Hello community, here is the log from the commit of package libqt5-qtbase.2442 for openSUSE:13.1:Update checked in at 2014-01-31 21:07:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libqt5-qtbase.2442 (Old) and /work/SRC/openSUSE:13.1:Update/.libqt5-qtbase.2442.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtbase.2442" Changes: -------- New Changes file: --- /dev/null 2013-11-25 01:44:08.036031256 +0100 +++ /work/SRC/openSUSE:13.1:Update/.libqt5-qtbase.2442.new/libqt5-qtbase.changes 2014-01-31 21:07:36.000000000 +0100 @@ -0,0 +1,136 @@ +------------------------------------------------------------------- +Mon Jan 6 12:39:03 UTC 2014 - hrvoje.sen...@gmail.com + +- added patches: + * disallow-deep-or-widely-nested-entity-references.patch: upstream + fix for bnc#856832 and CVE-2013-4549: xml entity expansion attacks + +------------------------------------------------------------------- +Fri Oct 18 17:48:59 UTC 2013 - hrvoje.sen...@gmail.com + +- Added qtbase-opensource-src-5.1.1-bigendian.patch, also needed + for building on PowerPC, otherwise fromWordToBytes is + left undeclared + +------------------------------------------------------------------- +Fri Oct 18 12:38:19 UTC 2013 - hrvoje.sen...@gmail.com + +- Added qtbase-qatomic-ppc.patch, fixes PowerPC build + +------------------------------------------------------------------- +Fri Oct 4 14:23:42 UTC 2013 - hrvoje.sen...@gmail.com + +- Add convenient macros for packages building against Qt5: + %_libqt5_qmake, %qmake5, %make_jobs and %qmake5_install + +------------------------------------------------------------------- +Thu Sep 12 19:58:38 UTC 2013 - hrvoje.sen...@gmail.com + +- Added missing pkgconfig(xkbcommon) BuildRequires +- Drop checks for older openSUSE versions +- Enable GL ES and kms only on arm for now + +------------------------------------------------------------------- +Thu Sep 5 15:09:28 UTC 2013 - d...@suse.com + +- enable support for opengl es2 and kms + +------------------------------------------------------------------- +Thu Aug 29 16:38:30 UTC 2013 - hrvoje.sen...@gmail.com + +- Update to version 5.1.1: + * Bugfix release, please see + http://blog.qt.digia.com/blog/2013/08/28/qt-5-1-1-released/ + http://qt.gitorious.org/qt/qtbase/blobs/release/dist/changes-5.1.1 + and http://qt-project.org/wiki/Qt511KnownIssues for known issues +- Small spec cleanup +- Explicitly activate desktop openGL, and only BuildRequire + pkgconfig(gl) so whole Mesa stack isn't pulled + +------------------------------------------------------------------- +Sat Aug 3 07:14:30 UTC 2013 - tittiatc...@gmail.com + +- Adjust packaging naming conform Factory standards + +------------------------------------------------------------------- +Sun Jul 7 12:14:37 UTC 2013 - hrvoje.sen...@gmail.com + +- Allow co-existance of Qt5 and Qt4: + * Install headers in %_includedir/qt5 + * Install binaries in %_libdir/qt5/bin, create symlinks with -qt5 + suffixes in %_libdir/qt5/bin and %_bindir +- Spec cleanup: + * Removed checks for obsolete opensuse versions +- Add new macros.qt5, which should be utilized for other Qt5 modules +- Added baselibs.conf + +------------------------------------------------------------------- +Sun Jul 7 07:23:51 UTC 2013 - stephan.bin...@basyskom.com + +- update to Qt 5.1 release + +------------------------------------------------------------------- +Tue Jun 18 20:00:00 UTC 2013 - stephan.bin...@basyskom.com + +- update to Qt 5.1 RC 1 + +------------------------------------------------------------------- +Mon May 20 20:00:00 UTC 2013 - stephan.bin...@basyskom.com + +- update to Qt 5.1 Beta 1 + +------------------------------------------------------------------- +Tue Apr 9 20:00:00 UTC 2013 - stephan.bin...@basyskom.com + +- update to Qt 5.1 Alpha 1 + +------------------------------------------------------------------- +Fri Mar 29 11:58:55 UTC 2013 - stephan.bin...@basyskom.com + +- update to Qt 5.0.2 RC1 + +------------------------------------------------------------------- +Wed Jan 30 19:00:00 UTC 2013 - stephan.bin...@basyskom.com + +- update to Qt 5.0.1 + +------------------------------------------------------------------- +Wed Dec 19 20:40:40 UTC 2012 - stephan.bin...@basyskom.com + +- update to Qt 5.0 release + +------------------------------------------------------------------- +Thu Dec 13 10:50:52 UTC 2012 - stephan.bin...@basyskom.com + +- update to Qt 5.0 Release Candidate 2 + +------------------------------------------------------------------- +Thu Dec 6 19:54:17 UTC 2012 - stephan.bin...@basyskom.com + +- update to Qt 5.0 Release Candidate 1 + +------------------------------------------------------------------- +Thu Nov 15 12:14:39 UTC 2012 - stephan.bin...@basyskom.com + +- update to Qt 5.0 Beta 2 + +------------------------------------------------------------------- +Thu Aug 30 11:31:45 UTC 2012 - stephan.bin...@basyskom.com + +- update to Qt 5.0 Beta 1 release + +------------------------------------------------------------------- +Thu May 24 15:29:20 UTC 2012 - stephan.bin...@basyskom.com + +- update to newer Alpha snapshot / Beta candidate + +------------------------------------------------------------------- +Fri Apr 13 13:22:38 UTC 2012 - stephan.bin...@basyskom.com + +- rework package splitting for Qt 5 modularization + +------------------------------------------------------------------- +Thu Apr 5 09:56:15 UTC 2012 - dmuel...@suse.com + +- Initial packaging (Qt 5.0 Alpha) + New: ---- _constraints baselibs.conf disallow-deep-or-widely-nested-entity-references.patch libqt5-libtool-nodate.diff libqt5-qtbase.changes libqt5-qtbase.spec macros.qt5 qmake-add-usr-include.diff qt-never-strip.diff qtbase-opensource-src-5.1.1-bigendian.patch qtbase-opensource-src-5.1.1.tar.xz qtbase-qatomic-ppc.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtbase.spec ++++++ # # spec file for package libqt5-qtbase # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libqt5-qtbase BuildRequires: alsa-devel BuildRequires: at-spi2-core-devel BuildRequires: cups-devel BuildRequires: fdupes BuildRequires: freetype2-devel BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: libmng-devel BuildRequires: libmysqlclient-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: pkgconfig BuildRequires: postgresql-devel BuildRequires: sqlite3-devel BuildRequires: unixODBC-devel BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(gl) %ifarch %arm BuildRequires: pkgconfig(gbm) BuildRequires: pkgconfig(glesv2) %endif BuildRequires: xcb-util-image-devel BuildRequires: xcb-util-keysyms-devel BuildRequires: xcb-util-renderutil-devel BuildRequires: xcb-util-wm-devel BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(gtk+-2.0) BuildRequires: pkgconfig(xkbcommon) >= 0.2.0 Version: 5.1.1 Release: 0 Summary: C++ Program Library, Core Components License: GPL-3.0 or SUSE-LGPL-2.1-with-digia-exception-1.1 Group: System/Libraries Url: http://qt.digia.com %define base_name libqt5 %define real_version 5.1.1 %define tar_version qtbase-opensource-src-%{real_version} Source: %{tar_version}.tar.xz Source2: macros.qt5 Source3: baselibs.conf # PATCH-FIX-UPSTREAM qt-never-strip.diff -- for creating debug packages Patch2: qt-never-strip.diff # PATCH-FIX-UPSTREAM qtbase-qatomic-ppc.patch -- fixes build on PPC Patch3: qtbase-qatomic-ppc.patch # PATCH-FIX-UPSTREAM qtbase-opensource-src-5.1.1-bigendian.patch -- fixes build on big endian arches/PPC Patch4: qtbase-opensource-src-5.1.1-bigendian.patch # PATCH-FIX-UPSTREAM libqt5-libtool-nodate.diff -- for ommiting date/time on build # PATCH-FIX-UPSTREAM libqt5-libtool-nodate.diff -- for ommiting date/time on build Patch109: libqt5-libtool-nodate.diff # PATCH-FIX-UPSTREAM qmake-add-usr-include.diff -- explicitly include /usr/include path Patch131: qmake-add-usr-include.diff # PATCH-FIX-UPSTREAM disallow-deep-or-widely-nested-entity-references.patch -- xml entity expansion attacks, bnc#856832, CVE-2013-4549 Patch132: disallow-deep-or-widely-nested-entity-references.patch BuildRequires: clucene-core-devel BuildRequires: gstreamer-0_10-plugins-base-devel BuildRequires: libicu-devel BuildRequires: libpulse-devel BuildRequires: libudev-devel BuildRequires: xorg-x11-devel BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Qt is a set of libraries for developing applications. This package contains base tools, like string, xml, and network handling. %define libqt5_prefix %{_prefix} %define libqt5_libdir %{_libdir} %define libqt5_archdatadir %{_libdir}/qt5 %define libqt5_bindir %{libqt5_archdatadir}/bin %define libqt5_datadir %{_datadir}/qt5 %define libqt5_docdir %{_docdir}/qt5 %define libqt5_examplesdir %{libqt5_archdatadir}/examples %define libqt5_includedir %{_includedir}/qt5 %define libqt5_importdir %{libqt5_archdatadir}/imports %define libqt5_libexecdir %{libqt5_archdatadir}/libexec %define libqt5_plugindir %{libqt5_archdatadir}/plugins %define libqt5_sysconfdir %{_sysconfdir}/xdg %define libqt5_translationdir %{_datadir}/qt5/translations %prep %setup -q -n qtbase-opensource-src-%{real_version} %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch109 -p1 %patch131 -p1 %patch132 -p1 # be sure not to use them rm -r src/3rdparty/{libjpeg,freetype,libpng,zlib} #rm -r qtimageformats/src/3rdparty/{libtiff,libmng} %package devel Summary: Qt Development Kit Group: Development/Libraries/X11 Requires: %{name} = %{version} Requires: alsa-devel Requires: at-spi2-core-devel Requires: c++_compiler Requires: cups-devel Requires: freetype2-devel Requires: libQt5Gui5 = %{version} Requires: libQt5Test5 = %{version} Requires: libQt5Widgets5 = %{version} Requires: libjpeg-devel Requires: libmng-devel Requires: libpng-devel Requires: libqt5-sql-sqlite >= %{version} Requires: libtiff-devel Requires: make Requires: openssl-devel Requires: pcre-devel Requires: pkgconfig Requires: sqlite3-devel Requires: pkgconfig(dbus-1) Requires: pkgconfig(gl) %ifarch %arm Requires: pkgconfig(gbm) Requires: pkgconfig(glesv2) %endif Requires: gstreamer-0_10-plugins-base-devel Requires: libicu-devel Requires: libpulse-devel Requires: libudev-devel Requires: xcb-util-image-devel Requires: xcb-util-keysyms-devel Requires: xcb-util-renderutil-devel Requires: xcb-util-wm-devel Requires: xorg-x11-devel Requires: zlib-devel Requires: pkgconfig(glib-2.0) Requires: pkgconfig(xkbcommon) >= 0.2.0 %description devel You need this package, if you want to compile programs with Qt. It contains the "Qt Crossplatform Development Kit". It does contain include files and development applications like GUI designers, translator tools and code generators. %package -n libQt5Test5 Summary: Qt 5 Test Library Group: Development/Libraries/X11 %description -n libQt5Test5 Qt 5 library for testing. %package -n libQt5Widgets5 Summary: Qt 5 Test Library Group: Development/Libraries/X11 %description -n libQt5Widgets5 Qt 5 library to display widgets. %package -n libqt5-sql-sqlite Summary: Qt 5 sqlite plugin Group: Development/Libraries/C and C++ Requires: libQt5Sql5 = %{version} Provides: libqt5_sql_backend = %{version} %description -n libqt5-sql-sqlite Qt 5 sqlite plugin to be able to use database functionality with Qt applications without the need to setup a SQL server. %package -n libqt5-sql-unixODBC Summary: Qt 5 unixODBC plugin Group: Development/Libraries/C and C++ Requires: libQt5Sql5 = %{version} Provides: libqt5_sql_backend = %{version} %description -n libqt5-sql-unixODBC Qt unixODBC plugin to support databases via unixODBC within Qt applications. %package -n libqt5-sql-postgresql Summary: Qt 5 PostgreSQL plugin Group: Development/Libraries/C and C++ Requires: libQt5Sql5 = %{version} Provides: libqt5_sql_backend = %{version} %description -n libqt5-sql-postgresql Qt SQL plugin to support PostgreSQL servers in Qt applications. %package -n libqt5-sql-mysql Summary: Qt 5 MySQL support Group: Development/Libraries/C and C++ Requires: libQt5Sql5 = %{version} Provides: libqt5_sql_backend = %{version} %description -n libqt5-sql-mysql A plugin to support MySQL server in Qt applications. %package -n libQt5Gui5 Summary: Qt 5 GUI related libraries Group: Development/Libraries/C and C++ Recommends: libqt5-qtimageformats = %{version} %description -n libQt5Gui5 Qt 5 libraries which are depending on X11. %package -n libQt5Sql5 Summary: Qt 5 SQL related libraries Group: Development/Libraries/C and C++ Recommends: libqt5_sql_backend = %{version} Suggests: libqt5-sql-sqlite %description -n libQt5Sql5 Qt 5 libraries which are used for connection with an SQL server. You will need also a plugin package for a supported SQL server. %package private-headers-devel Summary: Non-ABI stable experimental API Group: Development/Libraries/C and C++ Requires: libqt5-qtbase-devel = %{version} %description private-headers-devel This package provides private headers of libqt5-qtbase-devel that are normally not used by application development and that do not have any ABI or API guarantees. The packages that build against these have to require the exact Qt version. %build export QMAKESPEC=$PWD/mkspecs/linux-g++ %ifarch ppc64 RPM_OPT_FLAGS="%{optflags} -mminimal-toc" %endif export CXXFLAGS="$CXXFLAGS %{optflags} -DOPENSSL_LOAD_CONF" export CFLAGS="$CFLAGS %{optflags} -DOPENSSL_LOAD_CONF" export MAKEFLAGS="%{?_smp_mflags}" %ifarch sparc64 platform="-platform linux-g++-64" %else platform="" %endif # Record mtime of changes file instead of build time CHANGES=`stat --format="%y" %{SOURCE1}|cut --characters=1-10` sed -i -e "s/qt_instdate=\$TODAY/qt_instdate=$CHANGES/" configure echo yes | ./configure $platform \ -prefix %{_prefix} \ -L %{libqt5_libdir} \ -libdir %{libqt5_libdir} \ -archdatadir %{libqt5_archdatadir} \ -bindir %{libqt5_bindir} \ -datadir %{libqt5_datadir} \ -docdir %{libqt5_docdir} \ -examplesdir %{libqt5_examplesdir} \ -headerdir %{libqt5_includedir} \ -importdir %{libqt5_importdir} \ -libexecdir %{libqt5_libexecdir} \ -plugindir %{libqt5_plugindir} \ -sysconfdir %{libqt5_sysconfdir} \ -translationdir %{libqt5_translationdir} \ -verbose \ -reduce-relocations \ -optimized-qmake \ -accessibility \ -opensource \ -no-separate-debug-info \ -shared \ -xkb \ -xrender \ -xcursor \ -dbus-linked \ -xfixes \ -xrandr \ -xinerama \ -sm \ -no-rpath \ -system-libjpeg \ -openssl-linked \ -system-libpng \ -cups \ -nis \ -system-zlib \ -iconv \ -sysconfdir /etc/settings \ -no-pch \ -glib \ -system-sqlite \ -no-sql-mysql \ -xsync \ -xinput \ -gtkstyle \ -javascript-jit \ -xcb \ -no-eglfs \ -opengl desktop \ %ifarch %arm -eglfs -kms \ -opengl es2 \ %else -no-eglfs \ -opengl desktop \ %endif -release \ %ifarch %arm -no-neon \ %endif -plugin-sql-sqlite -nomake examples \ -plugin-sql-psql -I/usr/include -I/usr/include/pgsql/ -I/usr/include/pgsql/server \ -plugin-sql-odbc \ -plugin-sql-mysql -I/usr/include/mysql/ -I/usr/include -v make %{?_smp_mflags} %install make INSTALL_ROOT=%{buildroot} install install -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rpm/macros.qt5 # argggh, qmake is such a piece of <censored> find %{buildroot}/%{libqt5_libdir} -type f -name '*prl' -exec perl -pi -e "s, -L$RPM_BUILD_DIR/\S+,,g" {} \; find %{buildroot}/%{libqt5_libdir} -type f -name '*prl' -exec sed -i -e "/^QMAKE_PRL_BUILD_DIR/d" {} \; find %{buildroot}/%{libqt5_libdir} -type f -name '*la' -print -exec perl -pi -e "s, -L$RPM_BUILD_DIR/?\S+,,g" {} \; # insanity ... find %{buildroot}/%{libqt5_libdir} -type f -name '*pc' -print -exec perl -pi -e "s, -L$RPM_BUILD_DIR/?\S+,,g" {} \; -exec sed -i -e "s,^moc_location=.*,moc_location=%libqt5_bindir/moc," -e "s,uic_location=.*,uic_location=%libqt5_bindir/uic," {} \; find %{buildroot}/%{libqt5_libdir}/ -name 'lib*.a' -exec chmod -x -- {} \; mkdir -p %{buildroot}/%{libqt5_plugindir}/sqldrivers # put all the binaries to %{_bindir}, add -qt5 suffix, and symlink them back to %_qt5_bindir mkdir %{buildroot}%{_bindir} pushd %{buildroot}%{libqt5_bindir} for i in * ; do mv $i ../../../bin/${i}-qt5 ln -s ../../../bin/${i}-qt5 . ln -s ../../../bin/${i}-qt5 $i done popd pushd %{buildroot}%{libqt5_docdir}/global/template/images chmod -R 644 *.png popd %fdupes %{buildroot}/%{libqt5_includedir} %fdupes %{buildroot}/%{libqt5_archdatadir}/mkspecs %clean rm -rf %{buildroot} %post -p /sbin/ldconfig %post -n libQt5Gui5 -p /sbin/ldconfig %post -n libQt5Sql5 -p /sbin/ldconfig %post -n libQt5Test5 -p /sbin/ldconfig %post -n libQt5Widgets5 -p /sbin/ldconfig %postun -p /sbin/ldconfig %postun -n libQt5Gui5 -p /sbin/ldconfig %postun -n libQt5Sql5 -p /sbin/ldconfig %postun -n libQt5Test5 -p /sbin/ldconfig %postun -n libQt5Widgets5 -p /sbin/ldconfig %files %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %dir %{libqt5_libdir}/qt5 %dir %{libqt5_plugindir} %{libqt5_libdir}/libQt5Core.so.* %{libqt5_libdir}/libQt5Concurrent.so.* %{libqt5_libdir}/libQt5DBus.so.* %{libqt5_libdir}/libQt5Network.so.* %{libqt5_libdir}/libQt5Xml.so.* %{libqt5_plugindir}/bearer %files -n libQt5Test5 %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_libdir}/libQt5Test.so.* %files -n libQt5Widgets5 %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_libdir}/libQt5Widgets.so.* %{libqt5_libdir}/libQt5PrintSupport.so.* %{libqt5_libdir}/libQt5OpenGL.so.* %{libqt5_plugindir}/accessible %{libqt5_plugindir}/printsupport %files -n libQt5Gui5 %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_libdir}/libQt5Gui.so.* %{libqt5_plugindir}/generic %{libqt5_plugindir}/imageformats %{libqt5_plugindir}/platforminputcontexts %{libqt5_plugindir}/platforms %{libqt5_plugindir}/platformthemes %files devel %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{_bindir}/* %libqt5_bindir/* %dir %libqt5_bindir %exclude %{libqt5_includedir}/*/5.1.1 %{libqt5_includedir}/ %{libqt5_libdir}/cmake %{libqt5_libdir}/libQt5*.la %{libqt5_libdir}/libQt5*.prl %{libqt5_libdir}/libQt5*.so %{libqt5_libdir}/libQt5*.a %{libqt5_libdir}/pkgconfig/Qt5*.pc %{libqt5_archdatadir}/mkspecs %{libqt5_docdir} %{_sysconfdir}/rpm/macros.qt5 %files private-headers-devel %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_includedir}/*/5.1.1 %files -n libQt5Sql5 %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_libdir}/libQt5Sql.so.* %dir %{libqt5_plugindir}/sqldrivers %files -n libqt5-sql-sqlite %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_plugindir}/sqldrivers/libqsqlite*.so %files -n libqt5-sql-unixODBC %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_plugindir}/sqldrivers/libqsqlodbc*.so %files -n libqt5-sql-postgresql %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_plugindir}/sqldrivers/libqsqlpsql*.so %files -n libqt5-sql-mysql %defattr(-,root,root,755) %doc *.txt LICENSE.LGPL LICENSE.FDL %{libqt5_plugindir}/sqldrivers/libqsqlmysql*.so %changelog ++++++ baselibs.conf ++++++ libqt5-qtbase libQt5Test5 libQtWidgets5 libqt5-sql-sqlite libqt5-sql-unixODBC libqt5-sql-postgresql libqt5-sql-mysql libQt5Gui5 libQt5Sql5 libQt5Widgets5 ++++++ disallow-deep-or-widely-nested-entity-references.patch ++++++ From: Mitch Curtis <mitch.cur...@digia.com> Date: Fri, 27 Sep 2013 10:32:28 +0000 Subject: Disallow deep or widely nested entity references. --- Disallow deep or widely nested entity references. Nested entities with a depth of 2 or more will fail. Entities that fully expand to more than 1024 characters will also fail. Change-Id: I75525bc1edfa796c4db30a5109fe21011ad43a2d Reviewed-by: Richard J. Moore <r...@kde.org> Reviewed-by: Lars Knoll <lars.kn...@digia.com> (cherries picked from commits 46a8885ae486e238a39efa5119c2714f328b08e4 and f1053d94f59f053ce4acad9320df14f1fbe4faac) --- --- a/src/xml/sax/qxml.cpp +++ b/src/xml/sax/qxml.cpp @@ -424,6 +424,12 @@ int stringValueLen; QString emptyStr; + // The limit to the amount of times the DTD parsing functions can be called + // for the DTD currently being parsed. + static const int dtdRecursionLimit = 2; + // The maximum amount of characters an entity value may contain, after expansion. + static const int entityCharacterLimit = 1024; + const QString &string(); void stringClear(); void stringAddC(QChar); @@ -492,6 +498,8 @@ void unexpectedEof(ParseFunction where, int state); void parseFailed(ParseFunction where, int state); void pushParseState(ParseFunction function, int state); + + bool isExpandedEntityValueTooLarge(QString *errorMessage); Q_DECLARE_PUBLIC(QXmlSimpleReader) QXmlSimpleReader *q_ptr; @@ -5035,6 +5043,11 @@ } break; case Mup: + if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) { + reportParseError(QString::fromLatin1( + "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit)); + return false; + } if (!parseMarkupdecl()) { parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state); return false; @@ -6644,6 +6657,50 @@ return false; } +bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage) +{ + QMap<QString, int> literalEntitySizes; + // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times. + QMap<QString, QMap<QString, int> > referencesToOtherEntities; + QMap<QString, int> expandedSizes; + + // For every entity, check how many times all entity names were referenced in its value. + foreach (QString toSearch, entities.keys()) { + // The amount of characters that weren't entity names, but literals, like 'X'. + QString leftOvers = entities.value(toSearch); + // How many times was entityName referenced by toSearch? + foreach (QString entityName, entities.keys()) { + for (int i = 0; i < leftOvers.size() && i != -1; ) { + i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i); + if (i != -1) { + leftOvers.remove(i, entityName.size() + 2); + // The entityName we're currently trying to find was matched in this string; increase our count. + ++referencesToOtherEntities[toSearch][entityName]; + } + } + } + literalEntitySizes[toSearch] = leftOvers.size(); + } + + foreach (QString entity, referencesToOtherEntities.keys()) { + expandedSizes[entity] = literalEntitySizes[entity]; + foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) { + const int references = referencesToOtherEntities.value(entity).value(referenceTo); + // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size. + expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references; + } + + if (expandedSizes[entity] > entityCharacterLimit) { + if (errorMessage) { + *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3)."); + *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit); + } + return true; + } + } + return false; +} + /* Parse a EntityDecl [70]. @@ -6738,6 +6795,12 @@ switch (state) { case EValue: if ( !entityExist(name())) { + QString errorMessage; + if (isExpandedEntityValueTooLarge(&errorMessage)) { + reportParseError(errorMessage); + return false; + } + entities.insert(name(), string()); if (declHnd) { if (!declHnd->internalEntityDecl(name(), string())) { ++++++ libqt5-libtool-nodate.diff ++++++ --- qtbase/qmake/generators/unix/unixmake2.cpp 2012/11/12 14:21:54 1.1 +++ qtbase/qmake/generators/unix/unixmake2.cpp 2012/11/12 14:22:13 @@ -1297,7 +1297,7 @@ QTextStream t(&ft); t << "# " << lname << " - a libtool library file\n"; t << "# Generated by qmake/libtool (" QMAKE_VERSION_STR ") (Qt " - << QT_VERSION_STR << ") on: " << QDateTime::currentDateTime().toString(); + << QT_VERSION_STR << ")"; t << "\n"; t << "# The name that we can dlopen(3).\n" ++++++ macros.qt5 ++++++ %_libqt5_prefix %{_prefix} %_libqt5_libdir %{_libdir} %_libqt5_archdatadir %{_libqt5_libdir}/qt5 %_libqt5_bindir %{_libqt5_archdatadir}/bin %_libqt5_datadir %{_datadir}/qt5 %_libqt5_docdir %{_docdir}/qt5 %_libqt5_examplesdir %{_libqt5_archdatadir}/examples %_libqt5_includedir %{_includedir}/qt5 %_libqt5_importdir %{_libqt5_archdatadir}/imports %_libqt5_libexecdir %{_libqt5_archdatadir}/libexec %_libqt5_plugindir %{_libqt5_archdatadir}/plugins %_libqt5_sysconfdir %{_sysconfdir}/xdg %_libqt5_translationdir %{_libqt5_datadir}/qt5/translations %_libqt5_qmake %{_libqt5_bindir}/qmake %qmake5 \ export PATH=%{_libqt5_bindir}:$PATH ; \ export CXXFLAGS="$CXXFLAGS %{optflags} -DOPENSSL_LOAD_CONF" ; \ export CFLAGS="$CFLAGS %{optflags} -DOPENSSL_LOAD_CONF" ; \ %_libqt5_qmake %make_jobs \ %{__make} %{?_smp_mflags} VERBOSE=1 %qmake5_install \ make INSTALL_ROOT=%{buildroot} install++++++ qmake-add-usr-include.diff ++++++ --- qtbase/qmake/generators/unix/unixmake2.cpp 2012/08/30 12:10:34 1.1 +++ qtbase/qmake/generators/unix/unixmake2.cpp 2012/08/30 12:10:41 @@ -128,7 +128,7 @@ << varGlue("DEFINES","-D"," -D","") << endl; t << "CFLAGS = " << var("QMAKE_CFLAGS") << " $(DEFINES)\n"; t << "CXXFLAGS = " << var("QMAKE_CXXFLAGS") << " $(DEFINES)\n"; - t << "INCPATH = -I" << specdir(); + t << "INCPATH = " << "-I/usr/include -I" << specdir(); if(!project->isActiveConfig("no_include_pwd")) { QString pwd = escapeFilePath(fileFixify(qmake_getpwd())); if(pwd.isEmpty()) ++++++ qt-never-strip.diff ++++++ --- qtbase/configure 2012/05/24 14:10:06 1.1 +++ qtbase/configure 2012/05/24 14:11:09 @@ -65,7 +65,6 @@ # initialize global variables QMAKE_SWITCHES= -QMAKE_VARS= QMAKE_CONFIG= QTCONFIG_CONFIG= QT_CONFIG= @@ -1199,7 +1198,7 @@ QMakeVar add QMAKE_CFLAGS -pg QMakeVar add QMAKE_CXXFLAGS -pg QMakeVar add QMAKE_LFLAGS -pg - QMAKE_VARS="$QMAKE_VARS CONFIG+=nostrip" + QMakeVar add CONFIG nostrip else UNKNOWN_OPT=yes fi @@ -2426,6 +2425,8 @@ esac fi +QMakeVar add CONFIG nostrip + #------------------------------------------------------------------------------- # tests that don't need qmake (must be run before displaying help) #------------------------------------------------------------------------------- ++++++ qtbase-opensource-src-5.1.1-bigendian.patch ++++++ diff -up qtbase-opensource-src-5.1.1/src/3rdparty/sha3/KeccakF-1600-opt64.c.bigendian qtbase-opensource-src-5.1.1/src/3rdparty/sha3/KeccakF-1600-opt64.c --- qtbase-opensource-src-5.1.1/src/3rdparty/sha3/KeccakF-1600-opt64.c.bigendian 2013-09-23 11:10:42.000000000 +0200 +++ qtbase-opensource-src-5.1.1/src/3rdparty/sha3/KeccakF-1600-opt64.c 2013-09-23 11:16:02.000000000 +0200 @@ -324,7 +324,7 @@ static void KeccakPermutation(unsigned c KeccakPermutationOnWords((UINT64*)state); } -#if 0 // Unused in the Qt configuration +#if (PLATFORM_BYTE_ORDER == IS_BIG_ENDIAN) static void fromBytesToWord(UINT64 *word, const UINT8 *bytes) { unsigned int i; @@ -445,7 +445,7 @@ static void KeccakAbsorb(unsigned char * #endif } -#if 0 // Unused in the Qt configuration +#if (PLATFORM_BYTE_ORDER == IS_BIG_ENDIAN) static void fromWordToBytes(UINT8 *bytes, const UINT64 word) { unsigned int i; ++++++ qtbase-qatomic-ppc.patch ++++++ Index: qtbase-opensource-src-5.1.1/src/corelib/thread/qoldbasicatomic.h =================================================================== --- qtbase-opensource-src-5.1.1.orig/src/corelib/thread/qoldbasicatomic.h +++ qtbase-opensource-src-5.1.1/src/corelib/thread/qoldbasicatomic.h @@ -63,7 +63,7 @@ public: // Atomic API, implemented in qatomic_XXX.h int load() const { return _q_value; } - int loadAcquire() { return _q_value; } + int loadAcquire() const { return _q_value; } void store(int newValue) { _q_value = newValue; } void storeRelease(int newValue) { _q_value = newValue; } @@ -107,7 +107,7 @@ public: // Atomic API, implemented in qatomic_XXX.h T *load() const { return _q_value; } - T *loadAcquire() { return _q_value; } + T *loadAcquire() const { return _q_value; } void store(T *newValue) { _q_value = newValue; } void storeRelease(T *newValue) { _q_value = newValue; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org