| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Add the proper compile time guards around the usages of OpenGL specific
methods that were missing them.
Fixes: QTBUG-123058
Change-Id: If9545b7565b69c7a4c5d183754b3750a3c6c1298
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
| |
It caused conflicts in top-level windows builds due to duplicate names
for python tests.
Change-Id: I869d7a87a8c562f9bf601fa9545d9a40df2a4166
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 17fd3176988586168bee8654008a097a5f23ec1d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 68302c9e..fdfef5b3:
* [Backport] Security bug 41495984
* CVE-2023-710
Fixes: QTBUG-123779
Change-Id: I25ae76cb3f39fa4a3e2bf116f3eb84ac767c59d0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[ChangeLog] Adds the configure option --webengine-python-version to
allow the user to select the python version for building.
Valid options are python2 or python3. The default version will continue
to be Python 2.
Fixes: QTBUG-117693
Change-Id: Ie12ce78d1d81c49a2c46acc4160c13f766d56fe7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty ce00f9b5..38655f07:
* [Backport] Security bug 325296797
* Fixup for: Fixup for [Backport] Security bug 1519980
* [Backport] CVE-2024-1059: Use after free in WebRTC
* [Backport] Security bug 1518994
* Fixup for [Backport] Security bug 1519980
* [Backport] CVE-2024-1283: Heap buffer overflow in Skia
* [Backport] CVE-2024-1060: Use after free in Canvas
* [Backport] CVE-2024-1077: Use after free in Network
* [Backport] Security bug 1519980
* [Backport] CVE-2024-0808: Integer underflow in WebUI
* [Backport] CVE-2024-0807: Use after free in WebAudio
* Fix ffmpeg assembly with newer binutil
* [Backport] Security bug 1511689
* [Backport] CVE-2024-0224: Use after free in WebAudio
* [Backport] CVE-2023-7024: Heap buffer overflow in WebRTC
* [Backport] Security bug 1506535
* [Backport] CVE-2024-0519: Out of bounds memory access in V8
* [Backport] CVE-2024-0518: Type Confusion in V8
* [Backport] CVE-2024-0333: Insufficient data validation in Extensions
* [Backport] CVE-2024-0222: Use after free in ANGLE
* Fixup: [Backport] Security bug 1488199
* FIXUP: Fix compilation with system ICU
* Fixup: [Backport] Security bug 1505632
* [Backport] Security bug 1505632
* [Backport] CVE-2023-6702: Type Confusion in V8
* [Backport] CVE-2023-6345: Integer overflow in Skia
* Bump V8_PATCH_LEVEL
* [Backport] Security bug 1488199 (2/2)
* [Backport] Security bug 1488199 (1/2)
* [Backport] CVE-2023-6510: Use after free in Media Capture
* Fix building with system libxml2
* [Backport] CVE-2023-6347: Use after free in Mojo
Fixes: QTBUG-119853
Fixes: QTBUG-119852
Fixes: QTBUG-121684
Fixes: QTBUG-121848
Fixes: QTBUG-121849
Fixes: QTBUG-122190
Fixes: QTBUG-122935
Fixes: QTBUG-123291
Change-Id: Ia45d57beea1afd543e1c7d0bc6a722e4622bd6ba
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Universal debug or debug-and-release builds are not supported on macos
in Qt 5 due to the way universal build support was added there.
Change-Id: Iae59dd5fea5c2a46f22e12cbba41bc4a67a93f65
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
| |
Change-Id: I42a1feb7bef7e9207d97186fd1dd168dfcedd54e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 207c2ac4..ce00f9b5:
* [Backport] CVE-2023-6112: Use after free in Navigation
* [Backport] CVE-2023-5997: Use after free in Garbage Collection
Fixes: QTBUG-119156
Change-Id: Ib46f4bc0e5b6c40c715475660949a91bd51311e7
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c7ec6a7b..207c2ac4:
* [Backport] CVE-2023-5996: Use after free in WebAudio
Fixes: QTBUG-118894
Change-Id: I1cb42dcd7faa18d73ffe8a5aa4066eb6b2d3216f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 224806a7022eed6d5c75b486bec8715a618cb314)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
| |
Change-Id: I8a95921c15935a47dd5eb83fe2d7449951e40002
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 981abc612f0a6e3eb4311d8d8305ee2b8e2b4d04)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 851cd7c7..c7ec6a7b:
* [Backport] CVE-2023-5482 and CVE-2023-5849
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip (2/2)
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip (1/2)
* [Backport] Security bug 1478470
* [Backport] Security bug 1472365 and 1472366
* [Backport] CVE-2023-5218: Use after free in Site Isolation
* [Backport] Security bug 1486316
* FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Add Intel Meteorlake GPU series type
* [Backport] Add Intel Raptorlake GPU series type
* [Backport] Add a few missing IntelGpuSeriesTypes in gpu_util.cc
* [Backport] Add Intel Alchemist GPU series type
* [Backport] Add Alderlake to intel_gpu_series field in gpu control list.
* [Backport] Add missing Intel GPU series types.
* [Backport] Add Alderlake's GPU to list supporting two NV12 overlay planes.
* [Backport] CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
* [Backport] Security bug 1479104
* [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Replace uses of re2::StringPiece::set().
* Fix build with GCC 13
Fixes: QTBUG-117143
Fixes: QTBUG-118484
Fixes: QTBUG-118485
Fixes: QTBUG-118686
Change-Id: Id62fc8d696ebdb160ecf5de82abd40b5f4090963
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The code assumed that the guest view web contents would have a delegate
of type WebContentsDelegateQt (as it does in later versions after some
refactoring) and, due to the lack of RTTI, called a method that does not
exist in GuestViewBase. Fix this for this branch by using the top level
web contents' delegate in this case.
Fixes: QTBUG-117453
Change-Id: I9d32f145bf83ab68f8ee83a5fefa81c800896536
Reviewed-by: Szabolcs David <davidsz@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty f68e3ac2..851cd7c7:
* Fix errors and warnings for perfetto
* Remove nodiscard attribute from cpwl_combo_box.h
Fixes: QTBUG-117073
Change-Id: I6cf738001eb3a181be6ecd0818441cec1dc755b3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 2cfd5713..f68e3ac2:
* FIXUP: [Backport] CVE-2023-4354: Heap buffer overflow in Skia
* FIXUP: Disable Windows IME for GPU thread
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-4762: Type Confusion in V8
* [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL
* [Backport] CVE-2023-4354: Heap buffer overflow in Skia
* [Backport] CVE-2023-4351: Use after free in Network
* Disable Windows IME for GPU thread
* [Backport] CVE-2023-4863: Heap buffer overflow in WebP
Fixes: QTBUG-116524
Fixes: QTBUG-117144
Change-Id: I8e760f52f422c34dc0beba80fc820812f3ce682e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chromium uses the 'first_dts' field from AVStream that has
been moved out from public api in ffmpeg 5.0.
Although some packagers patch their ffmpeg to be compatible
with chromium.
Add compile time check to test compatibility.
Task-number: QTBUG-116553
Change-Id: I7658b9b12cb5122b6485f063edc3280f31fe9273
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 7e46ff40ab66cd480b3eb9d82594f402dd8b563e)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8df91f88..2cfd5713:
* [Backport] Security bug 1465224
* [Backport] Dependency for security bug 1465224
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling
Fixes: QTBUG-115698
Change-Id: I648c395db316cb9e26230a962ecb24ae315d90cf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
| |
Change-Id: Iec671f6483c73b501350de7998e7442c2ad319bb
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sumbodule src/3rdparty 1104ce16..8df91f88:
* [Backport] Security bug 1454860
* Further fixes for building with GCC 13
Fixes: QTBUG-114753
Change-Id: I853fd67f0d899de4f6c0c4e5bc7737321423f5d0
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 21ddfe15f638a36160cb11d00639c3126c1aed7c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty e48df780..1104ce16:
* Fixup [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] Security bug 1447430
* [Backport] CVE-2023-2930: Use after free in Extensions
* [Backport] CVE-2023-3079: Type Confusion in V8
* [Backport] CVE-2023-3216: Type Confusion in V8
* [Backport] CVE-2023-2933: Use after free in PDF
* [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] CVE-2023-2932: Use after free in PDF
* [Backport] CVE-2023-2931: Use after free in PDF
* [Backport] Security bug 1444195
* [Backport] Security bug 1428743
* [Backport] CVE-2023-2721: Use after free in Navigation
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-29469 / Security bug 1433328
* [Backport] Security bug 1423360
* [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
* [Backport] Security bug 1427388
* [Backport] CVE-2023-2033: Type Confusion in V8
* [Backport] CVE-2023-1811: Use after free in Frames
* [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
* [Backport] CVE-2023-1530: Use after free in PDF (2/2)
* Fixes for building with GCC-13
* [Backport] CVE-2023-1530: Use after free in PDF (1/2)
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] Security bug 1418734
* [Backport] Security bug 1417585
* [Backport] Security bug 1337747
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (3/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (2/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (1/3)
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1215: Type Confusion in CSS
Fixes: QTBUG-113406
Task-number: QTBUG-114753
Change-Id: I289f68c871c25f2f3c913e6fdcf5bf77bdfaae1e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit c0b33e73cabeff31ba035932e49d7977880ef9fc)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
| |
Change-Id: Ibdcbbe0375fb93d0deefdab1594634f0f90db994
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
| |
Fixes: QTBUG-111697
Change-Id: Ife05645ae96d1e18727d8d79efbbd64f813b8dcd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 778554ec28039dd5ddaf536be9776ea0f6301501)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously this was disabled unless the
QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY was set, as the debian packaging
was always enabling accessibility[1] even if a screen reader was not
enabled.
This is not the case anymore since 5 years ago[2] and now accessibility will
only be enabled if a screen reader is detected. Which is the correct
upstream behavior of at-spi2-core.
So now enable accessibility unless
QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY is set to 0
[1]: https://salsa.debian.org/a11y-team/at-spi2-core/-/commit/2a99b7b40526bbdf091cc574ec08d86c9a46f405
[2]: https://salsa.debian.org/a11y-team/at-spi2-core/-/commit/fde0bbead6aacefd0b5dcf9f6d36f7f50a2c0f3d
Change-Id: Ie5554f8b578dcca87a54dad525ae6a83d6f8f9d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 8f06b3e970f768f6a5776845c83090f1fc8b0162)
|
| |
|
|
|
|
|
|
|
| |
All pages that are opened have to be closed, in order to avoid a memory leak.
Change-Id: I15c12b2f1b389638d5fe0a58599d9c410a033652
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
(cherry picked from commit 77c489ed4ceb490f33b805e7ba4cd34ef9191db7)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-111297
Change-Id: Ib4cb42e07f93322dfdbe028d38cdb8c1d025550e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-106334
Change-Id: I4bc9e26b353abd2f7cb5debbb090b958913ea8e3
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
With debug and universal intermediate archives will
go over 4GB and linking the final library will
fail.
Task-number: QTBUG-110713
Change-Id: If3280578b280bb95b85f2126e989da208ffa4eb1
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
| |
Change-Id: I6d244a6e6bd8fc9a83f542d3a0d54d07067353d2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-111297
Change-Id: I9ebb917f91459019e339477e5cf153484aa7ef2c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
QQuickWebEngineProfile already initializes totalBytes.
Also fix typo in documentation.
Fixes: QTBUG-104869
Change-Id: I8c4b79c076ddc63180960e22a9488b45ff6c4402
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 496647f7647571ca3cdf81b10ba418de0f06f34d)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdpartyi bdc50b6a..e48df780
* [Backport] CVE-2023-0933: Integer overflow in PDF
* [Backport] CVE-2023-0931: Use after free in Video (2/2)
* [Backport] CVE-2023-0931: Use after free in Video (1/2)
Task-number: QTBUG-111333
Change-Id: I5574cee09eb47dea80c8a6c993a03a3f3cf6b98b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty f7860adb..4f0704cd:
* FIXUP: Mark Node::opcode() and Operator::opcode() as constexpr.
* Add checksum to mailbox name in Release build too
* [Backport][Windows] Remove unused sidestep intercepts.
* [Backport] Mark Node::opcode() and Operator::opcode() as constexpr.
Pick-to: 5.15.13
Task-number: QTBUG-110504
Task-number: QTBUG-108240
Change-Id: Icbd00244f022ff40644f3aea228ac4b6a5e04eb1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d29902af..f7860adb:
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC
* [Backport] CVE-2023-0472: Use after free in WebRTC
* [Backport] Security bug 1406115
* [Backport] Add missing include for std::begin and std::end in SkParseColor.cpp
Task-number: QTBUG-111333
Fixes: QTBUG-110265
Fixes: QTBUG-109225
Change-Id: I2ccd8aaea86667b6971d1e4f9d13271e6804eaad
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is enabled by default in Chromium for debug build.
See //ipc/features.gni.
Disable it for debug build too because it adds and extra
SetIPCLoggingEnabled mojo message (see
//content/common/child_process.mojom) and it results different mojo
message ids for the debug and release binaries. This is undesirable
when setting QTWEBENGINEPROCESS_PATH environment variable to use release
QtWebEngineProcess with debug browser process or the other way around.
The messages and the corresponding ids can be listed by executing the
following command in the QtWebEngine build directory:
find . -name "*-message-ids.h" | xargs grep -h "constexpr uint32_t"
Task-number: QTBUG-110504
Change-Id: I80f24117ae20d02fb53ea482d04bea7a9dcb38c1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 114c6d0543e1ebe4ec12693b0d462ec05037e3a4)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 87897ba0..d29902af:
* [Backport] Fix more clang deprecated builtins
* [Backport] Disable ABSL_HAVE_STD_IS_TRIVIALLY_ASSIGNABLE for clang-cl.
* [Backport] Map the absl::is_trivially_* functions to their std impl
* FIXUP: Fixes for building with MSVC
Fixes: QTBUG-108240
Change-Id: Ia0b0bc47128362019c3dac02fd3579e16c6e3116
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 40671522..87897ba0:
* Revert "[Backport] Security bug 1395604"
* [Backport] Security bug 1393384
* [Backport] Security bug 1399424
* [Backport] Security bug 1395604
* [Backport] CVE-2023-0129: Heap buffer overflow in Network Service
Task-number: QTBUG-110265
Change-Id: I4fb4de2ff6e72c8a5215e267495f77b968d923f5
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty e0fd3a5d..97a12549:
* Drop dependency on content/public/browser in content gpu
* [Backport] Security bug 1394382
* [Backport] CVE-2022-4437: Use after free in Mojo IPC
* [Backport] CVE-2022-4438: Use after free in Blink Frames
* [Backport] CVE-2022-4179: Use after free in Audio
Task-number: QTBUG-109225
Change-Id: Icdf29aa0dfa861fd21b07ac4f07f32709d2e5ec5
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keeping the GetInProcessGpuShareGroup in content browser client
creates dependency from gpu_child_thread to content browser,
however gn build tree asserts when content/public/gpu depends on
content/public/browser as it breaks intended components dependency.
This worked so far as required headers in content browser client
got generated on time despite of missing dependency.
Fix the dependency tree and move the problematic function into
the content gpu client.
This change moves only code around.
Change-Id: Iedcbc8c3c7d1754d1937e6b2c2a470c0e489a597
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |\
| |
| |
| | |
Change-Id: Ic72e5517e260f3b8bcd3b414863fb48e06007cd8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty be349eaf..e0fd3a5d:
* Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
* [Backport] CVE-2022-4262: Type Confusion in V8
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2022-4174: Type Confusion in V8
* [Backport] CVE-2022-4180: Use after free in Mojo
* [Backport] CVE-2022-4181: Use after free in Forms
* [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2)
* [Backport] Security bug 1378916
* Fixup the patch for CVE-2022-3200 on 87-based / 5.15
* [Backport] CVE-2022-3200: Heap buffer overflow in Internals
* [Backport] CVE-2022-3887: Use after free in Web Workers
* [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
* [Backport] CVE-2022-3889: Type Confusion in V8
* [Backport] CVE-2022-3885: Use after free in V8
* [Backport] CVE-2022-3445: Use after free in Skia.
* [Backport] CVE-2022-3373: Out of bounds write in V8
* Fix building with XCode 14.1
* [Backport] CVE-2022-3046: Use after free in Browser Tag
* [Backport] CVE-2022-3446 and CVE-2022-35737
* [Backport] CVE-2022-3304: Use after free in CSS
* [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2)
* [Backport] Security bug 1356308
* [Backport] CVE-2022-3370: Use after free in Custom Elements
* [Backport] Security bugs 1346938 and 1338114
* [Backport] CVE-2022-3199: Use after free in Frames.
* [Backport] CVE-2022-3198: Use after free in PDF
* [Backport] CVE-2022-3197: Use after free in PDF
* [Backport] CVE-2022-3196: Use after free in PDF
* [Backport] CVE-2022-3075: Insufficient data validation in Mojo
* [Backport] CVE-2022-3040: Use after free in Layout
* [Backport] CVE-2022-3041: Use after free in WebSQL
* [Backport] CVE-2022-3038: Use after free in Network Service
Task-number: QTBUG-109225
Fixes: QTBUG-108207
Fixes: QTBUG-108178
Fixes: QTBUG-108179
Fixes: QTBUG-108180
Change-Id: I5e1ebbe350e67ed888bfb07602d88bfcbecd94df
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We failed to support pss, which ended up in handshake failures
Task-number: QTBUG-109273
Change-Id: I12c50d6a5f2dcf32d47708a958e2fe5a18316986
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 2d77e333eff7605a489ec65600b78e1b49df37c7)
|
| | |
| |
| |
| |
| | |
Change-Id: I96fd386811c0e1fc8b03ab73532fdf1c456971b0
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
| |/
|
|
|
|
|
|
|
|
| |
The previous response head gets moved when redirecting, which lead to
dereferencing a null pointer on the next redirect.
Fixes: QTBUG-109357
Change-Id: Iaad1c46b8d4ca9720f1749980a9e06337ca0f3d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit c6b2b5d8038b3ec0de6233c1e21df60ade11c81b)
|
| |
|
|
|
| |
Change-Id: I92bc48089b38b16039ae4109fedcbad2a7ff15ef
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Correct application/x-extension-html to text/html
Fixes: QTBUG-97392
Fixes: QTBUG-106688
Change-Id: I0d65c6950c5ba1504586cf564268463c5d4cd483
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
(cherry picked from commit 84ebd698597cf7a45b5e0967221547c21b1d67e8)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
The writable watcher will trigger all the time if we use automatic
arming, instead we need to arm it manually when it is needed.
Task-number: QTBUG-106461
Change-Id: Ia381db338adb1b1994d1da9b50c6d6ff542ea3e5
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b30559565cb91501baddea495362101341a0aa22)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7e11d69b..be349eaf:
* [Backport] Security bug 1343889
* [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
* [Backport] CVE-2022-2477 : Use after free in Guest View
* [Backport] CVE-2022-27406
* [Backport] CVE-2022-27405 (2/2)
* [Backport] CVE-2022-27405 (1/2)
* [Backport] CVE-2022-27404
* [Backport] Security bug 1287804
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
* [Backport] CVE-2022-2295: Type Confusion in V8
* [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools
* [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
* [Backport] CVE-2022-2158: Type Confusion in V8
* [Backport] Security bug 1316578
* [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
* [Backport] CVE-2022-2010: Out of bounds read in compositing
* [Backport] CVE-2022-1854: Use after free in ANGLE.
* [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API
* [Backport] CVE-2022-1855: Use after free in Messaging
* FIXUP: Fix url_utils for QtWebEngine
Fixes: QTBUG-105500
Task-number: QTBUG-105499
Change-Id: I718648cb74346f1c7ac49a112378f9e2538e3b72
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gnome WM doesn't send expose event when minimizing then restoring a
window. Presumably, due to the missing expose event the top-level
QWebEngineView is not redrawn. As a workaround, force to update
RenderWidgetHostViewQtDelegateWidget when shown.
The workaround is not needed in 6.4 and later because the issue is fixed
by 5d1ef38f9 Create a RWHV delegate in core
Fixes: QTBUG-104763
Change-Id: I4761d670d17f6dbbe3e0de82a00179eb7fd7913c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 4a9fc6792fd5b37f1c40c53f47281c8bc74ad9c9)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The QtDesigner plugin was marked as 'tool_plugin', which restricts its
build to release-only, even in debug_and_release builds. This was done
to avoid building debug plugins for tools that are only build as
release. However, the designer plugins are also loaded when using
QUiLoader and thus are not exclusively meant for the designer tool.
Task-number: QTBUG-104755
Change-Id: Id87012f57ad06984c7b0f0d318f75ad2c9a596f2
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Change-Id: Ib9d15e03f126af102db095150c6b4bff0846ea3b
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Detected by codechecker.
Change-Id: I8814180ef6bd591ed3e95fc4b4abff3454f10bdf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 51faba3af76f4a7c67c769a5ab0be17c9aa54f83)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
