26 changed files with 3 additions and 132 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/yelp-3.28.1.tar.xz
+SOURCES/yelp-3.28.1.tar.xz
--- a/.yelp.metadata
+++ b/.yelp.metadata
@ -0,0 +1 @@
 2781090d6dc3227212de46b04de88c92053b8340 SOURCES/yelp-3.28.1.tar.xz
--- a/SOURCES/0001-Add-gnu_printf-format-attribute-to-yelp_debug.patch
+++ b/SOURCES/0001-Add-gnu_printf-format-attribute-to-yelp_debug.patch
--- a/SOURCES/0001-Center-new-windows.patch
+++ b/SOURCES/0001-Center-new-windows.patch
--- a/SOURCES/0001-Fix-build-with-GCC-8.patch
+++ b/SOURCES/0001-Fix-build-with-GCC-8.patch
--- a/SOURCES/0002-Check-whether-document-has-a-root-element-before-acc.patch
+++ b/SOURCES/0002-Check-whether-document-has-a-root-element-before-acc.patch
--- a/SOURCES/0003-Check-whether-the-index-variable-is-valid-before-der.patch
+++ b/SOURCES/0003-Check-whether-the-index-variable-is-valid-before-der.patch
--- a/SOURCES/0004-Correctly-check-whether-virtual-method-is-implemente.patch
+++ b/SOURCES/0004-Correctly-check-whether-virtual-method-is-implemente.patch
--- a/SOURCES/0005-Check-whether-variable-node-is-set-before-dereferenc.patch
+++ b/SOURCES/0005-Check-whether-variable-node-is-set-before-dereferenc.patch
--- a/SOURCES/0006-Fix-a-use-of-an-uninitialized-variable.patch
+++ b/SOURCES/0006-Fix-a-use-of-an-uninitialized-variable.patch
--- a/SOURCES/0007-Check-whether-the-index-variable-is-valid-before-der.patch
+++ b/SOURCES/0007-Check-whether-the-index-variable-is-valid-before-der.patch
--- a/SOURCES/0008-Check-whether-parser-is-null-before-dereferencing-it.patch
+++ b/SOURCES/0008-Check-whether-parser-is-null-before-dereferencing-it.patch
--- a/SOURCES/0009-Avoid-possible-overrun-while-comparing-to-MAN_FONTS.patch
+++ b/SOURCES/0009-Avoid-possible-overrun-while-comparing-to-MAN_FONTS.patch
--- a/SOURCES/0010-Increase-the-size-of-string-variables-passed-to-ssca.patch
+++ b/SOURCES/0010-Increase-the-size-of-string-variables-passed-to-ssca.patch
--- a/SOURCES/0011-Initialize-ws_start-variable-before-returning-it.patch
+++ b/SOURCES/0011-Initialize-ws_start-variable-before-returning-it.patch
--- a/SOURCES/0012-Swap-the-if-checks-to-avoid-possible-null-pointer-de.patch
+++ b/SOURCES/0012-Swap-the-if-checks-to-avoid-possible-null-pointer-de.patch
--- a/SOURCES/0013-Check-the-strstr-return-value-before-using-it.patch
+++ b/SOURCES/0013-Check-the-strstr-return-value-before-using-it.patch
--- a/SOURCES/0014-Check-variable-before-dereferencing-it.patch
+++ b/SOURCES/0014-Check-variable-before-dereferencing-it.patch
--- a/SOURCES/0015-Remove-unused-variable.patch
+++ b/SOURCES/0015-Remove-unused-variable.patch
--- a/SOURCES/0016-Fix-possible-double-free.patch
+++ b/SOURCES/0016-Fix-possible-double-free.patch
--- a/SOURCES/0017-Remove-the-unused-encoding-and-language-code-from-Ye.patch
+++ b/SOURCES/0017-Remove-the-unused-encoding-and-language-code-from-Ye.patch
--- a/SOURCES/yelp-quit.patch
+++ b/SOURCES/yelp-quit.patch
--- a/SPECS/yelp.spec
+++ b/SPECS/yelp.spec
@ -3,7 +3,7 @@
 Name:          yelp
 Epoch:         2
 Version:       3.28.1
-Release:       3%{?dist}.1
+Release:       3%{?dist}
 Summary:       Help browser for the GNOME desktop
 Group:         Applications/System
@ -35,8 +35,6 @@ Patch18:       0016-Fix-possible-double-free.patch
 Patch19:       0017-Remove-the-unused-encoding-and-language-code-from-Ye.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1638876
 Patch20:       yelp-quit.patch
 # https://issues.redhat.com/browse/RHEL-85922
 Patch21:       yelp-CVE-2025-3155.patch
 BuildRequires: pkgconfig(gtk+-3.0)
 BuildRequires: pkgconfig(liblzma)
@ -126,9 +124,6 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/yelp.desktop
 %changelog
 * Wed Apr 23 2025 David King <dking@redhat.com> - 2:3.28.1-3.1
 - Fix CVE-2025-3155 (RHEL-85922)
 * Mon Oct 15 2018 Tomas Popela <tpopela@redhat.com> - 2:3.28.1-3
 - Add the Quit entry to the app menu
 - Handle Ctrl+Q shortcut for quitting the application
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-8
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}
--- a/1
+++ b/1
@ -1 +0,0 @@
 SHA512 (yelp-3.28.1.tar.xz) = e37d4bc3b22b4f84654f25d68ba0a09016bec01d3b50e1158612dc8d3ae64b59f7882f25a3ed4dd1d9c9674b99e57d1ba207332ea088a2be8c082f329704c229
--- a/yelp-CVE-2025-3155.patch
+++ b/yelp-CVE-2025-3155.patch
@ -1,118 +0,0 @@
 From 7ecd58dc0ca7bf9d0acb00bf04194a0cb6e8b724 Mon Sep 17 00:00:00 2001
 From: Shaun McCance <shaunm@gnome.org>
 Date: Fri, 18 Apr 2025 11:33:01 -0400
 Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409
 https://gitlab.gnome.org/GNOME/yelp/-/issues/221
 ---
 data/xslt/mal2html.xsl.in    |  5 +++++
 data/xslt/man2html.xsl.in    |  2 +-
 data/xslt/yelp-common.xsl.in |  7 +++++++
 libyelp/yelp-transform.c     | 19 +++++++++++++++++++
 libyelp/yelp-view.c          |  2 +-
 5 files changed, 33 insertions(+), 2 deletions(-)
 diff --git a/data/xslt/mal2html.xsl.in b/data/xslt/mal2html.xsl.in
 index 9e44b734..0a74da55 100644
 --- a/data/xslt/mal2html.xsl.in
 +++ b/data/xslt/mal2html.xsl.in
@@ -19,6 +19,11 @@
 <xsl:param name="mal.link.prefix" select="'xref:'"/>
 <xsl:param name="mal.link.extension" select="''"/>
 +<xsl:template name="html.head.top.custom">
 +  <xsl:param name="node" select="."/>
 +  <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'nonce-{$html.csp.nonce}'; "/>
 +</xsl:template>
 +
 <xsl:template name="mal.link.target.custom">
   <xsl:param name="node" select="."/>
   <xsl:param name="action" select="$node/@action"/>
 diff --git a/data/xslt/man2html.xsl.in b/data/xslt/man2html.xsl.in
 index 676ce3eb..56bc1f5c 100644
 --- a/data/xslt/man2html.xsl.in
 +++ b/data/xslt/man2html.xsl.in
@@ -131,7 +131,7 @@
   the correct styling and a single character which we measure the
   width of and update each sheet as required.
 -->
 -<script type="text/javascript" language="javascript">
 +<script type="text/javascript" language="javascript" nonce="{$html.csp.nonce}">
 <xsl:text>
 $(document).ready (function () {
   var div = document.getElementById("invisible-char");
 diff --git a/data/xslt/yelp-common.xsl.in b/data/xslt/yelp-common.xsl.in
 index 0c1ec9bb..421fc02d 100644
 --- a/data/xslt/yelp-common.xsl.in
 +++ b/data/xslt/yelp-common.xsl.in
@@ -15,6 +15,13 @@
 <xsl:param name="html.syntax.highlight" select="true()"/>
 <xsl:param name="html.js.root" select="'file://@XSL_JSDIR@/'"/>
 +<xsl:param name="html.csp.nonce" select="yelp:generate_nonce()"/>
 +
 +<xsl:template name="html.head.top.custom">
 +  <xsl:param name="node" select="."/>
 +  <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'unsafe-inline'; "/>
 +</xsl:template>
 +
 <xsl:template name="html.js.mathjax">
   <xsl:param name="node" select="."/>
   <xsl:if test="$node//mml:*[1]">
 diff --git a/libyelp/yelp-transform.c b/libyelp/yelp-transform.c
 index e74eb463..2ce1d05b 100644
 --- a/libyelp/yelp-transform.c
 +++ b/libyelp/yelp-transform.c
@@ -71,6 +71,8 @@ static void      xslt_yelp_cache            (xsltTransformContextPtr  ctxt,
                                              xsltStylePreCompPtr      comp);
 static void      xslt_yelp_aux              (xmlXPathParserContextPtr ctxt,
                                              int                      nargs);
 +static void      xslt_yelp_generate_nonce   (xmlXPathParserContextPtr ctxt,
 +                                             int                      nargs);
 enum {
     PROP_0,
@@ -412,6 +414,10 @@ transform_run (YelpTransform *transform)
                              BAD_CAST "input",
                              BAD_CAST YELP_NAMESPACE,
                              (xmlXPathFunction) xslt_yelp_aux);
 +    xsltRegisterExtFunction (priv->context,
 +                         BAD_CAST "generate_nonce",
 +                         BAD_CAST YELP_NAMESPACE,
 +                         (xmlXPathFunction) xslt_yelp_generate_nonce);
     priv->output = xsltApplyStylesheetUser (priv->stylesheet,
                                             priv->input,
@@ -607,3 +613,16 @@ xslt_yelp_aux (xmlXPathParserContextPtr ctxt, int nargs)
     xsltExtensionInstructionResultRegister (tctxt, ret);
     valuePush (ctxt, ret);
 }
 +
 +static void
 +xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, int nargs)
 +{
 +    GRand* rand;
 +    gchar* nonce_str;
 +
 +    rand = g_rand_new ();
 +    nonce_str = g_strdup_printf("%08x%08x", g_rand_int (rand), g_rand_int (rand));
 +    xmlXPathReturnString (ctxt, xmlStrdup ((xmlChar *) nonce_str));
 +    g_free(nonce_str);
 +    g_rand_free(rand);
 +}
 diff --git a/libyelp/yelp-view.c b/libyelp/yelp-view.c
 index 32ae131e..d544c5df 100644
 --- a/libyelp/yelp-view.c
 +++ b/libyelp/yelp-view.c
@@ -971,7 +971,7 @@ view_external_uri (YelpView *view,
     if (app_info)
       {
 -        if (!strstr (g_app_info_get_executable (app_info), "yelp"))
 +        if (!strstr (g_app_info_get_executable (app_info), "yelp") && !strstr (struri, "%3C") && !strstr (struri, "%3E"))
           {
             GList l;
 -- 
 GitLab
`@ -1 +1 @@`
	`/yelp-3.28.1.tar.xz`	`SOURCES/yelp-3.28.1.tar.xz`
		`@ -0,0 +1 @@`
							`2781090d6dc3227212de46b04de88c92053b8340 SOURCES/yelp-3.28.1.tar.xz`
		`@ -1 +0,0 @@`
			`SHA512 (yelp-3.28.1.tar.xz) = e37d4bc3b22b4f84654f25d68ba0a09016bec01d3b50e1158612dc8d3ae64b59f7882f25a3ed4dd1d9c9674b99e57d1ba207332ea088a2be8c082f329704c229`