From e962127cb9afbd3cf59d80931b76b1e6800f146f Mon Sep 17 00:00:00 2001 From: Kai Koehne Date: Thu, 28 Sep 2017 17:00:20 +0200 Subject: Fix outdated FDL license header Change-Id: Ic41f3745e800ba54153b36f269017075297c2402 Reviewed-by: Jani Heikkinen --- src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp | 8 ++++---- src/websockets/doc/src/external-resources.qdoc | 10 +++++----- src/websockets/doc/src/index.qdoc | 8 ++++---- src/websockets/doc/src/overview.qdoc | 10 +++++----- src/websockets/doc/src/qtwebsockets-module.qdoc | 8 ++++---- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp b/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp index 9ce9ef0..78874a3 100644 --- a/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp +++ b/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp @@ -1,7 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2013 Kurt Pattyn -** Contact: http://www.qt.io/licensing/ +** Contact: https://www.qt.io/licensing/ ** ** This file is part of the documentation of the Qt Toolkit. ** @@ -11,8 +11,8 @@ ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms -** and conditions see http://www.qt.io/terms-conditions. For further -** information use the contact form at http://www.qt.io/contact-us. +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. ** ** GNU Free Documentation License Usage ** Alternatively, this file may be used under the terms of the GNU Free @@ -20,7 +20,7 @@ ** Foundation and appearing in the file included in the packaging of ** this file. Please review the following information to ensure ** the GNU Free Documentation License version 1.3 requirements -** will be met: http://www.gnu.org/copyleft/fdl.html. +** will be met: https://www.gnu.org/licenses/fdl-1.3.html. ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/websockets/doc/src/external-resources.qdoc b/src/websockets/doc/src/external-resources.qdoc index 933ef7f..40e4257 100644 --- a/src/websockets/doc/src/external-resources.qdoc +++ b/src/websockets/doc/src/external-resources.qdoc @@ -1,7 +1,7 @@ /**************************************************************************** ** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: http://www.qt.io/licensing/ +** Copyright (C) 2017 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ ** ** This file is part of the documentation of the Qt Toolkit. ** @@ -11,8 +11,8 @@ ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms -** and conditions see http://www.qt.io/terms-conditions. For further -** information use the contact form at http://www.qt.io/contact-us. +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. ** ** GNU Free Documentation License Usage ** Alternatively, this file may be used under the terms of the GNU Free @@ -20,7 +20,7 @@ ** Foundation and appearing in the file included in the packaging of ** this file. Please review the following information to ensure ** the GNU Free Documentation License version 1.3 requirements -** will be met: http://www.gnu.org/copyleft/fdl.html. +** will be met: https://www.gnu.org/licenses/fdl-1.3.html. ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/websockets/doc/src/index.qdoc b/src/websockets/doc/src/index.qdoc index 4f25589..919e2fc 100644 --- a/src/websockets/doc/src/index.qdoc +++ b/src/websockets/doc/src/index.qdoc @@ -1,7 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2013 Kurt Pattyn -** Contact: http://www.qt.io/licensing/ +** Contact: https://www.qt.io/licensing/ ** ** This file is part of the documentation of the Qt Toolkit. ** @@ -11,8 +11,8 @@ ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms -** and conditions see http://www.qt.io/terms-conditions. For further -** information use the contact form at http://www.qt.io/contact-us. +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. ** ** GNU Free Documentation License Usage ** Alternatively, this file may be used under the terms of the GNU Free @@ -20,7 +20,7 @@ ** Foundation and appearing in the file included in the packaging of ** this file. Please review the following information to ensure ** the GNU Free Documentation License version 1.3 requirements -** will be met: http://www.gnu.org/copyleft/fdl.html. +** will be met: https://www.gnu.org/licenses/fdl-1.3.html. ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/websockets/doc/src/overview.qdoc b/src/websockets/doc/src/overview.qdoc index e85461a..48a790f 100644 --- a/src/websockets/doc/src/overview.qdoc +++ b/src/websockets/doc/src/overview.qdoc @@ -1,7 +1,7 @@ /**************************************************************************** ** -** Copyright (C) 2015 The Qt Company Ltd. -** Contact: http://www.qt.io/licensing/ +** Copyright (C) 2017 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ ** ** This file is part of the documentation of the Qt Toolkit. ** @@ -11,8 +11,8 @@ ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms -** and conditions see http://www.qt.io/terms-conditions. For further -** information use the contact form at http://www.qt.io/contact-us. +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. ** ** GNU Free Documentation License Usage ** Alternatively, this file may be used under the terms of the GNU Free @@ -20,7 +20,7 @@ ** Foundation and appearing in the file included in the packaging of ** this file. Please review the following information to ensure ** the GNU Free Documentation License version 1.3 requirements -** will be met: http://www.gnu.org/copyleft/fdl.html. +** will be met: https://www.gnu.org/licenses/fdl-1.3.html. ** $QT_END_LICENSE$ ** ****************************************************************************/ diff --git a/src/websockets/doc/src/qtwebsockets-module.qdoc b/src/websockets/doc/src/qtwebsockets-module.qdoc index 971e22c..c1f7958 100644 --- a/src/websockets/doc/src/qtwebsockets-module.qdoc +++ b/src/websockets/doc/src/qtwebsockets-module.qdoc @@ -1,7 +1,7 @@ /**************************************************************************** ** ** Copyright (C) 2013 Kurt Pattyn -** Contact: http://www.qt.io/licensing/ +** Contact: https://www.qt.io/licensing/ ** ** This file is part of the documentation of the Qt Toolkit. ** @@ -11,8 +11,8 @@ ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms -** and conditions see http://www.qt.io/terms-conditions. For further -** information use the contact form at http://www.qt.io/contact-us. +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. ** ** GNU Free Documentation License Usage ** Alternatively, this file may be used under the terms of the GNU Free @@ -20,7 +20,7 @@ ** Foundation and appearing in the file included in the packaging of ** this file. Please review the following information to ensure ** the GNU Free Documentation License version 1.3 requirements -** will be met: http://www.gnu.org/copyleft/fdl.html. +** will be met: https://www.gnu.org/licenses/fdl-1.3.html. ** $QT_END_LICENSE$ ** ****************************************************************************/ -- cgit v1.2.1 From f88def9086fa3a546847034dd017c0e5bdd92ab8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Fri, 27 Oct 2017 12:29:52 +0200 Subject: Fix handshakeReceived not being invoked in some situation In the rare case where the handshake was received before the signal and slot was connected it would never invoke handshakeReceived and the server would keep waiting. Task-number: QTBUG-64026 Change-Id: I86d54031d2583b6a0cf2b5348889b5ef859b9aab Reviewed-by: Timur Pocheptsov --- src/websockets/qwebsocketserver_p.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/websockets/qwebsocketserver_p.cpp b/src/websockets/qwebsocketserver_p.cpp index b7972b0..55e9484 100644 --- a/src/websockets/qwebsocketserver_p.cpp +++ b/src/websockets/qwebsocketserver_p.cpp @@ -490,6 +490,11 @@ void QWebSocketServerPrivate::handleConnection(QTcpSocket *pTcpSocket) const QObjectPrivate::connect(pTcpSocket, &QTcpSocket::readyRead, this, &QWebSocketServerPrivate::handshakeReceived, Qt::QueuedConnection); + if (pTcpSocket->canReadLine()) { + // We received some data! We must emit now to be sure that handshakeReceived is called + // since the data could have been received before the signal and slot was connected. + emit pTcpSocket->readyRead(); + } QObjectPrivate::connect(pTcpSocket, &QTcpSocket::disconnected, this, &QWebSocketServerPrivate::onSocketDisconnected); } -- cgit v1.2.1 From 905a6cea6c205015445bcd11c8f2616576a092c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= Date: Mon, 23 Oct 2017 11:29:19 +0200 Subject: Check count of spy to verify signal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Looks like QVERIFY(spy.wait()) is a little bit flaky. We should check the count of the spy if it was successful instead of the return value of wait since wait will return false even if the signal was delivered before the call to wait(). Change-Id: I5f9031685dfa69b00155fa22602bab998843cb68 Reviewed-by: Timur Pocheptsov Reviewed-by: Mårten Nordheim Reviewed-by: Edward Welbourne --- .../qwebsocketserver/tst_qwebsocketserver.cpp | 48 ++++++++-------------- 1 file changed, 17 insertions(+), 31 deletions(-) diff --git a/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp b/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp index 82e2013..82a873d 100644 --- a/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp +++ b/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp @@ -261,7 +261,7 @@ void tst_QWebSocketServer::tst_listening() QVERIFY(server.isListening()); QCOMPARE(serverClosedSpy.count(), 0); server.close(); - QVERIFY(serverClosedSpy.wait(1000)); + QTRY_COMPARE(serverClosedSpy.count(), 1); QVERIFY(!server.isListening()); QCOMPARE(serverErrorSpy.count(), 0); @@ -304,8 +304,7 @@ void tst_QWebSocketServer::tst_connectivity() socket.open(server.serverUrl().toString()); - if (socketConnectedSpy.count() == 0) - QVERIFY(socketConnectedSpy.wait()); + QTRY_COMPARE(socketConnectedSpy.count(), 1); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QCOMPARE(serverConnectionSpy.count(), 1); QCOMPARE(corsAuthenticationSpy.count(), 1); @@ -314,8 +313,7 @@ void tst_QWebSocketServer::tst_connectivity() server.close(); - QVERIFY(serverClosedSpy.wait()); - QCOMPARE(serverClosedSpy.count(), 1); + QTRY_COMPARE(serverClosedSpy.count(), 1); #ifndef QT_NO_SSL QCOMPARE(peerVerifyErrorSpy.count(), 0); QCOMPARE(sslErrorsSpy.count(), 0); @@ -383,8 +381,7 @@ void tst_QWebSocketServer::tst_preSharedKey() socket.open(server.serverUrl().toString()); - if (socketConnectedSpy.count() == 0) - QVERIFY(socketConnectedSpy.wait()); + QTRY_COMPARE(socketConnectedSpy.count(), 1); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QCOMPARE(serverConnectionSpy.count(), 1); QCOMPARE(serverPskRequiredSpy.count(), 1); @@ -394,8 +391,7 @@ void tst_QWebSocketServer::tst_preSharedKey() server.close(); - QVERIFY(serverClosedSpy.wait()); - QCOMPARE(serverClosedSpy.count(), 1); + QTRY_COMPARE(serverClosedSpy.count(), 1); QCOMPARE(sslErrorsSpy.count(), 0); QCOMPARE(serverErrorSpy.count(), 0); #endif @@ -431,20 +427,18 @@ void tst_QWebSocketServer::tst_maxPendingConnections() socket1.open(server.serverUrl().toString()); - if (socket1ConnectedSpy.count() == 0) - QVERIFY(socket1ConnectedSpy.wait()); + QTRY_COMPARE(socket1ConnectedSpy.count(), 1); QCOMPARE(socket1.state(), QAbstractSocket::ConnectedState); QCOMPARE(serverConnectionSpy.count(), 1); QCOMPARE(corsAuthenticationSpy.count(), 1); socket2.open(server.serverUrl().toString()); - if (socket2ConnectedSpy.count() == 0) - QVERIFY(socket2ConnectedSpy.wait()); + QTRY_COMPARE(socket2ConnectedSpy.count(), 1); QCOMPARE(socket2.state(), QAbstractSocket::ConnectedState); QCOMPARE(serverConnectionSpy.count(), 2); QCOMPARE(corsAuthenticationSpy.count(), 2); socket3.open(server.serverUrl().toString()); - if (socket3ConnectedSpy.count() == 0) - QVERIFY(!socket3ConnectedSpy.wait(250)); + QVERIFY(!socket3ConnectedSpy.wait(250)); + QCOMPARE(socket3ConnectedSpy.count(), 0); QCOMPARE(socket3.state(), QAbstractSocket::UnconnectedState); QCOMPARE(serverConnectionSpy.count(), 2); QCOMPARE(corsAuthenticationSpy.count(), 2); @@ -470,8 +464,7 @@ void tst_QWebSocketServer::tst_maxPendingConnections() server.close(); - QVERIFY(serverClosedSpy.wait()); - QCOMPARE(serverClosedSpy.count(), 1); + QTRY_COMPARE(serverClosedSpy.count(), 1); #ifndef QT_NO_SSL QCOMPARE(peerVerifyErrorSpy.count(), 0); QCOMPARE(sslErrorsSpy.count(), 0); @@ -498,8 +491,7 @@ void tst_QWebSocketServer::tst_serverDestroyedWhileSocketConnected() socket.open(server->serverUrl().toString()); - if (socketConnectedSpy.count() == 0) - QVERIFY(socketConnectedSpy.wait()); + QTRY_COMPARE(socketConnectedSpy.count(), 1); QCOMPARE(socket.state(), QAbstractSocket::ConnectedState); QCOMPARE(serverConnectionSpy.count(), 1); QCOMPARE(corsAuthenticationSpy.count(), 1); @@ -508,9 +500,7 @@ void tst_QWebSocketServer::tst_serverDestroyedWhileSocketConnected() delete server; - if (socketDisconnectedSpy.count() == 0) - QVERIFY(socketDisconnectedSpy.wait()); - QCOMPARE(socketDisconnectedSpy.count(), 1); + QTRY_COMPARE(socketDisconnectedSpy.count(), 1); } void tst_QWebSocketServer::tst_scheme() @@ -523,8 +513,7 @@ void tst_QWebSocketServer::tst_scheme() QWebSocket plainSocket; plainSocket.open(plainServer.serverUrl().toString()); - if (plainServerConnectionSpy.count() == 0) - QVERIFY(plainServerConnectionSpy.wait()); + QTRY_COMPARE(plainServerConnectionSpy.count(), 1); QScopedPointer plainServerSocket(plainServer.nextPendingConnection()); QVERIFY(!plainServerSocket.isNull()); QCOMPARE(plainServerSocket->requestUrl().scheme(), QStringLiteral("ws")); @@ -556,8 +545,7 @@ void tst_QWebSocketServer::tst_scheme() &secureSocket, static_cast(&QWebSocket::ignoreSslErrors)); secureSocket.open(secureServer.serverUrl().toString()); - if (secureServerConnectionSpy.count() == 0) - QVERIFY(secureServerConnectionSpy.wait()); + QTRY_COMPARE(secureServerConnectionSpy.count(), 1); QScopedPointer secureServerSocket(secureServer.nextPendingConnection()); QVERIFY(!secureServerSocket.isNull()); QCOMPARE(secureServerSocket->requestUrl().scheme(), QStringLiteral("wss")); @@ -580,19 +568,17 @@ void tst_QWebSocketServer::tst_handleConnection() QWebSocket webSocket; QSignalSpy wsConnectedSpy(&webSocket, &QWebSocket::connected); webSocket.open(QStringLiteral("ws://localhost:%1").arg(tcpServer.serverPort())); - QVERIFY(wsConnectedSpy.wait()); + QTRY_COMPARE(wsConnectedSpy.count(), 1); - if (wsServerConnectionSpy.isEmpty()) - QVERIFY(wsServerConnectionSpy.wait()); + QTRY_COMPARE(wsServerConnectionSpy.count(), 1); QScopedPointer webServerSocket(wsServer.nextPendingConnection()); QVERIFY(!webServerSocket.isNull()); QSignalSpy wsMessageReceivedSpy(webServerSocket.data(), &QWebSocket::textMessageReceived); webSocket.sendTextMessage("dummy"); - wsMessageReceivedSpy.wait(); - QCOMPARE(wsMessageReceivedSpy.count(), 1); + QTRY_COMPARE(wsMessageReceivedSpy.count(), 1); QList arguments = wsMessageReceivedSpy.takeFirst(); QCOMPARE(arguments.first().toString(), QString("dummy")); } -- cgit v1.2.1 From 203da360c4bcd64bdd17639d495f1857b622e92d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= Date: Thu, 19 Oct 2017 16:05:17 +0200 Subject: Fix empty sslConfiguration in sslErrors slot If QWebSocket fires signal sslErrors the QSslConfiguration of QWebSocket is not updated. So client application cannot check it in implemented slot. Fix this by calling the update method like for encrypted signal. Sibling of QTBUG-40401. Change-Id: I18b39f6b6a0791ae67fc2bff5cf2c04a22b0ab85 Reviewed-by: Edward Welbourne Reviewed-by: Timur Pocheptsov --- src/websockets/qwebsocket_p.cpp | 3 +++ .../auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp | 10 +++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp index 7863567..bee2afa 100644 --- a/src/websockets/qwebsocket_p.cpp +++ b/src/websockets/qwebsocket_p.cpp @@ -596,6 +596,9 @@ void QWebSocketPrivate::makeConnections(const QTcpSocket *pTcpSocket) QObject::connect(sslSocket, &QSslSocket::encryptedBytesWritten, q, &QWebSocket::bytesWritten); typedef void (QSslSocket:: *sslErrorSignalType)(const QList &); + QObjectPrivate::connect(sslSocket, + static_cast(&QSslSocket::sslErrors), + this, &QWebSocketPrivate::_q_updateSslConfiguration); QObject::connect(sslSocket, static_cast(&QSslSocket::sslErrors), q, &QWebSocket::sslErrors); diff --git a/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp b/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp index 82a873d..b7734a4 100644 --- a/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp +++ b/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp @@ -31,9 +31,9 @@ #include #ifndef QT_NO_OPENSSL #include -#include #endif #ifndef QT_NO_SSL +#include #include #endif #include @@ -539,10 +539,13 @@ void tst_QWebSocketServer::tst_scheme() QVERIFY(secureServer.listen()); + QSslCipher sessionCipher; QWebSocket secureSocket; - typedef void (QWebSocket::* ignoreSslErrorsSlot)(); connect(&secureSocket, &QWebSocket::sslErrors, - &secureSocket, static_cast(&QWebSocket::ignoreSslErrors)); + &secureSocket, [&] { + secureSocket.ignoreSslErrors(); + sessionCipher = secureSocket.sslConfiguration().sessionCipher(); + }); secureSocket.open(secureServer.serverUrl().toString()); QTRY_COMPARE(secureServerConnectionSpy.count(), 1); @@ -550,6 +553,7 @@ void tst_QWebSocketServer::tst_scheme() QVERIFY(!secureServerSocket.isNull()); QCOMPARE(secureServerSocket->requestUrl().scheme(), QStringLiteral("wss")); secureServer.close(); + QVERIFY(!sessionCipher.isNull()); #endif } -- cgit v1.2.1 From 7e853bcd05cbc955b71843586ee20158e6ed3091 Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Tue, 24 Oct 2017 20:46:22 -0700 Subject: Update to new QRandomGenerator API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I69f37f9304f24709a823fffd14e676c097712329 Reviewed-by: Timur Pocheptsov Reviewed-by: Mårten Nordheim --- src/websockets/qdefaultmaskgenerator_p.cpp | 8 ++++---- src/websockets/qmaskgenerator.cpp | 2 +- src/websockets/qwebsocket.cpp | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/websockets/qdefaultmaskgenerator_p.cpp b/src/websockets/qdefaultmaskgenerator_p.cpp index 7dc0cee..7763868 100644 --- a/src/websockets/qdefaultmaskgenerator_p.cpp +++ b/src/websockets/qdefaultmaskgenerator_p.cpp @@ -48,7 +48,7 @@ malicious scripts to attack bad behaving proxies. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. - The default mask generator uses the reasonably secure QRandomGenerator::get32() function. + The default mask generator uses the reasonably secure QRandomGenerator::global()->generate() function. The best measure against attacks mentioned in the document above, is to use QWebSocket over a secure connection (\e wss://). In general, always be careful to not have 3rd party script access to @@ -90,16 +90,16 @@ bool QDefaultMaskGenerator::seed() Q_DECL_NOEXCEPT } /*! - Generates a new random mask using the insecure QRandomGenerator::get32() method. + Generates a new random mask using the insecure QRandomGenerator::global()->generate() method. \internal */ quint32 QDefaultMaskGenerator::nextMask() Q_DECL_NOEXCEPT { - quint32 value = QRandomGenerator::get32(); + quint32 value = QRandomGenerator::global()->generate(); while (Q_UNLIKELY(value == 0)) { // a mask of zero has a special meaning - value = QRandomGenerator::get32(); + value = QRandomGenerator::global()->generate(); } return value; } diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp index 56d1223..40f8594 100644 --- a/src/websockets/qmaskgenerator.cpp +++ b/src/websockets/qmaskgenerator.cpp @@ -50,7 +50,7 @@ malicious scripts from attacking badly behaving proxies. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. - By default QWebSocket uses the reasonably secure QRandomGenerator::get32() function. + By default QWebSocket uses the reasonably secure QRandomGenerator::global()->generate() function. The best measure against attacks mentioned in the document above, is to use QWebSocket over a secure connection (\e wss://). In general, always be careful to not have 3rd party script access to diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp index 30bb39d..de5ac22 100644 --- a/src/websockets/qwebsocket.cpp +++ b/src/websockets/qwebsocket.cpp @@ -64,7 +64,7 @@ this problem is to use WebSocket over a secure connection. \warning To generate masks, this implementation of WebSockets uses the reasonably - secure QRandomGenerator::get32() function. + secure QRandomGenerator::global()->generate() function. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. The best measure against attacks mentioned in the document above, -- cgit v1.2.1 From 57e1ebecf0e9e1fbc23f7fe32a90c63e242e692b Mon Sep 17 00:00:00 2001 From: Antti Kokko Date: Wed, 8 Nov 2017 13:12:34 +0200 Subject: Add changes file for Qt 5.10.0 Change-Id: Ie9ff1794bd623c46ae895d75a6016cd56dec9576 Reviewed-by: Jesus Fernandez --- dist/changes-5.10.0 | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 dist/changes-5.10.0 diff --git a/dist/changes-5.10.0 b/dist/changes-5.10.0 new file mode 100644 index 0000000..9ad0d80 --- /dev/null +++ b/dist/changes-5.10.0 @@ -0,0 +1,22 @@ +Qt 5.10 introduces many new features and improvements as well as bugfixes +over the 5.9.x series. For more details, refer to the online documentation +included in this distribution. The documentation is also available online: + +http://doc.qt.io/qt-5/index.html + +The Qt version 5.10 series is binary compatible with the 5.9.x series. +Applications compiled for 5.9 will continue to run with 5.10. + +Some of the changes listed in this file include issue tracking numbers +corresponding to tasks in the Qt Bug Tracker: + +https://bugreports.qt.io/ + +Each of these identifiers can be entered in the bug tracker to obtain more +information about a particular change. + +**************************************************************************** +* Qt 5.10.0 Changes * +**************************************************************************** + + - This release contains only minor code improvements. -- cgit v1.2.1