[qt3] fix QTBUG-35459 and QTBUG-35460
Kevin Kofler
kkofler at fedoraproject.org
Mon Jan 13 20:08:01 UTC 2014
commit 6371d409094476629602dbfb4872ac92f5bf7c16
Author: Kevin Kofler <Kevin at tigcc.ticalc.org>
Date: Mon Jan 13 21:08:04 2014 +0100
fix QTBUG-35459 and QTBUG-35460
* Mon Jan 13 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-55
- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
qt-x11-free-3.3.8b-CVE-2013-4549.patch | 8 ++++----
qt3.spec | 6 +++++-
2 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/qt-x11-free-3.3.8b-CVE-2013-4549.patch b/qt-x11-free-3.3.8b-CVE-2013-4549.patch
index 65351de..09e3a83 100644
--- a/qt-x11-free-3.3.8b-CVE-2013-4549.patch
+++ b/qt-x11-free-3.3.8b-CVE-2013-4549.patch
@@ -1,6 +1,6 @@
diff -ur qt-x11-free-3.3.8b/src/xml/qxml.cpp qt-x11-free-3.3.8b-CVE-2013-4549/src/xml/qxml.cpp
--- qt-x11-free-3.3.8b/src/xml/qxml.cpp 2008-01-15 20:09:13.000000000 +0100
-+++ qt-x11-free-3.3.8b-CVE-2013-4549/src/xml/qxml.cpp 2013-12-06 00:49:26.000000000 +0100
++++ qt-x11-free-3.3.8b-CVE-2013-4549/src/xml/qxml.cpp 2014-01-13 21:03:14.000000000 +0100
@@ -4529,6 +4529,11 @@
}
break;
@@ -60,7 +60,7 @@ diff -ur qt-x11-free-3.3.8b/src/xml/qxml.cpp qt-x11-free-3.3.8b-CVE-2013-4549/sr
+
+ if (expandedSizes[entity] > entityCharacterLimit) {
+ if (errorMessage) {
-+ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands to a string that is too large to process (%2 characters > %3).");
+ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
+ }
+ return TRUE;
@@ -87,7 +87,7 @@ diff -ur qt-x11-free-3.3.8b/src/xml/qxml.cpp qt-x11-free-3.3.8b-CVE-2013-4549/sr
if ( !declHnd->internalEntityDecl( name(), string() ) ) {
diff -ur qt-x11-free-3.3.8b/src/xml/qxml.h qt-x11-free-3.3.8b-CVE-2013-4549/src/xml/qxml.h
--- qt-x11-free-3.3.8b/src/xml/qxml.h 2008-01-15 20:09:13.000000000 +0100
-+++ qt-x11-free-3.3.8b-CVE-2013-4549/src/xml/qxml.h 2013-12-05 23:53:14.000000000 +0100
++++ qt-x11-free-3.3.8b-CVE-2013-4549/src/xml/qxml.h 2014-01-13 21:03:02.000000000 +0100
@@ -307,6 +307,12 @@
QXmlSimpleReaderPrivate* d;
@@ -96,7 +96,7 @@ diff -ur qt-x11-free-3.3.8b/src/xml/qxml.h qt-x11-free-3.3.8b-CVE-2013-4549/src/
+ // for the DTD currently being parsed.
+ static const uint dtdRecursionLimit = 2U;
+ // The maximum amount of characters an entity value may contain, after expansion.
-+ static const uint entityCharacterLimit = 1024U;
++ static const uint entityCharacterLimit = 65536U;
+
const QString &string();
void stringClear();
diff --git a/qt3.spec b/qt3.spec
index 9da786a..42d3c60 100644
--- a/qt3.spec
+++ b/qt3.spec
@@ -6,7 +6,7 @@
Name: qt3
Summary: The shared library for the Qt 3 GUI toolkit
Version: 3.3.8b
-Release: 54%{?dist}
+Release: 55%{?dist}
License: QPL or GPLv2 or GPLv3
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -630,6 +630,10 @@ rm -rf %{buildroot}
%changelog
+* Mon Jan 13 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-55
+- fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549)
+- fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled)
+
* Thu Dec 05 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.3.8b-54
- backport CVE-2013-4549 fix from Qt 4
More information about the scm-commits
mailing list