svn commit: r356650 - in branches/2014Q2/x11/kdelibs4: . files

Raphael Kubo da Costa rakuco at FreeBSD.org
Thu Jun 5 16:46:54 UTC 2014 

Author: rakuco
Date: Thu Jun  5 16:46:53 2014
New Revision: 356650
URL: http://svnweb.freebsd.org/changeset/ports/356650
QAT: https://qat.redports.org/buildarchive/r356650/

Log:
  MFH: r356550
  
  Add upstream patch to fix the build of the translation ports after r353989.
  
  The libxml2 fix for CVE-2014-0191 broke meinproc4, which resulted in the KDE
  translation ports failing to build.
  
  Approved by:	portmgr (miwi)

Added:
  branches/2014Q2/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
     - copied unchanged from r356550, head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
Modified:
  branches/2014Q2/x11/kdelibs4/Makefile
Directory Properties:
  branches/2014Q2/   (props changed)

Modified: branches/2014Q2/x11/kdelibs4/Makefile
==============================================================================
--- branches/2014Q2/x11/kdelibs4/Makefile	Thu Jun  5 16:44:31 2014	(r356649)
+++ branches/2014Q2/x11/kdelibs4/Makefile	Thu Jun  5 16:46:53 2014	(r356650)
@@ -3,6 +3,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE4_VERSION}
+PORTREVISION=	1
 CATEGORIES=	x11 kde
 MASTER_SITES=	KDE/${KDE4_BRANCH}/${PORTVERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}

Copied: branches/2014Q2/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a (from r356550, head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2014Q2/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a	Thu Jun  5 16:46:53 2014	(r356650, copy of r356550, head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a)
@@ -0,0 +1,44 @@
+commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a
+Author: Luigi Toscano <luigi.toscano at tiscali.it>
+Date:   Wed Jun 4 22:40:12 2014 +0200
+
+    Explicitly load external entities (after CVE-2014-0191)
+    
+    Use the more modern API function for XML loading and enable the
+    flags which load the external entities, so that meinproc4 can work
+    again after the security changes implemented for CVE-2014-0191.
+    Network loading is disabled too now.
+    
+    REVIEW: 118270
+    BUG: 335001
+    FIXED-IN: 4.13.2
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index e0f8faf..0467f22 100644
+--- kdoctools/meinproc.cpp
++++ kdoctools/meinproc.cpp
+@@ -207,8 +207,8 @@ int main(int argc, char **argv) {
+ 
+         if (style_sheet != NULL) {
+ 
+-            xmlDocPtr doc = xmlParseFile( QFile::encodeName( checkFilename ).constData() );
+-
++            xmlDocPtr doc = xmlReadFile( QFile::encodeName( checkFilename ).constData(),
++                                         NULL, XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET );
+             xmlDocPtr res = xsltApplyStylesheet(style_sheet, doc, &params[0]);
+ 
+             xmlFreeDoc(doc);
+diff --git a/kdoctools/xslt.cpp b/kdoctools/xslt.cpp
+index a7265ca..4d64de4 100644
+--- kdoctools/xslt.cpp
++++ kdoctools/xslt.cpp
+@@ -157,7 +157,8 @@ QString transform( const QString &pat, const QString& tss,
+ 
+     INFO(i18n("Parsing document"));
+ 
+-    xmlDocPtr doc = xmlParseFile(QFile::encodeName(pat));
++    xmlDocPtr doc = xmlReadFile(QFile::encodeName(pat), NULL,
++                                XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET);
+     xsltTransformContextPtr ctxt;
+ 
+     ctxt = xsltNewTransformContext(style_sheet, doc);

More information about the svn-ports-branches mailing list