From f9473dd74f076c2dc02435513a9d774e1afa565d Mon Sep 17 00:00:00 2001 From: tobtoht Date: Fri, 27 Sep 2024 12:35:40 +0200 Subject: [PATCH] depends: qt: update to 6.7.3 --- contrib/depends/packages/native_qt.mk | 12 +- contrib/depends/packages/qt.mk | 16 +- .../depends/patches/qt/CVE-2024-39936.patch | 235 ------------------ 3 files changed, 13 insertions(+), 250 deletions(-) delete mode 100644 contrib/depends/patches/qt/CVE-2024-39936.patch diff --git a/contrib/depends/packages/native_qt.mk b/contrib/depends/packages/native_qt.mk index 4a89a5b..f63868f 100644 --- a/contrib/depends/packages/native_qt.mk +++ b/contrib/depends/packages/native_qt.mk @@ -1,9 +1,9 @@ package=native_qt -$(package)_version=6.7.2 +$(package)_version=6.7.3 $(package)_download_path=https://download.qt.io/official_releases/qt/6.7/$($(package)_version)/submodules $(package)_suffix=everywhere-src-$($(package)_version).tar.xz $(package)_file_name=qtbase-$($(package)_suffix) -$(package)_sha256_hash=c5f22a5e10fb162895ded7de0963328e7307611c688487b5d152c9ee64767599 +$(package)_sha256_hash=8ccbb9ab055205ac76632c9eeddd1ed6fc66936fc56afc2ed0fd5d9e23da3097 $(package)_qt_libs=corelib network widgets gui plugins testlib $(package)_patches = dont_hardcode_pwd.patch $(package)_patches += fast_fixed_dtoa_no_optimize.patch @@ -13,16 +13,16 @@ $(package)_patches += rcc_hardcode_timestamp.patch $(package)_patches += root_CMakeLists.txt $(package)_qttools_file_name=qttools-$($(package)_suffix) -$(package)_qttools_sha256_hash=58e855ad1b2533094726c8a425766b63a04a0eede2ed85086860e54593aa4b2a +$(package)_qttools_sha256_hash=f03bb7df619cd9ac9dba110e30b7bcab5dd88eb8bdc9cc752563b4367233203f $(package)_qtsvg_file_name=qtsvg-$($(package)_suffix) -$(package)_qtsvg_sha256_hash=fb0d1286a35be3583fee34aeb5843c94719e07193bdf1d4d8b0dc14009caef01 +$(package)_qtsvg_sha256_hash=40142cb71fb1e07ad612bc361b67f5d54cd9367f9979ae6b86124a064deda06b $(package)_qtmultimedia_file_name=qtmultimedia-$($(package)_suffix) -$(package)_qtmultimedia_sha256_hash=8ef835115acb9a1d3d2c9f23cfacb43f2c537e3786a8ab822299a2a7765651d3 +$(package)_qtmultimedia_sha256_hash=304d28b8e592435293893b0110d5f3534407604d1e04d8a0b0e5b34afe577303 $(package)_qtshadertools_file_name=qtshadertools-$($(package)_suffix) -$(package)_qtshadertools_sha256_hash=edfa34c0ac8c00fcaa949df1d8e7a77d89dadd6386e683ce6c3e3b117e2f7cc1 +$(package)_qtshadertools_sha256_hash=74e512798c7ddbda354a2d8d975211454bbabb47afb7e598892067a5828c0995 $(package)_extra_sources += $($(package)_qttools_file_name) $(package)_extra_sources += $($(package)_qtsvg_file_name) diff --git a/contrib/depends/packages/qt.mk b/contrib/depends/packages/qt.mk index aaa1fd1..04470c2 100644 --- a/contrib/depends/packages/qt.mk +++ b/contrib/depends/packages/qt.mk @@ -1,9 +1,9 @@ package=qt -$(package)_version=6.7.2 +$(package)_version=6.7.3 $(package)_download_path=https://download.qt.io/official_releases/qt/6.7/$($(package)_version)/submodules $(package)_suffix=everywhere-src-$($(package)_version).tar.xz $(package)_file_name=qtbase-$($(package)_suffix) -$(package)_sha256_hash=c5f22a5e10fb162895ded7de0963328e7307611c688487b5d152c9ee64767599 +$(package)_sha256_hash=8ccbb9ab055205ac76632c9eeddd1ed6fc66936fc56afc2ed0fd5d9e23da3097 $(package)_darwin_dependencies=native_cctools native_qt openssl $(package)_mingw32_dependencies=openssl native_qt $(package)_linux_dependencies=openssl native_qt freetype fontconfig libxcb libxkbcommon libxcb_util libxcb_util_render libxcb_util_keysyms libxcb_util_image libxcb_util_wm libxcb_util_cursor dbus @@ -22,23 +22,22 @@ $(package)_patches += revert-macOS-Silence-warning-about-supporting-secure.patch $(package)_patches += no-resonance-audio.patch $(package)_patches += fix_static_qt_darwin_camera_permissions.patch $(package)_patches += revert-f67ee7c39.patch -$(package)_patches += CVE-2024-39936.patch #$(package)_patches += fix-static-fontconfig-static-linking.patch $(package)_qttools_file_name=qttools-$($(package)_suffix) -$(package)_qttools_sha256_hash=58e855ad1b2533094726c8a425766b63a04a0eede2ed85086860e54593aa4b2a +$(package)_qttools_sha256_hash=f03bb7df619cd9ac9dba110e30b7bcab5dd88eb8bdc9cc752563b4367233203f $(package)_qtsvg_file_name=qtsvg-$($(package)_suffix) -$(package)_qtsvg_sha256_hash=fb0d1286a35be3583fee34aeb5843c94719e07193bdf1d4d8b0dc14009caef01 +$(package)_qtsvg_sha256_hash=40142cb71fb1e07ad612bc361b67f5d54cd9367f9979ae6b86124a064deda06b $(package)_qtwebsockets_file_name=qtwebsockets-$($(package)_suffix) -$(package)_qtwebsockets_sha256_hash=5bde4af6ec9ce8c8632b782ab77b82d910721be2c714e6d38902521bcd1d215f +$(package)_qtwebsockets_sha256_hash=ba03007db7ee68a5bc3e3bd1d71e11f3e1f84e470bcb8c54cd7c01bbe1c5990e $(package)_qtmultimedia_file_name=qtmultimedia-$($(package)_suffix) -$(package)_qtmultimedia_sha256_hash=8ef835115acb9a1d3d2c9f23cfacb43f2c537e3786a8ab822299a2a7765651d3 +$(package)_qtmultimedia_sha256_hash=304d28b8e592435293893b0110d5f3534407604d1e04d8a0b0e5b34afe577303 $(package)_qtshadertools_file_name=qtshadertools-$($(package)_suffix) -$(package)_qtshadertools_sha256_hash=edfa34c0ac8c00fcaa949df1d8e7a77d89dadd6386e683ce6c3e3b117e2f7cc1 +$(package)_qtshadertools_sha256_hash=74e512798c7ddbda354a2d8d975211454bbabb47afb7e598892067a5828c0995 $(package)_extra_sources += $($(package)_qttools_file_name) $(package)_extra_sources += $($(package)_qtsvg_file_name) @@ -200,7 +199,6 @@ define $(package)_preprocess_cmds patch -p1 -i $($(package)_patch_dir)/libxau-fix.patch && \ patch -p1 -i $($(package)_patch_dir)/revert-macOS-Silence-warning-about-supporting-secure.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_static_qt_darwin_camera_permissions.patch && \ - patch -p1 -i $($(package)_patch_dir)/CVE-2024-39936.patch && \ cd ../qtmultimedia && \ patch -p1 -i $($(package)_patch_dir)/qtmultimedia-fixes.patch && \ patch -p1 -i $($(package)_patch_dir)/v4l2.patch && \ diff --git a/contrib/depends/patches/qt/CVE-2024-39936.patch b/contrib/depends/patches/qt/CVE-2024-39936.patch deleted file mode 100644 index 440e0cc..0000000 --- a/contrib/depends/patches/qt/CVE-2024-39936.patch +++ /dev/null @@ -1,235 +0,0 @@ -From 2b1e36e183ce75c224305c7a94457b92f7a5cf58 Mon Sep 17 00:00:00 2001 -From: MÃ¥rten Nordheim -Date: Tue, 25 Jun 2024 17:09:35 +0200 -Subject: [PATCH] HTTP2: Delay any communication until encrypted() can be responded to - -We have the encrypted() signal that lets users do extra checks on the -established connection. It is emitted as BlockingQueued, so the HTTP -thread stalls until it is done emitting. Users can potentially call -abort() on the QNetworkReply at that point, which is passed as a Queued -call back to the HTTP thread. That means that any currently queued -signal emission will be processed before the abort() call is processed. - -In the case of HTTP2 it is a little special since it is multiplexed and -the code is built to start requests as they are available. This means -that, while the code worked fine for HTTP1, since one connection only -has one request, it is not working for HTTP2, since we try to send more -requests in-between the encrypted() signal and the abort() call. - -This patch changes the code to delay any communication until the -encrypted() signal has been emitted and processed, for HTTP2 only. -It's done by adding a few booleans, both to know that we have to return -early and so we can keep track of what events arose and what we need to -resume once enough time has passed that any abort() call must have been -processed. - -Fixes: QTBUG-126610 -Pick-to: 6.5 6.2 5.15 5.12 -Change-Id: Ic25a600c278203256e35f541026f34a8783235ae -Reviewed-by: Marc Mutz -Reviewed-by: Volker Hilsheimer -(cherry picked from commit b1e75376cc3adfc7da5502a277dfe9711f3e0536) -Reviewed-by: Qt Cherry-pick Bot -(cherry picked from commit 0fb43e4395da34d561814242a0186999e4956e28) ---- - -diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp -index 0abd99b..3631b13 100644 ---- a/src/network/access/qhttp2protocolhandler.cpp -+++ b/src/network/access/qhttp2protocolhandler.cpp -@@ -303,12 +303,12 @@ - } - } - -- if (!prefaceSent && !sendClientPreface()) -- return false; -- - if (!requests.size()) - return true; - -+ if (!prefaceSent && !sendClientPreface()) -+ return false; -+ - m_channel->state = QHttpNetworkConnectionChannel::WritingState; - // Check what was promised/pushed, maybe we do not have to send a request - // and have a response already? -diff --git a/src/network/access/qhttpnetworkconnectionchannel.cpp b/src/network/access/qhttpnetworkconnectionchannel.cpp -index 6766989..1e4161d 100644 ---- a/src/network/access/qhttpnetworkconnectionchannel.cpp -+++ b/src/network/access/qhttpnetworkconnectionchannel.cpp -@@ -209,6 +209,10 @@ - bool QHttpNetworkConnectionChannel::sendRequest() - { - Q_ASSERT(protocolHandler); -+ if (waitingForPotentialAbort) { -+ needInvokeSendRequest = true; -+ return false; // this return value is unused -+ } - return protocolHandler->sendRequest(); - } - -@@ -221,21 +225,28 @@ - void QHttpNetworkConnectionChannel::sendRequestDelayed() - { - QMetaObject::invokeMethod(this, [this] { -- Q_ASSERT(protocolHandler); - if (reply) -- protocolHandler->sendRequest(); -+ sendRequest(); - }, Qt::ConnectionType::QueuedConnection); - } - - void QHttpNetworkConnectionChannel::_q_receiveReply() - { - Q_ASSERT(protocolHandler); -+ if (waitingForPotentialAbort) { -+ needInvokeReceiveReply = true; -+ return; -+ } - protocolHandler->_q_receiveReply(); - } - - void QHttpNetworkConnectionChannel::_q_readyRead() - { - Q_ASSERT(protocolHandler); -+ if (waitingForPotentialAbort) { -+ needInvokeReadyRead = true; -+ return; -+ } - protocolHandler->_q_readyRead(); - } - -@@ -1239,7 +1250,18 @@ - if (!h2RequestsToSend.isEmpty()) { - // Similar to HTTP/1.1 counterpart below: - const auto &pair = std::as_const(h2RequestsToSend).first(); -+ waitingForPotentialAbort = true; - emit pair.second->encrypted(); -+ -+ // We don't send or handle any received data until any effects from -+ // emitting encrypted() have been processed. This is necessary -+ // because the user may have called abort(). We may also abort the -+ // whole connection if the request has been aborted and there is -+ // no more requests to send. -+ QMetaObject::invokeMethod(this, -+ &QHttpNetworkConnectionChannel::checkAndResumeCommunication, -+ Qt::QueuedConnection); -+ - // In case our peer has sent us its settings (window size, max concurrent streams etc.) - // let's give _q_receiveReply a chance to read them first ('invokeMethod', QueuedConnection). - } -@@ -1257,6 +1279,28 @@ - QMetaObject::invokeMethod(connection, "_q_startNextRequest", Qt::QueuedConnection); - } - -+ -+void QHttpNetworkConnectionChannel::checkAndResumeCommunication() -+{ -+ Q_ASSERT(connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2 -+ || connection->connectionType() == QHttpNetworkConnection::ConnectionTypeHTTP2Direct); -+ -+ // Because HTTP/2 requires that we send a SETTINGS frame as the first thing we do, and respond -+ // to a SETTINGS frame with an ACK, we need to delay any handling until we can ensure that any -+ // effects from emitting encrypted() have been processed. -+ // This function is called after encrypted() was emitted, so check for changes. -+ -+ if (!reply && h2RequestsToSend.isEmpty()) -+ abort(); -+ waitingForPotentialAbort = false; -+ if (needInvokeReadyRead) -+ _q_readyRead(); -+ if (needInvokeReceiveReply) -+ _q_receiveReply(); -+ if (needInvokeSendRequest) -+ sendRequest(); -+} -+ - void QHttpNetworkConnectionChannel::requeueHttp2Requests() - { - const auto h2RequestsToSendCopy = std::exchange(h2RequestsToSend, {}); -diff --git a/src/network/access/qhttpnetworkconnectionchannel_p.h b/src/network/access/qhttpnetworkconnectionchannel_p.h -index c42290f..061f20f 100644 ---- a/src/network/access/qhttpnetworkconnectionchannel_p.h -+++ b/src/network/access/qhttpnetworkconnectionchannel_p.h -@@ -74,6 +74,10 @@ - QAbstractSocket *socket; - bool ssl; - bool isInitialized; -+ bool waitingForPotentialAbort = false; -+ bool needInvokeReceiveReply = false; -+ bool needInvokeReadyRead = false; -+ bool needInvokeSendRequest = false; - ChannelState state; - QHttpNetworkRequest request; // current request, only used for HTTP - QHttpNetworkReply *reply; // current reply for this request, only used for HTTP -@@ -146,6 +150,8 @@ - void closeAndResendCurrentRequest(); - void resendCurrentRequest(); - -+ void checkAndResumeCommunication(); -+ - bool isSocketBusy() const; - bool isSocketWriting() const; - bool isSocketWaiting() const; -diff --git a/tests/auto/network/access/http2/tst_http2.cpp b/tests/auto/network/access/http2/tst_http2.cpp -index 00efbc9..c02e7b7 100644 ---- a/tests/auto/network/access/http2/tst_http2.cpp -+++ b/tests/auto/network/access/http2/tst_http2.cpp -@@ -106,6 +106,8 @@ - - void duplicateRequestsWithAborts(); - -+ void abortOnEncrypted(); -+ - protected slots: - // Slots to listen to our in-process server: - void serverStarted(quint16 port); -@@ -1479,6 +1481,48 @@ - QCOMPARE(finishedCount, ExpectedSuccessfulRequests); - } - -+void tst_Http2::abortOnEncrypted() -+{ -+#if !QT_CONFIG(ssl) -+ QSKIP("TLS support is needed for this test"); -+#else -+ clearHTTP2State(); -+ serverPort = 0; -+ -+ ServerPtr targetServer(newServer(defaultServerSettings, H2Type::h2Direct)); -+ -+ QMetaObject::invokeMethod(targetServer.data(), "startServer", Qt::QueuedConnection); -+ runEventLoop(); -+ -+ nRequests = 1; -+ nSentRequests = 0; -+ -+ const auto url = requestUrl(H2Type::h2Direct); -+ QNetworkRequest request(url); -+ request.setAttribute(QNetworkRequest::Http2DirectAttribute, true); -+ -+ std::unique_ptr reply{manager->get(request)}; -+ reply->ignoreSslErrors(); -+ connect(reply.get(), &QNetworkReply::encrypted, reply.get(), [reply = reply.get()](){ -+ reply->abort(); -+ }); -+ connect(reply.get(), &QNetworkReply::errorOccurred, this, &tst_Http2::replyFinishedWithError); -+ -+ runEventLoop(); -+ STOP_ON_FAILURE -+ -+ QCOMPARE(nRequests, 0); -+ QCOMPARE(reply->error(), QNetworkReply::OperationCanceledError); -+ -+ const bool res = QTest::qWaitFor( -+ [this, server = targetServer.get()]() { -+ return serverGotSettingsACK || prefaceOK || nSentRequests > 0; -+ }, -+ 500); -+ QVERIFY(!res); -+#endif // QT_CONFIG(ssl) -+} -+ - void tst_Http2::serverStarted(quint16 port) - { - serverPort = port;