| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty ab3a3447a..d13d0924c:
> [Backport] CVE-2022-0971
> [Backport] CVE-2022-1096
> [Backport] sandbox: build if glibc 2.34+ dynamic stack size is enabled
Pick-to: 5.15
Task-number: QTBUG-102144
Change-Id: I88c5a4b18640e1579c67c874f21c627caabdf991
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
On high-dpi screens we want the rendered pixels to match device pixels.
Fixes: QTBUG-86948
Change-Id: I4879adc0aeb001750d42abc1e7d50ca3f11a5fe8
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
(cherry picked from commit 931e1be35058e43552963510f858766683cbb310)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Adjusted security patch versions.
Change-Id: Id94c288faee9f16c5b24f7357728ed65b6cf77ea
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty: 48a205f9..ab3a3447:
> [Backport] CVE-2022-0108: Inappropriate implementation in Navigation
> [Backport] Dependency for CVE-2022-0108
> Bump V8_PATCH_LEVEL
> [Backport] CVE-2022-0111 and CVE-2022-0117 (2/2)
> [Backport] CVE-2022-0111 and CVE-2022-0117 (1/2)
> [Backport] Dependency for CVE-2022-0111 and CVE-2022-0117
> [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager
> [Backport] CVE-2022-23852
> [Backport] Security bug 1289394
> [Backport] CVE-2022-0608: Integer overflow in Mojo
> [Backport] Security bug 1270014
> [Backport] Security bug 1261415
> [Backport] CVE-2022-0291: Inappropriate implementation in Storage
> [Backport] CVE-2022-0293: Use after free in Web packaging
> [Backport] CVE-2022-0607: Use after free in GPU
> [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API
> [Backport] CVE-2022-0606: Use after free in ANGLE
> [Backport] Security bug 1292537
> [Backport] CVE-2022-0609: Use after free in Animation
> [Backport] Security bug 1265570
> [Backport] CVE-2022-0116: Inappropriate implementation in Compositing
> [Backport] Dependency for CVE-2022-0116
> [Backport] CVE-2022-0102: Type Confusion in V8
> [Backport] Security bug 1256885
> [Backport] CVE-2022-0460: Use after free in Window Dialog
> [Backport] CVE-2022-0459: Use after free in Screen Capture
> [Backport] CVE-2022-0461: Policy bypass in COOP
> [Backport] Security bug 1280743
> [Backport] Security bug 1274113
> [Backport] CVE-2022-0456: Use after free in Web Search
> [Backport] CVE-2022-0298: Use after free in Scheduling
> [Backport] Security bug 1276331
> [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API
> [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
> [Backport] CVE-2022-0289: Use after free in Safe browsing
> [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API
> [Backport] CVE-2022-0113: Inappropriate implementation in Blink
> [Backport] Security bug 1258603
> [Backport] Security bug 1259557
> [Backport] CVE-2022-0103: Use after free in SwiftShader
> [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (2/2)
> [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (1/2)
> [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE
> [Backport] Security bug 1268448
> Replace base::ranges::set_union with std::set_union to fix MSVC2017 build
Task-number: QTBUG-99721
Task-number: QTBUG-101053
Change-Id: I7a834174f05381b1445ee4b222a4e7e67f13472c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For certain types of redirect navigations (for example, with a non-default
useragent set) 'IsLoadingToDifferentDocument()' can be unexpectedly false.
In such cases 'navigation_handle->IsSameDocument()' also returns false.
Fixes: QTBUG-94924
Change-Id: Ie2c17127e1a00ffc515829526320ba2f71d45af5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 8b5e3a46f253cd82dc48bc20c4233f1bf79fcb87)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Module-split update to get all QtPdf related files.
Fixes: QTBUG-86972
Fixes: QTBUG-100023
Change-Id: I9833fe2be00359c08ca71a2301262473b760df45
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 2fd5794acbde0280aee59ee05d61ae0910f59dca)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Delegate printing task down to the guest WebContents if any is present.
Also update PrintWebViewHelperDelegateQt to find the plugin element
properly for printing.
Task-number: QTBUG-98941
Change-Id: I81004a2275e0870a17565af527b1450472afb24b
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 455efe7ef204c6cd8de72b9b1f922f1681f58589)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
We used to have this, but it got dropped at some point in an adaptions.
Fixes: QTBUG-99263
Change-Id: I3bf86a1b42edca0cd792723c85d7dcb7877fea37
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit fbaab46becbf5ea063a8b4a01abf8cd1d4a1725d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 0ad281437..48a205f9e:
> Do not overwrite signal handlers in the browser process.
> [Backport] Copy 'name_' member during StyleRuleProperty::Copy
Change-Id: Ifd4b0c0d130d024e6b97f6898180d9b39cf19814
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
Chromium defaults to using it now
Change-Id: I24f711ad0a7811b6ab644cef78a1ae0fac7b3d42
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
| |
Change-Id: I2c8ecfa06abf6337309716160e38522a93cb3368
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty b77d64307..0ad281437:
> [Backport] CVE-2021-4102: Use after free in V8
> [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
> [Backport] CVE-2021-4099: Use after free in Swiftshader
> [Backport] CVE-2021-4098: Insufficient data validation in Mojo
> Try to fix build on Apple Monterey
> [Backport] Handle long SIGSTKSZ in glibc > 2.33
> [Backport] abseil-cpp: Fixes build with latest glibc
Fixes: QTBUG-99403
Change-Id: I24fe2b4cc0834200296c345fb29ffe5d1d4b1bb0
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
|
|
|
|
|
|
| |
Amends 76bd5331d38b4dcbc09c1f22bde52772d43cc7f2.
Change-Id: I67947f433f32c2be19dad553bfed03d159a865ff
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I0971900ab654e7426359204d6bddbc61c38143e9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
The signal is updated much faster for paused media now.
Fixes: QTBUG-98918
Change-Id: Ifa3b54e212436a7c93e101dc244d7edcbf473b63
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b6099cd9d1efab2af4a38476b3f543796f26f065)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty bfc2de04..b77d6430:
> Bump V8_PATCH_LEVEL
> [Backport] CVE-2021-4078: Type confusion in V8
> [Backport] CVE-2021-4079: Out of bounds write in WebRTC
> [Backport] Security bug 1259899
> [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
> [Backport] CVE-2021-4059: Insufficient data validation in loader
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
> [Backport] CVE-2021-4057: Use after free in file API
> Use wglSetPixelFormat directly only if in software mode
> Compile with GCC 11 -std=c++20
Task-number: QTBUG-98854
Change-Id: I7279387c9c7afece1eb51abb2f68d2e65f4dd31f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Add feature to enable compilation with static runtime.
Fixes: QTBUG-94046
Change-Id: I6e150cfaad020dfd942c45111139556b7e50dce5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Adds -fembed-bitcode-marker for debug or -fembed-bitcode
in case of release.
Fixes: QTBUG-94368
Change-Id: I65031a545517799245e8d08d79e78141d26e9c58
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8c0a9b44..bfc2de04:
> [Backport] CVE-2021-37996 : Insufficient validation of untrusted
input in Downloads
> [Backport] CVE-2021-38001 : Type Confusion in V8
> [Backport] Security bug 1252858
> [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
> [Backport] Dependency for CVE-2021-37989
> [Backport] CVE-2021-38022: Inappropriate implementation in
WebAuthentication
> [Backport] CVE-2021-38012: Type Confusion in V8
> [Backport] CVE-2021-38010: Inappropriate implementation in service
workers
> [Backport] CVE-2021-38021: Inappropriate implementation in referrer
> [Backport] CVE-2021-38005: Use after free in loader (3/3)
> [Backport] CVE-2021-38005: Use after free in loader (2/3)
> [Backport] CVE-2021-38005: Use after free in loader (1/3)
> [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
> [Backport] CVE-2021-38007: Type Confusion in V8
> [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
sandbox
> [Backport] CVE-2021-38009: Inappropriate implementation in cache
> [Backport] Dependency for CVE-2021-38009
> [Backport] CVE-2021-38015: Inappropriate implementation in input
> [Backport] CVE-2021-38018: Inappropriate implementation in
navigation
> Revert "Stop orphan child processes from staying alive on Windows"
> Fix stack overflow on gpu channel recreate with an error
> [Backport] Security bug 1245870
> [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
> [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
> [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
> [Backport] CVE-2021-37987 : Use after free in Network APIs
> [Backport] CVE-2021-38003 : Inappropriate implementation in V8
> [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
attack bypasses all existing protection mechanisms
> [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in
xmlEncodeEntitiesInternal() in entities.c
Task-number: QTBUG-98854
Fixes: QTBUG-98855
Fixes: QTBUG-98400
Fixes: QTBUG-98401
Change-Id: Idb07729bf45ed59eb8163186925095e1a1e30318
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems accessing accessibility from qt post routines ends
badly since caches are gone already.
Add closingDown() function to web context, which is similar to
QCoreApplication::closingDown(), however return true on
post routine.
Guard delete accessibility calls.
Note the widget part is not necessary, but added for completeness,
since only qml can release profiles due to garbage collection.
Fixes: QTBUG-90904
Change-Id: Ic0e7115cd17eb58f3d58f70fefbc197dfb7a6493
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 89bb3c97eee9cd4bf9fb536f024715e606e49ae0)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
This does not pass after ci upgrade.
Fixes: QTBUG-98428
Change-Id: I84f1da1b954ce151491f4cd022f731995c160206
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit c894e792b1664f0875e983fc3f3090e8ba9d36b4)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The network-service isn't sandboxed anyway, so there is no added
security by the process separation.
Fixes: QTBUG-84105
Change-Id: Ie3fbda26f0cf8f31166b37a8537b7e1b6d11b560
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit bc175fb62a1d2aba9c98ba761d5e21d3d7426678)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Idfe986a1dea15a1ca121bbd79b6a16c292c9d602
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 9f71911e3..8c0a9b445:
> Revert "[Backport] Security bug 1239116"
> [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
> [Backport] sandbox: linux: allow clock_nanosleep & gettime64
> [Backport] Linux sandbox: update syscall numbers for all platforms.
> Revert "[Backport] CVE-2021-37976 : Information leak in core"
> [Backport] Ease HarfBuzz API change with feature detection
> Bump V8_PATCH_LEVEL
> CVE-2021-37972 : Out of bounds read in libjpeg-turbo
> Add switch for static and dynamic crt
> [Backport] Security bug 1248665
> [Backport] CVE-2021-37975 : Use after free in V8
> [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
> [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
> [Backport] CVE-2021-37976 : Information leak in core
> [Backport] CVE-2021-30616: Use after free in Media.
> [Backport] Dependency for CVE-2021-30616
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
> [Backport] CVE-2021-37973 : Use after free in Portals
> [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
> [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
> [Backport] Linux sandbox: return ENOSYS for clone3
> [Backport] Linux sandbox: fix fstatat() crash
> [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
> [Backport] Security bug 1238178 (2/2)
> [Backport] Security bug 1238178 (1/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
> [Backport] CVE-2021-30630: Inappropriate implementation in Blink
> [Backport] CVE-2021-30629: Use after free in Permissions
> [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
> [Backport] CVE-2021-30625: Use after free in Selection API
> [Backport] Security bug 1239116
> [Backport] Security bug 1206289
> [Backport] CVE-2021-30613: Use after free in Base internals
> [Backport] Security bug 1227228
> [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
Task-number: QTBUG-96908
Change-Id: Ib473ba7dc4ac799288d69812d59e229118793d41
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit f0a1cb8da24518c03858b85378f9ad82b0603a1a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
| |
Change-Id: Id8c614ffe3ae1dc1098acc2f7d90379c81fb255c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 10449e4fb91b35572300084af4cdb1e05af9faab)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pinch gesture on a touchpad is expected to zoom-in and zoom-out. It has
been broken since the pinch gestures are routed because for routing the
event target has to be found. The event target is only tried to be found
on a pinch begin gesture.
As a fix, handle Qt::BeginNativeGesture and Qt::EndNativeGesture events
too.
Fixes: QTBUG-96930
Change-Id: Ic8fe5bee933b5e0fbc8f5ba6234363a0a625648d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit ff54ccc82fdba26cf16b9a64b387e3b428fb3038)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Struct _XkbRF_VarDefs for XkbRF_GetNamesProp needs special cleanup
logic, but it's currently missing from API:
https://gitlab.freedesktop.org/xorg/lib/libxkbfile/-/issues/6
Workaround it with manual deinitialization.
Change-Id: I3ebe20f58199277521b31b2cd8034c92fd1f2b7f
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit acf9d9de2bb3ac195adc257f4a307e447e171614)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
XRRMonitorInfo struct is supposed to be cleaned-up after getMonitors
with a separate call to freeMonitors.
Change-Id: Iacc296d1f5e434a1d52798fe09d57833660b7952
(cherry picked from commit b868f2893b3ba2fb02d9c7212de7e01b3f9e498a)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-97414
Change-Id: I6f899a5f62b1a37345281a9c6467ed3b059cd2bd
(cherry picked from commit 0fde0da27cd8541199741010eaf9ad3bac6d3f1b)
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-96849
Change-Id: I0e0a1530b8b31341c632a1fd00abd339b5152da0
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit f6f8f258be09fef90585b0228bd82a9708ef34a6)
|
|
|
|
|
|
|
|
|
|
|
| |
We invalidate the weak pointer factory before waiting on the error
callback, meaning it will never come.
Task-number: QTBUG-96928
Change-Id: Ia5091f7398e79f835ce34dfd48f3c36859382b53
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 7c35fa991f0e523e6d0901109caceed5aaac3658)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c8087cb6..9f71911e:
> [Backport] CVE-2021-30560: Use after free in Blink XSLT
Task-number: QTBUG-94103
Change-Id: I3e43653b6b3370d71b09b52a781a3b1d6c82293e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 2acbba86362ac3a1c2d8c20390dc263875f8f09c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 24fe4f70..c8087cb6:
> [Backport] CVE-2021-30566: Stack buffer overflow in Printing
> [Backport] CVE-2021-30585: Use after free in sensor handling
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1228036
> [Backport] CVE-2021-30604: Use after free in ANGLE
> [Backport] CVE-2021-30603: Race in WebAudio
> [Backport] CVE-2021-30602: Use after free in WebRTC
> [Backport] CVE-2021-30599: Type Confusion in V8
> [Backport] CVE-2021-30598: Type Confusion in V8
> [Backport] Security bug 1227933
> [Backport] Security bug 1205059
> [Backport] Security bug 1184294
> [Backport] Security bug 1198385
> [Backport] CVE-2021-30588: Type Confusion in V8
> [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
> [Backport] CVE-2021-30573: Use after free in GPU
> [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
> [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
> [Backport] CVE-2021-30541: Use after free in V8
> [Backport] Security bugs 1197786 and 1194330
Task-number: QTBUG-94103
Task-number: QTBUG-95581
Change-Id: I1900426d64727fc065d438a0e4b3b9e916d537c0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 1b9897bbe11c6ed6b27fe45b6faa20f300149b99)
|
|
|
|
|
|
|
|
| |
Newer MSVC 2019 versions reports this number
Change-Id: Iab20de746416705f10f7da95eeb319815512e07d
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Comma is treated as a part of suffix, and a separator is just a space.
Fixes: QTBUG-95770
Change-Id: I7b27ae98757418c4c09fc92804ecefd6373cbc48
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 2af853bda60156fd320ef59e1b4715c3a61308ae)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ice33d34ca8ceba745d63c129f462cca9b195e213
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
| |
Change-Id: I0d30408db2f03bc099825d6d6ec51c3ab1b25677
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Do not try to use WebContentsDelegate of a guest WebContents.
Pick-to: dev 6.2
Task-number: QTBUG-95269
Change-Id: If7bbd25bcac26c30a4ff1bee3f732ba01215ec4b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 5db4492a..24fe4f70:
> [Backport] Security bug 1194689
> [Backport] CVE-2021-30563: Type Confusion in V8
> [Backport] Security bug 1211215
> [Backport] Security bug 1209558
> [Backport] CVE-2021-30553: Use after free in Network service
> [Backport] CVE-2021-30548: Use after free in Loader
> [Backport] CVE-2021-30547: Out of bounds write in ANGLE
> [Backport] CVE-2021-30556: Use after free in WebAudio
> [Backport] CVE-2021-30559: Out of bounds write in ANGLE
> [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
> [Backport] Security bug 1202534
> [Backport] CVE-2021-30536: Out of bounds read in V8
Task-number: QTBUG-94103
Change-Id: I500b3258a90ea4f5d932777b9f217b6da1b8778c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7948becb..5db4492a:
> [Backport] CVE-2021-30522: Use after free in WebAudio
> [Backport] CVE-2021-30554 Use after free in WebGL
> [Backport] CVE-2021-30551: Type Confusion in V8
> [Backport] CVE-2021-30544: Use after free in BFCache
> [Backport] CVE-2021-30535: Double free in ICU
> [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
> [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio
> [Backport] CVE-2021-30523: Use after free in WebRTC
Task-number: QTBUG-94103
Change-Id: Ib1d77dae4c4b0f98f3eaf99442159374b8003fe7
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty eaffb82d..7948becb:
> Generate mojo bindings before compiling extension API registration
Change-Id: Ie01368c9a082142801f0d0f8672ed7461631cfa1
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
| |
Change-Id: I23abb5f63719b0aaf4dd4c9b81c312e8a375ec7f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
The input event router does not like MayBegin.
Fixes: QTBUG-93082
Change-Id: I4ac9677d7f69da3d36fc33c17541026f011feb42
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 588ea0d45f983f70e707a502cb4f3e429bbd3876)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty dc35950b..eaffb82d:
> [Backport] Security bug 1201938
> [Backport] Security bug 1201340
> [Backport] Security bug 1195331
> [Backport] Security bug 1204071
> [Backport] CVE-2021-30518: Heap buffer overflow in Reader Mode
> [Backport] CVE-2021-30516: Heap buffer overflow in History.
> [Backport] CVE-2021-30515: Use after free in File API
> [Backport] CVE-2021-30513: Type Confusion in V8
> [Backport] CVE-2021-30512: Use after free in Notifications
> [Backport] CVE-2021-30510: Race in Aura
> [Backport] CVE-2021-30508: Heap buffer overflow in Media Feeds
> Workaround revoked certificate check on Linux
Fixes: QTBUG-92895
Change-Id: Ib83f18a256822a2a6feb5dcdd1df7e933a2dd271
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Speculative fix.
Add custom qtwebengine mojo_bindings as a dependency for compiling
chrome sources.
Change-Id: I930a8c94b8ffe02188659169fd9f27c99f42fb0b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From macOS 10.15 onwards there are new security requirements
for TLS server certificates:
https://support.apple.com/en-us/HT210176
Now all certificates without required fields are reported as
NET::ERR_CERT_INVALID and there is no way to 'bypass' this error.
Our test expects ERR_CERT_AUTHORITY_INVALID value,
for which browsers have an visual option to bypass.
'Fix' certificate by adding new required fields:
* Subject Alternative Name
* Extended Key Usage
Generate a new certificate chain with two certificates, where the
server certificate has the extension config file in the form of:
[SAN]
subjectAltName=DNS:webengine.qt.io
extendedKeyUsage=serverAuth
Use 2048 bit for private key, otherwise tests fail on ubuntu.
Task-number: QTBUG-91230
Change-Id: I81d878cf3cae3e9fcc51bfbf250fba9185ca4b01
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 035579f424e5b69cee212d23fda3467f5db8d19e)
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 1d3b13e9..dc35950b:
> FIXUP: third_party perfetto: add missing include for clang, asan and no_pch
> Bump V8_PATCH_LEVEL
> Fix build with GCC 11
Fixes: QTBUG-93744
Change-Id: If79bfb844f03052eab4d11018f07357b383626a7
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
| |
Change-Id: I98fee3bf2665112a5a7ca4f7170cddeab74d3bc7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-91232
Change-Id: I4de316a35b235566b56d5fc6520347b5be4a0b7f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Fixes: QTBUG-93644
Change-Id: I3c5362eaf970146b5d3088bf41c4520794be6eb6
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|