Merge remote-tracking branch 'origin/5.15.1' into 5.15

Change-Id: Ieb546ccd35db06e8ad6358b11e3139a839c9b4cf

6 files changed, 40 insertions, 15 deletions

diff --git a/coin/qt-installer-package-config.json b/coin/qt-installer-package-config.json
index f9584a100..8507c9ec9 100644
--- a/coin/qt-installer-package-config.json
+++ b/coin/qt-installer-package-config.json
@@ -8,6 +8,7 @@
             "**/lib/cmake/Qt5PdfWidgets/*",
             "**/lib/pkgconfig/Qt5Pdf*",
             "**/lib/libQt5Pdf*",
+            "**/lib/static_chrome/*",
             "**/mkspecs/modules/qt_lib_pdf*",
             "**/plugins/imageformats/*",
             "**/qml/QtQuick/**/*"
diff --git a/dist/changes-5.15.1 b/dist/changes-5.15.1
index eebe5957e..263f04ec3 100644
--- a/dist/changes-5.15.1
+++ b/dist/changes-5.15.1
@@ -66,7 +66,7 @@ General
 Chromium
 --------
 
- - Security fixes from Chromium up to version 84.0.4147.125, including:
+ - Security fixes from Chrome up to version 85.0.4183.83, including:
 
     * CVE-2020-6467
     * CVE-2020-6468
@@ -114,6 +114,7 @@ Chromium
     * CVE-2020-6550: Use after free in IndexedDB
     * CVE-2020-6551: Use after free in WebXR
     * CVE-2020-6555: Out of bounds read in WebGL
+    * CVE-2020-6559: Use after free in presentation API
     * Security bug 1025302
     * Security bug 1029569
     * Security Bug 1048619
@@ -131,4 +132,7 @@ Chromium
     * Security bug 1087158
     * Security bug 1087629
     * Security bug 1090543
+    * Security bug 1098860
+    * Security bug 1102137
     * Security bug 1102408
+    * Security bug 1108639
diff --git a/src/3rdparty b/src/3rdparty
-Subproject 4e0b66a6f2d6901b4c738c8bcfb9d89d74def60
+Subproject 62bc475876cbae17e2e39175fe321780512e595
diff --git a/src/buildtools/config/linking.pri b/src/buildtools/config/linking.pri
index e4f40ba71..e76f6ef10 100644
--- a/src/buildtools/config/linking.pri
+++ b/src/buildtools/config/linking.pri
@@ -25,28 +25,31 @@ for(archive, NINJA_ARCHIVES): RSP_A_CONTENT += $$archive
 write_file($$RSP_ARCHIVE_FILE, RSP_A_CONTENT)
 
 if(macos|ios) {
-    QMAKE_LFLAGS += -Wl,-filelist,$$shell_quote($${RSP_OBJECT_FILE})
     !static {
+        QMAKE_LFLAGS += -Wl,-filelist,$$shell_quote($${RSP_OBJECT_FILE})
         QMAKE_LFLAGS += @$${RSP_ARCHIVE_FILE}
     } else {
+        OBJECTS += $$NINJA_OBJECTS
         LIBS_PRIVATE += $${NINJA_ARCHIVES}
     }
 }
 
 linux {
-    QMAKE_LFLAGS += @$${RSP_OBJECT_FILE}
     !static {
+        QMAKE_LFLAGS += @$${RSP_OBJECT_FILE}
         QMAKE_LFLAGS += -Wl,--start-group @$${RSP_ARCHIVE_FILE} -Wl,--end-group
     } else {
+        OBJECTS += $$NINJA_OBJECTS
         LIBS_PRIVATE += -Wl,--start-group @$${NINJA_ARCHIVES} -Wl,--end-group
     }
 }
 
 win32 {
-    QMAKE_LFLAGS += @$${RSP_OBJECT_FILE}
     !static {
+        QMAKE_LFLAGS += @$${RSP_OBJECT_FILE}
         QMAKE_LFLAGS += @$${RSP_ARCHIVE_FILE}
     } else {
+        OBJECTS += $$NINJA_OBJECTS
         LIBS_PRIVATE += $${NINJA_ARCHIVES}
     }
 }
diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp
index b42aa64bb..8e084a40b 100644
--- a/src/core/net/proxying_url_loader_factory_qt.cpp
+++ b/src/core/net/proxying_url_loader_factory_qt.cpp
@@ -258,7 +258,7 @@ void InterceptedRequest::InterceptOnIOThread(base::WaitableEvent *event)
 void InterceptedRequest::InterceptOnUIThread()
 {
     DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-    if (profile_request_interceptor_)
+    if (profile_request_interceptor_ && !profile_request_interceptor_->property("deprecated").toBool())
         profile_request_interceptor_->interceptRequest(request_info_);
 
     if (!request_info_.changed() && page_request_interceptor_)
diff --git a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp
index e3b7af18c..d22c897da 100644
--- a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp
+++ b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp
@@ -118,29 +118,42 @@ struct RequestInfo {
 
 static const QByteArray kHttpHeaderReferrerValue = QByteArrayLiteral("http://somereferrer.com/");
 static const QByteArray kHttpHeaderRefererName = QByteArrayLiteral("referer");
+static const QUrl kRedirectUrl = QUrl("qrc:///resources/content.html");
 
 class TestRequestInterceptor : public QWebEngineUrlRequestInterceptor
 {
 public:
     QList<RequestInfo> requestInfos;
-    bool shouldIntercept;
+    bool shouldRedirect = false;
     QMap<QUrl, QSet<QUrl>> requestInitiatorUrls;
+    QMap<QByteArray, QByteArray> headers;
 
     void interceptRequest(QWebEngineUrlRequestInfo &info) override
     {
         QCOMPARE(QThread::currentThread() == QCoreApplication::instance()->thread(), !property("deprecated").toBool());
+
         // Since 63 we also intercept some unrelated blob requests..
         if (info.requestUrl().scheme() == QLatin1String("blob"))
             return;
-        info.block(info.requestMethod() != QByteArrayLiteral("GET"));
-        if (shouldIntercept && info.requestUrl().toString().endsWith(QLatin1String("__placeholder__")))
-            info.redirect(QUrl("qrc:///resources/content.html"));
 
-        // Set referrer header
-        info.setHttpHeader(kHttpHeaderRefererName, kHttpHeaderReferrerValue);
+        bool block = info.requestMethod() != QByteArrayLiteral("GET");
+        bool redirect = shouldRedirect && info.requestUrl() != kRedirectUrl;
+
+        if (block) {
+            info.block(true);
+        } else if (redirect) {
+            info.redirect(kRedirectUrl);
+        } else {
+            // set additional headers if any required by test
+            for (auto it = headers.begin(); it != headers.end(); ++it) info.setHttpHeader(it.key(), it.value());
+        }
 
         requestInitiatorUrls[info.requestUrl()].insert(info.initiator());
         requestInfos.append(info);
+
+        // MEMO avoid unintentionally changing request when it is not needed for test logic
+        //      since api behavior depends on 'changed' state of the info object
+        Q_ASSERT(info.changed() == (block || redirect || !headers.empty()));
     }
 
     bool shouldSkipRequest(const RequestInfo &requestInfo)
@@ -182,8 +195,8 @@ public:
         return false;
     }
 
-    TestRequestInterceptor(bool intercept)
-        : shouldIntercept(intercept)
+    TestRequestInterceptor(bool redirect)
+        : shouldRedirect(redirect)
     {
     }
 };
@@ -219,7 +232,7 @@ void tst_QWebEngineUrlRequestInterceptor::interceptRequest()
     QFETCH(InterceptorSetter, setter);
     QWebEngineProfile profile;
     profile.settings()->setAttribute(QWebEngineSettings::ErrorPageEnabled, false);
-    TestRequestInterceptor interceptor(/* intercept */ true);
+    TestRequestInterceptor interceptor(/* intercept */ false);
     (profile.*setter)(&interceptor);
     QWebEnginePage page(&profile);
     QSignalSpy loadSpy(&page, SIGNAL(loadFinished(bool)));
@@ -239,6 +252,7 @@ void tst_QWebEngineUrlRequestInterceptor::interceptRequest()
     QVERIFY(!success.toBool());
     loadSpy.clear();
 
+    interceptor.shouldRedirect = true;
     page.load(QUrl("qrc:///resources/__placeholder__"));
     QTRY_COMPARE(loadSpy.count(), 1);
     success = loadSpy.takeFirst().takeFirst();
@@ -339,6 +353,8 @@ void tst_QWebEngineUrlRequestInterceptor::requestedUrl()
     QCOMPARE(page.requestedUrl(), QUrl("qrc:///resources/__placeholder__"));
     QCOMPARE(page.url(), QUrl("qrc:///resources/content.html"));
 
+    interceptor.shouldRedirect = false;
+
     page.setUrl(QUrl("qrc:/non-existent.html"));
     QTRY_COMPARE(spy.count(), 2);
     QVERIFY(interceptor.requestInfos.count() >= 3);
@@ -634,7 +650,8 @@ void tst_QWebEngineUrlRequestInterceptor::passRefererHeader()
     });
 
     QWebEngineProfile profile;
-    TestRequestInterceptor interceptor(true);
+    TestRequestInterceptor interceptor(false);
+    interceptor.headers.insert(kHttpHeaderRefererName, kHttpHeaderReferrerValue);
     (profile.*setter)(&interceptor);
 
     QWebEnginePage page(&profile);