backport-CVE-2025-3155.patch

@@ -1,92 +0,0 @@
-From 6902d7439c0419055e1c48c7771629ccbb278408 Mon Sep 17 00:00:00 2001
-From: Shaun McCance <shaunm@redhat.com>
-Date: Fri, 18 Apr 2025 11:31:18 -0400
-Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409
-
-https://gitlab.gnome.org/GNOME/yelp/-/issues/221
----
- xslt/common/html.xsl | 40 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 38 insertions(+), 2 deletions(-)
-
-diff --git a/xslt/common/html.xsl b/xslt/common/html.xsl
-index 77aed075..82832fb4 100644
---- a/xslt/common/html.xsl
-+++ b/xslt/common/html.xsl
-@@ -266,6 +266,16 @@ certain tokens, and you can add your own with {html.sidebar.mode}. See
- -->
- <xsl:param name="html.sidebar.right" select="''"/>
- 
-+<!--@@==========================================================================
-+html.csp.nonce
-+An optional CSP nonce string to allow the execution of scripts and styles.
-+@revision[version=42.2 date=2025-02-22 status=final]
-+
-+This parameter takes a string value that will be added to the 'nonce' attribute
-+of all 'style' and 'script' tags in the generated HTML output. This paramter is used
-+to whitelist script and style tags that are allowed to be executed.
-+-->
-+<xsl:param name="html.csp.nonce" select="false()"/>
- 
- <!--**==========================================================================
- html.output
-@@ -1124,6 +1134,11 @@ dimensions. All parameters can be automatically computed if not provided.
-     </xsl:call-template>
-   </xsl:param>
-   <style type="text/css">
-+    <xsl:if test="$html.csp.nonce">
-+      <xsl:attribute name="nonce">
-+        <xsl:value-of select="$html.csp.nonce" />
-+      </xsl:attribute>
-+    </xsl:if>
-     <xsl:call-template name="html.css.content">
-       <xsl:with-param name="node" select="$node"/>
-       <xsl:with-param name="direction" select="$direction"/>
-@@ -1533,6 +1548,11 @@ copy, override this template and provide the necessary files.
-   <xsl:param name="node" select="."/>
-   <xsl:if test="$node//mml:*[1]">
-     <script type="text/javascript">
-+      <xsl:if test="$html.csp.nonce">
-+        <xsl:attribute name="nonce">
-+          <xsl:value-of select="$html.csp.nonce" />
-+        </xsl:attribute>
-+      </xsl:if>
-       <xsl:attribute name="src">
-         <xsl:text>http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=MML_HTMLorMML</xsl:text>
-       </xsl:attribute>
-@@ -1558,6 +1578,11 @@ result of {html.js.content} to that file.
- <xsl:template name="html.js.script">
-   <xsl:param name="node" select="."/>
-   <script type="text/javascript">
-+    <xsl:if test="$html.csp.nonce">
-+      <xsl:attribute name="nonce">
-+        <xsl:value-of select="$html.csp.nonce" />
-+      </xsl:attribute>
-+    </xsl:if>
-     <xsl:call-template name="html.js.content">
-       <xsl:with-param name="node" select="$node"/>
-     </xsl:call-template>
-@@ -2035,8 +2060,19 @@ on all `code` elements with `"syntax"` in the class value.
- <xsl:template name="html.js.syntax">
-   <xsl:param name="node" select="."/>
-   <xsl:if test="$html.syntax.highlight">
--  <script type="text/javascript" src="{$html.js.root}highlight.pack.js"></script>
--  <script><![CDATA[
-+    <script type="text/javascript" src="{$html.js.root}highlight.pack.js">
-+      <xsl:if test="$html.csp.nonce">
-+        <xsl:attribute name="nonce">
-+          <xsl:value-of select="$html.csp.nonce" />
-+        </xsl:attribute>
-+      </xsl:if>
-+    </script>
-+    <script>
-+    <xsl:if test="$html.csp.nonce">
-+      <xsl:attribute name="nonce">
-+        <xsl:value-of select="$html.csp.nonce" />
-+      </xsl:attribute>
-+    </xsl:if><![CDATA[
- document.addEventListener('DOMContentLoaded', function() {
-   var matches = document.querySelectorAll('code.syntax')
-   for (var i = 0; i < matches.length; i++) {
--- 
-GitLab
-

yelp-xsl.spec

@@ -1,16 +1,14 @@
 Name:           yelp-xsl
-Version:        3.38.3
-Release:        2
+Version:        3.34.0
+Release:        1
 Summary:        XSL stylesheets for the yelp help browser
-License:        LGPLv2.1 and GPLv2+ and MIT 
+License:        LGPLv2+ and GPLv2+ and MIT
 URL:            https://wiki.gnome.org/Apps/Yelp
-Source0:        https://download.gnome.org/sources/%{name}/3.38/%{name}-%{version}.tar.xz
-Patch6001:      backport-CVE-2025-3155.patch
+Source0:        https://download.gnome.org/sources/%{name}/3.30/%{name}-%{version}.tar.xz
 BuildArch:      noarch
 
-BuildRequires:  gcc python3-libxml2 itstool
-BuildRequires:  libxml2 libxslt python3-mallard-ducktype
-Requires:       (yelp >= 2:3.38.3-2 if yelp)
+BuildRequires:  python2-libxml2 /usr/bin/xmllint /usr/bin/xsltproc intltool
+BuildRequires:  itstool /usr/bin/ducktype libxml2 libxslt
 
 %description
 This package contains XSL stylesheets that are used by the yelp help browser.
@@ -25,7 +23,7 @@ The package contains developer documentation for the XSL stylesheets in %{name}.
 %package_help
 
 %prep
-%autosetup -p1 -n %{name}-%{version}
+%autosetup -n %{name}-%{version}
 
 %build
 %configure --enable-doc
@@ -49,21 +47,5 @@ The package contains developer documentation for the XSL stylesheets in %{name}.
 %doc NEWS
 
 %changelog
-* Fri May 16 2025 Funda Wang <fundawang@yeah.net> - 3.38.3-2
-- fix CVE-2025-3155
-
-* Wed May 19 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 3.38.3-1
-- Upgrade to 3.38.3
-- Update License and BuildRequires
-
-* Fri Jan 29 2021 jinzhimin <jinzhimin2@huawei.com> - 3.38.2-1
-- Upgrade to 3.38.2
-
-* Mon Sep 7 2020 zhanzhimin <zhanzhimin@huawei.com> - 3.36.0-2
-- Update Source0
-
-* Mon Jul 20 2020 chengguipeng<chengguipeng1@huawei.com> 3.36.0-1
-- Upgrade to 3.36.0-1
-
 * Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.34.0-1
 - Package init