summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dev-qt/qtcore/ChangeLog9
-rw-r--r--dev-qt/qtcore/Manifest21
-rw-r--r--dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch114
-rw-r--r--dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch124
-rw-r--r--dev-qt/qtcore/qtcore-4.8.5-r1.ebuild175
5 files changed, 438 insertions, 5 deletions
diff --git a/dev-qt/qtcore/ChangeLog b/dev-qt/qtcore/ChangeLog
index 93907845aa0b..7036663dd44e 100644
--- a/dev-qt/qtcore/ChangeLog
+++ b/dev-qt/qtcore/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for dev-qt/qtcore
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/ChangeLog,v 1.31 2013/11/11 13:56:14 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/ChangeLog,v 1.32 2013/12/28 01:25:52 pesa Exp $
+
+*qtcore-4.8.5-r1 (28 Dec 2013)
+
+ 28 Dec 2013; Davide Pesavento <pesa@gentoo.org>
+ +files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch,
+ +files/CVE-2013-4549-02-fully-expand-entities.patch, +qtcore-4.8.5-r1.ebuild:
+ Apply upstream patches for CVE-2013-4549.
11 Nov 2013; Jeroen Roovers <jer@gentoo.org> qtcore-4.8.5.ebuild:
Stable for HPPA (bug #488536).
diff --git a/dev-qt/qtcore/Manifest b/dev-qt/qtcore/Manifest
index 0dd77a1865e4..cbf2459db7e2 100644
--- a/dev-qt/qtcore/Manifest
+++ b/dev-qt/qtcore/Manifest
@@ -2,6 +2,8 @@
Hash: SHA256
AUX CVE-2013-0254.patch 2694 SHA256 708714e387b607e4c28182420af42f9169c632c909feef6224190053da0c869f SHA512 227ed44a8e90eb63402cd6658bff1244e3684c4f9757aa9c3cf53e60127f6324a978d82f2de25e6a718b88392d51641e9b8010d313a25a0154f871c0dcc94182 WHIRLPOOL 472b5ca7da456ae9e6c62072be6f6c1fb71c13450d8108745a7f14d5f7511e299377a7cd88f6bf5e03b906259a0a6961115e7012e998878ba306d8a67b4fc935
+AUX CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch 4531 SHA256 fd6e59635ea7bc86fdc36333ecd77609ae5cdc52c3a388c3b0088887d9a21b72 SHA512 b81810d62e8652f91b787285e8208b42d723e89aef248aeca24f02cd84b4a098c82571ece7c8af9c25c0535bde61ee376b6c24992f55fbaef2dd77f54f14ef1a WHIRLPOOL f7e6d005c157314eba3501bb9fdcecdb1f0b317880d659ac42e9b17a79ba98892c6ad9b49651a81d2a8c5c77d9e6ab9b7953422435543b1e38f1eeef0865dbd3
+AUX CVE-2013-4549-02-fully-expand-entities.patch 6117 SHA256 848dbcd78c2ae0a3f6acca07b48067c453f721adfbe4dcdc90ca8267eedbc065 SHA512 1564fc1e299704c7f51015fdf3213e3c85460d2950821f53f94bbf98c80275e845aa8804250081df9db8172ca26fde11070e21ce18b8ee17961689ceb96daac9 WHIRLPOOL ccf1494fd0b243aed5149d6f1ebaadb5bfefff4698a95fae6d006247a9daee493e8e4c567a2bc930efc7b22c27761207afd1c8fe8f104c5a3fed491a669d14e8
AUX blacklist-mis-issued-Turktrust-certs.patch 5939 SHA256 abf2632243cd5b82dfcb2f297908c37ee79e42240a5539eb4738713470658bc8 SHA512 5f4d5be5389b3b2423a33cb09ace4514b53fb96ad0d95e2d02dca7673a9a37b879f739e0988b4bd5e90976ca83ad802ce8179da7433e6ffc3f519a151b8aeec3 WHIRLPOOL ab4a4d61654aa159e82f66d6600a932296f5ee5c0778009dd69f899866a4f1bf3d7b6cb858092f75cd00582fcf357e963e4c7cf0a363ba9bab1cb2455b4fd9c5
AUX fix-call-to-QMetaObject-metaCall-from-updateProperty.patch 1570 SHA256 bca22cbb85b852101ba90bb03a96922f35f8bc158e5781d62dcedea6481d832b SHA512 119c44be4cc2195dd593b5a4c3986b267a12a3e415c057f36ff953c980eaff9df68171440782d5e81803961df062fe25506bef8e564b220caf10ccfb462b6839 WHIRLPOOL 0a1931d941a8bfd62835864b4042019a5d96b44f4da04f911a9f721e30a0304d0aa24ce8205edbe222e0c6b37fb544fcb1c451ad8d6402d70554d1ee04e3fd1a
AUX moc-boost-lexical-cast.patch 584 SHA256 dadd3eab516ee26f1c19f17dbcb7be46e7c9efba49924fa1d53cc0176491736a SHA512 ed2cc3d36ac8576cee42d1586b99913ce060a47e72c82890e7b5fe4fc500e857693f2348f4446ce7dfbd1bbdf6e51b99b57f2fc09d6c15f9075f10c4b5459fa6 WHIRLPOOL d4ee64605ad9dacd371519a9c08582c25ea891480c79795822cfe74e6bafb332d558dca5d024c6f369e3674fde5a89a15a7d79042093295ac9d0a0d516493583
@@ -13,13 +15,24 @@ DIST qt-everywhere-opensource-src-4.8.5.tar.gz 241491467 SHA256 eb728f8268831dc4
DIST qtcore-4.8.4-update-defaultNumberingSystem.patch.gz 7719 SHA256 69e4be2ad4d08067a6bc8708a164822128a8fa8226d90a0be02e89ba537d90fb SHA512 a8d1501223ffbeeb9898afd5ce7fc4839a6155ae2612d796eed674a01bf8d53241d627a60a179bf93cf3e0d338de5468b1495c97843166245f295df559c52b12 WHIRLPOOL f8027c78f1691d1a50b30bcfe53c8750727a1d49dc45233ebeab5a1d7388a4291fe74a9b35bff5417b48fcfbdeadab3dc130fade17012c95ca751d73b2814b4f
EBUILD qtcore-4.8.4-r4.ebuild 5218 SHA256 44f7a0a6c7bb22b838b7e5ff0ddd8da8bf70c891e914fa454d6f198751de9ded SHA512 af3015e641f8eeab5e48e949cffec9fa9b97691b3de20dd5bfc3c6a6d480d874da85168cb2f17a04a953cc275669aae0523fcc61f3c57a9b8bb1897e6dd277a3 WHIRLPOOL e3a8bea441ca667e0c6c100b1b3b37559d7fe47a628450586bdf102e0a0d507c09ed61210de86df378d55277731cd863406206af8306013abd5d5c54acd019ba
EBUILD qtcore-4.8.4-r5.ebuild 5513 SHA256 f35bf696783b5c3c998343ce75de7139b1c35eb921dfd27981c633d8f36e9bd9 SHA512 f42faa5b31eaafbb843fae66573a4d95ea574f589acc8733240dfa7c89d0a833e7aa0fb77d0987355e26497e0ffc5fc9b5ea82511e881a57bf5b3093ea660b3c WHIRLPOOL 1ebbc32a2491743b92bb1e5dd130cce0cd6efe832be7fa6642c68b0fdafc4329fecd35c8ac0c0349d129890ff644a0d6bfdd4ab6e0f183940de5268d0b66b751
+EBUILD qtcore-4.8.5-r1.ebuild 5008 SHA256 73d3167f31cc8d6cffac98433cc20b26ceb236703ec42140b025fa54756749a8 SHA512 5be8cdf53b5fae9364f1f099ac9c808c6fc73e144cc2fabced876a925dffa7d68d57e70eb2e426bd54512e21463a9d6a0ad1cd4e3b699612d7e28ee9fc51a156 WHIRLPOOL a00d63fcd9942d279de3546afe6e82b635fe9213770e995b31a38d0e1e43f3d3b6a917548aaa34e052ae5524eb13eba19d2c0718a94d091e605c2985f3038388
EBUILD qtcore-4.8.5.ebuild 4857 SHA256 bd91a8cef1b938a207d7c05cef07d60f7e4d2cdac9d25e08477f40c14abf7679 SHA512 db2eedbed92461951201297caec5136e58da21bd70ea585a887ce76c1c00e59dad4ab7a269f0d397ca17088a7fa8d7a49a3f7c841926e867decc584d47355b6e WHIRLPOOL 80864fa6f8f96610eacfc33f410c6acb792a57845c28f3bfcd43071675994752116e17d3e4db654a11d2376baad49c5df59daccd8bac1a4dc43405ca65230422
-MISC ChangeLog 32804 SHA256 996db3eb36cf1a99f0f485a4a4c38cc930fd67a89166645ec7dc2cdd4fdf8cd8 SHA512 970e761fb89df27a56c1abdb3e5b164867eebf8aac07c052bcb88d8b35dec3d00cbcb4740cbc48bf93a5a4ce760ab024cd152946af7a8df1c3368987f5da4642 WHIRLPOOL 6a053320c08881897cca6cf9a256f10fc682cdcb4db37fd7e0fc194f66f19b8f0711bf3cc4422bfc66b2b47fa09c8862493aafa11c0ecf7693a5927fc93b532f
+MISC ChangeLog 33088 SHA256 01398125b68cd16e097d8a45ba9148045be37c972bff4f52c1e9820188ec043c SHA512 106dcc3e3be46d7b6b5c83a4cf86fcfe2b5051efe4a8a804625c7422a850fb17d0e64a6d4955bfc374160d726c8c7e281a2dea811f6803ce5f9eb1dd3302ec69 WHIRLPOOL 99df4baaadf551c4163bf6226f9c8251d2ce0ac9e1f3fb5da683a9c6fd71d04b174a448dee90386a1a8384dc4f8ca3f04a66689925d6db8aac9869274f90cad5
MISC metadata.xml 711 SHA256 999402a925dbe1f9d510372e9e03e5527e94e95e1cededaa01b2a8f7d89e2a61 SHA512 ac9f28c9efb0aeebb145c1cfc22d1a3c7ba25b141f5640249c914921138eb309c522392e750614a531bdedf0f4385738a840ea4591785d54cadeb2f1c74a4d5f WHIRLPOOL e2ac4864fcc8b665251fdce4203156f0bba2636d2a170a225c13005c656fce29f49e51dd6b8c6639fa48a11307522887ff26bc02603b676ec20aa826b2198824
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-iEYEAREIAAYFAlKA4gAACgkQVWmRsqeSphP31QCbBNGU46vI4EI0uMFtojjzIgVS
-Ar8An04WFWOgx5K/QG/l6tm2cKyAGrHh
-=eg0u
+iQIcBAEBCAAGBQJSviihAAoJENXLsxwXqFxy2vIP+wdZ/wV5JwidVEz8RRTJS+9z
+nNsL8Awq1Z+OMy26Mueay0UMet9U14/pttW4kloo00rqPirepsV2h4i/kwM1h7hh
+fPJ6+wucTH+Er7Miq+qpPA1RoBN9vw4gnkHcFrtRkBOpMSjKx8i3VvfrMmKYrR67
+JdTwnFSuWVrF/NSNrD1RqgCbAkQLbrBsWlYfapem+B3PqgoJ+qT/bjok87lx7sTv
+GPLVpZv09si5e6RL+SERHCAi5/h/R5lFseR3Ff6bwvq1mKhNPlOh3jPi/eX3RCbK
+E3dLlp15DfLuIuULE8shP0AOA53x8VSwzEqxN/nGAASoV0BsfK7CNC3tWl+R25X/
+X6wWaLtBrlULw5zUPJoxwOYc/Ag9Yd1q0nJC37YO02fT0yoy6mTJqTESnKG5LTsB
+uSJdSfYZoumCmvCRTlzUZjm1lOiI4DW5zCA5+DOBWt2saUhFuU94MFji9N8kBdkW
+8sEWeCKzdhe24e/6NwkNGwuFtjKG7KP/alRLPjEG2GbqXbzOR4btxkAWin0QSIUd
+GM19tiIKOVISHKLZveGLQq5OcMXi87qhSI+fMsmKNCb9tJKMAmNizkU2ychva0KX
+DmsaQXlWREhgm90lhVR6AAqzHB9PiG5zdtG1NN8luOfsf6ucZ/vG5neLgRTgAwPy
+livGzBERyoBRVWmLV0cC
+=aa1J
-----END PGP SIGNATURE-----
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch
new file mode 100644
index 000000000000..c472d4212ffa
--- /dev/null
+++ b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch
@@ -0,0 +1,114 @@
+From 512a1ce0698d370c313bb561bbf078935fa0342e Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis@digia.com>
+Date: Thu, 7 Nov 2013 09:36:29 +0100
+Subject: Disallow deep or widely nested entity references.
+
+Nested references with a depth of 2 or greater will fail. References
+that partially expand to greater than 1024 characters will also fail.
+
+This is a backport of 46a8885ae486e238a39efa5119c2714f328b08e4.
+
+Change-Id: I0c2e1fa13d6ccb5f88641dae2ed3f28bfdeaf609
+Reviewed-by: Richard J. Moore <rich@kde.org>
+Reviewed-by: Lars Knoll <lars.knoll@digia.com>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index a1777c5..3904632 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -424,6 +424,10 @@ private:
+ int stringValueLen;
+ QString emptyStr;
+
++ // The limit to the amount of times the DTD parsing functions can be called
++ // for the DTD currently being parsed.
++ int dtdRecursionLimit;
++
+ const QString &string();
+ void stringClear();
+ void stringAddC(QChar);
+@@ -492,6 +496,7 @@ private:
+ void unexpectedEof(ParseFunction where, int state);
+ void parseFailed(ParseFunction where, int state);
+ void pushParseState(ParseFunction function, int state);
++ bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
+
+ Q_DECLARE_PUBLIC(QXmlSimpleReader)
+ QXmlSimpleReader *q_ptr;
+@@ -2759,6 +2764,7 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+ useNamespacePrefixes = false;
+ reportWhitespaceCharData = true;
+ reportEntities = false;
++ dtdRecursionLimit = 2;
+ }
+
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -5018,6 +5024,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype()
+ }
+ break;
+ case Mup:
++ if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) {
++ reportParseError(QString::fromLatin1(
++ "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit));
++ return false;
++ }
+ if (!parseMarkupdecl()) {
+ parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state);
+ return false;
+@@ -6627,6 +6638,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+ return false;
+ }
+
++bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++{
++ const QString value = string();
++ QMap<QString, int> referencedEntityCounts;
++ foreach (QString entityName, entities.keys()) {
++ for (int i = 0; i < value.size() && i != -1; ) {
++ i = value.indexOf(entityName, i);
++ if (i != -1) {
++ // The entityName we're currently trying to find
++ // was matched in this string; increase our count.
++ ++referencedEntityCounts[entityName];
++ i += entityName.size();
++ }
++ }
++ }
++
++ foreach (QString entityName, referencedEntityCounts.keys()) {
++ const int timesReferenced = referencedEntityCounts[entityName];
++ const QString entityValue = entities[entityName];
++ if (entityValue.size() * timesReferenced > 1024) {
++ if (errorMessage) {
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\""
++ "expands too a string that is too large to process when "
++ "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++ }
++ return true;
++ }
++ }
++ return false;
++}
++
+ /*
+ Parse a EntityDecl [70].
+
+@@ -6721,6 +6763,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+ switch (state) {
+ case EValue:
+ if ( !entityExist(name())) {
++ QString errorMessage;
++ if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
++ // The entity at entityName is entityValue.size() characters
++ // long in its unexpanded form, and was mentioned timesReferenced times,
++ // resulting in a string that would be greater than 1024 characters.
++ reportParseError(errorMessage);
++ return false;
++ }
++
+ entities.insert(name(), string());
+ if (declHnd) {
+ if (!declHnd->internalEntityDecl(name(), string())) {
+--
+1.8.5.2
+
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch
new file mode 100644
index 000000000000..03ef64f22d86
--- /dev/null
+++ b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch
@@ -0,0 +1,124 @@
+From cecceb0cdd87482124a73ecf537f3445d68be13e Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis@digia.com>
+Date: Tue, 12 Nov 2013 13:44:56 +0100
+Subject: Fully expand entities to ensure deep or widely nested ones fail
+ parsing
+
+With 512a1ce0698d370c313bb561bbf078935fa0342e, we failed when parsing
+entities whose partially expanded size was greater than 1024
+characters. That was not enough, so now we fully expand all entities.
+
+This is a backport of f1053d94f59f053ce4acad9320df14f1fbe4faac.
+
+Change-Id: I41dd6f4525c63e82fd320a22d19248169627f7e0
+Reviewed-by: Richard J. Moore <rich@kde.org>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index 3904632..befa801 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -426,7 +426,9 @@ private:
+
+ // The limit to the amount of times the DTD parsing functions can be called
+ // for the DTD currently being parsed.
+- int dtdRecursionLimit;
++ static const int dtdRecursionLimit = 2;
++ // The maximum amount of characters an entity value may contain, after expansion.
++ static const int entityCharacterLimit = 1024;
+
+ const QString &string();
+ void stringClear();
+@@ -496,7 +498,7 @@ private:
+ void unexpectedEof(ParseFunction where, int state);
+ void parseFailed(ParseFunction where, int state);
+ void pushParseState(ParseFunction function, int state);
+- bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
++ bool isExpandedEntityValueTooLarge(QString *errorMessage);
+
+ Q_DECLARE_PUBLIC(QXmlSimpleReader)
+ QXmlSimpleReader *q_ptr;
+@@ -2764,7 +2766,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+ useNamespacePrefixes = false;
+ reportWhitespaceCharData = true;
+ reportEntities = false;
+- dtdRecursionLimit = 2;
+ }
+
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -6638,30 +6639,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+ return false;
+ }
+
+-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage)
+ {
+- const QString value = string();
+- QMap<QString, int> referencedEntityCounts;
+- foreach (QString entityName, entities.keys()) {
+- for (int i = 0; i < value.size() && i != -1; ) {
+- i = value.indexOf(entityName, i);
+- if (i != -1) {
+- // The entityName we're currently trying to find
+- // was matched in this string; increase our count.
+- ++referencedEntityCounts[entityName];
+- i += entityName.size();
++ QMap<QString, int> literalEntitySizes;
++ // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times.
++ QMap<QString, QMap<QString, int> > referencesToOtherEntities;
++ QMap<QString, int> expandedSizes;
++
++ // For every entity, check how many times all entity names were referenced in its value.
++ foreach (QString toSearch, entities.keys()) {
++ // The amount of characters that weren't entity names, but literals, like 'X'.
++ QString leftOvers = entities.value(toSearch);
++ // How many times was entityName referenced by toSearch?
++ foreach (QString entityName, entities.keys()) {
++ for (int i = 0; i < leftOvers.size() && i != -1; ) {
++ i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i);
++ if (i != -1) {
++ leftOvers.remove(i, entityName.size() + 2);
++ // The entityName we're currently trying to find was matched in this string; increase our count.
++ ++referencesToOtherEntities[toSearch][entityName];
++ }
+ }
+ }
++ literalEntitySizes[toSearch] = leftOvers.size();
+ }
+
+- foreach (QString entityName, referencedEntityCounts.keys()) {
+- const int timesReferenced = referencedEntityCounts[entityName];
+- const QString entityValue = entities[entityName];
+- if (entityValue.size() * timesReferenced > 1024) {
++ foreach (QString entity, referencesToOtherEntities.keys()) {
++ expandedSizes[entity] = literalEntitySizes[entity];
++ foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) {
++ const int references = referencesToOtherEntities.value(entity).value(referenceTo);
++ // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size.
++ expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references;
++ }
++
++ if (expandedSizes[entity] > entityCharacterLimit) {
+ if (errorMessage) {
+- *errorMessage = QString::fromLatin1("The XML entity \"%1\""
+- "expands too a string that is too large to process when "
+- "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
++ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
+ }
+ return true;
+ }
+@@ -6764,10 +6778,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+ case EValue:
+ if ( !entityExist(name())) {
+ QString errorMessage;
+- if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
+- // The entity at entityName is entityValue.size() characters
+- // long in its unexpanded form, and was mentioned timesReferenced times,
+- // resulting in a string that would be greater than 1024 characters.
++ if (isExpandedEntityValueTooLarge(&errorMessage)) {
+ reportParseError(errorMessage);
+ return false;
+ }
+--
+1.8.5.2
+
diff --git a/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild b/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild
new file mode 100644
index 000000000000..34451de6ec93
--- /dev/null
+++ b/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild
@@ -0,0 +1,175 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/qtcore-4.8.5-r1.ebuild,v 1.1 2013/12/28 01:25:52 pesa Exp $
+
+EAPI=5
+
+inherit qt4-build
+
+DESCRIPTION="Cross-platform application development framework"
+SLOT="4"
+if [[ ${QT4_BUILD_TYPE} == live ]]; then
+ KEYWORDS=""
+else
+ KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+fi
+IUSE="+glib iconv icu qt3support ssl"
+
+DEPEND="
+ sys-libs/zlib
+ glib? ( dev-libs/glib:2 )
+ icu? ( >=dev-libs/icu-49:= )
+ ssl? ( dev-libs/openssl )
+ !<x11-libs/cairo-1.10.2-r2
+"
+RDEPEND="${DEPEND}"
+PDEPEND="
+ qt3support? ( ~dev-qt/qtgui-${PV}[aqua=,debug=,glib=,qt3support] )
+"
+
+PATCHES=(
+ "${FILESDIR}/moc-boost-lexical-cast.patch"
+ "${FILESDIR}/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch"
+ "${FILESDIR}/CVE-2013-4549-02-fully-expand-entities.patch"
+)
+
+pkg_setup() {
+ QT4_TARGET_DIRECTORIES="
+ src/tools/bootstrap
+ src/tools/moc
+ src/tools/rcc
+ src/tools/uic
+ src/corelib
+ src/xml
+ src/network
+ src/plugins/codecs
+ tools/linguist/lconvert
+ tools/linguist/lrelease
+ tools/linguist/lupdate"
+
+ QT4_EXTRACT_DIRECTORIES="${QT4_TARGET_DIRECTORIES}
+ include
+ src/plugins/plugins.pro
+ src/plugins/qpluginbase.pri
+ src/src.pro
+ src/3rdparty/des
+ src/3rdparty/harfbuzz
+ src/3rdparty/md4
+ src/3rdparty/md5
+ src/3rdparty/sha1
+ src/3rdparty/easing
+ src/3rdparty/zlib_dependency.pri
+ src/declarative
+ src/gui
+ src/script
+ tools/shared
+ tools/linguist/shared
+ translations"
+
+ qt4-build_pkg_setup
+}
+
+src_prepare() {
+ # Don't pre-strip, bug 235026
+ for i in kr jp cn tw; do
+ echo "CONFIG+=nostrip" >> "${S}"/src/plugins/codecs/${i}/${i}.pro
+ done
+
+ qt4-build_src_prepare
+
+ # bug 172219
+ sed -i -e "s:CXXFLAGS.*=:CXXFLAGS=${CXXFLAGS} :" \
+ "${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CXXFLAGS failed"
+ sed -i -e "s:LFLAGS.*=:LFLAGS=${LDFLAGS} :" \
+ "${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix LDFLAGS failed"
+
+ # bug 427782
+ sed -i -e "/^CPPFLAGS/s/-g//" \
+ "${S}/qmake/Makefile.unix" || die "sed qmake/Makefile.unix CPPFLAGS failed"
+ sed -i -e "s/setBootstrapVariable QMAKE_CFLAGS_RELEASE/QMakeVar set QMAKE_CFLAGS_RELEASE/" \
+ -e "s/setBootstrapVariable QMAKE_CXXFLAGS_RELEASE/QMakeVar set QMAKE_CXXFLAGS_RELEASE/" \
+ "${S}/configure" || die "sed configure setBootstrapVariable failed"
+}
+
+src_configure() {
+ myconf+="
+ -no-accessibility -no-xmlpatterns -no-multimedia -no-audio-backend -no-phonon
+ -no-phonon-backend -no-svg -no-webkit -no-script -no-scripttools -no-declarative
+ -system-zlib -no-gif -no-libtiff -no-libpng -no-libmng -no-libjpeg
+ -no-cups -no-dbus -no-gtkstyle -no-nas-sound -no-opengl -no-openvg
+ -no-sm -no-xshape -no-xvideo -no-xsync -no-xinerama -no-xcursor -no-xfixes
+ -no-xrandr -no-xrender -no-mitshm -no-fontconfig -no-freetype -no-xinput -no-xkb
+ $(qt_use glib)
+ $(qt_use iconv)
+ $(qt_use icu)
+ $(use ssl && echo -openssl-linked || echo -no-openssl)
+ $(qt_use qt3support)"
+
+ qt4-build_src_configure
+}
+
+src_install() {
+ dobin bin/{qmake,moc,rcc,uic,lconvert,lrelease,lupdate}
+
+ install_directories src/{corelib,xml,network,plugins/codecs}
+
+ emake INSTALL_ROOT="${D}" install_mkspecs
+
+ # install private headers
+ insinto "${QTHEADERDIR#${EPREFIX}}"/QtCore/private
+ find "${S}"/src/corelib -type f -name "*_p.h" -exec doins {} +
+
+ # use freshly built libraries
+ local DYLD_FPATH=
+ [[ -d "${S}"/lib/QtCore.framework ]] \
+ && DYLD_FPATH=$(for x in "${S}"/lib/*.framework; do echo -n ":$x"; done)
+ DYLD_LIBRARY_PATH="${S}/lib${DYLD_FPATH}" \
+ LD_LIBRARY_PATH="${S}/lib" \
+ "${S}"/bin/lrelease translations/*.ts \
+ || die "generating translations failed"
+ insinto "${QTTRANSDIR#${EPREFIX}}"
+ doins translations/*.qm
+
+ setqtenv
+ fix_library_files
+
+ # List all the multilib libdirs
+ local libdirs=
+ for libdir in $(get_all_libdirs); do
+ libdirs+=":${EPREFIX}/usr/${libdir}/qt4"
+ done
+
+ cat <<-EOF > "${T}"/44qt4
+ LDPATH="${libdirs:1}"
+ EOF
+ doenvd "${T}"/44qt4
+
+ dodir "${QTDATADIR#${EPREFIX}}"/mkspecs/gentoo
+ mv "${D}/${QTDATADIR}"/mkspecs/qconfig.pri "${D}${QTDATADIR}"/mkspecs/gentoo \
+ || die "failed to move qconfig.pri"
+
+ # Framework hacking
+ if use aqua && [[ ${CHOST#*-darwin} -ge 9 ]]; then
+ # TODO: do this better
+ sed -i -e '2a#include <QtCore/Gentoo/gentoo-qconfig.h>\n' \
+ "${D}${QTLIBDIR}"/QtCore.framework/Headers/qconfig.h \
+ || die "sed for qconfig.h failed."
+ dosym "${QTHEADERDIR#${EPREFIX}}"/Gentoo "${QTLIBDIR#${EPREFIX}}"/QtCore.framework/Headers/Gentoo
+ else
+ sed -i -e '2a#include <Gentoo/gentoo-qconfig.h>\n' \
+ "${D}${QTHEADERDIR}"/QtCore/qconfig.h \
+ "${D}${QTHEADERDIR}"/Qt/qconfig.h \
+ || die "sed for qconfig.h failed"
+ fi
+
+ QCONFIG_DEFINE="QT_ZLIB"
+ install_qconfigs
+
+ # remove .la files
+ prune_libtool_files
+
+ keepdir "${QTSYSCONFDIR#${EPREFIX}}"
+
+ # Framework magic
+ fix_includes
+}