Tuukka Turunen

Heartbleed Bug (CVE-2014-0160) and Qt

Published Thursday April 10th, 2014 | by

Although Qt as such is not affected by the Heartbleed Bug (CVE-2014-0160) found in OpenSSL, it affects users of Qt, so I wanted to write a short summary about the topic.

As defined at http://heartbleed.com:

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Qt as such does not include OpenSSL, but when OpenSSL is installed in the system Qt applications can use it. Thus, depending on what OpenSSL version you have in the system, your Qt based application may be affected by this vulnerability if you use OpenSSL functionality. OpenSSL versions 1.0.1 older than 1.0.1g are vulnerable. Also OpenSSL versions older than 1.0.1 are recommended to be updated to 1.0.1g, although they are not subject to this vulnerability. The fix for OpenSSL is already available, and all users of vulnerable OpenSSL versions should migrate to OpenSSL version 1.0.1g or recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

The servers of Qt Project and Digia are all updated and not affected by the vulnerability any more. Those servers that may have been affected by the vulnerability are now throughly checked and certificates will be changed. Also all Qt Cloud Services have been updated to latest OpenSSL. Similarly as all Qt users leveraging OpenSSL, the users of Qt Cloud Services client library should check that they use the fixed OpenSSL version in their applications. We will send dedicated email communications to users of Qt Cloud Services about this.

We have now gone through in detail all of our around 30 Qt related services that use SSL/TLS functionality. It is always good practise to regularly change your passwords, but there is no need to do so in the Qt servers due to the Heartbleed Bug. For example Qt Account, Bugreports, qt.digia.com, qt-project.org and Codereview were never vulnerable by the Heartbleed Bug. We will revoke and change certificates as a security precaution. Some of these are already done and some are in progress.

There is also a minor risk for vulnerability via the Qt Enterprise and Qt Mobile online installers, which use https communications. Unfortunately some of the Qt online installers and the distribution servers used for Open-source downloads are affected by the Heartbleed Bug vulnerability. We are in progress of updating the installer framework and creating new installers, which are estimated to be available during next week.

We have also notified users of Qt Enterprise Embedded about the vulnerability and instructions to avoid it. Next release of the Qt Enterprise Embedded reference stack contains the fixed version of OpenSSL.

If you have any questions, please do not hesitate to contact Qt Enterprise support via your Qt Account or Qt Project security mailing list.

 

3 Comments


Posted in Security

Qt 5.3 Beta Released

Published Tuesday March 25th, 2014 | by

Great News! Qt 5.3 Beta is now available for download. Qt 5.3 Alpha was released about 3 weeks ago and I am really happy to announce that we now have the Qt 5.3 Beta with updated functionality and binary installers. 

Qt 5.3 is mainly focusing on quality and performance improvements, but we also have a nice set of new features available. With Qt 5.3 Beta we are introducing Beta support for Windows Runtime with final support for the platform coming in Qt 5.4. In addition, Qt 5.3 Beta also provides VS2013 binary installers.

Highlights of Qt 5.3 Beta include:

  • New QQuickWidget providing improved integration between Qt Widgets and Qt Quick
  • New Qt WebSockets module got added featuring full support for the web socket protocol (RFC 6455)
  • Major improvements to printing support
  • Major improvements for iOS and Android ports such as:
    • Better input method support for iOS (including also Chinese),
    • Positioning support for Android and iOS
    • Bluetooth for Android
    • …  and many more
  • Support for Windows Runtime platforms: Windows 8/RT (Modern UI), Windows Phone 8
  • New target binaries: Qt for VS2013 (32 and 64 bit, OpenGL and Angle), as well as Qt for WinRT and Qt for Windows Phone
  • Qt Creator 3.1 Beta included in the installers

Read more…

33 Comments


Posted in Releases, WinRT

Embedded World Revisited

Published Wednesday March 12th, 2014 | by

Embedded World 2014 was a great event and we had busy 3 days showing over 15 great Qt demos shown together with our customers and partners. So, a big thank you to everyone who joined us at Embedded World 2014! Below is just a small snippet from the three days packed full of demos, discussions, “LIVE Qt Coding” theatre sessions and a lot of networking!

If you want to check details of the demos we showed together with our customers and partners, please visit our Embedded World 2014 event page.

To get started with Qt Enterprise Embedded, check out our Free 30-day Trial, or contact us to learn more.

Comments Off


Posted in Customers, Embedded, Events, Partners, Qt in use

Major Update to Qt Enterprise Embedded Released

Published Tuesday February 25th, 2014 | by

I am really excited to announce a major update to our embedded offering. The new version of Qt Enterprise Embedded brings many valuable and highly requested features available to all our embedded customers. Combined with the features of the first version, the new release sets ease and productivity of Qt development for embedded targets to a level it has never been before.

Qt Enterprise Embedded brings flexibility to embedded development for creation of beautiful, high-performing and modern UIs. With built-in, fully integrated, productivity-enhancing tools, embedded software development becomes a breeze. The pre-configured embedded development environment, pre-built Qt optimized software stack for immediate deployment to reference boards and a large set of value-add components and tools allows developers to get up and running immediately. With Qt Enterprise Embedded it is possible to have a working embedded project prototype from day one – and continue with unparalleled productivity and time-to-market throughout the project.

Highlights of the new features of today’s release include:

  • Qt-optimized Yocto recipes for building your own embedded Linux stack
  • Boot to Qt stack updated to use Qt 5.2.1
  • Emulator graphics performance and quality improved with GL-streaming
  • Qt Virtual Keyboard integrated
  • Qt Quick Enterprise Controls integrated
  • Qt Charts integrated
  • BeagleBone Black added as a reference device for both embedded Linux and embedded Android
  • WiFi networking and Ethernet connectivity support implemented for embedded Android
  • Updated GDB for embedded Android toolchain

 
Read more…

Comments Off


Posted in Android, Build system, Embedded, Qt Simulator, Qtopia, Releases

Qt 5.2.1 Released

Published Wednesday February 5th, 2014 | by

Today, we have released Qt 5.2.1. It provides many improvements over Qt 5.2.0 as well as packages Qt Creator 3.0.1. As a patch release, it does not add new features and remains binary compatible with Qt 5.2.0.

Qt 5.2 introduced new iOS and Android ports, as well as a hefty amount of other new functionality. Based on the feedback received from the Qt Enterprise and Qt Mobile customers as well as the whole Qt community, Qt 5.2.1 is providing many improvements.

The most notable improvements in Qt 5.2.1 are numerous JavaScript and QML specific performance optimisations in the new Qt Quick Engine, as well as fixes in the iOS and Android ports. With Qt 5.2.1 we use iOS 7.0 SDK for building the Qt for iOS binaries and can now leverage the latest functionality. The binaries are still compatible with older iOS versions, so applications work on all supported iOS versions. We have also made the “Getting Started” documentation for Android and iOS and examples easier to use as well as fine tuned many other items.

For a detailed list of changes in Qt 5.2.1, please have a look at the change files within each module, as well as the Qt Creator 3.0.1 release announcement.
Read more…

45 Comments


Posted in Releases

New Virtual Keyboard for Qt Enterprise

Published Tuesday February 4th, 2014 | by

One of the items those who create embedded touchscreen devices with Qt often request is a good, extensible virtual keyboard. We have listened, and I am extremely happy to announce that a Technology Preview of the new Qt Virtual Keyboard is available as a value-add component for Qt Enterprise customers.

There is already a simple virtual keyboard available for Qt Enterprise Embedded, but now we are releasing a Technology Preview of a new and completely re-implemented virtual keyboard. It provides a solid base to be used in various different embedded devices, especially ones with a touchscreen user interface. Because the virtual keyboard is fully licensed under Qt Enterprise, it can easily be included into all kinds of embedded devices without concerns for 3rd party license compatibility, as well as extended with both commercial and open-source spell checkers and word prediction engines. The new virtual keyboard allows for a fully custom visual appearance. We provide two example styles with the Technology  Preview: one modern and one retro style.

English keyboard layout:

vkb1

Read more…

6 Comments


Posted in Embedded, Releases

Season’s Greetings from Qt Hackathon

Published Thursday December 19th, 2013 | by

With Qt 5.2 and Creator 3.0 released, we decided to shift towards the right holiday mood and arranged a Qt Hackathon event. On Wednesday noon 22 project teams across all our main development sites set off to compete for the coolest and craziest things we can do with Qt 5.2. During the next 24 hours we would see which team would have what it takes to hack through the night and complete something the other teams would vote to be the best!

As we all know, Qt offers extreme versatility and one can create pretty much anything with it. So we also had everything ranging from potential new features in Qt and tooling, via cloud based utility applications and awesome games, to drawing pictures with lasers and controlling robots with Qt. We also had great fun just hacking together as well as sharing experiences across different sites.

So, after 24 hours of fun we gathered together to see what each team had created and voted for the best ones, which were:

  • Greatest demo for Qt marketing: QtLaserScanner - Qt Enterprise Embedded demo application that controls galvanometer laser scanner
  • Biggest potential Qt future feature: QtQuickWidget - Prototype a better way to combine QtQuick, QWidget and OpenGL
  • Most creative domain to use Qt in: Lego Mindstorms - Port Qt 5.2 to Lego™ Mindstorms (and create a remote control app with Qt for Android)

In addition to the winners we think quite many of the topics are worth more research and development – and we might even see some of these becoming part of Qt and its tooling in the not too distant future.

With these greetings and some pictures from our Qt Hackathon the whole Qt organization at Digia wishes happy holidays for everyone – and happy hacking!

 

Comfortable coding:

hack3

 

Planning is everything:

hack2

 

Getting Qt 5.2 running in Lego™ Mindstorms EV3:

Running Qt in Lego Mindstrom EV3

 

Late night snack at Berlin:

snack

 

Laser control with Qt Enterprise Embedded:

laser

 

Some of our happy winners:

some_happy_winners_take2

10 Comments


Posted in Events

KDE Free Qt Foundation Agreement Amended to Cover Qt for Android Port

Published Tuesday December 3rd, 2013 | by

The Qt for Android port is approaching a major milestone. With the final release of Qt 5.2, Android will become a Qt reference (Tier 1) configuration. The work with the Qt for Android port has been actively ongoing for the past year within the Qt Project, and before that, as part of the Necessitas project hosted by KDE. The authors of Necessitas contributed their work to the Qt Project  in the autumn of 2012, which gave a tremendous boost to the development of the port. The dual licensing model of the Qt Project allows both commercial and open-source licensees to benefit from the possibility of running Qt applications on Android devices.

I am very happy to announce that Digia and the KDE Free Qt Foundation have also included the Qt Android port into the KDE Free Qt Foundation Agreement. Via this agreement Android is treated similarly as the KDE Window System. This agreement is the ultimate guarantee that Digia wants to keep both commercial and open-source versions of Qt viable. Although the money to keep Qt R&D ongoing comes from the paid versions of Qt, we believe that the best way to stay ahead and keep Qt as the leading cross-platform application and UI framework is to develop Qt in the open.

I want to once more thank Mr. BogDan Vatra, Mr. Raymond Donnelly, and all the other pioneers who started the Qt for Android port in the Necessitas project, as well as everyone who has contributed to it within the Qt Project. Based on this work, millions of Android users will be able to enjoy the great applications developed with Qt.

Some background and thoughts on this are available in blog post by BogDan.

3 Comments


Posted in Android, KDE

Temporary Moderation of Comments in the Qt Blog

Published Friday August 30th, 2013 | by

We have quite good spam filter in the Qt Blog, but no system is perfect. In the past months we have received an increasing amount of spam in the blog comments. There are some ways to improve finding spam, but so far we have not yet found a perfect match. Our estimate is that it will take a couple of weeks to have a better system. Until that we are from now moderating all comments in the blog posts.

As anyone who has been reading our blog sees, we do allow critique and negative feedback. Of course we like the positive comments more than critical ones, but are still ready to have all voices heard. But most of our readers do not want to see comments that are not at all related to the topic of the post, insulting others or trying to lure readers to unrelated web sites.

All blog authors will be active in accepting comments in order to have dialogue ongoing until we have a better spam prevention system in place and can again turn off moderation.

Update: We have not yet found a really well working solution for voting. We are currently testing one solution we think is good, but it will take some more time still. Meanwhile we will continue to be super fast in moderating comments for all the new posts so that the discussion works as it should.

4 Comments


Posted in Uncategorized

Qt 5.1.1 Released

Published Wednesday August 28th, 2013 | by

Today, we released Qt 5.1.1, the first patch release for the Qt 5.1 series. It provides many improvements over Qt 5.1.0 as well as packages Qt Creator 2.8.1 to the installers. As a patch release, it does not add new features and remains binary compatible with Qt 5.1.0.

It has been 8 weeks since we released Qt 5.1.0 and we have received a lot of good feedback on the improvements it provides. Many of you have already taken the Qt Quick Controls for a spin or tried out the mobile ports for Android and iOS. Based on the feedback received from the Qt Enterprise customers as well as the whole Qt community, Qt 5.1.1 is providing improvements over Qt 5.1.0 throughout different Qt modules. We are also including Qt Creator 2.8.1 for easy installation via offline and online installers.

For a detailed list of changes in Qt 5.1.1, please have a look at the change files included in each module – or check the most important ones: qtbase, qtdeclarative, qtquickcontrols and qtmultimedia, as well as the Qt Creator 2.8.1 release announcement, and the page listing known issues for Qt 5.1.1.

As always, Qt 5.1.1 maintains both forward and backward source and binary compatibility with Qt 5.1.0. We are continuously ironing out the glitches and improving the quality with every new release. If you encounter  a previously unknown bug in Qt 5, please help us to improve the product in future releases by reporting it to bugreports.qt-project.org, or contact us via Qt Enterprise Customer Portal.

Qt 5.1.1 is now tagged in the Qt Project repository. The source packages and installers for Qt 5.1.1 are available through the online installer, qt-project.org/downloads for open-source users, and in the Qt Enterprise Customer Portal for existing customers. If you would like to try the Qt Enterprise version of Qt 5.1.1, please get the 30-day free trial.

 

46 Comments


Posted in Qt, Releases

  1. Pages:
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5