diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-03-25 13:58:51 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-03-25 13:58:57 +0100 |
commit | 8947dc6902bfd2a8acd31b8c894407bf6a12695b (patch) | |
tree | b3d3630d54a27c6c376c39c64aadb5b4589df4bc | |
parent | 9522dc8f71e189cf75eabdca4b3fab2d254d1542 (diff) | |
parent | 35aa6c30f0e766b8825519e04242b7a4c93b6e0e (diff) |
Merge remote-tracking branch 'origin/5.14.2' into 5.14
Change-Id: I5f7aab6031f1c1ca289d5ba408d408684849031c
-rw-r--r-- | configure.pri | 2 | ||||
-rw-r--r-- | dist/changes-5.14.2 | 107 | ||||
m--------- | src/3rdparty | 0 | ||||
-rw-r--r-- | src/core/common/qt_messages.h | 6 | ||||
-rw-r--r-- | src/core/core_module.pro | 4 | ||||
-rw-r--r-- | src/core/render_widget_host_view_qt.cpp | 18 | ||||
-rw-r--r-- | src/core/web_engine_context.cpp | 51 | ||||
-rw-r--r-- | src/core/web_engine_context.h | 3 | ||||
-rw-r--r-- | src/core/web_engine_context_threads.cpp | 18 | ||||
-rw-r--r-- | tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp | 38 |
10 files changed, 201 insertions, 46 deletions
diff --git a/configure.pri b/configure.pri index 3a144e3f8..3cfce71e0 100644 --- a/configure.pri +++ b/configure.pri @@ -163,7 +163,7 @@ defineTest(qtConfTest_detectNinja) { !isEmpty(ninja) { qtLog("Found ninja from path: $$ninja") qtRunLoggedCommand("$$ninja --version", version)|return(false) - contains(version, "1.[7-9].*"): return(true) + contains(version, "1\.([7-9]|1[0-9])\..*"): return(true) qtLog("Ninja version too old") } qtLog("Building own ninja") diff --git a/dist/changes-5.14.2 b/dist/changes-5.14.2 new file mode 100644 index 000000000..3cf48a4f4 --- /dev/null +++ b/dist/changes-5.14.2 @@ -0,0 +1,107 @@ +Qt 5.14.2 is a bug-fix release. It maintains both forward and backward +compatibility (source and binary) with Qt 5.14.0 through 5.14.1. + +For more details, refer to the online documentation included in this +distribution. The documentation is also available online: + +https://doc.qt.io/qt-5/index.html + +The Qt version 5.14 series is binary compatible with the 5.13.x series. +Applications compiled for 5.13 will continue to run with 5.14. + +Some of the changes listed in this file include issue tracking numbers +corresponding to tasks in the Qt Bug Tracker: + +https://bugreports.qt.io/ + +Each of these identifiers can be entered in the bug tracker to obtain more +information about a particular change. + +**************************************************************************** +* Qt 5.14.2 Changes * +**************************************************************************** + +General +------- + + - [QTBUG-78284] Fixed conversion of tabpanel aria role + - [QTBUG-81206] Fixed overriding shortcuts in password input fields on Windows + - [QTBUG-80234] Fixed media playback issue on custom urls by supporting + HTTP ranges headers + - [QTBUG-81521] Update navigation actions when load finishes in a subframe + - [QTBUG-82109] Fixed name filters of GTK file picker + - [QTBUG-78284] Fixed widget accessibility on macOS + - [QTBUG-78284] Fixed quick accessibility on macOS + - [QTBUG-81783] Fixed event.key for Ctrl key combinations on Windows + - [QTBUG-81574] Clear previous page text selection on new navigation unconditionally + - [QTBUG-78284] Fixed VoiceOver navigation on web pages on macOS + - [QTBUG-81539] Update accessibility focus on FocusIn events for Quick + - [QTBUG-82715] Support build with system ninja >= 1.10.0 + - Fixed deadlocks on WebEngineContext destruction + - Suppress error message on ACCESSIBILITY_EVENTS permission type + - Example 'quicknanobrowser' improvements + +Chromium +-------- + + - Fixed build with gcc 5 + - Fixed -no-webengine-spellchecker build + + - Security fixes from Chromium up to version 80.0.3987.132, including: + + * CVE-2019-19880 + * CVE-2019-19923 - Out of bounds memory access in SQLite + * CVE-2019-19925 - Multiple vulnerabilities in SQLite + * CVE-2019-19926 - Inappropriate implementation in SQLite + * CVE-2019-18197 - Multiple vulnerabilities in XML + * CVE-2019-20503 - Out of bounds read in usersctplib + * CVE-2020-6381 - Integer overflow in Javascript + * CVE-2020-6383 - Type confusion in V8 + * CVE-2020-6384 - Use after free in WebAudio + * CVE-2020-6385 - Insufficient policy enforcement in storage + * CVE-2020-6387 - Out of bounds write in WebRTC + * CVE-2020-6388 - Out of bounds memory access in WebAudio + * CVE-2020-6389 - Out of bounds write in WebRTC + * CVE-2020-6390 - Out of bounds memory access in streams + * CVE-2020-6391 - Insufficient validation of untrusted input in Blink + * CVE-2020-6392 - Insufficient policy enforcement in extensions + * CVE-2020-6393 - Insufficient policy enforcement in Blink + * CVE-2020-6394 - Insufficient policy enforcement in Blink + * CVE-2020-6395 - Out of bounds read in JavaScript + * CVE-2020-6396 - Inappropriate implementation in Skia + * CVE-2020-6398 - Uninitialized use in PDFium + * CVE-2020-6399 - Insufficient policy enforcement in AppCache + * CVE-2020-6400 - Inappropriate implementation in CORS + * CVE-2020-6401 + * CVE-2020-6404 - Inappropriate implementation in Blink + * CVE-2020-6405 - Out of bounds read in SQLite + * CVE-2020-6406 - Use after free in audio + * CVE-2020-6407 - Out of bounds memory access in streams + * CVE-2020-6410 - Insufficient policy enforcement in navigation + * CVE-2020-6411 + * CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox + * CVE-2020-6413 - Inappropriate implementation in Blink + * CVE-2020-6415 + * CVE-2020-6418 - Type confusion in V8 + * CVE-2020-6420 - Insufficient policy enforcement in media + * CVE-2020-6422 - Use after free in WebGL. + * CVE-2020-6426 - Inappropriate implementation in V8. + * CVE-2020-6427 - Use after free in audio. + * CVE-2020-6428 - Use after free in audio. + * CVE-2020-6429 - Use after free in audio. + * CVE-2020-6449 - Use after free in audio. + * Security bug 925035 + * Security bug 1016038 + * Security bug 1016506 + * Security bug 1018629 + * Security bug 1020031 + * Security bug 1025442 + * Security bug 1026293 + * Security bug 1029865 + * Security bug 1031909 + * Security bug 1033461 + * Security bug 1035723 + * Security bug 1040700 + * Security bug 1044570 + * Security bug 1047097 + diff --git a/src/3rdparty b/src/3rdparty -Subproject 12a57d9c943eaa80d87481712fe58f7bf6678ba +Subproject 6c9be50c2d901e66119679155fb3c7c9200448d diff --git a/src/core/common/qt_messages.h b/src/core/common/qt_messages.h index b99204b74..43f07c9a6 100644 --- a/src/core/common/qt_messages.h +++ b/src/core/common/qt_messages.h @@ -36,6 +36,9 @@ IPC_MESSAGE_ROUTED1(RenderViewObserverQt_FetchDocumentMarkup, IPC_MESSAGE_ROUTED1(RenderViewObserverQt_FetchDocumentInnerText, uint64_t /* requestId */) +IPC_MESSAGE_ROUTED1(RenderViewObserverQt_SetBackgroundColor, + uint32_t /* color */) + // User scripts messages IPC_MESSAGE_ROUTED1(RenderFrameObserverHelper_AddScript, UserScriptData /* script */) @@ -65,9 +68,6 @@ IPC_MESSAGE_ROUTED2(RenderViewObserverHostQt_DidFetchDocumentInnerText, uint64_t /* requestId */, base::string16 /* innerText */) -IPC_MESSAGE_ROUTED1(RenderViewObserverQt_SetBackgroundColor, - uint32_t /* color */) - IPC_MESSAGE_ROUTED0(RenderViewObserverHostQt_DidFirstVisuallyNonEmptyLayout) //----------------------------------------------------------------------------- diff --git a/src/core/core_module.pro b/src/core/core_module.pro index 4b9268e1a..d7e2ab8da 100644 --- a/src/core/core_module.pro +++ b/src/core/core_module.pro @@ -107,7 +107,7 @@ resources.files = $$REPACK_DIR/qtwebengine_resources.pak \ icu.files = $$OUT_PWD/$$getConfigDir()/icudtl.dat -!debug_and_release|!build_all|CONFIG(release, debug|release) { +!qtConfig(debug_and_release)|!qtConfig(build_all)|CONFIG(release, debug|release) { qtConfig(framework) { locales.version = Versions locales.path = Resources/qtwebengine_locales @@ -146,7 +146,7 @@ icu.files = $$OUT_PWD/$$getConfigDir()/icudtl.dat } } -!build_pass:debug_and_release { +!build_pass:qtConfig(debug_and_release) { # Special GNU make target that ensures linking isn't done for both debug and release builds # at the same time. notParallel.target = .NOTPARALLEL diff --git a/src/core/render_widget_host_view_qt.cpp b/src/core/render_widget_host_view_qt.cpp index e9be587cf..7a5118837 100644 --- a/src/core/render_widget_host_view_qt.cpp +++ b/src/core/render_widget_host_view_qt.cpp @@ -48,6 +48,7 @@ #include "touch_selection_controller_client_qt.h" #include "touch_selection_menu_controller.h" #include "type_conversion.h" +#include "web_contents_adapter.h" #include "web_contents_adapter_client.h" #include "web_event_factory.h" @@ -488,23 +489,20 @@ gfx::Rect RenderWidgetHostViewQt::GetViewBounds() void RenderWidgetHostViewQt::UpdateBackgroundColor() { + DCHECK(GetBackgroundColor()); + SkColor color = *GetBackgroundColor(); + + m_delegate->setClearColor(toQt(color)); + if (m_enableViz) { - DCHECK(GetBackgroundColor()); - SkColor color = *GetBackgroundColor(); bool opaque = SkColorGetA(color) == SK_AlphaOPAQUE; m_rootLayer->SetFillsBoundsOpaquely(opaque); m_rootLayer->SetColor(color); m_uiCompositor->SetBackgroundColor(color); - m_delegate->setClearColor(toQt(color)); - host()->Send(new RenderViewObserverQt_SetBackgroundColor(host()->GetRoutingID(), color)); - return; } - auto color = GetBackgroundColor(); - if (color) { - m_delegate->setClearColor(toQt(*color)); - host()->Send(new RenderViewObserverQt_SetBackgroundColor(host()->GetRoutingID(), *color)); - } + content::RenderViewHost *rvh = content::RenderViewHost::From(host()); + host()->Send(new RenderViewObserverQt_SetBackgroundColor(rvh->GetRoutingID(), color)); } // Return value indicates whether the mouse is locked successfully or not. diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp index c34d3c612..286842a20 100644 --- a/src/core/web_engine_context.cpp +++ b/src/core/web_engine_context.cpp @@ -49,6 +49,9 @@ #include "base/task/sequence_manager/thread_controller_with_message_pump_impl.h" #include "base/threading/thread_restrictions.h" #include "cc/base/switches.h" +#include "content/gpu/gpu_child_thread.h" +#include "content/browser/compositor/surface_utils.h" +#include "components/viz/host/host_frame_sink_manager.h" #if QT_CONFIG(webengine_printing_and_pdf) #include "chrome/browser/printing/print_job_manager.h" #include "components/printing/browser/features.h" @@ -211,6 +214,26 @@ bool usingSoftwareDynamicGL() #endif } +static bool waitForViz = false; +static void completeVizCleanup() +{ + waitForViz = false; +} + +static void cleanupVizProcess() +{ + auto gpuChildThread = content::GpuChildThread::instance(); + if (!gpuChildThread) + return; + auto vizMain = gpuChildThread->viz_main(); + auto vizCompositorThreadRunner = vizMain->viz_compositor_thread_runner(); + if (!vizCompositorThreadRunner) + return; + waitForViz = true; + content::GetHostFrameSinkManager()->SetConnectionLostCallback(base::DoNothing()); + vizCompositorThreadRunner->CleanupForShutdown(base::BindOnce(&completeVizCleanup)); +} + scoped_refptr<QtWebEngineCore::WebEngineContext> WebEngineContext::m_handle; bool WebEngineContext::m_destroyed = false; @@ -257,14 +280,21 @@ void WebEngineContext::destroy() if (m_devtoolsServer) m_devtoolsServer->stop(); - // Normally the GPU thread is shut down when the GpuProcessHost is destroyed - // on IO thread (triggered by ~BrowserMainRunner). But by that time the UI - // task runner is not working anymore so we need to do this earlier. - destroyGpuProcess(m_threadedGpu); base::MessagePump::Delegate *delegate = static_cast<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl *>( m_runLoop->delegate_); + // Normally the GPU thread is shut down when the GpuProcessHost is destroyed + // on IO thread (triggered by ~BrowserMainRunner). But by that time the UI + // task runner is not working anymore so we need to do this earlier. + if (features::IsVizDisplayCompositorEnabled()) { + cleanupVizProcess(); + while (waitForViz) { + while (delegate->DoWork()){} + QThread::msleep(50); + } + } + destroyGpuProcess(); // Flush the UI message loop before quitting. while (delegate->DoWork()) { } @@ -412,8 +442,7 @@ static void appendToFeatureSwitch(base::CommandLine *commandLine, const char *fe } WebEngineContext::WebEngineContext() - : m_threadedGpu(true) - , m_mainDelegate(new ContentMainDelegateQt) + : m_mainDelegate(new ContentMainDelegateQt) , m_globalQObject(new QObject()) { #if defined(Q_OS_MACOS) @@ -515,13 +544,13 @@ WebEngineContext::WebEngineContext() if (isDesktopGLOrSoftware || isGLES2Context) parsedCommandLine->AppendSwitch(switches::kDisableES3GLContext); #endif - + bool threadedGpu = false; #ifndef QT_NO_OPENGL - m_threadedGpu = QOpenGLContext::supportsThreadedOpenGL(); + threadedGpu = QOpenGLContext::supportsThreadedOpenGL(); #endif - m_threadedGpu = m_threadedGpu && !qEnvironmentVariableIsSet(kDisableInProcGpuThread); + threadedGpu = threadedGpu && !qEnvironmentVariableIsSet(kDisableInProcGpuThread); - bool enableViz = ((m_threadedGpu && !parsedCommandLine->HasSwitch("disable-viz-display-compositor")) + bool enableViz = ((threadedGpu && !parsedCommandLine->HasSwitch("disable-viz-display-compositor")) || parsedCommandLine->HasSwitch("enable-viz-display-compositor")); parsedCommandLine->RemoveSwitch("disable-viz-display-compositor"); parsedCommandLine->RemoveSwitch("enable-viz-display-compositor"); @@ -660,7 +689,7 @@ WebEngineContext::WebEngineContext() parsedCommandLine->AppendSwitch(switches::kDisableGpu); } - registerMainThreadFactories(m_threadedGpu); + registerMainThreadFactories(threadedGpu); SetContentClient(new ContentClientQt); diff --git a/src/core/web_engine_context.h b/src/core/web_engine_context.h index edced9b42..ac0536596 100644 --- a/src/core/web_engine_context.h +++ b/src/core/web_engine_context.h @@ -129,9 +129,8 @@ private: ~WebEngineContext(); static void registerMainThreadFactories(bool threaded); - static void destroyGpuProcess(bool threaded); + static void destroyGpuProcess(); - bool m_threadedGpu; std::unique_ptr<base::RunLoop> m_runLoop; std::unique_ptr<ContentMainDelegateQt> m_mainDelegate; std::unique_ptr<content::ContentMainRunner> m_contentRunner; diff --git a/src/core/web_engine_context_threads.cpp b/src/core/web_engine_context_threads.cpp index f0f055676..c7440dd3f 100644 --- a/src/core/web_engine_context_threads.cpp +++ b/src/core/web_engine_context_threads.cpp @@ -92,20 +92,6 @@ struct GpuThreadControllerQt : content::GpuThreadController s_gpuProcess->set_main_thread(childThread); } - static void cleanupVizProcess() - { - auto gpuChildThread = content::GpuChildThread::instance(); - if (!gpuChildThread) - return; - auto vizMain = gpuChildThread->viz_main(); - auto vizCompositorThreadRunner = vizMain->viz_compositor_thread_runner(); - if (!vizCompositorThreadRunner) - return; - QEventLoop loop; - vizCompositorThreadRunner->CleanupForShutdown(base::BindOnce(&QEventLoop::quit, base::Unretained(&loop))); - loop.exec(); - } - static void destroyGpuProcess() { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); @@ -133,10 +119,8 @@ static std::unique_ptr<content::GpuThreadController> createGpuThreadController( } // static -void WebEngineContext::destroyGpuProcess(bool threaded) +void WebEngineContext::destroyGpuProcess() { - if (!threaded) - GpuThreadControllerQt::cleanupVizProcess(); GpuThreadControllerQt::destroyGpuProcess(); } diff --git a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp index d0453e1e6..94ce92e40 100644 --- a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp +++ b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp @@ -226,6 +226,7 @@ private Q_SLOTS: void customUserAgentInNewTab(); void renderProcessCrashed(); + void backgroundColor(); private: static QPoint elementCenter(QWebEnginePage *page, const QString &id); @@ -4370,6 +4371,43 @@ void tst_QWebEnginePage::renderProcessCrashed() status == QWebEnginePage::AbnormalTerminationStatus); } +void tst_QWebEnginePage::backgroundColor() +{ + QWebEngineProfile profile; + QWebEngineView view; + QWebEnginePage *page = new QWebEnginePage(&profile, &view); + + view.resize(640, 480); + view.show(); + QPoint center(view.size().width() / 2, view.size().height() / 2); + + QCOMPARE(page->backgroundColor(), Qt::white); + QTRY_COMPARE(view.grab().toImage().pixelColor(center), Qt::white); + + page->setBackgroundColor(Qt::red); + view.setPage(page); + + QCOMPARE(page->backgroundColor(), Qt::red); + QTRY_COMPARE(view.grab().toImage().pixelColor(center), Qt::red); + + page->setHtml(QString("<html>" + "<head><style>html, body { margin:0; padding:0; }</style></head>" + "<body><div style=\"width:100%; height:10px; background-color:black\"/></body>" + "</html>")); + QSignalSpy spyFinished(page, &QWebEnginePage::loadFinished); + QVERIFY(spyFinished.wait()); + // Make sure the page is rendered and the test is not grabbing the color of the RenderWidgetHostViewQtDelegateWidget. + QTRY_COMPARE(view.grab().toImage().pixelColor(QPoint(5, 5)), Qt::black); + + QCOMPARE(page->backgroundColor(), Qt::red); + QCOMPARE(view.grab().toImage().pixelColor(center), Qt::red); + + page->setBackgroundColor(Qt::green); + + QCOMPARE(page->backgroundColor(), Qt::green); + QTRY_COMPARE(view.grab().toImage().pixelColor(center), Qt::green); +} + static QByteArrayList params = {QByteArrayLiteral("--use-fake-device-for-media-stream")}; W_QTEST_MAIN(tst_QWebEnginePage, params) |