Date: Sun, 15 Dec 2024 11:36:30 GMT From: Yuri Victorovich <yuri@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 4327d290f8f3 - main - textproc/halibut: update 1.2 =?utf-8?Q?=E2=86=92?= 1.3 Message-ID: <202412151136.4BFBaUxt012429@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by yuri: URL: https://cgit.FreeBSD.org/ports/commit/?id=4327d290f8f3c3fc5323f8ed48cf1b2cac43aee3 commit 4327d290f8f3c3fc5323f8ed48cf1b2cac43aee3 Author: Älven <alster@vinterdalen.se> AuthorDate: 2024-12-15 11:34:17 +0000 Commit: Yuri Victorovich <yuri@FreeBSD.org> CommitDate: 2024-12-15 11:36:17 +0000 textproc/halibut: update 1.2 → 1.3 PR: 282213 --- security/vuxml/vuln/2024.xml | 42 +++++++++++++++++++++++++++++++ textproc/halibut/Makefile | 7 +++--- textproc/halibut/distinfo | 6 ++--- textproc/halibut/files/patch-Makefile | 13 ---------- textproc/halibut/files/patch-doc_Makefile | 17 ------------- 5 files changed, 49 insertions(+), 36 deletions(-) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 6c648012e1d5..f6001c5084e0 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -2144,6 +2144,48 @@ </dates> </vuln> + <vuln vid="3152a474-9390-11ef-87ad-a8a15998b5cb"> + <topic>halibut -- Segmentation fault, denial of service or possibly other unspecified impact via a crafted text document</topic> + <affects> + <package> + <name>halibut</name> + <range><eq>1.2</eq></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>cve@mitre.org reports:</p> + <blockquote cite="https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf">; + <p>CVE-2021-42612: A use after free in cleanup_index in index.c in Halibut 1.2 allows + an attacker to cause a segmentation fault or possibly have other + unspecified impact via a crafted text document.</p> + </blockquote> + <blockquote cite="https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df">; + <p>CVE-2021-42613: A double free in cleanup_index in index.c in Halibut 1.2 allows an + attacker to cause a denial of service or possibly have other + unspecified impact via a crafted text document.</p> + </blockquote> + <blockquote cite="https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf">; + <p>CVE-2021-42614: A use after free in info_width_internal in bk_info.c in Halibut 1.2 + allows an attacker to cause a segmentation fault or possibly have + unspecified other impact via a crafted text document.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-42612</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2021-42612</url>; + <cvename>CVE-2021-42613</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2021-42613</url>; + <cvename>CVE-2021-42614</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2021-42614</url>; + </references> + <dates> + <discovery>2022-05-24</discovery> + <entry>2024-10-26</entry> + </dates> + </vuln> + <vuln vid="fcb0e00f-d7d3-49b6-a4a1-852528230912"> <topic>electron31 -- multiple vulnerabilities</topic> <affects> diff --git a/textproc/halibut/Makefile b/textproc/halibut/Makefile index 5e793558e15a..11f6f3f98cf4 100644 --- a/textproc/halibut/Makefile +++ b/textproc/halibut/Makefile @@ -1,6 +1,5 @@ PORTNAME= halibut -DISTVERSION= 1.2 -PORTREVISION= 1 +DISTVERSION= 1.3 CATEGORIES= textproc MASTER_SITES= https://www.chiark.greenend.org.uk/~sgtatham/halibut/halibut-${DISTVERSION}/ @@ -11,10 +10,12 @@ WWW= https://www.chiark.greenend.org.uk/~sgtatham/halibut/ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENCE -USES= gmake perl5 +USES= cmake cpe perl5 +CPE_VENDOR= halibut_project CFLAGS+= -fcommon # ld: error: duplicate symbol: all_fonts +INFO= halibut* PLIST_FILES= bin/halibut \ share/man/man1/halibut.1.gz diff --git a/textproc/halibut/distinfo b/textproc/halibut/distinfo index 19b21663cef2..193a9e928448 100644 --- a/textproc/halibut/distinfo +++ b/textproc/halibut/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1616800039 -SHA256 (halibut-1.2.tar.gz) = 1aedfb6240f27190c36a390fcac9ce732edbdbaa31c85ee675b994e2b083163f -SIZE (halibut-1.2.tar.gz) = 991975 +TIMESTAMP = 1729367343 +SHA256 (halibut-1.3.tar.gz) = aaa0f7696f17f74f42d97d0880aa088f5d68ed3079f3ed15d13b6e74909d3132 +SIZE (halibut-1.3.tar.gz) = 995916 diff --git a/textproc/halibut/files/patch-Makefile b/textproc/halibut/files/patch-Makefile deleted file mode 100644 index 03f8a043d0db..000000000000 --- a/textproc/halibut/files/patch-Makefile +++ /dev/null @@ -1,13 +0,0 @@ ---- Makefile.orig 2017-05-15 07:49:44 UTC -+++ Makefile -@@ -120,8 +120,8 @@ clean:: - - install: - mkdir -p $(prefix) $(bindir) -- $(INSTALL) -m 755 halibut $(bindir)/halibut -- $(MAKE) -C ../doc install prefix="$(prefix)" INSTALL="$(INSTALL)" -+ $(INSTALL) -m 755 halibut $(DESTDIR)$(bindir)/halibut -+ $(MAKE) -C ../doc install prefix="$(DESTDIR)$(prefix)" INSTALL="$(INSTALL)" - - FORCE: # phony target to force version.o to be rebuilt every time - diff --git a/textproc/halibut/files/patch-doc_Makefile b/textproc/halibut/files/patch-doc_Makefile deleted file mode 100644 index 8b2ac6b1c91a..000000000000 --- a/textproc/halibut/files/patch-doc_Makefile +++ /dev/null @@ -1,17 +0,0 @@ ---- doc/Makefile.orig 2017-05-15 07:49:44 UTC -+++ doc/Makefile -@@ -1,4 +1,4 @@ --mandir=$(prefix)/man -+mandir=$(prefix)/share/man - man1dir=$(mandir)/man1 - - CHAPTERS := $(SITE) blurb intro running input output licence manpage index -@@ -16,7 +16,7 @@ halibut.1: manpage.but - halibut.1: manpage.but - $(HALIBUT) --man=halibut.1 manpage.but - --install: -+install: halibut.1 - mkdir -p $(man1dir) - $(INSTALL) -m 644 halibut.1 $(man1dir)/halibut.1 -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202412151136.4BFBaUxt012429>