git: 10c9aa0a582c - main - textproc/yelp-xsl: Upgrade to 42.4

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Don Lewis <truckman_at_FreeBSD.org>
Date: Fri, 20 Jun 2025 09:54:51 UTC
The branch main has been updated by truckman:

URL: https://cgit.FreeBSD.org/ports/commit/?id=10c9aa0a582ca9c5427cabfb311945cc0b1edb32

commit 10c9aa0a582ca9c5427cabfb311945cc0b1edb32
Author:     Olivier Duchateau <duchateau.olivier@gmail.com>
AuthorDate: 2025-06-20 09:45:45 +0000
Commit:     Don Lewis <truckman@FreeBSD.org>
CommitDate: 2025-06-20 09:54:30 +0000

    textproc/yelp-xsl: Upgrade to 42.4
    
    Upgrade yelp-xsl to 42.4 and fix CVE-2025-3155 vulnerability.
    
    PR:             287542
    MFH:            2025Q2
    Security:       9449f018-84a3-490d-959f-38c05fbc77a7
---
 security/vuxml/vuln/2025.xml              | 29 +++++++++++++++++++++++++++++
 textproc/yelp-xsl/Makefile                | 15 ++++++++-------
 textproc/yelp-xsl/distinfo                |  6 +++---
 textproc/yelp-xsl/files/patch-meson.build | 18 ++++++++++++++++++
 4 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 3f2be89491cc..51347d228d8d 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -328,6 +328,35 @@
     </dates>
   </vuln>
 
+  <vuln vid="9449f018-84a3-490d-959f-38c05fbc77a7">
+    <topic>Yelp -- arbitrary file read</topic>
+    <affects>
+      <package>
+	<name>yelp-xsl</name>
+	<range><lt>42.3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>secalert@redhat.com reports:</p>
+	<blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">
+	  <p>A flaw was found in Yelp.  The Gnome user help application allows
+	the help document to execute arbitrary scripts.  This vulnerability
+	allows malicious users to input help documents, which may exfiltrate
+	user files to an external environment.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-3155</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>
+    </references>
+    <dates>
+      <discovery>2025-04-03</discovery>
+      <entry>2025-06-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="ae028662-475e-11f0-9ca4-2cf05da270f3">
     <topic>Gitlab -- Vulnerabilities</topic>
     <affects>
diff --git a/textproc/yelp-xsl/Makefile b/textproc/yelp-xsl/Makefile
index 90f26c4d03c6..77c5541ccbb1 100644
--- a/textproc/yelp-xsl/Makefile
+++ b/textproc/yelp-xsl/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	yelp-xsl
-DISTVERSION=	42.1
+DISTVERSION=	42.4
 CATEGORIES=	textproc gnome
 MASTER_SITES=	GNOME
 DIST_SUBDIR=	gnome
@@ -8,15 +8,16 @@ MAINTAINER=	gnome@FreeBSD.org
 COMMENT=	DocBook XSLT stylesheets for yelp
 WWW=		https://gitlab.gnome.org/GNOME/yelp-xsl
 
-LICENSE=	LGPL21+
-LICENSE_FILE=	${WRKSRC}/COPYING.LGPL
+LICENSE=	GPLv2+ LGPL21+ MIT
+LICENSE_COMB=	multi
 
-BUILD_DEPENDS=	itstool:textproc/itstool
+BUILD_DEPENDS=	itstool:textproc/itstool \
+		bash:shells/bash
 
-USES=		gettext gmake gnome localbase pathfix \
-		pkgconfig tar:xz
+USES=		gettext gnome localbase meson pkgconfig shebangfix \
+		tar:xz
 USE_GNOME=	libxml2 libxslt
-GNU_CONFIGURE=	yes
+SHEBANG_FILES=	xslt/common/domains/gen_yelp_xml.sh
 NO_ARCH=	yes
 
 .include <bsd.port.mk>
diff --git a/textproc/yelp-xsl/distinfo b/textproc/yelp-xsl/distinfo
index 39850cb0d3a2..6be388e07e6f 100644
--- a/textproc/yelp-xsl/distinfo
+++ b/textproc/yelp-xsl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1683450789
-SHA256 (gnome/yelp-xsl-42.1.tar.xz) = 238be150b1653080ce139971330fd36d3a26595e0d6a040a2c030bf3d2005bcd
-SIZE (gnome/yelp-xsl-42.1.tar.xz) = 667448
+TIMESTAMP = 1749910659
+SHA256 (gnome/yelp-xsl-42.4.tar.xz) = fdebb07eb2e66a7fb7a0dce6ad8248ad29a4bbb134ba829128ca104f58abd7d1
+SIZE (gnome/yelp-xsl-42.4.tar.xz) = 394536
diff --git a/textproc/yelp-xsl/files/patch-meson.build b/textproc/yelp-xsl/files/patch-meson.build
new file mode 100644
index 000000000000..0908f7e42fad
--- /dev/null
+++ b/textproc/yelp-xsl/files/patch-meson.build
@@ -0,0 +1,18 @@
+--- meson.build.orig	2025-06-12 16:51:49 UTC
++++ meson.build
+@@ -13,7 +13,7 @@ datadir = join_paths(prefix, get_option('datadir'))
+ 
+ datadir = join_paths(prefix, get_option('datadir'))
+ 
+-pkgconfigdir = join_paths(datadir, 'pkgconfig')
++pkgconfigdir = join_paths(prefix, 'libdata', 'pkgconfig')
+ pkgdir = join_paths(datadir, package_name)
+ pkgxsltdir = join_paths(pkgdir, 'xslt')
+ pkgjsdir = join_paths(pkgdir, 'js')
+@@ -89,4 +89,4 @@ summary = [
+   '------',
+ ]
+ 
+-message('\n'.join(summary))
+\ No newline at end of file
++message('\n'.join(summary))