From 52b1f1cb9f8d4e1fb1fcbde59930a105a819b0b4 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Thu, 30 Jul 2020 19:45:19 +0200 Subject: Cleanup unused KDE patches Thanks to Patrick Volkerding for the effort. --- kde/patch/okular/cve-2020-9359.patch | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 kde/patch/okular/cve-2020-9359.patch (limited to 'kde/patch/okular/cve-2020-9359.patch') diff --git a/kde/patch/okular/cve-2020-9359.patch b/kde/patch/okular/cve-2020-9359.patch deleted file mode 100644 index d82c91c..0000000 --- a/kde/patch/okular/cve-2020-9359.patch +++ /dev/null @@ -1,32 +0,0 @@ -Okular: Local binary execution via action links -CVE: CVE-2020-9359 - -Okular can be tricked into executing local binaries via specially crafted -PDF files. -This binary execution can require almost no user interaction. -No parameters can be passed to those local binaries. -We have not been able to identify any binary that will cause actual damage, -be it in the hardware or software level, when run without parameters. - -We remain relatively confident that for this issue to do any actual damage, -it has to run a binary specially crafted. That binary must have been deployed -to the user system via another method, be it the user downloading it directly -as an email attachment, webpage download, etc. or by the system being -already compromised. - - -diff --git a/core/document.cpp b/core/document.cpp -index 3215a1abce6292a6cc25c5f8b645232c92d75ec5..0aa5b698019a2660f2d6baabd54cef1e82002b0e 100644 ---- a/core/document.cpp -+++ b/core/document.cpp -@@ -4388,7 +4388,8 @@ void Document::processAction( const Action * action ) - { - const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url); - // KRun autodeletes -- new KRun( realUrl, d->m_widget ); -+ KRun *r = new KRun( realUrl, d->m_widget ); -+ r->setRunExecutables(false); - } - } - } break; - -- cgit v1.2.3