[arch-commits] Commit in qt5/trunk (4 files)
Andrea Scarpino
andrea at nymeria.archlinux.org
Wed Dec 11 18:52:59 UTC 2013
Date: Wednesday, December 11, 2013 @ 19:52:58
Author: andrea
Revision: 201441
upgpkg: qt5 5.1.1-6
CVE-2013-4549 and link again to system libmng
Added:
qt5/trunk/CVE-2013-4549.patch
qt5/trunk/bison3.patch
qt5/trunk/libmng2.patch
Modified:
qt5/trunk/PKGBUILD
---------------------+
CVE-2013-4549.patch | 235 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 93 +++++++++----------
bison3.patch | 38 ++++++++
libmng2.patch | 34 +++++++
4 files changed, 352 insertions(+), 48 deletions(-)
Added: CVE-2013-4549.patch
===================================================================
--- CVE-2013-4549.patch (rev 0)
+++ CVE-2013-4549.patch 2013-12-11 18:52:58 UTC (rev 201441)
@@ -0,0 +1,235 @@
+From 46a8885ae486e238a39efa5119c2714f328b08e4 Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis at digia.com>
+Date: Fri, 27 Sep 2013 12:32:28 +0200
+Subject: [PATCH] Disallow deep or widely nested entity references.
+
+Nested references with a depth of 2 or greater will fail. References
+that partially expand to greater than 1024 characters will also fail.
+
+Change-Id: Id4e49d6f7cf51e3a247efdb4c6c7c9bd9b223f6e
+Reviewed-by: Richard J. Moore <rich at kde.org>
+Reviewed-by: Lars Knoll <lars.knoll at digia.com>
+
+From f1053d94f59f053ce4acad9320df14f1fbe4faac Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis at digia.com>
+Date: Mon, 11 Nov 2013 14:27:40 +0100
+Subject: [PATCH] Fully expand entities to ensure deep or widely nested ones fail parsing
+
+With 46a8885ae486e238a39efa5119c2714f328b08e4, we failed when parsing
+entities whose partially expanded size was greater than 1024
+characters. That was not enough, so now we fully expand all entities.
+
+Amends 46a8885ae486e238a39efa5119c2714f328b08e4.
+
+Change-Id: Ie80720d7e04d825eb4eebf528140eb94806c02b1
+Reviewed-by: Richard J. Moore <rich at kde.org>
+Reviewed-by: Lars Knoll <lars.knoll at digia.com>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index 45c0f3e..e6d78d3 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -424,6 +424,10 @@ private:
+ int stringValueLen;
+ QString emptyStr;
+
++ // The limit to the amount of times the DTD parsing functions can be called
++ // for the DTD currently being parsed.
++ int dtdRecursionLimit;
++
+ const QString &string();
+ void stringClear();
+ void stringAddC(QChar);
+@@ -493,6 +497,8 @@ private:
+ void parseFailed(ParseFunction where, int state);
+ void pushParseState(ParseFunction function, int state);
+
++ bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
++
+ Q_DECLARE_PUBLIC(QXmlSimpleReader)
+ QXmlSimpleReader *q_ptr;
+
+@@ -2757,6 +2763,8 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+ useNamespacePrefixes = false;
+ reportWhitespaceCharData = true;
+ reportEntities = false;
++
++ dtdRecursionLimit = 2;
+ }
+
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -5035,6 +5043,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype()
+ }
+ break;
+ case Mup:
++ if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) {
++ reportParseError(QString::fromLatin1(
++ "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit));
++ return false;
++ }
+ if (!parseMarkupdecl()) {
+ parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state);
+ return false;
+@@ -6644,6 +6657,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+ return false;
+ }
+
++bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++{
++ const QString value = string();
++ QMap<QString, int> referencedEntityCounts;
++ foreach (QString entityName, entities.keys()) {
++ for (int i = 0; i < value.size() && i != -1; ) {
++ i = value.indexOf(entityName, i);
++ if (i != -1) {
++ // The entityName we're currently trying to find
++ // was matched in this string; increase our count.
++ ++referencedEntityCounts[entityName];
++ i += entityName.size();
++ }
++ }
++ }
++
++ foreach (QString entityName, referencedEntityCounts.keys()) {
++ const int timesReferenced = referencedEntityCounts[entityName];
++ const QString entityValue = entities[entityName];
++ if (entityValue.size() * timesReferenced > 1024) {
++ if (errorMessage) {
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\""
++ "expands too a string that is too large to process when "
++ "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++ }
++ return true;
++ }
++ }
++ return false;
++}
++
+ /*
+ Parse a EntityDecl [70].
+
+@@ -6738,6 +6782,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+ switch (state) {
+ case EValue:
+ if ( !entityExist(name())) {
++ QString errorMessage;
++ if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
++ // The entity at entityName is entityValue.size() characters
++ // long in its unexpanded form, and was mentioned timesReferenced times,
++ // resulting in a string that would be greater than 1024 characters.
++ reportParseError(errorMessage);
++ return false;
++ }
++
+ entities.insert(name(), string());
+ if (declHnd) {
+ if (!declHnd->internalEntityDecl(name(), string())) {
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index e6d78d3..f3a1e47 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -426,7 +426,9 @@ private:
+
+ // The limit to the amount of times the DTD parsing functions can be called
+ // for the DTD currently being parsed.
+- int dtdRecursionLimit;
++ static const int dtdRecursionLimit = 2;
++ // The maximum amount of characters an entity value may contain, after expansion.
++ static const int entityCharacterLimit = 1024;
+
+ const QString &string();
+ void stringClear();
+@@ -497,7 +499,7 @@ private:
+ void parseFailed(ParseFunction where, int state);
+ void pushParseState(ParseFunction function, int state);
+
+- bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
++ bool isExpandedEntityValueTooLarge(QString *errorMessage);
+
+ Q_DECLARE_PUBLIC(QXmlSimpleReader)
+ QXmlSimpleReader *q_ptr;
+@@ -2763,8 +2765,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+ useNamespacePrefixes = false;
+ reportWhitespaceCharData = true;
+ reportEntities = false;
+-
+- dtdRecursionLimit = 2;
+ }
+
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -6657,30 +6657,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+ return false;
+ }
+
+-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage)
+ {
+- const QString value = string();
+- QMap<QString, int> referencedEntityCounts;
+- foreach (QString entityName, entities.keys()) {
+- for (int i = 0; i < value.size() && i != -1; ) {
+- i = value.indexOf(entityName, i);
+- if (i != -1) {
+- // The entityName we're currently trying to find
+- // was matched in this string; increase our count.
+- ++referencedEntityCounts[entityName];
+- i += entityName.size();
++ QMap<QString, int> literalEntitySizes;
++ // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times.
++ QMap<QString, QMap<QString, int> > referencesToOtherEntities;
++ QMap<QString, int> expandedSizes;
++
++ // For every entity, check how many times all entity names were referenced in its value.
++ foreach (QString toSearch, entities.keys()) {
++ // The amount of characters that weren't entity names, but literals, like 'X'.
++ QString leftOvers = entities.value(toSearch);
++ // How many times was entityName referenced by toSearch?
++ foreach (QString entityName, entities.keys()) {
++ for (int i = 0; i < leftOvers.size() && i != -1; ) {
++ i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i);
++ if (i != -1) {
++ leftOvers.remove(i, entityName.size() + 2);
++ // The entityName we're currently trying to find was matched in this string; increase our count.
++ ++referencesToOtherEntities[toSearch][entityName];
++ }
+ }
+ }
++ literalEntitySizes[toSearch] = leftOvers.size();
+ }
+
+- foreach (QString entityName, referencedEntityCounts.keys()) {
+- const int timesReferenced = referencedEntityCounts[entityName];
+- const QString entityValue = entities[entityName];
+- if (entityValue.size() * timesReferenced > 1024) {
++ foreach (QString entity, referencesToOtherEntities.keys()) {
++ expandedSizes[entity] = literalEntitySizes[entity];
++ foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) {
++ const int references = referencesToOtherEntities.value(entity).value(referenceTo);
++ // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size.
++ expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references;
++ }
++
++ if (expandedSizes[entity] > entityCharacterLimit) {
+ if (errorMessage) {
+- *errorMessage = QString::fromLatin1("The XML entity \"%1\""
+- "expands too a string that is too large to process when "
+- "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
++ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
+ }
+ return true;
+ }
+@@ -6783,10 +6796,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+ case EValue:
+ if ( !entityExist(name())) {
+ QString errorMessage;
+- if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
+- // The entity at entityName is entityValue.size() characters
+- // long in its unexpanded form, and was mentioned timesReferenced times,
+- // resulting in a string that would be greater than 1024 characters.
++ if (isExpandedEntityValueTooLarge(&errorMessage)) {
+ reportParseError(errorMessage);
+ return false;
+ }
+--
+1.7
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-12-11 17:08:28 UTC (rev 201440)
+++ PKGBUILD 2013-12-11 18:52:58 UTC (rev 201441)
@@ -3,12 +3,11 @@
pkgbase=qt5
pkgname=('qt5-base'
- 'qt5-connectivity'
'qt5-declarative'
'qt5-doc'
'qt5-graphicaleffects'
'qt5-imageformats'
- 'qt5-location'
+ 'qt5-jsbackend'
'qt5-multimedia'
'qt5-quick1'
'qt5-quickcontrols'
@@ -21,29 +20,32 @@
'qt5-webkit'
'qt5-x11extras'
'qt5-xmlpatterns')
-pkgver=5.2.0rc1
-_pkgver=5.2.0-rc1
-pkgrel=1
+pkgver=5.1.1
+pkgrel=6
arch=('i686' 'x86_64')
url='http://qt-project.org/'
license=('GPL3' 'LGPL' 'FDL' 'custom')
makedepends=('libxcb' 'xcb-proto' 'xcb-util' 'xcb-util-image' 'xcb-util-wm' 'xcb-util-keysyms'
- 'mesa' 'at-spi2-core' 'alsa-lib' 'gstreamer0.10-base-plugins'
+ 'mesa' 'at-spi2-core' 'alsa-lib' 'gstreamer0.10-base-plugins' 'libmng'
'libjpeg-turbo' 'cups' 'libpulse' 'hicolor-icon-theme' 'desktop-file-utils'
'postgresql-libs' 'libmariadbclient' 'sqlite' 'unixodbc' 'libfbclient'
'python2' 'ruby' 'gperf' 'libxslt' 'libxcomposite' 'fontconfig'
- 'openal' 'gtk2' 'libxkbcommon' 'python')
+ 'openal' 'gtk2' 'libxkbcommon')
groups=('qt' 'qt5')
-_pkgfqn="qt-everywhere-opensource-src-${_pkgver}"
-source=("http://download.qt-project.org/development_releases/qt/5.2/${_pkgver}/single/${_pkgfqn}.tar.xz"
+_pkgfqn="qt-everywhere-opensource-src-${pkgver}"
+source=("http://download.qt-project.org/official_releases/qt/5.1/${pkgver}/single/${_pkgfqn}.tar.xz"
'assistant.desktop' 'designer.desktop' 'linguist.desktop' 'qdbusviewer.desktop'
- 'use-python2.patch')
-md5sums=('7bc67db0ed54bd3646f1c6e3e871e938'
+ 'use-python2.patch'
+ 'bison3.patch' 'CVE-2013-4549.patch' 'libmng2.patch')
+md5sums=('697b7b8768ef8895e168366ab6b44760'
'b2897dd6a2967bccf8f10e397aafee55'
'9638a78e502719ef8fe5f8d10d0361a9'
'188da8f4c87316e730ebf1c6217bf5a0'
'322b419b16c75d4de0ee7ad0a246caa1'
- 'a378deccf363bd6079da459c89aff7b9')
+ '92831f79144d5cb8121915423ba47575'
+ '6b162cd2bc104f0ae83ca039401be7bf'
+ 'e59ba552e12408dcc9486cdbb1f233e3'
+ '478647fa057d190a7d789cf78995167b')
prepare() {
cd ${_pkgfqn}
@@ -57,6 +59,16 @@
sed -i -e "s|#![ ]*/usr/bin/python$|#!/usr/bin/python2|" \
-e "s|#![ ]*/usr/bin/env python$|#!/usr/bin/env python2|" \
$(find . -name '*.py')
+
+ # Fix build with bison 3.x
+ cd qtwebkit
+ patch -p1 -i "${srcdir}"/bison3.patch
+
+ cd ../qtbase
+ patch -p1 -i "${srcdir}"/CVE-2013-4549.patch
+
+ cd ../qtimageformats
+ patch -p1 -i "${srcdir}"/libmng2.patch
}
build() {
@@ -99,8 +111,8 @@
package_qt5-base() {
pkgdesc='A cross-platform application and UI framework'
depends=('libjpeg-turbo' 'xcb-util-keysyms' 'libgl' 'dbus' 'fontconfig' 'systemd'
- 'xcb-util-wm' 'libxrender' 'libxi' 'sqlite' 'xcb-util-image' 'icu'
- 'qtchooser' 'libxkbcommon')
+ 'xcb-util-wm' 'libxrender' 'libxi' 'sqlite' 'libpng' 'xcb-util-image'
+ 'icu' 'qtchooser' 'libxkbcommon')
optdepends=('postgresql-libs: PostgreSQL driver'
'libmariadbclient: MariaDB driver'
'unixodbc: ODBC driver'
@@ -120,7 +132,7 @@
# Fix wrong qmake path in pri file
sed -i "s|${srcdir}/${_pkgfqn}/qtbase|/usr|" \
- "${pkgdir}"/usr/lib/qt/mkspecs/modules/qt_lib_bootstrap_private.pri
+ "${pkgdir}"/usr/lib/qt/mkspecs/modules/qt_lib_bootstrap.pri
# Useful symlinks
install -d "${pkgdir}"/usr/bin
@@ -129,24 +141,9 @@
done
}
-package_qt5-connectivity() {
- pkgdesc='A cross-platform application and UI framework (QtBluetooth, QtNfc)'
- depends=('qt5-declarative')
-
- cd ${_pkgfqn}/qtconnectivity
- make INSTALL_ROOT="${pkgdir}" install
-
- # Fix wrong path in prl files
- find "${pkgdir}/usr/lib" -type f -name '*.prl' \
- -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d;s/\(QMAKE_PRL_LIBS =\).*/\1/' {} \;
-
- install -D -m644 LGPL_EXCEPTION.txt \
- "${pkgdir}"/usr/share/licenses/${pkgname}/LGPL_EXCEPTION.txt
-}
-
package_qt5-declarative() {
pkgdesc='A cross-platform application and UI framework (QtQml, QtQuick)'
- depends=('qt5-xmlpatterns')
+ depends=('qt5-jsbackend' 'qt5-xmlpatterns')
conflicts=('qt')
cd ${_pkgfqn}/qtdeclarative
@@ -183,6 +180,21 @@
"${pkgdir}"/usr/share/licenses/${pkgname}/LGPL_EXCEPTION.txt
}
+package_qt5-jsbackend() {
+ pkgdesc='A cross-platform application and UI framework (QtV8)'
+ depends=('qt5-base')
+
+ cd ${_pkgfqn}/qtjsbackend
+ make INSTALL_ROOT="${pkgdir}" install
+
+ # Fix wrong path in prl files
+ find "${pkgdir}/usr/lib" -type f -name '*.prl' \
+ -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d;s/\(QMAKE_PRL_LIBS =\).*/\1/' {} \;
+
+ install -D -m644 LGPL_EXCEPTION.txt \
+ "${pkgdir}"/usr/share/licenses/${pkgname}/LGPL_EXCEPTION.txt
+}
+
package_qt5-xmlpatterns() {
pkgdesc='A cross-platform application and UI framework (QtXmlPatterns)'
depends=('qt5-base')
@@ -246,7 +258,7 @@
package_qt5-imageformats() {
pkgdesc='A cross-platform application and UI framework (Images plugins)'
- depends=('qt5-base' 'libtiff')
+ depends=('qt5-base' 'libtiff' 'libmng')
conflicts=('qt')
cd ${_pkgfqn}/qtimageformats
@@ -256,21 +268,6 @@
"${pkgdir}"/usr/share/licenses/${pkgname}/LGPL_EXCEPTION.txt
}
-package_qt5-location() {
- pkgdesc='A cross-platform application and UI framework (QtLocation, QtPositioning)'
- depends=('qt5-declarative')
-
- cd ${_pkgfqn}/qtlocation
- make INSTALL_ROOT="${pkgdir}" install
-
- # Fix wrong path in prl files
- find "${pkgdir}/usr/lib" -type f -name '*.prl' \
- -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d;s/\(QMAKE_PRL_LIBS =\).*/\1/' {} \;
-
- install -D -m644 LGPL_EXCEPTION.txt \
- "${pkgdir}"/usr/share/licenses/${pkgname}/LGPL_EXCEPTION.txt
-}
-
package_qt5-quick1() {
pkgdesc='A cross-platform application and UI framework (QtDeclarative)'
depends=('qt5-webkit' 'qt5-script')
@@ -415,7 +412,7 @@
package_qt5-webkit() {
pkgdesc='A cross-platform application and UI framework (QtWebKit)'
- depends=('qt5-sensors' 'qt5-location' 'gstreamer0.10-base' 'libxslt' 'libxcomposite')
+ depends=('qt5-declarative' 'gstreamer0.10-base' 'libxslt' 'libxcomposite' 'qt5-sensors')
license=('GPL3' 'LGPL' 'FDL')
cd ${_pkgfqn}/qtwebkit
Added: bison3.patch
===================================================================
--- bison3.patch (rev 0)
+++ bison3.patch 2013-12-11 18:52:58 UTC (rev 201441)
@@ -0,0 +1,38 @@
+From 60ba8bd5b3575d0c7740571fbb4e681b21a49a82 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen at digia.com>
+Date: Fri, 16 Aug 2013 18:27:07 +0200
+Subject: [PATCH] ANGLE doesn't build with bison 3.0
+
+https://bugs.webkit.org/show_bug.cgi?id=119798
+
+Reviewed by Antti Koivisto.
+
+Make glslang.y compatible with bison 3.0
+by using %lex-param to set YYLEX_PARAM.
+
+* src/compiler/glslang.y:
+
+git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154109 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+Task-number: QTBUG-32913
+Change-Id: I15505d31f0588c4d558b73befdb9d2358e29c1a3
+Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte at digia.com>
+---
+ Source/ThirdParty/ANGLE/src/compiler/glslang.y | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/Source/ThirdParty/ANGLE/src/compiler/glslang.y b/Source/ThirdParty/ANGLE/src/compiler/glslang.y
+index 3cad335..b41e95a 100644
+--- a/Source/ThirdParty/ANGLE/src/compiler/glslang.y
++++ b/Source/ThirdParty/ANGLE/src/compiler/glslang.y
+@@ -47,6 +47,7 @@ WHICH GENERATES THE GLSL ES PARSER (glslang_tab.cpp AND glslang_tab.h).
+ %expect 1 /* One shift reduce conflict because of if | else */
+ %pure-parser
+ %parse-param {TParseContext* context}
++%lex-param {YYLEX_PARAM}
+
+ %union {
+ struct {
+--
+1.7.1
+
Added: libmng2.patch
===================================================================
--- libmng2.patch (rev 0)
+++ libmng2.patch 2013-12-11 18:52:58 UTC (rev 201441)
@@ -0,0 +1,34 @@
+From 9ae386653c321c8ddc10fad5ea88f32ebb3d3ffe Mon Sep 17 00:00:00 2001
+From: aavit <eirik.aavitsland at digia.com>
+Date: Fri, 22 Nov 2013 15:04:23 +0100
+Subject: [PATCH] Recognize newer libmng versions in config test
+
+libmng 2.0.x has been released and is compatible and usable, but since
+it no longer provides a VERSION_MAJOR macro, the config test would fail.
+
+Task-number: QTBUG-34894
+Change-Id: I106aa258de0851af01d1bb016c2971dd8e30fd24
+Reviewed-by: Liang Qi <liang.qi at digia.com>
+---
+ config.tests/libmng/libmng.cpp | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/config.tests/libmng/libmng.cpp b/config.tests/libmng/libmng.cpp
+index 9def33e..fc3e693 100644
+--- a/config.tests/libmng/libmng.cpp
++++ b/config.tests/libmng/libmng.cpp
+@@ -46,9 +46,11 @@ int main(int, char **)
+ mng_handle hMNG;
+ mng_cleanup(&hMNG);
+
++#if defined(MNG_VERSION_MAJOR)
+ #if MNG_VERSION_MAJOR < 1 || (MNG_VERSION_MAJOR == 1 && MNG_VERSION_MINOR == 0 && MNG_VERSION_RELEASE < 9)
+ #error System libmng version is less than 1.0.9; using built-in version instead.
+ #endif
++#endif
+
+ return 0;
+ }
+--
+1.7.1
+
More information about the arch-commits
mailing list