From 998ca98cd0ceb465dfa175460a50d65ec3bfb265 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Tue, 21 Jun 2022 12:50:00 +0200 Subject: [PATCH] bz#2099267, backport patch to fix download problem from Settings --- ...-invalid-number-of-concurrent-stream.patch | 43 +++++++++++++++++++ qt5-qtbase.spec | 7 ++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 qt5-qtbase-fix-invalid-number-of-concurrent-stream.patch diff --git a/qt5-qtbase-fix-invalid-number-of-concurrent-stream.patch b/qt5-qtbase-fix-invalid-number-of-concurrent-stream.patch new file mode 100644 index 0000000..66ff93c --- /dev/null +++ b/qt5-qtbase-fix-invalid-number-of-concurrent-stream.patch @@ -0,0 +1,43 @@ +diff --git a/src/network/access/http2/http2protocol_p.h b/src/network/access/http2/http2protocol_p.h +index b0af5aa91921bf5229e2d54284687bafb1969eb1..ed5f2bf561f2bd62c6ef7fd1fde29e867d374603 100644 +--- a/src/network/access/http2/http2protocol_p.h ++++ b/src/network/access/http2/http2protocol_p.h +@@ -133,9 +133,6 @@ enum Http2PredefinedParameters + maxPayloadSize = (1 << 24) - 1, // HTTP/2 6.5.2 + + defaultSessionWindowSize = 65535, // HTTP/2 6.5.2 +- // Using 1000 (rather arbitrarily), just to +- // impose *some* upper limit: +- maxPeerConcurrentStreams = 1000, + maxConcurrentStreams = 100 // HTTP/2, 6.5.2 + }; + +diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp +index f513139304bba375ea3c345c74f2c889b5a13938..21f1c91e29513acff83c45b6717cd5aa25609d62 100644 +--- a/src/network/access/qhttp2protocolhandler.cpp ++++ b/src/network/access/qhttp2protocolhandler.cpp +@@ -393,7 +393,8 @@ bool QHttp2ProtocolHandler::sendRequest() + initReplyFromPushPromise(message, key); + } + +- const auto streamsToUse = std::min(maxConcurrentStreams - activeStreams.size(), ++ const auto streamsToUse = std::min(maxConcurrentStreams > activeStreams.size() ++ ? maxConcurrentStreams - activeStreams.size() : 0, + requests.size()); + auto it = requests.begin(); + for (quint32 i = 0; i < streamsToUse; ++i) { +@@ -1084,13 +1085,8 @@ bool QHttp2ProtocolHandler::acceptSetting(Http2::Settings identifier, quint32 ne + QMetaObject::invokeMethod(this, "resumeSuspendedStreams", Qt::QueuedConnection); + } + +- if (identifier == Settings::MAX_CONCURRENT_STREAMS_ID) { +- if (newValue > maxPeerConcurrentStreams) { +- connectionError(PROTOCOL_ERROR, "SETTINGS invalid number of concurrent streams"); +- return false; +- } ++ if (identifier == Settings::MAX_CONCURRENT_STREAMS_ID) + maxConcurrentStreams = newValue; +- } + + if (identifier == Settings::MAX_FRAME_SIZE_ID) { + if (newValue < Http2::minPayloadLimit || newValue > Http2::maxPayloadSize) { diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 200ecd4..e06157a 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -61,7 +61,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.15.4 -Release: 3%{?dist} +Release: 4%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -151,6 +151,7 @@ Patch100: kde-5.15-rollup-20220516.patch.gz Source100: kde-5.15-rollup-20220516.patch.gz # CVS-2021-38593 Patch101: qtbase-everywhere-src-5.15.4-cve-2021-38593.patch +Patch102: qt5-qtbase-fix-invalid-number-of-concurrent-stream.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -429,6 +430,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. ## upstream patches %patch100 -p1 %patch101 -p1 +%patch102 -p1 # move some bundled libs to ensure they're not accidentally used pushd src/3rdparty @@ -1106,6 +1108,9 @@ fi %changelog +* Tue Jun 21 2022 Than Ngo - 5.15.4-4 +- bz#2099267, backport patch to fix download problem from Settings + * Mon May 30 2022 Than Ngo - 5.15.4-3 - bz#1994719, CVE-2021-38593