diff options
Diffstat (limited to 'community/okular')
| -rw-r--r-- | community/okular/APKBUILD | 29 | ||||
| -rw-r--r-- | community/okular/CVE-2020-9359.patch | 27 |
2 files changed, 41 insertions, 15 deletions
diff --git a/community/okular/APKBUILD b/community/okular/APKBUILD index 2f0d30055a..73bb1790d0 100644 --- a/community/okular/APKBUILD +++ b/community/okular/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Bart Ribbers <bribbers@disroot.org> # Maintainer: Bart Ribbers <bribbers@disroot.org> pkgname=okular -pkgver=19.12.2 -pkgrel=1 +pkgver=19.12.3 +pkgrel=0 arch="all !armhf" # armhf blocked by kirigami2 -> qt5-qtdeclarative url="https://kde.org/applications/office/org.kde.okular" pkgdesc="A universal document viewer" @@ -14,37 +14,35 @@ makedepends="extra-cmake-modules qt5-qtbase-dev qt5-qtspeech-dev karchive-dev kactivities-dev phonon-dev purpose-dev zlib-dev poppler-qt5-dev kirigami2-dev qca-dev kpty-dev" checkdepends="xvfb-run" -source="https://download.kde.org/stable/release-service/$pkgver/src/okular-$pkgver.tar.xz" +source="https://download.kde.org/stable/release-service/$pkgver/src/okular-$pkgver.tar.xz + CVE-2020-9359.patch + " subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-mobile" -prepare() { - default_prepare - - mkdir "$builddir"/build -} +# secfixes: +# 19.12.3: +# - CVE-2020-9359 build() { - cd "$builddir"/build - cmake "$builddir" \ + cmake -B build \ -DCMAKE_BUILD_TYPE=None \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=lib \ -DBUILD_OKULARKIRIGAMI=ON \ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ -DCMAKE_C_FLAGS="$CFLAGS -D_GNU_SOURCE" - make + make -C build } check() { - cd "$builddir"/build + cd build # All other tests are broken, require OpenGL, etc CTEST_OUTPUT_ON_FAILURE=TRUE xvfb-run ctest -R "^shelltest" } package() { - cd "$builddir"/build - DESTDIR="$pkgdir" make install + DESTDIR="$pkgdir" make -C build install } mobile() { @@ -59,4 +57,5 @@ mobile() { mv "$pkgdir"/usr/share/applications/org.kde.mobile.okular_plucker.desktop "$subpkgdir"/usr/share/applications/ } -sha512sums="acd9640c120d73a0b84054941a76d8eaa7434fc9a6d82e77edf5bd4827ab17334f4e4bedc521133d922afa7cd9ba9e08057534ac08281fd23f9bed7fff28f304 okular-19.12.2.tar.xz" +sha512sums="ccc3c357fefe04691bba7bc803321789c3a1fdad4cfc610e9c425b2373efd94340fa2ceb2e357569ad14f1c0c69ef0db8079d9bc082a6d5708ccbfb3b65d8b3d okular-19.12.3.tar.xz +2d8870f1aa63defcf2ecfd42c0dfb0d474af6885c2448566704795d7caa2e9c20e5ede284db58139ea5736d5d0074d23c023a89f359d09fd6051d1f03f561903 CVE-2020-9359.patch" diff --git a/community/okular/CVE-2020-9359.patch b/community/okular/CVE-2020-9359.patch new file mode 100644 index 0000000000..e7d7248762 --- /dev/null +++ b/community/okular/CVE-2020-9359.patch @@ -0,0 +1,27 @@ +From 6a93a033b4f9248b3cd4d04689b8391df754e244 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Tue, 10 Mar 2020 23:07:24 +0100 +Subject: [PATCH] Document::processAction: If the url points to a binary, don't + run it + +--- + core/document.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/core/document.cpp b/core/document.cpp +index 3215a1abc..0aa5b6980 100644 +--- a/core/document.cpp ++++ b/core/document.cpp +@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) + { + const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); + // KRun autodeletes +- new KRun( realUrl, d->m_widget ); ++ KRun *r = new KRun( realUrl, d->m_widget ); ++ r->setRunExecutables(false); + } + } + } break; +-- +2.24.1 + |