diff --git a/extra/qt4/CVE-2014-0190.patch b/extra/qt4/CVE-2014-0190.patch deleted file mode 100644 index e97ee7bf0..000000000 --- a/extra/qt4/CVE-2014-0190.patch +++ /dev/null @@ -1,32 +0,0 @@ -Don't crash on broken GIF images - -Broken GIF images could set invalid width and height -values inside the image, leading to Qt creating a null -QImage for it. In that case we need to abort decoding -the image and return an error. - -Initial patch by Rich Moore. - -Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5 - -Task-number: QTBUG-38367 -Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a -Security-advisory: CVE-2014-0190 - -diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp ---- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-04-10 13:37:12.000000000 -0500 -+++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp 2014-04-24 15:58:54.515862458 -0500 -@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co - memset(bits, 0, image->byteCount()); - } - -+ // Check if the previous attempt to create the image failed. If it -+ // did then the image is broken and we should give up. -+ if (image->isNull()) { -+ state = Error; -+ return -1; -+ } -+ - disposePrevious(image); - disposed = false; - diff --git a/extra/qt4/PKGBUILD b/extra/qt4/PKGBUILD index cccce5048..6ae413f8f 100644 --- a/extra/qt4/PKGBUILD +++ b/extra/qt4/PKGBUILD @@ -10,8 +10,8 @@ # - no libfbclient/ibase, issues building on ARM pkgname=qt4 -pkgver=4.8.6 -pkgrel=6 +pkgver=4.8.7 +pkgrel=1 arch=('i686' 'x86_64') url='http://qt-project.org/' license=('GPL3' 'LGPL' 'FDL' 'custom') @@ -35,15 +35,14 @@ options=('!distcc') replaces=('qt<=4.8.4') conflicts=('qt') _pkgfqn="qt-everywhere-opensource-src-${pkgver}" -source=("http://download.qt-project.org/official_releases/qt/4.8/${pkgver}/${_pkgfqn}.tar.gz" +source=("http://download.qt.io/official_releases/qt/4.8/${pkgver}/${_pkgfqn}.tar.gz" 'qtconfig-qt4.desktop' 'assistant-qt4.desktop' 'designer-qt4.desktop' 'linguist-qt4.desktop' 'qdbusviewer-qt4.desktop' 'improve-cups-support.patch' 'moc-boost-workaround.patch' - 'CVE-2014-0190.patch' 'kubuntu_14_systemtrayicon.diff' - 'qnam-corruption.patch') -md5sums=('2edbe4d6c2eff33ef91732602f3518eb' + 'kde4-settings.patch') +md5sums=('d990ee66bf7ab0c785589776f35ba6ad' 'a16638f4781e56e7887ff8212a322ecc' '8a28b3f52dbeb685d4b69440b520a3e1' '9727c406c240990870c905696a8c5bd1' @@ -51,9 +50,8 @@ md5sums=('2edbe4d6c2eff33ef91732602f3518eb' 'b859c5673e5098c39f72b2252947049e' 'c439c7731c25387352d8453ca7574971' 'da387bde22ae1c446f12525d2a31f070' - '34ed257109afb83342cfe514c8abe027' 'a523644faa8f98a73f55c4aa23c114a6' - '10d5d72045105c063da9076d8eebfd14') + '66dfea63916c8dbf47b23cb012ffdccc') prepare() { cd ${_pkgfqn} @@ -64,16 +62,13 @@ prepare() { # QTBUG#22829 patch -p1 -i "${srcdir}"/moc-boost-workaround.patch - # QTBUG#38367 - patch -p1 -i "${srcdir}"/CVE-2014-0190.patch - # http://blog.martin-graesslin.com/blog/2014/06/where-are-my-systray-icons/ patch -p1 -i "${srcdir}"/kubuntu_14_systemtrayicon.diff export CXXFLAGS="$CXXFLAGS -fno-strict-volatile-bitfields" - # https://codereview.qt-project.org/#/c/111363/ - patch -p1 -i "${srcdir}"/qnam-corruption.patch + # FS#45106 + patch -p0 -i "${srcdir}"/kde4-settings.patch sed -i "s|-O2|${CXXFLAGS}|" mkspecs/common/{g++,gcc}-base.conf sed -i "/^QMAKE_LFLAGS_RPATH/s| -Wl,-rpath,||g" mkspecs/common/gcc-base-unix.conf diff --git a/extra/qt4/kde4-settings.patch b/extra/qt4/kde4-settings.patch new file mode 100644 index 000000000..4af5424c5 --- /dev/null +++ b/extra/qt4/kde4-settings.patch @@ -0,0 +1,11 @@ +--- src/gui/kernel/qkde.cpp.orig 2015-05-27 11:42:02.507129332 +0200 ++++ src/gui/kernel/qkde.cpp 2015-05-27 11:43:26.182875729 +0200 +@@ -63,7 +63,7 @@ + kdeHomePath = QString::fromLocal8Bit(qgetenv("KDEHOME")); + if (kdeHomePath.isEmpty()) { + QDir homeDir(QDir::homePath()); +- QString kdeConfDir(QLatin1String("/.kde")); ++ QString kdeConfDir(QLatin1String("/.kde4")); + if (4 == X11->desktopVersion && homeDir.exists(QLatin1String(".kde4"))) + kdeConfDir = QLatin1String("/.kde4"); + kdeHomePath = QDir::homePath() + kdeConfDir; diff --git a/extra/qt4/qnam-corruption.patch b/extra/qt4/qnam-corruption.patch deleted file mode 100644 index 15c2626f4..000000000 --- a/extra/qt4/qnam-corruption.patch +++ /dev/null @@ -1,430 +0,0 @@ -From fa81aa6d027049e855b76f5408586a288f160575 Mon Sep 17 00:00:00 2001 -From: Markus Goetz -Date: Tue, 28 Apr 2015 11:57:36 +0200 -Subject: QNAM: Fix upload corruptions when server closes connection - -This patch fixes several upload corruptions if the server closes the connection -while/before we send data into it. They happen inside multiple places in the HTTP -layer and are explained in the comments. -Corruptions are: -* The upload byte device has an in-flight signal with pending upload data, if -it gets reset (because server closes the connection) then the re-send of the -request was sometimes taking this stale in-flight pending upload data. -* Because some signals were DirectConnection and some were QueuedConnection, there -was a chance that a direct signal overtakes a queued signal. The state machine -then sent data down the socket which was buffered there (and sent later) although -it did not match the current state of the state machine when it was actually sent. -* A socket was seen as being able to have requests sent even though it was not -encrypted yet. This relates to the previous corruption where data is stored inside -the socket's buffer and then sent later. - -The included auto test produces all fixed corruptions, I detected no regressions -via the other tests. -This code also adds a bit of sanity checking to protect from possible further -problems. - -[ChangeLog][QtNetwork] Fix HTTP(s) upload corruption when server closes connection - -(cherry picked from commit qtbase/cff39fba10ffc10ee4dcfdc66ff6528eb26462d3) -Change-Id: I9793297be6cf3edfb75b65ba03b65f7a133ef194 -Reviewed-by: Richard J. Moore ---- - src/corelib/io/qnoncontiguousbytedevice.cpp | 19 +++ - src/corelib/io/qnoncontiguousbytedevice_p.h | 4 + - .../access/qhttpnetworkconnectionchannel.cpp | 47 +++++- - src/network/access/qhttpthreaddelegate_p.h | 36 ++++- - src/network/access/qnetworkaccesshttpbackend.cpp | 24 ++- - src/network/access/qnetworkaccesshttpbackend_p.h | 5 +- - tests/auto/qnetworkreply/tst_qnetworkreply.cpp | 174 ++++++++++++++++++++- - 7 files changed, 280 insertions(+), 29 deletions(-) - -diff --git a/src/corelib/io/qnoncontiguousbytedevice.cpp b/src/corelib/io/qnoncontiguousbytedevice.cpp -index bf58eee..1a0591e 100644 ---- a/src/corelib/io/qnoncontiguousbytedevice.cpp -+++ b/src/corelib/io/qnoncontiguousbytedevice.cpp -@@ -245,6 +245,12 @@ qint64 QNonContiguousByteDeviceByteArrayImpl::size() - return byteArray->size(); - } - -+qint64 QNonContiguousByteDeviceByteArrayImpl::pos() -+{ -+ return currentPosition; -+} -+ -+ - QNonContiguousByteDeviceRingBufferImpl::QNonContiguousByteDeviceRingBufferImpl(QSharedPointer rb) - : QNonContiguousByteDevice(), currentPosition(0) - { -@@ -296,6 +302,11 @@ qint64 QNonContiguousByteDeviceRingBufferImpl::size() - return ringBuffer->size(); - } - -+qint64 QNonContiguousByteDeviceRingBufferImpl::pos() -+{ -+ return currentPosition; -+} -+ - QNonContiguousByteDeviceIoDeviceImpl::QNonContiguousByteDeviceIoDeviceImpl(QIODevice *d) - : QNonContiguousByteDevice(), - currentReadBuffer(0), currentReadBufferSize(16*1024), -@@ -415,6 +426,14 @@ qint64 QNonContiguousByteDeviceIoDeviceImpl::size() - return device->size() - initialPosition; - } - -+qint64 QNonContiguousByteDeviceIoDeviceImpl::pos() -+{ -+ if (device->isSequential()) -+ return -1; -+ -+ return device->pos(); -+} -+ - QByteDeviceWrappingIoDevice::QByteDeviceWrappingIoDevice(QNonContiguousByteDevice *bd) : QIODevice((QObject*)0) - { - byteDevice = bd; -diff --git a/src/corelib/io/qnoncontiguousbytedevice_p.h b/src/corelib/io/qnoncontiguousbytedevice_p.h -index b6966eb..d1a99a1 100644 ---- a/src/corelib/io/qnoncontiguousbytedevice_p.h -+++ b/src/corelib/io/qnoncontiguousbytedevice_p.h -@@ -69,6 +69,7 @@ public: - virtual const char* readPointer(qint64 maximumLength, qint64 &len) = 0; - virtual bool advanceReadPointer(qint64 amount) = 0; - virtual bool atEnd() = 0; -+ virtual qint64 pos() { return -1; } - virtual bool reset() = 0; - void disableReset(); - bool isResetDisabled() { return resetDisabled; } -@@ -108,6 +109,7 @@ public: - bool atEnd(); - bool reset(); - qint64 size(); -+ qint64 pos(); - protected: - QByteArray* byteArray; - qint64 currentPosition; -@@ -123,6 +125,7 @@ public: - bool atEnd(); - bool reset(); - qint64 size(); -+ qint64 pos(); - protected: - QSharedPointer ringBuffer; - qint64 currentPosition; -@@ -140,6 +143,7 @@ public: - bool atEnd(); - bool reset(); - qint64 size(); -+ qint64 pos(); - protected: - QIODevice* device; - QByteArray* currentReadBuffer; -diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp -index 550e090..db2f712 100644 ---- a/src/network/access/qhttpnetworkconnectionchannel.cpp -+++ b/src/network/access/qhttpnetworkconnectionchannel.cpp -@@ -107,15 +107,19 @@ void QHttpNetworkConnectionChannel::init() - socket->setProxy(QNetworkProxy::NoProxy); - #endif - -+ // We want all signals (except the interactive ones) be connected as QueuedConnection -+ // because else we're falling into cases where we recurse back into the socket code -+ // and mess up the state. Always going to the event loop (and expecting that when reading/writing) -+ // is safer. - QObject::connect(socket, SIGNAL(bytesWritten(qint64)), - this, SLOT(_q_bytesWritten(qint64)), -- Qt::DirectConnection); -+ Qt::QueuedConnection); - QObject::connect(socket, SIGNAL(connected()), - this, SLOT(_q_connected()), -- Qt::DirectConnection); -+ Qt::QueuedConnection); - QObject::connect(socket, SIGNAL(readyRead()), - this, SLOT(_q_readyRead()), -- Qt::DirectConnection); -+ Qt::QueuedConnection); - - // The disconnected() and error() signals may already come - // while calling connectToHost(). -@@ -144,13 +148,13 @@ void QHttpNetworkConnectionChannel::init() - // won't be a sslSocket if encrypt is false - QObject::connect(sslSocket, SIGNAL(encrypted()), - this, SLOT(_q_encrypted()), -- Qt::DirectConnection); -+ Qt::QueuedConnection); - QObject::connect(sslSocket, SIGNAL(sslErrors(QList)), - this, SLOT(_q_sslErrors(QList)), - Qt::DirectConnection); - QObject::connect(sslSocket, SIGNAL(encryptedBytesWritten(qint64)), - this, SLOT(_q_encryptedBytesWritten(qint64)), -- Qt::DirectConnection); -+ Qt::QueuedConnection); - } - #endif - } -@@ -163,7 +167,8 @@ void QHttpNetworkConnectionChannel::close() - else - state = QHttpNetworkConnectionChannel::ClosingState; - -- socket->close(); -+ if (socket) -+ socket->close(); - } - - -@@ -280,6 +285,14 @@ bool QHttpNetworkConnectionChannel::sendRequest() - // nothing to read currently, break the loop - break; - } else { -+ if (written != uploadByteDevice->pos()) { -+ // Sanity check. This was useful in tracking down an upload corruption. -+ qWarning() << "QHttpProtocolHandler: Internal error in sendRequest. Expected to write at position" << written << "but read device is at" << uploadByteDevice->pos(); -+ Q_ASSERT(written == uploadByteDevice->pos()); -+ connection->d_func()->emitReplyError(socket, reply, QNetworkReply::ProtocolFailure); -+ return false; -+ } -+ - qint64 currentWriteSize = socket->write(readPointer, currentReadSize); - if (currentWriteSize == -1 || currentWriteSize != currentReadSize) { - // socket broke down -@@ -639,6 +652,14 @@ bool QHttpNetworkConnectionChannel::ensureConnection() - } - return false; - } -+ -+ // This code path for ConnectedState -+ if (pendingEncrypt) { -+ // Let's only be really connected when we have received the encrypted() signal. Else the state machine seems to mess up -+ // and corrupt the things sent to the server. -+ return false; -+ } -+ - return true; - } - -@@ -980,6 +1001,13 @@ void QHttpNetworkConnectionChannel::_q_readyRead() - void QHttpNetworkConnectionChannel::_q_bytesWritten(qint64 bytes) - { - Q_UNUSED(bytes); -+ -+ if (ssl) { -+ // In the SSL case we want to send data from encryptedBytesWritten signal since that one -+ // is the one going down to the actual network, not only into some SSL buffer. -+ return; -+ } -+ - // bytes have been written to the socket. write even more of them :) - if (isSocketWriting()) - sendRequest(); -@@ -1029,7 +1057,7 @@ void QHttpNetworkConnectionChannel::_q_connected() - - // ### FIXME: if the server closes the connection unexpectedly, we shouldn't send the same broken request again! - //channels[i].reconnectAttempts = 2; -- if (!pendingEncrypt) { -+ if (!pendingEncrypt && !ssl) { // FIXME: Didn't work properly with pendingEncrypt only, we should refactor this into an EncrypingState - state = QHttpNetworkConnectionChannel::IdleState; - if (!reply) - connection->d_func()->dequeueRequest(socket); -@@ -1157,7 +1185,10 @@ void QHttpNetworkConnectionChannel::_q_proxyAuthenticationRequired(const QNetwor - - void QHttpNetworkConnectionChannel::_q_uploadDataReadyRead() - { -- sendRequest(); -+ if (reply && state == QHttpNetworkConnectionChannel::WritingState) { -+ // There might be timing issues, make sure to only send upload data if really in that state -+ sendRequest(); -+ } - } - - #ifndef QT_NO_OPENSSL -diff --git a/src/network/access/qhttpthreaddelegate_p.h b/src/network/access/qhttpthreaddelegate_p.h -index 7648325..9dd0deb 100644 ---- a/src/network/access/qhttpthreaddelegate_p.h -+++ b/src/network/access/qhttpthreaddelegate_p.h -@@ -190,6 +190,7 @@ protected: - QByteArray m_dataArray; - bool m_atEnd; - qint64 m_size; -+ qint64 m_pos; // to match calls of haveDataSlot with the expected position - public: - QNonContiguousByteDeviceThreadForwardImpl(bool aE, qint64 s) - : QNonContiguousByteDevice(), -@@ -197,7 +198,8 @@ public: - m_amount(0), - m_data(0), - m_atEnd(aE), -- m_size(s) -+ m_size(s), -+ m_pos(0) - { - } - -@@ -205,6 +207,11 @@ public: - { - } - -+ qint64 pos() -+ { -+ return m_pos; -+ } -+ - const char* readPointer(qint64 maximumLength, qint64 &len) - { - if (m_amount > 0) { -@@ -232,11 +239,10 @@ public: - - m_amount -= a; - m_data += a; -+ m_pos += a; - -- // To main thread to inform about our state -- emit processedData(a); -- -- // FIXME possible optimization, already ask user thread for some data -+ // To main thread to inform about our state. The m_pos will be sent as a sanity check. -+ emit processedData(m_pos, a); - - return true; - } -@@ -253,10 +259,21 @@ public: - { - m_amount = 0; - m_data = 0; -+ m_dataArray.clear(); -+ -+ if (wantDataPending) { -+ // had requested the user thread to send some data (only 1 in-flight at any moment) -+ wantDataPending = false; -+ } - - // Communicate as BlockingQueuedConnection - bool b = false; - emit resetData(&b); -+ if (b) { -+ // the reset succeeded, we're at pos 0 again -+ m_pos = 0; -+ // the HTTP code will anyway abort the request if !b. -+ } - return b; - } - -@@ -267,8 +284,13 @@ public: - - public slots: - // From user thread: -- void haveDataSlot(QByteArray dataArray, bool dataAtEnd, qint64 dataSize) -+ void haveDataSlot(qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize) - { -+ if (pos != m_pos) { -+ // Sometimes when re-sending a request in the qhttpnetwork* layer there is a pending haveData from the -+ // user thread on the way to us. We need to ignore it since it is the data for the wrong(later) chunk. -+ return; -+ } - wantDataPending = false; - - m_dataArray = dataArray; -@@ -288,7 +310,7 @@ signals: - - // to main thread: - void wantData(qint64); -- void processedData(qint64); -+ void processedData(qint64 pos, qint64 amount); - void resetData(bool *b); - }; - -diff --git a/src/network/access/qnetworkaccesshttpbackend.cpp b/src/network/access/qnetworkaccesshttpbackend.cpp -index cc67258..fe2f627 100644 ---- a/src/network/access/qnetworkaccesshttpbackend.cpp -+++ b/src/network/access/qnetworkaccesshttpbackend.cpp -@@ -193,6 +193,7 @@ QNetworkAccessHttpBackendFactory::create(QNetworkAccessManager::Operation op, - QNetworkAccessHttpBackend::QNetworkAccessHttpBackend() - : QNetworkAccessBackend() - , statusCode(0) -+ , uploadByteDevicePosition(false) - , pendingDownloadDataEmissions(new QAtomicInt()) - , pendingDownloadProgressEmissions(new QAtomicInt()) - , loadingFromCache(false) -@@ -610,9 +611,9 @@ void QNetworkAccessHttpBackend::postRequest() - forwardUploadDevice->setParent(delegate); // needed to make sure it is moved on moveToThread() - delegate->httpRequest.setUploadByteDevice(forwardUploadDevice); - -- // From main thread to user thread: -- QObject::connect(this, SIGNAL(haveUploadData(QByteArray, bool, qint64)), -- forwardUploadDevice, SLOT(haveDataSlot(QByteArray, bool, qint64)), Qt::QueuedConnection); -+ // From user thread to http thread: -+ QObject::connect(this, SIGNAL(haveUploadData(qint64,QByteArray,bool,qint64)), -+ forwardUploadDevice, SLOT(haveDataSlot(qint64,QByteArray,bool,qint64)), Qt::QueuedConnection); - QObject::connect(uploadByteDevice.data(), SIGNAL(readyRead()), - forwardUploadDevice, SIGNAL(readyRead()), - Qt::QueuedConnection); -@@ -620,8 +621,8 @@ void QNetworkAccessHttpBackend::postRequest() - // From http thread to user thread: - QObject::connect(forwardUploadDevice, SIGNAL(wantData(qint64)), - this, SLOT(wantUploadDataSlot(qint64))); -- QObject::connect(forwardUploadDevice, SIGNAL(processedData(qint64)), -- this, SLOT(sentUploadDataSlot(qint64))); -+ QObject::connect(forwardUploadDevice,SIGNAL(processedData(qint64, qint64)), -+ this, SLOT(sentUploadDataSlot(qint64,qint64))); - connect(forwardUploadDevice, SIGNAL(resetData(bool*)), - this, SLOT(resetUploadDataSlot(bool*)), - Qt::BlockingQueuedConnection); // this is the only one with BlockingQueued! -@@ -915,12 +916,21 @@ void QNetworkAccessHttpBackend::replySslConfigurationChanged(const QSslConfigura - void QNetworkAccessHttpBackend::resetUploadDataSlot(bool *r) - { - *r = uploadByteDevice->reset(); -+ if (*r) { -+ // reset our own position which is used for the inter-thread communication -+ uploadByteDevicePosition = 0; -+ } - } - - // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread --void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 amount) -+void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 pos, qint64 amount) - { -+ if (uploadByteDevicePosition + amount != pos) { -+ // Sanity check, should not happen. -+ error(QNetworkReply::UnknownNetworkError, ""); -+ } - uploadByteDevice->advanceReadPointer(amount); -+ uploadByteDevicePosition += amount; - } - - // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread -@@ -933,7 +943,7 @@ void QNetworkAccessHttpBackend::wantUploadDataSlot(qint64 maxSize) - QByteArray dataArray(data, currentUploadDataLength); - - // Communicate back to HTTP thread -- emit haveUploadData(dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size()); -+ emit haveUploadData(uploadByteDevicePosition, dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size()); - } - - /* -diff --git a/src/network/access/qnetworkaccesshttpbackend_p.h b/src/network/access/qnetworkaccesshttpbackend_p.h -index 13519c6..b4ed67c 100644 ---- a/src/network/access/qnetworkaccesshttpbackend_p.h -+++ b/src/network/access/qnetworkaccesshttpbackend_p.h -@@ -112,7 +112,7 @@ signals: - - void startHttpRequestSynchronously(); - -- void haveUploadData(QByteArray dataArray, bool dataAtEnd, qint64 dataSize); -+ void haveUploadData(const qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize); - private slots: - // From HTTP thread: - void replyDownloadData(QByteArray); -@@ -129,13 +129,14 @@ private slots: - // From QNonContiguousByteDeviceThreadForwardImpl in HTTP thread: - void resetUploadDataSlot(bool *r); - void wantUploadDataSlot(qint64); -- void sentUploadDataSlot(qint64); -+ void sentUploadDataSlot(qint64, qint64); - - bool sendCacheContents(const QNetworkCacheMetaData &metaData); - - private: - QHttpNetworkRequest httpRequest; // There is also a copy in the HTTP thread - int statusCode; -+ qint64 uploadByteDevicePosition; - QString reasonPhrase; - // Will be increased by HTTP thread: - QSharedPointer pendingDownloadDataEmissions;