fix QTBUG-35459 and QTBUG-35460

* Mon Jan 13 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 5.2.0-4 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
2014-01-13 20:46:51 +01:00 · 2014-01-13 20:46:51 +01:00 · 8c475d4b3e
commit 8c475d4b3e
parent 0ecbefdce7
3 changed files with 37 additions and 1 deletions
--- a/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
+++ b/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
@ -0,0 +1,12 @@
 diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp qt-everywhere-opensource-src-4.8.5-QTBUG-35459/src/xml/sax/qxml.cpp
 --- qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp	2013-12-05 19:23:33.000000000 +0100
 +++ qt-everywhere-opensource-src-4.8.5-QTBUG-35459/src/xml/sax/qxml.cpp	2014-01-13 20:13:59.000000000 +0100
@@ -428,7 +428,7 @@
     // for the DTD currently being parsed.
     static const int dtdRecursionLimit = 2;
     // The maximum amount of characters an entity value may contain, after expansion.
 -    static const int entityCharacterLimit = 1024;
 +    static const int entityCharacterLimit = 65536;
     const QString &string();
     void stringClear();
--- a/qt-everywhere-opensource-src-4.8.5-QTBUG-35460.patch
+++ b/qt-everywhere-opensource-src-4.8.5-QTBUG-35460.patch
@ -0,0 +1,12 @@
 diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp qt-everywhere-opensource-src-4.8.5-QTBUG-35460/src/xml/sax/qxml.cpp
 --- qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp	2013-12-05 19:23:33.000000000 +0100
 +++ qt-everywhere-opensource-src-4.8.5-QTBUG-35460/src/xml/sax/qxml.cpp	2014-01-13 20:15:11.000000000 +0100
@@ -6674,7 +6674,7 @@
         if (expandedSizes[entity] > entityCharacterLimit) {
             if (errorMessage) {
 -                *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
 +                *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands to a string that is too large to process (%2 characters > %3).");
                 *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
             }
             return true;
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@ -28,7 +28,7 @@
 Summary: Qt5 - QtBase components
 Name:    qt5-qtbase
 Version: 5.2.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -56,6 +56,12 @@ Patch2: qtbase-multilib_optflags.patch
 # qatomic on ppc/ppc64, http://bugzilla.redhat.com/1005482
 Patch3: qtbase-qatomic-ppc.patch
 # fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
 Patch4: qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
 # fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
 Patch5: qt-everywhere-opensource-src-4.8.5-QTBUG-35460.patch
 # upstreamable patches
 # support poll
 # https://bugreports.qt-project.org/browse/QTBUG-27195
@ -236,6 +242,8 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
 %patch3 -p1 -b .qatomic-ppc
 %patch4 -p1 -b .QTBUG-35459
 %patch5 -p1 -b .QTBUG-35460
 #patch50 -p1 -b .poll
 %patch51 -p1 -b .bigendian
@ -651,6 +659,10 @@ popd
 %changelog
 * Mon Jan 13 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 5.2.0-4
 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
 - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
 * Mon Jan 13 2014 Rex Dieter <rdieter@fedoraproject.org> - 5.2.0-3
 - move sql build deps into subpkg sections
 - macro'ize ibase,tds support (disabled on rhel)