[Slackbuilds-users] Please patch yelp and yelp-xsl to overcome a security flaw
Didier Spaier
didier at slint.fr
Thu Apr 24 16:05:21 UTC 2025
On 22/04/2025 03:10, Willy Sudiarto Raharjo wrote:
>> as recommended by Michael Catanzaro:
>> https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-
>> vulnerability-in-yelp-cve-2025-3155/
>> I have patched locally yelp and yelp-xsl using these patches (also attached):
>> https://gitlab.gnome.org/GNOME/yelp/-/issues/221#note_2359937
>> against yelp-42.2 and yel-xsl-42.1 respectively
>>
>> I suggest that they be applied to the SlackBuilds @ SBo.
>
> I have read the blog and the patch, but i would prefer an official patch that
> has been reviewed by upstream itself.
Your choice.
>> PS while I was at it I wanted to upgrade webkit2gtk to the last version as
>> recommended by upstream for security reasons but could not because icu4c shipped
>> in Slackware 15.0 is too old. I have posted about that on LQ:
>> https://www.linuxquestions.org/questions/slackware-14/how-do-i-package-a-
>> newer-icu4c-to-allow-upgrading-webkit2gtk-without-rebuilding-other-
>> dependees-4175749884/
> I also tried this before, but no luck after several attempts, so i didn't do
> further research on this.
I failed several times but ended up succeeding as I have posted here:
https://www.linuxquestions.org/questions/slackware-14/how-do-i-package-a-newer-icu4c-to-allow-upgrading-webkit2gtk-without-rebuilding-other-dependees-4175749884/#post6568326
I am glad ~/.ccache made the builds attempts faster;)
Cheers,
Didier
More information about the SlackBuilds-users
mailing list