Merge branch '4.8-upstream' into master-water

author: Water-Team <water@pad.test.qt.nokia.com> 2011-10-22 23:00:13 (GMT)
committer: Water-Team <water@pad.test.qt.nokia.com> 2011-10-22 23:00:13 (GMT)
commit: 36841a481388c778f2e4b847cc406ea31e4f7d32 (patch)
tree: 3270c6f7fdfe13f51906877b80a031c214b15085 /src
parent: fff5d2c672b06e40903f9b9e067829d59f1397e0 (diff)
parent: 6b367110568d2d4fba35391eab1bea996d8df8f9 (diff)
download: Qt-36841a481388c778f2e4b847cc406ea31e4f7d32.zip
Qt-36841a481388c778f2e4b847cc406ea31e4f7d32.tar.gz
Qt-36841a481388c778f2e4b847cc406ea31e4f7d32.tar.bz2
10 files changed, 117 insertions, 66 deletions
diff --git a/src/3rdparty/libpng/pngrutil.c b/src/3rdparty/libpng/pngrutil.c
index 07e46e2..daf3c5e 100644
--- a/src/3rdparty/libpng/pngrutil.c
+++ b/src/3rdparty/libpng/pngrutil.c
@@ -1037,12 +1037,14 @@ png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
           */
          png_uint_32 w = y_red + y_green + y_blue;
 
-         png_ptr->rgb_to_gray_red_coeff   = (png_uint_16)(((png_uint_32)y_red *
-            32768)/w);
-         png_ptr->rgb_to_gray_green_coeff = (png_uint_16)(((png_uint_32)y_green
-            * 32768)/w);
-         png_ptr->rgb_to_gray_blue_coeff  = (png_uint_16)(((png_uint_32)y_blue *
-            32768)/w);
+         if (w != 0) {
+            png_ptr->rgb_to_gray_red_coeff   = (png_uint_16)(((png_uint_32)y_red *
+               32768)/w);
+            png_ptr->rgb_to_gray_green_coeff = (png_uint_16)(((png_uint_32)y_green
+               * 32768)/w);
+            png_ptr->rgb_to_gray_blue_coeff  = (png_uint_16)(((png_uint_32)y_blue *
+               32768)/w);
+         }
       }
    }
 #endif
diff --git a/src/corelib/thread/qmutex_p.h b/src/corelib/thread/qmutex_p.h
index a9923c4..d2ffd28 100644
--- a/src/corelib/thread/qmutex_p.h
+++ b/src/corelib/thread/qmutex_p.h
@@ -58,10 +58,6 @@
 #include <QtCore/qnamespace.h>
 #include <QtCore/qmutex.h>
 
-#if defined(Q_OS_MAC)
-# include <mach/semaphore.h>
-#endif
-
 #if defined(Q_OS_SYMBIAN)
 # include <e32std.h>
 #endif
@@ -83,9 +79,7 @@ public:
     Qt::HANDLE owner;
     uint count;
 
-#if defined(Q_OS_MAC)
-    semaphore_t mach_semaphore;
-#elif defined(Q_OS_UNIX) && !defined(Q_OS_LINUX) && !defined(Q_OS_SYMBIAN)
+#if defined(Q_OS_UNIX) && !defined(Q_OS_LINUX) && !defined(Q_OS_SYMBIAN)
     volatile bool wakeup;
     pthread_mutex_t mutex;
     pthread_cond_t cond;
diff --git a/src/corelib/thread/qmutex_unix.cpp b/src/corelib/thread/qmutex_unix.cpp
index 2a9d23c..790fad3 100644
--- a/src/corelib/thread/qmutex_unix.cpp
+++ b/src/corelib/thread/qmutex_unix.cpp
@@ -65,7 +65,7 @@
 
 QT_BEGIN_NAMESPACE
 
-#if !defined(Q_OS_MAC) && !defined(Q_OS_LINUX)
+#if !defined(Q_OS_LINUX)
 static void report_error(int code, const char *where, const char *what)
 {
     if (code != 0)
@@ -77,11 +77,7 @@ static void report_error(int code, const char *where, const char *what)
 QMutexPrivate::QMutexPrivate(QMutex::RecursionMode mode)
     : QMutexData(mode), maximumSpinTime(MaximumSpinTimeThreshold), averageWaitTime(0), owner(0), count(0)
 {
-#if defined(Q_OS_MAC)
-    kern_return_t r = semaphore_create(mach_task_self(), &mach_semaphore, SYNC_POLICY_FIFO, 0);
-    if (r != KERN_SUCCESS)
-        qWarning("QMutex: failed to create semaphore, error %d", r);
-#elif !defined(Q_OS_LINUX)
+#if !defined(Q_OS_LINUX)
     wakeup = false;
     report_error(pthread_mutex_init(&mutex, NULL), "QMutex", "mutex init");
     report_error(pthread_cond_init(&cond, NULL), "QMutex", "cv init");
@@ -90,47 +86,13 @@ QMutexPrivate::QMutexPrivate(QMutex::RecursionMode mode)
 
 QMutexPrivate::~QMutexPrivate()
 {
-#if defined(Q_OS_MAC)
-    kern_return_t r = semaphore_destroy(mach_task_self(), mach_semaphore);
-    if (r != KERN_SUCCESS)
-        qWarning("QMutex: failed to destroy semaphore, error %d", r);
-#elif !defined(Q_OS_LINUX)
+#if !defined(Q_OS_LINUX)
     report_error(pthread_cond_destroy(&cond), "QMutex", "cv destroy");
     report_error(pthread_mutex_destroy(&mutex), "QMutex", "mutex destroy");
 #endif
 }
 
-#if defined(Q_OS_MAC)
-
-bool QMutexPrivate::wait(int timeout)
-{
-    if (contenders.fetchAndAddAcquire(1) == 0) {
-        // lock acquired without waiting
-        return true;
-    }
-    kern_return_t r;
-    if (timeout < 0) {
-        do {
-            r = semaphore_wait(mach_semaphore);
-        } while (r == KERN_ABORTED);
-	if (r != KERN_SUCCESS)
-            qWarning("QMutex: infinite wait failed, error %d", r);
-    } else {
-        mach_timespec_t ts;
-        ts.tv_nsec = ((timeout % 1000) * 1000) * 1000;
-        ts.tv_sec = (timeout / 1000);
-        r = semaphore_timedwait(mach_semaphore, ts);
-    }
-    contenders.deref();
-    return r == KERN_SUCCESS;
-}
-
-void QMutexPrivate::wakeUp()
-{
-    semaphore_signal(mach_semaphore);
-}
-
-#elif defined(Q_OS_LINUX)
+#if defined(Q_OS_LINUX)
 
 static inline int _q_futex(volatile int *addr, int op, int val, const struct timespec *timeout, int *addr2, int val2)
 {
@@ -174,7 +136,7 @@ void QMutexPrivate::wakeUp()
     (void) _q_futex(&contenders._q_value, FUTEX_WAKE, 1, 0, 0, 0);
 }
 
-#else // !Q_OS_MAC && !Q_OS_LINUX
+#else // !Q_OS_LINUX
 
 bool QMutexPrivate::wait(int timeout)
 {
@@ -221,7 +183,7 @@ void QMutexPrivate::wakeUp()
     report_error(pthread_mutex_unlock(&mutex), "QMutex::unlock", "mutex unlock");
 }
 
-#endif // !Q_OS_MAC && !Q_OS_LINUX
+#endif // !Q_OS_LINUX
 
 QT_END_NAMESPACE
 
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index 586c894..08a05ff 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -120,4 +120,34 @@ QT_BEGIN_NAMESPACE
     the correct setting for your protocol.
 */
 
+/*!
+    \enum QSsl::SslOption
+
+    Describes the options that can be used to control the details of
+    SSL behaviour. These options are generally used to turn features off
+    to work around buggy servers.
+
+    \value SslOptionDisableEmptyFragments Disables the insertion of empty
+    fragments into the data when using block ciphers. When enabled, this
+    prevents some attacks (such as the BEAST attack), however it is
+    incompatible with some servers.
+    \value SslOptionDisableTickets Disables the SSL session ticket
+    extension. This can cause slower connection setup, however some servers
+    are not compatible with the extension.
+    \value SslOptionDisableCompression Disables the SSL compression
+    extension. When enabled, this allows the data being passed over SSL to
+    be compressed, however some servers are not compatible with this
+    extension.
+    \value SslOptionDisableServerNameIndication Disables the SSL server
+    name indication extension. When enabled, this tells the server the virtual
+    host being accessed allowing it to respond with the correct certificate.
+
+    By default, SslOptionDisableEmptyFragments is turned on since this causes
+    problems with a large number of servers, but the other options are disabled.
+
+    Note: Availability of above options depends on the version of the SSL
+    backend in use.
+*/
+
+
 QT_END_NAMESPACE
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index 2ecd1c3..453d4da 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -44,6 +44,7 @@
 #define QSSL_H
 
 #include <QtCore/qglobal.h>
+#include <QtCore/QFlags>
 
 QT_BEGIN_HEADER
 
@@ -81,8 +82,18 @@ namespace QSsl {
         SecureProtocols,
         UnknownProtocol = -1
     };
+
+    enum SslOption {
+        SslOptionDisableEmptyFragments = 0x01,
+        SslOptionDisableSessionTickets = 0x02,
+        SslOptionDisableCompression = 0x04,
+        SslOptionDisableServerNameIndication = 0x08
+    };
+    Q_DECLARE_FLAGS(SslOptions, SslOption)
 }
 
+Q_DECLARE_OPERATORS_FOR_FLAGS(QSsl::SslOptions)
+
 QT_END_NAMESPACE
 
 QT_END_HEADER
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 69d3b66..e24076e 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -167,7 +167,8 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
         d->caCertificates == other.d->caCertificates &&
         d->protocol == other.d->protocol &&
         d->peerVerifyMode == other.d->peerVerifyMode &&
-        d->peerVerifyDepth == other.d->peerVerifyDepth;
+        d->peerVerifyDepth == other.d->peerVerifyDepth &&
+        d->sslOptions == other.d->sslOptions;
 }
 
 /*!
@@ -199,7 +200,8 @@ bool QSslConfiguration::isNull() const
             d->localCertificate.isNull() &&
             d->privateKey.isNull() &&
             d->peerCertificate.isNull() &&
-            d->peerCertificateChain.count() == 0);
+            d->peerCertificateChain.count() == 0 &&
+            d->sslOptions == 0);
 }
 
 /*!
@@ -507,6 +509,29 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
 }
 
 /*!
+  Enables or disables an SSL compatibility option.
+
+  \sa testSSlOption()
+*/
+void QSslConfiguration::setSslOption(QSsl::SslOption option, bool on)
+{
+    if (on)
+        d->sslOptions |= option;
+    else
+        d->sslOptions &= ~option;
+}
+
+/*!
+  Returns true if the specified SSL compatibility option is enabled.
+
+  \sa testSSlOption()
+*/
+bool QSslConfiguration::testSslOption(QSsl::SslOption option) const
+{
+    return d->sslOptions & option;
+}
+
+/*!
     Returns the default SSL configuration to be used in new SSL
     connections.
 
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 258b454..ff8c8fc 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -59,6 +59,7 @@
 
 #include <QtCore/qshareddata.h>
 #include <QtNetwork/qsslsocket.h>
+#include <QtNetwork/qssl.h>
 
 QT_BEGIN_HEADER
 
@@ -118,6 +119,9 @@ public:
     QList<QSslCertificate> caCertificates() const;
     void setCaCertificates(const QList<QSslCertificate> &certificates);
 
+    void setSslOption(QSsl::SslOption option, bool on);
+    bool testSslOption(QSsl::SslOption option) const;
+
     static QSslConfiguration defaultConfiguration();
     static void setDefaultConfiguration(const QSslConfiguration &configuration);
 
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index af80e4c..b83edb9 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -98,6 +98,8 @@ public:
     QSslSocket::PeerVerifyMode peerVerifyMode;
     int peerVerifyDepth;
 
+    QSsl::SslOptions sslOptions;
+
     // in qsslsocket.cpp:
     static QSslConfiguration defaultConfiguration();
     static void setDefaultConfiguration(const QSslConfiguration &configuration);
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index df61fb6..3ac8f18 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -896,6 +896,7 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
     d->configuration.peerVerifyDepth = configuration.peerVerifyDepth();
     d->configuration.peerVerifyMode = configuration.peerVerifyMode();
     d->configuration.protocol = configuration.protocol();
+    d->configuration.sslOptions = configuration.d->sslOptions;
     d->allowRootCertOnDemandLoading = false;
 }
 
@@ -2027,6 +2028,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
     ptr->protocol = global->protocol;
     ptr->peerVerifyMode = global->peerVerifyMode;
     ptr->peerVerifyDepth = global->peerVerifyDepth;
+    ptr->sslOptions = global->sslOptions;
 }
 
 /*!
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 8e53974..3942209 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -285,12 +285,29 @@ init_context:
         return false;
     }
 
-    // Enable all bug workarounds.
-    if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols) {
-        q_SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
-    } else {
-        q_SSL_CTX_set_options(ctx, SSL_OP_ALL);
-    }
+    // Enable bug workarounds.
+    long options;
+    if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols)
+        options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
+    else
+        options = SSL_OP_ALL;
+
+    // This option is disabled by default, so we need to be able to clear it
+    if (configuration.sslOptions & QSsl::SslOptionDisableEmptyFragments)
+        options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+    else
+        options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+
+#ifdef SSL_OP_NO_TICKET
+    if (configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)
+        options |= SSL_OP_NO_TICKET;
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
+    if (configuration.sslOptions & QSsl::SslOptionDisableCompression)
+        options |= SSL_OP_NO_COMPRESSION;
+#endif
+
+    q_SSL_CTX_set_options(ctx, options);
 
     // Initialize ciphers
     QByteArray cipherString;
@@ -419,7 +436,9 @@ init_context:
             tlsHostName = hostName;
         QByteArray ace = QUrl::toAce(tlsHostName);
         // only send the SNI header if the URL is valid and not an IP
-        if (!ace.isEmpty() && !QHostAddress().setAddress(tlsHostName)) {
+        if (!ace.isEmpty()
+            && !QHostAddress().setAddress(tlsHostName)
+            && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
             if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
 #else
author	Water-Team <water@pad.test.qt.nokia.com>	2011-10-22 23:00:13 (GMT)
committer	Water-Team <water@pad.test.qt.nokia.com>	2011-10-22 23:00:13 (GMT)
commit	36841a481388c778f2e4b847cc406ea31e4f7d32 (patch)
tree	3270c6f7fdfe13f51906877b80a031c214b15085 /src
parent	fff5d2c672b06e40903f9b9e067829d59f1397e0 (diff)
parent	6b367110568d2d4fba35391eab1bea996d8df8f9 (diff)
download	Qt-36841a481388c778f2e4b847cc406ea31e4f7d32.zip Qt-36841a481388c778f2e4b847cc406ea31e4f7d32.tar.gz Qt-36841a481388c778f2e4b847cc406ea31e4f7d32.tar.bz2