Attachment 208513 Details for Bug 241422 – update ; add CVE patch

[patch] update ; add CVE patch

0001-textproc-unoconv.patch (text/plain), 9.06 KB, created by Nathan on 2019-10-22 21:41:19 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nathan

Created: 2019-10-22 21:41:19 UTC

Size: 9.06 KB

patch

obsolete

>From 02f43562530404a9d2611e19f2da115ac25d6b59 Mon Sep 17 00:00:00 2001
>From: Nathan Owens <ndowens04@gmail.com>
>Date: Tue, 22 Oct 2019 15:54:46 -0500
>Subject: [PATCH] textproc/unoconv
>
>* Update to latest version
>* Create patch from git cherry-pick
>  - Fixes CVE-2019-17400
>---
> textproc/unoconv/Makefile            |  19 ++---
> textproc/unoconv/distinfo            |   7 +-
> textproc/unoconv/files/patch_unoconv | 116 +++++++++++++++++++++++++++
> textproc/unoconv/pkg-plist           |   1 -
> 4 files changed, 124 insertions(+), 19 deletions(-)
> create mode 100644 textproc/unoconv/files/patch_unoconv
>
>diff --git a/textproc/unoconv/Makefile b/textproc/unoconv/Makefile
>index 90da93df2..0337bfdb9 100644
>--- a/textproc/unoconv/Makefile
>+++ b/textproc/unoconv/Makefile
>@@ -2,16 +2,8 @@
> # $FreeBSD$
> 
> PORTNAME=	unoconv
>-PORTVERSION=	0.6
>-PORTREVISION=	1
>+PORTVERSION=	0.8.2
> CATEGORIES=	textproc python
>-MASTER_SITES=	http://dag.wieers.com/home-made/${PORTNAME}/ \
>-		SF/nemysisfreebsdp/textproc/:icons
>-DISTFILES=	${PORTNAME}-${DISTVERSION}${EXTRACT_SUFX} \
>-		${PORTNAME}.png:icons
>-DIST_SUBDIR=	python
>-EXTRACT_ONLY=	${PORTNAME}-${DISTVERSION}${EXTRACT_SUFX}
>-
> MAINTAINER=	ports@FreeBSD.org
> COMMENT=	Convert any document from and to any LibreOffice supported format
> 
>@@ -20,17 +12,18 @@ LICENSE=	GPLv2
> RUN_DEPENDS=	xsltproc:textproc/libxslt
> 
> USES=		python
>+USE_GITHUB=	yes
> NO_BUILD=	yes
> 
> PORTDOCS=	*
> 
> DOCSRCDIR1=	${WRKSRC}
>-DOC_FILES1=	AUTHORS ChangeLog README.asciidoc WISHLIST
>+DOC_FILES1=	AUTHORS ChangeLog README.adoc
> 
> DOCSRCDIR2=	${WRKSRC}/doc
> DOCSDIR2=	${DOCSDIR}/doc
>-DOC_FILES2=	errcode.txt filters.txt formats.txt office-installations.txt \
>-		selinux.txt unoconv.1.txt
>+DOC_FILES2=	errcode.adoc filters.adoc formats.adoc office-installations.adoc \
>+		selinux.adoc unoconv.1.adoc
> 
> OPTIONS_DEFINE=	DOCS
> 
>@@ -50,8 +43,6 @@ do-install:
> 	@(cd ${WRKSRC}/tests && ${INSTALL_DATA} ${f} ${STAGEDIR}${DATADIR}/tests)
> .endfor
> 
>-	${INSTALL_DATA} ${_DISTDIR}/${PORTNAME}.png \
>-		${STAGEDIR}${PREFIX}/share/pixmaps/
> 	${INSTALL_MAN} ${WRKSRC}/doc/${PORTNAME}.1 \
> 		${STAGEDIR}${MAN1PREFIX}/man/man1/
> 
>diff --git a/textproc/unoconv/distinfo b/textproc/unoconv/distinfo
>index 8b98fbf4e..2f6eb04de 100644
>--- a/textproc/unoconv/distinfo
>+++ b/textproc/unoconv/distinfo
>@@ -1,4 +1,3 @@
>-SHA256 (python/unoconv-0.6.tar.gz) = 790e614b8615217ef4588b187f0018b526ec2bb480c6b9b2ffb9b82f48da73d4
>-SIZE (python/unoconv-0.6.tar.gz) = 91578
>-SHA256 (python/unoconv.png) = 459f7dbc60e34ccce5c9d46a7317be02dd3c8275e7f7588b7b3885c67b6738eb
>-SIZE (python/unoconv.png) = 744
>+TIMESTAMP = 1571775819
>+SHA256 (unoconv-unoconv-0.8.2_GH0.tar.gz) = 5381c0338d50e9b05cd30f8724b796e3bf426e9dde3d51169b3511de22de14a6
>+SIZE (unoconv-unoconv-0.8.2_GH0.tar.gz) = 104072
>diff --git a/textproc/unoconv/files/patch_unoconv b/textproc/unoconv/files/patch_unoconv
>new file mode 100644
>index 000000000..00287e734
>--- /dev/null
>+++ b/textproc/unoconv/files/patch_unoconv
>@@ -0,0 +1,116 @@
>+From f0d6a4c980f9f58014908afb23793cb4e4ac55af Mon Sep 17 00:00:00 2001
>+From: Samuel Erb <samrerb@erbbysam.com>
>+Date: Tue, 17 Sep 2019 12:22:12 -0400
>+Subject: [PATCH] change default updateDocMode behavior and add new option to
>+ keep old behavior (#510)
>+
>+---
>+ unoconv | 41 +++++++++++++++++++++++++++++++++++++++--
>+ 1 file changed, 39 insertions(+), 2 deletions(-)
>+
>+diff --git a/unoconv b/unoconv
>+index f844d0f..8cf17e9 100755
>+--- unoconv
>++++ unoconv
>+@@ -543,6 +543,11 @@ class Options:
>+         self.template = None
>+         self.timeout = 6
>+         self.verbose = 0
>++<<<<<<< HEAD
>++=======
>++        self.userProfile = None
>++        self.updateDocMode = NO_UPDATE
>++>>>>>>> acfac59... change default updateDocMode behavior and add new option to keep old behavior (#510)
>+ 
>+         self.setprinter = False
>+         self.paperformat = None
>+@@ -555,8 +560,13 @@ class Options:
>+                 ['connection=', 'debug', 'doctype=', 'export=', 'field=', 'format=',
>+                  'help', 'import=', 'import-filter-name=', 'listener', 'meta=', 'no-launch',
>+                  'output=', 'outputpath', 'password=', 'pipe=', 'port=', 'preserve',
>++<<<<<<< HEAD
>+                  'server=', 'timeout=', 'show', 'stdin', 'stdout', 'template', 'printer=',
>+                  'verbose', 'version'] )
>++=======
>++                 'server=', 'timeout=', 'user-profile=', 'show', 'stdin',
>++                 'stdout', 'template', 'printer=', 'unsafe-quiet-update', 'verbose', 'version'] )
>++>>>>>>> acfac59... change default updateDocMode behavior and add new option to keep old behavior (#510)
>+         except getopt.error as exc:
>+             print('unoconv: %s, try unoconv -h for a list of all the options' % str(exc))
>+             sys.exit(255)
>+@@ -646,6 +656,10 @@ class Options:
>+                 self.template = arg
>+             elif opt in ['-T', '--timeout']:
>+                 self.timeout = int(arg)
>++            elif opt in ['--unsafe-quiet-update']:
>++                # ref https://www.openoffice.org/api/docs/common/ref/com/sun/star/document/UpdateDocMode.html
>++                print('Warning: Do not use the option --unsafe-quiet-update with untrusted input.')
>++                self.updateDocMode = QUIET_UPDATE
>+             elif opt in ['-v', '--verbose']:
>+                 self.verbose = self.verbose + 1
>+             elif opt in ['-V', '--version']:
>+@@ -760,6 +774,7 @@ unoconv options:
>+       --stdout                        write output to stdout
>+   -t, --template=file                 import the styles from template (.ott)
>+   -T, --timeout=secs                  timeout after secs if connection to listener fails
>++      --unsafe-quiet-update           allow rendered document to fetch external resources (Warning: this is unsafe with untrusted input)
>+   -v, --verbose                       be more and more verbose (-vvv for debugging)
>+       --version                       display version number of unoconv, OOo/LO and platform details
>+   -P, --printer                       printer options
>+@@ -930,7 +945,7 @@ class Convertor:
>+             phase = "import"
>+ 
>+             ### Load inputfile
>+-            inputprops = UnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=QUIET_UPDATE)
>++            inputprops = UnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=op.updateDocMode)
>+ 
>+             if op.password:
>+                 inputprops += UnoProps(Password=op.password)
>+@@ -983,6 +998,7 @@ class Convertor:
>+ #            except AttributeError:
>+ #                pass
>+ 
>++<<<<<<< HEAD
>+             ### Update document links
>+             phase = "update-links"
>+             try:
>+@@ -1000,6 +1016,27 @@ class Convertor:
>+             except AttributeError:
>+                 # the document doesn't implement the XLinkUpdate interface
>+                 pass
>++=======
>++            ### Update document links if appropriate
>++            if op.updateDocMode != NO_UPDATE:
>++                phase = "update-links"
>++                try:
>++                    document.updateLinks()
>++                    # Found that when converting HTML files with external images, OO would only load five or six of
>++                    # the images in the file. In the resulting document, the rest of the images did not appear. Cycling
>++                    # through all the image references in the document seems to force OO to actually load them. Found
>++                    # some helpful guidance in this thread:
>++                    # https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=23909
>++                    # Ideally we would like to have the option to embed the images into the document, but I have not been
>++                    # able to figure out how to do this yet.
>++                    if op.updatehtmllinks:
>++                        graphObjs = document.GraphicObjects
>++                        for i in range(0, graphObjs.getCount()):
>++                            graphObj = graphObjs.getByIndex(i)
>++                except AttributeError:
>++                    # the document doesn't implement the XLinkUpdate interface
>++                    pass
>++>>>>>>> acfac59... change default updateDocMode behavior and add new option to keep old behavior (#510)
>+ 
>+             ### Add/Replace variables
>+             phase = "replace-fields"
>+@@ -1347,7 +1384,7 @@ if __name__ == '__main__':
>+     ### Now that we have found a working pyuno library, let's import some classes
>+     from com.sun.star.beans import PropertyValue
>+     from com.sun.star.connection import NoConnectException
>+-    from com.sun.star.document.UpdateDocMode import QUIET_UPDATE
>++    from com.sun.star.document.UpdateDocMode import NO_UPDATE, QUIET_UPDATE
>+     from com.sun.star.lang import DisposedException, IllegalArgumentException
>+     from com.sun.star.io import IOException, XOutputStream
>+     from com.sun.star.script import CannotConvertException
>+-- 
>+2.23.0
>+
>diff --git a/textproc/unoconv/pkg-plist b/textproc/unoconv/pkg-plist
>index 121ebb9eb..804cbf2e5 100644
>--- a/textproc/unoconv/pkg-plist
>+++ b/textproc/unoconv/pkg-plist
>@@ -1,6 +1,5 @@
> bin/unoconv
> man/man1/unoconv.1.gz
>-share/pixmaps/unoconv.png
> %%DATADIR%%/tests/document-example.odt
> %%DATADIR%%/tests/spreadsheet-example.csv
> %%DATADIR%%/unoconv
>-- 
>2.23.0
>

Actions: View | Diff

Attachments on bug 241422: 208513 | 208514 | 208540