + + + + =3D $wrap-col"= > + + + + 0"> + + + + + + + + + + + QEMU Security Notice: QSN- + + + =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + + + + + + + + + + + + + + + + + Summary: + + + + + + + + + + + + - + + + + + + bug # + + + + + See also: + + + + + , + + + + + + + + Broken in: + + + + + Fixed in: + + + + + + + Broken by: + + + + + Fixed by: + + + + + + + + diff --git a/secnotice/_scripts/report-vulnerable-tags.pl b/secnotice/_sc= ripts/report-vulnerable-tags.pl new file mode 100644 index 0000000..3b89efd --- /dev/null +++ b/secnotice/_scripts/report-vulnerable-tags.pl @@ -0,0 +1,135 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Sort::Versions; + +if (int(@ARGV) !=3D 1 && int (@ARGV) !=3D 2) { + die "syntax: $0 BROKEN-COMMIT [MERGED-COMMIT]\n"; +} + +my $broken =3D shift @ARGV; +my $merged =3D shift @ARGV; + +sub get_tags { + my @args =3D @_; + + my @tags; + open GIT, "-|", "git", "tag", @args or + die "cannot query 'git tags @args': $!\n"; + + while () { + chomp; + + # Drop anything except vN.N.N style tags + # where 'N' is only digits. + if (/^v(\d+)(\.\d+)+$/) { + push @tags, $_; + } + } + + close GIT; + + return @tags; +} + +sub get_branch { + my $tag =3D shift; + + my @branches; + open GIT, "-|", "git", "branch", "--all", "--contains", $tag or + die "cannot query 'git branch --all --contains $tag': $!\n"; + + while () { + chomp; + + if (m,^\s*remotes/origin/(stable-.*)$,) { + push @branches, $1; + } + } + + close GIT; + + return @branches; +} + +my @branches; +my %tags; +my %branches; + +my %merged; +my $mergedtag; + +if (defined $merged) { + for my $tag (get_tags("--contains", $merged)) { + $merged{$tag} =3D 1; + $mergedtag =3D $tag unless defined $mergedtag; + } +} + +$branches{"master"} =3D []; +# Most tags live on master so lets get them first +for my $tag (get_tags("--contains", $broken, "--merged", "master")) { + next if exists $merged{$tag}; + push @{$branches{"master"}}, $tag; + $tags{$tag} =3D 1; +} +push @branches, "master"; + +# Now we need slower work to find branches for +# few remaining tags +for my $tag (get_tags("--contains", $broken)) { + + next if exists $tags{$tag}; + next if exists $merged{$tag}; + next if $tag =3D~ /v\d+\.\d+\.9\d/; + + my @tagbranches =3D get_branch($tag); + if (int(@tagbranches) =3D=3D 0) { + if ($tag =3D~ "^v0.10") { + @tagbranches =3D ("stable-0.10") + } elsif ($tag =3D~ "^v0") { + @tagbranches =3D ("master") + } else { + print "Tag $tag doesn't appear in any branch\n"; + next; + } + } + + if (int(@tagbranches) > 1) { + print "Tag $tag appears in multiple branches\n"; + } + + unless (exists($branches{$tagbranches[0]})) { + $branches{$tagbranches[0]} =3D []; + push @branches, $tagbranches[0]; + } + push @{$branches{$tagbranches[0]}}, $tag; +} + + +foreach my $branch (sort versioncmp @branches) { + print " \n"; + print " $branch\n"; + if ($branch eq "master") { + print " \n"; + if (defined $merged) { + print " $merged\n"; + } else { + print " \n"; + } + if (defined $mergedtag) { + print " $mergedtag\n"; + } else { + print " \n"; + } + } + + foreach my $tag (sort versioncmp @{$branches{$branch}}) { + print " $tag\n"; + } + print " $broken\n"; + + print " \n"; +} diff --git a/secnotice/template.xml b/secnotice/template.xml new file mode 100644 index 0000000..8f8a0d4 --- /dev/null +++ b/secnotice/template.xml @@ -0,0 +1,50 @@ + + XXXX-XXX + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + master + + + + + + + + + --=20 2.17.2