Details: https://nvd.nist.gov/vuln/detail/CVE-2025-3155
Pick the patch that refers to this CVE explicitly in its description. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../yelp/yelp/CVE-2025-3155.patch | 119 ++++++++++++++++++ meta-gnome/recipes-gnome/yelp/yelp_42.2.bb | 1 + 2 files changed, 120 insertions(+) create mode 100644 meta-gnome/recipes-gnome/yelp/yelp/CVE-2025-3155.patch diff --git a/meta-gnome/recipes-gnome/yelp/yelp/CVE-2025-3155.patch b/meta-gnome/recipes-gnome/yelp/yelp/CVE-2025-3155.patch new file mode 100644 index 0000000000..01f62bf961 --- /dev/null +++ b/meta-gnome/recipes-gnome/yelp/yelp/CVE-2025-3155.patch @@ -0,0 +1,119 @@ +From 24d4f06a8692f448c635201c26e6fa19581f5760 Mon Sep 17 00:00:00 2001 +From: Shaun McCance <[email protected]> +Date: Fri, 18 Apr 2025 11:33:01 -0400 +Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409 + +https://gitlab.gnome.org/GNOME/yelp/-/issues/221 + +CVE: CVE-2025-3155 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/yelp/-/commit/a2f3caf8500287981331c4ff54369e9c5747cd9d] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + data/xslt/mal2html.xsl.in | 5 +++++ + data/xslt/man2html.xsl.in | 2 +- + data/xslt/yelp-common.xsl.in | 7 +++++++ + libyelp/yelp-transform.c | 19 +++++++++++++++++++ + libyelp/yelp-view.c | 2 +- + 5 files changed, 33 insertions(+), 2 deletions(-) + +diff --git a/data/xslt/mal2html.xsl.in b/data/xslt/mal2html.xsl.in +index 9e44b73..0a74da5 100644 +--- a/data/xslt/mal2html.xsl.in ++++ b/data/xslt/mal2html.xsl.in +@@ -19,6 +19,11 @@ + <xsl:param name="mal.link.prefix" select="'xref:'"/> + <xsl:param name="mal.link.extension" select="''"/> + ++<xsl:template name="html.head.top.custom"> ++ <xsl:param name="node" select="."/> ++ <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'nonce-{$html.csp.nonce}'; "/> ++</xsl:template> ++ + <xsl:template name="mal.link.target.custom"> + <xsl:param name="node" select="."/> + <xsl:param name="action" select="$node/@action"/> +diff --git a/data/xslt/man2html.xsl.in b/data/xslt/man2html.xsl.in +index 676ce3e..56bc1f5 100644 +--- a/data/xslt/man2html.xsl.in ++++ b/data/xslt/man2html.xsl.in +@@ -131,7 +131,7 @@ + the correct styling and a single character which we measure the + width of and update each sheet as required. + --> +-<script type="text/javascript" language="javascript"> ++<script type="text/javascript" language="javascript" nonce="{$html.csp.nonce}"> + <xsl:text> + $(document).ready (function () { + var div = document.getElementById("invisible-char"); +diff --git a/data/xslt/yelp-common.xsl.in b/data/xslt/yelp-common.xsl.in +index 0c1ec9b..421fc02 100644 +--- a/data/xslt/yelp-common.xsl.in ++++ b/data/xslt/yelp-common.xsl.in +@@ -15,6 +15,13 @@ + <xsl:param name="html.syntax.highlight" select="true()"/> + <xsl:param name="html.js.root" select="'file://@XSL_JSDIR@/'"/> + ++<xsl:param name="html.csp.nonce" select="yelp:generate_nonce()"/> ++ ++<xsl:template name="html.head.top.custom"> ++ <xsl:param name="node" select="."/> ++ <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'unsafe-inline'; "/> ++</xsl:template> ++ + <xsl:template name="html.js.mathjax"> + <xsl:param name="node" select="."/> + <xsl:if test="$node//mml:*[1]"> +diff --git a/libyelp/yelp-transform.c b/libyelp/yelp-transform.c +index e74eb46..2ce1d05 100644 +--- a/libyelp/yelp-transform.c ++++ b/libyelp/yelp-transform.c +@@ -71,6 +71,8 @@ static void xslt_yelp_cache (xsltTransformContextPtr ctxt, + xsltStylePreCompPtr comp); + static void xslt_yelp_aux (xmlXPathParserContextPtr ctxt, + int nargs); ++static void xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, ++ int nargs); + + enum { + PROP_0, +@@ -412,6 +414,10 @@ transform_run (YelpTransform *transform) + BAD_CAST "input", + BAD_CAST YELP_NAMESPACE, + (xmlXPathFunction) xslt_yelp_aux); ++ xsltRegisterExtFunction (priv->context, ++ BAD_CAST "generate_nonce", ++ BAD_CAST YELP_NAMESPACE, ++ (xmlXPathFunction) xslt_yelp_generate_nonce); + + priv->output = xsltApplyStylesheetUser (priv->stylesheet, + priv->input, +@@ -607,3 +613,16 @@ xslt_yelp_aux (xmlXPathParserContextPtr ctxt, int nargs) + xsltExtensionInstructionResultRegister (tctxt, ret); + valuePush (ctxt, ret); + } ++ ++static void ++xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, int nargs) ++{ ++ GRand* rand; ++ gchar* nonce_str; ++ ++ rand = g_rand_new (); ++ nonce_str = g_strdup_printf("%08x%08x", g_rand_int (rand), g_rand_int (rand)); ++ xmlXPathReturnString (ctxt, xmlStrdup ((xmlChar *) nonce_str)); ++ g_free(nonce_str); ++ g_rand_free(rand); ++} +diff --git a/libyelp/yelp-view.c b/libyelp/yelp-view.c +index 32ae131..d544c5d 100644 +--- a/libyelp/yelp-view.c ++++ b/libyelp/yelp-view.c +@@ -971,7 +971,7 @@ view_external_uri (YelpView *view, + + if (app_info) + { +- if (!strstr (g_app_info_get_executable (app_info), "yelp")) ++ if (!strstr (g_app_info_get_executable (app_info), "yelp") && !strstr (struri, "%3C") && !strstr (struri, "%3E")) + { + GList l; + diff --git a/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb b/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb index fe3b1105c4..65274b8704 100644 --- a/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb +++ b/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb @@ -9,6 +9,7 @@ inherit gnomebase itstool autotools-brokensep gsettings gettext gtk-doc features # for webkitgtk REQUIRED_DISTRO_FEATURES = "x11" +SRC_URI += "file://CVE-2025-3155.patch" SRC_URI[archive.sha256sum] = "a2c5fd0787a9089c722cc66bd0f85cdf7088d870e7b6cc85799f8e5bff9eac4b" DEPENDS += " \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123804): https://lists.openembedded.org/g/openembedded-devel/message/123804 Mute This Topic: https://lists.openembedded.org/mt/117431643/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
