ayae/extra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial import

Browse Source
This commit is contained in:
Astound
2025-06-22 20:39:04 -05:00
commit f8a70886f0
3428 changed files with 302546 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
yelp/CVE-2025-3155.patch Normal file
View File

@@ -0,0 +1,101 @@
diff --git a/data/xslt/mal2html.xsl.in b/data/xslt/mal2html.xsl.in
index 9e44b734..0a74da55 100644
--- a/data/xslt/mal2html.xsl.in
+++ b/data/xslt/mal2html.xsl.in
@@ -19,6 +19,11 @@
<xsl:param name="mal.link.prefix" select="'xref:'"/>
<xsl:param name="mal.link.extension" select="''"/>
+<xsl:template name="html.head.top.custom">
+ <xsl:param name="node" select="."/>
+ <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'nonce-{$html.csp.nonce}'; "/>
+</xsl:template>
+
<xsl:template name="mal.link.target.custom">
<xsl:param name="node" select="."/>
<xsl:param name="action" select="$node/@action"/>
diff --git a/data/xslt/man2html.xsl.in b/data/xslt/man2html.xsl.in
index 676ce3eb..56bc1f5c 100644
--- a/data/xslt/man2html.xsl.in
+++ b/data/xslt/man2html.xsl.in
@@ -131,7 +131,7 @@
the correct styling and a single character which we measure the
width of and update each sheet as required.
-->
-<script type="text/javascript" language="javascript">
+<script type="text/javascript" language="javascript" nonce="{$html.csp.nonce}">
<xsl:text>
$(document).ready (function () {
var div = document.getElementById("invisible-char");
diff --git a/data/xslt/yelp-common.xsl.in b/data/xslt/yelp-common.xsl.in
index 0c1ec9bb..421fc02d 100644
--- a/data/xslt/yelp-common.xsl.in
+++ b/data/xslt/yelp-common.xsl.in
@@ -15,6 +15,13 @@
<xsl:param name="html.syntax.highlight" select="true()"/>
<xsl:param name="html.js.root" select="'file://@XSL_JSDIR@/'"/>
+<xsl:param name="html.csp.nonce" select="yelp:generate_nonce()"/>
+
+<xsl:template name="html.head.top.custom">
+ <xsl:param name="node" select="."/>
+ <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'unsafe-inline'; "/>
+</xsl:template>
+
<xsl:template name="html.js.mathjax">
<xsl:param name="node" select="."/>
<xsl:if test="$node//mml:*[1]">
diff --git a/libyelp/yelp-transform.c b/libyelp/yelp-transform.c
index e74eb463..2ce1d05b 100644
--- a/libyelp/yelp-transform.c
+++ b/libyelp/yelp-transform.c
@@ -71,6 +71,8 @@ static void xslt_yelp_cache (xsltTransformContextPtr ctxt,
xsltStylePreCompPtr comp);
static void xslt_yelp_aux (xmlXPathParserContextPtr ctxt,
int nargs);
+static void xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt,
+ int nargs);
enum {
PROP_0,
@@ -412,6 +414,10 @@ transform_run (YelpTransform *transform)
BAD_CAST "input",
BAD_CAST YELP_NAMESPACE,
(xmlXPathFunction) xslt_yelp_aux);
+ xsltRegisterExtFunction (priv->context,
+ BAD_CAST "generate_nonce",
+ BAD_CAST YELP_NAMESPACE,
+ (xmlXPathFunction) xslt_yelp_generate_nonce);
priv->output = xsltApplyStylesheetUser (priv->stylesheet,
priv->input,
@@ -607,3 +613,16 @@ xslt_yelp_aux (xmlXPathParserContextPtr ctxt, int nargs)
xsltExtensionInstructionResultRegister (tctxt, ret);
valuePush (ctxt, ret);
}
+
+static void
+xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, int nargs)
+{
+ GRand* rand;
+ gchar* nonce_str;
+
+ rand = g_rand_new ();
+ nonce_str = g_strdup_printf("%08x%08x", g_rand_int (rand), g_rand_int (rand));
+ xmlXPathReturnString (ctxt, xmlStrdup ((xmlChar *) nonce_str));
+ g_free(nonce_str);
+ g_rand_free(rand);
+}
diff --git a/libyelp/yelp-view.c b/libyelp/yelp-view.c
index 32ae131e..d544c5df 100644
--- a/libyelp/yelp-view.c
+++ b/libyelp/yelp-view.c
@@ -971,7 +971,7 @@ view_external_uri (YelpView *view,
if (app_info)
{
- if (!strstr (g_app_info_get_executable (app_info), "yelp"))
+ if (!strstr (g_app_info_get_executable (app_info), "yelp") && !strstr (struri, "%3C") && !strstr (struri, "%3E"))
{
GList l;

62
yelp/PKGBUILD Normal file
View File

@@ -0,0 +1,62 @@
# Maintainer: Jesus E. <heckyel@riseup.net>
pkgname=yelp
pkgver=3.38.3
_debver=$pkgver
_debrel=1
pkgrel=4
pkgdesc="Help browser"
url='https://wiki.gnome.org/Apps/Yelp'
license=('GPL-2')
arch=('i686' 'x86_64')
depends=('webkitgtk' 'yelp-xsl' 'libxslt' 'xz' 'bzip2')
makedepends=('intltool' 'gettext-tiny' 'itstool' 'autoconf-archive' 'xenocara-server-xvfb' 'quilt')
source=("https://download.gnome.org/sources/$pkgname/${pkgver:0:4}/$pkgname-$pkgver.tar.xz"
"https://deb.debian.org/debian/pool/main/y/yelp/yelp_$_debver-$_debrel.debian.tar.xz"
"CVE-2025-3155.patch")
sha512sums=('7e4749b652fa60ab82a715f40be6b8e0430869ec94f47743e3c48b5a9894bc9867f8623574d27da6f3dfb3fe3269a384d02c817ef8c81188e559ab173412df79'
'ea53051356942274ccf6c93928eee24d8b8496c8efcfd3f7035f435d3ce84cccc35bee89a07b2d6a376bf0d4aa4e8ec60ba2592e39463705ffd0f2d77b80a02f'
'9e8cd963ae01cd86593aab377193ab141f316f9c847cdf375a990a3af27510d69b18bb58bef13fd5c7d7600acbd083aafec462155dd5d7e7c89a20feeb4f4689')
prepare() {
cd $pkgname-$pkgver
if [[ ${pkgver%.*} = ${_debver%.*} ]]; then
# Debian patches
export QUILT_PATCHES=debian/patches
export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
export QUILT_DIFF_ARGS='--no-timestamps'
mv "$srcdir"/debian .
quilt push -av
fi
patch -Np1 -i ${srcdir}/CVE-2025-3155.patch
}
build() {
cd $pkgname-$pkgver
export GLIB_COMPILE_SCHEMAS="/usr/bin/glib-compile-schemas"
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--disable-static \
--disable-gtk-doc \
--enable-compile-warnings=minimum
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
# documentation generation segfaults without X11
xvfb-run -a -n 81 -s "-extension GLX -screen 0 1280x1024x24" make
}
package() {
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
# remove unneeded folders from package
rm -rf "$pkgdir/usr/share/gtk-doc"
# install license
install -Dm644 COPYING -t "${pkgdir}/usr/share/licenses/${pkgname}"
}