commit ca44ac17d8290b8e833650f630f99b1dfde14f44 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

yelp: 42.2 → 42.3 (#437918)

authored by Bobby Rong and committed by GitHub 5 months ago ca44ac17 3a38dc50

+35 -131

2 changed files

expand all

unified split

pkgs

by-name

yelp

cve-2025-3155.patch

package.nix

-101

pkgs/by-name/ye/yelp/cve-2025-3155.patch

··· 1 - diff --git a/data/xslt/mal2html.xsl.in b/data/xslt/mal2html.xsl.in 2 - index 9e44b734..0a74da55 100644 3 - --- a/data/xslt/mal2html.xsl.in 4 - +++ b/data/xslt/mal2html.xsl.in 5 - @@ -19,6 +19,11 @@ 6 - <xsl:param name="mal.link.prefix" select="'xref:'"/> 7 - <xsl:param name="mal.link.extension" select="''"/> 8 - 9 - +<xsl:template name="html.head.top.custom"> 10 - + <xsl:param name="node" select="."/> 11 - + <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'nonce-{$html.csp.nonce}'; "/> 12 - +</xsl:template> 13 - + 14 - <xsl:template name="mal.link.target.custom"> 15 - <xsl:param name="node" select="."/> 16 - <xsl:param name="action" select="$node/@action"/> 17 - diff --git a/data/xslt/man2html.xsl.in b/data/xslt/man2html.xsl.in 18 - index 676ce3eb..56bc1f5c 100644 19 - --- a/data/xslt/man2html.xsl.in 20 - +++ b/data/xslt/man2html.xsl.in 21 - @@ -131,7 +131,7 @@ 22 - the correct styling and a single character which we measure the 23 - width of and update each sheet as required. 24 - --> 25 - -<script type="text/javascript" language="javascript"> 26 - +<script type="text/javascript" language="javascript" nonce="{$html.csp.nonce}"> 27 - <xsl:text> 28 - $(document).ready (function () { 29 - var div = document.getElementById("invisible-char"); 30 - diff --git a/data/xslt/yelp-common.xsl.in b/data/xslt/yelp-common.xsl.in 31 - index 0c1ec9bb..421fc02d 100644 32 - --- a/data/xslt/yelp-common.xsl.in 33 - +++ b/data/xslt/yelp-common.xsl.in 34 - @@ -15,6 +15,13 @@ 35 - <xsl:param name="html.syntax.highlight" select="true()"/> 36 - <xsl:param name="html.js.root" select="'file://@XSL_JSDIR@/'"/> 37 - 38 - +<xsl:param name="html.csp.nonce" select="yelp:generate_nonce()"/> 39 - + 40 - +<xsl:template name="html.head.top.custom"> 41 - + <xsl:param name="node" select="."/> 42 - + <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'unsafe-inline'; "/> 43 - +</xsl:template> 44 - + 45 - <xsl:template name="html.js.mathjax"> 46 - <xsl:param name="node" select="."/> 47 - <xsl:if test="$node//mml:*[1]"> 48 - diff --git a/libyelp/yelp-transform.c b/libyelp/yelp-transform.c 49 - index e74eb463..2ce1d05b 100644 50 - --- a/libyelp/yelp-transform.c 51 - +++ b/libyelp/yelp-transform.c 52 - @@ -71,6 +71,8 @@ static void xslt_yelp_cache (xsltTransformContextPtr ctxt, 53 - xsltStylePreCompPtr comp); 54 - static void xslt_yelp_aux (xmlXPathParserContextPtr ctxt, 55 - int nargs); 56 - +static void xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, 57 - + int nargs); 58 - 59 - enum { 60 - PROP_0, 61 - @@ -412,6 +414,10 @@ transform_run (YelpTransform *transform) 62 - BAD_CAST "input", 63 - BAD_CAST YELP_NAMESPACE, 64 - (xmlXPathFunction) xslt_yelp_aux); 65 - + xsltRegisterExtFunction (priv->context, 66 - + BAD_CAST "generate_nonce", 67 - + BAD_CAST YELP_NAMESPACE, 68 - + (xmlXPathFunction) xslt_yelp_generate_nonce); 69 - 70 - priv->output = xsltApplyStylesheetUser (priv->stylesheet, 71 - priv->input, 72 - @@ -607,3 +613,16 @@ xslt_yelp_aux (xmlXPathParserContextPtr ctxt, int nargs) 73 - xsltExtensionInstructionResultRegister (tctxt, ret); 74 - valuePush (ctxt, ret); 75 - } 76 - + 77 - +static void 78 - +xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, int nargs) 79 - +{ 80 - + GRand* rand; 81 - + gchar* nonce_str; 82 - + 83 - + rand = g_rand_new (); 84 - + nonce_str = g_strdup_printf("%08x%08x", g_rand_int (rand), g_rand_int (rand)); 85 - + xmlXPathReturnString (ctxt, xmlStrdup ((xmlChar *) nonce_str)); 86 - + g_free(nonce_str); 87 - + g_rand_free(rand); 88 - +} 89 - diff --git a/libyelp/yelp-view.c b/libyelp/yelp-view.c 90 - index 32ae131e..d544c5df 100644 91 - --- a/libyelp/yelp-view.c 92 - +++ b/libyelp/yelp-view.c 93 - @@ -971,7 +971,7 @@ view_external_uri (YelpView *view, 94 - 95 - if (app_info) 96 - { 97 - - if (!strstr (g_app_info_get_executable (app_info), "yelp")) 98 - + if (!strstr (g_app_info_get_executable (app_info), "yelp") && !strstr (struri, "%3C") && !strstr (struri, "%3E")) 99 - { 100 - GList l; 101 -

+35 -30

pkgs/by-name/ye/yelp/package.nix

··· 1 1 { 2 + stdenv, 2 3 lib, 3 - stdenv, 4 + fetchurl, 4 5 gettext, 5 - fetchurl, 6 - webkitgtk_4_1, 6 + itstool, 7 + meson, 8 + ninja, 7 9 pkg-config, 10 + wrapGAppsHook3, 11 + bzip2, 12 + glib, 8 13 gtk3, 9 14 libhandy, 10 - glib, 11 - gnome, 12 - adwaita-icon-theme, 13 - sqlite, 14 - itstool, 15 15 libxml2, 16 16 libxslt, 17 - gst_all_1, 18 - wrapGAppsHook3, 17 + sqlite, 18 + webkitgtk_4_1, 19 + xz, 19 20 yelp-xsl, 21 + gnome, 20 22 }: 21 23 22 - stdenv.mkDerivation rec { 24 + stdenv.mkDerivation (finalAttrs: { 23 25 pname = "yelp"; 24 - version = "42.2"; 26 + version = "42.3"; 25 27 26 28 src = fetchurl { 27 - url = "mirror://gnome/sources/yelp/${lib.versions.major version}/yelp-${version}.tar.xz"; 28 - hash = "sha256-osX9B4epCJxyLMZr0Phc33CI2HDntsyFeZ+OW/+erEs="; 29 + url = "mirror://gnome/sources/yelp/${lib.versions.major finalAttrs.version}/yelp-${finalAttrs.version}.tar.xz"; 30 + hash = "sha256-JszEImeanmp6OqCD2Q/Ns0f18jAL4+AUMaMNDN0qiaM="; 29 31 }; 30 32 31 33 nativeBuildInputs = [ 32 - pkg-config 33 34 gettext 34 35 itstool 36 + meson 37 + ninja 38 + pkg-config 35 39 wrapGAppsHook3 36 40 ]; 37 41 38 42 buildInputs = [ 43 + bzip2 44 + glib 39 45 gtk3 40 46 libhandy 41 - glib 42 - webkitgtk_4_1 43 - sqlite 44 47 libxml2 45 48 libxslt 49 + sqlite 50 + webkitgtk_4_1 51 + xz 46 52 yelp-xsl 47 - adwaita-icon-theme 48 - gst_all_1.gst-plugins-base 49 - gst_all_1.gst-plugins-good 50 53 ]; 51 54 52 - patches = [ 53 - ./cve-2025-3155.patch 54 - ]; 55 + postPatch = '' 56 + chmod +x src/link-gnome-help.sh data/domains/gen_yelp_xml.sh 57 + patchShebangs src/link-gnome-help.sh 58 + patchShebangs data/domains/gen_yelp_xml.sh 59 + ''; 55 60 56 61 passthru = { 57 62 updateScript = gnome.updateScript { ··· 59 64 }; 60 65 }; 61 66 62 - meta = with lib; { 67 + meta = { 63 68 homepage = "https://apps.gnome.org/Yelp/"; 64 - description = "Help viewer in Gnome"; 65 - teams = [ teams.gnome ]; 66 - license = licenses.gpl2; 67 - platforms = platforms.linux; 69 + description = "Help viewer for GNOME"; 70 + teams = [ lib.teams.gnome ]; 71 + license = lib.licenses.gpl2Plus; 72 + platforms = lib.platforms.linux; 68 73 }; 69 - } 74 + })