diff --git a/SOURCES/0001-change-default-updateDocMode-behavior-and-add-new-op.patch b/SOURCES/0001-change-default-updateDocMode-behavior-and-add-new-op.patch new file mode 100644 index 0000000..ce350df --- /dev/null +++ b/SOURCES/0001-change-default-updateDocMode-behavior-and-add-new-op.patch @@ -0,0 +1,193 @@ +From cc62c28fda69ab948f2d169d6a20f3d5c3bfda2e Mon Sep 17 00:00:00 2001 +From: Samuel Erb +Date: Tue, 17 Sep 2019 12:22:12 -0400 +Subject: [PATCH] change default updateDocMode behavior and add new option to + keep old behavior (#510) + +(cherry picked from commit acfac594e643f9c44f1c3b8d6d8957190a4d76f2) +Conflicts: + unoconv + unoconv2.py + unoconv3.py +--- + unoconv2.py | 27 ++++++++++++++++++--------- + unoconv3.py | 27 ++++++++++++++++++--------- + 2 files changed, 36 insertions(+), 18 deletions(-) + +diff --git a/unoconv2.py b/unoconv2.py +index cf45010..22dee0b 100755 +--- a/unoconv2.py ++++ b/unoconv2.py +@@ -523,6 +523,7 @@ class Options: + self.template = None + self.timeout = 6 + self.verbose = 0 ++ self.updateDocMode = UNO_NO_UPDATE + + ### Get options from the commandline + try: +@@ -530,7 +531,7 @@ class Options: + ['connection=', 'debug', 'doctype=', 'export=', 'format=', + 'help', 'import', 'listener', 'no-launch', 'output=', + 'outputpath', 'password=', 'pipe=', 'port=', 'server=', +- 'timeout=', 'show', 'stdout', 'template', 'verbose', ++ 'timeout=', 'show', 'stdout', 'template', 'unsafe-quiet-update', 'verbose', + 'version'] ) + except getopt.error, exc: + print 'unoconv: %s, try unoconv -h for a list of all the options' % str(exc) +@@ -609,6 +610,10 @@ class Options: + self.template = arg + elif opt in ['-T', '--timeout']: + self.timeout = int(arg) ++ elif opt in ['--unsafe-quiet-update']: ++ # ref https://www.openoffice.org/api/docs/common/ref/com/sun/star/document/UpdateDocMode.html ++ print('Warning: Do not use the option --unsafe-quiet-update with untrusted input.') ++ self.updateDocMode = UNO_QUIET_UPDATE + elif opt in ['-v', '--verbose']: + self.verbose = self.verbose + 1 + elif opt in ['-V', '--version']: +@@ -699,6 +704,7 @@ unoconv options: + --stdout write output to stdout + -t, --template=file import the styles from template (.ott) + -T, --timeout=secs timeout after secs if connection to listener fails ++ --unsafe-quiet-update allow rendered document to fetch external resources (Warning: this is unsafe with untrusted input) + -v, --verbose be more and more verbose (-vvv for debugging) + ''' + +@@ -826,7 +832,7 @@ class Convertor: + phase = "import" + + ### Load inputfile +- inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=UNO_QUIET_UPDATE) ++ inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=op.updateDocMode) + + # if op.password: + # info = GlobalUnoProps(algorithm-name="PBKDF2", salt="salt", iteration-count=1024, hash="hash") +@@ -859,13 +865,14 @@ class Convertor: + print >>sys.stderr, 'unoconv: template file `%s\' does not exist.' % op.template + exitcode = 1 + +- ### Update document links +- phase = "update-links" +- try: +- document.updateLinks() +- except AttributeError: +- # the document doesn't implement the XLinkUpdate interface +- pass ++ ### Update document links links if appropriate ++ if op.updateDocMode != UNO_NO_UPDATE: ++ phase = "update-links" ++ try: ++ document.updateLinks() ++ except AttributeError: ++ # the document doesn't implement the XLinkUpdate interface ++ pass + + ### Update document indexes + phase = "update-indexes" +@@ -1131,6 +1138,7 @@ def run(): + ### Now that we have found a working pyuno library, let's import some classes + global UnoPropertyValue + global UnoNoConnectException ++ global UNO_NO_UPDATE + global UNO_QUIET_UPDATE + global UnoDisposedException + global UnoIllegalArgumentException +@@ -1142,6 +1150,7 @@ def run(): + + from com.sun.star.beans import PropertyValue as UnoPropertyValue + from com.sun.star.connection import NoConnectException as UnoNoConnectException ++ from com.sun.star.document.UpdateDocMode import NO_UPDATE as UNO_NO_UPDATE + from com.sun.star.document.UpdateDocMode import QUIET_UPDATE as UNO_QUIET_UPDATE + from com.sun.star.lang import DisposedException as UnoDisposedException + from com.sun.star.lang import IllegalArgumentException as UnoIllegalArgumentException +diff --git a/unoconv3.py b/unoconv3.py +index 84b59f3..da3922f 100755 +--- a/unoconv3.py ++++ b/unoconv3.py +@@ -523,6 +523,7 @@ class Options: + self.template = None + self.timeout = 6 + self.verbose = 0 ++ self.updateDocMode = UNO_NO_UPDATE + + ### Get options from the commandline + try: +@@ -530,7 +531,7 @@ class Options: + ['connection=', 'debug', 'doctype=', 'export=', 'format=', + 'help', 'import', 'listener', 'no-launch', 'output=', + 'outputpath', 'password=', 'pipe=', 'port=', 'server=', +- 'timeout=', 'show', 'stdout', 'template', 'verbose', ++ 'timeout=', 'show', 'stdout', 'template', 'unsafe-quiet-update', 'verbose', + 'version'] ) + except getopt.error as exc: + print('unoconv: %s, try unoconv -h for a list of all the options' % str(exc)) +@@ -609,6 +610,10 @@ class Options: + self.template = arg + elif opt in ['-T', '--timeout']: + self.timeout = int(arg) ++ elif opt in ['--unsafe-quiet-update']: ++ # ref https://www.openoffice.org/api/docs/common/ref/com/sun/star/document/UpdateDocMode.html ++ print('Warning: Do not use the option --unsafe-quiet-update with untrusted input.') ++ self.updateDocMode = UNO_QUIET_UPDATE + elif opt in ['-v', '--verbose']: + self.verbose = self.verbose + 1 + elif opt in ['-V', '--version']: +@@ -699,6 +704,7 @@ unoconv options: + --stdout write output to stdout + -t, --template=file import the styles from template (.ott) + -T, --timeout=secs timeout after secs if connection to listener fails ++ --unsafe-quiet-update allow rendered document to fetch external resources (Warning: this is unsafe with untrusted input) + -v, --verbose be more and more verbose (-vvv for debugging) + ''', file=sys.stderr) + +@@ -826,7 +832,7 @@ class Convertor: + phase = "import" + + ### Load inputfile +- inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=UNO_QUIET_UPDATE) ++ inputprops = GlobalUnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=op.updateDocMode) + + # if op.password: + # info = GlobalUnoProps(algorithm-name="PBKDF2", salt="salt", iteration-count=1024, hash="hash") +@@ -859,13 +865,14 @@ class Convertor: + print('unoconv: template file `%s\' does not exist.' % op.template, file=sys.stderr) + exitcode = 1 + +- ### Update document links +- phase = "update-links" +- try: +- document.updateLinks() +- except AttributeError: +- # the document doesn't implement the XLinkUpdate interface +- pass ++ ### Update document links if appropriate ++ if op.updateDocMode != UNO_NO_UPDATE: ++ phase = "update-links" ++ try: ++ document.updateLinks() ++ except AttributeError: ++ # the document doesn't implement the XLinkUpdate interface ++ pass + + ### Update document indexes + phase = "update-indexes" +@@ -1131,6 +1138,7 @@ def run(): + ### Now that we have found a working pyuno library, let's import some classes + global UnoPropertyValue + global UnoNoConnectException ++ global UNO_NO_UPDATE + global UNO_QUIET_UPDATE + global UnoDisposedException + global UnoIllegalArgumentException +@@ -1142,6 +1150,7 @@ def run(): + + from com.sun.star.beans import PropertyValue as UnoPropertyValue + from com.sun.star.connection import NoConnectException as UnoNoConnectException ++ from com.sun.star.document.UpdateDocMode import NO_UPDATE as UNO_NO_UPDATE + from com.sun.star.document.UpdateDocMode import QUIET_UPDATE as UNO_QUIET_UPDATE + from com.sun.star.lang import DisposedException as UnoDisposedException + from com.sun.star.lang import IllegalArgumentException as UnoIllegalArgumentException +-- +2.24.1 + diff --git a/SPECS/unoconv.spec b/SPECS/unoconv.spec index 69828c6..9d33e63 100644 --- a/SPECS/unoconv.spec +++ b/SPECS/unoconv.spec @@ -1,7 +1,7 @@ Summary: Tool to convert between any document format supported by LibreOffice Name: unoconv Version: 0.6 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: System Environment/Base URL: http://dag.wieers.com/home-made/unoconv/ @@ -9,6 +9,7 @@ Source: http://dag.wieers.com/home-made/%{name}/%{name}-%{version}.tar.gz Patch0: 0001-Fix-a-broken-export-option-and-add-V-as-alternative-.patch Patch1: 0001-python3-added-compatibility.patch Patch2: 0001-update-FSF-address.patch +Patch3: 0001-change-default-updateDocMode-behavior-and-add-new-op.patch BuildArch: noarch Requires: libreoffice-calc @@ -32,6 +33,7 @@ RTF, Docbook (.xml), and more. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build @@ -54,6 +56,9 @@ popd %{_bindir}/%{name} %changelog +* Mon Mar 30 2020 Stephan Bergmann - 0.6-8 +- Resolves: rhbz#1803831 CVE-2019-17400 + * Fri Jan 31 2014 David Tardon - 0.6-7 - Resolves: rhbz#1056203 make sure all important filters are available