Merge branch 'feature/cves' into premerge

This commit is contained in:
Jonas Schäfer 2021-05-25 17:08:51 +02:00
commit 17e545543c
6 changed files with 64 additions and 6 deletions

View File

@ -53,6 +53,12 @@
<email>georg@op-co.de</email> <email>georg@op-co.de</email>
<jid>georg@yax.im</jid> <jid>georg@yax.im</jid>
</author> </author>
<revision>
<version>0.13.4</version>
<date>2021-05-25</date>
<initials>gl</initials>
<remark><p>Add CVE references</p></remark>
</revision>
<revision> <revision>
<version>0.13.3</version> <version>0.13.3</version>
<date>2021-03-23</date> <date>2021-03-23</date>
@ -533,6 +539,9 @@
<li>any copies that do not meet this requirement MUST be ignored.</li> <li>any copies that do not meet this requirement MUST be ignored.</li>
</ul> </ul>
<p>Outbound chat messages that are encrypted end-to-end are not often useful to receive on other resources. As such, they should use the &lt;private/&gt; element specified above to avoid such copying, unless the encryption mechanism is able to accommodate this protocol.</p> <p>Outbound chat messages that are encrypted end-to-end are not often useful to receive on other resources. As such, they should use the &lt;private/&gt; element specified above to avoid such copying, unless the encryption mechanism is able to accommodate this protocol.</p>
<cve id="2017-5589" url="https://rt-solutions.de/en/cve-2017-5589_xmpp_carbons/">Multiple XMPP Clients User Impersonation Vulnerability</cve>
<cve id="2019-16235" url="https://gultsch.de/dino_multiple.html">Multiple Vulnerabilities found in Dino</cve>
<cve id="2020-26547" url="https://monal.im/blog/cve-2020-26547/">Missing sender verification for Carbons and MAM in Monal before 4.9</cve>
</section1> </section1>
<section1 topic='IANA Considerations' anchor='iana'> <section1 topic='IANA Considerations' anchor='iana'>
<p>This document requires no interaction with &IANA;.</p> <p>This document requires no interaction with &IANA;.</p>

View File

@ -109,6 +109,8 @@
<query xmlns='http://jabber.org/protocol/disco#items'/> <query xmlns='http://jabber.org/protocol/disco#items'/>
</iq> </iq>
]]></example> ]]></example>
<cve id="2017-5589" url="https://rt-solutions.de/en/cve-2017-5589_xmpp_carbons/">Name of a CVE relevant to the XEP</cve>
<cve id="2017-5589">Another CVE with no primary source</cve>
<section3 topic='3rd Level Heading' anchor='syling-examples-3rd'> <section3 topic='3rd Level Heading' anchor='syling-examples-3rd'>
<p>Text in a Sub-Sub-Section.</p> <p>Text in a Sub-Sub-Section.</p>
<section4 topic='4th Level Heading' anchor='syling-examples-4th'> <section4 topic='4th Level Heading' anchor='syling-examples-4th'>

16
xep.dtd
View File

@ -68,27 +68,27 @@ THE SOFTWARE.
<!ELEMENT initials (#PCDATA)* > <!ELEMENT initials (#PCDATA)* >
<!ELEMENT remark (#PCDATA | p | ul)* > <!ELEMENT remark (#PCDATA | p | ul)* >
<!ELEMENT councilnote (#PCDATA)* > <!ELEMENT councilnote (#PCDATA)* >
<!ELEMENT section1 ( div | p | section2 | example | code | ul | ol | dl | table )* > <!ELEMENT section1 ( div | p | section2 | example | code | cve | ul | ol | dl | table )* >
<!ATTLIST section1 <!ATTLIST section1
topic CDATA '' topic CDATA ''
anchor CDATA '' > anchor CDATA '' >
<!ELEMENT section2 ( div | p | section3 | example | code | ul | ol | dl | table )* > <!ELEMENT section2 ( div | p | section3 | example | code | cve | ul | ol | dl | table )* >
<!ATTLIST section2 <!ATTLIST section2
topic CDATA '' topic CDATA ''
anchor CDATA '' > anchor CDATA '' >
<!ELEMENT section3 ( div | p | section4 | example | code | ul | ol | dl | table )* > <!ELEMENT section3 ( div | p | section4 | example | code | cve | ul | ol | dl | table )* >
<!ATTLIST section3 <!ATTLIST section3
topic CDATA '' topic CDATA ''
anchor CDATA '' > anchor CDATA '' >
<!ELEMENT section4 ( div | p | section5 | example | code | ul | ol | dl | table )* > <!ELEMENT section4 ( div | p | section5 | example | code | cve | ul | ol | dl | table )* >
<!ATTLIST section4 <!ATTLIST section4
topic CDATA '' topic CDATA ''
anchor CDATA '' > anchor CDATA '' >
<!ELEMENT section5 ( div | p | example | code | ul | ol | dl | table )* > <!ELEMENT section5 ( div | p | example | code | cve | ul | ol | dl | table )* >
<!ATTLIST section5 <!ATTLIST section5
topic CDATA '' topic CDATA ''
anchor CDATA '' > anchor CDATA '' >
<!ELEMENT div ( #PCDATA | div | p | example | code | ul | ol | dl | table | blockquote )* > <!ELEMENT div ( #PCDATA | div | p | example | code | cve | ul | ol | dl | table | blockquote )* >
<!ATTLIST div <!ATTLIST div
class CDATA '' class CDATA ''
style CDATA '' > style CDATA '' >
@ -130,6 +130,10 @@ THE SOFTWARE.
<!ATTLIST example caption CDATA '' > <!ATTLIST example caption CDATA '' >
<!ELEMENT code (#PCDATA | span | em | strong)* > <!ELEMENT code (#PCDATA | span | em | strong)* >
<!ATTLIST code caption CDATA '' > <!ATTLIST code caption CDATA '' >
<!ELEMENT cve (#PCDATA)* >
<!ATTLIST cve
id CDATA ''
url CDATA '' >
<!ELEMENT table (tr)* > <!ELEMENT table (tr)* >
<!ATTLIST table caption CDATA '' > <!ATTLIST table caption CDATA '' >
<!ELEMENT tr ( th | td )* > <!ELEMENT tr ( th | td )* >

16
xep.xsd
View File

@ -209,6 +209,7 @@ THE SOFTWARE.
<xs:complexType> <xs:complexType>
<xs:choice maxOccurs='unbounded'> <xs:choice maxOccurs='unbounded'>
<xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='cve' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/>
@ -227,6 +228,7 @@ THE SOFTWARE.
<xs:complexType> <xs:complexType>
<xs:choice maxOccurs='unbounded'> <xs:choice maxOccurs='unbounded'>
<xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='cve' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/>
@ -245,6 +247,7 @@ THE SOFTWARE.
<xs:complexType> <xs:complexType>
<xs:choice maxOccurs='unbounded'> <xs:choice maxOccurs='unbounded'>
<xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='cve' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/>
@ -263,6 +266,7 @@ THE SOFTWARE.
<xs:complexType> <xs:complexType>
<xs:choice maxOccurs='unbounded'> <xs:choice maxOccurs='unbounded'>
<xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='cve' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='div' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='dl' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/>
@ -283,6 +287,7 @@ THE SOFTWARE.
<xs:element ref='p' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='p' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='example' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='code' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='cve' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='ul' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='ul' minOccurs='0' maxOccurs='unbounded'/>
<xs:element ref='ol' minOccurs='0' maxOccurs='unbounded'/> <xs:element ref='ol' minOccurs='0' maxOccurs='unbounded'/>
</xs:choice> </xs:choice>
@ -379,6 +384,17 @@ THE SOFTWARE.
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element name='cve'>
<xs:complexType>
<xs:simpleContent>
<xs:extension base='xs:string'>
<xs:attribute name='id' use='required'/>
<xs:attribute name='url' use='optional'/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name='table'> <xs:element name='table'>
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>

20
xep.xsl
View File

@ -1049,6 +1049,26 @@ content: "XEP-<xsl:value-of select='/xep/header/number'/>";
</figure> </figure>
</xsl:template> </xsl:template>
<xsl:template match='cve'>
<figure class='cve'>
<figcaption>CVE-<xsl:value-of select='@id'/>
(<a><xsl:attribute name='href'>https://nvd.nist.gov/vuln/detail/CVE-<xsl:value-of select='@id'/></xsl:attribute>NIST</a>,
<a><xsl:attribute name='href'>https://cve.mitre.org/cgi-bin/cvename.cgi?name=<xsl:value-of select='@id'/></xsl:attribute>Mitre</a>)
</figcaption>
<xsl:choose>
<xsl:when test="@url != ''">
<a>
<xsl:attribute name='href'><xsl:value-of select='@url'/></xsl:attribute>
<xsl:apply-templates/>
</a>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates/>
</xsl:otherwise>
</xsl:choose>
</figure>
</xsl:template>
<xsl:template match='img'> <xsl:template match='img'>
<img> <img>
<xsl:attribute name='alt'><xsl:value-of select='@alt'/></xsl:attribute> <xsl:attribute name='alt'><xsl:value-of select='@alt'/></xsl:attribute>

View File

@ -1290,6 +1290,10 @@
padding: 1.5em; padding: 1.5em;
border: 1px solid rgba(19, 181, 234, 1.0); border: 1px solid rgba(19, 181, 234, 1.0);
} }
figure.cve {
padding: 1.5em;
border: 5px solid rgba(180, 0, 0, 1.0);
}
figure > figcaption { figure > figcaption {
margin-bottom: 0.5em; margin-bottom: 0.5em;
@ -1707,6 +1711,9 @@
figure.example { figure.example {
background-color: #282828; background-color: #282828;
} }
figure.cve {
border: 5px solid rgba(120, 0, 0, 1.0);
}
.box { .box {
color: #ccc; color: #ccc;