From 40d077f55ddb4ff1a504ac72c7819c813a0970e9 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Sep 29 2020 07:04:39 +0000
Subject: import okular-4.10.5-9.el7


---

diff --git a/SOURCES/okular-if-url-points-to-binary-do-not-run-it.patch b/SOURCES/okular-if-url-points-to-binary-do-not-run-it.patch
new file mode 100644
index 0000000..d323822
--- /dev/null
+++ b/SOURCES/okular-if-url-points-to-binary-do-not-run-it.patch
@@ -0,0 +1,14 @@
+diff --git a/core/document.cpp b/core/document.cpp
+index bc0232a..b242b57 100644
+--- a/core/document.cpp
++++ b/core/document.cpp
+@@ -3457,7 +3457,8 @@ void Document::processAction( const Action * action )
+                 }
+ 
+                 // Albert: this is not a leak!
+-                new KRun( realUrl, widget() );
++                KRun *r = new KRun( realUrl, d->m_widget );
++                r->setRunExecutables(false);
+             }
+             } break;
+ 
diff --git a/SPECS/okular.spec b/SPECS/okular.spec
index ea04885..d78bd46 100644
--- a/SPECS/okular.spec
+++ b/SPECS/okular.spec
@@ -1,7 +1,7 @@
 Name:    okular
 Summary: A document viewer
 Version: 4.10.5
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 License: GPLv2
 URL:     https://projects.kde.org/projects/kde/kdegraphics/okular
@@ -31,6 +31,9 @@ Patch54: okular-add-information-about-substituting-font.patch
 # Bug 1626265 - CVE-2018-1000801 okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp
 Patch55: okular-fix-path-traversal-issue-when-extracting-okular-file.patch
 
+# CVE-2020-9359 okular: local binary execution via specially crafted PDF files
+Patch56: okular-if-url-points-to-binary-do-not-run-it.patch
+
 %if 0%{?fedora}
 BuildRequires: chmlib-devel
 BuildRequires: ebook-tools-devel
@@ -102,6 +105,7 @@ Summary: A kioslave for displaying WinHelp files
 %patch53 -p1 -b .cmake
 %patch54 -p1 -b .add-information-about-substituting-font
 %patch55 -p1 -b .fix-path-traversal-issue-when-extracting-okular-file
+%patch56 -p1 -b .if-url-points-to-binary-do-not-run-it
 
 %build
 mkdir -p %{_target_platform}
@@ -184,6 +188,10 @@ fi
 
 
 %changelog
+* Tue May 19 2020 Jan Grulich <jgrulich@redhat.com> - 4.10.5-9
+- Document::processAction: If the url points to a binary, don't run it
+  Resolves: bz#1821451
+
 * Wed Oct 23 2019 Jan Grulich <jgrulich@redhat.com> - 4.10.5-8
 - Fix path traversal issue when extracting an .okular file
   Resolves: bz#1634726