From 3fe95f9aab3b616d94150bc6dbcd15a88a739f8f Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens04@gmail.com>
Date: Tue, 29 Oct 2019 00:52:47 +0000
Subject: [PATCH] unoconv: add CVE-2019-17400 patch

---
 ...pdateDocMode-behavior-and-add-new-op.patch | 117 ++++++++++++++++++
 srcpkgs/unoconv/template                      |   2 +-
 2 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/unoconv/patches/0001-change-default-updateDocMode-behavior-and-add-new-op.patch

diff --git a/srcpkgs/unoconv/patches/0001-change-default-updateDocMode-behavior-and-add-new-op.patch b/srcpkgs/unoconv/patches/0001-change-default-updateDocMode-behavior-and-add-new-op.patch
new file mode 100644
index 00000000000..d10cba7b96f
--- /dev/null
+++ b/srcpkgs/unoconv/patches/0001-change-default-updateDocMode-behavior-and-add-new-op.patch
@@ -0,0 +1,117 @@
+From 3351c5e5eef88690ed860bfee99d905202518a22 Mon Sep 17 00:00:00 2001
+From: Samuel Erb <samrerb@erbbysam.com>
+Date: Tue, 17 Sep 2019 12:22:12 -0400
+Subject: [PATCH] change default updateDocMode behavior and add new option to
+ keep old behavior (#510)
+
+---
+ unoconv | 51 ++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/unoconv b/unoconv
+index f844d0f..762dc85 100755
+--- unoconv
++++ unoconv
+@@ -543,6 +543,8 @@ class Options:
+         self.template = None
+         self.timeout = 6
+         self.verbose = 0
++        self.userProfile = None
++        self.updateDocMode = NO_UPDATE
+ 
+         self.setprinter = False
+         self.paperformat = None
+@@ -555,8 +557,8 @@ class Options:
+                 ['connection=', 'debug', 'doctype=', 'export=', 'field=', 'format=',
+                  'help', 'import=', 'import-filter-name=', 'listener', 'meta=', 'no-launch',
+                  'output=', 'outputpath', 'password=', 'pipe=', 'port=', 'preserve',
+-                 'server=', 'timeout=', 'show', 'stdin', 'stdout', 'template', 'printer=',
+-                 'verbose', 'version'] )
++                 'server=', 'timeout=', 'user-profile=', 'show', 'stdin',
++                 'stdout', 'template', 'printer=', 'unsafe-quiet-update', 'verbose', 'version'] )
+         except getopt.error as exc:
+             print('unoconv: %s, try unoconv -h for a list of all the options' % str(exc))
+             sys.exit(255)
+@@ -646,6 +648,10 @@ class Options:
+                 self.template = arg
+             elif opt in ['-T', '--timeout']:
+                 self.timeout = int(arg)
++            elif opt in ['--unsafe-quiet-update']:
++                # ref https://www.openoffice.org/api/docs/common/ref/com/sun/star/document/UpdateDocMode.html
++                print('Warning: Do not use the option --unsafe-quiet-update with untrusted input.')
++                self.updateDocMode = QUIET_UPDATE
+             elif opt in ['-v', '--verbose']:
+                 self.verbose = self.verbose + 1
+             elif opt in ['-V', '--version']:
+@@ -760,6 +766,7 @@ unoconv options:
+       --stdout                        write output to stdout
+   -t, --template=file                 import the styles from template (.ott)
+   -T, --timeout=secs                  timeout after secs if connection to listener fails
++      --unsafe-quiet-update           allow rendered document to fetch external resources (Warning: this is unsafe with untrusted input)
+   -v, --verbose                       be more and more verbose (-vvv for debugging)
+       --version                       display version number of unoconv, OOo/LO and platform details
+   -P, --printer                       printer options
+@@ -930,7 +937,7 @@ class Convertor:
+             phase = "import"
+ 
+             ### Load inputfile
+-            inputprops = UnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=QUIET_UPDATE)
++            inputprops = UnoProps(Hidden=True, ReadOnly=True, UpdateDocMode=op.updateDocMode)
+ 
+             if op.password:
+                 inputprops += UnoProps(Password=op.password)
+@@ -983,23 +990,25 @@ class Convertor:
+ #            except AttributeError:
+ #                pass
+ 
+-            ### Update document links
+-            phase = "update-links"
+-            try:
+-                document.updateLinks()
+-                # Found that when converting HTML files with external images, OO would only load five or six of
+-                # the images in the file. In the resulting document, the rest of the images did not appear. Cycling
+-                # through all the image references in the document seems to force OO to actually load them. Found
+-                # some helpful guidance in this thread:
+-                # https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=23909
+-                # Ideally we would like to have the option to embed the images into the document, but I have not been
+-                # able to figure out how to do this yet.
+-                graphObjs = document.GraphicObjects
+-                for i in range(0, graphObjs.getCount()):
+-                    graphObj = graphObjs.getByIndex(i)
+-            except AttributeError:
+-                # the document doesn't implement the XLinkUpdate interface
+-                pass
++            ### Update document links if appropriate
++            if op.updateDocMode != NO_UPDATE:
++                phase = "update-links"
++                try:
++                    document.updateLinks()
++                    # Found that when converting HTML files with external images, OO would only load five or six of
++                    # the images in the file. In the resulting document, the rest of the images did not appear. Cycling
++                    # through all the image references in the document seems to force OO to actually load them. Found
++                    # some helpful guidance in this thread:
++                    # https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=23909
++                    # Ideally we would like to have the option to embed the images into the document, but I have not been
++                    # able to figure out how to do this yet.
++                    if op.updatehtmllinks:
++                        graphObjs = document.GraphicObjects
++                        for i in range(0, graphObjs.getCount()):
++                            graphObj = graphObjs.getByIndex(i)
++                except AttributeError:
++                    # the document doesn't implement the XLinkUpdate interface
++                    pass
+ 
+             ### Add/Replace variables
+             phase = "replace-fields"
+@@ -1347,7 +1356,7 @@ if __name__ == '__main__':
+     ### Now that we have found a working pyuno library, let's import some classes
+     from com.sun.star.beans import PropertyValue
+     from com.sun.star.connection import NoConnectException
+-    from com.sun.star.document.UpdateDocMode import QUIET_UPDATE
++    from com.sun.star.document.UpdateDocMode import NO_UPDATE, QUIET_UPDATE
+     from com.sun.star.lang import DisposedException, IllegalArgumentException
+     from com.sun.star.io import IOException, XOutputStream
+     from com.sun.star.script import CannotConvertException
+-- 
+2.23.0
+
diff --git a/srcpkgs/unoconv/template b/srcpkgs/unoconv/template
index b1bc08c4275..a7e368e48f6 100644
--- a/srcpkgs/unoconv/template
+++ b/srcpkgs/unoconv/template
@@ -1,7 +1,7 @@
 # Template file for 'unoconv'
 pkgname=unoconv
 version=0.8.2
-revision=1
+revision=2
 archs=noarch
 build_style=gnu-makefile
 hostmakedepends="asciidoc git"