fix QTBUG-35459 and fix QTBUG-35460

* Mon Jan 13 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.8.5-14 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
2014-01-13 21:01:51 +01:00 · 2014-01-13 21:01:51 +01:00 · 97c30bc66d
commit 97c30bc66d
parent e84fc36353
3 changed files with 38 additions and 1 deletions
--- a/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
+++ b/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
@ -0,0 +1,12 @@
 diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp qt-everywhere-opensource-src-4.8.5-QTBUG-35459/src/xml/sax/qxml.cpp
 --- qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp	2013-12-05 19:23:33.000000000 +0100
 +++ qt-everywhere-opensource-src-4.8.5-QTBUG-35459/src/xml/sax/qxml.cpp	2014-01-13 20:13:59.000000000 +0100
@@ -428,7 +428,7 @@
     // for the DTD currently being parsed.
     static const int dtdRecursionLimit = 2;
     // The maximum amount of characters an entity value may contain, after expansion.
 -    static const int entityCharacterLimit = 1024;
 +    static const int entityCharacterLimit = 65536;
     const QString &string();
     void stringClear();
--- a/qt-everywhere-opensource-src-4.8.5-QTBUG-35460.patch
+++ b/qt-everywhere-opensource-src-4.8.5-QTBUG-35460.patch
@ -0,0 +1,12 @@
 diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp qt-everywhere-opensource-src-4.8.5-QTBUG-35460/src/xml/sax/qxml.cpp
 --- qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp	2013-12-05 19:23:33.000000000 +0100
 +++ qt-everywhere-opensource-src-4.8.5-QTBUG-35460/src/xml/sax/qxml.cpp	2014-01-13 20:15:11.000000000 +0100
@@ -6674,7 +6674,7 @@
         if (expandedSizes[entity] > entityCharacterLimit) {
             if (errorMessage) {
 -                *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
 +                *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands to a string that is too large to process (%2 characters > %3).");
                 *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
             }
             return true;
--- a/qt.spec
+++ b/qt.spec
@ -29,7 +29,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.5
-Release: 13%{?dist}
+Release: 14%{?dist}
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@ -142,6 +142,12 @@ Patch82: qt-everywhere-opensource-src-4.8.5-QTBUG-4862.patch
 # poll support
 Patch83: qt-4.8-poll.patch
 # fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
 Patch84: qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
 # fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
 Patch85: qt-everywhere-opensource-src-4.8.5-QTBUG-35460.patch
 # upstream patches
 # http://codereview.qt-project.org/#change,22006
 Patch100: qt-everywhere-opensource-src-4.8.1-qtgahandle.patch
@ -544,6 +550,9 @@ rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
 # security fixes
 %patch1147 -p1 -b .0147
 %patch1162 -p1 -b .0162
 # regression fixes for the security fixes
 %patch84 -p1 -b .QTBUG-35459
 %patch85 -p1 -b .QTBUG-35460
 # drop -fexceptions from $RPM_OPT_FLAGS
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
@ -1240,6 +1249,10 @@ fi
 %changelog
 * Mon Jan 13 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.8.5-14
 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
 - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
 * Mon Dec 23 2013 Peter Robinson <pbrobinson@fedoraproject.org> 4.8.5-13
 - Add support for aarch64 (#1046360)