Date: Fri, 20 Jun 2025 09:54:52 GMT From: Don Lewis <truckman@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 13e2a0556515 - main - x11/yelp: update to 42.3 Message-ID: <202506200954.55K9sqoH006715@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by truckman: URL: https://cgit.FreeBSD.org/ports/commit/?id=13e2a05565153fd873a0f6c8964b1a927fd9f6c5 commit 13e2a05565153fd873a0f6c8964b1a927fd9f6c5 Author: Olivier Duchateau <duchateau.olivier@gmail.com> AuthorDate: 2025-06-20 09:49:16 +0000 Commit: Don Lewis <truckman@FreeBSD.org> CommitDate: 2025-06-20 09:54:30 +0000 x11/yelp: update to 42.3 Update to 42.3 and fix CVE-2025-3155 vulnerability PR: 287543 MFH: 2025Q2 Security: 0e200a73-289a-489e-b405-40b997911036 --- security/vuxml/vuln/2025.xml | 29 +++++++++++++++++++++++++++++ x11/yelp/Makefile | 21 ++++++++++++--------- x11/yelp/distinfo | 6 +++--- x11/yelp/pkg-plist | 3 +++ 4 files changed, 47 insertions(+), 12 deletions(-) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 51347d228d8d..261855f9d1df 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -357,6 +357,35 @@ </dates> </vuln> + <vuln vid="0e200a73-289a-489e-b405-40b997911036"> + <topic>Yelp -- arbitrary file read</topic> + <affects> + <package> + <name>yelp</name> + <range><lt>42.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>secalert@redhat.com reports:</p> + <blockquote cite="https://access.redhat.com/errata/RHSA-2025:4450">; + <p>A flaw was found in Yelp. The Gnome user help application allows + the help document to execute arbitrary scripts. This vulnerability + allows malicious users to input help documents, which may exfiltrate + user files to an external environment.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-3155</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-3155</url>; + </references> + <dates> + <discovery>2025-04-03</discovery> + <entry>2025-06-14</entry> + </dates> + </vuln> + <vuln vid="ae028662-475e-11f0-9ca4-2cf05da270f3"> <topic>Gitlab -- Vulnerabilities</topic> <affects> diff --git a/x11/yelp/Makefile b/x11/yelp/Makefile index 180ea648529b..d54b84758716 100644 --- a/x11/yelp/Makefile +++ b/x11/yelp/Makefile @@ -1,7 +1,7 @@ PORTNAME= yelp -DISTVERSION= 42.2 +DISTVERSION= 42.3 CATEGORIES= x11 gnome -MASTER_SITES= GNOME +#MASTER_SITES= GNOME DIST_SUBDIR= gnome MAINTAINER= gnome@FreeBSD.org @@ -12,7 +12,8 @@ LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/COPYING BUILD_DEPENDS= itstool:textproc/itstool \ - yelp-xsl>=0:textproc/yelp-xsl + yelp-xsl>=0:textproc/yelp-xsl \ + bash:shells/bash LIB_DEPENDS= libgcrypt.so:security/libgcrypt \ libgpg-error.so:security/libgpg-error \ libhandy-1.so:x11-toolkits/libhandy \ @@ -21,16 +22,18 @@ LIB_DEPENDS= libgcrypt.so:security/libgcrypt \ libwebkit2gtk-4.1.so:www/webkit2-gtk@41 RUN_DEPENDS= yelp-xsl>=0:textproc/yelp-xsl -USES= compiler:c11 desktop-file-utils gettext gmake gnome libtool \ - pathfix pkgconfig sqlite tar:xz xorg +USES= compiler:c11 desktop-file-utils gettext gnome meson \ + pkgconfig shebangfix sqlite tar:bzip2 xorg USE_GNOME= cairo gdkpixbuf gtk30 libxml2 libxslt +USE_XORG= ice x11 +SHEBANG_FILES= data/domains/gen_yelp_xml.sh \ + src/link-gnome-help.sh GLIB_SCHEMAS= org.gnome.yelp.gschema.xml USE_LDCONFIG= yes -USE_XORG= ice x11 -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --disable-static -INSTALL_TARGET= install-strip +USE_GITLAB= yes +GL_SITE= https://gitlab.gnome.org +GL_ACCOUNT= GNOME post-patch: @${REINPLACE_CMD} -e 's|%%LIBEXECDIR%%|${PREFIX}/libexec|g' \ diff --git a/x11/yelp/distinfo b/x11/yelp/distinfo index cad0ac3b90f7..67edace3cad2 100644 --- a/x11/yelp/distinfo +++ b/x11/yelp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1685378703 -SHA256 (gnome/yelp-42.2.tar.xz) = a2c5fd0787a9089c722cc66bd0f85cdf7088d870e7b6cc85799f8e5bff9eac4b -SIZE (gnome/yelp-42.2.tar.xz) = 1506136 +TIMESTAMP = 1749912123 +SHA256 (gnome/yelp-42.3.tar.bz2) = cc487a93b6bb9cd5883603ca5db6340449b417dbb429f3be37231f05d7fe514b +SIZE (gnome/yelp-42.3.tar.bz2) = 1355746 diff --git a/x11/yelp/pkg-plist b/x11/yelp/pkg-plist index 2abfd0998668..4c028cf21c92 100644 --- a/x11/yelp/pkg-plist +++ b/x11/yelp/pkg-plist @@ -7,6 +7,7 @@ include/libyelp/yelp-help-list.h include/libyelp/yelp-info-document.h include/libyelp/yelp-mallard-document.h include/libyelp/yelp-man-document.h +include/libyelp/yelp-man-search.h include/libyelp/yelp-search-entry.h include/libyelp/yelp-settings.h include/libyelp/yelp-simple-document.h @@ -69,10 +70,12 @@ share/locale/hi/LC_MESSAGES/yelp.mo share/locale/hr/LC_MESSAGES/yelp.mo share/locale/hu/LC_MESSAGES/yelp.mo share/locale/id/LC_MESSAGES/yelp.mo +share/locale/ie/LC_MESSAGES/yelp.mo share/locale/is/LC_MESSAGES/yelp.mo share/locale/it/LC_MESSAGES/yelp.mo share/locale/ja/LC_MESSAGES/yelp.mo share/locale/ka/LC_MESSAGES/yelp.mo +share/locale/kab/LC_MESSAGES/yelp.mo share/locale/kk/LC_MESSAGES/yelp.mo share/locale/km/LC_MESSAGES/yelp.mo share/locale/kn/LC_MESSAGES/yelp.mohome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506200954.55K9sqoH006715>