From a54d4e10d70748d8d3863ad12f14e0669f9f570a Mon Sep 17 00:00:00 2001
From: David King <dking@redhat.com>
Date: Wed, 23 Apr 2025 21:10:53 +0100
Subject: [PATCH] Fix CVE-2025-3155 (RHEL-85922)

Resolves: RHEL-85922
---
 yelp-xsl-CVE-2025-3155.patch | 93 ++++++++++++++++++++++++++++++++++++
 yelp-xsl.spec                |  8 +++-
 2 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 yelp-xsl-CVE-2025-3155.patch

diff --git a/yelp-xsl-CVE-2025-3155.patch b/yelp-xsl-CVE-2025-3155.patch
new file mode 100644
index 0000000..7ef5049
--- /dev/null
+++ b/yelp-xsl-CVE-2025-3155.patch
@@ -0,0 +1,93 @@
+From 2ac7afdcb1bab54fb4e6d5dc9a719659fc9ad87e Mon Sep 17 00:00:00 2001
+From: Shaun McCance <shaunm@redhat.com>
+Date: Fri, 18 Apr 2025 11:31:18 -0400
+Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409
+
+https://gitlab.gnome.org/GNOME/yelp/-/issues/221
+---
+ xslt/common/html.xsl | 41 +++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 39 insertions(+), 2 deletions(-)
+
+diff --git a/xslt/common/html.xsl b/xslt/common/html.xsl
+index b59984aa..5d8e0d40 100644
+--- a/xslt/common/html.xsl
++++ b/xslt/common/html.xsl
+@@ -225,6 +225,17 @@ prefix the base file name itself.
+ <xsl:param name="html.output.prefix" select="''"/>
+ 
+ 
++<!--@@==========================================================================
++html.csp.nonce
++An optional CSP nonce string to allow the execution of scripts and styles.
++@revision[version=42.2 date=2025-02-22 status=final]
++
++This parameter takes a string value that will be added to the 'nonce' attribute
++of all 'style' and 'script' tags in the generated HTML output. This paramter is used
++to whitelist script and style tags that are allowed to be executed.
++-->
++<xsl:param name="html.csp.nonce" select="false()"/>
++
+ <!--**==========================================================================
+ html.output
+ Create an HTML output file.
+@@ -819,6 +830,11 @@ dimensions. All parameters can be automatically computed if not provided.
+     </xsl:call-template>
+   </xsl:param>
+   <style type="text/css">
++    <xsl:if test="$html.csp.nonce">
++      <xsl:attribute name="nonce">
++        <xsl:value-of select="$html.csp.nonce" />
++      </xsl:attribute>
++    </xsl:if>
+     <xsl:call-template name="html.css.content">
+       <xsl:with-param name="node" select="$node"/>
+       <xsl:with-param name="direction" select="$direction"/>
+@@ -2000,6 +2016,11 @@ copy, override this template and provide the necessary files.
+   <xsl:param name="node" select="."/>
+   <xsl:if test="$node//mml:*[1]">
+     <script type="text/javascript">
++      <xsl:if test="$html.csp.nonce">
++        <xsl:attribute name="nonce">
++          <xsl:value-of select="$html.csp.nonce" />
++        </xsl:attribute>
++      </xsl:if>
+       <xsl:attribute name="src">
+         <xsl:text>http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=MML_HTMLorMML</xsl:text>
+       </xsl:attribute>
+@@ -2023,6 +2044,11 @@ result of *{html.js.content} to that file.
+ <xsl:template name="html.js.script">
+   <xsl:param name="node" select="."/>
+   <script type="text/javascript">
++    <xsl:if test="$html.csp.nonce">
++      <xsl:attribute name="nonce">
++        <xsl:value-of select="$html.csp.nonce" />
++      </xsl:attribute>
++    </xsl:if>
+     <xsl:call-template name="html.js.content">
+       <xsl:with-param name="node" select="$node"/>
+     </xsl:call-template>
+@@ -2469,8 +2495,19 @@ on all #{code} elements with #{"syntax"} in the class value.
+ <xsl:template name="html.js.syntax">
+   <xsl:param name="node" select="."/>
+   <xsl:if test="$html.syntax.highlight">
+-  <script type="text/javascript" src="{$html.js.root}highlight.pack.js"></script>
+-  <script><![CDATA[
++    <script type="text/javascript" src="{$html.js.root}highlight.pack.js">
++      <xsl:if test="$html.csp.nonce">
++        <xsl:attribute name="nonce">
++          <xsl:value-of select="$html.csp.nonce" />
++        </xsl:attribute>
++      </xsl:if>
++    </script>
++    <script>
++    <xsl:if test="$html.csp.nonce">
++      <xsl:attribute name="nonce">
++        <xsl:value-of select="$html.csp.nonce" />
++      </xsl:attribute>
++    </xsl:if><![CDATA[
+ document.addEventListener('DOMContentLoaded', function() {
+   var matches = document.querySelectorAll('code.syntax')
+   for (var i = 0; i < matches.length; i++) {
+-- 
+2.49.0
+
diff --git a/yelp-xsl.spec b/yelp-xsl.spec
index 2eb47b0..b026576 100644
--- a/yelp-xsl.spec
+++ b/yelp-xsl.spec
@@ -1,6 +1,6 @@
 Name:           yelp-xsl
 Version:        3.28.0
-Release:        2%{?dist}
+Release:        2%{?dist}.1
 Summary:        XSL stylesheets for the yelp help browser
 
 License:        LGPLv2+ and GPLv2+
@@ -8,6 +8,8 @@ Group:          Applications/System
 URL:            https://download.gnome.org/sources/yelp-xsl
 Source0:        https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
 BuildArch:      noarch
+# https://issues.redhat.com/browse/RHEL-85922
+Patch0:         yelp-xsl-CVE-2025-3155.patch
 
 BuildRequires:  python3-libxml2
 BuildRequires:  /usr/bin/xmllint
@@ -31,6 +33,7 @@ XSL stylesheets in yelp-xsl.
 
 %prep
 %setup -q
+%patch0 -p1
 
 
 %build
@@ -53,6 +56,9 @@ make %{?_smp_mflags}
 
 
 %changelog
+* Wed Apr 23 2025 David King <dking@redhat.com> - 3.28.0-2.1
+- Fix CVE-2025-3155 (RHEL-85922)
+
 * Sun Jul 22 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.28.0-2
 - Change build dependency to python3-libxml2