6 changed files with 3 additions and 108 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/yelp-xsl-3.28.0.tar.xz
+SOURCES/yelp-xsl-3.28.0.tar.xz
--- a/.yelp-xsl.metadata
+++ b/.yelp-xsl.metadata
@ -0,0 +1 @@
+56dab2c93d5932aab5a24d3339ad404111e8f840 SOURCES/yelp-xsl-3.28.0.tar.xz
--- a/SPECS/yelp-xsl.spec
+++ b/SPECS/yelp-xsl.spec
@ -1,6 +1,6 @@
 Name:           yelp-xsl
 Version:        3.28.0
-Release:        2%{?dist}.1
+Release:        2%{?dist}
 Summary:        XSL stylesheets for the yelp help browser

 License:        LGPLv2+ and GPLv2+
@ -8,8 +8,6 @@ Group:          Applications/System
 URL:            https://download.gnome.org/sources/yelp-xsl
 Source0:        https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
 BuildArch:      noarch
-# https://issues.redhat.com/browse/RHEL-85922
-Patch0:         yelp-xsl-CVE-2025-3155.patch

 BuildRequires:  python3-libxml2
 BuildRequires:  /usr/bin/xmllint
@ -33,7 +31,6 @@ XSL stylesheets in yelp-xsl.

 %prep
 %setup -q
-%patch0 -p1


 %build
@ -56,9 +53,6 @@ make %{?_smp_mflags}


 %changelog
-* Wed Apr 23 2025 David King <dking@redhat.com> - 3.28.0-2.1
- Fix CVE-2025-3155 (RHEL-85922)
-
 * Sun Jul 22 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.28.0-2
 - Change build dependency to python3-libxml2

--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
--- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}
--- a/1
+++ b/1
@ -1 +0,0 @@
-SHA512 (yelp-xsl-3.28.0.tar.xz) = d57f9a962dc0e2eb797e1030c2c30d56047627f3fdc549c28636a486c9f4fd82c70a34f451f1359612157d791b4c3a82eac8821c43d7336933987cdc1bcf1eb8
--- a/yelp-xsl-CVE-2025-3155.patch
+++ b/yelp-xsl-CVE-2025-3155.patch
@ -1,93 +0,0 @@
-From 2ac7afdcb1bab54fb4e6d5dc9a719659fc9ad87e Mon Sep 17 00:00:00 2001
-From: Shaun McCance <shaunm@redhat.com>
-Date: Fri, 18 Apr 2025 11:31:18 -0400
-Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409
-
-https://gitlab.gnome.org/GNOME/yelp/-/issues/221
---
- xslt/common/html.xsl | 41 +++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 39 insertions(+), 2 deletions(-)
-
-diff --git a/xslt/common/html.xsl b/xslt/common/html.xsl
-index b59984aa..5d8e0d40 100644
--- a/xslt/common/html.xsl
-+++ b/xslt/common/html.xsl
-@@ -225,6 +225,17 @@ prefix the base file name itself.
- <xsl:param name="html.output.prefix" select="''"/>
- 
- 
-+<!--@@==========================================================================
-+html.csp.nonce
-+An optional CSP nonce string to allow the execution of scripts and styles.
-+@revision[version=42.2 date=2025-02-22 status=final]
-+
-+This parameter takes a string value that will be added to the 'nonce' attribute
-+of all 'style' and 'script' tags in the generated HTML output. This paramter is used
-+to whitelist script and style tags that are allowed to be executed.
-+-->
-+<xsl:param name="html.csp.nonce" select="false()"/>
-+
- <!--**==========================================================================
- html.output
- Create an HTML output file.
-@@ -819,6 +830,11 @@ dimensions. All parameters can be automatically computed if not provided.
-     </xsl:call-template>
-   </xsl:param>
-   <style type="text/css">
-+    <xsl:if test="$html.csp.nonce">
-+      <xsl:attribute name="nonce">
-+        <xsl:value-of select="$html.csp.nonce" />
-+      </xsl:attribute>
-+    </xsl:if>
-     <xsl:call-template name="html.css.content">
-       <xsl:with-param name="node" select="$node"/>
-       <xsl:with-param name="direction" select="$direction"/>
-@@ -2000,6 +2016,11 @@ copy, override this template and provide the necessary files.
-   <xsl:param name="node" select="."/>
-   <xsl:if test="$node//mml:*[1]">
-     <script type="text/javascript">
-+      <xsl:if test="$html.csp.nonce">
-+        <xsl:attribute name="nonce">
-+          <xsl:value-of select="$html.csp.nonce" />
-+        </xsl:attribute>
-+      </xsl:if>
-       <xsl:attribute name="src">
-         <xsl:text>http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=MML_HTMLorMML</xsl:text>
-       </xsl:attribute>
-@@ -2023,6 +2044,11 @@ result of *{html.js.content} to that file.
- <xsl:template name="html.js.script">
-   <xsl:param name="node" select="."/>
-   <script type="text/javascript">
-+    <xsl:if test="$html.csp.nonce">
-+      <xsl:attribute name="nonce">
-+        <xsl:value-of select="$html.csp.nonce" />
-+      </xsl:attribute>
-+    </xsl:if>
-     <xsl:call-template name="html.js.content">
-       <xsl:with-param name="node" select="$node"/>
-     </xsl:call-template>
-@@ -2469,8 +2495,19 @@ on all #{code} elements with #{"syntax"} in the class value.
- <xsl:template name="html.js.syntax">
-   <xsl:param name="node" select="."/>
-   <xsl:if test="$html.syntax.highlight">
-  <script type="text/javascript" src="{$html.js.root}highlight.pack.js"></script>
-  <script><![CDATA[
-+    <script type="text/javascript" src="{$html.js.root}highlight.pack.js">
-+      <xsl:if test="$html.csp.nonce">
-+        <xsl:attribute name="nonce">
-+          <xsl:value-of select="$html.csp.nonce" />
-+        </xsl:attribute>
-+      </xsl:if>
-+    </script>
-+    <script>
-+    <xsl:if test="$html.csp.nonce">
-+      <xsl:attribute name="nonce">
-+        <xsl:value-of select="$html.csp.nonce" />
-+      </xsl:attribute>
-+    </xsl:if><![CDATA[
- document.addEventListener('DOMContentLoaded', function() {
-   var matches = document.querySelectorAll('code.syntax')
-   for (var i = 0; i < matches.length; i++) {
-- 
-2.49.0
-
				`@ -0,0 +1 @@`
				`56dab2c93d5932aab5a24d3339ad404111e8f840 SOURCES/yelp-xsl-3.28.0.tar.xz`
				`@ -1 +0,0 @@`
				`SHA512 (yelp-xsl-3.28.0.tar.xz) = d57f9a962dc0e2eb797e1030c2c30d56047627f3fdc549c28636a486c9f4fd82c70a34f451f1359612157d791b4c3a82eac8821c43d7336933987cdc1bcf1eb8`