new file mode 100644
@@ -0,0 +1,119 @@
+From 24d4f06a8692f448c635201c26e6fa19581f5760 Mon Sep 17 00:00:00 2001
+From: Shaun McCance <shaunm@gnome.org>
+Date: Fri, 18 Apr 2025 11:33:01 -0400
+Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409
+
+https://gitlab.gnome.org/GNOME/yelp/-/issues/221
+
+CVE: CVE-2025-3155
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/yelp/-/commit/a2f3caf8500287981331c4ff54369e9c5747cd9d]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ data/xslt/mal2html.xsl.in | 5 +++++
+ data/xslt/man2html.xsl.in | 2 +-
+ data/xslt/yelp-common.xsl.in | 7 +++++++
+ libyelp/yelp-transform.c | 19 +++++++++++++++++++
+ libyelp/yelp-view.c | 2 +-
+ 5 files changed, 33 insertions(+), 2 deletions(-)
+
+diff --git a/data/xslt/mal2html.xsl.in b/data/xslt/mal2html.xsl.in
+index 9e44b73..0a74da5 100644
+--- a/data/xslt/mal2html.xsl.in
++++ b/data/xslt/mal2html.xsl.in
+@@ -19,6 +19,11 @@
+ <xsl:param name="mal.link.prefix" select="'xref:'"/>
+ <xsl:param name="mal.link.extension" select="''"/>
+
++<xsl:template name="html.head.top.custom">
++ <xsl:param name="node" select="."/>
++ <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'nonce-{$html.csp.nonce}'; "/>
++</xsl:template>
++
+ <xsl:template name="mal.link.target.custom">
+ <xsl:param name="node" select="."/>
+ <xsl:param name="action" select="$node/@action"/>
+diff --git a/data/xslt/man2html.xsl.in b/data/xslt/man2html.xsl.in
+index 676ce3e..56bc1f5 100644
+--- a/data/xslt/man2html.xsl.in
++++ b/data/xslt/man2html.xsl.in
+@@ -131,7 +131,7 @@
+ the correct styling and a single character which we measure the
+ width of and update each sheet as required.
+ -->
+-<script type="text/javascript" language="javascript">
++<script type="text/javascript" language="javascript" nonce="{$html.csp.nonce}">
+ <xsl:text>
+ $(document).ready (function () {
+ var div = document.getElementById("invisible-char");
+diff --git a/data/xslt/yelp-common.xsl.in b/data/xslt/yelp-common.xsl.in
+index 0c1ec9b..421fc02 100644
+--- a/data/xslt/yelp-common.xsl.in
++++ b/data/xslt/yelp-common.xsl.in
+@@ -15,6 +15,13 @@
+ <xsl:param name="html.syntax.highlight" select="true()"/>
+ <xsl:param name="html.js.root" select="'file://@XSL_JSDIR@/'"/>
+
++<xsl:param name="html.csp.nonce" select="yelp:generate_nonce()"/>
++
++<xsl:template name="html.head.top.custom">
++ <xsl:param name="node" select="."/>
++ <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'unsafe-inline'; "/>
++</xsl:template>
++
+ <xsl:template name="html.js.mathjax">
+ <xsl:param name="node" select="."/>
+ <xsl:if test="$node//mml:*[1]">
+diff --git a/libyelp/yelp-transform.c b/libyelp/yelp-transform.c
+index e74eb46..2ce1d05 100644
+--- a/libyelp/yelp-transform.c
++++ b/libyelp/yelp-transform.c
+@@ -71,6 +71,8 @@ static void xslt_yelp_cache (xsltTransformContextPtr ctxt,
+ xsltStylePreCompPtr comp);
+ static void xslt_yelp_aux (xmlXPathParserContextPtr ctxt,
+ int nargs);
++static void xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt,
++ int nargs);
+
+ enum {
+ PROP_0,
+@@ -412,6 +414,10 @@ transform_run (YelpTransform *transform)
+ BAD_CAST "input",
+ BAD_CAST YELP_NAMESPACE,
+ (xmlXPathFunction) xslt_yelp_aux);
++ xsltRegisterExtFunction (priv->context,
++ BAD_CAST "generate_nonce",
++ BAD_CAST YELP_NAMESPACE,
++ (xmlXPathFunction) xslt_yelp_generate_nonce);
+
+ priv->output = xsltApplyStylesheetUser (priv->stylesheet,
+ priv->input,
+@@ -607,3 +613,16 @@ xslt_yelp_aux (xmlXPathParserContextPtr ctxt, int nargs)
+ xsltExtensionInstructionResultRegister (tctxt, ret);
+ valuePush (ctxt, ret);
+ }
++
++static void
++xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, int nargs)
++{
++ GRand* rand;
++ gchar* nonce_str;
++
++ rand = g_rand_new ();
++ nonce_str = g_strdup_printf("%08x%08x", g_rand_int (rand), g_rand_int (rand));
++ xmlXPathReturnString (ctxt, xmlStrdup ((xmlChar *) nonce_str));
++ g_free(nonce_str);
++ g_rand_free(rand);
++}
+diff --git a/libyelp/yelp-view.c b/libyelp/yelp-view.c
+index 32ae131..d544c5d 100644
+--- a/libyelp/yelp-view.c
++++ b/libyelp/yelp-view.c
+@@ -971,7 +971,7 @@ view_external_uri (YelpView *view,
+
+ if (app_info)
+ {
+- if (!strstr (g_app_info_get_executable (app_info), "yelp"))
++ if (!strstr (g_app_info_get_executable (app_info), "yelp") && !strstr (struri, "%3C") && !strstr (struri, "%3E"))
+ {
+ GList l;
+
@@ -9,6 +9,7 @@ inherit gnomebase itstool autotools-brokensep gsettings gettext gtk-doc features
# for webkitgtk
REQUIRED_DISTRO_FEATURES = "x11"
+SRC_URI += "file://CVE-2025-3155.patch"
SRC_URI[archive.sha256sum] = "a2c5fd0787a9089c722cc66bd0f85cdf7088d870e7b6cc85799f8e5bff9eac4b"
DEPENDS += " \
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-3155 Pick the patch that refers to this CVE explicitly in its description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../yelp/yelp/CVE-2025-3155.patch | 119 ++++++++++++++++++ meta-gnome/recipes-gnome/yelp/yelp_42.2.bb | 1 + 2 files changed, 120 insertions(+) create mode 100644 meta-gnome/recipes-gnome/yelp/yelp/CVE-2025-3155.patch