{{ page.title }} - {{ site.title }}

From patchwork Thu Oct 18 14:52:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 986004 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42bXMT3sssz9sCm for ; Fri, 19 Oct 2018 02:02:13 +1100 (AEDT) Received: from localhost ([::1]:42874 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9oR-0006jo-58 for incoming@patchwork.ozlabs.org; Thu, 18 Oct 2018 11:02:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43061) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gD9er-0006O2-Fq for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gD9em-0000K9-QK for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36106) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gD9em-0000JW-E4 for qemu-devel@nongnu.org; Thu, 18 Oct 2018 10:52:12 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B798F3002F2B; Thu, 18 Oct 2018 14:52:11 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-207.ams2.redhat.com [10.36.116.207]) by smtp.corp.redhat.com (Postfix) with ESMTP id E94825B687; Thu, 18 Oct 2018 14:52:08 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Thu, 18 Oct 2018 15:52:01 +0100 Message-Id: <20181018145203.11336-3-berrange@redhat.com> In-Reply-To: <20181018145203.11336-1-berrange@redhat.com> References: <20181018145203.11336-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 18 Oct 2018 14:52:11 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [web PATCH 2/4] Introduce content and tools for managing security notices X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Thomas Huth , Prasad J Pandit Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Daniel P. Berrangé --- _config.yml | 4 + _includes/nav.html | 3 +- _layouts/secnotice.html | 22 ++ assets/css/style.css | 47 +++ secnotice/Makefile | 40 +++ secnotice/README-template.md | 78 +++++ secnotice/README.md | 20 ++ secnotice/_scripts/index-html.xsl | 72 +++++ secnotice/_scripts/index-xml | 28 ++ secnotice/_scripts/notice-html.xsl | 286 +++++++++++++++++++ secnotice/_scripts/notice-txt.xsl | 277 ++++++++++++++++++ secnotice/_scripts/report-vulnerable-tags.pl | 135 +++++++++ secnotice/template.xml | 50 ++++ 13 files changed, 1061 insertions(+), 1 deletion(-) create mode 100644 _layouts/secnotice.html create mode 100644 secnotice/Makefile create mode 100644 secnotice/README-template.md create mode 100644 secnotice/README.md create mode 100644 secnotice/_scripts/index-html.xsl create mode 100755 secnotice/_scripts/index-xml create mode 100644 secnotice/_scripts/notice-html.xsl create mode 100644 secnotice/_scripts/notice-txt.xsl create mode 100644 secnotice/_scripts/report-vulnerable-tags.pl create mode 100644 secnotice/template.xml diff --git a/_config.yml b/_config.yml index 0a0201c..6fddace 100644 --- a/_config.yml +++ b/_config.yml @@ -37,3 +37,7 @@ gems: exclude: - Gemfile - Gemfile.lock + - Makefile + - secalert/README.md + - secalert/README-template.md + - secalert/template.xml diff --git a/_includes/nav.html b/_includes/nav.html index 241d83e..350de6d 100644 --- a/_includes/nav.html +++ b/_includes/nav.html @@ -6,7 +6,8 @@

Download

Contribute

Documentation -

Blog

Blog +

Security Notices

diff --git a/_layouts/secnotice.html b/_layouts/secnotice.html new file mode 100644 index 0000000..b30c036 --- /dev/null +++ b/_layouts/secnotice.html @@ -0,0 +1,22 @@ + + + + + {{ page.title }} - {{ site.title }} + {% include assets.html %} + + + + {% include nav.html %} + + {{ content }} + + {% include footer.html %} + {% include copyright.html %} + + + diff --git a/assets/css/style.css b/assets/css/style.css index b828887..dccffb0 100644 --- a/assets/css/style.css +++ b/assets/css/style.css @@ -590,3 +590,50 @@ { margin-top: 1.5em; } + +/*********************************************************************************/ +/* Security notices */ +/*********************************************************************************/ + + body.secnotice #main + { + width: 50%; + } + + body.secnotice #sidebar + { + margin-top: 10em; + width: 30%; + } + + body.secnotice p.altformat + { + font-size: smaller; + color: inherit; + text-align: right; + } + + body.secnotice table.repository { + border-spacing: 0px; + } + + body.secnotice table.repository tbody th { + text-align: right; + } + + body.secnotice table.repository tbody th, + body.secnotice table.repository tbody td { + padding: 2px; + } + + body.secnotice table.repository tbody td.fixedtag, + body.secnotice table.repository tbody td.mergedcommit { + background: rgb(240,255,240); + } + body.secnotice table.repository tbody td.fixedcommit { + background: rgb(240,240,255); + } + + body.secnotice table.repository thead { + background: rgb(240,240,240); + } diff --git a/secnotice/Makefile b/secnotice/Makefile new file mode 100644 index 0000000..fef2e8c --- /dev/null +++ b/secnotice/Makefile @@ -0,0 +1,40 @@ + +YEARS = $(wildcard 2???) + +INDEX_XML = index.xml $(YEARS:%=%/index.xml) +INDEX_HTML = $(INDEX_XML:%.xml=%.html) + +NOTICE_XML = $(wildcard */???.xml) +NOTICE_TXT = $(NOTICE_XML:%.xml=%.txt) +NOTICE_HTML = $(NOTICE_XML:%.xml=%.html) + +all: $(INDEX_XML) $(INDEX_HTML) $(NOTICE_TXT) $(NOTICE_HTML) + +index.xml: $(NOTICE_XML) _scripts/index-xml Makefile + mkdir -p `dirname $@` + _scripts/index-xml $(sort $(NOTICE_XML)) > $@ + +index.html: index.xml _scripts/index-html.xsl Makefile + xsltproc _scripts/index-html.xsl $< > $@ + +%/index.xml: $(NOTICE_XML) _scripts/index-xml Makefile + mkdir -p `dirname $@` + DIR=`echo $@ | sed -e 's,/index.xml,,'` + rm -f $@ + _scripts/index-xml $(sort $(wildcard $(@:%/index.xml=%/)???.xml)) > $@ + +%/index.html: %/index.xml _scripts/index-html.xsl Makefile + xsltproc --stringparam permalink $(@:%/index.html=/secnotice/%/) _scripts/index-html.xsl $< > $@ + +%.txt: %.xml _scripts/notice-txt.xsl Makefile + mkdir -p `dirname $@` + xsltproc _scripts/notice-txt.xsl $< > $@ + +%.html: %.xml _scripts/notice-html.xsl Makefile + mkdir -p `dirname $@` + xsltproc _scripts/notice-html.xsl $< > $@ + +clean: + rm -rf index.{xml,html} + rm -rf */index.{xml,html} + rm -rf */*.{txt,html} diff --git a/secnotice/README-template.md b/secnotice/README-template.md new file mode 100644 index 0000000..2b80dca --- /dev/null +++ b/secnotice/README-template.md @@ -0,0 +1,78 @@ +QEMU Security Notice Schema +=========================== + +The top level element of a QEMU security notice has a name of +``security-notice`` and is in an XML namespace of +``http://qemu.org/xmlns/security-notice/1.0`` + +Basic metadata +-------------- + +The ``id`` element content is a pair of 4 digit numbers uniquely identifying +the security issue. By convention the first 4 digit number is the year in which +it was reported and the second number is an integer value that is unique within +the year, monotonically incrementing from 1. eg the 137th issue reported in +2013 would have an id of ``2013-0137`` + +The ``summary`` element is a short, single line description of the flaw, +ideally 80 characters or less to make it suitable for use in email subject +lines or git commit messages. + +The ``credits`` element provides information on persons involved with the flaw. +It permits the child elements ``reporter`` or ``patcher`` each of which can be +repeated zero or more times. Both elements contain two further child elements +``email`` and ``name`` with the former providing the email address and the +latter providing the full name. At least one of ``email`` and ``name`` must +be provided. + +The ``lifecycle`` element provides date on key milestones in handling of the +issue. It contains between one and three child elements, ``reported``, +``published`` and ``fixed``. The ``reported`` element says the date on which +the QEMU security received notification of the issue. The ``published`` element +says the date on which the issue was revealed to the public. The ``fixed`` +element says the date on which the issue was patched in the primary code branch +(typically GIT master). + +The ``reference`` element provides details of related resources. It will have +one or more child elements which can be either ``advisory`` or ``bug``. An +``advisory`` element includes a ``type`` and ``id`` attribute where ``type`` is +currently allowed to be ``CVE`` and ``id`` is the identifier of the report. A +``bug`` element includes ``tracker`` and ``id`` attributes where ``tracker`` is +allowed to be ``redhat``, ``debian`` or a short name for another vendors' bug +tracker. + +Descriptive data +---------------- + +There are three free form text elements providing descriptive data about the +issue. The data will usually be inside a CDATA block. + +The ``description`` element content is an expanded version of the ``summary`` +element content, describing what the flaw is. + +The ``impact`` element content describes the implications of the security +issue. ie what can a malicious user do with the flaw. + +The ``workaround`` element content describes any steps that an administrator +can take to eliminate or at least mitigate the impact of the flaw. + + +Product data +------------ + +The ``product`` element provides information about the codebase of the affected +products. The ``name`` attribute is the name of a QEMU product, typically based +on the tar.gz archive name with the suffix stripped. This contains a child +``repository`` element which is a URL to the master GIT repository. There is +then one or more ``branch`` elements which details the state of affected +branches. + +The first child of the ``branch`` element is a ``name`` giving the branch name, +eg ``master``, ``v1.0.1-maint``, etc. There are then zero or more ``tag`` or +``change`` child elements with a ``state`` attribute of ``vulnerable`` or +``fixed``. The ``tag`` element content details the name of the GIT tag(s) on +that branch are vulnerable and which tags are fixed. The ``change`` element +content details the GIT hash of the change(s) which both introduce and fix the +flaw. The same vulnerable change hash may appear under multiple ``branch`` +elements since branches will share large portions of their history. The fix +hash will however usually be different. diff --git a/secnotice/README.md b/secnotice/README.md new file mode 100644 index 0000000..643076d --- /dev/null +++ b/secnotice/README.md @@ -0,0 +1,20 @@ +QEMU Security Notices +===================== + +This directory records all QEMU Security Notices that are issued. + +Notices must only added to this directory once any embargo is lifted, since the +GIT repository is fully public. + +Notices are written in XML in a file ``$YEAR/$NUM.xml`` eg ``2014/0001.xml``. +Assign numbers incrementally as new issues are reported. More details on the +XML format can be found in `README-schema.rst``. + +When a new notice is published for the first time, send the text rendering of +the notice to the ``qemu-devel@nongnu.org`` + +When backporting security fixes to ``stable-X.Y`` branches, update the notice +with details of the backported changeset hash. + +When doing a formal stable release, update the notices included with the release +tag name. diff --git a/secnotice/_scripts/index-html.xsl b/secnotice/_scripts/index-html.xsl new file mode 100644 index 0000000..71ae716 --- /dev/null +++ b/secnotice/_scripts/index-html.xsl @@ -0,0 +1,72 @@ + + + + + + + + --- +title: QEMU Security Notices +permalink: +--- + +

+ If you believe you have identified a new security issue in QEMU, please + follow the security process + to report it in a non-public way. Do NOT use the bug tracker, + mailing lists, or IRC to report non-public security issues. +

+ +

+ Alternative formats: [xml] +

+ + + + + + + + + + + + + + + + + + + + + +

QSN-:

+ + diff --git a/secnotice/_scripts/index-xml b/secnotice/_scripts/index-xml new file mode 100755 index 0000000..67de29f --- /dev/null +++ b/secnotice/_scripts/index-xml @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright (C) 2013-2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see +# . + +set -e + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +echo '' +for n in $@ +do + echo " " +done +echo '' diff --git a/secnotice/_scripts/notice-html.xsl b/secnotice/_scripts/notice-html.xsl new file mode 100644 index 0000000..50ba802 --- /dev/null +++ b/secnotice/_scripts/notice-html.xsl @@ -0,0 +1,286 @@ + + + + + + + + + + + + + + + + --- +title: 'QSN-: ' +layout: secnotice +permalink: + + +--- + +

+ +

+ + + + + + + + + + +

+ + + + + +

+ Alternative formats: + + + + + + + + [xml] + + + + + + + + + + [text] + +

+ + + +

Lifecycle

+ + + + + + + + + + + + + +

Reported on:
Published on:
Fixed on:

+ + + +

Credits

+ + + + + + + + + + + + + + + + + + + + + + + +

Reported by:		+ +
Patched by:		+ +

+ + + + + + + CVE- + + + + + + - + + + + + + + + bug # + + + + +

Description

+ +

+ + + +

Impact

+ +

+ + + +

Mitigation

+ +

+ + + + + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Branch: + + + +
Fixed in:	+ + + +
Fixed by:	+ + + +
Merged by:	+ + + +
Broken in:	+ + + +
Broken by:	+ + + +

+ + + diff --git a/secnotice/_scripts/notice-txt.xsl b/secnotice/_scripts/notice-txt.xsl new file mode 100644 index 0000000..dc4c125 --- /dev/null +++ b/secnotice/_scripts/notice-txt.xsl @@ -0,0 +1,277 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + QEMU Security Notice: QSN- + + + ================================== + + + + + + + + + + + + + + + + + Summary: + + + + + + + + + + Reported on: + + + + Published on: + + + + Fixed on: + + + + + + Reported by: + + + + + + < + + > + + + + + + Patched by: + + + + + + < + + > + + + + + + + + + + - + + + + + + bug # + + + + + See also: + + + + + , + + + + + + + + + + + + + + Description + + ----------- + + + + + + + + + + + + + Impact + + ------ + + + + + + + + + + + + + Mitigation + + ---------- + + + + + + + + + + + + + + Related commits + + ---------------- + + + git://git.qemu.org/qemu.git + + https://git.qemu.org/?p=qemu.git + + + + + Branch: + + + + + Broken in: + + + + + Fixed in: + + + + + + + Broken by: + + + + + Fixed by: + + + + + + + + diff --git a/secnotice/_scripts/report-vulnerable-tags.pl b/secnotice/_scripts/report-vulnerable-tags.pl new file mode 100644 index 0000000..3b89efd --- /dev/null +++ b/secnotice/_scripts/report-vulnerable-tags.pl @@ -0,0 +1,135 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Sort::Versions; + +if (int(@ARGV) != 1 && int (@ARGV) != 2) { + die "syntax: $0 BROKEN-COMMIT [MERGED-COMMIT]\n"; +} + +my $broken = shift @ARGV; +my $merged = shift @ARGV; + +sub get_tags { + my @args = @_; + + my @tags; + open GIT, "-|", "git", "tag", @args or + die "cannot query 'git tags @args': $!\n"; + + while () { + chomp; + + # Drop anything except vN.N.N style tags + # where 'N' is only digits. + if (/^v(\d+)(\.\d+)+$/) { + push @tags, $_; + } + } + + close GIT; + + return @tags; +} + +sub get_branch { + my $tag = shift; + + my @branches; + open GIT, "-|", "git", "branch", "--all", "--contains", $tag or + die "cannot query 'git branch --all --contains $tag': $!\n"; + + while () { + chomp; + + if (m,^\s*remotes/origin/(stable-.*)$,) { + push @branches, $1; + } + } + + close GIT; + + return @branches; +} + +my @branches; +my %tags; +my %branches; + +my %merged; +my $mergedtag; + +if (defined $merged) { + for my $tag (get_tags("--contains", $merged)) { + $merged{$tag} = 1; + $mergedtag = $tag unless defined $mergedtag; + } +} + +$branches{"master"} = []; +# Most tags live on master so lets get them first +for my $tag (get_tags("--contains", $broken, "--merged", "master")) { + next if exists $merged{$tag}; + push @{$branches{"master"}}, $tag; + $tags{$tag} = 1; +} +push @branches, "master"; + +# Now we need slower work to find branches for +# few remaining tags +for my $tag (get_tags("--contains", $broken)) { + + next if exists $tags{$tag}; + next if exists $merged{$tag}; + next if $tag =~ /v\d+\.\d+\.9\d/; + + my @tagbranches = get_branch($tag); + if (int(@tagbranches) == 0) { + if ($tag =~ "^v0.10") { + @tagbranches = ("stable-0.10") + } elsif ($tag =~ "^v0") { + @tagbranches = ("master") + } else { + print "Tag $tag doesn't appear in any branch\n"; + next; + } + } + + if (int(@tagbranches) > 1) { + print "Tag $tag appears in multiple branches\n"; + } + + unless (exists($branches{$tagbranches[0]})) { + $branches{$tagbranches[0]} = []; + push @branches, $tagbranches[0]; + } + push @{$branches{$tagbranches[0]}}, $tag; +} + + +foreach my $branch (sort versioncmp @branches) { + print " \n"; + print " $branch\n"; + if ($branch eq "master") { + print " \n"; + if (defined $merged) { + print " $merged\n"; + } else { + print " \n"; + } + if (defined $mergedtag) { + print " $mergedtag\n"; + } else { + print " \n"; + } + } + + foreach my $tag (sort versioncmp @{$branches{$branch}}) { + print " $tag\n"; + } + print " $broken\n"; + + print " \n"; +} diff --git a/secnotice/template.xml b/secnotice/template.xml new file mode 100644 index 0000000..8f8a0d4 --- /dev/null +++ b/secnotice/template.xml @@ -0,0 +1,50 @@ + + XXXX-XXX + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + master + + + + + + + + +