[neon/qt/qtbase/Neon/release] debian: Backport upstream patch to remove limit on the number of HTTP/2 streams.
Dmitry Shachnev
null at kde.org
Thu Jul 14 14:50:52 BST 2022
Git commit 3dc9b03566bade57e720989321728a19dd8c761d by Dmitry Shachnev.
Committed on 20/06/2022 at 20:29.
Pushed by jriddell into branch 'Neon/release'.
Backport upstream patch to remove limit on the number of HTTP/2 streams.
Fixes https://bugs.kde.org/show_bug.cgi?id=455540.
M +2 -0 debian/changelog
A +50 -0 debian/patches/remove_limit_on_number_of_streams.diff
M +1 -0 debian/patches/series
https://invent.kde.org/neon/qt/qtbase/commit/3dc9b03566bade57e720989321728a19dd8c761d
diff --git a/debian/changelog b/debian/changelog
index 8342cd1..27385b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ qtbase-opensource-src (5.15.5+dfsg-2) UNRELEASED; urgency=medium
[ Dmitry Shachnev ]
* Restore CVE-2021-38593.diff, 3 of 4 commits are still applicable.
* Update symbols files from buildds’ logs.
+ * Backport upstream patch to remove limit on the number of HTTP/2 streams.
+ Fixes https://bugs.kde.org/show_bug.cgi?id=455540.
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 20 Jun 2022 23:08:28 +0300
diff --git a/debian/patches/remove_limit_on_number_of_streams.diff b/debian/patches/remove_limit_on_number_of_streams.diff
new file mode 100644
index 0000000..0d71c56
--- /dev/null
+++ b/debian/patches/remove_limit_on_number_of_streams.diff
@@ -0,0 +1,50 @@
+Description: H2: remove a rather useless limit on the number of streams
+ SETTINGS for max concurrect number of streams is 'one direction' - this
+ is how our peer conveys the possible number of streams _we_ can open,
+ not _them_. If they choose to have it unlimited - let it be so.
+ .
+ It's possible to send 0 as maximum number, also, it's possible to
+ reduce the maximum compared to initial at some point - then I have
+ to avoid integer overflows.
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=46940ca73791e87e
+Last-Update: 2022-06-20
+
+--- a/src/network/access/http2/http2protocol_p.h
++++ b/src/network/access/http2/http2protocol_p.h
+@@ -133,9 +133,6 @@ enum Http2PredefinedParameters
+ maxPayloadSize = (1 << 24) - 1, // HTTP/2 6.5.2
+
+ defaultSessionWindowSize = 65535, // HTTP/2 6.5.2
+- // Using 1000 (rather arbitrarily), just to
+- // impose *some* upper limit:
+- maxPeerConcurrentStreams = 1000,
+ maxConcurrentStreams = 100 // HTTP/2, 6.5.2
+ };
+
+--- a/src/network/access/qhttp2protocolhandler.cpp
++++ b/src/network/access/qhttp2protocolhandler.cpp
+@@ -393,7 +393,8 @@ bool QHttp2ProtocolHandler::sendRequest(
+ initReplyFromPushPromise(message, key);
+ }
+
+- const auto streamsToUse = std::min<quint32>(maxConcurrentStreams - activeStreams.size(),
++ const auto streamsToUse = std::min<quint32>(maxConcurrentStreams > activeStreams.size()
++ ? maxConcurrentStreams - activeStreams.size() : 0,
+ requests.size());
+ auto it = requests.begin();
+ for (quint32 i = 0; i < streamsToUse; ++i) {
+@@ -1084,13 +1085,8 @@ bool QHttp2ProtocolHandler::acceptSettin
+ QMetaObject::invokeMethod(this, "resumeSuspendedStreams", Qt::QueuedConnection);
+ }
+
+- if (identifier == Settings::MAX_CONCURRENT_STREAMS_ID) {
+- if (newValue > maxPeerConcurrentStreams) {
+- connectionError(PROTOCOL_ERROR, "SETTINGS invalid number of concurrent streams");
+- return false;
+- }
++ if (identifier == Settings::MAX_CONCURRENT_STREAMS_ID)
+ maxConcurrentStreams = newValue;
+- }
+
+ if (identifier == Settings::MAX_FRAME_SIZE_ID) {
+ if (newValue < Http2::minPayloadLimit || newValue > Http2::maxPayloadSize) {
diff --git a/debian/patches/series b/debian/patches/series
index fd21d43..41e7515 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,7 @@ CVE-2021-38593.diff
openssl3.diff
CVE-2022-25255.diff
moc_handle_include.diff
+remove_limit_on_number_of_streams.diff
# Debian specific.
gnukfreebsd.diff
More information about the Neon-commits
mailing list