| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 1b284e5b..b249cd9b:
> [Backport] CVE-2021-30553: Use after free in Network service
> [Backport] Security bug 1184294
> [Backport] CVE-2021-30569, security bugs 1198216, 1204814 and 1197786
> [Backport] CVE-2021-30560: Use after free in Blink XSLT
> [Backport] Security bug 1252858
> [Backport] Security bug 1242257
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
> [Backport] CVE-2021-30603: Race in WebAudio
> [Backport] CVE-2021-30585: Use after free in sensor handling
> [Backport] CVE-2021-30559: Out of bounds write in ANGLE
> [Backport] CVE-2021-30547: Out of bounds write in ANGLE
> [Backport] Security bug 1202534
> [Backport] CVE-2021-30522: Use after free in WebAudio
> Revert "[Backport] CVE-2021-21227: Insufficient data validation in V8"
> Revert "[Backport] CVE-2021-30513: Type Confusion in V8."
> Revert "[Backport] CVE-2021-21231: Insufficient data validation in V8"
Change-Id: I61c36404e160864bf4daa730cef62aec747996c7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|\
| |
| |
| | |
Change-Id: I0398cd3ed3fabd9b9472b39278b58e4b3be6f3e9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty bda00397..1b284e5b:
> Fix up [Backport] Security bug 1175503
> Fix up [Backport] CVE-2021-30513: Type Confusion in V8.
> [Backport] Security bug 1190525
> [Backport] CVE-2021-30518: Heap buffer overflow in Reader Mode.
> [Backport] CVE-2021-30513: Type Confusion in V8.
> [Backport] CVE-2021-30515: Use after free in File API.
> [Backport] Security bug 1175503
Task-number: QTBUG-93566
Change-Id: I41956c76cd2ff5f3b005f62a8ba406354d1063c5
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty 4e224e5a..bda00397:
> [Backport] CVE-2021-21231: Insufficient data validation in V8
> [Backport] CVE-2021-21207: Use after free in IndexedDB
> [Backport] CVE-2021-21230: Type Confusion in V8
> [Backport] CVE-2021-21227: Insufficient data validation in V8
> [Backport] Security bug 1192552
> [Backport] CVE-2021-21223: Integer overflow in Mojo
> [Backport] Security bugs 1175522 and 1181276
> [Backport] CVE-2021-21203: Use after free in Blink
> [Backport] CVE-2021-21204: Use after free in Blink.
> [Backport] CVE-2021-21202: Use after free in extensions.
> [Backport] CVE-2021-21214: Use after free in Network API
> [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo
> [Backport] CVE-2021-21206: Use after free in Blink
> [Backport] CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64
Task-number: QTBUG-93566
Change-Id: I9f67eb1df61710b44bdf670f669196afc47f7ac1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| | |
Change-Id: I97dd43738457d684c3f31ca02e93c729b8d13030
|
|/
|
|
|
|
|
|
|
|
| |
Fix also bug id which is incorrect.
Fixes: QTBUG-96925
Task-number: QTBUG-71895
(cherry picked from commit 27a2a77d2abed034129077db74302194f042e8da)
Change-Id: I0daf14c4ec31dfb867d9d7f531b9fdc6f7244e1b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 72f67be0..4e224e5a:
> Fixup [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio
> Fixup for [Backport] Security bug 1161048
> [Backport] CVE-2021-21156: Heap buffer overflow in V8
> [Backport] CVE-2021-21188: Use after free in Blink.
> [Backport] Security bug 1161847
> [Backport] CVE-2021-21195: Use after free in V8
> [Backport] CVE-2021-21198: Out of bounds read in IPC
> [Backport] Security bug 1185482
> [Backport] Security bug 1062941
> [Backport] CVE-2021-21175: Inappropriate implementation in Site isolation
> [Backport] Security bug 1161048
> [Backport] CVE-2021-21193: Use after free in Blink
> [Backport] CVE-2021-21190: Uninitialized Use in PDFium
> [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio
> [Backport] CVE-2021-21165: Object lifecycle issue in audio
> [Backport] Security bug 1180871
> [Backport] CVE-2021-21157: Use after free in Web Sockets
> [Backport] CVE-2021-21148: Heap buffer overflow in V8
> [Backport] CVE-2021-21137: Inappropriate implementation in DevTools
> [Backport] Security bug 1135594
> [Backport] CVE-2021-21153: Stack overflow in GPU Process
> [Backport] CVE-2021-21138: Use after free in DevTools
> [Backport] Security bug 1097499
> [Backport] Security bug 1144646
> [Backport] WebRTC bug 12105
> [Backport] CVE-2021-21119: Use after free in Media
> [Backport] CVE-2021-21140: Uninitialized Use in USB [2/2]
> [Backport] CVE-2021-21140: Uninitialized Use in USB [1/2]
> [Backport] CVE-2021-21120: Use after free in WebSQL
> [Backport] Security bug 1162198
> [Backport] CVE-2020-16044: Use after free in WebRTC [3/3]
> [Backport] CVE-2020-16044: Use after free in WebRTC [2/3]
> [Backport] CVE-2020-16044: Use after free in WebRTC [1/3]
> [Backport] CVE-2021-21146: Use after free in Navigation
> [Backport] Security bug 1152645
> [Backport] Security bug 1148309
> [Backport] CVE-2021-21114: Use after free in audio
Task-number: QTBUG-91422
Task-number: QTBUG-92456
Change-Id: I43eb42057fd9123d7a870f294936633ac235333e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mismatch in render tree on update may lead to crash when:
* less scenegraph nodes are updated than created - hence crash on
rendering since not all textures are replaced and old ones are
deleted on previous run in scope of 'commit' method
* more quads are processed than were on new tree create - hence crash on
an attempt to setup non-existent node in DelegatedNodeTreeUpdater.
Match logic of 'areRenderPassStructuresEqual' to main 'commit' method loop.
Fixes: QTBUG-76181
Fixes: QTBUG-85802
Change-Id: Ib0c6dbec8100a068948a4ca8c385ba516ba5c504
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes
95bf758e9e5 [Backport] CVE-2020-15968: Use after free in Blink
0f55630c2f4 [Backport] CVE-2020-15969: Use after free in WebRTC.
5a8e372fc7e [Backport] CVE-2020-6561: Inappropriate implementation in Content Security Policy
4e06eb9f1cc Fix bison 3.7
1357b9be19f [Backport] CVE-2020-15999: Heap buffer overflow in freetype
1456539bd05 [Backport] CVE-2020-16003: Use after free in printing.
6475589b7ed [Backport] CVE-2020-16001: Use after free in media.
92253f4cc04 [Backport] CVE-2020-16002: Use after free in PDFium.
5df1bd044c6 [Backport] CVE-2020-15979: Inappropriate implementation in V8
7138ac3ddcf [Backport] CVE-2020-15978 Insufficient data validation in navigation
5ede8738ccb [Backport] CVE-2020-15992 Insufficient policy enforcement in networking
a8f95043550 [Backport] CVE-2020-15987: Use after free in WebRTC (1/2)
e5adc243d57 [Backport] CVE-2020-15987: Use after free in WebRTC (2/2)
6411f535efd Fix potential leak after fix for CVE-2020-15987
e5c6b3de888 [Backport] CVE-2020-15989: Uninitialized Use in PDFium
811208e7b60 [Backport] Security bug 1125199
42a1a175af1 [Backport] CVE-2020-16008: Stack buffer overflow in WebRTC
aef97e76545 [Backport] CVE-2020-16011: Heap buffer overflow in UI on Windows.
ade0aef290c [Backport] Security bug 1137608
8e776e6e6f5 [Backport] CVE-2020-16014: Use after free in PPAPI
765a0ff57eb [Backport] CVE-2020-16022: Insufficient policy enforcement in networking
117abfcce74 [Backport] Dependency for CVE-2020-16024
05386001f90 [Backport] CVE-2020-16024: Heap buffer overflow in UI
275dca60b70 [Backport] CVE-2020-16028: Heap buffer overflow in WebRTC
053316ce37e [Backport] Security bug 1137603
cef4d6d73cd [Backport] Security bug 1142020
026b0132f6d Fix CVE-2020-16034 by disabling chrome://webrtc-internals
878d0697c48 [Backport] mac: make find_sdk.py work when the sdk goes to 11
4689c3d74c5 [Backport] CVE-2020-16040: Insufficient data validation in V8
a0c71808baf [Backport] CVE-2020-16016: Inappropriate implementation in base.
10cb7cc9b11 [Backport] Security bug 1123035
0fdd19c558e [Backport] CVE-2020-16027: Insufficient policy enforcement in developer tools.
2b0be93dc42 [Backport] Dependency for CVE-2020-16030
c1cc6046fbc [Backport] CVE-2020-16030: Insufficient data validation in Blink
72f67be024a [Backport] CVE-2020-16042: Uninitialized Use in V8
Updates test expectations for loading chrome://webrtc-internals in tst_qwebengineview.
Fixes: QTBUG-87787
Task-number: QTBUG-89191
Change-Id: I7e04b3f225affa9912dce1b1dd13f0dc8dba754b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
| |
Change-Id: I2fd487f244c0741aa6f4ce9a21cf1b0f3db4fb02
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When on macOS, with a frameworkless build, WebEngine resources are
stored in a Resources directory named with a capital R.
This is the standard directory name for resources on macOS, however
Qt WebEngine was expecting to find resources in a directory named
`resources` (no capitalized first letter).
Task-number: QTBUG-72368
Change-Id: I2106a50a63c6d812dc6ad649645e3b6b9e0471e2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 3a4e3c807c667491e133d04e3dcbadd0dad19826)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Change-Id: Ifaccaed80bc0c45e7284ef85afa4a598d6d16aeb
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 07fcac049e7b362b703f31ec559f5097f804588e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Change-Id: I11963ce31e082188b3dc39237bb530c915171898
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit bc14b2ae1d9f757c0040cf6fb1d6333efc89c25d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Change-Id: I01d63f447647c46fecf8df14c8c4df21189fd594
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 457c8baa8a3f577be1e999d06c32504d35862c64)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Change-Id: Id180c2ea2fefed919b4c623d20da392ad5db27d1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 78b44a26b256fdaa70832455d8d4711bbe7fa17a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
| |
Change-Id: I70d552fcc53d97ff8f44618f6c152d08dca7a9c0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
b59af853f7b [Backport] CVE-2020-6559: Use after free in presentation API
d7c2cf25399 [Backport] Security issue 1102137
82a0e2faa2a [Backport] CVE-2020-6562: Insufficient policy enforcement in Blink
46dbf8fb796 [Backport] CVE-2020-6569: Integer overflow in WebUSB
844c2922f46 [Backport] CVE-2020-6573: Use after free in video
872be05931a [Backport] CVE-2020-15962: Insufficient policy enforcement in serial
b769634b87a [Backport] Security bug 1111149
a4599b61975 [Backport] CVE-2020-6571: Incorrect security UI in Omnibox
c89a12ce788 [Backport] CVE-2020-15964: Insufficient data validation in media
30570c933fc [Backport] Security issue 1098860
d6e06841443 [Backport] CVE-2020-15965: Out of bounds write in V8
Task-number: QTBUG-85613
Change-Id: I5a013d1020a903775dec3682866269eb754b7d08
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
01257ab4c14 [Backport] CVE-2020-6489
e425d1134b9 [Backport] CVE-2020-6532: Use after free in SCTP
39d164c7113 [Backport] Security bug 1102408
72e1b27f06f [Backport] CVE-2020-6541: Use after free in WebUSB
bf12bcbd03c [Backport] Security bug 1065122
0561a33d0f5 [Backport] Security bug 1065731
ee1811a7e86 [Backport] CVE-2020-6540: Heap buffer overflow in Skia
a09bfbb191d [Backport] CVE-2020-6542: Use after free in ANGLE
2f38d2ab5b7 [Backport] CVE-2020-6543: Use after free in task scheduling
5ff9249f692 [Backport] CVE-2020-6544: Use after free in media
78121f30724 [Backport] CVE-2020-6545: Use after free in audio
cc48de17c5d [Backport] CVE-2020-6548: Heap buffer overflow in Skia
e490120c6b6 [Backport] CVE-2020-6549: Use after free in media
ca61def88f8 [Backport] CVE-2020-6462: Use after free in task scheduling
Task-number: QTBUG-85613
Change-Id: I3b3242d35a444b696ae89f9be454c800dbd2eba4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
a2c0edd19d4 [Backport] CVE-2020-6511: Side-channel information leakage in CSP (1/2)
b16fddc243a [Backport] CVE-2020-6511: Side-channel information leakage in CSP (2/2)
279102920a7 [Backport] CVE-2020-6513: Heap buffer overflow in PDFium
0521cd0d584 [Backport] CVE-2020-6514: Inappropriate implementation in WebRTC
53ab90f118d [Backport] CVE-2020-6523: Out of bounds write in Skia
618f960a12c [Backport] CVE-2020-6524: Heap buffer overflow in WebAudio
9c52e6b3360 [Backport] CVE-2020-6529: Inappropriate implementation in WebRTC
572a93d8f14 [Backport] CVE-2020-6535: Insufficient data validation in WebUI
2004c48a47e [Backport] Security bug 1054229
6a3ff8c66a9 [Backport] CVE-2020-6518: Use after free in developer tools
d06276e6183 [Backport] CVE-2020-6512: Type Confusion in V8 (1/3)
d8a0b1b22c1 [Backport] CVE-2020-6512: Type Confusion in V8 (2/3)
83793149bf5 [Backport] CVE-2020-6512: Type Confusion in V8 (3/3)
b97c5f89481 [Backport] Dependency for CVE-2020-6534 (1/4)
de381abe2ff [Backport] Dependency for CVE-2020-6534 (2/4)
8b2ba2a1e56 [Backport] Dependency for CVE-2020-6534 (3/4)
199df5c9049 [Backport] Dependency for CVE-2020-6534 (4/4)
bc33e1bbfaf [Backport] CVE-2020-6534: Heap buffer overflow in WebRTC
58f5e3f57e5 [Backport] CVE-2020-6490
c3003924faf [Backport] Security bug 1052492
1e1f4b33fa0 Security bugs 1087629 and 1029569
Task-number: QTBUG-85613
Change-Id: Ib2d3ed71b4f21cf3fa02474ace735a3c9c6c5126
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
Fixes: QTBUG-83710
Change-Id: Iaf5a33c0aeb53348d36cb7dda60602041299cd50
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 53498cb73392a222a113ae257f24f91e6d912518)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following changes:
* 9b01ea0194d [Backport] CVE-2020-6459
* 5d89aa45a7e [Backport] CVE-2020-6470
* 73765c84da6 [Backport] CVE-2020-6474
* c66812623ff [Backport] CVE-2020-6481
* 86482726e15 [Backport] Security Bug 1058515
* 120e629cb56 [Backport] Security Bug 1057369
* 4bd9fab8c65 [Backport] Security Bug 1051439
* cf563cfdb42 Add missing headers for build with linux-clang 10 spec
* 1417835f7de Fixup: Fix live editing
* cf70b8331ce [macOS] Add CoreProfile to the valid configurations for GPU switching
Task-number: QTBUG-84633
Change-Id: I16b148a6742c683dbc5eaab37bfbc4ddd3aebb0c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents unicode characters from becoming garbled when pasting the
clipboard content into an application that uses the HTML content
instead of the text data.
This mirrors the behavior of Chromium's clipboard adaptation for macOS
Fixes: QTBUG-75391
Change-Id: I033819a2caf3410509e90c9bc38c9830d184149d
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
(cherry picked from commit 7b5cb517da57f76437872a891c07fffd1779b6a4)
|
|\
| |
| |
| | |
Change-Id: I51e5141e38c637d5bfee85fd2b8bd8468097e5fe
|
| |
| |
| |
| |
| | |
Change-Id: I96949ad2a7be414c126b6a661bc5cceeeceaac7d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in security issues:
* 1def46aafc2 [Backport] Security Bug 1070012 1/5
* 54a56516088 [Backport] Security Bug 1070012 2/5
* fbc701311c1 [Backport] Security Bug 1070012 3/5
* ebc9d4ba625 [Backport] Security Bug 1070012 4/5
* 04e8b821b36 [Backport] Security Bug 1070012 5/5
* 8a53e97dba1 [Backport] CVE-2020-6467
Task-number: QTBUG-84633
Change-Id: I24367d2f3249f900202b2f847a762aefd0ef4072
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following changes:
* 7c34012060d [Backport] Fix for CVE-2020-6464
* c3a4dada23b [Backport] CVE-2020-6468
* 8d8aa95903c [Backport] Security bug 1075907
* e7c84adad1b [Backport] Security bug 1025302
* d686675960c [Backport] CVE-2020-6493
* 3a8febfdab7 Fixup for [Backport] Security bug 1025740 1/2
Task-number: QTBUG-84633
Change-Id: I9ad7da07ca0cdc4656cb936eef5a4e7445b31949
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following changes:
* 04567666dae [Backport] Fix for security issue 1066893
* 8dc8aecf84b [Backport] When suspending context, don't clear handlers
* 8ad03010124 [Backport] Security bug 1025740 1/2
* c8b517eb447 [Backport] Security bug 1025740 2/2
* 717395cfce0 [Backport] CVE-2020-6461: Use after free in storage
* b3b4d5af3a1 Fixup: add missing gn include
Task-number: QTBUG-84633
Change-Id: Ia56b018ea93caa091212b574947b26dd83ca52f3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following patches:
* d7755040dde Update sqlite, fixing CVE-2020-6455
* d009d836cfb [Backport] CVE-2020-6431
* bfc495cdeae [Backport] Fix for CVE-2020-6441
* 130150732b6 [Backport] Fix for CVE-2020-6443
* 3269720fc8a [Backport] Fix for security issue 1050090
* b96587fcf2c [Backport] CVE-2020-6432
* 47b2198c4ef [Backport] CVE-2020-6460
Task-number: QTBUG-84633
Change-Id: I9d45b6cc40cccbe4a8dc7931619cad60d6551217
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It is well known issue that url interceptors on 5.12 has
race condition on destruction, this is fixed in 5.13.1 and later.
Since this is just next end life LTS (having only security patches),
simply blacklist the tests to avoid flakiness on CI.
Change-Id: I20a493a42495f1a923cd56bc2b11f9485f50cdd7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* cab2fe0edbe Disable Empty Base Class Layout Optimization for MSVC
* e7cf409b07f [Backport] CVE-2020-6452
* d91969c6230 [Backport] CVE-2020-6450
* a54c653a3b8 [Backport] CVE-2020-6451
* 19363411c41 [Backport] Security Bug 1065094 1/2
* becfaac2ceb [Backport] Security Bug 1065094 2/2
* f11657ed645 [Backport] Fix for CVE-2020-6423
* 4cdf74a64d3 Fixup: msvc undefined type HandleScopeImplementer
Task-number: QTBUG-84633
Change-Id: Ia621d7d04ce7bdedbdb57d6ef0472c896bb2f215
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QMAKE_MAC_SDK_VERSION is set by
/usr/bin/xcrun --sdk macosx --show-sdk-version
in qtbase/mkpecs/features/mac/sdk.prf
From 10.15.4, xcrun outputs the SDK version in Major.Minor.Patch format
instead of Major.Minor. mac_sdk_min gn arg is expected to be in
Major.Minor format, therefor pass only the first 2 revision numbers to
gn.
Fixes: QTBUG-83318
Change-Id: I3af523dd5df8149fb5cd57b259c2bed889db88b5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 5d2026cb04ef8fd408e5722a84e2affb5b9a3119)
|
|
|
|
| |
Change-Id: I61e1eca3a3841f698b566d0c52985a5e28d85544
|
|\
| |
| |
| | |
Change-Id: I515f1330de2414296c91b1fd0c256c8d69a2ddc7
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
+ 13e2924f054170f399ea213cabbae2027831ceba Bump version
+ 2f56fd4a6b9b6f806334ba64b3689151a78d1d90 Update navigation actions when load finishes in a subframe
+ d7a7663c58fa81b04b2acc63c3e672fce2f46116 Fix crashes in urlChanged signal handlers
+ 3befcb16308f3b87a8c7b2dd1db69b69e2074c12 Update Chromium
+ c6d4d262cb42887bcc209087ab4270407f80e738 Update Chromium
+ 09287cb18d2d41a5b18c5cf7b1e8e07183618ff2 Update Chromium
Change-Id: I5dd5ae4c57aacea4717e36d77e84cac12cd2a3e8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in the following changes:
1a2d6d8df67 [Backport] Dependency for CVE-2020-6391
4ceb67df8cd [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (1/3)
bca907a58b5 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (2/3)
479882836f3 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (3/3)
f616cecf23c [Backport] CVE-2020-6399 - Insufficient policy enforcement in AppCache
62ca8dad9bb [Backport] Security bug 1035723
0ee1af65d4e [Backport] Fix multiple CVEs and security bugs in sqlite
7483e059d88 [Backport] CVE-2019-18197 - Multiple vulnerabilities in XML
Change-Id: I9d8992b1aa28f4fb5704b37d8493cd6964bcf4ed
Fixes: QTBUG-81910
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in the following changes:
cecd1a67e96 [Backport] CVE-2020-6394 - Insufficient policy enforcement in Blink
9a821b38b3f [Backport] CVE-2020-6398 - Uninitialized use in PDFium
3abef6fa271 [Backport] CVE-2020-6401 (1/3) and CVE-2020-6411
581ef6c8ccf [Backport] CVE-2020-6401 (2/3)
c0a826b58f7 [Backport] CVE-2020-6401 (3/3)
55b7cedcc65 [Backport] Security bug 1018629
873da842e3d [Backport] CVE-2020-6410 - Insufficient policy enforcement in navigation
dec516df711 [Backport] CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox
4b2fb2f933f [Backport] CVE-2020-6413 - Inappropriate implementation in Blink
86959566c4b [Backport] Security bug 1020031
442f3b6715d [Backport] Security bug 1016506
09277a67339 [Backport] Security bug 1026293
1bdf6178d9a [Backport] Security bug 1047097
6bf234cfacc [Backport] Security bug 1025442
02e9407022a [Backport] Security bug 1016038
f7524c75783 [Backport] CVE-2020-6388 - Out of bounds memory access in WebAudio
604ef94f4f9 [Backport] CVE-2019-20503: Out of bounds read in usersctplib
Task-number: QTBUG-81910
Change-Id: I5b36f3f65852af99cc551cbad2a6da60a1007176
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the following changes:
2c37da9ad4f [Backport] Allow restricted clock_nanosleep in Linux sandbox
1119bc1c945 [Backport] Security bug 1040700
7ce30813cdc [Backport] CVE-2020-6381 - Integer overflow in Javascript
50d216266c1 [Backport] CVE-2020-6418 - Type confusion in V8
f4ee4fe130c [Backport] CVE-2020-6383 - Type confusion in V8
7cfa13add28 [Backport] CVE-2020-6384: Use after free in WebAudio
a75e60afb7c [Backport] Security bug 1029865
24e36e97107 [Backport] Security bug 1044570
acb02559c02 [Backport] CVE-2020-6389 - Out of bounds write in WebRTC
807a82b2e28 [Backport] CVE-2020-6420: Insufficient policy enforcement in media
30040b36f90 [Backport] Security bug 1031909
9dfaed8eab0 [Backport] CVE-2020-6406 - Use after free in audio
ca0ca819983 [Backport] CVE-2020-6393 - Insufficient policy enforcement in Blink
Task-number: QTBUG-81910
Change-Id: Ib3c90cabf2151d652de2a4742f7b0422bf730419
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a user initiates page load from a urlChanged signal handler
after a failed navigation while still being in
NavigationRequest::OnRequestFailedInternal(), the new page load can
discard the pending navigation entry and delete the NavigationRequest
instance before finishing execution of OnRequestFailedInternal().
Fix crash by returning to the event loop before emitting
urlChanged signal.
Task-number: QTBUG-78490
Change-Id: I849a609f5524d715769079f6c5cabf8db6b45944
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Fixes: QTBUG-81521
Change-Id: I8ca82224cd834b667471d1e96a44430164d3669e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|\
| |
| |
| | |
Change-Id: I340a02dac932fecf19439e0707e8e9568bcf09a0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
+ 14e2814f95cbb1759100a2b974bc61ef39dfb9c2 Bump version
+ 5f05d9d1a3e0f30d4e7cccfe2d70387437fcccf3 Fix pepper flash plugin permission
+ 8b6f4924a1a8564987a9f0110060cc9b3a2d89bf Update Chromium
+ 7d82dafa46a356b80c8e55fda7e57f28ff1bc423 Fixup Update Chromium
+ a4b598d1633e8278776c922faae012681018cdc9 Merge remote-tracking branch 'origin/5.12.6' into 5.12
+ 5fa161b5f273ec60e77bbdcfdd0f87dd42a5a0bc Update Chromium
+ d268d9bba5589b7cc33e158b8563eae2ad67caff Update Chromium
+ 13fd53ae994ada3fca89c0d39b17df5395b712bf Update Chromium
+ 85e542f9376fd9bc8430c34b86ac05d13ed8d3f8 Update Chromium
Change-Id: Iffa4dbd79f9bc3777c2f1a70519b8893e99c9758
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following patches:
* f4f2d564d94 [Backport] CVE-2020-0601
* f91f6b41907 [Backport] Security bug 1035371 and 1034695
* 5ca6ac0f951 [Backport] Security bugs 1029506, 1029210, 1029027,
1029002, 1028722
Task-number: QTBUG-80736
Change-Id: I2680d5a4d9af95b0ee1e8b27f98749332250b04c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following patches:
* 28d34c9574b [Backport] CVE-2019-13738
* b94dccc951a [Backport] CVE-2019-13739
* f2ad81650e5 [Backport] CVE-2019-13735: Out of bounds write in V8
* 502cf4dc5a4 [Backport] Dependency of fix for CVE-2019-13758 (1/3)
* f59df0d5773 [Backport] Dependency of fix for CVE-2019-13758 (2/3)
* aedfb4f4114 [Backport] Dependency of fix for CVE-2019-13758 (3/3)
* e3130b222f6 [Backport] CVE-2019-13758: Insufficient policy
enforcement in navigation.
* a3c60650eae [Backport] CVE-2019-13728: Out of bounds write in V8
Task-number: QTBUG-80736
Change-Id: Id00bb34174b6f8313e6512bfd5f5928f6413a142
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following patches:
* 1d84b1d66de [Backport] CVE-2020-6377
* a0a756490e5 [Backport] CVE-2019-13761: Incorrect security UI in Omnibox.
* 1735d7de2e2 [Backport] Security bug 1027905
* 20d31c84457 [Backport] CVE-2019-13747: Uninitialized Use in rendering.
* b154c1e99b3 [Backport] Security bug 1025089
* 95f69c52f85 [Backport] CVE-2019-13757: Incorrect security UI in Omnibox (1/2)
* 0026972c101 [Backport] CVE-2019-13757: Incorrect security UI in Omnibox (2/2)
* f527b66b1e3 [Backport] Security bug 889276
* 37330fd70ee [Backport] Security bug 1033260
Task-number: QTBUG-80736
Change-Id: Ie98271999713f07e4c2fab86df28e86310e1a44b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following patches:
* 42b5c26a6af [Backport] Avoid leaking GamepadService in tests
* c7196fc6a85 [Backport] Security bug 1017020
* 8fafaa17b3b [Backport] Security bug 1017961
* 9d6e9a7ca2d [Backport] CVE-2019-13736
* f11302cbaab [Backport] CVE-2019-13737
* 990546181b6 [Backport] Fix for CVE-2019-13730: Type Confusion in V8
* f33ba482f60 [Backport] Fix for CVE-2019-13732: Use after free in WebAudio
* f0f6703e7d3 [Backport] Fix for CVE-2019-13764: Type Confusion in V8
* 67232758405 [Backport] Dependency for fixing CVE-2019-13734 (1/5)
* 520f5e48c7b [Backport] Dependency for fixing CVE-2019-13734 (2/5)
* b4b8e7c5a3c [Backport] Dependency for fixing CVE-2019-13734 (3/5)
* 17bda0b1daf [Backport] Dependency for fixing CVE-2019-13734 (4/5)
* 437d404bd6d [Backport] Dependency for fixing CVE-2019-13734 (5/5)
* bcba12fa82a [Backport] CVE-2019-13741: Insufficient validation of untrusted input in Blink
* b07274b9d31 [Backport] CVE-2019-13762: Insufficient policy enforcement in downloads.
* c445a9bcf07 [Backport] CVE-2019-13734: Out of bounds write in SQLite
* 0dde1aba1cd [Backport] Fix up for dependency for CVE-2019-13734 (3/5)
Task-number: QTBUG-80736
Change-Id: I53af6ffbe3975c8ab601eabba79c31acaf434482
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|/ |
|
|\
| |
| |
| | |
Change-Id: I03bd7ebc614b62a9f74a5050cb5fd99ab3e1b52d
|
| |
| |
| |
| |
| | |
Change-Id: Ib5f32dff2db201bc85f714b50937bad9093a92c6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrong hash:
* fc95242615b -> 0bf0431f9fe Revert "[Backport] CVE-2019-13701"
Change-Id: I05e2e6511df628c79d2d13e8c00139d53774134e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following changes:
* d88a4a62100 [Backport] CVE-2019-13700
* d835d057c27 [Backport] CVE-2019-13701
* 9e816ff0eb4 Fix compiling on Xcode 11.
* 7d0edd2bed2 Fix use of deprecated method for scanning wifi networks
* 5be6616bfe2 [Backport] CVE-2019-15903
* 63902dffe13 [Backport] CVE-2019-13714
* c8ec40bb38c [Backport] CVE-2019-13715
* 61ba046fc61 [Backport] CVE-2019-13718
* 300c4402c06 [Backport] Security bug 1011551
* e0369af7ae7 [Backport] Secuirty bug 1006544
* c9d697a2959 [Backport] Security bug 993266
* a7a50a7adf3 [Backport] Security bug 1018406
* 246773b5a07 [Backport] Security bug 955191
* fc95242615b Revert "[Backport] CVE-2019-13701"
Change-Id: I4ac3fe4acecc1d1193ecbf5c7966e8aad43cb68a
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|