[pkgsrc/trunk]: pkgsrc/print/okular okular: fix https://nvd.nist.gov/vuln/det...

[markd <markd%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bb411f6c1105
branches:  trunk
changeset: 414518:bb411f6c1105
user:      markd <markd%pkgsrc.org@localhost>
date:      Sun Mar 29 20:43:52 2020 +0000

description:
okular: fix https://nvd.nist.gov/vuln/detail/CVE-2020-9359

diffstat:

 print/okular/Makefile                        |   4 ++--
 print/okular/distinfo                        |   3 ++-
 print/okular/patches/patch-core_document.cpp |  17 +++++++++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diffs (46 lines):

diff -r 89a723303a1a -r bb411f6c1105 print/okular/Makefile
--- a/print/okular/Makefile     Sun Mar 29 18:30:06 2020 +0000
+++ b/print/okular/Makefile     Sun Mar 29 20:43:52 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.93 2020/03/10 22:10:52 wiz Exp $
+# $NetBSD: Makefile,v 1.94 2020/03/29 20:43:52 markd Exp $
 
 DISTNAME=      okular-${KAPPSVER}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    print
 
 HOMEPAGE=      https://kde.org/applications/graphics/okular/
diff -r 89a723303a1a -r bb411f6c1105 print/okular/distinfo
--- a/print/okular/distinfo     Sun Mar 29 18:30:06 2020 +0000
+++ b/print/okular/distinfo     Sun Mar 29 20:43:52 2020 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.15 2020/02/02 03:02:05 markd Exp $
+$NetBSD: distinfo,v 1.16 2020/03/29 20:43:52 markd Exp $
 
 SHA1 (okular-19.12.1.tar.xz) = 915f2886079aa5adac5b3505fc8e10589d0b7e18
 RMD160 (okular-19.12.1.tar.xz) = 24fc29a4a1f0ea795dc8923b5b5b63e1d59d930b
 SHA512 (okular-19.12.1.tar.xz) = 6da6f870cd7e3060ca108c630e082fe20e7ecb702ffe7da2892450ca8401d25cd135d1039e883303000ad46b1d98c9bd6707c5eae54e03a225fcdf3f706465ec
 Size (okular-19.12.1.tar.xz) = 7203952 bytes
+SHA1 (patch-core_document.cpp) = f2849a3e73a141eed38f110fb5edb0bdcc1db7a1
diff -r 89a723303a1a -r bb411f6c1105 print/okular/patches/patch-core_document.cpp
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/okular/patches/patch-core_document.cpp      Sun Mar 29 20:43:52 2020 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-core_document.cpp,v 1.1 2020/03/29 20:43:53 markd Exp $
+
+https://nvd.nist.gov/vuln/detail/CVE-2020-9359
+https://kde.org/info/security/advisory-20200312-1.txt
+
+--- core/document.cpp.orig     2020-01-06 13:55:05.000000000 +0000
++++ core/document.cpp
+@@ -4352,7 +4352,8 @@ void Document::processAction( const Acti
+                 {
+                     const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url);
+                     // KRun autodeletes
+-                    new KRun( realUrl, d->m_widget );
++                    KRun *r = new KRun( realUrl, d->m_widget );
++                  r->setRunExecutables(false);
+                 }
+             }
+             } break;