April 20, 2015

April 20, 2015

Qt Activities, Snapshots and Suggestions

Snapshots

Qt 5.5 beta snapshots are available: http://download.qt.io/snapshots/qt/5.5/5.5.0-beta/
 

A Place for Qt

Nurmi J-P of The Qt Company has proposed a playground repository be created for a former hackathon project: QML bindings for native Android controls. Here is a YouTube video, and some older blog links:

https://youtu.be/Mo8J-g5XPGQ
http://achipa.blogspot.no/2014/11/qml-wrappers-for-native-android.html
http://achipa.blogspot.no/2014/11/native-ui-in-qt-on-android-without.html

Qt Project Advisory

A Qt Project security advisory was issued:
"Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution."

Fixes for these will be included in Qt 5.4.2 and Qt 4.8.7.
 

Qt Patches

For Qt 5.0 to 5.4:

https://codereview.qt-project.org/#/c/108312/
https://codereview.qt-project.org/#/c/108248/

For Qt 4.8:
https://codereview.qt-project.org/#/c/108474/
https://codereview.qt-project.org/#/c/108475/



About the author

Jon Trulson

Jon is a Senior Software Engineer that specializes in Linux/Unix and embedded systems development. Jon also contributes to technical presentations and the This Week in Qt blog for ICS.