os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

- Split advisories into separate page and make it a table.

Browse source 
- Add link to the new advisory page into the support sidebar.
- Do not include release info in advisory list as it's not that
  interesting in this context.
- Try to make it more clear where to report security issues to.
- Include public key directly on web site instead of referring to FTP
  site.
- Remove some stale information.
- Misc minor cleanup.

Reviewed by:	cperciva, remko, bz (various versions)
This commit is contained in:
Simon L. B. Nielsen 2008-03-01 01:55:27 +00:00
parent c2e4b418c6
commit 9ec94f34b6
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=31574
7 changed files with 157 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
en/security/Makefile
View file

@ -1,4 +1,4 @@
# $FreeBSD: www/en/security/Makefile,v 1.14 2005/09/18 04:33:46 hrs Exp $
# $FreeBSD: www/en/security/Makefile,v 1.15 2008/01/10 04:23:39 murray Exp $
.if exists(../Makefile.conf)
.include "../Makefile.conf"
@ -7,8 +7,12 @@
.include "../Makefile.inc"
.endif
DATA= so_public_key.asc
DOCS= charter.sgml
DOCS+= security.sgml
DOCS+= advisories.sgml
advisories.sgml: advisories.html.inc
INDEXLINK= security.html

26
en/security/advisories.sgml Normal file
View file

@ -0,0 +1,26 @@
<!DOCTYPE HTML PUBLIC "-//FreeBSD//DTD HTML 4.01 Transitional-Based Extension//EN" [
<!ENTITY base CDATA "..">
<!ENTITY date "$FreeBSD$">
<!ENTITY title "FreeBSD Security Advisories">
<!ENTITY % navinclude.support "INCLUDE">
<!ENTITY % developers SYSTEM "../developers.sgml"> %developers;
<!ENTITY advisories.html.inc SYSTEM "advisories.html.inc">
]>
<html>
&header;
<p>This web page contains a list of released FreeBSD Security
Advisories. See the <a href="security.html">FreeBSD Security
Information</a> page for general security information about
&os;.</p>
<p>Issues affecting the FreeBSD Ports Collection are covered in <a
href="http://vuxml.FreeBSD.org/">the FreeBSD VuXML
document</a>.</p>
&advisories.html.inc;
&footer;
</body>
</html>

8
en/security/mkindex.xsl
View file

@ -5,7 +5,7 @@
<!ENTITY title "">
]>
<!-- $FreeBSD: www/en/security/mkindex.xsl,v 1.4 2004/01/17 18:58:07 hrs Exp $ -->
<!-- $FreeBSD: www/en/security/mkindex.xsl,v 1.5 2006/08/19 21:20:52 hrs Exp $ -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:import href="http://www.FreeBSD.org/XML/www/lang/share/sgml/libcommon.xsl"/>
@ -18,10 +18,4 @@
<xsl:with-param name="advisories.xml" select="$advisories.xml" />
</xsl:call-template>
</xsl:template>
<xsl:template name="html-list-advisories-release-label">
<xsl:param name="relname" select="'none'" />
<p><xsl:value-of select="$relname" /> released.</p>
</xsl:template>
</xsl:stylesheet>

116
en/security/security.sgml
View file

@ -1,12 +1,12 @@
<!DOCTYPE HTML PUBLIC "-//FreeBSD//DTD HTML 4.01 Transitional-Based Extension//EN" [
<!ENTITY base CDATA "..">
<!ENTITY date "$FreeBSD: www/en/security/security.sgml,v 1.198 2008/02/27 06:09:13 cperciva Exp $">
<!ENTITY date "$FreeBSD: www/en/security/security.sgml,v 1.199 2008/02/28 05:00:59 simon Exp $">
<!ENTITY title "FreeBSD Security Information">
<!ENTITY % navinclude.support "INCLUDE">
<!ENTITY % developers SYSTEM "../developers.sgml"> %developers;
<!ENTITY advisories.html.inc SYSTEM "advisories.html.inc">
]>
<!-- $FreeBSD: www/en/security/security.sgml,v 1.198 2008/02/27 06:09:13 cperciva Exp $ -->
<!-- $FreeBSD: www/en/security/security.sgml,v 1.199 2008/02/28 05:00:59 simon Exp $ -->
<html>
&header;
@ -15,33 +15,35 @@
<p>This web page is designed to assist both new and experienced
users in the area of FreeBSD security. FreeBSD takes security
very seriously and is constantly working on making the OS as
secure as possible.</p>
<p>Here you will find additional information, or links to
information, on how to protect your system against various types
of attack, on whom to contact if you find a security-related bug,
and so on. There is also a section on the various ways that the
systems programmer can become more security conscious so that he
is less likely to introduce vulnerabilities.</p>
very seriously and is constantly working on making the operating
system as secure as possible.</p>
<h2>Table of Contents</h2>
<ul>
<li><a href="#how">How and Where to report a FreeBSD security issue</a></li>
<li><a href="#how">How and where to report a FreeBSD security issue</a></li>
<li><a href="#sec">Information about the FreeBSD Security Officer</a></li>
<li><a href="charter.html">Charter for the Security Officer and Team</a></li>
<li><a href="#pol">Information handling policies</a></li>
<li><a href="#adv">FreeBSD Security Advisories</a></li>
<li><a href="#sup">Supported FreeBSD Releases</a></li>
</ul>
<h2>Other Security Links</h2>
<ul>
<li><a href="charter.html">Charter for the Security Officer and Team</a></li>
<li><a href="advisories.html">List of FreeBSD Security Advisories</a></li>
<li><a href="&base;/doc/en_US.ISO8859-1/books/handbook/security-advisories.html">
Reading FreeBSD Security Advisories</a></li>
</ul>
<a name="how"></a>
<p>All FreeBSD Security issues should be reported to the <a
<h2>How and where to report a FreeBSD security issue</h2>
<p>All FreeBSD security issues should be reported to the <a
href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a>
or, if a higher level of confidentiality is required, to the <a
href="mailto:security-officer@FreeBSD.org">Security Officer Team</a>.
or, if a higher level of confidentiality is required, PGP encrypted to the <a
href="mailto:security-officer@FreeBSD.org">Security Officer Team</a>
using the <a href="so_public_key.asc">Security Officer PGP key</a>.
All reports should at least contain:</p>
<ul>
@ -55,22 +57,12 @@
a Security Team delegate will get back with you.</p>
<a name=sec></a>
<h2>The FreeBSD Security Officer and the Security Officer Team</h2>
<p>To better coordinate information exchange with others in the
security community, FreeBSD has a focal point for security-related
communications: the FreeBSD Security Officer.</p>
<p>If you need to contact the FreeBSD Project about a possible
security issue, you should therefore <a
href="mailto:security-officer@FreeBSD.org">send mail to the
Security Officer</a> with a description of what you have found and
the type of vulnerability it represents.</p>
<h2>The FreeBSD Security Officer Team and the FreeBSD Security Team</h2>
<p>In order that the FreeBSD Project may respond to vulnerability
reports in a timely manner, there are four members of the Security
reports in a timely manner, there are three members of the Security
Officer mail alias: the Security Officer, Security Officer
Emeritus, Deputy Security Officer, and one Core Team member.
Deputy Security Officer, and one Core Team member.
Therefore, messages sent to the <a
href="mailto:security-officer@FreeBSD.org">&lt;security-officer@FreeBSD.org&gt;</a>
mail alias are currently delivered to:</p>
@ -95,16 +87,10 @@
</table>
<p>The Security Officer is supported by the <a
href="&base;/doc/en_US.ISO8859-1/articles/contributors/staff-listing.html#STAFF-SECTEAM"
>FreeBSD Security Team</a> <a
href="&base;/administration.html#t-secteam" >FreeBSD Security
Team</a> <a
href="mailto:secteam@FreeBSD.org">&lt;secteam@FreeBSD.org&gt;</a>,
a small group of committers
vetted by the Security Officer.</p>
<p>Please use the <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/public_key.asc">Security
Officer PGP key</a> to encrypt your messages to the Security
Officer when appropriate.</p>
a small group of committers vetted by the Security Officer.</p>
<a name="pol"></a>
<h2>Information handling policies</h2>
@ -172,8 +158,8 @@
<p>Submissions may be protected using PGP. If desired, responses
will also be protected using PGP.</p>
<a name=adv></a>
<h2>FreeBSD Security Advisories</h2>
<a name="sup"></a>
<h2>Supported FreeBSD Releases</h2>
<p>The FreeBSD Security Officer provides security advisories for
several branches of FreeBSD development. These are the
@ -182,17 +168,14 @@
<ul>
<li><p>There is usually only a single -STABLE branch, although
during the transition from one major development line to another
(such as from FreeBSD 5.x to 6.x), there is a time span in which
there are two -STABLE branches. The -STABLE branch tags have
names like <tt>RELENG_6</tt>. The corresponding builds have
names like <tt>FreeBSD 6.1-STABLE</tt>.</p></li>
<li><p>The -STABLE branch tags have
names like <tt>RELENG_7</tt>. The corresponding builds have
names like <tt>FreeBSD 7.0-STABLE</tt>.</p></li>
<li><p>Each FreeBSD Release has an associated Security Branch.
The Security Branch tags have names like <tt>RELENG_6_1</tt>.
The Security Branch tags have names like <tt>RELENG_7_0</tt>.
The corresponding builds have names like <tt>FreeBSD
6.1-RELEASE-p1</tt>.</p></li>
7.0-RELEASE-p1</tt>.</p></li>
</ul>
<p>Issues affecting the FreeBSD Ports Collection are covered in <a
@ -303,20 +286,6 @@
encouraged to upgrade to one of the supported releases mentioned
above.</p>
<p>Some statistics about advisories released during 2002:</p>
<ul>
<li>44 advisories of varying severity were issued for the base
system.</li>
<li>12 advisories described vulnerabilities found only in FreeBSD.
The remaining 32 were problems shared with at least one other OS
(often due to shared code).</li>
<li>6 security notices were issued, covering a total of 95 issues
in optional third party applications included in the Ports
Collection.</li>
</ul>
<p>Advisories are sent to the following FreeBSD mailing lists:</p>
<ul>
<li>FreeBSD-security-notifications@FreeBSD.org</li>
@ -324,18 +293,17 @@
<li>FreeBSD-announce@FreeBSD.org</li>
</ul>
<p>Advisories are always signed using the FreeBSD Security Officer
<a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/public_key.asc">PGP
key</a> and are archived, along with their associated
patches, at our <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/index.html">FTP CERT
repository</a>. At the time of this writing, the following
advisories are currently available (note that this list may be a
few days out of date - for the very latest advisories please check
the <a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/">FTP
site</a>):</p>
<p>The list of released advisories can be found on the <a
href="advisories.html">FreeBSD Security Advisories</a> page.</p>
&advisories.html.inc;
<p>Advisories are always signed using the FreeBSD Security Officer
<a href="so_public_key.asc">PGP
key</a> and are archived, along with their associated patches, at
the <a href="http://security.FreeBSD.org/">http://security.FreeBSD.org/</a>
web server in the <a
href="http://security.FreeBSD.org/advisories/">advisories</a> and <a
href="http://security.FreeBSD.org/patches/">patches</a>
subdirectories.</p>
&footer;
</body>

52
en/security/so_public_key.asc Normal file
View file

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (FreeBSD)
mQGiBD1rpGQRBACJ1CQS7VnTTvH3wjscXQed2RoeVi+n3HtxaF9ApJbxb77dXk+/
DL1ZR0bcZ8s7uQ1D5BkrqSHevoA9FlEN02MM9qyIerXter2/ZEporVOG+/XMkIiV
rd3AgVwUnawhOMKTlYmttcOpADKr9RkYvCT6QMqFDXJssbW7gPlEqOzhYwCgoIdD
ygZ5RdfXm/hBnp+oTWadeIED/2WvL/Iy0YheRTSmTvEdK+Cd4xPhmY2SrrvF2+lE
oFIn94C0fJhqKhJp+wGXmQ/h3yF0gcr1NfFBm6y1iztEz2n0ciaEmMf1tu0Y+u+Y
E0/1Igpoj9Kj5xxRJD5wYyDi0qzxP8BhvJ6sKJtO+f6/OIgZ0ITYWakim7d3RrNV
0ditA/0XUvDgdEB0hm7iqR8FbwKNmS8DVKGs+CYrFwSBJ0vUH65WFapbdWbi2uwm
8CDKgSWpS16/PVr/ql84ePWdiVhHYmkkjuWPUFHSUcDiYL8YG9rnymw6Enx3Nyyr
ewiUOJFzWN6/u3O4x2M9ljrQQ1FmmAbw9R4KT/KHOyBC0W+xHbQ3RnJlZUJTRCBT
ZWN1cml0eSBPZmZpY2VyIDxzZWN1cml0eS1vZmZpY2VyQEZyZWVCU0Qub3JnPoha
BBMRAgAaBQI9a6RkBQsHAwIBAxUCAwMWAgECHgECF4AACgkQFdaIBMps37J/wQCg
je4X7iqjNbVDgwpk+98vc+/HoE4An1usSnfAlNcEcd+05ksTw1gPh+h2iEYEExEC
AAYFAj1rq0oACgkQjDKM/xYG25XUdgCfU5F3sYm41Hf28rIlSZzQMat0thcAoI9g
CvTZQ9bKEQbwtFVWIk2weU8ViJwEEwEBAAYFAj1rq2sACgkQVS4eLnPSiKWIFQP/
UYR/wbAka7y0ck0ILV1RRdG2XSnmcb4MSWf/LZwMfmaQ53MC+pHbRWbMZqZVlwrI
RSown9qRvmFT0p47RdJ5ToKS8G8HI9vVJ/tjNU2bYfdtelrwZPvjOJ6Mn4+rzkbL
3OzUOZLqJC0LKvPoBMmTNzsW7Q2gyEMfIujBbnhvz3aJARwEEwEBAAYFAj1rr20A
CgkQZ8KAjzPBYnu5NQf/eSvFPfkLpwQ2HGG5/2n3dfecW+U2FBHh1eULNkREtX+/
AixPveY5wJ6Nl3z1vYqelZN2xw/+ujE92bjEIZPQWM8y2xGZ2ynJPcIsITob2mOQ
v+UePgCun3E3xPRCo+Ob0jhuT45MSoSFYeTw1xgMLbCGN7LowTAG3gzytyJALGGu
awv+V9dUgp6H5GVv7ukTN0OODFg9G9ePbLnkr2/TSjZP9KIth4AYLAOmYqHcssuW
/UCHbzQvoDmo7LZ3lSwlmoTjZ6/Z6QCbHvX0vdP0mDGx/PwXEaVR0+kxtScKHun1
noBBA48AwMNNtZrEHPRVH1vxaSTGYqLtnBV1z+b6UohGBBIRAgAGBQI9a+m2AAoJ
EGxj2gSE0Nfn5VUAoMSonGArly+4U9yM/4uWCvL8mcv2AJ0acJM2ymhDJ1czJ7Jn
hTE8Xo7HsYhGBBMRAgAGBQI9bIKkAAoJEIQ2twt/hoJob64An1BABq6aK4reFRv8
XXTX9984uYxSAJ4gnZLCSdA4U3pHyBsQTr8KtDYdb4hGBBMRAgAGBQI9bVVoAAoJ
EDm2huD+gXpQmA0AoJ8lWlK+7PzyYSWKcItueryfx2uBAJ9Sm0elnPCWc7+gYfol
5MD+X74FYIkAlQMFED3TIstNVigheQUMEQEBa+YD/15yHDEuNRD+6KAeUNLYe0Eg
bSxQmrkQqIm+7ipjjOUX37UJUlar5yzpKyBXv/WvYkvUxklK6YSRd3c7XL7ad9Fc
7II2efTUSOzZYP/xUeK3tFBSn94Lx5cmGjHf4WHPDODQz2nAKqEo2zMMlwCCh1Kz
2GY/hCzqmltplrERjUFAiJwEEwECAAYFAj3dTLAACgkQ4clLRt8d1HE69AP+PDOt
c2wCs5idJB2fkOrLF7QW9QnfGEglBqpa+4vi78iYHQfnm8lM81xPCjnpLSI8Y8tE
7VU4LGRPGC1vxHaCyqGumcPgUCi7lMR/8RGs+5Wt5DsK11zlZ5gN81qys1xRU2qm
hX/HXXQm+Yif39GmnwTXaHGlKYUsqCWcMlaOGdm5Ag0EPWukaRAIAPJl4g1DI4Cw
9fI6Q9Hk46Pwtpgiz4jDe+Yqd0bSUoP4kFD7D6PO4cgLqOz619lMszKVsO1PDzXm
1p2tSJPjIauknqJ4pbUWEhIB7+CkK0B8inVbzY3zDXh1U8ENUrIBrzDkG92TWIQq
TIto0y31gVW+S8HUMqBvKotmnBgTq8I+BWzI+4LGoMnOD57ZwwdKI6Vjn0NJ6wCv
RRwNjBWfErSnlv8JrFcoIsBiTUQkgru/lJYc6x4i07Bq5Lz4R+ug0Ns5/H0crwBp
t0vK7YEHmAGFUiNKZuyUBSWzbiYxhEYec6vKx72AIbnrGxFa8vpjsm1+fOfyVQJd
zpxnr2de2qMAAwUH/0hStQ91RUSp3KwQJ3U0GgnUO0hwRkZEJs40LWkpwblAZW36
IUBteNmQd7KTDaPcNH2PBF5wcu2Ag6+DtIp/zDX3nyJ9naw+arzKHf5vyrGLAEaq
rIonrm/29v1TylFjGpFemOH9JnKHGJ6o95ZSgtl7JYXRD/vSfGNznnMeoJnrlsvE
CcxYutNO+qFGbVpgvOeufMrhWg9ye/bNMGtJOqO/FrZl3kR6/TaTI83lbK5HsSqU
Q3zUjIIwUOKKxRglBQyy6rqDp4zBV18V9kdrb30Q23qUWHmX244nQTZTk/V69V9t
W3Gx1hEkC5kWbztBLWBHEYae0begIT/y+94EeC2IRgQYEQIABgUCPWukaQAKCRAV
1ogEymzfsrpOAJ4oQy5hHzOhKmce9YvLgdzcTNl93QCeKRrlaWusbYfqZn4BQsSp
Yw90evo=
=LTwM
-----END PGP PUBLIC KEY BLOCK-----

56
share/sgml/libcommon.xsl
View file

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE xsl:stylesheet PUBLIC "-//FreeBSD//DTD FreeBSD XSLT 1.0 DTD//EN"
"http://www.FreeBSD.org/XML/www/share/sgml/xslt10-freebsd.dtd">
<!-- $FreeBSD: www/share/sgml/libcommon.xsl,v 1.14 2008/01/16 09:14:18 murray Exp $ -->
<!-- $FreeBSD: www/share/sgml/libcommon.xsl,v 1.15 2008/01/16 09:29:16 murray Exp $ -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0"
@ -715,29 +715,11 @@
<xsl:choose>
<xsl:when test="$type = 'advisory'">
<xsl:for-each select="document($advisories.xml)
/descendant::release">
<xsl:variable name="relname" select="string(name)" />
<xsl:call-template name="html-list-advisories-putitems">
<xsl:with-param name="items" select="document($advisories.xml)
//advisory[$relname = string(following::release/name[1])]" />
<xsl:with-param name="prefix" select="'&ftpbase;'" />
<xsl:with-param name="prefixold" select="'&ftpbaseold;'" />
</xsl:call-template>
<xsl:call-template name="html-list-advisories-release-label">
<xsl:with-param name="relname" select="name" />
</xsl:call-template>
</xsl:for-each>
<xsl:call-template name="html-list-advisories-putitems">
<xsl:with-param name="items" select="document($advisories.xml)
//advisory[not(following::release/name[1])]" />
<xsl:with-param name="prefix" select="'&ftpbase;'" />
<xsl:with-param name="prefixold" select="'&ftpbaseold;'" />
</xsl:call-template>
<xsl:call-template name="html-list-advisories-putitems">
<xsl:with-param name="items" select="document($advisories.xml)//advisory" />
<xsl:with-param name="prefix" select="'&ftpbase;'" />
<xsl:with-param name="prefixold" select="'&ftpbaseold;'" />
</xsl:call-template>
</xsl:when>
<xsl:when test="$type = 'notice'">
@ -777,10 +759,24 @@
<xsl:param name="prefixold" select="''" />
<xsl:if test="$items">
<ul>
<xsl:for-each select="$items">
<li>
<table>
<tr><th>Date</th><th>Advisory name</th></tr>
<xsl:for-each select="$items">
<xsl:variable name="year" select="../../../name" />
<xsl:variable name="month" select="../../name" />
<xsl:variable name="day" select="../name" />
<tr>
<td class="txtdate">
<xsl:value-of select='
concat(format-number($year, "####"), "-",
format-number($month, "00"), "-",
format-number($day, "00"))' />
</td>
<td>
<xsl:choose>
<xsl:when test="@type='release'">
<i><xsl:value-of select="name" /></i>
</xsl:when>
<xsl:when test="@omithref='yes'">
<xsl:value-of select="name" />
</xsl:when>
@ -794,12 +790,12 @@
<a><xsl:attribute name="href">
<xsl:value-of select="concat($prefix, name, '.asc')" />
</xsl:attribute>
<xsl:value-of select="concat(name, '.asc')" /></a>
<xsl:value-of select="name" /></a>
</xsl:otherwise>
</xsl:choose>
</li>
</td></tr>
</xsl:for-each>
</ul>
</table>
</xsl:if>
</xsl:template>

7
share/sgml/navibar.ent
View file

@ -1,4 +1,4 @@
<!-- $FreeBSD: www/share/sgml/navibar.ent,v 1.14 2007/11/24 22:06:01 simon Exp $ -->
<!-- $FreeBSD: www/share/sgml/navibar.ent,v 1.15 2007/11/25 05:44:05 kensmith Exp $ -->
<!ENTITY % navinclude.about "IGNORE">
<![ %navinclude.about; [
@ -171,7 +171,10 @@
<li><a href="&base;/commercial/isp.html">Internet Service Providers</a></li>
<li><a href="&base;/commercial/misc.html">Miscellaneous</a></li>
</ul></li>
<li><a href="&base;/security/">Security Information</a></li>
<li><a href="&base;/security/index.html">Security Information</a>
<ul>
<li><a href="&base;/security/advisories.html">Advisories</a></li>
</ul></li>
<li><a href="&base;/support/bugreports.html">Bug Reports</a>
<ul>
<li><a href="&base;/send-pr.html">Submit a Problem Report</a></li>