Apply upstream patches for CVE-2013-4549.

Package-Manager: portage-2.2.7/cvs/Linux x86_64 Manifest-Sign-Key: 0x17A85C72
author: Davide Pesavento <pesa@gentoo.org> 2013-12-28 01:25:53 +0000
committer: Davide Pesavento <pesa@gentoo.org> 2013-12-28 01:25:53 +0000
commit: a7e294706f49f10f5a6992b892094625a9a96889 (patch)
tree: 3e5e45d3750e14009940f7d168b49a8621ef01f9 /dev-qt
parent: Bug #491364: Fix complie with newer boost. (diff)
download: historical-a7e294706f49f10f5a6992b892094625a9a96889.tar.gz
historical-a7e294706f49f10f5a6992b892094625a9a96889.tar.bz2
historical-a7e294706f49f10f5a6992b892094625a9a96889.zip
5 files changed, 438 insertions, 5 deletions
diff --git a/dev-qt/qtcore/ChangeLog b/dev-qt/qtcore/ChangeLog
index 93907845aa0b..7036663dd44e 100644
--- a/dev-qt/qtcore/ChangeLog
+++ b/dev-qt/qtcore/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-qt/qtcore
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/ChangeLog,v 1.31 2013/11/11 13:56:14 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/ChangeLog,v 1.32 2013/12/28 01:25:52 pesa Exp $
+
+*qtcore-4.8.5-r1 (28 Dec 2013)
+
+  28 Dec 2013; Davide Pesavento <pesa@gentoo.org>
+  +files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch,
+  +files/CVE-2013-4549-02-fully-expand-entities.patch, +qtcore-4.8.5-r1.ebuild:
+  Apply upstream patches for CVE-2013-4549.
 
   11 Nov 2013; Jeroen Roovers <jer@gentoo.org> qtcore-4.8.5.ebuild:
   Stable for HPPA (bug #488536).
diff --git a/dev-qt/qtcore/Manifest b/dev-qt/qtcore/Manifest
index 0dd77a1865e4..cbf2459db7e2 100644
--- a/dev-qt/qtcore/Manifest
+++ b/dev-qt/qtcore/Manifest
@@ -2,6 +2,8 @@
 Hash: SHA256
 
 AUX CVE-2013-0254.patch 2694 SHA256 708714e387b607e4c28182420af42f9169c632c909feef6224190053da0c869f SHA512 227ed44a8e90eb63402cd6658bff1244e3684c4f9757aa9c3cf53e60127f6324a978d82f2de25e6a718b88392d51641e9b8010d313a25a0154f871c0dcc94182 WHIRLPOOL 472b5ca7da456ae9e6c62072be6f6c1fb71c13450d8108745a7f14d5f7511e299377a7cd88f6bf5e03b906259a0a6961115e7012e998878ba306d8a67b4fc935
+AUX CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch 4531 SHA256 fd6e59635ea7bc86fdc36333ecd77609ae5cdc52c3a388c3b0088887d9a21b72 SHA512 b81810d62e8652f91b787285e8208b42d723e89aef248aeca24f02cd84b4a098c82571ece7c8af9c25c0535bde61ee376b6c24992f55fbaef2dd77f54f14ef1a WHIRLPOOL f7e6d005c157314eba3501bb9fdcecdb1f0b317880d659ac42e9b17a79ba98892c6ad9b49651a81d2a8c5c77d9e6ab9b7953422435543b1e38f1eeef0865dbd3
+AUX CVE-2013-4549-02-fully-expand-entities.patch 6117 SHA256 848dbcd78c2ae0a3f6acca07b48067c453f721adfbe4dcdc90ca8267eedbc065 SHA512 1564fc1e299704c7f51015fdf3213e3c85460d2950821f53f94bbf98c80275e845aa8804250081df9db8172ca26fde11070e21ce18b8ee17961689ceb96daac9 WHIRLPOOL ccf1494fd0b243aed5149d6f1ebaadb5bfefff4698a95fae6d006247a9daee493e8e4c567a2bc930efc7b22c27761207afd1c8fe8f104c5a3fed491a669d14e8
 AUX blacklist-mis-issued-Turktrust-certs.patch 5939 SHA256 abf2632243cd5b82dfcb2f297908c37ee79e42240a5539eb4738713470658bc8 SHA512 5f4d5be5389b3b2423a33cb09ace4514b53fb96ad0d95e2d02dca7673a9a37b879f739e0988b4bd5e90976ca83ad802ce8179da7433e6ffc3f519a151b8aeec3 WHIRLPOOL ab4a4d61654aa159e82f66d6600a932296f5ee5c0778009dd69f899866a4f1bf3d7b6cb858092f75cd00582fcf357e963e4c7cf0a363ba9bab1cb2455b4fd9c5
 AUX fix-call-to-QMetaObject-metaCall-from-updateProperty.patch 1570 SHA256 bca22cbb85b852101ba90bb03a96922f35f8bc158e5781d62dcedea6481d832b SHA512 119c44be4cc2195dd593b5a4c3986b267a12a3e415c057f36ff953c980eaff9df68171440782d5e81803961df062fe25506bef8e564b220caf10ccfb462b6839 WHIRLPOOL 0a1931d941a8bfd62835864b4042019a5d96b44f4da04f911a9f721e30a0304d0aa24ce8205edbe222e0c6b37fb544fcb1c451ad8d6402d70554d1ee04e3fd1a
 AUX moc-boost-lexical-cast.patch 584 SHA256 dadd3eab516ee26f1c19f17dbcb7be46e7c9efba49924fa1d53cc0176491736a SHA512 ed2cc3d36ac8576cee42d1586b99913ce060a47e72c82890e7b5fe4fc500e857693f2348f4446ce7dfbd1bbdf6e51b99b57f2fc09d6c15f9075f10c4b5459fa6 WHIRLPOOL d4ee64605ad9dacd371519a9c08582c25ea891480c79795822cfe74e6bafb332d558dca5d024c6f369e3674fde5a89a15a7d79042093295ac9d0a0d516493583
@@ -13,13 +15,24 @@ DIST qt-everywhere-opensource-src-4.8.5.tar.gz 241491467 SHA256 eb728f8268831dc4
 DIST qtcore-4.8.4-update-defaultNumberingSystem.patch.gz 7719 SHA256 69e4be2ad4d08067a6bc8708a164822128a8fa8226d90a0be02e89ba537d90fb SHA512 a8d1501223ffbeeb9898afd5ce7fc4839a6155ae2612d796eed674a01bf8d53241d627a60a179bf93cf3e0d338de5468b1495c97843166245f295df559c52b12 WHIRLPOOL f8027c78f1691d1a50b30bcfe53c8750727a1d49dc45233ebeab5a1d7388a4291fe74a9b35bff5417b48fcfbdeadab3dc130fade17012c95ca751d73b2814b4f
 EBUILD qtcore-4.8.4-r4.ebuild 5218 SHA256 44f7a0a6c7bb22b838b7e5ff0ddd8da8bf70c891e914fa454d6f198751de9ded SHA512 af3015e641f8eeab5e48e949cffec9fa9b97691b3de20dd5bfc3c6a6d480d874da85168cb2f17a04a953cc275669aae0523fcc61f3c57a9b8bb1897e6dd277a3 WHIRLPOOL e3a8bea441ca667e0c6c100b1b3b37559d7fe47a628450586bdf102e0a0d507c09ed61210de86df378d55277731cd863406206af8306013abd5d5c54acd019ba
 EBUILD qtcore-4.8.4-r5.ebuild 5513 SHA256 f35bf696783b5c3c998343ce75de7139b1c35eb921dfd27981c633d8f36e9bd9 SHA512 f42faa5b31eaafbb843fae66573a4d95ea574f589acc8733240dfa7c89d0a833e7aa0fb77d0987355e26497e0ffc5fc9b5ea82511e881a57bf5b3093ea660b3c WHIRLPOOL 1ebbc32a2491743b92bb1e5dd130cce0cd6efe832be7fa6642c68b0fdafc4329fecd35c8ac0c0349d129890ff644a0d6bfdd4ab6e0f183940de5268d0b66b751
+EBUILD qtcore-4.8.5-r1.ebuild 5008 SHA256 73d3167f31cc8d6cffac98433cc20b26ceb236703ec42140b025fa54756749a8 SHA512 5be8cdf53b5fae9364f1f099ac9c808c6fc73e144cc2fabced876a925dffa7d68d57e70eb2e426bd54512e21463a9d6a0ad1cd4e3b699612d7e28ee9fc51a156 WHIRLPOOL a00d63fcd9942d279de3546afe6e82b635fe9213770e995b31a38d0e1e43f3d3b6a917548aaa34e052ae5524eb13eba19d2c0718a94d091e605c2985f3038388
 EBUILD qtcore-4.8.5.ebuild 4857 SHA256 bd91a8cef1b938a207d7c05cef07d60f7e4d2cdac9d25e08477f40c14abf7679 SHA512 db2eedbed92461951201297caec5136e58da21bd70ea585a887ce76c1c00e59dad4ab7a269f0d397ca17088a7fa8d7a49a3f7c841926e867decc584d47355b6e WHIRLPOOL 80864fa6f8f96610eacfc33f410c6acb792a57845c28f3bfcd43071675994752116e17d3e4db654a11d2376baad49c5df59daccd8bac1a4dc43405ca65230422
-MISC ChangeLog 32804 SHA256 996db3eb36cf1a99f0f485a4a4c38cc930fd67a89166645ec7dc2cdd4fdf8cd8 SHA512 970e761fb89df27a56c1abdb3e5b164867eebf8aac07c052bcb88d8b35dec3d00cbcb4740cbc48bf93a5a4ce760ab024cd152946af7a8df1c3368987f5da4642 WHIRLPOOL 6a053320c08881897cca6cf9a256f10fc682cdcb4db37fd7e0fc194f66f19b8f0711bf3cc4422bfc66b2b47fa09c8862493aafa11c0ecf7693a5927fc93b532f
+MISC ChangeLog 33088 SHA256 01398125b68cd16e097d8a45ba9148045be37c972bff4f52c1e9820188ec043c SHA512 106dcc3e3be46d7b6b5c83a4cf86fcfe2b5051efe4a8a804625c7422a850fb17d0e64a6d4955bfc374160d726c8c7e281a2dea811f6803ce5f9eb1dd3302ec69 WHIRLPOOL 99df4baaadf551c4163bf6226f9c8251d2ce0ac9e1f3fb5da683a9c6fd71d04b174a448dee90386a1a8384dc4f8ca3f04a66689925d6db8aac9869274f90cad5
 MISC metadata.xml 711 SHA256 999402a925dbe1f9d510372e9e03e5527e94e95e1cededaa01b2a8f7d89e2a61 SHA512 ac9f28c9efb0aeebb145c1cfc22d1a3c7ba25b141f5640249c914921138eb309c522392e750614a531bdedf0f4385738a840ea4591785d54cadeb2f1c74a4d5f WHIRLPOOL e2ac4864fcc8b665251fdce4203156f0bba2636d2a170a225c13005c656fce29f49e51dd6b8c6639fa48a11307522887ff26bc02603b676ec20aa826b2198824
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iEYEAREIAAYFAlKA4gAACgkQVWmRsqeSphP31QCbBNGU46vI4EI0uMFtojjzIgVS
-Ar8An04WFWOgx5K/QG/l6tm2cKyAGrHh
-=eg0u
+iQIcBAEBCAAGBQJSviihAAoJENXLsxwXqFxy2vIP+wdZ/wV5JwidVEz8RRTJS+9z
+nNsL8Awq1Z+OMy26Mueay0UMet9U14/pttW4kloo00rqPirepsV2h4i/kwM1h7hh
+fPJ6+wucTH+Er7Miq+qpPA1RoBN9vw4gnkHcFrtRkBOpMSjKx8i3VvfrMmKYrR67
+JdTwnFSuWVrF/NSNrD1RqgCbAkQLbrBsWlYfapem+B3PqgoJ+qT/bjok87lx7sTv
+GPLVpZv09si5e6RL+SERHCAi5/h/R5lFseR3Ff6bwvq1mKhNPlOh3jPi/eX3RCbK
+E3dLlp15DfLuIuULE8shP0AOA53x8VSwzEqxN/nGAASoV0BsfK7CNC3tWl+R25X/
+X6wWaLtBrlULw5zUPJoxwOYc/Ag9Yd1q0nJC37YO02fT0yoy6mTJqTESnKG5LTsB
+uSJdSfYZoumCmvCRTlzUZjm1lOiI4DW5zCA5+DOBWt2saUhFuU94MFji9N8kBdkW
+8sEWeCKzdhe24e/6NwkNGwuFtjKG7KP/alRLPjEG2GbqXbzOR4btxkAWin0QSIUd
+GM19tiIKOVISHKLZveGLQq5OcMXi87qhSI+fMsmKNCb9tJKMAmNizkU2ychva0KX
+DmsaQXlWREhgm90lhVR6AAqzHB9PiG5zdtG1NN8luOfsf6ucZ/vG5neLgRTgAwPy
+livGzBERyoBRVWmLV0cC
+=aa1J
 -----END PGP SIGNATURE-----
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch
new file mode 100644
index 000000000000..c472d4212ffa
--- /dev/null
+++ b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch
@@ -0,0 +1,114 @@
+From 512a1ce0698d370c313bb561bbf078935fa0342e Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis@digia.com>
+Date: Thu, 7 Nov 2013 09:36:29 +0100
+Subject: Disallow deep or widely nested entity references.
+
+Nested references with a depth of 2 or greater will fail. References
+that partially expand to greater than 1024 characters will also fail.
+
+This is a backport of 46a8885ae486e238a39efa5119c2714f328b08e4.
+
+Change-Id: I0c2e1fa13d6ccb5f88641dae2ed3f28bfdeaf609
+Reviewed-by: Richard J. Moore <rich@kde.org>
+Reviewed-by: Lars Knoll <lars.knoll@digia.com>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index a1777c5..3904632 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -424,6 +424,10 @@ private:
+     int     stringValueLen;
+     QString emptyStr;
+ 
++    // The limit to the amount of times the DTD parsing functions can be called
++    // for the DTD currently being parsed.
++    int dtdRecursionLimit;
++
+     const QString &string();
+     void stringClear();
+     void stringAddC(QChar);
+@@ -492,6 +496,7 @@ private:
+     void unexpectedEof(ParseFunction where, int state);
+     void parseFailed(ParseFunction where, int state);
+     void pushParseState(ParseFunction function, int state);
++    bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
+ 
+     Q_DECLARE_PUBLIC(QXmlSimpleReader)
+     QXmlSimpleReader *q_ptr;
+@@ -2759,6 +2764,7 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+     useNamespacePrefixes = false;
+     reportWhitespaceCharData = true;
+     reportEntities = false;
++    dtdRecursionLimit = 2;
+ }
+ 
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -5018,6 +5024,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype()
+                 }
+                 break;
+             case Mup:
++                if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) {
++                    reportParseError(QString::fromLatin1(
++                        "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit));
++                    return false;
++                }
+                 if (!parseMarkupdecl()) {
+                     parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state);
+                     return false;
+@@ -6627,6 +6638,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+     return false;
+ }
+ 
++bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++{
++    const QString value = string();
++    QMap<QString, int> referencedEntityCounts;
++    foreach (QString entityName, entities.keys()) {
++        for (int i = 0; i < value.size() && i != -1; ) {
++            i = value.indexOf(entityName, i);
++            if (i != -1) {
++                // The entityName we're currently trying to find
++                // was matched in this string; increase our count.
++                ++referencedEntityCounts[entityName];
++                i += entityName.size();
++            }
++        }
++    }
++
++    foreach (QString entityName, referencedEntityCounts.keys()) {
++        const int timesReferenced = referencedEntityCounts[entityName];
++        const QString entityValue = entities[entityName];
++        if (entityValue.size() * timesReferenced > 1024) {
++            if (errorMessage) {
++                *errorMessage = QString::fromLatin1("The XML entity \"%1\""
++                    "expands too a string that is too large to process when "
++                    "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++            }
++            return true;
++        }
++    }
++    return false;
++}
++
+ /*
+   Parse a EntityDecl [70].
+ 
+@@ -6721,6 +6763,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+         switch (state) {
+             case EValue:
+                 if ( !entityExist(name())) {
++                    QString errorMessage;
++                    if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
++                        // The entity at entityName is entityValue.size() characters
++                        // long in its unexpanded form, and was mentioned timesReferenced times,
++                        // resulting in a string that would be greater than 1024 characters.
++                        reportParseError(errorMessage);
++                        return false;
++                    }
++
+                     entities.insert(name(), string());
+                     if (declHnd) {
+                         if (!declHnd->internalEntityDecl(name(), string())) {
+-- 
+1.8.5.2
+
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch
new file mode 100644
index 000000000000..03ef64f22d86
--- /dev/null
+++ b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch
@@ -0,0 +1,124 @@
+From cecceb0cdd87482124a73ecf537f3445d68be13e Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis@digia.com>
+Date: Tue, 12 Nov 2013 13:44:56 +0100
+Subject: Fully expand entities to ensure deep or widely nested ones fail
+ parsing
+
+With 512a1ce0698d370c313bb561bbf078935fa0342e, we failed when parsing
+entities whose partially expanded size was greater than 1024
+characters. That was not enough, so now we fully expand all entities.
+
+This is a backport of f1053d94f59f053ce4acad9320df14f1fbe4faac.
+
+Change-Id: I41dd6f4525c63e82fd320a22d19248169627f7e0
+Reviewed-by: Richard J. Moore <rich@kde.org>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index 3904632..befa801 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -426,7 +426,9 @@ private:
+ 
+     // The limit to the amount of times the DTD parsing functions can be called
+     // for the DTD currently being parsed.
+-    int dtdRecursionLimit;
++    static const int dtdRecursionLimit = 2;
++    // The maximum amount of characters an entity value may contain, after expansion.
++    static const int entityCharacterLimit = 1024;
+ 
+     const QString &string();
+     void stringClear();
+@@ -496,7 +498,7 @@ private:
+     void unexpectedEof(ParseFunction where, int state);
+     void parseFailed(ParseFunction where, int state);
+     void pushParseState(ParseFunction function, int state);
+-    bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
++    bool isExpandedEntityValueTooLarge(QString *errorMessage);
+ 
+     Q_DECLARE_PUBLIC(QXmlSimpleReader)
+     QXmlSimpleReader *q_ptr;
+@@ -2764,7 +2766,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+     useNamespacePrefixes = false;
+     reportWhitespaceCharData = true;
+     reportEntities = false;
+-    dtdRecursionLimit = 2;
+ }
+ 
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -6638,30 +6639,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+     return false;
+ }
+ 
+-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage)
+ {
+-    const QString value = string();
+-    QMap<QString, int> referencedEntityCounts;
+-    foreach (QString entityName, entities.keys()) {
+-        for (int i = 0; i < value.size() && i != -1; ) {
+-            i = value.indexOf(entityName, i);
+-            if (i != -1) {
+-                // The entityName we're currently trying to find
+-                // was matched in this string; increase our count.
+-                ++referencedEntityCounts[entityName];
+-                i += entityName.size();
++    QMap<QString, int> literalEntitySizes;
++    // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times.
++    QMap<QString, QMap<QString, int> > referencesToOtherEntities;
++    QMap<QString, int> expandedSizes;
++
++    // For every entity, check how many times all entity names were referenced in its value.
++    foreach (QString toSearch, entities.keys()) {
++        // The amount of characters that weren't entity names, but literals, like 'X'.
++        QString leftOvers = entities.value(toSearch);
++        // How many times was entityName referenced by toSearch?
++        foreach (QString entityName, entities.keys()) {
++            for (int i = 0; i < leftOvers.size() && i != -1; ) {
++                i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i);
++                if (i != -1) {
++                    leftOvers.remove(i, entityName.size() + 2);
++                    // The entityName we're currently trying to find was matched in this string; increase our count.
++                    ++referencesToOtherEntities[toSearch][entityName];
++                }
+             }
+         }
++        literalEntitySizes[toSearch] = leftOvers.size();
+     }
+ 
+-    foreach (QString entityName, referencedEntityCounts.keys()) {
+-        const int timesReferenced = referencedEntityCounts[entityName];
+-        const QString entityValue = entities[entityName];
+-        if (entityValue.size() * timesReferenced > 1024) {
++    foreach (QString entity, referencesToOtherEntities.keys()) {
++        expandedSizes[entity] = literalEntitySizes[entity];
++        foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) {
++            const int references = referencesToOtherEntities.value(entity).value(referenceTo);
++            // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size.
++            expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references;
++        }
++
++        if (expandedSizes[entity] > entityCharacterLimit) {
+             if (errorMessage) {
+-                *errorMessage = QString::fromLatin1("The XML entity \"%1\""
+-                    "expands too a string that is too large to process when "
+-                    "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++                *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
++                *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
+             }
+             return true;
+         }
+@@ -6764,10 +6778,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+             case EValue:
+                 if ( !entityExist(name())) {
+                     QString errorMessage;
+-                    if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
+-                        // The entity at entityName is entityValue.size() characters
+-                        // long in its unexpanded form, and was mentioned timesReferenced times,
+-                        // resulting in a string that would be greater than 1024 characters.
++                    if (isExpandedEntityValueTooLarge(&errorMessage)) {
+                         reportParseError(errorMessage);
+                         return false;
+                     }
+-- 
+1.8.5.2
+
diff --git a/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild b/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild
new file mode 100644
index 000000000000..34451de6ec93
--- /dev/null
+++ b/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild
@@ -0,0 +1,175 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild,v 1.1 2013/12/28 01:25:52 pesa Exp $
+
+EAPI=5
+
+inherit qt4-build
+
+DESCRIPTION="Cross-platform application development framework"
+SLOT="4"
+if [[ ${QT4_BUILD_TYPE} == live ]]; then
+	KEYWORDS=""
+else
+	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+fi
+IUSE="+glib iconv icu qt3support ssl"
+
+DEPEND="
+	sys-libs/zlib
+	glib? ( dev-libs/glib:2 )
+	icu? ( >=dev-libs/icu-49:= )
+	ssl? ( dev-libs/openssl )
+	!<x11-libs/cairo-1.10.2-r2
+"
+RDEPEND="${DEPEND}"
+PDEPEND="
+	qt3support? ( ~dev-qt/qtgui-${PV}[aqua=,debug=,glib=,qt3support] )
+"
+
+PATCHES=(
+	"${FILESDIR}/moc-boost-lexical-cast.patch"
+	"${FILESDIR}/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch"
+	"${FILESDIR}/CVE-2013-4549-02-fully-expand-entities.patch"
+)
+
+pkg_setup() {
+	QT4_TARGET_DIRECTORIES="
+		src/tools/bootstrap
+		src/tools/moc
+		src/tools/rcc
+		src/tools/uic
+		src/corelib
+		src/xml
+		src/network
+		src/plugins/codecs
+		tools/linguist/lconvert
+		tools/linguist/lrelease
+		tools/linguist/lupdate"
+
+	QT4_EXTRACT_DIRECTORIES="${QT4_TARGET_DIRECTORIES}
+		include
+		src/plugins/plugins.pro
+		src/plugins/qpluginbase.pri
+		src/src.pro
+		src/3rdparty/des
+		src/3rdparty/harfbuzz
+		src/3rdparty/md4
+		src/3rdparty/md5
+		src/3rdparty/sha1
+		src/3rdparty/easing
+		src/3rdparty/zlib_dependency.pri
+		src/declarative
+		src/gui
+		src/script
+		tools/shared
+		tools/linguist/shared
+		translations"
+
+	qt4-build_pkg_setup
+}
+
+src_prepare() {
+	# Don't pre-strip, bug 235026
+	for i in kr jp cn tw; do
+		echo "CONFIG+=nostrip" >> "${S}"/src/plugins/codecs/${i}/${i}.pro
+	done
+
+	qt4-build_src_prepare
+
+	# bug 172219
+	sed -i -e "s:CXXFLAGS.*=:CXXFLAGS=${CXXFLAGS} :" \
+		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CXXFLAGS failed"
+	sed -i -e "s:LFLAGS.*=:LFLAGS=${LDFLAGS} :" \
+		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix LDFLAGS failed"
+
+	# bug 427782
+	sed -i -e "/^CPPFLAGS/s/-g//" \
+		"${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CPPFLAGS failed"
+	sed -i -e "s/setBootstrapVariable QMAKE_CFLAGS_RELEASE/QMakeVar set QMAKE_CFLAGS_RELEASE/" \
+		-e "s/setBootstrapVariable QMAKE_CXXFLAGS_RELEASE/QMakeVar set QMAKE_CXXFLAGS_RELEASE/" \
+		"${S}/configure" || die "sed configure setBootstrapVariable failed"
+}
+
+src_configure() {
+	myconf+="
+		-no-accessibility -no-xmlpatterns -no-multimedia -no-audio-backend -no-phonon
+		-no-phonon-backend -no-svg -no-webkit -no-script -no-scripttools -no-declarative
+		-system-zlib -no-gif -no-libtiff -no-libpng -no-libmng -no-libjpeg
+		-no-cups -no-dbus -no-gtkstyle -no-nas-sound -no-opengl -no-openvg
+		-no-sm -no-xshape -no-xvideo -no-xsync -no-xinerama -no-xcursor -no-xfixes
+		-no-xrandr -no-xrender -no-mitshm -no-fontconfig -no-freetype -no-xinput -no-xkb
+		$(qt_use glib)
+		$(qt_use iconv)
+		$(qt_use icu)
+		$(use ssl && echo -openssl-linked || echo -no-openssl)
+		$(qt_use qt3support)"
+
+	qt4-build_src_configure
+}
+
+src_install() {
+	dobin bin/{qmake,moc,rcc,uic,lconvert,lrelease,lupdate}
+
+	install_directories src/{corelib,xml,network,plugins/codecs}
+
+	emake INSTALL_ROOT="${D}" install_mkspecs
+
+	# install private headers
+	insinto "${QTHEADERDIR#${EPREFIX}}"/QtCore/private
+	find "${S}"/src/corelib -type f -name "*_p.h" -exec doins {} +
+
+	# use freshly built libraries
+	local DYLD_FPATH=
+	[[ -d "${S}"/lib/QtCore.framework ]] \
+		&& DYLD_FPATH=$(for x in "${S}"/lib/*.framework; do echo -n ":$x"; done)
+	DYLD_LIBRARY_PATH="${S}/lib${DYLD_FPATH}" \
+		LD_LIBRARY_PATH="${S}/lib" \
+		"${S}"/bin/lrelease translations/*.ts \
+		|| die "generating translations failed"
+	insinto "${QTTRANSDIR#${EPREFIX}}"
+	doins translations/*.qm
+
+	setqtenv
+	fix_library_files
+
+	# List all the multilib libdirs
+	local libdirs=
+	for libdir in $(get_all_libdirs); do
+		libdirs+=":${EPREFIX}/usr/${libdir}/qt4"
+	done
+
+	cat <<-EOF > "${T}"/44qt4
+	LDPATH="${libdirs:1}"
+	EOF
+	doenvd "${T}"/44qt4
+
+	dodir "${QTDATADIR#${EPREFIX}}"/mkspecs/gentoo
+	mv "${D}/${QTDATADIR}"/mkspecs/qconfig.pri "${D}${QTDATADIR}"/mkspecs/gentoo \
+		|| die "failed to move qconfig.pri"
+
+	# Framework hacking
+	if use aqua && [[ ${CHOST#*-darwin} -ge 9 ]]; then
+		# TODO: do this better
+		sed -i -e '2a#include <QtCore/Gentoo/gentoo-qconfig.h>\n' \
+				"${D}${QTLIBDIR}"/QtCore.framework/Headers/qconfig.h \
+			|| die "sed for qconfig.h failed."
+		dosym "${QTHEADERDIR#${EPREFIX}}"/Gentoo "${QTLIBDIR#${EPREFIX}}"/QtCore.framework/Headers/Gentoo
+	else
+		sed -i -e '2a#include <Gentoo/gentoo-qconfig.h>\n' \
+				"${D}${QTHEADERDIR}"/QtCore/qconfig.h \
+				"${D}${QTHEADERDIR}"/Qt/qconfig.h \
+			|| die "sed for qconfig.h failed"
+	fi
+
+	QCONFIG_DEFINE="QT_ZLIB"
+	install_qconfigs
+
+	# remove .la files
+	prune_libtool_files
+
+	keepdir "${QTSYSCONFDIR#${EPREFIX}}"
+
+	# Framework magic
+	fix_includes
+}
author	Davide Pesavento <pesa@gentoo.org>	2013-12-28 01:25:53 +0000
committer	Davide Pesavento <pesa@gentoo.org>	2013-12-28 01:25:53 +0000
commit	a7e294706f49f10f5a6992b892094625a9a96889 (patch)
tree	3e5e45d3750e14009940f7d168b49a8621ef01f9 /dev-qt
parent	Bug #491364: Fix complie with newer boost. (diff)
download	historical-a7e294706f49f10f5a6992b892094625a9a96889.tar.gz historical-a7e294706f49f10f5a6992b892094625a9a96889.tar.bz2 historical-a7e294706f49f10f5a6992b892094625a9a96889.zip