svn commit: r356650 - in branches/2014Q2/x11/kdelibs4: . files
Raphael Kubo da Costa
rakuco at FreeBSD.org
Thu Jun 5 16:46:54 UTC 2014
Author: rakuco
Date: Thu Jun 5 16:46:53 2014
New Revision: 356650
URL: http://svnweb.freebsd.org/changeset/ports/356650
QAT: https://qat.redports.org/buildarchive/r356650/
Log:
MFH: r356550
Add upstream patch to fix the build of the translation ports after r353989.
The libxml2 fix for CVE-2014-0191 broke meinproc4, which resulted in the KDE
translation ports failing to build.
Approved by: portmgr (miwi)
Added:
branches/2014Q2/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
- copied unchanged from r356550, head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
Modified:
branches/2014Q2/x11/kdelibs4/Makefile
Directory Properties:
branches/2014Q2/ (props changed)
Modified: branches/2014Q2/x11/kdelibs4/Makefile
==============================================================================
--- branches/2014Q2/x11/kdelibs4/Makefile Thu Jun 5 16:44:31 2014 (r356649)
+++ branches/2014Q2/x11/kdelibs4/Makefile Thu Jun 5 16:46:53 2014 (r356650)
@@ -3,6 +3,7 @@
PORTNAME= kdelibs
PORTVERSION= ${KDE4_VERSION}
+PORTREVISION= 1
CATEGORIES= x11 kde
MASTER_SITES= KDE/${KDE4_BRANCH}/${PORTVERSION}/src
DIST_SUBDIR= KDE/${PORTVERSION}
Copied: branches/2014Q2/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a (from r356550, head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2014Q2/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a Thu Jun 5 16:46:53 2014 (r356650, copy of r356550, head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a)
@@ -0,0 +1,44 @@
+commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a
+Author: Luigi Toscano <luigi.toscano at tiscali.it>
+Date: Wed Jun 4 22:40:12 2014 +0200
+
+ Explicitly load external entities (after CVE-2014-0191)
+
+ Use the more modern API function for XML loading and enable the
+ flags which load the external entities, so that meinproc4 can work
+ again after the security changes implemented for CVE-2014-0191.
+ Network loading is disabled too now.
+
+ REVIEW: 118270
+ BUG: 335001
+ FIXED-IN: 4.13.2
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index e0f8faf..0467f22 100644
+--- kdoctools/meinproc.cpp
++++ kdoctools/meinproc.cpp
+@@ -207,8 +207,8 @@ int main(int argc, char **argv) {
+
+ if (style_sheet != NULL) {
+
+- xmlDocPtr doc = xmlParseFile( QFile::encodeName( checkFilename ).constData() );
+-
++ xmlDocPtr doc = xmlReadFile( QFile::encodeName( checkFilename ).constData(),
++ NULL, XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET );
+ xmlDocPtr res = xsltApplyStylesheet(style_sheet, doc, ¶ms[0]);
+
+ xmlFreeDoc(doc);
+diff --git a/kdoctools/xslt.cpp b/kdoctools/xslt.cpp
+index a7265ca..4d64de4 100644
+--- kdoctools/xslt.cpp
++++ kdoctools/xslt.cpp
+@@ -157,7 +157,8 @@ QString transform( const QString &pat, const QString& tss,
+
+ INFO(i18n("Parsing document"));
+
+- xmlDocPtr doc = xmlParseFile(QFile::encodeName(pat));
++ xmlDocPtr doc = xmlReadFile(QFile::encodeName(pat), NULL,
++ XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET);
+ xsltTransformContextPtr ctxt;
+
+ ctxt = xsltNewTransformContext(style_sheet, doc);
More information about the svn-ports-branches
mailing list