okular: fix https://nvd.nist.gov/vuln/detail/CVE-2020-9359

print/okular/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.93 2020/03/10 22:10:52 wiz Exp $
+# $NetBSD: Makefile,v 1.94 2020/03/29 20:43:52 markd Exp $
 
 DISTNAME=	okular-${KAPPSVER}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	print
 
 HOMEPAGE=	https://kde.org/applications/graphics/okular/

print/okular/distinfo

@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.15 2020/02/02 03:02:05 markd Exp $
+$NetBSD: distinfo,v 1.16 2020/03/29 20:43:52 markd Exp $
 
 SHA1 (okular-19.12.1.tar.xz) = 915f2886079aa5adac5b3505fc8e10589d0b7e18
 RMD160 (okular-19.12.1.tar.xz) = 24fc29a4a1f0ea795dc8923b5b5b63e1d59d930b
 SHA512 (okular-19.12.1.tar.xz) = 6da6f870cd7e3060ca108c630e082fe20e7ecb702ffe7da2892450ca8401d25cd135d1039e883303000ad46b1d98c9bd6707c5eae54e03a225fcdf3f706465ec
 Size (okular-19.12.1.tar.xz) = 7203952 bytes
+SHA1 (patch-core_document.cpp) = f2849a3e73a141eed38f110fb5edb0bdcc1db7a1

print/okular/patches/patch-core_document.cpp

@@ -0,0 +1,17 @@
+$NetBSD: patch-core_document.cpp,v 1.1 2020/03/29 20:43:53 markd Exp $
+
+https://nvd.nist.gov/vuln/detail/CVE-2020-9359
+https://kde.org/info/security/advisory-20200312-1.txt
+
+--- core/document.cpp.orig	2020-01-06 13:55:05.000000000 +0000
++++ core/document.cpp
+@@ -4352,7 +4352,8 @@ void Document::processAction( const Acti
+                 {
+                     const QUrl realUrl = KIO::upUrl(d->m_url).resolved(url);
+                     // KRun autodeletes
+-                    new KRun( realUrl, d->m_widget );
++                    KRun *r = new KRun( realUrl, d->m_widget );
++		    r->setRunExecutables(false);
+                 }
+             }
+             } break;