archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2024-11-08 22:45:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

extra/qt4 to 4.8.6-1

Browse source
This commit is contained in:
Kevin Mihelich 2014-04-25 11:39:43 +00:00
parent 6aabfa95f1
commit 3e62ed9ad3
7 changed files with 39 additions and 515 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

233
extra/qt4/CVE-2013-4549.patch
View file

@ -1,233 +0,0 @@
From 512a1ce0698d370c313bb561bbf078935fa0342e Mon Sep 17 00:00:00 2001
From: Mitch Curtis <mitch.curtis@digia.com>
Date: Thu, 7 Nov 2013 09:36:29 +0100
Subject: [PATCH] Disallow deep or widely nested entity references.
Nested references with a depth of 2 or greater will fail. References
that partially expand to greater than 1024 characters will also fail.
This is a backport of 46a8885ae486e238a39efa5119c2714f328b08e4.
Change-Id: I0c2e1fa13d6ccb5f88641dae2ed3f28bfdeaf609
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
From cecceb0cdd87482124a73ecf537f3445d68be13e Mon Sep 17 00:00:00 2001
From: Mitch Curtis <mitch.curtis@digia.com>
Date: Tue, 12 Nov 2013 13:44:56 +0100
Subject: [PATCH] Fully expand entities to ensure deep or widely nested ones fail parsing
With 512a1ce0698d370c313bb561bbf078935fa0342e, we failed when parsing
entities whose partially expanded size was greater than 1024
characters. That was not enough, so now we fully expand all entities.
This is a backport of f1053d94f59f053ce4acad9320df14f1fbe4faac.
Change-Id: I41dd6f4525c63e82fd320a22d19248169627f7e0
Reviewed-by: Richard J. Moore <rich@kde.org>
diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
index a1777c5..3904632 100644
--- a/src/xml/sax/qxml.cpp
+++ b/src/xml/sax/qxml.cpp
@@ -424,6 +424,10 @@ private:
int stringValueLen;
QString emptyStr;
+ // The limit to the amount of times the DTD parsing functions can be called
+ // for the DTD currently being parsed.
+ int dtdRecursionLimit;
+
const QString &string();
void stringClear();
void stringAddC(QChar);
@@ -492,6 +496,7 @@ private:
void unexpectedEof(ParseFunction where, int state);
void parseFailed(ParseFunction where, int state);
void pushParseState(ParseFunction function, int state);
+ bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
Q_DECLARE_PUBLIC(QXmlSimpleReader)
QXmlSimpleReader *q_ptr;
@@ -2759,6 +2764,7 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
useNamespacePrefixes = false;
reportWhitespaceCharData = true;
reportEntities = false;
+ dtdRecursionLimit = 2;
}
QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
@@ -5018,6 +5024,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype()
}
break;
case Mup:
+ if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) {
+ reportParseError(QString::fromLatin1(
+ "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit));
+ return false;
+ }
if (!parseMarkupdecl()) {
parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state);
return false;
@@ -6627,6 +6638,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
return false;
}
+bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
+{
+ const QString value = string();
+ QMap<QString, int> referencedEntityCounts;
+ foreach (QString entityName, entities.keys()) {
+ for (int i = 0; i < value.size() && i != -1; ) {
+ i = value.indexOf(entityName, i);
+ if (i != -1) {
+ // The entityName we're currently trying to find
+ // was matched in this string; increase our count.
+ ++referencedEntityCounts[entityName];
+ i += entityName.size();
+ }
+ }
+ }
+
+ foreach (QString entityName, referencedEntityCounts.keys()) {
+ const int timesReferenced = referencedEntityCounts[entityName];
+ const QString entityValue = entities[entityName];
+ if (entityValue.size() * timesReferenced > 1024) {
+ if (errorMessage) {
+ *errorMessage = QString::fromLatin1("The XML entity \"%1\""
+ "expands too a string that is too large to process when "
+ "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
+ }
+ return true;
+ }
+ }
+ return false;
+}
+
/*
Parse a EntityDecl [70].
@@ -6721,6 +6763,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
switch (state) {
case EValue:
if ( !entityExist(name())) {
+ QString errorMessage;
+ if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
+ // The entity at entityName is entityValue.size() characters
+ // long in its unexpanded form, and was mentioned timesReferenced times,
+ // resulting in a string that would be greater than 1024 characters.
+ reportParseError(errorMessage);
+ return false;
+ }
+
entities.insert(name(), string());
if (declHnd) {
if (!declHnd->internalEntityDecl(name(), string())) {
diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
index 3904632..befa801 100644
--- a/src/xml/sax/qxml.cpp
+++ b/src/xml/sax/qxml.cpp
@@ -426,7 +426,9 @@ private:
// The limit to the amount of times the DTD parsing functions can be called
// for the DTD currently being parsed.
- int dtdRecursionLimit;
+ static const int dtdRecursionLimit = 2;
+ // The maximum amount of characters an entity value may contain, after expansion.
+ static const int entityCharacterLimit = 1024;
const QString &string();
void stringClear();
@@ -496,7 +498,7 @@ private:
void unexpectedEof(ParseFunction where, int state);
void parseFailed(ParseFunction where, int state);
void pushParseState(ParseFunction function, int state);
- bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
+ bool isExpandedEntityValueTooLarge(QString *errorMessage);
Q_DECLARE_PUBLIC(QXmlSimpleReader)
QXmlSimpleReader *q_ptr;
@@ -2764,7 +2766,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
useNamespacePrefixes = false;
reportWhitespaceCharData = true;
reportEntities = false;
- dtdRecursionLimit = 2;
}
QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
@@ -6638,30 +6639,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
return false;
}
-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
+bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage)
{
- const QString value = string();
- QMap<QString, int> referencedEntityCounts;
- foreach (QString entityName, entities.keys()) {
- for (int i = 0; i < value.size() && i != -1; ) {
- i = value.indexOf(entityName, i);
- if (i != -1) {
- // The entityName we're currently trying to find
- // was matched in this string; increase our count.
- ++referencedEntityCounts[entityName];
- i += entityName.size();
+ QMap<QString, int> literalEntitySizes;
+ // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times.
+ QMap<QString, QMap<QString, int> > referencesToOtherEntities;
+ QMap<QString, int> expandedSizes;
+
+ // For every entity, check how many times all entity names were referenced in its value.
+ foreach (QString toSearch, entities.keys()) {
+ // The amount of characters that weren't entity names, but literals, like 'X'.
+ QString leftOvers = entities.value(toSearch);
+ // How many times was entityName referenced by toSearch?
+ foreach (QString entityName, entities.keys()) {
+ for (int i = 0; i < leftOvers.size() && i != -1; ) {
+ i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i);
+ if (i != -1) {
+ leftOvers.remove(i, entityName.size() + 2);
+ // The entityName we're currently trying to find was matched in this string; increase our count.
+ ++referencesToOtherEntities[toSearch][entityName];
+ }
}
}
+ literalEntitySizes[toSearch] = leftOvers.size();
}
- foreach (QString entityName, referencedEntityCounts.keys()) {
- const int timesReferenced = referencedEntityCounts[entityName];
- const QString entityValue = entities[entityName];
- if (entityValue.size() * timesReferenced > 1024) {
+ foreach (QString entity, referencesToOtherEntities.keys()) {
+ expandedSizes[entity] = literalEntitySizes[entity];
+ foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) {
+ const int references = referencesToOtherEntities.value(entity).value(referenceTo);
+ // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size.
+ expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references;
+ }
+
+ if (expandedSizes[entity] > entityCharacterLimit) {
if (errorMessage) {
- *errorMessage = QString::fromLatin1("The XML entity \"%1\""
- "expands too a string that is too large to process when "
- "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
+ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
+ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
}
return true;
}
@@ -6764,10 +6778,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
case EValue:
if ( !entityExist(name())) {
QString errorMessage;
- if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
- // The entity at entityName is entityValue.size() characters
- // long in its unexpanded form, and was mentioned timesReferenced times,
- // resulting in a string that would be greater than 1024 characters.
+ if (isExpandedEntityValueTooLarge(&errorMessage)) {
reportParseError(errorMessage);
return false;
}
--
1.7.1

32
extra/qt4/CVE-2014-0190.patch Normal file
View file

@ -0,0 +1,32 @@
Don't crash on broken GIF images
Broken GIF images could set invalid width and height
values inside the image, leading to Qt creating a null
QImage for it. In that case we need to abort decoding
the image and return an error.
Initial patch by Rich Moore.
Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
Task-number: QTBUG-38367
Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
Security-advisory: CVE-2014-0190
diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp
--- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-04-10 13:37:12.000000000 -0500
+++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp 2014-04-24 15:58:54.515862458 -0500
@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
memset(bits, 0, image->byteCount());
}
+ // Check if the previous attempt to create the image failed. If it
+ // did then the image is broken and we should give up.
+ if (image->isNull()) {
+ state = Error;
+ return -1;
+ }
+
disposePrevious(image);
disposed = false;

28
extra/qt4/PKGBUILD
View file

@ -9,8 +9,8 @@
# - no libfbclient/ibase, issues building on ARM
pkgname=qt4
pkgver=4.8.5
pkgrel=9
pkgver=4.8.6
pkgrel=1
arch=('i686' 'x86_64')
url='http://qt-project.org/'
license=('GPL3' 'LGPL' 'FDL' 'custom')
@ -38,20 +38,15 @@ source=("http://download.qt-project.org/official_releases/qt/4.8/${pkgver}/${_pk
'qtconfig-qt4.desktop' 'assistant-qt4.desktop' 'designer-qt4.desktop'
'linguist-qt4.desktop' 'qdbusviewer-qt4.desktop'
'improve-cups-support.patch'
'qtbug-31579.patch' 'qtbug-32534.patch' 'qtbug-32908.patch'
'libmng2.patch' 'CVE-2013-4549.patch')
md5sums=('1864987bdbb2f58f8ae8b350dfdbe133'
'CVE-2014-0190.patch')
md5sums=('2edbe4d6c2eff33ef91732602f3518eb'
'a16638f4781e56e7887ff8212a322ecc'
'8a28b3f52dbeb685d4b69440b520a3e1'
'9727c406c240990870c905696a8c5bd1'
'0e384663d3dd32abe35f5331c4147569'
'b859c5673e5098c39f72b2252947049e'
'c439c7731c25387352d8453ca7574971'
'6ed8d26a8e4a9bba1f6c08fb99cc8357'
'bb0e0fa6ba953fa590d81ac612374e11'
'db343dcae522bc90d802ad1e83b7f5dd'
'0ba4ffc9ff1acb9bf8a5f592ba956d48'
'8701bd7445426c1ad5da3ddbd72df6b4')
'34ed257109afb83342cfe514c8abe027')
prepare() {
cd ${_pkgfqn}
@ -59,17 +54,8 @@ prepare() {
# (FS#28381) (KDEBUG#180051)
patch -p1 -i "${srcdir}"/improve-cups-support.patch
# (FS#36028) (QTBUG#31579)
patch -p1 -i "${srcdir}"/qtbug-31579.patch
# (FS#36394) (QTBUG#32534)
patch -p1 -i "${srcdir}"/qtbug-32534.patch
# (FS#36947) (QTBUG#32908)
patch -p1 -i "${srcdir}"/qtbug-32908.patch
# (FS#38081)
patch -p1 -i "${srcdir}"/CVE-2013-4549.patch
# (QTBUG#34894)
patch -p1 -i "${srcdir}"/libmng2.patch
# QTBUG#38367
patch -p1 -i "${srcdir}"/CVE-2014-0190.patch
export CXXFLAGS="$CXXFLAGS -fno-strict-volatile-bitfields"

35
extra/qt4/libmng2.patch
View file

@ -1,35 +0,0 @@
From 515617e55be9a7bfa738a9c32ef8b19065de37d4 Mon Sep 17 00:00:00 2001
From: aavit <eirik.aavitsland@digia.com>
Date: Fri, 22 Nov 2013 15:49:44 +0100
Subject: [PATCH] Recognize newer libmng versions in config test
libmng 2.0.x has been released and is compatible and usable, but since
it no longer provides a VERSION_MAJOR macro, the config test would fail.
Task-number: QTBUG-34894
Change-Id: I36f6ed9d69dbae88feb1b88ce099bf36c9283133
Reviewed-by: Liang Qi <liang.qi@digia.com>
(cherry picked from qtimageformats/9ae386653c321c8ddc10fad5ea88f32ebb3d3ffe)
---
config.tests/unix/libmng/libmng.cpp | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/config.tests/unix/libmng/libmng.cpp b/config.tests/unix/libmng/libmng.cpp
index 0fbe554..9db10ff 100644
--- a/config.tests/unix/libmng/libmng.cpp
+++ b/config.tests/unix/libmng/libmng.cpp
@@ -46,9 +46,11 @@ int main(int, char **)
mng_handle hMNG;
mng_cleanup(&hMNG);
+#if defined(MNG_VERSION_MAJOR)
#if MNG_VERSION_MAJOR < 1 || (MNG_VERSION_MAJOR == 1 && MNG_VERSION_MINOR == 0 && MNG_VERSION_RELEASE < 9)
#error System libmng version is less than 1.0.9; using built-in version instead.
#endif
+#endif
return 0;
}
--
1.7.1

146
extra/qt4/qtbug-31579.patch
View file

@ -1,146 +0,0 @@
From 2a6537f0629aaff53a42d993ad94ad4de3cd3030 Mon Sep 17 00:00:00 2001
From: Gunnar Sletta <gunnar.sletta@digia.com>
Date: Thu, 4 Jul 2013 16:20:40 +1000
Subject: [PATCH] Fix drawing of 0-width polylines from outside the devicerect.
This was broken by a previous fix which aimed to fix gaps in
polylines with tiny line segments. The result was that we
skipped updating the origin point when stroke() didn't produce
pixels which accidentally included the case of the line
being completely outside the deviceRect. I fixed this
by returning the value of clipLine in drawLine to the caller
so we could still update the origin for this case.
Task-number: QTBUG-31579
Change-Id: Iac29436f042da7658bbeaf9370351dc6f2c95065
(cherry picked from qtbase/900cccfd459fcbdbc4aa3d313afe12cfbf68fd87)
Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com>
---
src/gui/painting/qcosmeticstroker.cpp | 42 ++++++++++++++++++++------------
src/gui/painting/qcosmeticstroker_p.h | 2 +-
2 files changed, 27 insertions(+), 17 deletions(-)
diff --git a/src/gui/painting/qcosmeticstroker.cpp b/src/gui/painting/qcosmeticstroker.cpp
index 0061ecb..4413170 100644
--- a/src/gui/painting/qcosmeticstroker.cpp
+++ b/src/gui/painting/qcosmeticstroker.cpp
@@ -133,10 +133,15 @@ struct NoDasher {
};
+/*
+ * The return value is the result of the clipLine() call performed at the start
+ * of each of the two functions, aka "false" means completely outside the devices
+ * rect.
+ */
template<DrawPixel drawPixel, class Dasher>
-static void drawLine(QCosmeticStroker *stroker, qreal x1, qreal y1, qreal x2, qreal y2, int caps);
+static bool drawLine(QCosmeticStroker *stroker, qreal x1, qreal y1, qreal x2, qreal y2, int caps);
template<DrawPixel drawPixel, class Dasher>
-static void drawLineAA(QCosmeticStroker *stroker, qreal x1, qreal y1, qreal x2, qreal y2, int caps);
+static bool drawLineAA(QCosmeticStroker *stroker, qreal x1, qreal y1, qreal x2, qreal y2, int caps);
inline void drawPixel(QCosmeticStroker *stroker, int x, int y, int coverage)
{
@@ -602,17 +607,20 @@ void QCosmeticStroker::drawPath(const QVectorPath &path)
caps |= CapEnd;
QCosmeticStroker::Point last = this->lastPixel;
- stroke(this, p.x(), p.y(), p2.x(), p2.y(), caps);
+ bool unclipped = stroke(this, p.x(), p.y(), p2.x(), p2.y(), caps);
/* fix for gaps in polylines with fastpen and aliased in a sequence
of points with small distances: if current point p2 has been dropped
- out, keep last non dropped point p. */
- if (fastPenAliased) {
- if (last.x != lastPixel.x || last.y != lastPixel.y ||
- points == begin + 2 || points == end - 2 ) {
- {
- p = p2;
- }
+ out, keep last non dropped point p.
+
+ However, if the line was completely outside the devicerect, we
+ still need to update p to avoid drawing the line after this one from
+ a bad starting position.
+ */
+ if (fastPenAliased && unclipped) {
+ if (last.x != lastPixel.x || last.y != lastPixel.y
+ || points == begin + 2 || points == end - 2) {
+ p = p2;
}
} else {
p = p2;
@@ -720,10 +728,10 @@ static inline void capAdjust(int caps, int &x1, int &x2, int &y, int yinc)
the drawing shifts from horizontal to vertical or back.
*/
template<DrawPixel drawPixel, class Dasher>
-static void drawLine(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx2, qreal ry2, int caps)
+static bool drawLine(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx2, qreal ry2, int caps)
{
if (stroker->clipLine(rx1, ry1, rx2, ry2))
- return;
+ return false;
static const int half = 31;
int x1 = toF26Dot6(rx1) + half;
@@ -813,7 +821,7 @@ static void drawLine(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx2,
} else {
// horizontal
if (!dx)
- return;
+ return true;
QCosmeticStroker::Direction dir = QCosmeticStroker::LeftToRight;
@@ -886,14 +894,15 @@ static void drawLine(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx2,
}
}
stroker->lastPixel = last;
+ return true;
}
template<DrawPixel drawPixel, class Dasher>
-static void drawLineAA(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx2, qreal ry2, int caps)
+static bool drawLineAA(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx2, qreal ry2, int caps)
{
if (stroker->clipLine(rx1, ry1, rx2, ry2))
- return;
+ return false;
int x1 = toF26Dot6(rx1);
int y1 = toF26Dot6(ry1);
@@ -967,7 +976,7 @@ static void drawLineAA(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx
} else {
// horizontal
if (!dx)
- return;
+ return true;
int yinc = F16Dot16FixedDiv(dy, dx);
@@ -1029,6 +1038,7 @@ static void drawLineAA(QCosmeticStroker *stroker, qreal rx1, qreal ry1, qreal rx
drawPixel(stroker, x, (y>>16) + 1, alpha * alphaEnd >> 6);
}
}
+ return true;
}
QT_END_NAMESPACE
diff --git a/src/gui/painting/qcosmeticstroker_p.h b/src/gui/painting/qcosmeticstroker_p.h
index 870738b..3216856 100644
--- a/src/gui/painting/qcosmeticstroker_p.h
+++ b/src/gui/painting/qcosmeticstroker_p.h
@@ -56,7 +56,7 @@ QT_MODULE(Gui)
class QCosmeticStroker;
-typedef void (*StrokeLine)(QCosmeticStroker *stroker, qreal x1, qreal y1, qreal x2, qreal y2, int caps);
+typedef bool (*StrokeLine)(QCosmeticStroker *stroker, qreal x1, qreal y1, qreal x2, qreal y2, int caps);
class QCosmeticStroker
{
--
1.7.1

40
extra/qt4/qtbug-32534.patch
View file

@ -1,40 +0,0 @@
From 1f40ed553e618c3b0511c7db4b4fd26c2d2b65bf Mon Sep 17 00:00:00 2001
From: Peter Hartmann <phartmann@blackberry.com>
Date: Thu, 25 Jul 2013 12:05:29 -0400
Subject: [PATCH] QHttpMultiPart: fix data corruption in readData method
When readData() is called repeatedly, we need to keep track which
part of the multipart message we are currently reading from.
Hereby we also need to take the boundary size into account, and not
only the size of the multipart; otherwise we would skip a not
completely read part. This would then later lead to advancing the
read pointer by negative indexes and data loss.
Task-number: QTBUG-32534
Change-Id: Ibb6dff16adaf4ea67181d23d1d0c8459e33a0ed0
Reviewed-by: Jonathan Liu <net147@gmail.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
(cherry picked from qtbase/af96c6fed931564c95037539f07e9c8e33c69529)
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
src/network/access/qhttpmultipart.cpp | 3 +-
tests/auto/qnetworkreply/tst_qnetworkreply.cpp | 44 ++++++++++++++++++++++++
2 files changed, 46 insertions(+), 1 deletions(-)
diff --git a/src/network/access/qhttpmultipart.cpp b/src/network/access/qhttpmultipart.cpp
index 635129a..b25e917 100644
--- a/src/network/access/qhttpmultipart.cpp
+++ b/src/network/access/qhttpmultipart.cpp
@@ -488,7 +488,8 @@ qint64 QHttpMultiPartIODevice::readData(char *data, qint64 maxSize)
// skip the parts we have already read
while (index < multiPart->parts.count() &&
- readPointer >= partOffsets.at(index) + multiPart->parts.at(index).d->size())
+ readPointer >= partOffsets.at(index) + multiPart->parts.at(index).d->size()
+ + multiPart->boundary.count() + 6) // 6 == 2 boundary dashes, \r\n after boundary, \r\n after multipart
index++;
// read the data
--
1.7.1

40
extra/qt4/qtbug-32908.patch
View file

@ -1,40 +0,0 @@
From 0c03af0d4d928bdbb32b09eedb1dba3ce59e5278 Mon Sep 17 00:00:00 2001
From: Gatis Paeglis <gatis.paeglis@digia.com>
Date: Sat, 31 Aug 2013 21:22:47 +0200
Subject: [PATCH] Revert "QTBUG-15319: fix shortcuts with secondary Xkb layout."
The change which attempted to fix QTBUG-15319 broke keyboard
shortcuts for non latin keyboard layouts.
This patch reverts QTBUG-15319 (f45cdeda8) since it caused a
regression.
Task-number: QTBUG-32908
Change-Id: I47d7984fa7986d5218d1f3ff1fc36d2ec67c9ba7
Reviewed-by: David Faure <david.faure@kdab.com>
---
src/gui/kernel/qkeymapper_x11.cpp | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/src/gui/kernel/qkeymapper_x11.cpp b/src/gui/kernel/qkeymapper_x11.cpp
index 005ff3f..7daa41d 100644
--- a/src/gui/kernel/qkeymapper_x11.cpp
+++ b/src/gui/kernel/qkeymapper_x11.cpp
@@ -282,12 +282,9 @@ QList<int> QKeyMapperPrivate::possibleKeysXKB(QKeyEvent *event)
// first, translate key only using lock modifiers (there are no Qt equivalents for these, so we must
// always use them when determining the baseKeySym)
- // Note: the Xkb group to be used for the conversion keycode->keysym has to be given to
- // XkbLookupKeySym(). This information is contained in the bits 8 to 15 of xmodifiers.
- // See https://bugreports.qt-project.org/browse/QTBUG-15319 .
KeySym baseKeySym;
uint consumedModifiers;
- if (!XkbLookupKeySym(X11->display, xkeycode, (xmodifiers & (0xff00 | LockMask | qt_num_lock_mask)),
+ if (!XkbLookupKeySym(X11->display, xkeycode, (xmodifiers & (LockMask | qt_num_lock_mask)),
&consumedModifiers, &baseKeySym))
return QList<int>();
--
1.7.1