@@ -, +, @@ --- dev-qt/qtcore/Manifest | 11 + ...isallow-deep-or-widely-nested-entity-refs.patch | 114 ++++++ .../CVE-2013-4549-02-fully-expand-entities.patch | 124 ++++++ ...ExcludeSocketNotifiers-in-glib-event-loop.patch | 81 ++++ .../qtcore-4.8.5-moc-boost-lexical-cast.patch | 12 + .../qtcore-4.8.5-qeventdispatcher-recursive.patch | 94 +++++ .../files/qtcore-4.8.6-QNAM-corruptions-fix.patch | 431 +++++++++++++++++++++ .../files/qtcore-4.8.7-fix-socklent-for-musl.patch | 119 ++++++ dev-qt/qtcore/metadata.xml | 16 + dev-qt/qtcore/qtcore-4.8.7-r99.ebuild | 90 +++++ 10 files changed, 1092 insertions(+) create mode 100644 dev-qt/qtcore/Manifest create mode 100644 dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch create mode 100644 dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch create mode 100644 dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch create mode 100644 dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch create mode 100644 dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch create mode 100644 dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch create mode 100644 dev-qt/qtcore/files/qtcore-4.8.7-fix-socklent-for-musl.patch create mode 100644 dev-qt/qtcore/metadata.xml create mode 100644 dev-qt/qtcore/qtcore-4.8.7-r99.ebuild --- a/dev-qt/qtcore/Manifest +++ a/dev-qt/qtcore/Manifest @@ -0,0 +1,11 @@ +AUX CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch 4531 SHA256 fd6e59635ea7bc86fdc36333ecd77609ae5cdc52c3a388c3b0088887d9a21b72 SHA512 b81810d62e8652f91b787285e8208b42d723e89aef248aeca24f02cd84b4a098c82571ece7c8af9c25c0535bde61ee376b6c24992f55fbaef2dd77f54f14ef1a WHIRLPOOL f7e6d005c157314eba3501bb9fdcecdb1f0b317880d659ac42e9b17a79ba98892c6ad9b49651a81d2a8c5c77d9e6ab9b7953422435543b1e38f1eeef0865dbd3 +AUX CVE-2013-4549-02-fully-expand-entities.patch 6117 SHA256 848dbcd78c2ae0a3f6acca07b48067c453f721adfbe4dcdc90ca8267eedbc065 SHA512 1564fc1e299704c7f51015fdf3213e3c85460d2950821f53f94bbf98c80275e845aa8804250081df9db8172ca26fde11070e21ce18b8ee17961689ceb96daac9 WHIRLPOOL ccf1494fd0b243aed5149d6f1ebaadb5bfefff4698a95fae6d006247a9daee493e8e4c567a2bc930efc7b22c27761207afd1c8fe8f104c5a3fed491a669d14e8 +AUX qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch 3410 SHA256 9dbb9be4dfefc00711058b99fe2425bb43c811a1b36a6f046336e13c666d40ea SHA512 6770959ba01756d6a3fa9e03edd5f6c1df0d8625f4add65f7fef55a93b7b52c555a0ce749984938fb7ab905c2e0875cec0cb5d07f45c1b447fbc9e2d0ec678bb WHIRLPOOL d06e33e4d6545b99d930212f6ad767a6c59cb241cb0b28fe3401853700c26c9fd9a5dc0eb5cfaef62ed8f7874eccf906c7c39c469c6725e9db3836c8982422d8 +AUX qtcore-4.8.5-moc-boost-lexical-cast.patch 584 SHA256 dadd3eab516ee26f1c19f17dbcb7be46e7c9efba49924fa1d53cc0176491736a SHA512 ed2cc3d36ac8576cee42d1586b99913ce060a47e72c82890e7b5fe4fc500e857693f2348f4446ce7dfbd1bbdf6e51b99b57f2fc09d6c15f9075f10c4b5459fa6 WHIRLPOOL d4ee64605ad9dacd371519a9c08582c25ea891480c79795822cfe74e6bafb332d558dca5d024c6f369e3674fde5a89a15a7d79042093295ac9d0a0d516493583 +AUX qtcore-4.8.5-qeventdispatcher-recursive.patch 4017 SHA256 5db36cbb0686b8a503941779c821febc4a0330dc260e51d603f7aa1e4d8860ad SHA512 bd63961bcb695beebe8686142b84bff7702db4d85d737f5c2da927252b931700d03602f80048223cbbb05d85a5ddb9cb818321d756577f84843690b318f0c413 WHIRLPOOL f981bf3c3d1a62b486788433cabb2880b7f361ccdf99e502fb595608195168d72ba14018c93273f2726c60bae61a44cba3244026009823e832109a1f7418e773 +AUX qtcore-4.8.6-QNAM-corruptions-fix.patch 17586 SHA256 5309c0f1ed0fc54799537b6d0a51b9682f52b4b40cc76e6fa71afc7273120e40 SHA512 4367974513b230d0395d0d0ebff5007255c257126309b614c37e8297981b833b397792fe9dede1960e0027a87d3fbc5eb252253a7ed73f4f9383531ea39cc874 WHIRLPOOL 8eded4f95d00f2ce572cf1956745d5a06e07f54a6ed6e67578914c0d2c9be63994cbf9177212d25c3c2678bf7328b2364b5977ebb8e8d7b8e4ad79009be6a7ae +AUX qtcore-4.8.7-fix-socklent-for-musl.patch 3982 SHA256 2d3065b3a372ae03a58ee76a4a24e676abc36a16f5c564b4b25c537d2520700d SHA512 d578fa49270ae8d18ff4de3a15b6f4c485503c1de61e9732e6e55d0bd3db5a0c2e68d37327e500b71a85efe05b187f435d2e4c62f23481c73a9d593803ca345c WHIRLPOOL e95016f372dc7cfff32609b838774a339320073fde9c90aa92b0ee8003bbf740a545cb500518bdd611553016bc8d9f21ea060b97742478105474561d6f3ae3d4 +DIST qt-everywhere-opensource-src-4.8.7.tar.gz 241075567 SHA256 e2882295097e47fe089f8ac741a95fef47e0a73a3f3cdf21b56990638f626ea0 SHA512 f9f81a2e7205e1fd05c8d923dc73244f29aa33f951fa6b7c5c8193449328b37084796b9b71ad0c317e4e6fd00017c10ea5d67b1b2032551cde00548522218125 WHIRLPOOL ad8f01172f5bdb3a3a69fe7b03862c4c411bc8d95211053ad66ed1d60a3c0577d073d1075a1e0a80b25d9b2721addda55a2967e6ccf5e194cec8d08770ac5fc2 +EBUILD qtcore-4.8.7-r99.ebuild 2987 SHA256 f0499c2b754b3a9d8635f8f27883fb78edc07452a594a03e82491e6611ec0f89 SHA512 78d6b370f0039cd0905926109bee181f24d8c006b08f6d606e40ac89120a8fa0012e8457dea68ab2aa174bae2484e6f69d36a7f75cd171bbb073d881dc0fb189 WHIRLPOOL 4664e9cfe1e3d0e962328f70b6f75c244cbdac1711f57d6142fb8fa3681002c7d45cdd58a10a101ab4ec8428ed30e00d8123d23db46fb0bc6e6e7af172b31067 +MISC ChangeLog 39458 SHA256 538ab612e6a4236bdc8c54ead41013e9900532150871c00704179a997ebb102f SHA512 858615bf43caf12eeca50b45c1b61696291762f43bd96cd8949ba6d263a6c52e6e527289c4abc22d988e2f41420de52a919ab28bb889f6cc7c21c4e2a82a6a68 WHIRLPOOL 7355b16095460360dba36c8cfd0d917c34192013d1f43136d70f3f7547f406eab125815bc4cfc0b4d459eda70dc8fc275afcdaee642b1834b5f4461bca6ba543 +MISC metadata.xml 633 SHA256 b8a9342f8b5306a23b156316bb8f6cbf6efc162d678d41a8e13e46916f12cf7d SHA512 3adcde8bf745bf21b85c8dd7b4b9d420d427053ed7fcbc110057aed87ce3a786e72d942c11d81de87bda04c5e2484ff410641ea147a2748867e969da828e6957 WHIRLPOOL 30fce13f3de4d40391ca081df75d94b6e88e352d0c0b0c10b2e2942462e0df6491b1bd15074dce27bf6cebf7f9d0381ca17cf22cfc982e06bfae4e2d278fc1ef --- a/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch +++ a/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch @@ -0,0 +1,114 @@ +From 512a1ce0698d370c313bb561bbf078935fa0342e Mon Sep 17 00:00:00 2001 +From: Mitch Curtis +Date: Thu, 7 Nov 2013 09:36:29 +0100 +Subject: Disallow deep or widely nested entity references. + +Nested references with a depth of 2 or greater will fail. References +that partially expand to greater than 1024 characters will also fail. + +This is a backport of 46a8885ae486e238a39efa5119c2714f328b08e4. + +Change-Id: I0c2e1fa13d6ccb5f88641dae2ed3f28bfdeaf609 +Reviewed-by: Richard J. Moore +Reviewed-by: Lars Knoll + +diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp +index a1777c5..3904632 100644 +--- a/src/xml/sax/qxml.cpp ++++ b/src/xml/sax/qxml.cpp +@@ -424,6 +424,10 @@ private: + int stringValueLen; + QString emptyStr; + ++ // The limit to the amount of times the DTD parsing functions can be called ++ // for the DTD currently being parsed. ++ int dtdRecursionLimit; ++ + const QString &string(); + void stringClear(); + void stringAddC(QChar); +@@ -492,6 +496,7 @@ private: + void unexpectedEof(ParseFunction where, int state); + void parseFailed(ParseFunction where, int state); + void pushParseState(ParseFunction function, int state); ++ bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage); + + Q_DECLARE_PUBLIC(QXmlSimpleReader) + QXmlSimpleReader *q_ptr; +@@ -2759,6 +2764,7 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader) + useNamespacePrefixes = false; + reportWhitespaceCharData = true; + reportEntities = false; ++ dtdRecursionLimit = 2; + } + + QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate() +@@ -5018,6 +5024,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype() + } + break; + case Mup: ++ if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) { ++ reportParseError(QString::fromLatin1( ++ "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit)); ++ return false; ++ } + if (!parseMarkupdecl()) { + parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state); + return false; +@@ -6627,6 +6638,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq() + return false; + } + ++bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage) ++{ ++ const QString value = string(); ++ QMap referencedEntityCounts; ++ foreach (QString entityName, entities.keys()) { ++ for (int i = 0; i < value.size() && i != -1; ) { ++ i = value.indexOf(entityName, i); ++ if (i != -1) { ++ // The entityName we're currently trying to find ++ // was matched in this string; increase our count. ++ ++referencedEntityCounts[entityName]; ++ i += entityName.size(); ++ } ++ } ++ } ++ ++ foreach (QString entityName, referencedEntityCounts.keys()) { ++ const int timesReferenced = referencedEntityCounts[entityName]; ++ const QString entityValue = entities[entityName]; ++ if (entityValue.size() * timesReferenced > 1024) { ++ if (errorMessage) { ++ *errorMessage = QString::fromLatin1("The XML entity \"%1\"" ++ "expands too a string that is too large to process when " ++ "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced); ++ } ++ return true; ++ } ++ } ++ return false; ++} ++ + /* + Parse a EntityDecl [70]. + +@@ -6721,6 +6763,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl() + switch (state) { + case EValue: + if ( !entityExist(name())) { ++ QString errorMessage; ++ if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) { ++ // The entity at entityName is entityValue.size() characters ++ // long in its unexpanded form, and was mentioned timesReferenced times, ++ // resulting in a string that would be greater than 1024 characters. ++ reportParseError(errorMessage); ++ return false; ++ } ++ + entities.insert(name(), string()); + if (declHnd) { + if (!declHnd->internalEntityDecl(name(), string())) { +-- +1.8.5.2 + --- a/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch +++ a/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch @@ -0,0 +1,124 @@ +From cecceb0cdd87482124a73ecf537f3445d68be13e Mon Sep 17 00:00:00 2001 +From: Mitch Curtis +Date: Tue, 12 Nov 2013 13:44:56 +0100 +Subject: Fully expand entities to ensure deep or widely nested ones fail + parsing + +With 512a1ce0698d370c313bb561bbf078935fa0342e, we failed when parsing +entities whose partially expanded size was greater than 1024 +characters. That was not enough, so now we fully expand all entities. + +This is a backport of f1053d94f59f053ce4acad9320df14f1fbe4faac. + +Change-Id: I41dd6f4525c63e82fd320a22d19248169627f7e0 +Reviewed-by: Richard J. Moore + +diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp +index 3904632..befa801 100644 +--- a/src/xml/sax/qxml.cpp ++++ b/src/xml/sax/qxml.cpp +@@ -426,7 +426,9 @@ private: + + // The limit to the amount of times the DTD parsing functions can be called + // for the DTD currently being parsed. +- int dtdRecursionLimit; ++ static const int dtdRecursionLimit = 2; ++ // The maximum amount of characters an entity value may contain, after expansion. ++ static const int entityCharacterLimit = 1024; + + const QString &string(); + void stringClear(); +@@ -496,7 +498,7 @@ private: + void unexpectedEof(ParseFunction where, int state); + void parseFailed(ParseFunction where, int state); + void pushParseState(ParseFunction function, int state); +- bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage); ++ bool isExpandedEntityValueTooLarge(QString *errorMessage); + + Q_DECLARE_PUBLIC(QXmlSimpleReader) + QXmlSimpleReader *q_ptr; +@@ -2764,7 +2766,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader) + useNamespacePrefixes = false; + reportWhitespaceCharData = true; + reportEntities = false; +- dtdRecursionLimit = 2; + } + + QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate() +@@ -6638,30 +6639,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq() + return false; + } + +-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage) ++bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage) + { +- const QString value = string(); +- QMap referencedEntityCounts; +- foreach (QString entityName, entities.keys()) { +- for (int i = 0; i < value.size() && i != -1; ) { +- i = value.indexOf(entityName, i); +- if (i != -1) { +- // The entityName we're currently trying to find +- // was matched in this string; increase our count. +- ++referencedEntityCounts[entityName]; +- i += entityName.size(); ++ QMap literalEntitySizes; ++ // The entity at (QMap) times. ++ QMap > referencesToOtherEntities; ++ QMap expandedSizes; ++ ++ // For every entity, check how many times all entity names were referenced in its value. ++ foreach (QString toSearch, entities.keys()) { ++ // The amount of characters that weren't entity names, but literals, like 'X'. ++ QString leftOvers = entities.value(toSearch); ++ // How many times was entityName referenced by toSearch? ++ foreach (QString entityName, entities.keys()) { ++ for (int i = 0; i < leftOvers.size() && i != -1; ) { ++ i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i); ++ if (i != -1) { ++ leftOvers.remove(i, entityName.size() + 2); ++ // The entityName we're currently trying to find was matched in this string; increase our count. ++ ++referencesToOtherEntities[toSearch][entityName]; ++ } + } + } ++ literalEntitySizes[toSearch] = leftOvers.size(); + } + +- foreach (QString entityName, referencedEntityCounts.keys()) { +- const int timesReferenced = referencedEntityCounts[entityName]; +- const QString entityValue = entities[entityName]; +- if (entityValue.size() * timesReferenced > 1024) { ++ foreach (QString entity, referencesToOtherEntities.keys()) { ++ expandedSizes[entity] = literalEntitySizes[entity]; ++ foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) { ++ const int references = referencesToOtherEntities.value(entity).value(referenceTo); ++ // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size. ++ expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references; ++ } ++ ++ if (expandedSizes[entity] > entityCharacterLimit) { + if (errorMessage) { +- *errorMessage = QString::fromLatin1("The XML entity \"%1\"" +- "expands too a string that is too large to process when " +- "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced); ++ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3)."); ++ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit); + } + return true; + } +@@ -6764,10 +6778,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl() + case EValue: + if ( !entityExist(name())) { + QString errorMessage; +- if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) { +- // The entity at entityName is entityValue.size() characters +- // long in its unexpanded form, and was mentioned timesReferenced times, +- // resulting in a string that would be greater than 1024 characters. ++ if (isExpandedEntityValueTooLarge(&errorMessage)) { + reportParseError(errorMessage); + return false; + } +-- +1.8.5.2 + --- a/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch +++ a/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch @@ -0,0 +1,81 @@ +From 267feb2de49eed0823ca0c29f1cd5238537c7116 Mon Sep 17 00:00:00 2001 +From: Jan-Marek Glogowski +Date: Thu, 6 Mar 2014 18:44:43 +0100 +Subject: Honor ExcludeSocketNotifiers in glib event loop + +Implements QEventLoop::ExcludeSocketNotifiers in the same way +QEventLoop::X11ExcludeTimers is already implemented for the glib +event loop. + +This prevents crashes when QClipboard checks for clipboard events +and + qApp->clipboard()->setProperty( "useEventLoopWhenWaiting", true ); +is set. + +Task-number: QTBUG-34614 +Task-number: QTBUG-37380 + +Change-Id: Id4e2a74c6bdf8c3b439a4e3813d24d11368b607d +--- + src/corelib/kernel/qeventdispatcher_glib.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/corelib/kernel/qeventdispatcher_glib.cpp b/src/corelib/kernel/qeventdispatcher_glib.cpp +index 0b0e308..ba522fa 100644 +--- a/src/corelib/kernel/qeventdispatcher_glib.cpp ++++ b/src/corelib/kernel/qeventdispatcher_glib.cpp +@@ -65,6 +65,7 @@ struct GPollFDWithQSocketNotifier + struct GSocketNotifierSource + { + GSource source; ++ QEventLoop::ProcessEventsFlags processEventsFlags; + QList pollfds; + }; + +@@ -80,6 +81,9 @@ static gboolean socketNotifierSourceCheck(GSource *source) + GSocketNotifierSource *src = reinterpret_cast(source); + + bool pending = false; ++ if (src->processEventsFlags & QEventLoop::ExcludeSocketNotifiers) ++ return pending; ++ + for (int i = 0; !pending && i < src->pollfds.count(); ++i) { + GPollFDWithQSocketNotifier *p = src->pollfds.at(i); + +@@ -103,6 +107,9 @@ static gboolean socketNotifierSourceDispatch(GSource *source, GSourceFunc, gpoin + QEvent event(QEvent::SockAct); + + GSocketNotifierSource *src = reinterpret_cast(source); ++ if (src->processEventsFlags & QEventLoop::ExcludeSocketNotifiers) ++ return true; ++ + for (int i = 0; i < src->pollfds.count(); ++i) { + GPollFDWithQSocketNotifier *p = src->pollfds.at(i); + +@@ -331,6 +338,7 @@ QEventDispatcherGlibPrivate::QEventDispatcherGlibPrivate(GMainContext *context) + reinterpret_cast(g_source_new(&socketNotifierSourceFuncs, + sizeof(GSocketNotifierSource))); + (void) new (&socketNotifierSource->pollfds) QList(); ++ socketNotifierSource->processEventsFlags = QEventLoop::AllEvents; + g_source_set_can_recurse(&socketNotifierSource->source, true); + g_source_attach(&socketNotifierSource->source, mainContext); + +@@ -416,6 +424,7 @@ bool QEventDispatcherGlib::processEvents(QEventLoop::ProcessEventsFlags flags) + // tell postEventSourcePrepare() and timerSource about any new flags + QEventLoop::ProcessEventsFlags savedFlags = d->timerSource->processEventsFlags; + d->timerSource->processEventsFlags = flags; ++ d->socketNotifierSource->processEventsFlags = flags; + + if (!(flags & QEventLoop::EventLoopExec)) { + // force timers to be sent at normal priority +@@ -427,6 +436,7 @@ bool QEventDispatcherGlib::processEvents(QEventLoop::ProcessEventsFlags flags) + result = g_main_context_iteration(d->mainContext, canWait); + + d->timerSource->processEventsFlags = savedFlags; ++ d->socketNotifierSource->processEventsFlags = savedFlags; + + if (canWait) + emit awake(); +-- +2.0.0 + --- a/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch +++ a/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch @@ -0,0 +1,12 @@ +Index: qt-everywhere-opensource-src-4.8.9999/src/tools/moc/main.cpp +=================================================================== +--- qt-everywhere-opensource-src-4.8.9999.orig/src/tools/moc/main.cpp ++++ qt-everywhere-opensource-src-4.8.9999/src/tools/moc/main.cpp +@@ -190,6 +190,7 @@ int runMoc(int _argc, char **_argv) + + // Workaround a bug while parsing the boost/type_traits/has_operator.hpp header. See QTBUG-22829 + pp.macros["BOOST_TT_HAS_OPERATOR_HPP_INCLUDED"]; ++ pp.macros["BOOST_LEXICAL_CAST_INCLUDED"]; + + QByteArray filename; + QByteArray output; --- a/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch +++ a/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch @@ -0,0 +1,94 @@ +--- src/corelib/kernel/qeventdispatcher_glib.cpp.sav 2014-03-28 15:26:37.000000000 +0100 @@ -0,0 +1,431 @@ +From fa81aa6d027049e855b76f5408586a288f160575 Mon Sep 17 00:00:00 2001 +From: Markus Goetz +Date: Tue, 28 Apr 2015 11:57:36 +0200 +Subject: QNAM: Fix upload corruptions when server closes connection + +This patch fixes several upload corruptions if the server closes the connection +while/before we send data into it. They happen inside multiple places in the HTTP +layer and are explained in the comments. +Corruptions are: +* The upload byte device has an in-flight signal with pending upload data, if +it gets reset (because server closes the connection) then the re-send of the +request was sometimes taking this stale in-flight pending upload data. +* Because some signals were DirectConnection and some were QueuedConnection, there +was a chance that a direct signal overtakes a queued signal. The state machine +then sent data down the socket which was buffered there (and sent later) although +it did not match the current state of the state machine when it was actually sent. +* A socket was seen as being able to have requests sent even though it was not +encrypted yet. This relates to the previous corruption where data is stored inside +the socket's buffer and then sent later. + +The included auto test produces all fixed corruptions, I detected no regressions +via the other tests. +This code also adds a bit of sanity checking to protect from possible further +problems. + +[ChangeLog][QtNetwork] Fix HTTP(s) upload corruption when server closes connection + +(cherry picked from commit qtbase/cff39fba10ffc10ee4dcfdc66ff6528eb26462d3) +Change-Id: I9793297be6cf3edfb75b65ba03b65f7a133ef194 +Reviewed-by: Richard J. Moore +--- + src/corelib/io/qnoncontiguousbytedevice.cpp | 19 +++ + src/corelib/io/qnoncontiguousbytedevice_p.h | 4 + + .../access/qhttpnetworkconnectionchannel.cpp | 47 +++++- + src/network/access/qhttpthreaddelegate_p.h | 36 ++++- + src/network/access/qnetworkaccesshttpbackend.cpp | 24 ++- + src/network/access/qnetworkaccesshttpbackend_p.h | 5 +- + tests/auto/qnetworkreply/tst_qnetworkreply.cpp | 174 ++++++++++++++++++++- + 7 files changed, 280 insertions(+), 29 deletions(-) + +diff --git a/src/corelib/io/qnoncontiguousbytedevice.cpp b/src/corelib/io/qnoncontiguousbytedevice.cpp +index bf58eee..1a0591e 100644 +--- a/src/corelib/io/qnoncontiguousbytedevice.cpp ++++ b/src/corelib/io/qnoncontiguousbytedevice.cpp +@@ -245,6 +245,12 @@ qint64 QNonContiguousByteDeviceByteArrayImpl::size() + return byteArray->size(); + } + ++qint64 QNonContiguousByteDeviceByteArrayImpl::pos() ++{ ++ return currentPosition; ++} ++ ++ + QNonContiguousByteDeviceRingBufferImpl::QNonContiguousByteDeviceRingBufferImpl(QSharedPointer rb) + : QNonContiguousByteDevice(), currentPosition(0) + { +@@ -296,6 +302,11 @@ qint64 QNonContiguousByteDeviceRingBufferImpl::size() + return ringBuffer->size(); + } + ++qint64 QNonContiguousByteDeviceRingBufferImpl::pos() ++{ ++ return currentPosition; ++} ++ + QNonContiguousByteDeviceIoDeviceImpl::QNonContiguousByteDeviceIoDeviceImpl(QIODevice *d) + : QNonContiguousByteDevice(), + currentReadBuffer(0), currentReadBufferSize(16*1024), +@@ -415,6 +426,14 @@ qint64 QNonContiguousByteDeviceIoDeviceImpl::size() + return device->size() - initialPosition; + } + ++qint64 QNonContiguousByteDeviceIoDeviceImpl::pos() ++{ ++ if (device->isSequential()) ++ return -1; ++ ++ return device->pos(); ++} ++ + QByteDeviceWrappingIoDevice::QByteDeviceWrappingIoDevice(QNonContiguousByteDevice *bd) : QIODevice((QObject*)0) + { + byteDevice = bd; +diff --git a/src/corelib/io/qnoncontiguousbytedevice_p.h b/src/corelib/io/qnoncontiguousbytedevice_p.h +index b6966eb..d1a99a1 100644 +--- a/src/corelib/io/qnoncontiguousbytedevice_p.h ++++ b/src/corelib/io/qnoncontiguousbytedevice_p.h +@@ -69,6 +69,7 @@ public: + virtual const char* readPointer(qint64 maximumLength, qint64 &len) = 0; + virtual bool advanceReadPointer(qint64 amount) = 0; + virtual bool atEnd() = 0; ++ virtual qint64 pos() { return -1; } + virtual bool reset() = 0; + void disableReset(); + bool isResetDisabled() { return resetDisabled; } +@@ -108,6 +109,7 @@ public: + bool atEnd(); + bool reset(); + qint64 size(); ++ qint64 pos(); + protected: + QByteArray* byteArray; + qint64 currentPosition; +@@ -123,6 +125,7 @@ public: + bool atEnd(); + bool reset(); + qint64 size(); ++ qint64 pos(); + protected: + QSharedPointer ringBuffer; + qint64 currentPosition; +@@ -140,6 +143,7 @@ public: + bool atEnd(); + bool reset(); + qint64 size(); ++ qint64 pos(); + protected: + QIODevice* device; + QByteArray* currentReadBuffer; +diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp +index 550e090..db2f712 100644 +--- a/src/network/access/qhttpnetworkconnectionchannel.cpp ++++ b/src/network/access/qhttpnetworkconnectionchannel.cpp +@@ -107,15 +107,19 @@ void QHttpNetworkConnectionChannel::init() + socket->setProxy(QNetworkProxy::NoProxy); + #endif + ++ // We want all signals (except the interactive ones) be connected as QueuedConnection ++ // because else we're falling into cases where we recurse back into the socket code ++ // and mess up the state. Always going to the event loop (and expecting that when reading/writing) ++ // is safer. + QObject::connect(socket, SIGNAL(bytesWritten(qint64)), + this, SLOT(_q_bytesWritten(qint64)), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + QObject::connect(socket, SIGNAL(connected()), + this, SLOT(_q_connected()), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + QObject::connect(socket, SIGNAL(readyRead()), + this, SLOT(_q_readyRead()), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + + // The disconnected() and error() signals may already come + // while calling connectToHost(). +@@ -144,13 +148,13 @@ void QHttpNetworkConnectionChannel::init() + // won't be a sslSocket if encrypt is false + QObject::connect(sslSocket, SIGNAL(encrypted()), + this, SLOT(_q_encrypted()), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + QObject::connect(sslSocket, SIGNAL(sslErrors(QList)), + this, SLOT(_q_sslErrors(QList)), + Qt::DirectConnection); + QObject::connect(sslSocket, SIGNAL(encryptedBytesWritten(qint64)), + this, SLOT(_q_encryptedBytesWritten(qint64)), +- Qt::DirectConnection); ++ Qt::QueuedConnection); + } + #endif + } +@@ -163,7 +167,8 @@ void QHttpNetworkConnectionChannel::close() + else + state = QHttpNetworkConnectionChannel::ClosingState; + +- socket->close(); ++ if (socket) ++ socket->close(); + } + + +@@ -280,6 +285,14 @@ bool QHttpNetworkConnectionChannel::sendRequest() + // nothing to read currently, break the loop + break; + } else { ++ if (written != uploadByteDevice->pos()) { ++ // Sanity check. This was useful in tracking down an upload corruption. ++ qWarning() << "QHttpProtocolHandler: Internal error in sendRequest. Expected to write at position" << written << "but read device is at" << uploadByteDevice->pos(); ++ Q_ASSERT(written == uploadByteDevice->pos()); ++ connection->d_func()->emitReplyError(socket, reply, QNetworkReply::ProtocolFailure); ++ return false; ++ } ++ + qint64 currentWriteSize = socket->write(readPointer, currentReadSize); + if (currentWriteSize == -1 || currentWriteSize != currentReadSize) { + // socket broke down +@@ -639,6 +652,14 @@ bool QHttpNetworkConnectionChannel::ensureConnection() + } + return false; + } ++ ++ // This code path for ConnectedState ++ if (pendingEncrypt) { ++ // Let's only be really connected when we have received the encrypted() signal. Else the state machine seems to mess up ++ // and corrupt the things sent to the server. ++ return false; ++ } ++ + return true; + } + +@@ -980,6 +1001,13 @@ void QHttpNetworkConnectionChannel::_q_readyRead() + void QHttpNetworkConnectionChannel::_q_bytesWritten(qint64 bytes) + { + Q_UNUSED(bytes); ++ ++ if (ssl) { ++ // In the SSL case we want to send data from encryptedBytesWritten signal since that one ++ // is the one going down to the actual network, not only into some SSL buffer. ++ return; ++ } ++ + // bytes have been written to the socket. write even more of them :) + if (isSocketWriting()) + sendRequest(); +@@ -1029,7 +1057,7 @@ void QHttpNetworkConnectionChannel::_q_connected() + + // ### FIXME: if the server closes the connection unexpectedly, we shouldn't send the same broken request again! + //channels[i].reconnectAttempts = 2; +- if (!pendingEncrypt) { ++ if (!pendingEncrypt && !ssl) { // FIXME: Didn't work properly with pendingEncrypt only, we should refactor this into an EncrypingState + state = QHttpNetworkConnectionChannel::IdleState; + if (!reply) + connection->d_func()->dequeueRequest(socket); +@@ -1157,7 +1185,10 @@ void QHttpNetworkConnectionChannel::_q_proxyAuthenticationRequired(const QNetwor + + void QHttpNetworkConnectionChannel::_q_uploadDataReadyRead() + { +- sendRequest(); ++ if (reply && state == QHttpNetworkConnectionChannel::WritingState) { ++ // There might be timing issues, make sure to only send upload data if really in that state ++ sendRequest(); ++ } + } + + #ifndef QT_NO_OPENSSL +diff --git a/src/network/access/qhttpthreaddelegate_p.h b/src/network/access/qhttpthreaddelegate_p.h +index 7648325..9dd0deb 100644 +--- a/src/network/access/qhttpthreaddelegate_p.h ++++ b/src/network/access/qhttpthreaddelegate_p.h +@@ -190,6 +190,7 @@ protected: + QByteArray m_dataArray; + bool m_atEnd; + qint64 m_size; ++ qint64 m_pos; // to match calls of haveDataSlot with the expected position + public: + QNonContiguousByteDeviceThreadForwardImpl(bool aE, qint64 s) + : QNonContiguousByteDevice(), +@@ -197,7 +198,8 @@ public: + m_amount(0), + m_data(0), + m_atEnd(aE), +- m_size(s) ++ m_size(s), ++ m_pos(0) + { + } + +@@ -205,6 +207,11 @@ public: + { + } + ++ qint64 pos() ++ { ++ return m_pos; ++ } ++ + const char* readPointer(qint64 maximumLength, qint64 &len) + { + if (m_amount > 0) { +@@ -232,11 +239,10 @@ public: + + m_amount -= a; + m_data += a; ++ m_pos += a; + +- // To main thread to inform about our state +- emit processedData(a); +- +- // FIXME possible optimization, already ask user thread for some data ++ // To main thread to inform about our state. The m_pos will be sent as a sanity check. ++ emit processedData(m_pos, a); + + return true; + } +@@ -253,10 +259,21 @@ public: + { + m_amount = 0; + m_data = 0; ++ m_dataArray.clear(); ++ ++ if (wantDataPending) { ++ // had requested the user thread to send some data (only 1 in-flight at any moment) ++ wantDataPending = false; ++ } + + // Communicate as BlockingQueuedConnection + bool b = false; + emit resetData(&b); ++ if (b) { ++ // the reset succeeded, we're at pos 0 again ++ m_pos = 0; ++ // the HTTP code will anyway abort the request if !b. ++ } + return b; + } + +@@ -267,8 +284,13 @@ public: + + public slots: + // From user thread: +- void haveDataSlot(QByteArray dataArray, bool dataAtEnd, qint64 dataSize) ++ void haveDataSlot(qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize) + { ++ if (pos != m_pos) { ++ // Sometimes when re-sending a request in the qhttpnetwork* layer there is a pending haveData from the ++ // user thread on the way to us. We need to ignore it since it is the data for the wrong(later) chunk. ++ return; ++ } + wantDataPending = false; + + m_dataArray = dataArray; +@@ -288,7 +310,7 @@ signals: + + // to main thread: + void wantData(qint64); +- void processedData(qint64); ++ void processedData(qint64 pos, qint64 amount); + void resetData(bool *b); + }; + +diff --git a/src/network/access/qnetworkaccesshttpbackend.cpp b/src/network/access/qnetworkaccesshttpbackend.cpp +index cc67258..fe2f627 100644 +--- a/src/network/access/qnetworkaccesshttpbackend.cpp ++++ b/src/network/access/qnetworkaccesshttpbackend.cpp +@@ -193,6 +193,7 @@ QNetworkAccessHttpBackendFactory::create(QNetworkAccessManager::Operation op, + QNetworkAccessHttpBackend::QNetworkAccessHttpBackend() + : QNetworkAccessBackend() + , statusCode(0) ++ , uploadByteDevicePosition(false) + , pendingDownloadDataEmissions(new QAtomicInt()) + , pendingDownloadProgressEmissions(new QAtomicInt()) + , loadingFromCache(false) +@@ -610,9 +611,9 @@ void QNetworkAccessHttpBackend::postRequest() + forwardUploadDevice->setParent(delegate); // needed to make sure it is moved on moveToThread() + delegate->httpRequest.setUploadByteDevice(forwardUploadDevice); + +- // From main thread to user thread: +- QObject::connect(this, SIGNAL(haveUploadData(QByteArray, bool, qint64)), +- forwardUploadDevice, SLOT(haveDataSlot(QByteArray, bool, qint64)), Qt::QueuedConnection); ++ // From user thread to http thread: ++ QObject::connect(this, SIGNAL(haveUploadData(qint64,QByteArray,bool,qint64)), ++ forwardUploadDevice, SLOT(haveDataSlot(qint64,QByteArray,bool,qint64)), Qt::QueuedConnection); + QObject::connect(uploadByteDevice.data(), SIGNAL(readyRead()), + forwardUploadDevice, SIGNAL(readyRead()), + Qt::QueuedConnection); +@@ -620,8 +621,8 @@ void QNetworkAccessHttpBackend::postRequest() + // From http thread to user thread: + QObject::connect(forwardUploadDevice, SIGNAL(wantData(qint64)), + this, SLOT(wantUploadDataSlot(qint64))); +- QObject::connect(forwardUploadDevice, SIGNAL(processedData(qint64)), +- this, SLOT(sentUploadDataSlot(qint64))); ++ QObject::connect(forwardUploadDevice,SIGNAL(processedData(qint64, qint64)), ++ this, SLOT(sentUploadDataSlot(qint64,qint64))); + connect(forwardUploadDevice, SIGNAL(resetData(bool*)), + this, SLOT(resetUploadDataSlot(bool*)), + Qt::BlockingQueuedConnection); // this is the only one with BlockingQueued! +@@ -915,12 +916,21 @@ void QNetworkAccessHttpBackend::replySslConfigurationChanged(const QSslConfigura + void QNetworkAccessHttpBackend::resetUploadDataSlot(bool *r) + { + *r = uploadByteDevice->reset(); ++ if (*r) { ++ // reset our own position which is used for the inter-thread communication ++ uploadByteDevicePosition = 0; ++ } + } + + // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread +-void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 amount) ++void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 pos, qint64 amount) + { ++ if (uploadByteDevicePosition + amount != pos) { ++ // Sanity check, should not happen. ++ error(QNetworkReply::UnknownNetworkError, ""); ++ } + uploadByteDevice->advanceReadPointer(amount); ++ uploadByteDevicePosition += amount; + } + + // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread +@@ -933,7 +943,7 @@ void QNetworkAccessHttpBackend::wantUploadDataSlot(qint64 maxSize) + QByteArray dataArray(data, currentUploadDataLength); + + // Communicate back to HTTP thread +- emit haveUploadData(dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size()); ++ emit haveUploadData(uploadByteDevicePosition, dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size()); + } + + /* +diff --git a/src/network/access/qnetworkaccesshttpbackend_p.h b/src/network/access/qnetworkaccesshttpbackend_p.h +index 13519c6..b4ed67c 100644 +--- a/src/network/access/qnetworkaccesshttpbackend_p.h ++++ b/src/network/access/qnetworkaccesshttpbackend_p.h +@@ -112,7 +112,7 @@ signals: + + void startHttpRequestSynchronously(); + +- void haveUploadData(QByteArray dataArray, bool dataAtEnd, qint64 dataSize); ++ void haveUploadData(const qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize); + private slots: + // From HTTP thread: + void replyDownloadData(QByteArray); +@@ -129,13 +129,14 @@ private slots: + // From QNonContiguousByteDeviceThreadForwardImpl in HTTP thread: + void resetUploadDataSlot(bool *r); + void wantUploadDataSlot(qint64); +- void sentUploadDataSlot(qint64); ++ void sentUploadDataSlot(qint64, qint64); + + bool sendCacheContents(const QNetworkCacheMetaData &metaData); + + private: + QHttpNetworkRequest httpRequest; // There is also a copy in the HTTP thread + int statusCode; ++ qint64 uploadByteDevicePosition; + QString reasonPhrase; + // Will be increased by HTTP thread: + QSharedPointer pendingDownloadDataEmissions; + --- a/dev-qt/qtcore/files/qtcore-4.8.7-fix-socklent-for-musl.patch +++ a/dev-qt/qtcore/files/qtcore-4.8.7-fix-socklent-for-musl.patch @@ -0,0 +1,119 @@ +diff -ru a/mkspecs/linux-cxx/qplatformdefs.h b/mkspecs/linux-cxx/qplatformdefs.h +--- a/mkspecs/linux-cxx/qplatformdefs.h 2015-05-07 14:14:41.000000000 +0000 @@ -0,0 +1,16 @@ + + + + qt + + Add support for exceptions - like catching them + inside the event loop (recommended by upstream) + Enable dev-libs/glib eventloop support + Enable the Qt3Support libraries for Qt4. Note that + this does not mean you can compile pure Qt3 programs with Qt4. + + + https://bugreports.qt.io/ + http://doc.qt.io/ + + --- a/dev-qt/qtcore/qtcore-4.8.7-r99.ebuild +++ a/dev-qt/qtcore/qtcore-4.8.7-r99.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-qt/qtcore/qtcore-4.8.7.ebuild,v 1.1 2015/05/26 18:14:28 pesa Exp $ + +EAPI=5 +inherit qt4-build-multilib + +DESCRIPTION="Cross-platform application development framework" + +if [[ ${QT4_BUILD_TYPE} == release ]]; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" +fi + +IUSE="+glib iconv icu qt3support ssl" + +DEPEND=" + >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] + glib? ( dev-libs/glib:2[${MULTILIB_USEDEP}] ) + iconv? ( >=virtual/libiconv-0-r2[${MULTILIB_USEDEP}] ) + icu? ( dev-libs/icu:=[${MULTILIB_USEDEP}] ) + ssl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) +" +RDEPEND="${DEPEND}" +PDEPEND=" + ~dev-qt/qttranslations-${PV} + qt3support? ( ~dev-qt/qtgui-${PV}[aqua=,debug=,glib=,qt3support,${MULTILIB_USEDEP}] ) +" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/qt4/Qt/qconfig.h + /usr/include/qt4/QtCore/qconfig.h +) + +PATCHES=( + "${FILESDIR}/${PN}-4.8.5-moc-boost-lexical-cast.patch" + "${FILESDIR}/${PN}-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch" # bug 514968 + "${FILESDIR}/${PN}-4.8.5-qeventdispatcher-recursive.patch" # bug 514968 + "${FILESDIR}/${PN}-4.8.7-fix-socklent-for-musl.patch" +) + +QT4_TARGET_DIRECTORIES=" + src/tools/bootstrap + src/tools/moc + src/tools/rcc + src/tools/uic + src/corelib + src/network + src/xml + src/plugins/codecs/cn + src/plugins/codecs/jp + src/plugins/codecs/kr + src/plugins/codecs/tw + tools/linguist/lconvert + tools/linguist/lrelease + tools/linguist/lupdate" + +QCONFIG_DEFINE="QT_ZLIB" + +src_prepare() { + qt4-build-multilib_src_prepare + + # bug 172219 + sed -i -e "s:CXXFLAGS.*=:CXXFLAGS=${CXXFLAGS} :" \ + -e "s:LFLAGS.*=:LFLAGS=${LDFLAGS} :" \ + qmake/Makefile.unix || die "sed qmake/Makefile.unix failed" + + # bug 427782 + sed -i -e '/^CPPFLAGS\s*=/ s/-g //' \ + qmake/Makefile.unix || die "sed CPPFLAGS in qmake/Makefile.unix failed" + sed -i -e 's/setBootstrapVariable QMAKE_CFLAGS_RELEASE/QMakeVar set QMAKE_CFLAGS_RELEASE/' \ + -e 's/setBootstrapVariable QMAKE_CXXFLAGS_RELEASE/QMakeVar set QMAKE_CXXFLAGS_RELEASE/' \ + configure || die "sed configure setBootstrapVariable failed" +} + +multilib_src_configure() { + local myconf=( + -no-accessibility -no-xmlpatterns -no-multimedia -no-audio-backend -no-phonon + -no-phonon-backend -no-svg -no-webkit -no-script -no-scripttools -no-declarative + -system-zlib -no-gif -no-libtiff -no-libpng -no-libmng -no-libjpeg + -no-cups -no-dbus -no-gtkstyle -no-nas-sound -no-opengl -no-openvg + -no-sm -no-xshape -no-xvideo -no-xsync -no-xinerama -no-xcursor -no-xfixes + -no-xrandr -no-xrender -no-mitshm -no-fontconfig -no-freetype -no-xinput -no-xkb + $(qt_use glib) + $(qt_use iconv) + $(qt_use icu) + $(use ssl && echo -openssl-linked || echo -no-openssl) + $(qt_use qt3support) + ) + qt4_multilib_src_configure +} --