Created attachment 208513 [details] update ; add CVE patch Updated to latest version, also applied a cherry-pick to fix CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17400 Changed source to Github, newest version wasn't on the site previously in MASTER_SITES Tested unoconv after update via converting a adoc file to a pdf file and it worked. Also did 'unoconv --listener' listed in bug #239106 and got no segfault listed in the bug report. Built fine in poudriere for: 12/13-amd64 12/13-i386 and 12-arm64
Created attachment 208514 [details] update ; add CVE patch Removed patch prefixes
Comment on attachment 208514 [details] update ; add CVE patch Approved by: portmgr (unmaintained port)
Pending VuXML entry
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/90759961
(In reply to Kubilay Kocak from comment #3) Will work on this tomorrow sometime
Created attachment 208540 [details] VuXML entry
files/patch_unoconv is not in a unified diff format -- see how there are multiple "<<<<< HEAD", "======" and ">>>>> " lines in there. If the upstream commit applies cleanly on 0.8.2, I suggest just downloading the commit from GitHub in a diff format (https://github.com/unoconv/unoconv/commit/acfac594e643f9c44f1c3b8d6d8957190a4d76f2.diff) and removing the "a/" and "b/" from the paths. The VuXML entry needs to be adjusted too: - The <topic> entry usually begins with "$packagename --" (so "unoconv -- SSRF and local file inclusion"). - The <p> entry inside the <blockquote> has a leading "escription" that shouldn't be there. - You should add <freebsdpr> and <cvename> entries to <references>
ping?