Merge "Merge remote-tracking branch 'origin/5.12' into 5.13"

7 files changed, 94 insertions, 17 deletions

diff --git a/dist/changes-5.12.5 b/dist/changes-5.12.5
new file mode 100644
index 000000000..15f0bcde6
--- /dev/null
+++ b/dist/changes-5.12.5
@@ -0,0 +1,80 @@
+Qt 5.12.5 is a bug-fix release. It maintains both forward and backward
+compatibility (source and binary) with Qt 5.12.0 through 5.12.4.
+
+For more details, refer to the online documentation included in this
+distribution. The documentation is also available online:
+
+https://doc.qt.io/qt-5/index.html
+
+The Qt version 5.12 series is binary compatible with the 5.11.x series.
+Applications compiled for 5.11 will continue to run with 5.12.
+
+Some of the changes listed in this file include issue tracking numbers
+corresponding to tasks in the Qt Bug Tracker:
+
+https://bugreports.qt.io/
+
+Each of these identifiers can be entered in the bug tracker to obtain more
+information about a particular change.
+
+****************************************************************************
+*                              Qt 5.12.5 Changes                           *
+****************************************************************************
+
+General
+-------
+
+  - [QTBUG-62106] Fixed possible crash after rapid tapping.
+  - [QTBUG-75884] Fixed crash on setHttpUserAgent.
+  - [QTBUG-76249] Fixed user-agent on some new windows.
+  - [QTBUG-76268] Fixed tab key send on minimize.
+  - [QTBUG-76347] Fixed duplicate events being send from tablets.
+  - [QTBUG-76828] Clear shared context on exit.
+  - [QTBUG-76958] Fixed possible crash when loading in background.
+
+Chromium
+--------
+
+ - Security fixes from Chromium up to version 76.0.3809.87, including:
+
+    - CVE-2019-5829
+    - CVE-2019-5831
+    - CVE-2019-5832
+    - CVE-2019-5837
+    - CVE-2019-5839
+    - CVE-2019-5842
+    - CVE-2019-5851
+    - CVE-2019-5852
+    - CVE-2019-5854
+    - CVE-2019-5855
+    - CVE-2019-5856
+    - CVE-2019-5857
+    - CVE-2019-5860
+    - CVE-2019-5861
+    - CVE-2019-5862
+    - CVE-2019-5865
+    - Critical security issue 977057
+    - Security bug 934161
+    - Security bug 939644
+    - Security bug 948172
+    - Security bug 948228
+    - Security bug 948944
+    - Security bug 950005
+    - Security bug 952849
+    - Security bug 956625
+    - Security bug 958457
+    - Security bug 958689
+    - Security bug 959193
+    - Security bug 959518
+    - Security bug 958717
+    - Security bug 960785
+    - Security bug 961674
+    - Security bug 961597
+    - Security bug 962083
+    - Security bug 964002
+    - Security bug 973893
+    - Security bug 974627
+    - Security bug 976050
+    - Security bug 981602
+    - Security bug 983850
+    - Security bug 983938
diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp
index a747451df..3309db8f1 100644
--- a/src/core/certificate_error_controller.cpp
+++ b/src/core/certificate_error_controller.cpp
@@ -79,14 +79,14 @@ CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_er
                                                                      const net::SSLInfo& ssl_info,
                                                                      const GURL &request_url,
                                                                      content::ResourceType resource_type,
-                                                                     bool _overridable,
+                                                                     bool fatal_error,
                                                                      bool strict_enforcement,
                                                                      const base::Callback<void(content::CertificateRequestResultType)>& cb
                                                                     )
     : certError(CertificateErrorController::CertificateError(cert_error))
     , requestUrl(toQt(request_url))
     , resourceType(CertificateErrorController::ResourceType(resource_type))
-    , overridable(_overridable)
+    , fatalError(fatal_error)
     , strictEnforcement(strict_enforcement)
     , callback(cb)
 {
@@ -118,7 +118,7 @@ QUrl CertificateErrorController::url() const
 
 bool CertificateErrorController::overridable() const
 {
-    return d->overridable;
+    return !d->fatalError && !d->strictEnforcement;
 }
 
 bool CertificateErrorController::strictEnforcement() const
diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h
index abde9a7d5..3b4d0f3bf 100644
--- a/src/core/certificate_error_controller_p.h
+++ b/src/core/certificate_error_controller_p.h
@@ -59,7 +59,7 @@ QT_BEGIN_NAMESPACE
 
 class CertificateErrorControllerPrivate {
 public:
-    CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, content::ResourceType resource_type, bool overridable, bool strict_enforcement, const base::Callback<void(content::CertificateRequestResultType)>& callback);
+    CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, content::ResourceType resource_type, bool fatal_error, bool strict_enforcement, const base::Callback<void(content::CertificateRequestResultType)>& callback);
 
     void accept(bool accepted);
 
@@ -68,7 +68,7 @@ public:
     QDateTime validStart;
     QDateTime validExpiry;
     CertificateErrorController::ResourceType resourceType;
-    bool overridable;
+    bool fatalError;
     bool strictEnforcement;
     const base::Callback<void(content::CertificateRequestResultType)> callback;
 };
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index f47f85e93..16945020b 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -387,7 +387,7 @@ void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webCont
                             ssl_info,
                             request_url,
                             resource_type,
-                            !IsCertErrorFatal(cert_error),
+                            IsCertErrorFatal(cert_error),
                             strict_enforcement,
                             callback)));
     contentsDelegate->allowCertificateError(errorController);
diff --git a/src/webengine/api/qquickwebengineview.cpp b/src/webengine/api/qquickwebengineview.cpp
index 906eb4b75..fca69121a 100644
--- a/src/webengine/api/qquickwebengineview.cpp
+++ b/src/webengine/api/qquickwebengineview.cpp
@@ -296,7 +296,7 @@ void QQuickWebEngineViewPrivate::allowCertificateError(const QSharedPointer<Cert
     // mark the object for gc by creating temporary jsvalue
     qmlEngine(q)->newQObject(quickController);
     Q_EMIT q->certificateError(quickController);
-    if (!quickController->deferred() && !quickController->answered())
+    if (!quickController->overridable() || (!quickController->deferred() && !quickController->answered()))
         quickController->rejectCertificate();
     else
         m_certificateErrorControllers.append(errorController);
diff --git a/src/webengine/doc/src/webengineview_lgpl.qdoc b/src/webengine/doc/src/webengineview_lgpl.qdoc
index 2d5cb95f6..7efe447ac 100644
--- a/src/webengine/doc/src/webengineview_lgpl.qdoc
+++ b/src/webengine/doc/src/webengineview_lgpl.qdoc
@@ -438,14 +438,13 @@
 
     To clear the search highlight, just pass an empty string.
 
-    The \a resultCallback must take a boolean parameter. It will be called with
-    a value of true if the \a subString was found; otherwise the callback value
-    will be false.
+    The \a resultCallback must take an integer parameter. It will be called with
+    the number of found occurrences of the \a subString.
 
     \code
-    findText("Qt", WebEngineView.FindCaseSensitively, function(success) {
-        if (success)
-            console.log("Qt was found!");
+    findText("Qt", WebEngineView.FindCaseSensitively, function(matchCount) {
+        if (matchCount > 0)
+            console.log("'Qt' tokens found:", matchCount);
     });
     \endcode
 */
diff --git a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp
index 8451bab1a..7b66ac876 100644
--- a/src/webenginewidgets/api/qwebenginepage.cpp
+++ b/src/webenginewidgets/api/qwebenginepage.cpp
@@ -1729,11 +1729,9 @@ void QWebEnginePagePrivate::allowCertificateError(const QSharedPointer<Certifica
     Q_Q(QWebEnginePage);
     bool accepted = false;
 
-    QWebEngineCertificateError error(controller->error(), controller->url(), controller->overridable() && !controller->strictEnforcement(), controller->errorString());
+    QWebEngineCertificateError error(controller->error(), controller->url(), controller->overridable(), controller->errorString());
     accepted = q->certificateError(error);
-
-    if (error.isOverridable())
-        controller->accept(accepted);
+    controller->accept(error.isOverridable() && accepted);
 }
 
 void QWebEnginePagePrivate::selectClientCert(const QSharedPointer<ClientCertSelectController> &controller)