#14887: thunderbird-78.9.1
-------------------------+---------------------
Reporter: renodr | Owner: timtas
Type: enhancement | Status: closed
Priority: normal | Milestone: 10.2
Component: BOOK | Version: SVN
Severity: normal | Resolution: fixed
Keywords: |
-------------------------+---------------------
Comment (by ken@…):
First you need to follow the git editors guide to clone the lfswww
repository.
Within that, the files are in blfs/advisories/
First go to consolidated.html. There is quite a long commented note about
what to do.
Please read that.
After the comments you will find the latest advisory, with older ones
below it. Note that the id link (above the h4 header) starts sa- to make
the html validation tool happy, and
that emphasis is now shown with <em>...</em> instead of <b> or <i>.
It is often easiest to find an earlier link for the same package -
sa-10.1-012 seems a nice short one, you could copy that as a basis (e.g.
the links to the books should be correct). In this case the mozilla
advisory is mfsa2021-13/ and the severity is Medium.
Change the text as necessary, add cve links to nvd, or else to mitre, if
they exist and are informative. In the general case, start searching for
other links if nothing was found (for mozilla, the mfsa will normally say
something, other vulnerabilities might need a summary of what the problem
is).
When you think you have got the consolidated item correct, check it in
your browser. If you are doing the edit on your desktop machine, no
problem. I keep my repos on my local server and render the books via
apache. In my case I need to set files to point to where the books should
be rendered, and for advisories and errata I have symlinks pointing to the
blfs/advisories/ and blfs/errata/ directories (and also for lfs).
If the new consolidated item looks ok and the links (both external and to
the dev books) work, you can then do the second part:
Edit 10.1.html (i.e. the name changes after each release). This is ordered
alphabetically, except when I've screwed up, and within the package newest
updates come first.
You will see there is a commented <h3>PackageName</h3> as a guide. We now
have sa- id's on each item, which allows links to other packages if needed
(it is not normally needed).
Find where the new advisory belongs, copy the id and h4 from
consolidated,html with a note of the problem (often short). Finish with:
To fix this(or these) update to PackageName-x.y.z or
later. Follow that with a link to the consolidated page (remember to
change the link number if copying it).
For thunderbird there is a standard paragraph (italic, using css because
it is a whole paragraph) which comes before the newest thunderbird
advisory.
We now try to use upstream's preferred capitalization, if there is one.
Take a look at the existing items (and in the general case, perhaps
previous existing items in 10.0).
Again, check the file in your browser, and check that the link to
consolidated goes to the right item (it should be the first item on the
consolidated page).
When ready, push. If I am ever doing a lot, and suspect someone else might
be doing something, I try to first do the consolidated, push that to grab
the numbers, and then do the rest.