[neon/qt/qtbase/Neon/testing] debian/patches: remove patch now in tar
Jonathan Riddell
null at kde.org
Wed Oct 21 15:37:07 BST 2020
Git commit 32132ef529693529e95b2fe6809c48823e3f449c by Jonathan Riddell.
Committed on 21/10/2020 at 14:37.
Pushed by jriddell into branch 'Neon/testing'.
remove patch now in tar
D +0 -136 debian/patches/CVE-2015-9541.diff
M +0 -1 debian/patches/series
https://invent.kde.org/neon/qt/qtbase/commit/32132ef529693529e95b2fe6809c48823e3f449c
diff --git a/debian/patches/CVE-2015-9541.diff b/debian/patches/CVE-2015-9541.diff
deleted file mode 100644
index 8e7037f..0000000
--- a/debian/patches/CVE-2015-9541.diff
+++ /dev/null
@@ -1,136 +0,0 @@
-Description: add an expansion limit for entities
- Recursively defined entities can easily exhaust all available
- memory. Limit entity expansion to a default of 4096 characters to
- avoid DoS attacks when a user loads untrusted content.
- .
- Added a setter and getter to allow modifying the expansion limit.
- .
- QXmlStreamReader does now by default limit the expansion of entities
- to 4096 characters. Documents where a single entity expands to more
- characters than the limit are not considered well formed. The limit
- is there to avoid DoS attacks through recursively expanding entities
- when loading untrusted content. The limit can be changed through the
- QXmlStreamReader::setEntityExpansionLimit() method.
-Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db41
-Last-Update: 2020-02-27
-
---- a/src/corelib/serialization/qxmlstream.cpp
-+++ b/src/corelib/serialization/qxmlstream.cpp
-@@ -2041,6 +2041,42 @@ QStringRef QXmlStreamReader::dtdSystemId
- return QStringRef();
- }
-
-+/*!
-+ \since 5.15
-+
-+ Returns the maximum amount of characters a single entity is
-+ allowed to expand into. If a single entity expands past the
-+ given limit, the document is not considered well formed.
-+
-+ \sa setEntityExpansionLimit
-+*/
-+int QXmlStreamReader::entityExpansionLimit() const
-+{
-+ Q_D(const QXmlStreamReader);
-+ return d->entityExpansionLimit;
-+}
-+
-+/*!
-+ \since 5.15
-+
-+ Sets the maximum amount of characters a single entity is
-+ allowed to expand into to \a limit. If a single entity expands
-+ past the given limit, the document is not considered well formed.
-+
-+ The limit is there to prevent DoS attacks when loading unknown
-+ XML documents where recursive entity expansion could otherwise
-+ exhaust all available memory.
-+
-+ The default value for this property is 4096 characters.
-+
-+ \sa entityExpansionLimit
-+*/
-+void QXmlStreamReader::setEntityExpansionLimit(int limit)
-+{
-+ Q_D(QXmlStreamReader);
-+ d->entityExpansionLimit = limit;
-+}
-+
- /*! If the tokenType() is \l StartElement, this function returns the
- element's namespace declarations. Otherwise an empty vector is
- returned.
---- a/src/corelib/serialization/qxmlstream.g
-+++ b/src/corelib/serialization/qxmlstream.g
-@@ -285,9 +285,19 @@ public:
- QHash<QStringView, Entity> entityHash;
- QHash<QStringView, Entity> parameterEntityHash;
- QXmlStreamSimpleStack<Entity *>entityReferenceStack;
-+ int entityExpansionLimit = 4096;
-+ int entityLength = 0;
- inline bool referenceEntity(Entity &entity) {
- if (entity.isCurrentlyReferenced) {
-- raiseWellFormedError(QXmlStream::tr("Recursive entity detected."));
-+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected."));
-+ return false;
-+ }
-+ // entityLength represents the amount of additional characters the
-+ // entity expands into (can be negative for e.g. &). It's used to
-+ // avoid DoS attacks through recursive entity expansions
-+ entityLength += entity.value.size() - entity.name.size() - 2;
-+ if (entityLength > entityExpansionLimit) {
-+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit."));
- return false;
- }
- entity.isCurrentlyReferenced = true;
-@@ -838,6 +848,8 @@ entity_done ::= ENTITY_DONE;
- /.
- case $rule_number:
- entityReferenceStack.pop()->isCurrentlyReferenced = false;
-+ if (entityReferenceStack.isEmpty())
-+ entityLength = 0;
- clearSym();
- break;
- ./
---- a/src/corelib/serialization/qxmlstream.h
-+++ b/src/corelib/serialization/qxmlstream.h
-@@ -426,6 +426,8 @@ public:
- QStringRef dtdPublicId() const;
- QStringRef dtdSystemId() const;
-
-+ int entityExpansionLimit() const;
-+ void setEntityExpansionLimit(int limit);
-
- enum Error {
- NoError,
---- a/src/corelib/serialization/qxmlstream_p.h
-+++ b/src/corelib/serialization/qxmlstream_p.h
-@@ -774,9 +774,19 @@ public:
- QHash<QStringView, Entity> entityHash;
- QHash<QStringView, Entity> parameterEntityHash;
- QXmlStreamSimpleStack<Entity *>entityReferenceStack;
-+ int entityExpansionLimit = 4096;
-+ int entityLength = 0;
- inline bool referenceEntity(Entity &entity) {
- if (entity.isCurrentlyReferenced) {
-- raiseWellFormedError(QXmlStream::tr("Recursive entity detected."));
-+ raiseWellFormedError(QXmlStream::tr("Self-referencing entity detected."));
-+ return false;
-+ }
-+ // entityLength represents the amount of additional characters the
-+ // entity expands into (can be negative for e.g. &). It's used to
-+ // avoid DoS attacks through recursive entity expansions
-+ entityLength += entity.value.size() - entity.name.size() - 2;
-+ if (entityLength > entityExpansionLimit) {
-+ raiseWellFormedError(QXmlStream::tr("Entity expands to more characters than the entity expansion limit."));
- return false;
- }
- entity.isCurrentlyReferenced = true;
-@@ -1308,6 +1318,8 @@ bool QXmlStreamReaderPrivate::parse()
-
- case 10:
- entityReferenceStack.pop()->isCurrentlyReferenced = false;
-+ if (entityReferenceStack.isEmpty())
-+ entityLength = 0;
- clearSym();
- break;
-
diff --git a/debian/patches/series b/debian/patches/series
index af86fa4..99d1664 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,4 @@
# Backported from upstream.
-CVE-2015-9541.diff
enable_a11y_on_linux.diff
fix_qlibrary_deadlock.diff
moc_handle_includes.diff
More information about the Neon-commits
mailing list