On Tue, Oct 01, 2019 at 02:28:39PM -0500, Eric Blake wrote: > Copies heavily after a similar addition recently made in nbdkit. > --- > > I'm not sure if .1 or .3 fits better for the man page. With nbdkit, > .1 made sense because 'nbdkit' is a standalone program; but with > libnbd, our only standalone is nbdsh, yet naming it nbdsh-security > seems off.
So the patch is fine, thanks for adding it. I don't think I have a strong opinion about whether the new page should be in section 1 or 3. I would lean towards section 3 because that's where our other man pages have gone, and as you say it's not a command line tool. But it's not a strong preference, so you can decide. Rich. > docs/Makefile.am | 7 +++++++ > docs/libnbd-security.pod | 32 ++++++++++++++++++++++++++++++++ > docs/libnbd.pod | 1 + > Makefile.am | 1 + > .gitignore | 3 ++- > SECURITY | 14 ++++++++++++++ > 6 files changed, 57 insertions(+), 1 deletion(-) > create mode 100644 docs/libnbd-security.pod > create mode 100644 SECURITY > > diff --git a/docs/Makefile.am b/docs/Makefile.am > index df58586..4c99b5d 100644 > --- a/docs/Makefile.am > +++ b/docs/Makefile.am > @@ -38,6 +38,7 @@ generator_built = \ > EXTRA_DIST = \ > $(generator_built) \ > libnbd.pod \ > + libnbd-security.pod \ > nbd_create.pod \ > nbd_close.3 \ > nbd_get_error.3 \ > @@ -48,6 +49,7 @@ if HAVE_POD > > man_MANS = \ > libnbd.3 \ > + libnbd-security.1 \ > nbd_create.3 \ > nbd_close.3 \ > nbd_get_error.3 \ > @@ -73,4 +75,9 @@ libnbd.3: libnbd.pod $(top_builddir)/podwrapper.pl \ > --html $(top_builddir)/html/[email protected] \ > $< > > +libnbd-security.1: libnbd-security.pod > + $(PODWRAPPER) --section=1 --man $@ \ > + --html $(top_builddir)/html/[email protected] \ > + $< > + > endif HAVE_POD > diff --git a/docs/libnbd-security.pod b/docs/libnbd-security.pod > new file mode 100644 > index 0000000..5fe0926 > --- /dev/null > +++ b/docs/libnbd-security.pod > @@ -0,0 +1,32 @@ > +=head1 NAME > + > +libnbd-security - information about past security issues in libnbd > + > +=head1 DESCRIPTION > + > +This page details past security issues found in libnbd. > + > +For how to report new security issues, see the C<SECURITY> file in the > +top level source directory, also available online here: > +L<https://github.com/libguestfs/libnbd/blob/master/SECURITY> > + > +=head2 CVE-2019-14842 > +protocol downgrade attack when using LIBNBD_TLS_REQUIRE > + > +See the full announcement and links to mitigation, tests and fixes > +here: > +https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html > + > +=head1 SEE ALSO > + > +L<libnbd(1)>. > + > +=head1 AUTHORS > + > +Eric Blake > + > +Richard W.M. Jones > + > +=head1 COPYRIGHT > + > +Copyright (C) 2019 Red Hat Inc. > diff --git a/docs/libnbd.pod b/docs/libnbd.pod > index 7bd59f5..e4810f6 100644 > --- a/docs/libnbd.pod > +++ b/docs/libnbd.pod > @@ -830,6 +830,7 @@ > L<https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md>. > > =head2 Other > > +L<libnbd-security(1), > L<qemu(1)>. > > =head1 AUTHORS > diff --git a/Makefile.am b/Makefile.am > index 59918b9..019936f 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -24,6 +24,7 @@ EXTRA_DIST = \ > .gitignore \ > html/pod.css \ > scripts/git.orderfile \ > + SECURITY \ > $(NULL) > > SUBDIRS = \ > diff --git a/.gitignore b/.gitignore > index 9254d1a..ae3e04f 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -37,10 +37,11 @@ Makefile.in > /config.sub > /configure > /depcomp > -/docs/*.3 > +/docs/*.[13] > /docs/*.pod > /docs/Makefile.inc > !/docs/libnbd.pod > +!/docs/libnbd-security.pod > !/docs/nbd_close.3 > !/docs/nbd_create.pod > !/docs/nbd_get_err??.3 > diff --git a/SECURITY b/SECURITY > new file mode 100644 > index 0000000..d9a32d6 > --- /dev/null > +++ b/SECURITY > @@ -0,0 +1,14 @@ > +If you think you've found a serious or potential security bug that you > +don't want to report on a public mailing list, then send email to both > +<[email protected]> and <[email protected]>. > + > +Make it clear in the email Subject line that it's a serious or > +security-related bug in libnbd. > + > +You can also sign and/or encrypt messages using our GPG public keys > +available on the usual keyservers. > + > +For information about past security issues, see > +docs/libnbd-security.pod, or the libnbd-security(1) man page if you > +have installed libnbd, also available online here: > +http://libguestfs.org/libnbd-security.1.html > -- > 2.21.0 > > _______________________________________________ > Libguestfs mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/libguestfs -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
