summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update Chromium5.12Michael Brüning2021-11-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 1b284e5b..b249cd9b: > [Backport] CVE-2021-30553: Use after free in Network service > [Backport] Security bug 1184294 > [Backport] CVE-2021-30569, security bugs 1198216, 1204814 and 1197786 > [Backport] CVE-2021-30560: Use after free in Blink XSLT > [Backport] Security bug 1252858 > [Backport] Security bug 1242257 > [Backport] CVE-2021-30627: Type Confusion in Blink layout > [Backport] CVE-2021-30618: Inappropriate implementation in DevTools > [Backport] CVE-2021-30603: Race in WebAudio > [Backport] CVE-2021-30585: Use after free in sensor handling > [Backport] CVE-2021-30559: Out of bounds write in ANGLE > [Backport] CVE-2021-30547: Out of bounds write in ANGLE > [Backport] Security bug 1202534 > [Backport] CVE-2021-30522: Use after free in WebAudio > Revert "[Backport] CVE-2021-21227: Insufficient data validation in V8" > Revert "[Backport] CVE-2021-30513: Type Confusion in V8." > Revert "[Backport] CVE-2021-21231: Insufficient data validation in V8" Change-Id: I61c36404e160864bf4daa730cef62aec747996c7 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Merge remote-tracking branch 'origin/5.12.11' into HEADMichael Brüning2021-11-111-0/+0
|\ | | | | | | Change-Id: I0398cd3ed3fabd9b9472b39278b58e4b3be6f3e9
| * Update Chromiumv5.12.11Michael Brüning2021-05-141-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty bda00397..1b284e5b: > Fix up [Backport] Security bug 1175503 > Fix up [Backport] CVE-2021-30513: Type Confusion in V8. > [Backport] Security bug 1190525 > [Backport] CVE-2021-30518: Heap buffer overflow in Reader Mode. > [Backport] CVE-2021-30513: Type Confusion in V8. > [Backport] CVE-2021-30515: Use after free in File API. > [Backport] Security bug 1175503 Task-number: QTBUG-93566 Change-Id: I41956c76cd2ff5f3b005f62a8ba406354d1063c5 Reviewed-by: Michal Klocek <michal.klocek@qt.io> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
| * Update ChromiumMichael Brüning2021-05-101-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 4e224e5a..bda00397: > [Backport] CVE-2021-21231: Insufficient data validation in V8 > [Backport] CVE-2021-21207: Use after free in IndexedDB > [Backport] CVE-2021-21230: Type Confusion in V8 > [Backport] CVE-2021-21227: Insufficient data validation in V8 > [Backport] Security bug 1192552 > [Backport] CVE-2021-21223: Integer overflow in Mojo > [Backport] Security bugs 1175522 and 1181276 > [Backport] CVE-2021-21203: Use after free in Blink > [Backport] CVE-2021-21204: Use after free in Blink. > [Backport] CVE-2021-21202: Use after free in extensions. > [Backport] CVE-2021-21214: Use after free in Network API > [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo > [Backport] CVE-2021-21206: Use after free in Blink > [Backport] CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64 Task-number: QTBUG-93566 Change-Id: I9f67eb1df61710b44bdf670f669196afc47f7ac1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* | Bump versionJani Heikkinen2021-10-041-1/+1
| | | | | | | | Change-Id: I97dd43738457d684c3f31ca02e93c729b8d13030
* | Skip tst_QWebEngineProfile::qtbug_71895 if network load failsJüri Valdmann2021-09-291-4/+5
|/ | | | | | | | | | Fix also bug id which is incorrect. Fixes: QTBUG-96925 Task-number: QTBUG-71895 (cherry picked from commit 27a2a77d2abed034129077db74302194f042e8da) Change-Id: I0daf14c4ec31dfb867d9d7f531b9fdc6f7244e1b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2021-04-131-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 72f67be0..4e224e5a: > Fixup [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio > Fixup for [Backport] Security bug 1161048 > [Backport] CVE-2021-21156: Heap buffer overflow in V8 > [Backport] CVE-2021-21188: Use after free in Blink. > [Backport] Security bug 1161847 > [Backport] CVE-2021-21195: Use after free in V8 > [Backport] CVE-2021-21198: Out of bounds read in IPC > [Backport] Security bug 1185482 > [Backport] Security bug 1062941 > [Backport] CVE-2021-21175: Inappropriate implementation in Site isolation > [Backport] Security bug 1161048 > [Backport] CVE-2021-21193: Use after free in Blink > [Backport] CVE-2021-21190: Uninitialized Use in PDFium > [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio > [Backport] CVE-2021-21165: Object lifecycle issue in audio > [Backport] Security bug 1180871 > [Backport] CVE-2021-21157: Use after free in Web Sockets > [Backport] CVE-2021-21148: Heap buffer overflow in V8 > [Backport] CVE-2021-21137: Inappropriate implementation in DevTools > [Backport] Security bug 1135594 > [Backport] CVE-2021-21153: Stack overflow in GPU Process > [Backport] CVE-2021-21138: Use after free in DevTools > [Backport] Security bug 1097499 > [Backport] Security bug 1144646 > [Backport] WebRTC bug 12105 > [Backport] CVE-2021-21119: Use after free in Media > [Backport] CVE-2021-21140: Uninitialized Use in USB [2/2] > [Backport] CVE-2021-21140: Uninitialized Use in USB [1/2] > [Backport] CVE-2021-21120: Use after free in WebSQL > [Backport] Security bug 1162198 > [Backport] CVE-2020-16044: Use after free in WebRTC [3/3] > [Backport] CVE-2020-16044: Use after free in WebRTC [2/3] > [Backport] CVE-2020-16044: Use after free in WebRTC [1/3] > [Backport] CVE-2021-21146: Use after free in Navigation > [Backport] Security bug 1152645 > [Backport] Security bug 1148309 > [Backport] CVE-2021-21114: Use after free in audio Task-number: QTBUG-91422 Task-number: QTBUG-92456 Change-Id: I43eb42057fd9123d7a870f294936633ac235333e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Match render pass structures check to actual tree traversal loopKirill Burtsev2021-02-091-27/+42
| | | | | | | | | | | | | | | Mismatch in render tree on update may lead to crash when: * less scenegraph nodes are updated than created - hence crash on rendering since not all textures are replaced and old ones are deleted on previous run in scope of 'commit' method * more quads are processed than were on new tree create - hence crash on an attempt to setup non-existent node in DelegatedNodeTreeUpdater. Match logic of 'areRenderPassStructuresEqual' to main 'commit' method loop. Fixes: QTBUG-76181 Fixes: QTBUG-85802 Change-Id: Ib0c6dbec8100a068948a4ca8c385ba516ba5c504 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2020-12-092-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in the changes 95bf758e9e5 [Backport] CVE-2020-15968: Use after free in Blink 0f55630c2f4 [Backport] CVE-2020-15969: Use after free in WebRTC. 5a8e372fc7e [Backport] CVE-2020-6561: Inappropriate implementation in Content Security Policy 4e06eb9f1cc Fix bison 3.7 1357b9be19f [Backport] CVE-2020-15999: Heap buffer overflow in freetype 1456539bd05 [Backport] CVE-2020-16003: Use after free in printing. 6475589b7ed [Backport] CVE-2020-16001: Use after free in media. 92253f4cc04 [Backport] CVE-2020-16002: Use after free in PDFium. 5df1bd044c6 [Backport] CVE-2020-15979: Inappropriate implementation in V8 7138ac3ddcf [Backport] CVE-2020-15978 Insufficient data validation in navigation 5ede8738ccb [Backport] CVE-2020-15992 Insufficient policy enforcement in networking a8f95043550 [Backport] CVE-2020-15987: Use after free in WebRTC (1/2) e5adc243d57 [Backport] CVE-2020-15987: Use after free in WebRTC (2/2) 6411f535efd Fix potential leak after fix for CVE-2020-15987 e5c6b3de888 [Backport] CVE-2020-15989: Uninitialized Use in PDFium 811208e7b60 [Backport] Security bug 1125199 42a1a175af1 [Backport] CVE-2020-16008: Stack buffer overflow in WebRTC aef97e76545 [Backport] CVE-2020-16011: Heap buffer overflow in UI on Windows. ade0aef290c [Backport] Security bug 1137608 8e776e6e6f5 [Backport] CVE-2020-16014: Use after free in PPAPI 765a0ff57eb [Backport] CVE-2020-16022: Insufficient policy enforcement in networking 117abfcce74 [Backport] Dependency for CVE-2020-16024 05386001f90 [Backport] CVE-2020-16024: Heap buffer overflow in UI 275dca60b70 [Backport] CVE-2020-16028: Heap buffer overflow in WebRTC 053316ce37e [Backport] Security bug 1137603 cef4d6d73cd [Backport] Security bug 1142020 026b0132f6d Fix CVE-2020-16034 by disabling chrome://webrtc-internals 878d0697c48 [Backport] mac: make find_sdk.py work when the sdk goes to 11 4689c3d74c5 [Backport] CVE-2020-16040: Insufficient data validation in V8 a0c71808baf [Backport] CVE-2020-16016: Inappropriate implementation in base. 10cb7cc9b11 [Backport] Security bug 1123035 0fdd19c558e [Backport] CVE-2020-16027: Insufficient policy enforcement in developer tools. 2b0be93dc42 [Backport] Dependency for CVE-2020-16030 c1cc6046fbc [Backport] CVE-2020-16030: Insufficient data validation in Blink 72f67be024a [Backport] CVE-2020-16042: Uninitialized Use in V8 Updates test expectations for loading chrome://webrtc-internals in tst_qwebengineview. Fixes: QTBUG-87787 Task-number: QTBUG-89191 Change-Id: I7e04b3f225affa9912dce1b1dd13f0dc8dba754b Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Bump versionJani Heikkinen2020-11-061-1/+1
| | | | Change-Id: I2fd487f244c0741aa6f4ce9a21cf1b0f3db4fb02
* Look for resources in macOS standard Resources dirKeith Kyzivat2020-11-051-0/+2
| | | | | | | | | | | | | | | When on macOS, with a frameworkless build, WebEngine resources are stored in a Resources directory named with a capital R. This is the standard directory name for resources on macOS, however Qt WebEngine was expecting to find resources in a directory named `resources` (no capitalized first letter). Task-number: QTBUG-72368 Change-Id: I2106a50a63c6d812dc6ad649645e3b6b9e0471e2 Reviewed-by: Michael Brüning <michael.bruning@qt.io> (cherry picked from commit 3a4e3c807c667491e133d04e3dcbadd0dad19826) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update changes file for 5.12.10Michael Brüning2020-10-221-1/+4
| | | | | | | Change-Id: Ifaccaed80bc0c45e7284ef85afa4a598d6d16aeb Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 07fcac049e7b362b703f31ec559f5097f804588e) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update changes file for 5.12.10Michael Brüning2020-10-201-0/+1
| | | | | | | Change-Id: I11963ce31e082188b3dc39237bb530c915171898 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit bc14b2ae1d9f757c0040cf6fb1d6333efc89c25d) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update changes file for 5.12.10Michael Brüning2020-10-201-0/+1
| | | | | | | Change-Id: I01d63f447647c46fecf8df14c8c4df21189fd594 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 457c8baa8a3f577be1e999d06c32504d35862c64) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Add changes file for Qt 5.12.10Antti Kokko2020-10-191-0/+86
| | | | | | | Change-Id: Id180c2ea2fefed919b4c623d20da392ad5db27d1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 78b44a26b256fdaa70832455d8d4711bbe7fa17a) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Bump versionJani Heikkinen2020-10-141-1/+1
| | | | Change-Id: I70d552fcc53d97ff8f44618f6c152d08dca7a9c0
* Update ChromiumMichael Brüning2020-10-121-0/+0
| | | | | | | | | | | | | | | | | | | Pulls in the changes: b59af853f7b [Backport] CVE-2020-6559: Use after free in presentation API d7c2cf25399 [Backport] Security issue 1102137 82a0e2faa2a [Backport] CVE-2020-6562: Insufficient policy enforcement in Blink 46dbf8fb796 [Backport] CVE-2020-6569: Integer overflow in WebUSB 844c2922f46 [Backport] CVE-2020-6573: Use after free in video 872be05931a [Backport] CVE-2020-15962: Insufficient policy enforcement in serial b769634b87a [Backport] Security bug 1111149 a4599b61975 [Backport] CVE-2020-6571: Incorrect security UI in Omnibox c89a12ce788 [Backport] CVE-2020-15964: Insufficient data validation in media 30570c933fc [Backport] Security issue 1098860 d6e06841443 [Backport] CVE-2020-15965: Out of bounds write in V8 Task-number: QTBUG-85613 Change-Id: I5a013d1020a903775dec3682866269eb754b7d08 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2020-08-241-0/+0
| | | | | | | | | | | | | | | | | | | | | | Pulls in the changes: 01257ab4c14 [Backport] CVE-2020-6489 e425d1134b9 [Backport] CVE-2020-6532: Use after free in SCTP 39d164c7113 [Backport] Security bug 1102408 72e1b27f06f [Backport] CVE-2020-6541: Use after free in WebUSB bf12bcbd03c [Backport] Security bug 1065122 0561a33d0f5 [Backport] Security bug 1065731 ee1811a7e86 [Backport] CVE-2020-6540: Heap buffer overflow in Skia a09bfbb191d [Backport] CVE-2020-6542: Use after free in ANGLE 2f38d2ab5b7 [Backport] CVE-2020-6543: Use after free in task scheduling 5ff9249f692 [Backport] CVE-2020-6544: Use after free in media 78121f30724 [Backport] CVE-2020-6545: Use after free in audio cc48de17c5d [Backport] CVE-2020-6548: Heap buffer overflow in Skia e490120c6b6 [Backport] CVE-2020-6549: Use after free in media ca61def88f8 [Backport] CVE-2020-6462: Use after free in task scheduling Task-number: QTBUG-85613 Change-Id: I3b3242d35a444b696ae89f9be454c800dbd2eba4 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumMichael Brüning2020-07-291-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in the changes: a2c0edd19d4 [Backport] CVE-2020-6511: Side-channel information leakage in CSP (1/2) b16fddc243a [Backport] CVE-2020-6511: Side-channel information leakage in CSP (2/2) 279102920a7 [Backport] CVE-2020-6513: Heap buffer overflow in PDFium 0521cd0d584 [Backport] CVE-2020-6514: Inappropriate implementation in WebRTC 53ab90f118d [Backport] CVE-2020-6523: Out of bounds write in Skia 618f960a12c [Backport] CVE-2020-6524: Heap buffer overflow in WebAudio 9c52e6b3360 [Backport] CVE-2020-6529: Inappropriate implementation in WebRTC 572a93d8f14 [Backport] CVE-2020-6535: Insufficient data validation in WebUI 2004c48a47e [Backport] Security bug 1054229 6a3ff8c66a9 [Backport] CVE-2020-6518: Use after free in developer tools d06276e6183 [Backport] CVE-2020-6512: Type Confusion in V8 (1/3) d8a0b1b22c1 [Backport] CVE-2020-6512: Type Confusion in V8 (2/3) 83793149bf5 [Backport] CVE-2020-6512: Type Confusion in V8 (3/3) b97c5f89481 [Backport] Dependency for CVE-2020-6534 (1/4) de381abe2ff [Backport] Dependency for CVE-2020-6534 (2/4) 8b2ba2a1e56 [Backport] Dependency for CVE-2020-6534 (3/4) 199df5c9049 [Backport] Dependency for CVE-2020-6534 (4/4) bc33e1bbfaf [Backport] CVE-2020-6534: Heap buffer overflow in WebRTC 58f5e3f57e5 [Backport] CVE-2020-6490 c3003924faf [Backport] Security bug 1052492 1e1f4b33fa0 Security bugs 1087629 and 1029569 Task-number: QTBUG-85613 Change-Id: Ib2d3ed71b4f21cf3fa02474ace735a3c9c6c5126 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Fix AltGr on WindowsPeter Varga2020-07-071-1/+8
| | | | | | | Fixes: QTBUG-83710 Change-Id: Iaf5a33c0aeb53348d36cb7dda60602041299cd50 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 53498cb73392a222a113ae257f24f91e6d912518)
* Update ChormiumMichal Klocek2020-07-071-0/+0
| | | | | | | | | | | | | | | | | | | Pulls in following changes: * 9b01ea0194d [Backport] CVE-2020-6459 * 5d89aa45a7e [Backport] CVE-2020-6470 * 73765c84da6 [Backport] CVE-2020-6474 * c66812623ff [Backport] CVE-2020-6481 * 86482726e15 [Backport] Security Bug 1058515 * 120e629cb56 [Backport] Security Bug 1057369 * 4bd9fab8c65 [Backport] Security Bug 1051439 * cf563cfdb42 Add missing headers for build with linux-clang 10 spec * 1417835f7de Fixup: Fix live editing * cf70b8331ce [macOS] Add CoreProfile to the valid configurations for GPU switching Task-number: QTBUG-84633 Change-Id: I16b148a6742c683dbc5eaab37bfbc4ddd3aebb0c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* [macOS] Add utf-8 character set meta tag for HTML clipboard contentMichael Brüning2020-07-061-1/+8
| | | | | | | | | | | | | This prevents unicode characters from becoming garbled when pasting the clipboard content into an application that uses the HTML content instead of the text data. This mirrors the behavior of Chromium's clipboard adaptation for macOS Fixes: QTBUG-75391 Change-Id: I033819a2caf3410509e90c9bc38c9830d184149d Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io> (cherry picked from commit 7b5cb517da57f76437872a891c07fffd1779b6a4)
* Merge remote-tracking branch 'origin/5.12.9' into 5.12Michael Brüning2020-06-153-0/+56
|\ | | | | | | Change-Id: I51e5141e38c637d5bfee85fd2b8bd8468097e5fe
| * Add changes file for Qt 5.12.9v5.12.9Antti Kokko2020-06-111-0/+55
| | | | | | | | | | Change-Id: I96949ad2a7be414c126b6a661bc5cceeeceaac7d Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| * Update ChromiumMichal Klocek2020-06-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in security issues: * 1def46aafc2 [Backport] Security Bug 1070012 1/5 * 54a56516088 [Backport] Security Bug 1070012 2/5 * fbc701311c1 [Backport] Security Bug 1070012 3/5 * ebc9d4ba625 [Backport] Security Bug 1070012 4/5 * 04e8b821b36 [Backport] Security Bug 1070012 5/5 * 8a53e97dba1 [Backport] CVE-2020-6467 Task-number: QTBUG-84633 Change-Id: I24367d2f3249f900202b2f847a762aefd0ef4072 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
| * Update ChormiumMichal Klocek2020-06-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following changes: * 7c34012060d [Backport] Fix for CVE-2020-6464 * c3a4dada23b [Backport] CVE-2020-6468 * 8d8aa95903c [Backport] Security bug 1075907 * e7c84adad1b [Backport] Security bug 1025302 * d686675960c [Backport] CVE-2020-6493 * 3a8febfdab7 Fixup for [Backport] Security bug 1025740 1/2 Task-number: QTBUG-84633 Change-Id: I9ad7da07ca0cdc4656cb936eef5a4e7445b31949 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichal Klocek2020-06-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following changes: * 04567666dae [Backport] Fix for security issue 1066893 * 8dc8aecf84b [Backport] When suspending context, don't clear handlers * 8ad03010124 [Backport] Security bug 1025740 1/2 * c8b517eb447 [Backport] Security bug 1025740 2/2 * 717395cfce0 [Backport] CVE-2020-6461: Use after free in storage * b3b4d5af3a1 Fixup: add missing gn include Task-number: QTBUG-84633 Change-Id: Ia56b018ea93caa091212b574947b26dd83ca52f3 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichal Klocek2020-06-091-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * d7755040dde Update sqlite, fixing CVE-2020-6455 * d009d836cfb [Backport] CVE-2020-6431 * bfc495cdeae [Backport] Fix for CVE-2020-6441 * 130150732b6 [Backport] Fix for CVE-2020-6443 * 3269720fc8a [Backport] Fix for security issue 1050090 * b96587fcf2c [Backport] CVE-2020-6432 * 47b2198c4ef [Backport] CVE-2020-6460 Task-number: QTBUG-84633 Change-Id: I9d45b6cc40cccbe4a8dc7931619cad60d6551217 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Skip all url interceptor unit testsMichal Klocek2020-06-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | It is well known issue that url interceptors on 5.12 has race condition on destruction, this is fixed in 5.13.1 and later. Since this is just next end life LTS (having only security patches), simply blacklist the tests to avoid flakiness on CI. Change-Id: I20a493a42495f1a923cd56bc2b11f9485f50cdd7 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichal Klocek2020-06-081-0/+0
|/ | | | | | | | | | | | | | | | | Pulls in following patches: * cab2fe0edbe Disable Empty Base Class Layout Optimization for MSVC * e7cf409b07f [Backport] CVE-2020-6452 * d91969c6230 [Backport] CVE-2020-6450 * a54c653a3b8 [Backport] CVE-2020-6451 * 19363411c41 [Backport] Security Bug 1065094 1/2 * becfaac2ceb [Backport] Security Bug 1065094 2/2 * f11657ed645 [Backport] Fix for CVE-2020-6423 * 4cdf74a64d3 Fixup: msvc undefined type HandleScopeImplementer Task-number: QTBUG-84633 Change-Id: Ia621d7d04ce7bdedbdb57d6ef0472c896bb2f215 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix macOS build after 10.15.4Peter Varga2020-04-261-1/+5
| | | | | | | | | | | | | | | | QMAKE_MAC_SDK_VERSION is set by /usr/bin/xcrun --sdk macosx --show-sdk-version in qtbase/mkpecs/features/mac/sdk.prf From 10.15.4, xcrun outputs the SDK version in Major.Minor.Patch format instead of Major.Minor. mac_sdk_min gn arg is expected to be in Major.Minor format, therefor pass only the first 2 revision numbers to gn. Fixes: QTBUG-83318 Change-Id: I3af523dd5df8149fb5cd57b259c2bed889db88b5 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 5d2026cb04ef8fd408e5722a84e2affb5b9a3119)
* Bump versionAlexandru Croitor2020-04-221-1/+1
| | | | Change-Id: I61e1eca3a3841f698b566d0c52985a5e28d85544
* Merge remote-tracking branch 'origin/5.12.8' into 5.12Allan Sandfeld Jensen2020-04-142-0/+73
|\ | | | | | | Change-Id: I515f1330de2414296c91b1fd0c256c8d69a2ddc7
| * Add changes file for Qt 5.12.8v5.12.8Antti Kokko2020-03-271-0/+73
| | | | | | | | | | | | | | | | | | | | | | | | + 13e2924f054170f399ea213cabbae2027831ceba Bump version + 2f56fd4a6b9b6f806334ba64b3689151a78d1d90 Update navigation actions when load finishes in a subframe + d7a7663c58fa81b04b2acc63c3e672fce2f46116 Fix crashes in urlChanged signal handlers + 3befcb16308f3b87a8c7b2dd1db69b69e2074c12 Update Chromium + c6d4d262cb42887bcc209087ab4270407f80e738 Update Chromium + 09287cb18d2d41a5b18c5cf7b1e8e07183618ff2 Update Chromium Change-Id: I5dd5ae4c57aacea4717e36d77e84cac12cd2a3e8 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichael Brüning2020-03-251-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in the following changes: 1a2d6d8df67 [Backport] Dependency for CVE-2020-6391 4ceb67df8cd [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (1/3) bca907a58b5 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (2/3) 479882836f3 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (3/3) f616cecf23c [Backport] CVE-2020-6399 - Insufficient policy enforcement in AppCache 62ca8dad9bb [Backport] Security bug 1035723 0ee1af65d4e [Backport] Fix multiple CVEs and security bugs in sqlite 7483e059d88 [Backport] CVE-2019-18197 - Multiple vulnerabilities in XML Change-Id: I9d8992b1aa28f4fb5704b37d8493cd6964bcf4ed Fixes: QTBUG-81910 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichael Brüning2020-03-241-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in the following changes: cecd1a67e96 [Backport] CVE-2020-6394 - Insufficient policy enforcement in Blink 9a821b38b3f [Backport] CVE-2020-6398 - Uninitialized use in PDFium 3abef6fa271 [Backport] CVE-2020-6401 (1/3) and CVE-2020-6411 581ef6c8ccf [Backport] CVE-2020-6401 (2/3) c0a826b58f7 [Backport] CVE-2020-6401 (3/3) 55b7cedcc65 [Backport] Security bug 1018629 873da842e3d [Backport] CVE-2020-6410 - Insufficient policy enforcement in navigation dec516df711 [Backport] CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox 4b2fb2f933f [Backport] CVE-2020-6413 - Inappropriate implementation in Blink 86959566c4b [Backport] Security bug 1020031 442f3b6715d [Backport] Security bug 1016506 09277a67339 [Backport] Security bug 1026293 1bdf6178d9a [Backport] Security bug 1047097 6bf234cfacc [Backport] Security bug 1025442 02e9407022a [Backport] Security bug 1016038 f7524c75783 [Backport] CVE-2020-6388 - Out of bounds memory access in WebAudio 604ef94f4f9 [Backport] CVE-2019-20503: Out of bounds read in usersctplib Task-number: QTBUG-81910 Change-Id: I5b36f3f65852af99cc551cbad2a6da60a1007176 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichael Brüning2020-03-231-0/+0
|/ | | | | | | | | | | | | | | | | | | | | | Pulls in the following changes: 2c37da9ad4f [Backport] Allow restricted clock_nanosleep in Linux sandbox 1119bc1c945 [Backport] Security bug 1040700 7ce30813cdc [Backport] CVE-2020-6381 - Integer overflow in Javascript 50d216266c1 [Backport] CVE-2020-6418 - Type confusion in V8 f4ee4fe130c [Backport] CVE-2020-6383 - Type confusion in V8 7cfa13add28 [Backport] CVE-2020-6384: Use after free in WebAudio a75e60afb7c [Backport] Security bug 1029865 24e36e97107 [Backport] Security bug 1044570 acb02559c02 [Backport] CVE-2020-6389 - Out of bounds write in WebRTC 807a82b2e28 [Backport] CVE-2020-6420: Insufficient policy enforcement in media 30040b36f90 [Backport] Security bug 1031909 9dfaed8eab0 [Backport] CVE-2020-6406 - Use after free in audio ca0ca819983 [Backport] CVE-2020-6393 - Insufficient policy enforcement in Blink Task-number: QTBUG-81910 Change-Id: Ib3c90cabf2151d652de2a4742f7b0422bf730419 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix crashes in urlChanged signal handlersSzabolcs David2020-02-201-1/+3
| | | | | | | | | | | | | | | If a user initiates page load from a urlChanged signal handler after a failed navigation while still being in NavigationRequest::OnRequestFailedInternal(), the new page load can discard the pending navigation entry and delete the NavigationRequest instance before finishing execution of OnRequestFailedInternal(). Fix crash by returning to the event loop before emitting urlChanged signal. Task-number: QTBUG-78490 Change-Id: I849a609f5524d715769079f6c5cabf8db6b45944 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update navigation actions when load finishes in a subframePeter Varga2020-02-192-10/+31
| | | | | | Fixes: QTBUG-81521 Change-Id: I8ca82224cd834b667471d1e96a44430164d3669e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Merge remote-tracking branch 'origin/5.12.7' into 5.12Allan Sandfeld Jensen2020-02-032-0/+78
|\ | | | | | | Change-Id: I340a02dac932fecf19439e0707e8e9568bcf09a0
| * Add changes file for Qt 5.12.7v5.12.7Antti Kokko2020-01-281-0/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | + 14e2814f95cbb1759100a2b974bc61ef39dfb9c2 Bump version + 5f05d9d1a3e0f30d4e7cccfe2d70387437fcccf3 Fix pepper flash plugin permission + 8b6f4924a1a8564987a9f0110060cc9b3a2d89bf Update Chromium + 7d82dafa46a356b80c8e55fda7e57f28ff1bc423 Fixup Update Chromium + a4b598d1633e8278776c922faae012681018cdc9 Merge remote-tracking branch 'origin/5.12.6' into 5.12 + 5fa161b5f273ec60e77bbdcfdd0f87dd42a5a0bc Update Chromium + d268d9bba5589b7cc33e158b8563eae2ad67caff Update Chromium + 13fd53ae994ada3fca89c0d39b17df5395b712bf Update Chromium + 85e542f9376fd9bc8430c34b86ac05d13ed8d3f8 Update Chromium Change-Id: Iffa4dbd79f9bc3777c2f1a70519b8893e99c9758 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichal Klocek2020-01-251-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * f4f2d564d94 [Backport] CVE-2020-0601 * f91f6b41907 [Backport] Security bug 1035371 and 1034695 * 5ca6ac0f951 [Backport] Security bugs 1029506, 1029210, 1029027, 1029002, 1028722 Task-number: QTBUG-80736 Change-Id: I2680d5a4d9af95b0ee1e8b27f98749332250b04c Reviewed-by: Michael Brüning <michael.bruning@qt.io>
| * Update ChromiumMichal Klocek2020-01-251-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * 28d34c9574b [Backport] CVE-2019-13738 * b94dccc951a [Backport] CVE-2019-13739 * f2ad81650e5 [Backport] CVE-2019-13735: Out of bounds write in V8 * 502cf4dc5a4 [Backport] Dependency of fix for CVE-2019-13758 (1/3) * f59df0d5773 [Backport] Dependency of fix for CVE-2019-13758 (2/3) * aedfb4f4114 [Backport] Dependency of fix for CVE-2019-13758 (3/3) * e3130b222f6 [Backport] CVE-2019-13758: Insufficient policy enforcement in navigation. * a3c60650eae [Backport] CVE-2019-13728: Out of bounds write in V8 Task-number: QTBUG-80736 Change-Id: Id00bb34174b6f8313e6512bfd5f5928f6413a142 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichal Klocek2020-01-231-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * 1d84b1d66de [Backport] CVE-2020-6377 * a0a756490e5 [Backport] CVE-2019-13761: Incorrect security UI in Omnibox. * 1735d7de2e2 [Backport] Security bug 1027905 * 20d31c84457 [Backport] CVE-2019-13747: Uninitialized Use in rendering. * b154c1e99b3 [Backport] Security bug 1025089 * 95f69c52f85 [Backport] CVE-2019-13757: Incorrect security UI in Omnibox (1/2) * 0026972c101 [Backport] CVE-2019-13757: Incorrect security UI in Omnibox (2/2) * f527b66b1e3 [Backport] Security bug 889276 * 37330fd70ee [Backport] Security bug 1033260 Task-number: QTBUG-80736 Change-Id: Ie98271999713f07e4c2fab86df28e86310e1a44b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichal Klocek2020-01-221-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * 42b5c26a6af [Backport] Avoid leaking GamepadService in tests * c7196fc6a85 [Backport] Security bug 1017020 * 8fafaa17b3b [Backport] Security bug 1017961 * 9d6e9a7ca2d [Backport] CVE-2019-13736 * f11302cbaab [Backport] CVE-2019-13737 * 990546181b6 [Backport] Fix for CVE-2019-13730: Type Confusion in V8 * f33ba482f60 [Backport] Fix for CVE-2019-13732: Use after free in WebAudio * f0f6703e7d3 [Backport] Fix for CVE-2019-13764: Type Confusion in V8 * 67232758405 [Backport] Dependency for fixing CVE-2019-13734 (1/5) * 520f5e48c7b [Backport] Dependency for fixing CVE-2019-13734 (2/5) * b4b8e7c5a3c [Backport] Dependency for fixing CVE-2019-13734 (3/5) * 17bda0b1daf [Backport] Dependency for fixing CVE-2019-13734 (4/5) * 437d404bd6d [Backport] Dependency for fixing CVE-2019-13734 (5/5) * bcba12fa82a [Backport] CVE-2019-13741: Insufficient validation of untrusted input in Blink * b07274b9d31 [Backport] CVE-2019-13762: Insufficient policy enforcement in downloads. * c445a9bcf07 [Backport] CVE-2019-13734: Out of bounds write in SQLite * 0dde1aba1cd [Backport] Fix up for dependency for CVE-2019-13734 (3/5) Task-number: QTBUG-80736 Change-Id: I53af6ffbe3975c8ab601eabba79c31acaf434482 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* | Bump versionAlexandru Croitor2020-01-281-1/+1
|/
* Merge remote-tracking branch 'origin/5.12.6' into 5.12Liang Qi2020-01-091-0/+64
|\ | | | | | | Change-Id: I03bd7ebc614b62a9f74a5050cb5fd99ab3e1b52d
| * Add changes file for Qt 5.12.6v5.12.6Allan Sandfeld Jensen2019-11-081-0/+64
| | | | | | | | | | Change-Id: Ib5f32dff2db201bc85f714b50937bad9093a92c6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* | Fixup Update ChromiumPeter Varga2020-01-081-0/+0
| | | | | | | | | | | | | | | | | | Wrong hash: * fc95242615b -> 0bf0431f9fe Revert "[Backport] CVE-2019-13701" Change-Id: I05e2e6511df628c79d2d13e8c00139d53774134e Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* | Update ChromiumMichal Klocek2019-12-191-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following changes: * d88a4a62100 [Backport] CVE-2019-13700 * d835d057c27 [Backport] CVE-2019-13701 * 9e816ff0eb4 Fix compiling on Xcode 11. * 7d0edd2bed2 Fix use of deprecated method for scanning wifi networks * 5be6616bfe2 [Backport] CVE-2019-15903 * 63902dffe13 [Backport] CVE-2019-13714 * c8ec40bb38c [Backport] CVE-2019-13715 * 61ba046fc61 [Backport] CVE-2019-13718 * 300c4402c06 [Backport] Security bug 1011551 * e0369af7ae7 [Backport] Secuirty bug 1006544 * c9d697a2959 [Backport] Security bug 993266 * a7a50a7adf3 [Backport] Security bug 1018406 * 246773b5a07 [Backport] Security bug 955191 * fc95242615b Revert "[Backport] CVE-2019-13701" Change-Id: I4ac3fe4acecc1d1193ecbf5c7966e8aad43cb68a Reviewed-by: Michael Brüning <michael.bruning@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 17:22:16 +0000