5 changed files with 115 additions and 137 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
-/yelp-xsl-*.tar.bz2
+/yelp-xsl-3.28.0.tar.xz
 /yelp-xsl-*.tar.xz
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +1,6 @@
 --- !Policy
 product_versions:
-  - rhel-10
+  - rhel-8
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (yelp-xsl-42.1.tar.xz) = 90c7cc244dba038d6fcc1344adf950640a0affb8e5a1a6945a776d3308bf9b5071320856968f7a31688855a18a872f63553bd643b7776801cc68b182b455fc10
+SHA512 (yelp-xsl-3.28.0.tar.xz) = d57f9a962dc0e2eb797e1030c2c30d56047627f3fdc549c28636a486c9f4fd82c70a34f451f1359612157d791b4c3a82eac8821c43d7336933987cdc1bcf1eb8
--- a/yelp-xsl-CVE-2025-3155.patch
+++ b/yelp-xsl-CVE-2025-3155.patch
@ -0,0 +1,93 @@
 From 2ac7afdcb1bab54fb4e6d5dc9a719659fc9ad87e Mon Sep 17 00:00:00 2001
 From: Shaun McCance <shaunm@redhat.com>
 Date: Fri, 18 Apr 2025 11:31:18 -0400
 Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409
 https://gitlab.gnome.org/GNOME/yelp/-/issues/221
 ---
 xslt/common/html.xsl | 41 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)
 diff --git a/xslt/common/html.xsl b/xslt/common/html.xsl
 index b59984aa..5d8e0d40 100644
 --- a/xslt/common/html.xsl
 +++ b/xslt/common/html.xsl
@@ -225,6 +225,17 @@ prefix the base file name itself.
 <xsl:param name="html.output.prefix" select="''"/>
 +<!--@@==========================================================================
 +html.csp.nonce
 +An optional CSP nonce string to allow the execution of scripts and styles.
 +@revision[version=42.2 date=2025-02-22 status=final]
 +
 +This parameter takes a string value that will be added to the 'nonce' attribute
 +of all 'style' and 'script' tags in the generated HTML output. This paramter is used
 +to whitelist script and style tags that are allowed to be executed.
 +-->
 +<xsl:param name="html.csp.nonce" select="false()"/>
 +
 <!--**==========================================================================
 html.output
 Create an HTML output file.
@@ -819,6 +830,11 @@ dimensions. All parameters can be automatically computed if not provided.
     </xsl:call-template>
   </xsl:param>
   <style type="text/css">
 +    <xsl:if test="$html.csp.nonce">
 +      <xsl:attribute name="nonce">
 +        <xsl:value-of select="$html.csp.nonce" />
 +      </xsl:attribute>
 +    </xsl:if>
     <xsl:call-template name="html.css.content">
       <xsl:with-param name="node" select="$node"/>
       <xsl:with-param name="direction" select="$direction"/>
@@ -2000,6 +2016,11 @@ copy, override this template and provide the necessary files.
   <xsl:param name="node" select="."/>
   <xsl:if test="$node//mml:*[1]">
     <script type="text/javascript">
 +      <xsl:if test="$html.csp.nonce">
 +        <xsl:attribute name="nonce">
 +          <xsl:value-of select="$html.csp.nonce" />
 +        </xsl:attribute>
 +      </xsl:if>
       <xsl:attribute name="src">
         <xsl:text>http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=MML_HTMLorMML</xsl:text>
       </xsl:attribute>
@@ -2023,6 +2044,11 @@ result of *{html.js.content} to that file.
 <xsl:template name="html.js.script">
   <xsl:param name="node" select="."/>
   <script type="text/javascript">
 +    <xsl:if test="$html.csp.nonce">
 +      <xsl:attribute name="nonce">
 +        <xsl:value-of select="$html.csp.nonce" />
 +      </xsl:attribute>
 +    </xsl:if>
     <xsl:call-template name="html.js.content">
       <xsl:with-param name="node" select="$node"/>
     </xsl:call-template>
@@ -2469,8 +2495,19 @@ on all #{code} elements with #{"syntax"} in the class value.
 <xsl:template name="html.js.syntax">
   <xsl:param name="node" select="."/>
   <xsl:if test="$html.syntax.highlight">
 -  <script type="text/javascript" src="{$html.js.root}highlight.pack.js"></script>
 -  <script><![CDATA[
 +    <script type="text/javascript" src="{$html.js.root}highlight.pack.js">
 +      <xsl:if test="$html.csp.nonce">
 +        <xsl:attribute name="nonce">
 +          <xsl:value-of select="$html.csp.nonce" />
 +        </xsl:attribute>
 +      </xsl:if>
 +    </script>
 +    <script>
 +    <xsl:if test="$html.csp.nonce">
 +      <xsl:attribute name="nonce">
 +        <xsl:value-of select="$html.csp.nonce" />
 +      </xsl:attribute>
 +    </xsl:if><![CDATA[
 document.addEventListener('DOMContentLoaded', function() {
   var matches = document.querySelectorAll('code.syntax')
   for (var i = 0; i < matches.length; i++) {
 -- 
 2.49.0
--- a/yelp-xsl.spec
+++ b/yelp-xsl.spec
@ -1,22 +1,22 @@
 %global tarball_version %%(echo %{version} | tr '~' '.')
 Name:           yelp-xsl
-Version:        42.1
+Version:        3.28.0
-Release:        7%{?dist}
+Release:        2%{?dist}.1
 Summary:        XSL stylesheets for the yelp help browser
-License:        GPL-2.0-or-later AND LGPL-2.0-or-later AND MIT AND BSD-3-Clause
+License:        LGPLv2+ and GPLv2+
 Group:          Applications/System
 URL:            https://download.gnome.org/sources/yelp-xsl
-Source0:        https://download.gnome.org/sources/%{name}/42/%{name}-%{tarball_version}.tar.xz
+Source0:        https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
 BuildArch:      noarch
 # https://issues.redhat.com/browse/RHEL-85922
 Patch0:         yelp-xsl-CVE-2025-3155.patch
 BuildRequires:  gcc
 BuildRequires:  itstool
 BuildRequires:  make
 BuildRequires:  python3-libxml2
 BuildRequires:  /usr/bin/ducktype
 BuildRequires:  /usr/bin/xmllint
 BuildRequires:  /usr/bin/xsltproc
 BuildRequires:  intltool
 BuildRequires:  itstool
 %description
 This package contains XSL stylesheets that are used by the yelp help browser.
@ -32,12 +32,13 @@ XSL stylesheets in yelp-xsl.
 %prep
-%autosetup -p1 -n %{name}-%{tarball_version}
+%setup -q
 %patch0 -p1
 %build
 %configure --enable-doc
-%make_build
+make %{?_smp_mflags}
 %install
@ -45,136 +46,21 @@ XSL stylesheets in yelp-xsl.
 %files
-%doc AUTHORS README.md
+%doc README AUTHORS
 %license COPYING COPYING.GPL COPYING.LGPL
 %{_datadir}/yelp-xsl
 %files devel
 %{_datadir}/pkgconfig/yelp-xsl.pc
 %changelog
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 42.1-7
+* Wed Apr 23 2025 David King <dking@redhat.com> - 3.28.0-2.1
- Bump release for October 2024 mass rebuild:
+- Fix CVE-2025-3155 (RHEL-85922)
  Resolves: RHEL-64018
-* Mon Aug 19 2024 Tomas Popela <tpopela@redhat.com> - 42.1-6
+* Sun Jul 22 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.28.0-2
- Update license and move it to SPDX license format
+- Change build dependency to python3-libxml2
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 42.1-5
 - Bump release for June 2024 mass rebuild
 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Mon Sep 19 2022 Kalev Lember <klember@redhat.com> - 42.1-1
 - Update to 42.1
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 42.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Sat Mar 19 2022 David King <amigadave@amigadave.com> - 42.0-1
 - Update to 42.0
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 41.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Tue Dec 07 2021 Kalev Lember <klember@redhat.com> - 41.1-1
 - Update to 41.1
 * Sat Sep 18 2021 Kalev Lember <klember@redhat.com> - 41.0-1
 - Update to 41.0
 * Thu Aug 19 2021 Kalev Lember <klember@redhat.com> - 41~beta-1
 - Update to 41.beta
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 40.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Mon Jun 21 2021 Kalev Lember <klember@redhat.com> - 40.2-1
 - Update to 40.2
 * Mon Mar 22 2021 Kalev Lember <klember@redhat.com> - 40.0-1
 - Update to 40.0
 * Mon Mar 15 2021 Kalev Lember <klember@redhat.com> - 40~rc-1
 - Update to 40.rc
 * Thu Feb 18 2021 Kalev Lember <klember@redhat.com> - 40~beta-1
 - Update to 40.beta
 * Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.38.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Nov 25 2020 Kalev Lember <klember@redhat.com> - 3.38.2-1
 - Update to 3.38.2
 * Mon Oct  5 2020 Kalev Lember <klember@redhat.com> - 3.38.1-1
 - Update to 3.38.1
 * Sat Sep 12 2020 Kalev Lember <klember@redhat.com> - 3.38.0-1
 - Update to 3.38.0
 * Tue Aug 18 2020 David King <amigadave@amigadave.com> - 3.37.90-2
 - Use make_build macro
 * Mon Aug 17 2020 Kalev Lember <klember@redhat.com> - 3.37.90-1
 - Update to 3.37.90
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Sat Mar 07 2020 Kalev Lember <klember@redhat.com> - 3.36.0-1
 - Update to 3.36.0
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.34.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Nov 27 2019 Kalev Lember <klember@redhat.com> - 3.34.2-1
 - Update to 3.34.2
 * Mon Sep 09 2019 Kalev Lember <klember@redhat.com> - 3.34.0-1
 - Update to 3.34.0
 * Tue Sep 03 2019 Kalev Lember <klember@redhat.com> - 3.33.92-1
 - Update to 3.33.92
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.33.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Jul 18 2019 Kalev Lember <klember@redhat.com> - 3.33.4-1
 - Update to 3.33.4
 * Mon Mar 18 2019 Kalev Lember <klember@redhat.com> - 3.32.1-1
 - Update to 3.32.1
 * Mon Mar 11 2019 Kalev Lember <klember@redhat.com> - 3.32.0-1
 - Update to 3.32.0
 * Mon Feb 04 2019 Kalev Lember <klember@redhat.com> - 3.31.90-1
 - Update to 3.31.90
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.30.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Sep 26 2018 Kalev Lember <klember@redhat.com> - 3.30.1-1
 - Update to 3.30.1
 * Thu Sep 06 2018 Kalev Lember <klember@redhat.com> - 3.30.0-1
 - Update to 3.30.0
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.28.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Sun Mar 18 2018 Iryna Shcherbina <ishcherb@redhat.com> - 3.28.0-2
 - Update Python 2 dependency declarations to new packaging standards
  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
 * Mon Mar 12 2018 Kalev Lember <klember@redhat.com> - 3.28.0-1
 - Update to 3.28.0
`@ -1,2 +1 @@`
	`/yelp-xsl-*.tar.bz2`	`/yelp-xsl-3.28.0.tar.xz`
	`/yelp-xsl-*.tar.xz`
`@ -1 +1 @@`
	`SHA512 (yelp-xsl-42.1.tar.xz) = 90c7cc244dba038d6fcc1344adf950640a0affb8e5a1a6945a776d3308bf9b5071320856968f7a31688855a18a872f63553bd643b7776801cc68b182b455fc10`	`SHA512 (yelp-xsl-3.28.0.tar.xz) = d57f9a962dc0e2eb797e1030c2c30d56047627f3fdc549c28636a486c9f4fd82c70a34f451f1359612157d791b4c3a82eac8821c43d7336933987cdc1bcf1eb8`