diff options
| author | Max Rees <maxcrees@me.com> | 2020-03-19 22:23:52 -0500 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-03-19 22:23:52 -0500 |
| commit | d17942503235bc65e4152f1400579e9d7bc70831 (patch) | |
| tree | 91e6163978d64655686b628b61a55fea2a7e093d /user/okular | |
| parent | cebbcb3bb912c38634f4f064f68ab26dd75f0343 (diff) | |
| download | packages-d17942503235bc65e4152f1400579e9d7bc70831.tar.gz packages-d17942503235bc65e4152f1400579e9d7bc70831.tar.bz2 packages-d17942503235bc65e4152f1400579e9d7bc70831.tar.xz packages-d17942503235bc65e4152f1400579e9d7bc70831.zip | |
user/okular: patch CVE-2020-9359
Diffstat (limited to 'user/okular')
| -rw-r--r-- | user/okular/APKBUILD | 10 | ||||
| -rw-r--r-- | user/okular/CVE-2020-9359.patch | 27 |
2 files changed, 35 insertions, 2 deletions
diff --git a/user/okular/APKBUILD b/user/okular/APKBUILD index f77196bae..4e9567438 100644 --- a/user/okular/APKBUILD +++ b/user/okular/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=okular pkgver=19.12.3 -pkgrel=0 +pkgrel=1 pkgdesc="Universal document reader developed by KDE" url="https://okular.kde.org/" arch="all" @@ -18,8 +18,13 @@ makedepends="cmake extra-cmake-modules qt5-qtbase-dev qt5-qtsvg-dev kconfig-dev subpackages="$pkgname-doc $pkgname-lang" source="https://download.kde.org/stable/release-service/$pkgver/src/okular-$pkgver.tar.xz es-doc-fix.patch + CVE-2020-9359.patch " +# secfixes: +# 19.12.3-r1: +# - CVE-2020-9359 + build() { if [ "$CBUILD" != "$CHOST" ]; then CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux" @@ -45,4 +50,5 @@ package() { } sha512sums="ccc3c357fefe04691bba7bc803321789c3a1fdad4cfc610e9c425b2373efd94340fa2ceb2e357569ad14f1c0c69ef0db8079d9bc082a6d5708ccbfb3b65d8b3d okular-19.12.3.tar.xz -de32eabda7ee84c4d894b02c56c7d66d8e2332688c726ad95e1b61c1e730035081ff7721275c7b7a9884aabc268ee0115d9ab8e5f52ae8838e1c09c471c81932 es-doc-fix.patch" +de32eabda7ee84c4d894b02c56c7d66d8e2332688c726ad95e1b61c1e730035081ff7721275c7b7a9884aabc268ee0115d9ab8e5f52ae8838e1c09c471c81932 es-doc-fix.patch +02b27bd206006dbbafbe74e60665ad5159ef6ea32b8bf1526b9c655c046cb6de08630f28d64c9935e73d5707a30d0835f2ab8cd4521740e5236cefc3d3057d29 CVE-2020-9359.patch" diff --git a/user/okular/CVE-2020-9359.patch b/user/okular/CVE-2020-9359.patch new file mode 100644 index 000000000..34ff3e2ce --- /dev/null +++ b/user/okular/CVE-2020-9359.patch @@ -0,0 +1,27 @@ +From 6a93a033b4f9248b3cd4d04689b8391df754e244 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Tue, 10 Mar 2020 23:07:24 +0100 +Subject: [PATCH] Document::processAction: If the url points to a binary, don't + run it + +--- + core/document.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/core/document.cpp b/core/document.cpp +index 3215a1abc..0aa5b6980 100644 +--- a/core/document.cpp ++++ b/core/document.cpp +@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) + { + const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); + // KRun autodeletes +- new KRun( realUrl, d->m_widget ); ++ KRun *r = new KRun( realUrl, d->m_widget ); ++ r->setRunExecutables(false); + } + } + } break; +-- +2.25.2 + |