For the case of static builds. Also, remove somewhat funny comment
from the shared tlshelpers.h file.
Fixes: QTBUG-105046
Pick-to: 6.4 6.2
Change-Id: I2fd677a11b64df89c0ad0237e1014f5e80144c24
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
They are already slow without ASAN, and risk running into timeouts with
ASAN enabled.
Change-Id: I427b990066d8ffa838ea90a318176fbcba400852
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This is a semantic patch using ClangTidyTransformator as in
qtbase/df9d882d41b741fef7c5beeddb0abe9d904443d8, but extended to
handle typedefs and accesses through pointers, too:
const std::string o = "object";
auto hasTypeIgnoringPointer = [](auto type) { return anyOf(hasType(type), hasType(pointsTo(type))); };
auto derivedFromAnyOfClasses = [&](ArrayRef<StringRef> classes) {
auto exprOfDeclaredType = [&](auto decl) {
return expr(hasTypeIgnoringPointer(hasUnqualifiedDesugaredType(recordType(hasDeclaration(decl))))).bind(o);
};
return exprOfDeclaredType(cxxRecordDecl(isSameOrDerivedFrom(hasAnyName(classes))));
};
auto renameMethod = [&] (ArrayRef<StringRef> classes,
StringRef from, StringRef to) {
return makeRule(cxxMemberCallExpr(on(derivedFromAnyOfClasses(classes)),
callee(cxxMethodDecl(hasName(from), parameterCountIs(0)))),
changeTo(cat(access(o, cat(to)), "()")),
cat("use '", to, "' instead of '", from, "'"));
};
renameMethod(<classes>, "count", "size");
renameMethod(<classes>, "length", "size");
except that the on() matcher has been replaced by one that doesn't
ignoreParens().
a.k.a qt-port-to-std-compatible-api V5 with config Scope: 'Container'.
Added two NOLINTNEXTLINEs in tst_qbitarray and tst_qcontiguouscache,
to avoid porting calls that explicitly test count().
Change-Id: Icfb8808c2ff4a30187e9935a51cad26987451c22
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
When 'this' is IPv6 and 'other' is Any then there is no point in testing
'other's IPv6 address.
Added extra tests against QHostAddress::Any*.
Pick-to: 6.4 6.2 5.15
Fixes: QTBUG-108103
Change-Id: I09f32b1b147b1ec8380546c91cd89684a6bebe2e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
According to the grafana dashboard it has not failed in the
past week.
Reverts ad736e9150
Pick-to: 6.4 6.2
Change-Id: I3eac3c7fd667cfe2cf951b2808dddbfed8eae087
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Two test-cases had the same name; distinguish them by the part of
their data in which they differ - one closes, the other doesn't.
Change-Id: I37051baf194bf8df742688739ad01e3335e64dc7
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Unix systems have got crash loggers in the past 15-20 years, notably
macOS and Linux (abrtd, systemd-coredumpd, etc.). By setting the core
dump limit to zero, those tools should be mostly inhibited from running
and thus not interfere with the parent process' timeouts. Even for
systems without core dump loggers, disabling the writing of a core dump
to the filesystem should also help.
Pick-to: 6.4
Change-Id: I12a088d1ae424825abd3fffd171d112d0671effe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
We've been requiring C++17 since Qt 6.0, and our qAsConst use finally
starts to bother us (QTBUG-99313), so time to port away from it
now.
Since qAsConst has exactly the same semantics as std::as_const (down
to rvalue treatment, constexpr'ness and noexcept'ness), there's really
nothing more to it than a global search-and-replace, with manual
unstaging of the actual definition and documentation in dist/,
src/corelib/doc/ and src/corelib/global/.
Task-number: QTBUG-99313
Change-Id: I4c7114444a325ad4e62d0fcbfd347d2bbfb21541
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Just in case the same test is being run in parallel. We do that by
creating a listening TCP server in the test process. This test is
supposed to test the address reusability, so a clean close on a server
that never accepted a connection should not cause reusability issues.
Change-Id: I12a088d1ae424825abd3fffd171ccfb9fc5c09ee
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
To try to figure out why QProcess::waitForReadyRead is returning false
so quickly. Though we know it's going to be "Address in use".
FAIL : tst_QTcpServer::addressReusable(WithoutProxy) 'process.waitForReadyRead(5000)' returned FALSE. (Failed to listen: The bound address is already in use
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
tcp LISTEN 0 50 127.0.0.1:49199 0.0.0.0:* users:(("crashingServer",pid=40529,fd=4))
)
Pick-to: 6.4 6.2
Change-Id: Ic43a460bfc7c7eb6379405b7a1a064e502b6fef3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
For some reason it has become extremely flaky.
Blacklist to unblock most patches.
Pick-to: 6.4 6.2
Task-number: QTBUG-107500
Change-Id: I11c3ff5e018981be46c20282fa171bce687596b2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
So we can gather statistics on whether it is still failing
Pick-to: 6.4 6.2
Change-Id: I1f4080f4d96f31ce2b689cda175af3a35563e232
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
In the presence of QT_CONFIG(opensslv30).
Fixes: QTBUG-107027
Change-Id: I481db3cdf3bbb1aa7127cc5498f0c0217df8c35b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
And don't decompress the data
Pick-to: 6.4
Fixes: QTBUG-106689
Change-Id: I93a96be8178e24ff0b0bb8647276828161445cf5
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Some errors, such as 404, may still present useful data. As opposed to
errors such as 'RemoteDisconnected'. So, just keep the data around until
the reply is deleted.
Pick-to: 6.4
Fixes: QTBUG-106573
Change-Id: I6c86b5a55a45f837ea9b42559d88cd3e0ac2fa5c
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
For some reason it fails on Ubuntu 22.04, but it's anyway
not following the trend the rest of the file uses, so just
assume it's the code at fault and fix it.
Thanks to Liang Qi for debugging this!
Pick-to: 6.4
Fixes: QTBUG-106016
Change-Id: I9d0563a081827eaa037d61643f0ea46301e11493
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Liang Qi <liang.qi@qt.io>
If we receive compressed data we will decompress it as it comes in,
in some cases the final byte we receive doesn't actually contribute
to the final output. If this byte is handled by itself then, when
combined with QNetworkReply's signal compression, we ended up not
emitting the readyRead signal for any of the data we received while
compressing the signals.
So, instead of relying on checking difference in bytes downloaded
for each batch of data received we keep track of how much data
we had received the last time we emitted readyRead.
Pick-to: 6.3 6.4 6.4.0
Fixes: QTBUG-106354
Change-Id: I4777be29b46bf0de968667e9de9d975c735ac6e6
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Because it's convenient to have it build automatically.
Pick-to: 6.2 6.3 6.4
Change-Id: Iecd5bd1f9fe518f683b8ee9eb6529e48ce76fb33
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Test was not really good to start with - it was assuming the presence of
particular ciphersuites. Furthermore, it was ignoring the fact that
TLS 1.2 and TLS 1.3 set ciphersuites differently in OpenSSL.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I6c8ba20154cdeb9275878462ab945729d6c82ecc
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
OpenSSL 3 by default disables TLS < 1.2 in the conf files. We're not
going to work against that, so we bump the version of TLS used.
Keep the client-side TLS 1.0 Or Later just to keep testing that this
part works.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ia6cb10495875de232d69a886832ae74c5f5ac15f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The initial problem was in server not starting encryption, because
its certificate was rejected by OpenSSL (v3) saying 'weak md'.
After the certificate was replaced, we got another problem - due
to the fixed TLS v.1 protocol for both client and server - handshake
is interrupted early with 'tls v1 alert' and error message
saying about not found signature algorithms. Don't fix the protocol
version, use proper QSsl::SecureProtocols (default).
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I0f22f5304f4405933ad511195bc61c640518e7d8
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
The certificate was using SHA-1 for signing its certificate, which is
considered 'not good enough' by some TLS libraries.
Regenerate it with SHA-512 and a larger RSA key.
Also include the files needed to generate it.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106018
Task-number: QTBUG-95123
Change-Id: I535e047d540e663c8cec334695196044173949fc
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
OpenSSL v3 by default sets SECLEVEL = 2 unless overridden in conf files.
SECLEVEL >= 1 means TLS <= 1.1 is disabled. Remove cases that were
previously expected to work. Arguably, we should not test deprecated
protocols at all, but the cases expecting a failure still work
and logically correct.
Task-number: QTBUG-95123
Task-number: QTBUG-106018
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Ifa59fa902b433338dbed7abf086cfdef9470384c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
With OpenSSL 3.0.5 we see X509_print giving us the text representation
not matching any of previous ones - mostly a question of spaces
and formatting. Let's add a proper version to compare against and
remove useless 0.9.8, 1.0.0, 1.0.1, - we don't support them anymore
and thus QSslCertificate::toText() will never give a match.
Pick-to: 6.4 6.3 6.2 5.15
Task-number: QTBUG-106017
Change-Id: Ida11321c23e74c7313acc682237ab78408cf2803
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
leaf.p12 is using RC2 for encryption and it's disabled by default
in openssl v3.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-106017
Change-Id: I4edd0d29506d1e50b2b618b6a00cceeb4b156204
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Because this version does not seem to like MD5 which old cert was using.
Fixes: QTBUG-106019
Pick-to: 6.4 6.3 6.2 5.15
Change-Id: Id354d1e32acb0528685b2788ee9c7326c43397bd
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Initially, stream receive window's size was quite significant.
At some point when dealing with a server that did not want
our windows' sizes and was closing the connection (they only
accept 64K) we reduced this size, which ended in a regression
with download speed significantly throttled. We return the old
values (or even more, presuming we have 10 multiplexed streams
and not 100). And also making QNAM consistent with its documentation
(it was not updated).
[ChangeLog][QtNetwork] Stream receive window that HTTP/2 protocol in QNAM is using
increased to 214748364 octets (from the previous 64K) not to throttle download
speed. Clients, working with servers, not accepting such parameters,
must set HTTP/2 configuration on their requests accordingly.
Fixes: QTBUG-105043
Pick-to: 6.4 6.3 6.2
Change-Id: I252b6b5eefe92a7304dad15c67928d5a57d9597f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Guard the test that checks the deprecated protocol versions
Task-number: QTBUG-104858
Change-Id: I1b76e08d8fc985abf758bf86198fe3d33e5497d4
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Otherwise new clients will not be handled when they try to connect
Amends 29a1fe72a0
Pick-to: 6.4
Change-Id: Ifff052d1bf27682df2782faa285a257c9b41d86f
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Not just the ones we added to the pending sockets list
Pick-to: 6.4
Change-Id: I0a0016fe39df7ca2fc3f0c4e4111195bc6d90198
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
If a client doesn't send any data then we would leave the socket open
for as long as it needed, wasting resources. Add timeouts to limit the
amount of time this can happen for.
Since there is a limit on number of sockets that the server will have
queued, having idle sockets stick around forever is a vector for ddos.
Pick-to: 6.4
Change-Id: Ida6251c92c625eeadf2065861b840b14255654b8
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
SecureTransport ignores any content that comes in until it is large
enough to be a handshake. So a plaintext client may be left hanging
while it is waiting for a response.
Pick-to: 6.4
Change-Id: I501ae61d89d516765c7ba5f0d916d9246fde5d4d
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
The vast majority of in-tree users pass simple and short C string
literals as the value. By porting to QByteArrayView, we document that
we'll accept non-NUL-terminated data, and do the NUL-termination
internally, using SSO'ed std::string, saving memory allocations in the
common case of short strings.
I didn't bother to check which direction std::string takes for
nullptrs these days (there was a change accepted in that area for
C++20 or 23), so play it safe and protect against them.
Follow-up to
Task-number: QTBUG-105302
Change-Id: I2369acc62f1d5cbc26135396cfe0602d8c75300c
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
CMakeLists.txt and .cmake files of significant size
(more than 2 lines according to our check in tst_license.pl)
now have the copyright and license header.
Existing copyright statements remain intact
Task-number: QTBUG-88621
Change-Id: I3b98cdc55ead806ec81ce09af9271f9b95af97fa
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
The certificate was updated recently and doesn't have the same
deprecated hash functions and small key size as the old one did.
Change-Id: I301ad50a96a30483b92a6e30f61e78e8d6b955ca
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
OpenSSL v3 fails to set server's certificate, complaining that
"md is too weak".
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-49205
Change-Id: Ib21b10ff13bc2621ae2aaaab962efaaf77a854bc
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
The iBridge interface is used for the keyboard touch bar, and the Apple
Wireless Direct Link interfaces are used by Apple for various purposes.
Setting up a server on these interfaces does not work.
Only the tst_QTcpServer::linkLocal unit test on macOS is affected by
this change.
Fixes: QTBUG-103892
Change-Id: I29701ce51d5e40dff6c59547a8639c1fba330d36
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Many algorithms (ciphers etc.) had become 'legacy' in OpenSSL v3,
meaning they are not available by default. Since we don't mess with
loading providers and don't load the 'legacy' one, we have to
skip tests involving such algorithms.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-104232
Change-Id: Ieceabeb080e531aeb24f733cb8c83ad08a25049c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Our limit of 8k for a single header field was too small for certain
services which returned Location values or WWW-Authenticate challenges
longer than 8k.
Instead, taking inspiration from Chromium, we have a limit of 250k for
the full header itself. And increasing our field limit to 100k, which
would occupy almost half of what the total header allows.
Also took the opportunity to make it adjustable from the outside so we
can set more strict limits in other components.
Fixes: QTBUG-104132
Pick-to: 6.3 6.4
Change-Id: Ibbe139445e79baaef30829cfbc9a59f884e96293
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
This was unblacklisted in b885820c39
however it is still very flaky.
Change-Id: If9796231c584c894387106dfeb262c9eb4ce73f5
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
It would not compile on my Linux box due to using QVariantMap, but not
actually including QMap itself. Using gcc 9.3.1 on CentOS 7.
Pick-to: 6.3 6.4
Change-Id: I808a270c814a906030cb34b197d3a2a85ba384e1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
