textproc/yelp-xsl: Upgrade to 42.4

Upgrade yelp-xsl to 42.4 and fix CVE-2025-3155 vulnerability. PR: 287542 MFH: 2025Q2 Security: 9449f018-84a3-490d-959f-38c05fbc77a7
2025-06-20 02:45:45 -07:00
parent 6dce746d11
commit 10c9aa0a58
4 changed files with 58 additions and 10 deletions
@@ -328,6 +328,35 @@
    </dates>
  </vuln>

+  <vuln vid="9449f018-84a3-490d-959f-38c05fbc77a7">
+    <topic>Yelp -- arbitrary file read</topic>
+    <affects>
+      <package>
+	<name>yelp-xsl</name>
+	<range><lt>42.3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>secalert@redhat.com reports:</p>
+	<blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">
+	  <p>A flaw was found in Yelp.  The Gnome user help application allows
+	the help document to execute arbitrary scripts.  This vulnerability
+	allows malicious users to input help documents, which may exfiltrate
+	user files to an external environment.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-3155</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>
+    </references>
+    <dates>
+      <discovery>2025-04-03</discovery>
+      <entry>2025-06-14</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="ae028662-475e-11f0-9ca4-2cf05da270f3">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
@@ -1,5 +1,5 @@
 PORTNAME=	yelp-xsl
-DISTVERSION=	42.1
+DISTVERSION=	42.4
 CATEGORIES=	textproc gnome
 MASTER_SITES=	GNOME
 DIST_SUBDIR=	gnome
@@ -8,15 +8,16 @@ MAINTAINER=	gnome@FreeBSD.org
 COMMENT=	DocBook XSLT stylesheets for yelp
 WWW=		https://gitlab.gnome.org/GNOME/yelp-xsl

-LICENSE=	LGPL21+
-LICENSE_FILE=	${WRKSRC}/COPYING.LGPL
+LICENSE=	GPLv2+ LGPL21+ MIT
+LICENSE_COMB=	multi

-BUILD_DEPENDS=	itstool:textproc/itstool
+BUILD_DEPENDS=	itstool:textproc/itstool \
+		bash:shells/bash

-USES=		gettext gmake gnome localbase pathfix \
-		pkgconfig tar:xz
+USES=		gettext gnome localbase meson pkgconfig shebangfix \
+		tar:xz
 USE_GNOME=	libxml2 libxslt
-GNU_CONFIGURE=	yes
+SHEBANG_FILES=	xslt/common/domains/gen_yelp_xml.sh
 NO_ARCH=	yes

 .include <bsd.port.mk>
@@ -1,3 +1,3 @@
-TIMESTAMP = 1683450789
-SHA256 (gnome/yelp-xsl-42.1.tar.xz) = 238be150b1653080ce139971330fd36d3a26595e0d6a040a2c030bf3d2005bcd
-SIZE (gnome/yelp-xsl-42.1.tar.xz) = 667448
+TIMESTAMP = 1749910659
+SHA256 (gnome/yelp-xsl-42.4.tar.xz) = fdebb07eb2e66a7fb7a0dce6ad8248ad29a4bbb134ba829128ca104f58abd7d1
+SIZE (gnome/yelp-xsl-42.4.tar.xz) = 394536
@@ -0,0 +1,18 @@
+--- meson.build.orig	2025-06-12 16:51:49 UTC
+++ meson.build
+@@ -13,7 +13,7 @@ datadir = join_paths(prefix, get_option('datadir'))
+ 
+ datadir = join_paths(prefix, get_option('datadir'))
+ 
+-pkgconfigdir = join_paths(datadir, 'pkgconfig')
+pkgconfigdir = join_paths(prefix, 'libdata', 'pkgconfig')
+ pkgdir = join_paths(datadir, package_name)
+ pkgxsltdir = join_paths(pkgdir, 'xslt')
+ pkgjsdir = join_paths(pkgdir, 'js')
+@@ -89,4 +89,4 @@ summary = [
+   '------',
+ ]
+ 
+-message('\n'.join(summary))
+\ No newline at end of file
+message('\n'.join(summary))