Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-qt/qtcore/files
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /dev-qt/qtcore/files
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'dev-qt/qtcore/files')
-rw-r--r--dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch114
-rw-r--r--dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch124
-rw-r--r--dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch81
-rw-r--r--dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch12
-rw-r--r--dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch94
-rw-r--r--dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch431
6 files changed, 856 insertions, 0 deletions
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch
new file mode 100644
index 000000000000..c472d4212ffa
--- /dev/null
+++ b/dev-qt/qtcore/files/CVE-2013-4549-01-disallow-deep-or-widely-nested-entity-refs.patch
@@ -0,0 +1,114 @@
+From 512a1ce0698d370c313bb561bbf078935fa0342e Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis@digia.com>
+Date: Thu, 7 Nov 2013 09:36:29 +0100
+Subject: Disallow deep or widely nested entity references.
+
+Nested references with a depth of 2 or greater will fail. References
+that partially expand to greater than 1024 characters will also fail.
+
+This is a backport of 46a8885ae486e238a39efa5119c2714f328b08e4.
+
+Change-Id: I0c2e1fa13d6ccb5f88641dae2ed3f28bfdeaf609
+Reviewed-by: Richard J. Moore <rich@kde.org>
+Reviewed-by: Lars Knoll <lars.knoll@digia.com>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index a1777c5..3904632 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -424,6 +424,10 @@ private:
+ int stringValueLen;
+ QString emptyStr;
+
++ // The limit to the amount of times the DTD parsing functions can be called
++ // for the DTD currently being parsed.
++ int dtdRecursionLimit;
++
+ const QString &string();
+ void stringClear();
+ void stringAddC(QChar);
+@@ -492,6 +496,7 @@ private:
+ void unexpectedEof(ParseFunction where, int state);
+ void parseFailed(ParseFunction where, int state);
+ void pushParseState(ParseFunction function, int state);
++ bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
+
+ Q_DECLARE_PUBLIC(QXmlSimpleReader)
+ QXmlSimpleReader *q_ptr;
+@@ -2759,6 +2764,7 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+ useNamespacePrefixes = false;
+ reportWhitespaceCharData = true;
+ reportEntities = false;
++ dtdRecursionLimit = 2;
+ }
+
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -5018,6 +5024,11 @@ bool QXmlSimpleReaderPrivate::parseDoctype()
+ }
+ break;
+ case Mup:
++ if (dtdRecursionLimit > 0 && parameterEntities.size() > dtdRecursionLimit) {
++ reportParseError(QString::fromLatin1(
++ "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit));
++ return false;
++ }
+ if (!parseMarkupdecl()) {
+ parseFailed(&QXmlSimpleReaderPrivate::parseDoctype, state);
+ return false;
+@@ -6627,6 +6638,37 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+ return false;
+ }
+
++bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++{
++ const QString value = string();
++ QMap<QString, int> referencedEntityCounts;
++ foreach (QString entityName, entities.keys()) {
++ for (int i = 0; i < value.size() && i != -1; ) {
++ i = value.indexOf(entityName, i);
++ if (i != -1) {
++ // The entityName we're currently trying to find
++ // was matched in this string; increase our count.
++ ++referencedEntityCounts[entityName];
++ i += entityName.size();
++ }
++ }
++ }
++
++ foreach (QString entityName, referencedEntityCounts.keys()) {
++ const int timesReferenced = referencedEntityCounts[entityName];
++ const QString entityValue = entities[entityName];
++ if (entityValue.size() * timesReferenced > 1024) {
++ if (errorMessage) {
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\""
++ "expands too a string that is too large to process when "
++ "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++ }
++ return true;
++ }
++ }
++ return false;
++}
++
+ /*
+ Parse a EntityDecl [70].
+
+@@ -6721,6 +6763,15 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+ switch (state) {
+ case EValue:
+ if ( !entityExist(name())) {
++ QString errorMessage;
++ if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
++ // The entity at entityName is entityValue.size() characters
++ // long in its unexpanded form, and was mentioned timesReferenced times,
++ // resulting in a string that would be greater than 1024 characters.
++ reportParseError(errorMessage);
++ return false;
++ }
++
+ entities.insert(name(), string());
+ if (declHnd) {
+ if (!declHnd->internalEntityDecl(name(), string())) {
+--
+1.8.5.2
+
diff --git a/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch
new file mode 100644
index 000000000000..03ef64f22d86
--- /dev/null
+++ b/dev-qt/qtcore/files/CVE-2013-4549-02-fully-expand-entities.patch
@@ -0,0 +1,124 @@
+From cecceb0cdd87482124a73ecf537f3445d68be13e Mon Sep 17 00:00:00 2001
+From: Mitch Curtis <mitch.curtis@digia.com>
+Date: Tue, 12 Nov 2013 13:44:56 +0100
+Subject: Fully expand entities to ensure deep or widely nested ones fail
+ parsing
+
+With 512a1ce0698d370c313bb561bbf078935fa0342e, we failed when parsing
+entities whose partially expanded size was greater than 1024
+characters. That was not enough, so now we fully expand all entities.
+
+This is a backport of f1053d94f59f053ce4acad9320df14f1fbe4faac.
+
+Change-Id: I41dd6f4525c63e82fd320a22d19248169627f7e0
+Reviewed-by: Richard J. Moore <rich@kde.org>
+
+diff --git a/src/xml/sax/qxml.cpp b/src/xml/sax/qxml.cpp
+index 3904632..befa801 100644
+--- a/src/xml/sax/qxml.cpp
++++ b/src/xml/sax/qxml.cpp
+@@ -426,7 +426,9 @@ private:
+
+ // The limit to the amount of times the DTD parsing functions can be called
+ // for the DTD currently being parsed.
+- int dtdRecursionLimit;
++ static const int dtdRecursionLimit = 2;
++ // The maximum amount of characters an entity value may contain, after expansion.
++ static const int entityCharacterLimit = 1024;
+
+ const QString &string();
+ void stringClear();
+@@ -496,7 +498,7 @@ private:
+ void unexpectedEof(ParseFunction where, int state);
+ void parseFailed(ParseFunction where, int state);
+ void pushParseState(ParseFunction function, int state);
+- bool isPartiallyExpandedEntityValueTooLarge(QString *errorMessage);
++ bool isExpandedEntityValueTooLarge(QString *errorMessage);
+
+ Q_DECLARE_PUBLIC(QXmlSimpleReader)
+ QXmlSimpleReader *q_ptr;
+@@ -2764,7 +2766,6 @@ QXmlSimpleReaderPrivate::QXmlSimpleReaderPrivate(QXmlSimpleReader *reader)
+ useNamespacePrefixes = false;
+ reportWhitespaceCharData = true;
+ reportEntities = false;
+- dtdRecursionLimit = 2;
+ }
+
+ QXmlSimpleReaderPrivate::~QXmlSimpleReaderPrivate()
+@@ -6638,30 +6639,43 @@ bool QXmlSimpleReaderPrivate::parseChoiceSeq()
+ return false;
+ }
+
+-bool QXmlSimpleReaderPrivate::isPartiallyExpandedEntityValueTooLarge(QString *errorMessage)
++bool QXmlSimpleReaderPrivate::isExpandedEntityValueTooLarge(QString *errorMessage)
+ {
+- const QString value = string();
+- QMap<QString, int> referencedEntityCounts;
+- foreach (QString entityName, entities.keys()) {
+- for (int i = 0; i < value.size() && i != -1; ) {
+- i = value.indexOf(entityName, i);
+- if (i != -1) {
+- // The entityName we're currently trying to find
+- // was matched in this string; increase our count.
+- ++referencedEntityCounts[entityName];
+- i += entityName.size();
++ QMap<QString, int> literalEntitySizes;
++ // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (int>) times.
++ QMap<QString, QMap<QString, int> > referencesToOtherEntities;
++ QMap<QString, int> expandedSizes;
++
++ // For every entity, check how many times all entity names were referenced in its value.
++ foreach (QString toSearch, entities.keys()) {
++ // The amount of characters that weren't entity names, but literals, like 'X'.
++ QString leftOvers = entities.value(toSearch);
++ // How many times was entityName referenced by toSearch?
++ foreach (QString entityName, entities.keys()) {
++ for (int i = 0; i < leftOvers.size() && i != -1; ) {
++ i = leftOvers.indexOf(QString::fromLatin1("&%1;").arg(entityName), i);
++ if (i != -1) {
++ leftOvers.remove(i, entityName.size() + 2);
++ // The entityName we're currently trying to find was matched in this string; increase our count.
++ ++referencesToOtherEntities[toSearch][entityName];
++ }
+ }
+ }
++ literalEntitySizes[toSearch] = leftOvers.size();
+ }
+
+- foreach (QString entityName, referencedEntityCounts.keys()) {
+- const int timesReferenced = referencedEntityCounts[entityName];
+- const QString entityValue = entities[entityName];
+- if (entityValue.size() * timesReferenced > 1024) {
++ foreach (QString entity, referencesToOtherEntities.keys()) {
++ expandedSizes[entity] = literalEntitySizes[entity];
++ foreach (QString referenceTo, referencesToOtherEntities.value(entity).keys()) {
++ const int references = referencesToOtherEntities.value(entity).value(referenceTo);
++ // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size.
++ expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references;
++ }
++
++ if (expandedSizes[entity] > entityCharacterLimit) {
+ if (errorMessage) {
+- *errorMessage = QString::fromLatin1("The XML entity \"%1\""
+- "expands too a string that is too large to process when "
+- "referencing \"%2\" %3 times.").arg(entityName).arg(entityName).arg(timesReferenced);
++ *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands too a string that is too large to process (%2 characters > %3).");
++ *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
+ }
+ return true;
+ }
+@@ -6764,10 +6778,7 @@ bool QXmlSimpleReaderPrivate::parseEntityDecl()
+ case EValue:
+ if ( !entityExist(name())) {
+ QString errorMessage;
+- if (isPartiallyExpandedEntityValueTooLarge(&errorMessage)) {
+- // The entity at entityName is entityValue.size() characters
+- // long in its unexpanded form, and was mentioned timesReferenced times,
+- // resulting in a string that would be greater than 1024 characters.
++ if (isExpandedEntityValueTooLarge(&errorMessage)) {
+ reportParseError(errorMessage);
+ return false;
+ }
+--
+1.8.5.2
+
diff --git a/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch b/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch
new file mode 100644
index 000000000000..0fcc1fa6561d
--- /dev/null
+++ b/dev-qt/qtcore/files/qtcore-4.8.5-honor-ExcludeSocketNotifiers-in-glib-event-loop.patch
@@ -0,0 +1,81 @@
+From 267feb2de49eed0823ca0c29f1cd5238537c7116 Mon Sep 17 00:00:00 2001
+From: Jan-Marek Glogowski <glogow@fbihome.de>
+Date: Thu, 6 Mar 2014 18:44:43 +0100
+Subject: Honor ExcludeSocketNotifiers in glib event loop
+
+Implements QEventLoop::ExcludeSocketNotifiers in the same way
+QEventLoop::X11ExcludeTimers is already implemented for the glib
+event loop.
+
+This prevents crashes when QClipboard checks for clipboard events
+and
+ qApp->clipboard()->setProperty( "useEventLoopWhenWaiting", true );
+is set.
+
+Task-number: QTBUG-34614
+Task-number: QTBUG-37380
+
+Change-Id: Id4e2a74c6bdf8c3b439a4e3813d24d11368b607d
+---
+ src/corelib/kernel/qeventdispatcher_glib.cpp | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/corelib/kernel/qeventdispatcher_glib.cpp b/src/corelib/kernel/qeventdispatcher_glib.cpp
+index 0b0e308..ba522fa 100644
+--- a/src/corelib/kernel/qeventdispatcher_glib.cpp
++++ b/src/corelib/kernel/qeventdispatcher_glib.cpp
+@@ -65,6 +65,7 @@ struct GPollFDWithQSocketNotifier
+ struct GSocketNotifierSource
+ {
+ GSource source;
++ QEventLoop::ProcessEventsFlags processEventsFlags;
+ QList<GPollFDWithQSocketNotifier *> pollfds;
+ };
+
+@@ -80,6 +81,9 @@ static gboolean socketNotifierSourceCheck(GSource *source)
+ GSocketNotifierSource *src = reinterpret_cast<GSocketNotifierSource *>(source);
+
+ bool pending = false;
++ if (src->processEventsFlags & QEventLoop::ExcludeSocketNotifiers)
++ return pending;
++
+ for (int i = 0; !pending && i < src->pollfds.count(); ++i) {
+ GPollFDWithQSocketNotifier *p = src->pollfds.at(i);
+
+@@ -103,6 +107,9 @@ static gboolean socketNotifierSourceDispatch(GSource *source, GSourceFunc, gpoin
+ QEvent event(QEvent::SockAct);
+
+ GSocketNotifierSource *src = reinterpret_cast<GSocketNotifierSource *>(source);
++ if (src->processEventsFlags & QEventLoop::ExcludeSocketNotifiers)
++ return true;
++
+ for (int i = 0; i < src->pollfds.count(); ++i) {
+ GPollFDWithQSocketNotifier *p = src->pollfds.at(i);
+
+@@ -331,6 +338,7 @@ QEventDispatcherGlibPrivate::QEventDispatcherGlibPrivate(GMainContext *context)
+ reinterpret_cast<GSocketNotifierSource *>(g_source_new(&socketNotifierSourceFuncs,
+ sizeof(GSocketNotifierSource)));
+ (void) new (&socketNotifierSource->pollfds) QList<GPollFDWithQSocketNotifier *>();
++ socketNotifierSource->processEventsFlags = QEventLoop::AllEvents;
+ g_source_set_can_recurse(&socketNotifierSource->source, true);
+ g_source_attach(&socketNotifierSource->source, mainContext);
+
+@@ -416,6 +424,7 @@ bool QEventDispatcherGlib::processEvents(QEventLoop::ProcessEventsFlags flags)
+ // tell postEventSourcePrepare() and timerSource about any new flags
+ QEventLoop::ProcessEventsFlags savedFlags = d->timerSource->processEventsFlags;
+ d->timerSource->processEventsFlags = flags;
++ d->socketNotifierSource->processEventsFlags = flags;
+
+ if (!(flags & QEventLoop::EventLoopExec)) {
+ // force timers to be sent at normal priority
+@@ -427,6 +436,7 @@ bool QEventDispatcherGlib::processEvents(QEventLoop::ProcessEventsFlags flags)
+ result = g_main_context_iteration(d->mainContext, canWait);
+
+ d->timerSource->processEventsFlags = savedFlags;
++ d->socketNotifierSource->processEventsFlags = savedFlags;
+
+ if (canWait)
+ emit awake();
+--
+2.0.0
+
diff --git a/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch b/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch
new file mode 100644
index 000000000000..b464c926b0e1
--- /dev/null
+++ b/dev-qt/qtcore/files/qtcore-4.8.5-moc-boost-lexical-cast.patch
@@ -0,0 +1,12 @@
+Index: qt-everywhere-opensource-src-4.8.9999/src/tools/moc/main.cpp
+===================================================================
+--- qt-everywhere-opensource-src-4.8.9999.orig/src/tools/moc/main.cpp
++++ qt-everywhere-opensource-src-4.8.9999/src/tools/moc/main.cpp
+@@ -190,6 +190,7 @@ int runMoc(int _argc, char **_argv)
+
+ // Workaround a bug while parsing the boost/type_traits/has_operator.hpp header. See QTBUG-22829
+ pp.macros["BOOST_TT_HAS_OPERATOR_HPP_INCLUDED"];
++ pp.macros["BOOST_LEXICAL_CAST_INCLUDED"];
+
+ QByteArray filename;
+ QByteArray output;
diff --git a/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch b/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch
new file mode 100644
index 000000000000..6d3bf2f2cde2
--- /dev/null
+++ b/dev-qt/qtcore/files/qtcore-4.8.5-qeventdispatcher-recursive.patch
@@ -0,0 +1,94 @@
+--- src/corelib/kernel/qeventdispatcher_glib.cpp.sav 2014-03-28 15:26:37.000000000 +0100
++++ src/corelib/kernel/qeventdispatcher_glib.cpp 2014-04-24 09:44:09.358659204 +0200
+@@ -255,22 +255,30 @@ struct GPostEventSource
+ GSource source;
+ QAtomicInt serialNumber;
+ int lastSerialNumber;
++ QEventLoop::ProcessEventsFlags processEventsFlags;
+ QEventDispatcherGlibPrivate *d;
+ };
+
+ static gboolean postEventSourcePrepare(GSource *s, gint *timeout)
+ {
++ GPostEventSource *source = reinterpret_cast<GPostEventSource *>(s);
+ QThreadData *data = QThreadData::current();
+ if (!data)
+ return false;
+
++ QEventLoop::ProcessEventsFlags excludeAllFlags
++ = QEventLoop::ExcludeUserInputEvents
++ | QEventLoop::ExcludeSocketNotifiers
++ | QEventLoop::X11ExcludeTimers;
++ if ((source->processEventsFlags & excludeAllFlags) == excludeAllFlags)
++ return false;
++
+ gint dummy;
+ if (!timeout)
+ timeout = &dummy;
+ const bool canWait = data->canWaitLocked();
+ *timeout = canWait ? -1 : 0;
+
+- GPostEventSource *source = reinterpret_cast<GPostEventSource *>(s);
+ return (!canWait
+ || (source->serialNumber != source->lastSerialNumber));
+ }
+@@ -284,8 +292,14 @@ static gboolean postEventSourceDispatch(
+ {
+ GPostEventSource *source = reinterpret_cast<GPostEventSource *>(s);
+ source->lastSerialNumber = source->serialNumber;
+- QCoreApplication::sendPostedEvents();
+- source->d->runTimersOnceWithNormalPriority();
++ QEventLoop::ProcessEventsFlags excludeAllFlags
++ = QEventLoop::ExcludeUserInputEvents
++ | QEventLoop::ExcludeSocketNotifiers
++ | QEventLoop::X11ExcludeTimers;
++ if ((source->processEventsFlags & excludeAllFlags) != excludeAllFlags) {
++ QCoreApplication::sendPostedEvents();
++ source->d->runTimersOnceWithNormalPriority();
++ }
+ return true; // i dunno, george...
+ }
+
+@@ -329,6 +343,7 @@ QEventDispatcherGlibPrivate::QEventDispa
+ postEventSource = reinterpret_cast<GPostEventSource *>(g_source_new(&postEventSourceFuncs,
+ sizeof(GPostEventSource)));
+ postEventSource->serialNumber = 1;
++ postEventSource->processEventsFlags = QEventLoop::AllEvents;
+ postEventSource->d = this;
+ g_source_set_can_recurse(&postEventSource->source, true);
+ g_source_attach(&postEventSource->source, mainContext);
+@@ -423,6 +438,7 @@ bool QEventDispatcherGlib::processEvents
+
+ // tell postEventSourcePrepare() and timerSource about any new flags
+ QEventLoop::ProcessEventsFlags savedFlags = d->timerSource->processEventsFlags;
++ d->postEventSource->processEventsFlags = flags;
+ d->timerSource->processEventsFlags = flags;
+ d->socketNotifierSource->processEventsFlags = flags;
+
+@@ -435,6 +451,7 @@ bool QEventDispatcherGlib::processEvents
+ while (!result && canWait)
+ result = g_main_context_iteration(d->mainContext, canWait);
+
++ d->postEventSource->processEventsFlags = savedFlags;
+ d->timerSource->processEventsFlags = savedFlags;
+ d->socketNotifierSource->processEventsFlags = savedFlags;
+
+--- src/corelib/kernel/qeventdispatcher_unix.cpp.sav 2013-06-07 07:16:52.000000000 +0200
++++ src/corelib/kernel/qeventdispatcher_unix.cpp 2014-04-24 09:43:06.927589535 +0200
+@@ -905,7 +905,15 @@ bool QEventDispatcherUNIX::processEvents
+
+ // we are awake, broadcast it
+ emit awake();
+- QCoreApplicationPrivate::sendPostedEvents(0, 0, d->threadData);
++
++ QEventLoop::ProcessEventsFlags excludeAllFlags
++ = QEventLoop::ExcludeUserInputEvents
++ | QEventLoop::ExcludeSocketNotifiers
++ | QEventLoop::X11ExcludeTimers;
++ if ((flags & excludeAllFlags) == excludeAllFlags)
++ return false;
++ if(( flags & excludeAllFlags ) != excludeAllFlags )
++ QCoreApplicationPrivate::sendPostedEvents(0, 0, d->threadData);
+
+ int nevents = 0;
+ const bool canWait = (d->threadData->canWaitLocked()
diff --git a/dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch b/dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch
new file mode 100644
index 000000000000..1d83caa3a260
--- /dev/null
+++ b/dev-qt/qtcore/files/qtcore-4.8.6-QNAM-corruptions-fix.patch
@@ -0,0 +1,431 @@
+From fa81aa6d027049e855b76f5408586a288f160575 Mon Sep 17 00:00:00 2001
+From: Markus Goetz <markus@woboq.com>
+Date: Tue, 28 Apr 2015 11:57:36 +0200
+Subject: QNAM: Fix upload corruptions when server closes connection
+
+This patch fixes several upload corruptions if the server closes the connection
+while/before we send data into it. They happen inside multiple places in the HTTP
+layer and are explained in the comments.
+Corruptions are:
+* The upload byte device has an in-flight signal with pending upload data, if
+it gets reset (because server closes the connection) then the re-send of the
+request was sometimes taking this stale in-flight pending upload data.
+* Because some signals were DirectConnection and some were QueuedConnection, there
+was a chance that a direct signal overtakes a queued signal. The state machine
+then sent data down the socket which was buffered there (and sent later) although
+it did not match the current state of the state machine when it was actually sent.
+* A socket was seen as being able to have requests sent even though it was not
+encrypted yet. This relates to the previous corruption where data is stored inside
+the socket's buffer and then sent later.
+
+The included auto test produces all fixed corruptions, I detected no regressions
+via the other tests.
+This code also adds a bit of sanity checking to protect from possible further
+problems.
+
+[ChangeLog][QtNetwork] Fix HTTP(s) upload corruption when server closes connection
+
+(cherry picked from commit qtbase/cff39fba10ffc10ee4dcfdc66ff6528eb26462d3)
+Change-Id: I9793297be6cf3edfb75b65ba03b65f7a133ef194
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/corelib/io/qnoncontiguousbytedevice.cpp | 19 +++
+ src/corelib/io/qnoncontiguousbytedevice_p.h | 4 +
+ .../access/qhttpnetworkconnectionchannel.cpp | 47 +++++-
+ src/network/access/qhttpthreaddelegate_p.h | 36 ++++-
+ src/network/access/qnetworkaccesshttpbackend.cpp | 24 ++-
+ src/network/access/qnetworkaccesshttpbackend_p.h | 5 +-
+ tests/auto/qnetworkreply/tst_qnetworkreply.cpp | 174 ++++++++++++++++++++-
+ 7 files changed, 280 insertions(+), 29 deletions(-)
+
+diff --git a/src/corelib/io/qnoncontiguousbytedevice.cpp b/src/corelib/io/qnoncontiguousbytedevice.cpp
+index bf58eee..1a0591e 100644
+--- a/src/corelib/io/qnoncontiguousbytedevice.cpp
++++ b/src/corelib/io/qnoncontiguousbytedevice.cpp
+@@ -245,6 +245,12 @@ qint64 QNonContiguousByteDeviceByteArrayImpl::size()
+ return byteArray->size();
+ }
+
++qint64 QNonContiguousByteDeviceByteArrayImpl::pos()
++{
++ return currentPosition;
++}
++
++
+ QNonContiguousByteDeviceRingBufferImpl::QNonContiguousByteDeviceRingBufferImpl(QSharedPointer<QRingBuffer> rb)
+ : QNonContiguousByteDevice(), currentPosition(0)
+ {
+@@ -296,6 +302,11 @@ qint64 QNonContiguousByteDeviceRingBufferImpl::size()
+ return ringBuffer->size();
+ }
+
++qint64 QNonContiguousByteDeviceRingBufferImpl::pos()
++{
++ return currentPosition;
++}
++
+ QNonContiguousByteDeviceIoDeviceImpl::QNonContiguousByteDeviceIoDeviceImpl(QIODevice *d)
+ : QNonContiguousByteDevice(),
+ currentReadBuffer(0), currentReadBufferSize(16*1024),
+@@ -415,6 +426,14 @@ qint64 QNonContiguousByteDeviceIoDeviceImpl::size()
+ return device->size() - initialPosition;
+ }
+
++qint64 QNonContiguousByteDeviceIoDeviceImpl::pos()
++{
++ if (device->isSequential())
++ return -1;
++
++ return device->pos();
++}
++
+ QByteDeviceWrappingIoDevice::QByteDeviceWrappingIoDevice(QNonContiguousByteDevice *bd) : QIODevice((QObject*)0)
+ {
+ byteDevice = bd;
+diff --git a/src/corelib/io/qnoncontiguousbytedevice_p.h b/src/corelib/io/qnoncontiguousbytedevice_p.h
+index b6966eb..d1a99a1 100644
+--- a/src/corelib/io/qnoncontiguousbytedevice_p.h
++++ b/src/corelib/io/qnoncontiguousbytedevice_p.h
+@@ -69,6 +69,7 @@ public:
+ virtual const char* readPointer(qint64 maximumLength, qint64 &len) = 0;
+ virtual bool advanceReadPointer(qint64 amount) = 0;
+ virtual bool atEnd() = 0;
++ virtual qint64 pos() { return -1; }
+ virtual bool reset() = 0;
+ void disableReset();
+ bool isResetDisabled() { return resetDisabled; }
+@@ -108,6 +109,7 @@ public:
+ bool atEnd();
+ bool reset();
+ qint64 size();
++ qint64 pos();
+ protected:
+ QByteArray* byteArray;
+ qint64 currentPosition;
+@@ -123,6 +125,7 @@ public:
+ bool atEnd();
+ bool reset();
+ qint64 size();
++ qint64 pos();
+ protected:
+ QSharedPointer<QRingBuffer> ringBuffer;
+ qint64 currentPosition;
+@@ -140,6 +143,7 @@ public:
+ bool atEnd();
+ bool reset();
+ qint64 size();
++ qint64 pos();
+ protected:
+ QIODevice* device;
+ QByteArray* currentReadBuffer;
+diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp
+index 550e090..db2f712 100644
+--- a/src/network/access/qhttpnetworkconnectionchannel.cpp
++++ b/src/network/access/qhttpnetworkconnectionchannel.cpp
+@@ -107,15 +107,19 @@ void QHttpNetworkConnectionChannel::init()
+ socket->setProxy(QNetworkProxy::NoProxy);
+ #endif
+
++ // We want all signals (except the interactive ones) be connected as QueuedConnection
++ // because else we're falling into cases where we recurse back into the socket code
++ // and mess up the state. Always going to the event loop (and expecting that when reading/writing)
++ // is safer.
+ QObject::connect(socket, SIGNAL(bytesWritten(qint64)),
+ this, SLOT(_q_bytesWritten(qint64)),
+- Qt::DirectConnection);
++ Qt::QueuedConnection);
+ QObject::connect(socket, SIGNAL(connected()),
+ this, SLOT(_q_connected()),
+- Qt::DirectConnection);
++ Qt::QueuedConnection);
+ QObject::connect(socket, SIGNAL(readyRead()),
+ this, SLOT(_q_readyRead()),
+- Qt::DirectConnection);
++ Qt::QueuedConnection);
+
+ // The disconnected() and error() signals may already come
+ // while calling connectToHost().
+@@ -144,13 +148,13 @@ void QHttpNetworkConnectionChannel::init()
+ // won't be a sslSocket if encrypt is false
+ QObject::connect(sslSocket, SIGNAL(encrypted()),
+ this, SLOT(_q_encrypted()),
+- Qt::DirectConnection);
++ Qt::QueuedConnection);
+ QObject::connect(sslSocket, SIGNAL(sslErrors(QList<QSslError>)),
+ this, SLOT(_q_sslErrors(QList<QSslError>)),
+ Qt::DirectConnection);
+ QObject::connect(sslSocket, SIGNAL(encryptedBytesWritten(qint64)),
+ this, SLOT(_q_encryptedBytesWritten(qint64)),
+- Qt::DirectConnection);
++ Qt::QueuedConnection);
+ }
+ #endif
+ }
+@@ -163,7 +167,8 @@ void QHttpNetworkConnectionChannel::close()
+ else
+ state = QHttpNetworkConnectionChannel::ClosingState;
+
+- socket->close();
++ if (socket)
++ socket->close();
+ }
+
+
+@@ -280,6 +285,14 @@ bool QHttpNetworkConnectionChannel::sendRequest()
+ // nothing to read currently, break the loop
+ break;
+ } else {
++ if (written != uploadByteDevice->pos()) {
++ // Sanity check. This was useful in tracking down an upload corruption.
++ qWarning() << "QHttpProtocolHandler: Internal error in sendRequest. Expected to write at position" << written << "but read device is at" << uploadByteDevice->pos();
++ Q_ASSERT(written == uploadByteDevice->pos());
++ connection->d_func()->emitReplyError(socket, reply, QNetworkReply::ProtocolFailure);
++ return false;
++ }
++
+ qint64 currentWriteSize = socket->write(readPointer, currentReadSize);
+ if (currentWriteSize == -1 || currentWriteSize != currentReadSize) {
+ // socket broke down
+@@ -639,6 +652,14 @@ bool QHttpNetworkConnectionChannel::ensureConnection()
+ }
+ return false;
+ }
++
++ // This code path for ConnectedState
++ if (pendingEncrypt) {
++ // Let's only be really connected when we have received the encrypted() signal. Else the state machine seems to mess up
++ // and corrupt the things sent to the server.
++ return false;
++ }
++
+ return true;
+ }
+
+@@ -980,6 +1001,13 @@ void QHttpNetworkConnectionChannel::_q_readyRead()
+ void QHttpNetworkConnectionChannel::_q_bytesWritten(qint64 bytes)
+ {
+ Q_UNUSED(bytes);
++
++ if (ssl) {
++ // In the SSL case we want to send data from encryptedBytesWritten signal since that one
++ // is the one going down to the actual network, not only into some SSL buffer.
++ return;
++ }
++
+ // bytes have been written to the socket. write even more of them :)
+ if (isSocketWriting())
+ sendRequest();
+@@ -1029,7 +1057,7 @@ void QHttpNetworkConnectionChannel::_q_connected()
+
+ // ### FIXME: if the server closes the connection unexpectedly, we shouldn't send the same broken request again!
+ //channels[i].reconnectAttempts = 2;
+- if (!pendingEncrypt) {
++ if (!pendingEncrypt && !ssl) { // FIXME: Didn't work properly with pendingEncrypt only, we should refactor this into an EncrypingState
+ state = QHttpNetworkConnectionChannel::IdleState;
+ if (!reply)
+ connection->d_func()->dequeueRequest(socket);
+@@ -1157,7 +1185,10 @@ void QHttpNetworkConnectionChannel::_q_proxyAuthenticationRequired(const QNetwor
+
+ void QHttpNetworkConnectionChannel::_q_uploadDataReadyRead()
+ {
+- sendRequest();
++ if (reply && state == QHttpNetworkConnectionChannel::WritingState) {
++ // There might be timing issues, make sure to only send upload data if really in that state
++ sendRequest();
++ }
+ }
+
+ #ifndef QT_NO_OPENSSL
+diff --git a/src/network/access/qhttpthreaddelegate_p.h b/src/network/access/qhttpthreaddelegate_p.h
+index 7648325..9dd0deb 100644
+--- a/src/network/access/qhttpthreaddelegate_p.h
++++ b/src/network/access/qhttpthreaddelegate_p.h
+@@ -190,6 +190,7 @@ protected:
+ QByteArray m_dataArray;
+ bool m_atEnd;
+ qint64 m_size;
++ qint64 m_pos; // to match calls of haveDataSlot with the expected position
+ public:
+ QNonContiguousByteDeviceThreadForwardImpl(bool aE, qint64 s)
+ : QNonContiguousByteDevice(),
+@@ -197,7 +198,8 @@ public:
+ m_amount(0),
+ m_data(0),
+ m_atEnd(aE),
+- m_size(s)
++ m_size(s),
++ m_pos(0)
+ {
+ }
+
+@@ -205,6 +207,11 @@ public:
+ {
+ }
+
++ qint64 pos()
++ {
++ return m_pos;
++ }
++
+ const char* readPointer(qint64 maximumLength, qint64 &len)
+ {
+ if (m_amount > 0) {
+@@ -232,11 +239,10 @@ public:
+
+ m_amount -= a;
+ m_data += a;
++ m_pos += a;
+
+- // To main thread to inform about our state
+- emit processedData(a);
+-
+- // FIXME possible optimization, already ask user thread for some data
++ // To main thread to inform about our state. The m_pos will be sent as a sanity check.
++ emit processedData(m_pos, a);
+
+ return true;
+ }
+@@ -253,10 +259,21 @@ public:
+ {
+ m_amount = 0;
+ m_data = 0;
++ m_dataArray.clear();
++
++ if (wantDataPending) {
++ // had requested the user thread to send some data (only 1 in-flight at any moment)
++ wantDataPending = false;
++ }
+
+ // Communicate as BlockingQueuedConnection
+ bool b = false;
+ emit resetData(&b);
++ if (b) {
++ // the reset succeeded, we're at pos 0 again
++ m_pos = 0;
++ // the HTTP code will anyway abort the request if !b.
++ }
+ return b;
+ }
+
+@@ -267,8 +284,13 @@ public:
+
+ public slots:
+ // From user thread:
+- void haveDataSlot(QByteArray dataArray, bool dataAtEnd, qint64 dataSize)
++ void haveDataSlot(qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize)
+ {
++ if (pos != m_pos) {
++ // Sometimes when re-sending a request in the qhttpnetwork* layer there is a pending haveData from the
++ // user thread on the way to us. We need to ignore it since it is the data for the wrong(later) chunk.
++ return;
++ }
+ wantDataPending = false;
+
+ m_dataArray = dataArray;
+@@ -288,7 +310,7 @@ signals:
+
+ // to main thread:
+ void wantData(qint64);
+- void processedData(qint64);
++ void processedData(qint64 pos, qint64 amount);
+ void resetData(bool *b);
+ };
+
+diff --git a/src/network/access/qnetworkaccesshttpbackend.cpp b/src/network/access/qnetworkaccesshttpbackend.cpp
+index cc67258..fe2f627 100644
+--- a/src/network/access/qnetworkaccesshttpbackend.cpp
++++ b/src/network/access/qnetworkaccesshttpbackend.cpp
+@@ -193,6 +193,7 @@ QNetworkAccessHttpBackendFactory::create(QNetworkAccessManager::Operation op,
+ QNetworkAccessHttpBackend::QNetworkAccessHttpBackend()
+ : QNetworkAccessBackend()
+ , statusCode(0)
++ , uploadByteDevicePosition(false)
+ , pendingDownloadDataEmissions(new QAtomicInt())
+ , pendingDownloadProgressEmissions(new QAtomicInt())
+ , loadingFromCache(false)
+@@ -610,9 +611,9 @@ void QNetworkAccessHttpBackend::postRequest()
+ forwardUploadDevice->setParent(delegate); // needed to make sure it is moved on moveToThread()
+ delegate->httpRequest.setUploadByteDevice(forwardUploadDevice);
+
+- // From main thread to user thread:
+- QObject::connect(this, SIGNAL(haveUploadData(QByteArray, bool, qint64)),
+- forwardUploadDevice, SLOT(haveDataSlot(QByteArray, bool, qint64)), Qt::QueuedConnection);
++ // From user thread to http thread:
++ QObject::connect(this, SIGNAL(haveUploadData(qint64,QByteArray,bool,qint64)),
++ forwardUploadDevice, SLOT(haveDataSlot(qint64,QByteArray,bool,qint64)), Qt::QueuedConnection);
+ QObject::connect(uploadByteDevice.data(), SIGNAL(readyRead()),
+ forwardUploadDevice, SIGNAL(readyRead()),
+ Qt::QueuedConnection);
+@@ -620,8 +621,8 @@ void QNetworkAccessHttpBackend::postRequest()
+ // From http thread to user thread:
+ QObject::connect(forwardUploadDevice, SIGNAL(wantData(qint64)),
+ this, SLOT(wantUploadDataSlot(qint64)));
+- QObject::connect(forwardUploadDevice, SIGNAL(processedData(qint64)),
+- this, SLOT(sentUploadDataSlot(qint64)));
++ QObject::connect(forwardUploadDevice,SIGNAL(processedData(qint64, qint64)),
++ this, SLOT(sentUploadDataSlot(qint64,qint64)));
+ connect(forwardUploadDevice, SIGNAL(resetData(bool*)),
+ this, SLOT(resetUploadDataSlot(bool*)),
+ Qt::BlockingQueuedConnection); // this is the only one with BlockingQueued!
+@@ -915,12 +916,21 @@ void QNetworkAccessHttpBackend::replySslConfigurationChanged(const QSslConfigura
+ void QNetworkAccessHttpBackend::resetUploadDataSlot(bool *r)
+ {
+ *r = uploadByteDevice->reset();
++ if (*r) {
++ // reset our own position which is used for the inter-thread communication
++ uploadByteDevicePosition = 0;
++ }
+ }
+
+ // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread
+-void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 amount)
++void QNetworkAccessHttpBackend::sentUploadDataSlot(qint64 pos, qint64 amount)
+ {
++ if (uploadByteDevicePosition + amount != pos) {
++ // Sanity check, should not happen.
++ error(QNetworkReply::UnknownNetworkError, "");
++ }
+ uploadByteDevice->advanceReadPointer(amount);
++ uploadByteDevicePosition += amount;
+ }
+
+ // Coming from QNonContiguousByteDeviceThreadForwardImpl in HTTP thread
+@@ -933,7 +943,7 @@ void QNetworkAccessHttpBackend::wantUploadDataSlot(qint64 maxSize)
+ QByteArray dataArray(data, currentUploadDataLength);
+
+ // Communicate back to HTTP thread
+- emit haveUploadData(dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size());
++ emit haveUploadData(uploadByteDevicePosition, dataArray, uploadByteDevice->atEnd(), uploadByteDevice->size());
+ }
+
+ /*
+diff --git a/src/network/access/qnetworkaccesshttpbackend_p.h b/src/network/access/qnetworkaccesshttpbackend_p.h
+index 13519c6..b4ed67c 100644
+--- a/src/network/access/qnetworkaccesshttpbackend_p.h
++++ b/src/network/access/qnetworkaccesshttpbackend_p.h
+@@ -112,7 +112,7 @@ signals:
+
+ void startHttpRequestSynchronously();
+
+- void haveUploadData(QByteArray dataArray, bool dataAtEnd, qint64 dataSize);
++ void haveUploadData(const qint64 pos, QByteArray dataArray, bool dataAtEnd, qint64 dataSize);
+ private slots:
+ // From HTTP thread:
+ void replyDownloadData(QByteArray);
+@@ -129,13 +129,14 @@ private slots:
+ // From QNonContiguousByteDeviceThreadForwardImpl in HTTP thread:
+ void resetUploadDataSlot(bool *r);
+ void wantUploadDataSlot(qint64);
+- void sentUploadDataSlot(qint64);
++ void sentUploadDataSlot(qint64, qint64);
+
+ bool sendCacheContents(const QNetworkCacheMetaData &metaData);
+
+ private:
+ QHttpNetworkRequest httpRequest; // There is also a copy in the HTTP thread
+ int statusCode;
++ qint64 uploadByteDevicePosition;
+ QString reasonPhrase;
+ // Will be increased by HTTP thread:
+ QSharedPointer<QAtomicInt> pendingDownloadDataEmissions;
+