2 files changed, 45 insertions, 0 deletions

diff --git a/x11/kdelibs4/Makefile b/x11/kdelibs4/Makefile
index 5b57adaf0be2..907da6702f0f 100644
--- a/x11/kdelibs4/Makefile
+++ b/x11/kdelibs4/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	kdelibs
 PORTVERSION=	${KDE4_VERSION}
+PORTREVISION=	1
 CATEGORIES=	x11 kde
 MASTER_SITES=	KDE/${KDE4_BRANCH}/${PORTVERSION}/src
 DIST_SUBDIR=	KDE/${PORTVERSION}
diff --git a/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a b/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
new file mode 100644
index 000000000000..46b6be731faa
--- /dev/null
+++ b/x11/kdelibs4/files/patch-git_d4fca9ffb31a2383459c89b27f81b10b7ddece1a
@@ -0,0 +1,44 @@
+commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a
+Author: Luigi Toscano <luigi.toscano@tiscali.it>
+Date:   Wed Jun 4 22:40:12 2014 +0200
+
+    Explicitly load external entities (after CVE-2014-0191)
+    
+    Use the more modern API function for XML loading and enable the
+    flags which load the external entities, so that meinproc4 can work
+    again after the security changes implemented for CVE-2014-0191.
+    Network loading is disabled too now.
+    
+    REVIEW: 118270
+    BUG: 335001
+    FIXED-IN: 4.13.2
+
+diff --git a/kdoctools/meinproc.cpp b/kdoctools/meinproc.cpp
+index e0f8faf..0467f22 100644
+--- kdoctools/meinproc.cpp
++++ kdoctools/meinproc.cpp
+@@ -207,8 +207,8 @@ int main(int argc, char **argv) {
+ 
+         if (style_sheet != NULL) {
+ 
+-            xmlDocPtr doc = xmlParseFile( QFile::encodeName( checkFilename ).constData() );
+-
++            xmlDocPtr doc = xmlReadFile( QFile::encodeName( checkFilename ).constData(),
++                                         NULL, XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET );
+             xmlDocPtr res = xsltApplyStylesheet(style_sheet, doc, &params[0]);
+ 
+             xmlFreeDoc(doc);
+diff --git a/kdoctools/xslt.cpp b/kdoctools/xslt.cpp
+index a7265ca..4d64de4 100644
+--- kdoctools/xslt.cpp
++++ kdoctools/xslt.cpp
+@@ -157,7 +157,8 @@ QString transform( const QString &pat, const QString& tss,
+ 
+     INFO(i18n("Parsing document"));
+ 
+-    xmlDocPtr doc = xmlParseFile(QFile::encodeName(pat));
++    xmlDocPtr doc = xmlReadFile(QFile::encodeName(pat), NULL,
++                                XML_PARSE_NOENT|XML_PARSE_DTDLOAD|XML_PARSE_NONET);
+     xsltTransformContextPtr ctxt;
+ 
+     ctxt = xsltNewTransformContext(style_sheet, doc);