From d17942503235bc65e4152f1400579e9d7bc70831 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Thu, 19 Mar 2020 22:23:52 -0500
Subject: user/okular: patch CVE-2020-9359

---
 user/okular/APKBUILD            | 10 ++++++++--
 user/okular/CVE-2020-9359.patch | 27 +++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 user/okular/CVE-2020-9359.patch

diff --git a/user/okular/APKBUILD b/user/okular/APKBUILD
index f77196bae..4e9567438 100644
--- a/user/okular/APKBUILD
+++ b/user/okular/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=okular
 pkgver=19.12.3
-pkgrel=0
+pkgrel=1
 pkgdesc="Universal document reader developed by KDE"
 url="https://okular.kde.org/"
 arch="all"
@@ -18,8 +18,13 @@ makedepends="cmake extra-cmake-modules qt5-qtbase-dev qt5-qtsvg-dev kconfig-dev
 subpackages="$pkgname-doc $pkgname-lang"
 source="https://download.kde.org/stable/release-service/$pkgver/src/okular-$pkgver.tar.xz
 	es-doc-fix.patch
+	CVE-2020-9359.patch
 	"
 
+# secfixes:
+#   19.12.3-r1:
+#     - CVE-2020-9359
+
 build() {
 	if [ "$CBUILD" != "$CHOST" ]; then
 		CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux"
@@ -45,4 +50,5 @@ package() {
 }
 
 sha512sums="ccc3c357fefe04691bba7bc803321789c3a1fdad4cfc610e9c425b2373efd94340fa2ceb2e357569ad14f1c0c69ef0db8079d9bc082a6d5708ccbfb3b65d8b3d  okular-19.12.3.tar.xz
-de32eabda7ee84c4d894b02c56c7d66d8e2332688c726ad95e1b61c1e730035081ff7721275c7b7a9884aabc268ee0115d9ab8e5f52ae8838e1c09c471c81932  es-doc-fix.patch"
+de32eabda7ee84c4d894b02c56c7d66d8e2332688c726ad95e1b61c1e730035081ff7721275c7b7a9884aabc268ee0115d9ab8e5f52ae8838e1c09c471c81932  es-doc-fix.patch
+02b27bd206006dbbafbe74e60665ad5159ef6ea32b8bf1526b9c655c046cb6de08630f28d64c9935e73d5707a30d0835f2ab8cd4521740e5236cefc3d3057d29  CVE-2020-9359.patch"
diff --git a/user/okular/CVE-2020-9359.patch b/user/okular/CVE-2020-9359.patch
new file mode 100644
index 000000000..34ff3e2ce
--- /dev/null
+++ b/user/okular/CVE-2020-9359.patch
@@ -0,0 +1,27 @@
+From 6a93a033b4f9248b3cd4d04689b8391df754e244 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 10 Mar 2020 23:07:24 +0100
+Subject: [PATCH] Document::processAction: If the url points to a binary, don't
+ run it
+
+---
+ core/document.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/core/document.cpp b/core/document.cpp
+index 3215a1abc..0aa5b6980 100644
+--- a/core/document.cpp
++++ b/core/document.cpp
+@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action )
+                 {
+                     const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url);
+                     // KRun autodeletes
+-                    new KRun( realUrl, d->m_widget );
++                    KRun *r = new KRun( realUrl, d->m_widget );
++                    r->setRunExecutables(false);
+                 }
+             }
+             } break;
+-- 
+2.25.2
+
-- 
cgit v1.2.3-60-g2f50