Add SA_ID to make newentry
ClosedPublic
Actions

Authored by fernape on Sep 24 2023, 5:01 PM.

Details

Reviewers

philip

Group Reviewers

portmgr

Commits

R11:e90a0b117fdc: security/vuxml: Add SA_ID to make newentry

Summary

Automate registration of FreeBSD Security Advisories.

It adds a new parameter for the newentry subcommand accepting a SA ID as present
in the FreeBSD Security Advisories web page

Fills an entry following the common structure for FreeBSD SAs and leaves some
"FIXME" strings in those places that need special care.

Test Plan

Apply patch. Then try:

Example 1:

make newentry SA_ID=FreeBSD-SA-23:11.wifi.asc

Output

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index c31758e8f43f..e9623fc606a9 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,39 @@
+  <vuln vid="171d80e9-5afc-11ee-ac70-b42e991fc52e">
+    <topic>FreeBSD -- Wi-Fi encryption bypass</topic>
+    <affects>
+      <package>
+       <name>FreeBSD</name>
+       <range><lt>FIXME</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>The FreeBSD Project reports:</p>
+       <blockquote cite="https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc">
+         <p>Problem Description: The net80211 subsystem would fallback to the
+       multicast key for unicast traffic in the event the unicast key was
+       removed.  This would result in buffered unicast traffic being exposed
+       to any stations with access to the multicast key.</p>
+       <p>Impact: As described in the "Framing Frames: Bypassing Wi-Fi
+       Encryption by Manipulating Transmit Queues" paper, an attacker can
+       induce an access point to buffer frames for a client, deauthenticate
+       the client (causing the unicast key to be removed from the access
+       point), and subsequent flushing of the buffered frames now encrypted
+       with the multicast key.  This would give the attacker access to the
+       data.</p>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-47522</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-47522 -- FIXME</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="732282a5-5a10-11ee-bca0-001999f8d30b">
     <topic>Mailpit affected by vulnerability in included go markdown module</topic>
     <affects>

Example 2:
make newentry SA_ID=FreeBSD-SA-22:01.vt

Output:

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index c31758e8f43f..a6ee8c8839ea 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,70 @@
+  <vuln vid="339de385-5afc-11ee-ac70-b42e991fc52e">
+    <topic>FreeBSD -- vt console buffer overflow</topic>
+    <affects>
+      <package>
+       <name>FreeBSD</name>
+       <range><lt>FIXME</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>The FreeBSD Project reports:</p>
+       <blockquote cite="https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc">
+         <p>Problem Description: Under certain conditions involving use of the
+       highlight buffer while text is scrolling on the console, console
+       data may overwrite data structures associated with the system console
+       or other kernel memory.</p>
+       <p>Impact: Users with access to the system console may be able to
+       cause system misbehaviour.</p>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-29632</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-29632 -- FIXME</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-24</entry>
+    </dates>
+  </vuln>
+

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 53703
Build 50594: arc lint + arc unit

Event Timeline

fernape created this revision.Sep 24 2023, 5:01 PM

Herald added a subscriber: mat. · View Herald TranscriptSep 24 2023, 5:01 PM

fernape requested review of this revision.Sep 24 2023, 5:01 PM

Harbormaster completed remote builds in B53703: Diff 127718.Sep 24 2023, 5:01 PM

fernape edited the test plan for this revision. (Show Details)Sep 24 2023, 5:04 PM

fernape added reviewers: philip, portmgr.

This is great! Thanks for doing this work. This can save me a lot of time. 😁

security/vuxml/files/newentry.sh
111	Previous FreeBSD SA entries in vuxml don't include a <cveurl>. It was my understanding that generating these was left up to the renderer (e.g. vuxml.org). I'm not opposed to adding these though. In any case, the FIXME should go away.
144	Should we aim for consistency with previous FreeBSD SA vuxml entries here? In that case, the <blockquote> should go away and the Problem Description and Impact titles should be <h1> elements.

Address philip's feedback

Remove FIXME in cveurl
Be consistent with previous SA entries

Harbormaster completed remote builds in B53709: Diff 127737.Sep 25 2023, 9:39 AM

In D41966#956760, @philip wrote:

This is great! Thanks for doing this work. This can save me a lot of time. 😁

Rework the patch a little so we can accommodate the SA-specific format.
New outputs.

Blank entry:

$ make newentry
$ git diff
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a49e84e5e057..05ffb784f868 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,29 @@
+  <vuln vid="926ea252-5b87-11ee-b1e3-b42e991fc52e">
+    <topic> -- </topic>
+    <affects>
+      <package>
+       <name></name>
+       <range><lt></lt></range>
+      </package>
+    </affects>
+    <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>SO-AND-SO reports:</p>
+       <blockquote cite="INSERT URL HERE">
+         <p>.</p>
+       </blockquote>
+       </body>
+    </description>
+    <references>
+      <cvename>INSERT CVE RECORD IF AVAILABLE</cvename>
+      <url>INSERT BLOCKQUOTE URL HERE</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-25</entry>
+    </dates>
+  </vuln>
+

CVE entry:

$ make newentry CVE_ID=CVE-2023-4863
$ git diff
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a49e84e5e057..69d2a507a34c 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,29 @@
+  <vuln vid="b9378b8f-5b87-11ee-b1e3-b42e991fc52e">
+    <topic>google -- null</topic>
+    <affects>
+      <package>
+       <name>google</name>
+       <range><lt>116.0.5845.187</lt></range>
+      </package>
+    </affects>
+    <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>SO-AND-SO reports:</p>
+       <blockquote cite="INSERT URL HERE">
+         <p>.</p>
+       </blockquote>
+       </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-4863</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-4863</url>
+    </references>
+    <dates>
+      <discovery>2023-09-12</discovery>
+      <entry>2023-09-25</entry>
+    </dates>
+  </vuln>
+

SA entry:

$ make newentry SA_ID=FreeBSD-SA-23:11.wifi.asc
$ git diff
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a49e84e5e057..d0d148e41713 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,38 @@
+  <vuln vid="e77dc256-5b87-11ee-b1e3-b42e991fc52e">
+    <topic>FreeBSD -- Wi-Fi encryption bypass</topic>
+    <affects>
+      <package>
+       <name>FreeBSD</name>
+       <range><lt>FIXME</lt></range>
+      </package>
+    </affects>
+    <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+       <h1>Problem Description:</h1>
+         <p>The net80211 subsystem would fallback to the multicast key for
+       unicast traffic in the event the unicast key was removed.  This
+       would result in buffered unicast traffic being exposed to any
+       stations with access to the multicast key.</p>
+       <h1>Impact:</h1>
+         <p>As described in the "Framing Frames: Bypassing Wi-Fi Encryption
+       by Manipulating Transmit Queues" paper, an attacker can induce an
+       access point to buffer frames for a client, deauthenticate the
+       client (causing the unicast key to be removed from the access point),
+       and subsequent flushing of the buffered frames now encrypted with
+       the multicast key.  This would give the attacker access to the
+       data.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-47522</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-47522</url>
+    </references>
+    <dates>
+      <discovery>2023-09-FIXME</discovery>
+      <entry>2023-09-25</entry>
+    </dates>
+  </vuln>
+

fernape marked 2 inline comments as done.Sep 25 2023, 9:46 AM

fernape added inline comments.

security/vuxml/files/newentry.sh
111	I removed the "FIXME". Developers should never blindly trust the output of the script (same way we should not blindly trus `make makeplist`). I added the "FIXME" because I found that sometimes, the CVE might not have a URL (yet) in NVD at the time of creating the entry in `security/vuxml`.
144	Adapted to the previous SAs format.