From 37a2aba837ee6a148cd3441a7ce82737e04d54ac Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Jul 11 2017 08:17:14 +0000
Subject: fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004


---

diff --git a/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch b/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
index dede832..5ca9114 100644
--- a/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
+++ b/qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
@@ -6,7 +6,7 @@ diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp q
      static const int dtdRecursionLimit = 2;
      // The maximum amount of characters an entity value may contain, after expansion.
 -    static const int entityCharacterLimit = 1024;
-+    static const int entityCharacterLimit = 65536;
++    static const int entityCharacterLimit = 4096;
  
      const QString &string();
      void stringClear();
diff --git a/qt.spec b/qt.spec
index 557726d..7e6abd4 100644
--- a/qt.spec
+++ b/qt.spec
@@ -44,7 +44,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.7
-Release: 28%{?dist}
+Release: 29%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -1396,6 +1396,9 @@ fi
 
 
 %changelog
+* Tue Jul 11 2017 Than Ngo <than@redhat.com> - 1:4.8.7-29
+- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
+
 * Mon May 15 2017 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:4.8.7-28
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild