| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c7ec6a7b..207c2ac4:
* [Backport] CVE-2023-5996: Use after free in WebAudio
Pick-to: 5.15
Fixes: QTBUG-118894
Change-Id: I1cb42dcd7faa18d73ffe8a5aa4066eb6b2d3216f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Pick-to: 5.15
Change-Id: I8a95921c15935a47dd5eb83fe2d7449951e40002
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 851cd7c7..c7ec6a7b:
* [Backport] CVE-2023-5482 and CVE-2023-5849
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip (2/2)
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip (1/2)
* [Backport] Security bug 1478470
* [Backport] Security bug 1472365 and 1472366
* [Backport] CVE-2023-5218: Use after free in Site Isolation
* [Backport] Security bug 1486316
* FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Add Intel Meteorlake GPU series type
* [Backport] Add Intel Raptorlake GPU series type
* [Backport] Add a few missing IntelGpuSeriesTypes in gpu_util.cc
* [Backport] Add Intel Alchemist GPU series type
* [Backport] Add Alderlake to intel_gpu_series field in gpu control list.
* [Backport] Add missing Intel GPU series types.
* [Backport] Add Alderlake's GPU to list supporting two NV12 overlay planes.
* [Backport] CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
* [Backport] Security bug 1479104
* [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Replace uses of re2::StringPiece::set().
* Fix build with GCC 13
Fixes: QTBUG-117143
Fixes: QTBUG-118484
Fixes: QTBUG-118485
Fixes: QTBUG-118686
Change-Id: Id62fc8d696ebdb160ecf5de82abd40b5f4090963
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 74ab83e1695ba6f0214ffd33a38922803939de06)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code assumed that the guest view web contents would have a delegate
of type WebContentsDelegateQt (as it does in later versions after some
refactoring) and, due to the lack of RTTI, called a method that does not
exist in GuestViewBase. Fix this for this branch by using the top level
web contents' delegate in this case.
Fixes: QTBUG-117453
Change-Id: I9d32f145bf83ab68f8ee83a5fefa81c800896536
Reviewed-by: Szabolcs David <davidsz@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty f68e3ac2..851cd7c7:
* Fix errors and warnings for perfetto
* Remove nodiscard attribute from cpwl_combo_box.h
Fixes: QTBUG-117073
Change-Id: I6cf738001eb3a181be6ecd0818441cec1dc755b3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 2cfd5713..f68e3ac2:
* FIXUP: [Backport] CVE-2023-4354: Heap buffer overflow in Skia
* FIXUP: Disable Windows IME for GPU thread
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-4762: Type Confusion in V8
* [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL
* [Backport] CVE-2023-4354: Heap buffer overflow in Skia
* [Backport] CVE-2023-4351: Use after free in Network
* Disable Windows IME for GPU thread
* [Backport] CVE-2023-4863: Heap buffer overflow in WebP
Fixes: QTBUG-116524
Fixes: QTBUG-117144
Change-Id: I8e760f52f422c34dc0beba80fc820812f3ce682e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chromium uses the 'first_dts' field from AVStream that has
been moved out from public api in ffmpeg 5.0.
Although some packagers patch their ffmpeg to be compatible
with chromium.
Add compile time check to test compatibility.
Task-number: QTBUG-116553
Change-Id: I7658b9b12cb5122b6485f063edc3280f31fe9273
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 7e46ff40ab66cd480b3eb9d82594f402dd8b563e)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8df91f88..2cfd5713:
* [Backport] Security bug 1465224
* [Backport] Dependency for security bug 1465224
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling
Fixes: QTBUG-115698
Change-Id: I648c395db316cb9e26230a962ecb24ae315d90cf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
| |
Change-Id: Iec671f6483c73b501350de7998e7442c2ad319bb
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sumbodule src/3rdparty 1104ce16..8df91f88:
* [Backport] Security bug 1454860
* Further fixes for building with GCC 13
Fixes: QTBUG-114753
Change-Id: I853fd67f0d899de4f6c0c4e5bc7737321423f5d0
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 21ddfe15f638a36160cb11d00639c3126c1aed7c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty e48df780..1104ce16:
* Fixup [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] Security bug 1447430
* [Backport] CVE-2023-2930: Use after free in Extensions
* [Backport] CVE-2023-3079: Type Confusion in V8
* [Backport] CVE-2023-3216: Type Confusion in V8
* [Backport] CVE-2023-2933: Use after free in PDF
* [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] CVE-2023-2932: Use after free in PDF
* [Backport] CVE-2023-2931: Use after free in PDF
* [Backport] Security bug 1444195
* [Backport] Security bug 1428743
* [Backport] CVE-2023-2721: Use after free in Navigation
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-29469 / Security bug 1433328
* [Backport] Security bug 1423360
* [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
* [Backport] Security bug 1427388
* [Backport] CVE-2023-2033: Type Confusion in V8
* [Backport] CVE-2023-1811: Use after free in Frames
* [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
* [Backport] CVE-2023-1530: Use after free in PDF (2/2)
* Fixes for building with GCC-13
* [Backport] CVE-2023-1530: Use after free in PDF (1/2)
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] Security bug 1418734
* [Backport] Security bug 1417585
* [Backport] Security bug 1337747
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (3/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (2/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (1/3)
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1215: Type Confusion in CSS
Fixes: QTBUG-113406
Task-number: QTBUG-114753
Change-Id: I289f68c871c25f2f3c913e6fdcf5bf77bdfaae1e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit c0b33e73cabeff31ba035932e49d7977880ef9fc)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ibdcbbe0375fb93d0deefdab1594634f0f90db994
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
Fixes: QTBUG-111697
Change-Id: Ife05645ae96d1e18727d8d79efbbd64f813b8dcd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 778554ec28039dd5ddaf536be9776ea0f6301501)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously this was disabled unless the
QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY was set, as the debian packaging
was always enabling accessibility[1] even if a screen reader was not
enabled.
This is not the case anymore since 5 years ago[2] and now accessibility will
only be enabled if a screen reader is detected. Which is the correct
upstream behavior of at-spi2-core.
So now enable accessibility unless
QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY is set to 0
[1]: https://salsa.debian.org/a11y-team/at-spi2-core/-/commit/2a99b7b40526bbdf091cc574ec08d86c9a46f405
[2]: https://salsa.debian.org/a11y-team/at-spi2-core/-/commit/fde0bbead6aacefd0b5dcf9f6d36f7f50a2c0f3d
Change-Id: Ie5554f8b578dcca87a54dad525ae6a83d6f8f9d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 8f06b3e970f768f6a5776845c83090f1fc8b0162)
|
|
|
|
|
|
|
|
|
| |
All pages that are opened have to be closed, in order to avoid a memory leak.
Change-Id: I15c12b2f1b389638d5fe0a58599d9c410a033652
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
(cherry picked from commit 77c489ed4ceb490f33b805e7ba4cd34ef9191db7)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-111297
Change-Id: Ib4cb42e07f93322dfdbe028d38cdb8c1d025550e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-106334
Change-Id: I4bc9e26b353abd2f7cb5debbb090b958913ea8e3
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
With debug and universal intermediate archives will
go over 4GB and linking the final library will
fail.
Task-number: QTBUG-110713
Change-Id: If3280578b280bb95b85f2126e989da208ffa4eb1
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I6d244a6e6bd8fc9a83f542d3a0d54d07067353d2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-111297
Change-Id: I9ebb917f91459019e339477e5cf153484aa7ef2c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
QQuickWebEngineProfile already initializes totalBytes.
Also fix typo in documentation.
Fixes: QTBUG-104869
Change-Id: I8c4b79c076ddc63180960e22a9488b45ff6c4402
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 496647f7647571ca3cdf81b10ba418de0f06f34d)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdpartyi bdc50b6a..e48df780
* [Backport] CVE-2023-0933: Integer overflow in PDF
* [Backport] CVE-2023-0931: Use after free in Video (2/2)
* [Backport] CVE-2023-0931: Use after free in Video (1/2)
Task-number: QTBUG-111333
Change-Id: I5574cee09eb47dea80c8a6c993a03a3f3cf6b98b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty f7860adb..4f0704cd:
* FIXUP: Mark Node::opcode() and Operator::opcode() as constexpr.
* Add checksum to mailbox name in Release build too
* [Backport][Windows] Remove unused sidestep intercepts.
* [Backport] Mark Node::opcode() and Operator::opcode() as constexpr.
Pick-to: 5.15.13
Task-number: QTBUG-110504
Task-number: QTBUG-108240
Change-Id: Icbd00244f022ff40644f3aea228ac4b6a5e04eb1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d29902af..f7860adb:
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC
* [Backport] CVE-2023-0472: Use after free in WebRTC
* [Backport] Security bug 1406115
* [Backport] Add missing include for std::begin and std::end in SkParseColor.cpp
Task-number: QTBUG-111333
Fixes: QTBUG-110265
Fixes: QTBUG-109225
Change-Id: I2ccd8aaea86667b6971d1e4f9d13271e6804eaad
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is enabled by default in Chromium for debug build.
See //ipc/features.gni.
Disable it for debug build too because it adds and extra
SetIPCLoggingEnabled mojo message (see
//content/common/child_process.mojom) and it results different mojo
message ids for the debug and release binaries. This is undesirable
when setting QTWEBENGINEPROCESS_PATH environment variable to use release
QtWebEngineProcess with debug browser process or the other way around.
The messages and the corresponding ids can be listed by executing the
following command in the QtWebEngine build directory:
find . -name "*-message-ids.h" | xargs grep -h "constexpr uint32_t"
Task-number: QTBUG-110504
Change-Id: I80f24117ae20d02fb53ea482d04bea7a9dcb38c1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 114c6d0543e1ebe4ec12693b0d462ec05037e3a4)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 87897ba0..d29902af:
* [Backport] Fix more clang deprecated builtins
* [Backport] Disable ABSL_HAVE_STD_IS_TRIVIALLY_ASSIGNABLE for clang-cl.
* [Backport] Map the absl::is_trivially_* functions to their std impl
* FIXUP: Fixes for building with MSVC
Fixes: QTBUG-108240
Change-Id: Ia0b0bc47128362019c3dac02fd3579e16c6e3116
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 40671522..87897ba0:
* Revert "[Backport] Security bug 1395604"
* [Backport] Security bug 1393384
* [Backport] Security bug 1399424
* [Backport] Security bug 1395604
* [Backport] CVE-2023-0129: Heap buffer overflow in Network Service
Task-number: QTBUG-110265
Change-Id: I4fb4de2ff6e72c8a5215e267495f77b968d923f5
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty e0fd3a5d..97a12549:
* Drop dependency on content/public/browser in content gpu
* [Backport] Security bug 1394382
* [Backport] CVE-2022-4437: Use after free in Mojo IPC
* [Backport] CVE-2022-4438: Use after free in Blink Frames
* [Backport] CVE-2022-4179: Use after free in Audio
Task-number: QTBUG-109225
Change-Id: Icdf29aa0dfa861fd21b07ac4f07f32709d2e5ec5
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keeping the GetInProcessGpuShareGroup in content browser client
creates dependency from gpu_child_thread to content browser,
however gn build tree asserts when content/public/gpu depends on
content/public/browser as it breaks intended components dependency.
This worked so far as required headers in content browser client
got generated on time despite of missing dependency.
Fix the dependency tree and move the problematic function into
the content gpu client.
This change moves only code around.
Change-Id: Iedcbc8c3c7d1754d1937e6b2c2a470c0e489a597
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|\
| |
| |
| | |
Change-Id: Ic72e5517e260f3b8bcd3b414863fb48e06007cd8
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty be349eaf..e0fd3a5d:
* Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
* [Backport] CVE-2022-4262: Type Confusion in V8
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2022-4174: Type Confusion in V8
* [Backport] CVE-2022-4180: Use after free in Mojo
* [Backport] CVE-2022-4181: Use after free in Forms
* [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2)
* [Backport] Security bug 1378916
* Fixup the patch for CVE-2022-3200 on 87-based / 5.15
* [Backport] CVE-2022-3200: Heap buffer overflow in Internals
* [Backport] CVE-2022-3887: Use after free in Web Workers
* [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
* [Backport] CVE-2022-3889: Type Confusion in V8
* [Backport] CVE-2022-3885: Use after free in V8
* [Backport] CVE-2022-3445: Use after free in Skia.
* [Backport] CVE-2022-3373: Out of bounds write in V8
* Fix building with XCode 14.1
* [Backport] CVE-2022-3046: Use after free in Browser Tag
* [Backport] CVE-2022-3446 and CVE-2022-35737
* [Backport] CVE-2022-3304: Use after free in CSS
* [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2)
* [Backport] Security bug 1356308
* [Backport] CVE-2022-3370: Use after free in Custom Elements
* [Backport] Security bugs 1346938 and 1338114
* [Backport] CVE-2022-3199: Use after free in Frames.
* [Backport] CVE-2022-3198: Use after free in PDF
* [Backport] CVE-2022-3197: Use after free in PDF
* [Backport] CVE-2022-3196: Use after free in PDF
* [Backport] CVE-2022-3075: Insufficient data validation in Mojo
* [Backport] CVE-2022-3040: Use after free in Layout
* [Backport] CVE-2022-3041: Use after free in WebSQL
* [Backport] CVE-2022-3038: Use after free in Network Service
Task-number: QTBUG-109225
Fixes: QTBUG-108207
Fixes: QTBUG-108178
Fixes: QTBUG-108179
Fixes: QTBUG-108180
Change-Id: I5e1ebbe350e67ed888bfb07602d88bfcbecd94df
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We failed to support pss, which ended up in handshake failures
Task-number: QTBUG-109273
Change-Id: I12c50d6a5f2dcf32d47708a958e2fe5a18316986
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 2d77e333eff7605a489ec65600b78e1b49df37c7)
|
| |
| |
| |
| |
| | |
Change-Id: I96fd386811c0e1fc8b03ab73532fdf1c456971b0
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
|/
|
|
|
|
|
|
|
|
| |
The previous response head gets moved when redirecting, which lead to
dereferencing a null pointer on the next redirect.
Fixes: QTBUG-109357
Change-Id: Iaad1c46b8d4ca9720f1749980a9e06337ca0f3d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit c6b2b5d8038b3ec0de6233c1e21df60ade11c81b)
|
|
|
|
|
| |
Change-Id: I92bc48089b38b16039ae4109fedcbad2a7ff15ef
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Correct application/x-extension-html to text/html
Fixes: QTBUG-97392
Fixes: QTBUG-106688
Change-Id: I0d65c6950c5ba1504586cf564268463c5d4cd483
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
(cherry picked from commit 84ebd698597cf7a45b5e0967221547c21b1d67e8)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
The writable watcher will trigger all the time if we use automatic
arming, instead we need to arm it manually when it is needed.
Task-number: QTBUG-106461
Change-Id: Ia381db338adb1b1994d1da9b50c6d6ff542ea3e5
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b30559565cb91501baddea495362101341a0aa22)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7e11d69b..be349eaf:
* [Backport] Security bug 1343889
* [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
* [Backport] CVE-2022-2477 : Use after free in Guest View
* [Backport] CVE-2022-27406
* [Backport] CVE-2022-27405 (2/2)
* [Backport] CVE-2022-27405 (1/2)
* [Backport] CVE-2022-27404
* [Backport] Security bug 1287804
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
* [Backport] CVE-2022-2295: Type Confusion in V8
* [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools
* [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
* [Backport] CVE-2022-2158: Type Confusion in V8
* [Backport] Security bug 1316578
* [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
* [Backport] CVE-2022-2010: Out of bounds read in compositing
* [Backport] CVE-2022-1854: Use after free in ANGLE.
* [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API
* [Backport] CVE-2022-1855: Use after free in Messaging
* FIXUP: Fix url_utils for QtWebEngine
Fixes: QTBUG-105500
Task-number: QTBUG-105499
Change-Id: I718648cb74346f1c7ac49a112378f9e2538e3b72
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gnome WM doesn't send expose event when minimizing then restoring a
window. Presumably, due to the missing expose event the top-level
QWebEngineView is not redrawn. As a workaround, force to update
RenderWidgetHostViewQtDelegateWidget when shown.
The workaround is not needed in 6.4 and later because the issue is fixed
by 5d1ef38f9 Create a RWHV delegate in core
Fixes: QTBUG-104763
Change-Id: I4761d670d17f6dbbe3e0de82a00179eb7fd7913c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 4a9fc6792fd5b37f1c40c53f47281c8bc74ad9c9)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The QtDesigner plugin was marked as 'tool_plugin', which restricts its
build to release-only, even in debug_and_release builds. This was done
to avoid building debug plugins for tools that are only build as
release. However, the designer plugins are also loaded when using
QUiLoader and thus are not exclusively meant for the designer tool.
Task-number: QTBUG-104755
Change-Id: Id87012f57ad06984c7b0f0d318f75ad2c9a596f2
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Change-Id: Ib9d15e03f126af102db095150c6b4bff0846ea3b
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Detected by codechecker.
Change-Id: I8814180ef6bd591ed3e95fc4b4abff3454f10bdf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 51faba3af76f4a7c67c769a5ab0be17c9aa54f83)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* 7857ff290ab FIXUP: Workaround MSVC2022 ICE in constexpr functions
* a7a23ccc69e [Backport] Linux sandbox: ENOSYS for some statx syscalls
* ecc2bb74f1f [Backport] CVE-2022-0796: Use after free in Media
* 7e11d69b957 Fixup: CVE-2022-0796: Use after free in Media
Change-Id: Ic563baee5a7a0c5c0bf95bdbb47a0d92ae6f6e22
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
With the native dialog, there were either problems with the modality
when using it asynchronously or with the life cycle when using it
synchronously. Not using the native dialog avoids these problems.
Task-number: QTBUG-102099
Change-Id: Icb9a9afda48c47558b8e8ecb6d89adc0961d5063
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
| |
In 5.15 we have sparate coded gn call for qtpdf.
This commit amends 41e94fc482eca3e40082c34d8332821a15aefba0
Change-Id: I2b9c7ed1e0c539006fbcac656aa8673a0f00d8b9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
It seems that condition module.widgets is not evaluated in time
when configured with "-no-widget" to be picked up by the webengine
when doing 'top level' build.
Use 'widget' feature instead.
Fixes: QTBUG-103618
Change-Id: I881e4ba899d376690984c4866336a03d7dae246c
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Earlier fix cf8bc1899a introduced the logic, where all system
synthesized mouse events are ignored. But after c56169f7a1 this is
undesired since for widget with Qt::Popup flag touch input is
ignored by QWidgetWindow, and input is expected to be delivered to
popup as synthesized mouse event (either synthesized by Qt or for
capabable devices by system). So allow system synthesized mouse events
to let through for popup. Synthesis by Qt is suppress automatically
for accepted touch event, it's only system event are still delivered
unconditionally, so still ignore them for widgets impl. Global ignore
in core is not needed, since QQuickWidget ignores system synthesized
events unconditionally.
Fixes: QTBUG-79254
Change-Id: Ie8f55eb8b9c2677d8a98381effb3cb31d9388ac7
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Martin Negyokru <negyokru@inf.u-szeged.hu>
(cherry picked from commit 1f6495af6331f5504de9d3f7e43f5202345c7a8c)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ammends d236c5a8a3. Zoom level was set as a temporal one, which is
invalidated each time when a renderer process or widget are changed
(on new navigation, for example), so it needs to be reapplied.
Fixes: QTBUG-101030
Change-Id: Iecff9686fbe2b79e99b46f67cab92f66127be085
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 1e27d42a8071532b6cc30a9bcc5f700edc56952a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 0d984c7f..caba2fcb:
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1306507
> [Backport] Security bug 1304659
> [Backport] Security bug 1269999
> [Backport] Roll libxml from a46e85f6 to dea91c97
> [Backport] Roll libxml from bfd2f430 to a46e85f6
> [Backport] Roll libxml to bfd2f430
> [Backport] Roll libxml to 7279d236
> [Backport] Roll libxml to f93ca3e1
> [Backport] Security bug 1292905
> [Backport] CVE-2022-1314: Type Confusion in V8
> [Backport] CVE-2022-1310: Use after free in regular expressions
> [Backport] CVE-2022-1305: Use after free in storage
> [Backport] CVE-2022-1125
> [Backport] Security bug 1280852
> [Backport] Secuirity Bug 1296876
> [Backport] CVE-2022-0978: Use after free in ANGLE
> [Backport] CVE-2022-1493: Use after free in Dev Tools
> [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor.
> Quick fix for regression in service workers by reverting backports
> [Backport] CVE-2022-0797: Out of bounds memory access in Mojo
Task-number: QTBUG-103034
Task-number: QTBUG-103038
Task-number: QTBUG-103040
Change-Id: I04e973cb5d9996f8d3590a8fa9a6c47a7b867b87
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit c4aec7f9beca7b15c7733dab9808816fc46962aa)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
For some reason the proxied_loader_receiver can still be bound
in this case.
Pick-to: 5.15.10
Change-Id: If0bbe181eca5de41e82eebaced412361fe12fb40
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit ffb831d9896dcdd3d469fdbeee407d96d631dbda)
|