From 41dc0b76de87ea39f4fe1f5450db5663b212648b Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Tue, 11 Jul 2017 10:44:53 +0200
Subject: [PATCH] fixed bz#1409600, stack overflow in QXmlSimpleReader,
 CVE-2016-1004

---
 qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch | 2 +-
 qt.spec                                              | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch b/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
index dede832..5ca9114 100644
--- a/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
+++ b/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
@@ -6,7 +6,7 @@ diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp q
      static const int dtdRecursionLimit = 2;
      // The maximum amount of characters an entity value may contain, after expansion.
 -    static const int entityCharacterLimit = 1024;
-+    static const int entityCharacterLimit = 65536;
++    static const int entityCharacterLimit = 4096;
  
      const QString &string();
      void stringClear();
diff --git a/qt.spec b/qt.spec
index 4d909ee..621176b 100644
--- a/qt.spec
+++ b/qt.spec
@@ -44,7 +44,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.7
-Release: 20%{?dist}
+Release: 21%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -1386,6 +1386,9 @@ fi
 
 
 %changelog
+* Tue Jul 11 2017 Than Ngo <than@redhat.com> - 1:4.8.7-21
+- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
+
 * Wed Nov 30 2016 Rex Dieter <rdieter@fedoraproject.org> - 4.8.7-20
 - FTBFS firebird
 - FTBFS openssl-1.1, bootstrap using -no-openssl (#1400196)