textproc/libxslt: remove deprecation notice and expire date

There has been a new upstream maintainer since the deprecation
notice was added. It will take some time for said new maintainer
to get up to speed with the codebase and test any incoming patches.

The software is still generally considered vulnerable as of this
commit.

PR: 289213

textproc/libxml2, textproc/libxslt: vulnerable

Note that libxslt is vulnerable, unfixed, and without maintainer.
Two of four vulnerabilities have been fixed.

Note that libxml2 in our ports is vulnerable and there is no upstream
release fixing these bugs, they need cherry-picks.

Deprecate textproc/xmlto and textproc/minixmlto,
which both depend on the unmaintained and vulnerable libxslt.
I have filed https://pagure.io/xmlto/issue/15 to ask the xmlto
upstream to switch to different XML/XSLT libraries.

Two issues are undisclosed and do not seem to have a CVE assigned yet.

libxml2: chase libxml soversion bump

Mk/bsd.sites.mk: Simplify MASTER_SITES= GNOME

Since GNOME changes their numbering, in some Makefile MASTER_SITES= GNOME is
more complex. This patch simplify for users.

Differential Revision:		https://reviews.freebsd.org/D43183

textproc/libxslt: COPYING no longer present in tarball

${WRKSRC}/Copyright has always contained the appropriate licence terms.

Reported by: vvd
Pointy-hat to: vishwin

textproc/libxslt: update to 1.1.43

Changelog: https://gitlab.gnome.org/GNOME/libxslt/-/blob/v1.1.43/NEWS

Fixes CVE-2024-55549 and CVE-2025-24855

Upstream have disabled CRYPTO and (new OPTION) PLUGINS by default,
as they will be removed in a future version, but the port continues
to have them enabled by default until at least the next update.

Reported by: ngie
Security: a96cd659-303e-11f0-94b5-54ee755069b5
PR: 286782

textproc/libxslt: update to 1.1.42

Changelog: https://gitlab.gnome.org/GNOME/libxslt/-/blob/v1.1.42/NEWS

PR: 279741
Reported by: diizzy
exp-run by: antoine

textproc/libxslt: Moved man to share/man

Approved by:    portmgr (blanket)

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

textproc/libxslt: update to 1.1.37 maintenance release (+)

Changelog:	https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37

textproc/libxslt: update to 1.1.36 release (+)

Changelog:	https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.36

textproc: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  "Choe, Cheng-Dae" whitekid
  *  -
  *  <glewis@FreeBSD.org>
  *  <koshy@india.hp.com>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Aaron Dalton <aaron@daltons.ca>
  *  Aaron Straup Cope
  *  Aaron Straup Cope <ascope@cpan.org>
  *  Ache
  *  Adam Herzog <adam@herzogdesigns.com>
  *  Adam Weinberger <adamw@FreeBSD.org>

textproc/{,py-}libxml2: switch back to autotools

See notes in Makefile and linked PRs.

While here, disable the ICU option by default. CFLAGS for libicu
are passed to libxml2's consumers when the option is enabled. As
icu's API is not stable between versions, PORTREVISION bumps can
get missed.

Additionally, properly exclude all OPTIONS from py-libxml2 and
prevent do-configure from unnecessarily running.

Co-authored-by: diizzy
PR: 262853, 262940, 262877
Approved by: fluffy (mentor)

devel/icu: update to 71.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-71-1
Reported by:	GitHub (watch releases)
PR:		262654
Exp-run by:	antoine
Approved by:	fluffy

textproc/libxslt: switch back to autotools

Many ports use xsltproc as a BUILD_DEPENDS. CMake itself unconditionally
depends on ftp/curl, for which certain options can pull in dependencies
using xsltproc to build.

While here:
- DIST_SUBDIR to gnome
- add devel/icu LIB_DEPENDS

PR: 262853
Pointy-hat to: diizzy
Approved by: fluffy (mentor)
Differential Revision: https://reviews.freebsd.org/D34705

textproc/libxml2: bump all dependencies

This should make sure that all dependent ports will pick
up the new version commited with a13ec21cd733f67a9fc0dc00ab45268bdc236246

textproc/libxslt: Update to 1.1.35 and migrate to CMake

Changelog: https://gitlab.gnome.org/GNOME/libxslt/-/releases#v1.1.35

I'd like to thank both tcberner and mandree for reviewing,
suggesting improvements and helping out in general. I'd also like
thank antoine for doing exp-runs.

PR:		262288
Reviewed by:	tcberner, mandree
Approved by:	desktop (tcberner)
Differential Revision:	https://reviews.freebsd.org/D34384
Exp-run by:	antoine

textproc/libxslt: Unbreak the build after textproc/libxml2 changes.

Reported by:	arrowd

textproc/libxslt: Backport compatibility patches.

These patches are required for the new textproc/libxml2.

PR:		256617
Reviewed by:	arrowd
Tested by:	arrowd

Remove # $FreeBSD$ from Makefiles.

In preparation of the update of glib remove the -reference ports

Those ports mainly concern old Gnome2 libraries, the behaviour of this infra
is not compatible with the meson build system (being used in newer version)
the documentation is provided otherwise in the other version

textproc/libxslt: fix formatting of xsltproc(1)

PR:		243345
Submitted by:	Walter Schwarzenfeld <w.schwarzenfeld@utanet.at>
Reported by:	Lorenzo Salvadore <salvadore@freebsd.org>

textproc/libxslt: update to 1.1.34

PR:		241853
Exp-run by:	antoine
Approved by:	kwm

Create desktop@ as maintainer of some shared desktop ports

This idea has been around for quite some time. Time to make it happen.

In order to share the load on the ports required by multiple desktop
environments start to share the responsibility of maintainership.

This is the initial list that came to mind, but we can probably extend it, to
include another handful of ports.

WWW: https://wiki.freebsd.org/DesktopTeam
Mailing List: https://lists.freebsd.org/mailman/listinfo/freebsd-desktop

Approved by:	swills, kwm (gnome), madpilot (xfce)
Differential Revision:	https://reviews.freebsd.org/D22389

textproc/libxslt: Update to 1.1.33 [1], fix CVE-2019-11068 [2]

PR:		239166 [1]
PR:		238049 [2]
Submitted by:	egypcio [2]
Exp-run by:	antoine [1]
Obtained
from:	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
[2]

textproc/libxml2: Update to 2.9.9 [1]

While here, fix a bug in libxslt triggered by the libxml2 update

PR:		235713 [1]
PR:		238522
Exp-run by:	antoine
Reported by:	kunda <chitty_cloud@me.com> [1]
Reviewed by:	kwm [1] [2]
Obtained
from:	https://gitlab.gnome.org/GNOME/libxslt/commit/5b0965010abf274f7a3a1291d16dde34c167e8a7

Update to 1.1.32

Switch some MASTER_SITES from http/ftp to https.

Also some cleanup of dead entries.

PR:		226203
Submitted by:	Sam H
Sponsored by:	Absolight

Remove libxslt.so.2 and libexslt.so.8 compatibility links that were added in
r374303 to prevent massive PORTREVISION bumps.  Bump dependent ports that
have not been bumped since.

Do not use post-stage.  Use post-install instead.

The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.

PR:		214780
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight

textproc/libxslt: Update to 1.1.29

Changelog:
https://git.gnome.org/browse/libxslt/commit/NEWS?id=9a1b3ddf6034aa2f6a30b4b7ea4bfc3c4037cd58

Absent from the Changelog are the CVEs Google discovered, CVE-2016-1683
and CVE-2016-1684. This library needs to be updated to ensure
www/chromium is no longer vulnerable to these CVEs. Additionally the
changelog notes a fix for CVE-2015-7995, but we solved that previously
with a patch to the port.

PR:		210298
MFH:		2016Q2
Security:	CVE-2016-1683
Security:	CVE-2016-1684

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

Fix CVE-2015-7995

Obtained from:	libxslt upstream
MFH:		2015Q4
Security:	ecc268f2-8fc2-11e5-918c-bcaec565249c

Add patch to support the --maxvars argument in xsltproc.

Submitted by:	wblock@
Obtained from:	libxslt upstream.

- Add CPE info

Approved by:	portmgr blanket

security/libgcrypt: 1.6.1 -> 1.6.2, bump depends

Changes:
- src/sexp.c (do_vsexp_sscan): Return error for invalid args.
- cipher/md.c (_gcry_md_info): Fix a segv in case of calling
  with wrong parameters.
- cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
  error code, possible NULL deref in call to prime generator.
- cipher/dsa.c (generate): Take care of new return code.
- cipher/elgamal.c (generate): Change to return an error code.  Take
	care of _gcry_generate_elg_prime return code.
- ecc: Support the non-standard 0x40 compression flag for EdDSA.
- mpi: Extend the internal mpi_get_buffer.
- mpi: Fix regression for powerpc-apple-darwin detection.
- Fix bug inhibiting the use of the sentinel attribute in src/gcrypt.h.in

Replace USES=libtool:oldver with USES=libtool or USES=libtool:keepla in
the 32 ports that still use it.  Bump PORTREVISION on their dependent
ports except the ones that depend on these:

audio/libogg
audio/libvorbis
devel/pcre
ftp/curl
graphics/jpeg
graphics/libart_lgpl
graphics/tiff
textproc/expat2
textproc/libxslt

In these cases the same trick as in the recent gettext update is used.

Unbreak py-libxslt

Simplify plist

security/libgcrypt: 1.5.3_3 -> 1.6.1

- Update to 1.6.1
- Remove some unneeded patches
- Fix pkg-plist
- report configure bug upstream
  https://bugs.g10code.com/gnupg/issue1668
- report API breakage downstream and find that MacPorts had the same issue
  https://rt.cpan.org/Ticket/Display.html?id=97201
- bump PORTREVISION for dependent ports (approx. 100 ports)
- Thanks to exp-run by antoine@ to find ports that break
- patch ports that would otherwise break
  security/shishi with PR 192164 is already committed
  [1] devel/ccrtp
  [2] editors/abiword
  [3] security/p5-Crypt-GCrypt

PR:		191256, 192162 [1], 192163 [2], 192166 [3]
Submitted by:	Carlos Jacobo Puga Medina <cjpugmed@gmail.com>
Approved by:	maintainer timeout, antoine (exp-run), portmgr (implicit)

Rename all patches that contain '::' as a path separator, and use
'__' instead.

Rename textproc/ patch-xy patches to reflect the files they modify.

Switch to USES=libtool
Strip binaries

PR:		ports/188978
Submitted by:	tijl
Approved by:	kwm (gnome)

Bump portrevision for libxml2 shlib change.

- Stage support
- Convert to USES

Add NO_STAGE all over the place in preparation for the staging support (cat:
textproc)

Put faster site first [1], while here add http mirror.

PR:		ports/178523 [1]
Submitted by:	Kubilay Kocak <koobs.freebsd@gmail.com>

Chase security/libgcrypt update

- Update to 1.1.28. [1]
- Add LICENSE. [1]
- Convert to OPTIONSng. [2]
- Update the header. [2]

PR:		ports/174643 [1]
Submitted by:	Pedro Giffuni <giffunip@tutopia.com> [1]
		kwm@ [2]

- Remove WITH_FBSD10_FIX, is no longer needed

- Fix build on FreeBSD 10

Approved by:    kwm implicit

- Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:             157936
Submitted by:   myself
Exp-runs by:    pav
Approved by:    pav

Remove USE_GNOME=gnometarget from ports. It has been a empty keyword since
mid 2008.

PR:             ports/159624
Submitted by:   Ruslan Mahmatkhanov <cvs-src@yandex.ru>

- Chase the libgcrypt shared lib version

Remove quote from CPPFLAGS.

CPPFLAGS is now automatically passed via CONFIGURE_ENV; just set that. [1]

Remove the MD5 checksum on the way.

Approved by:    gnome (marcus) [1]

Chase security/libgcrypt shlib bump.

PR:             ports/148755
Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp>

Remove USE_GETTEXT. There is no perfect solution in the ports tree. It's
exactly why we have portmaster -r or portupgrade -r for that.

PR:             ports/147655
Reported by:    Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
Discussed with: marcus
Feature safe:   yes

Gettext is only required in the crypto path.

Reported by:    Claude Buisson <clbuisson@orange.fr>

Bump the PORTREVISION for libxslt.

PR:             147294

Bump PORTREVISION and add USE_GETTEXT where missing.

PR:             147257

Update to 1.1.26.

Feature safe:   yes

Update to 1.1.25, and use OPTIONS instead of pre-everything for crypto
support.

Feature safe:   yes

- Bump PORTREVISION due to share library version bump in security/libgcrypt

PR:              ports/127478

Security fix libxslt heap overflow, bump the PORTREVISION.

PR:             ports/126869
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Obtained from:  http://www.ocert.org/advisories/ocert-2008-009.html
Security:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935

Update to 1.1.24. As for the py-libxslt, get it able to find Python correct
when PREFIX is set other than LOCALBASE and will allowing the modules to build.

Remove xmlsoft.org and use GNOME mirrors. The xmlsoft.org's tarballs are
corruped.

Reported by:    edwin

Chase libgcrypt library version

Update to 1.1.22.

Update to 1.1.21.

Update to 1.1.20.

- Update to 1.1.19

INSTALLS_SHLIB -> USE_LDCONFIG.

Found by:       portlint (cports.sh)

Update to 1.1.17.

- Add header in these *-reference ports.
- Fix a few of pkg-descr by chase the rename.
- Move all PORTREVISION and PORTEPOCH to top with ?=.
- Put USE_X_PREFIX back in, but under REFERENCE_PORT, and remove PREFIX? and
  USE_XLIB. This fix ports to use the correct mtree when you change the prefix,
  for example:

        Incorrect: (Without USE_X_PREFIX)
        ================================
        # cd /usr/ports/x11-toolkits/gtk20
        # make -V MTREE_FILE
        /etc/mtree/BSD.x11-4.dist
        # make PREFIX=/tmp/foo -V MTREE_FILE
        /etc/mtree/BSD.local.dist <-- Here...
        ================================

Remove USE_REINPLACE from categories starting with T

Move the libxslt programming reference to the libxslt-reference port.

* Fix build on 4.X [1]
* Handle creating and removal of the libxslt-plugins directory [2]

PR:             96707 [1]
Submitted by:   Sven Berkvens-Matthijsse <sven@ilse.net> [1]
Reported by:    pointyhat via kris [2]

Update to 1.1.16.

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

- Add SHA256 checksums

Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.

Update to 1.1.15.

Update to 1.1.14.

Update to 1.1.13.

- Fix py-libxslt

Reported by:    krismail

Chase libgcrypt shared library version of ports with optional
dependency on libgcrypt.

Submitted by:   philip
pointyhat to:   arved

Update to 1.1.12.

Update to 1.1.11.

Update to 1.1.10.

Update to 1.1.9.

Apply a big libtool patch to allow porters to use the libtool installed by
the libtoolX ports instead of the one included with each port.  Ports that
set USE_LIBTOOL_VER=X will now use the ports version of libtool instead of
the included version.  To restore previous behavior, use the new macro,
USE_INC_LIBTOOL_VER.  Both macros accept the same argument: a libtool version.

For example, to use the ports version of libtool-1.5, add the following to
your Makefile:

USE_LIBTOOL_VER=        15

To use the included version of libtool with extra hacks provided by
libtool-1.5, add the following to your Makefile:

USE_INC_LIBTOOL_VER=    15

With this change, ports that had to add additional libtool hacks to prevent
.la files from being installed or to fix certain threading issues can now
delete those hacks (after appropriate testing, of course).

PR:             63944
Based on work by:eik and marcus
Approved by:    ade (autotools maintainer)
Tested by:      kris on pointyhat
Bound to be hidden problems:    You bet

- Let MAINTAINER and COMMNET variables be overwriten from slave ports.
- Also note that previous commit fixed hier compliance issue.

Remove Python bingdings here as they going to be reintroduced in
slave port.

Tested by:      adamw, marcus

Update to 1.1.8.

Update to 1.1.6.

Actually commit the update to 1.1.5.

Whoa there, boy, that's a mighty big commit y'all have there...

Begin autotools sanitization sequence by requiring ports to explicitly
specify which version of {libtool,autoconf,automake} they need, erasing
the concept of a "system default".

For ports-in-waiting:

        USE_LIBTOOL=YES         ->      USE_LIBTOOL_VER=13
        USE_AUTOCONF=YES        ->      USE_AUTOCONF_VER=213
        USE_AUTOMAKE=YES        ->      USE_AUTOMAKE_VER=14

Ports attempting to use the old style system after June 1st 2004 will be
sorely disappointed.

* Update to 1.1.4
* Use OPTIONS where feasible