From 4ddf3ff7b65e8270d2f960d5fd1c84194761d895 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 13 Mar 2020 15:58:08 +0100 Subject: [PATCH] okular: add patch for CVE-2020-9359 https://mail.kde.org/pipermail/kde-announce/2020-March/000089.html --- srcpkgs/okular/patches/CVE-2020-9359.patch | 27 ++++++++++++++++++++++ srcpkgs/okular/template | 2 +- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/okular/patches/CVE-2020-9359.patch diff --git a/srcpkgs/okular/patches/CVE-2020-9359.patch b/srcpkgs/okular/patches/CVE-2020-9359.patch new file mode 100644 index 00000000000..37ee60ac17b --- /dev/null +++ b/srcpkgs/okular/patches/CVE-2020-9359.patch @@ -0,0 +1,27 @@ +From 6a93a033b4f9248b3cd4d04689b8391df754e244 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 10 Mar 2020 23:07:24 +0100 +Subject: [PATCH] Document::processAction: If the url points to a binary, don't + run it + +--- + core/document.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git core/document.cpp core/document.cpp +index 3215a1abc..0aa5b6980 100644 +--- core/document.cpp ++++ core/document.cpp +@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) + { + const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); + // KRun autodeletes +- new KRun( realUrl, d->m_widget ); ++ KRun *r = new KRun( realUrl, d->m_widget ); ++ r->setRunExecutables(false); + } + } + } break; +-- +2.24.1 + diff --git a/srcpkgs/okular/template b/srcpkgs/okular/template index ee9e21a174f..919fc8d1e4d 100644 --- a/srcpkgs/okular/template +++ b/srcpkgs/okular/template @@ -1,7 +1,7 @@ # Template file for 'okular' pkgname=okular version=19.12.3 -revision=1 +revision=2 build_style=cmake hostmakedepends="extra-cmake-modules pkg-config gettext kcoreaddons" makedepends="discount-devel djvulibre-devel ebook-tools-devel khtml-devel