Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Jun 2014 21:55:09 +0000 (UTC)
From:      Raphael Kubo da Costa <rakuco@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r356550 - in head/x11/kdelibs4: . files
Message-ID:  <201406042155.s54Lt9jn038921@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rakuco
Date: Wed Jun  4 21:55:08 2014
New Revision: 356550
URL: http://svnweb.freebsd.org/changeset/ports/356550
QAT: https://qat.redports.org/buildarchive/r356550/

Log:
  Add upstream patch to fix the build of the translation ports after r353989.
  
  The libxml2 fix for CVE-2014-0191 broke meinproc4, which resulted in the KDE
  translation ports failing to build.
  
  MFH:		2014Q2

Added:
  head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a   (contents, props changed)
Modified:
  head/x11/kdelibs4/Makefile

Modified: head/x11/kdelibs4/Makefile
==============================================================================
--- head/x11/kdelibs4/Makefile	Wed Jun  4 21:51:13 2014	(r356549)
+++ head/x11/kdelibs4/Makefile	Wed Jun  4 21:55:08 2014	(r356550)
@@ -3,6 +3,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE4_VERSION}
+PORTREVISION=	1
 CATEGORIES=	x11 kde
 MASTER_SITES=	KDE/${KDE4_BRANCH}/${PORTVERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}

Added: head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a	Wed Jun  4 21:55:08 2014	(r356550)
@@ -0,0 +1,44 @@
+commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a
+Author: Luigi Toscano <luigi.toscano@tiscali.it>
+Date:   Wed Jun 4 22:40:12 2014 +0200
+
+    Explicitly load external entities (after CVE-2014-0191)
+    
+    Use the more modern API function for XML loading and enable the
+    flags which load the external entities, so that meinproc4 can work
+    again after the security changes implemented for CVE-2014-0191.
+    Network loading is disabled too now.
+    
+    REVIEW: 118270
+    BUG: 335001
+    FIXED-IN: 4.13.2
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index e0f8faf..0467f22 100644
+--- kdoctools/meinproc.cpp
++++ kdoctools/meinproc.cpp
+@@ -207,8 +207,8 @@ int main(int argc, char **argv) {
+ 
+         if (style_sheet != NULL) {
+ 
+-            xmlDocPtr doc = xmlParseFile( QFile::encodeName( checkFilename ).constData() );
+-
++            xmlDocPtr doc = xmlReadFile( QFile::encodeName( checkFilename ).constData(),
++                                         NULL, XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET );
+             xmlDocPtr res = xsltApplyStylesheet(style_sheet, doc, &params[0]);
+ 
+             xmlFreeDoc(doc);
+diff --git a/kdoctools/xslt.cpp b/kdoctools/xslt.cpp
+index a7265ca..4d64de4 100644
+--- kdoctools/xslt.cpp
++++ kdoctools/xslt.cpp
+@@ -157,7 +157,8 @@ QString transform( const QString &pat, const QString& tss,
+ 
+     INFO(i18n("Parsing document"));
+ 
+-    xmlDocPtr doc = xmlParseFile(QFile::encodeName(pat));
++    xmlDocPtr doc = xmlReadFile(QFile::encodeName(pat), NULL,
++                                XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET);
+     xsltTransformContextPtr ctxt;
+ 
+     ctxt = xsltNewTransformContext(style_sheet, doc);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406042155.s54Lt9jn038921>