| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Change-Id: Ic62389b2253f2ee4982c34e33111f84f44ed6bc5
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 4e0b66a6..62bc4758:
> [Backport] Security issue 1098860
> [Backport] Security issue 1108639
> [Backport] Security issue 1102137
> [Backport] CVE-2020-6559: Use after free in presentation API
Change-Id: Ifa6ba52fa2d760b20e3b36abb10adaca0fc79cf8
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Otherwise unchanged intercepted request leads to second call
in the same interceptor but on ui thread after io thread.
Ammends a05bb73747.
Fixes: QTBUG-86267
Change-Id: I4e7c662d24a58be5445f5c8b6d0bf3751f40cc05
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
* e31cc67a44d Fix neon support in libpng
Change-Id: Ib06498f303106d113cc3b4c5b70d20685c9e6b9f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
This supposed to be covered by ff50fbf but got lost in
following patchsets and static ios build did not complain
about it.
Change-Id: Ie4e34dc12d942442824ba1f0e3483bed682b3157
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
|
|
|
|
| |
Change-Id: I9fd76405eb615db6cef1df2990d732823febdb70
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
At least turns our support off on html5test.com
Change-Id: Ic82800b0efb70bb5589f7544b851ebcd64000105
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
| |
Was enabled for all platforms except windows using MSVC, but
compiles just fine for us.
Fixes: QTBUG-86092
Change-Id: Ib15d94c36b8a411dd5eab01843db1a3666ac370f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c153fafb..4e0b66a6:
> Remove blocking of proper fixes
> Fix bison 3.7
Fixes: QTBUG-85835
Change-Id: If3b77c7db6203ccd0137ea381c927bd09cede505
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Do not include certificate error qml test if no ssl.
This change does some copy-paste but this will
be handled in qt6.
Change-Id: I8cc6d37074d78ca9f55333f479fb410ef927385d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Also violates modern Qt code style
Change-Id: Ibb12b6db18bbd2669377abe1d25034ed69a86389
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
| |
Change-Id: If3015972f1c42957d77905397c26e4a64029dc09
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Binary compatibility files added.
Change-Id: I71c208cf9cb5a79e410416ae769ec48c23a219cc
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
This pulls in the following changes:
c153fafb306 Fix invalid dbus bus name error in MPRIS
Fixes: QTBUG-85626
Change-Id: I7913a1caede7041632b1c070152f54a848c063ab
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The buffer pointers m_middleBuffer and m_frontBuffer are swapped in
updatePaintNode on the condition that m_middleBuffer is non-null and
it's serviceId non-zero. But neither m_middleBuffer nor it's serviceId
is immediately cleared, leaving the possibility that a subsequent call
to updatePaintNode could swap the buffer pointers again if this call
occurs before m_middleBuffer is cleared in swapBuffersOnVizThread. The
m_taskRunner pointer is however cleared immediately and therefore the
subsequent call to updatePaintNode will trigger a segmentation fault.
Since m_taskRunner precisely tracks the condition when we should or
should not swap, change the swap condition to simply require that
m_taskRunner is non-null.
Fixes: QTBUG-85817
Change-Id: Iad89bb0f4de7c0c151d5c5bd63ac74ab6cdd9087
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
| |
Makes it more stable.
Change-Id: I2b479330e66e9d87355b09ebb0f4c4064ef96963
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Tamas Zakor <ztamas@inf.u-szeged.hu>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
6b7ceb6afd9 Fix debug-info in MSVC developer-builds
563e0a1cd4f [Backport] CVE-2020-6542: Use after free in ANGLE
c16701ae892 [Backport] CVE-2020-6543: Use after free in task scheduling
10efe0032f2 [Backport] CVE-2020-6544: Use after free in media
69a85eaabf2 [Backport] CVE-2020-6548: Heap buffer overflow in Skia
d2f5e4d3a25 [Backport] CVE-2020-6549: Use after free in media
0eed9609606 [Backport] CVE-2020-6550: Use after free in IndexedDB
f7859651865 [Backport] CVE-2020-6551: Use after free in WebXR
3cebf422618 [Backport] CVE-2020-6555: Out of bounds read in WebGL
30a0c954b97 [Backport] CVE-2020-6545: Use after free in audio
Task-number: QTBUG-85606
Change-Id: I1f591d722380fbcfb91565b90a6f4cbb7227b266
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
It appears we are no longer presented with pages using these, so match
Chrome and Chromium 80 defaults.
Change-Id: Ie270c2bee9b81f898c7dab9e6d4dad02636c17cc
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
| |
We were missing the combined test after Chromium introduced the new
enums.
Fixes: QTBUG-85890
Change-Id: Id7bb7f05635c64c271e12a12f2409eedc22a9605
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8a0c6063..84f63010:
> [Backport] CVE-2020-6540: Heap buffer overflow in Skia
> Fix webrtc build with GCC 10
> FIXUP: [Backport] CVE-2020-6493: Use after free in WebAuthentication
> [Backport] Handle invalid type mixing in CSS clamp()
> [Backport] CVE-2020-6493: Use after free in WebAuthentication
> [Backport] Security bug 1087158
Change-Id: I1289579cbe81cd4bee9cf49103dc384f81913888
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
We only need the QSslCertificate which is always available.
Task-number: QTBUG-85117
Change-Id: I32e2034060e610ac049d8e3b2a03660e9bf7e7a4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
cc32214f8dc [Backport] Security bugs 1087629 and 1029569
1cf3807d934 [Backport] Security bug 1052492
a5e8bd5e8c9 [Backport] CVE-2020-6533: Type Confusion in V8.
da24a7f8bcb [Backport] CVE-2020-6532: Use after free in SCTP
e402452015f [Backport] CVE-2020-6541: Use after free in WebUSB
8a0c6063c5b [Backport] Security bug 1102408
Task-number: QTBUG-85606
Change-Id: I7a17702c7290e135bcdc3074c27e8fc89a6ac4c9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
| |
Change-Id: I52023c916557894c072c52f476b6556e2b042050
|
|
|
|
| |
Change-Id: I1123d21fca65ea4daf84e1143032619ca18c51fa
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 0a4240a9..4a996760:
> Fix building FIDO with gcc5
> [Backport] CVE-2020-6512: Type Confusion in V8 (3/3)
Fixes: QTBUG-85117
Task-number: QTBUG-54720
Change-Id: I074831454b469c17a71f2ca75a075ee48157970d
Reviewed-by: Tamas Zakor <ztamas@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
It is just a file path. Fixes qmake linking when chromium changes.
Change-Id: Ib2f0976a6dc3c90c415b69e1876706bc2397d134
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
7e405525e92 [Backport] CVE-2020-6530: Out of bounds memory access in developer tools
99fe8bdb44a [Backport] CVE-2020-6531: Side-channel information leakage in scroll to text
52367e8e753 [Backport] Security bug 1065731
d61a4348c47 Fix WebAuth build
9222c8b73ab [Backport] Security bug 1054229
c3d5696193a [Backport] Security bug 1065122
9b27a193c63 [Backport] Dependency for CVE-2020-6534
0b8e0d451a3 [Backport] CVE-2020-6534: Heap buffer overflow in WebRTC
0a4240a9c42 FIXUP: Fix WebAuth build
Task-number: QTBUG-85606
Change-Id: I2995f9c3ea4b63fc8af1699a377c2d74359c67a8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Fixes: QTBUG-85661
Change-Id: I7cd8ed534d94d6be06f77b9b2d1779905655e772
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing builds we use rsp files also for archives.
For static builds this would require to install rsp file.
Since static builds are possible only for qtpdf with small amount
of archives simply do not use rsp files for archives.
Cleanup linker parameters so prl files do not point object
rsp files (do not use LIBS_PRIVATE in that case).
Task-number: QTBUG-85616
Change-Id: I165610e418f162c16fcfa7056af3344b80f60c05
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ib06a0a1ec3372d483008cc0ac0ec211ec8316e0e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I854034fd63c8847867fd7ec01d5c25781e7de5ef
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QtPdf and QtWebEngine builds are producing few libraries in one build.
This creates some corner cases like prl file generation. Paths
in prl files are replaced on installation with sed. Unfortunately this
will not work well if we build libraries which depends on not yet
installed libs, since prl files reused by build are not processed by sed.
Add workaround in this case so all depend libs are aware of their static
dependencies and generate correct prl files.
Task-number: QTBUG-85616
Change-Id: I0dbeb96bccbc4865dd52dea7c5d619f8cda1a596
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
d19ddc13c6b Build openh264 with -DX86_32_PICASM on x86
2c7da754bb4 [Backport] CVE-2020-6518: Use after free in developer tools
b44a099f737 [Backport] CVE-2020-6523: Out of bounds write in Skia
1c142fada62 [Backport] CVE-2020-6524: Heap buffer overflow in WebAudio
5748e38c2f2 [Backport] CVE-2020-6526: Inappropriate implementation in iframe sandbox
d41f723f492 [Backport] CVE-2020-6529: Inappropriate implementation in WebRTC
e61ea405c3c [Backport] CVE-2020-6535: Insufficient data validation in WebUI
288befc5a1e [Backport] Security bug 1090543
Task-number: QTBUG-85606
Change-Id: Ib675a80bd78cfb7f2d27cc528fe016775fb8d482
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The latter has been the preferred name since Qt 4.7.0.
(Pick back to 5.15 shall need to drop the test change, as the test was
added to dev after it diverged from 5.15.)
Change-Id: I3154ea1203e741cb337782d3374e02e15c5f209e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 005a338f169b485077c248358e1cde96d22ae506)
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function is called for all navigation requests. The original bug
report was most likely due to the use relative links on a page without
a base url, which indeed results in no call to acceptNavigationRequest
being made. But this has nothing to do with local vs remote URLs, it's
rather that relative links, which are relative to nothing, are not
valid links and there thus cannot be any navigation request either.
Task-number: QTBUG-48435
Change-Id: I08bd0c86d67bf1dd1d7662468321777254a7db0b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
9bea57931fd [Backport] CVE-2020-6510: Heap buffer overflow in background fetch
dac11cfa7af [Backport] CVE-2020-6511: Side-channel information leakage in CSP (1/2)
ce4b0e7fe74 [Backport] CVE-2020-6511: Side-channel information leakage in CSP (2/2)
4ba6053c609 [Backport] CVE-2020-6512: Type Confusion in V8 (1/2)
2be01d83ffc [Backport] CVE-2020-6512: Type Confusion in V8 (2/2)
c3a7b41c75c [Backport] CVE-2020-6513: Heap buffer overflow in PDFium
7d0c0b1385a [Backport] CVE-2020-6514: Inappropriate implementation in WebRTC
Task-number: QTBUG-85606
Change-Id: Ifa02d4e4c5f8f771250dbc2e9f519f9db7f2c080
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Add missing check for ios.
Change-Id: I7fce6addb154ea83b8308094d5a6c4275d050d9b
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During chromium build we get some static libs, these are dependencies
to QtPdf static lib. Generated prl files will contain paths to those libs.
Unfortunately, these are the internal paths to the libs within the build
directory. There are two solutions, merging all dependencies into final lib
or simply installing static dependencies. Since doing a merge of static libs
would require platform specific code and on mac requires special libtool
(we use ar by default) and lipo hassle to get fat archives, we rather
simply install those libs. This way seems to be a common pattern for
static builds.
Fixes: QTBUG-85616
Change-Id: I0cb1a0ae1ad3b8fa8af562951af4de1e9c7a8ba8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
The options only need to allow httponly, it doesn't set it, and we
shouldn't even forward canonical cookies that were excluded on creation.
Change-Id: Ieec45734938c07a50ac03aa113a02a907bce689f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 809e16e4..840c8e5f:
> Make navigation on back/forward mouse buttons optional
Change-Id: I191f7781cf9b824b743b80a05a3e819a414ee546
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c91f4d20..809e16e4:
> Add cookie filter to URL requests cookie headers
> Use audio-manager app-name for MPRIS
Fixes: QTBUG-85526
Change-Id: Icab26cad3cea8e2ee021a3e589f41bf0543d64fa
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
| |
Cleanup after a34b3a4e
Task-number: QTBUG-85526
Change-Id: I23fd5f504937efa44964546a1f4b095efd9ad65f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
There was some kind of race between loading as a plugin and this
redirect.
Task-number: QTBUG-84340
Change-Id: I57ac8fcae0c1de98b1fd3013d2b5299c85547cc0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
| |
It appears we have support for it on all levels.
Fixes: QTBUG-85360
Change-Id: I68d03931197a3b883a1909e96096000fb84925bf
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
| |
This line of code just hided illegal cookie store changes from being
observed by our API.
Task-number: QTBUG-85526
Change-Id: I044221f70b7628bd727879f11f46bfefe75ca2ca
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
| |
It seems this does not work already for a while.
Add missing headers.
Change-Id: I158519f69e2ce87fe6c84c03a6ac2ce178c20206
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Used for screensharing on wayland
Fixes: QTBUG-85309
Change-Id: I7ec61611bb9e3f318a6a5bd3a43212f391766628
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
| |
Doesn't support -ftrivial-auto-var-init=pattern
Change-Id: Id998b775cd51f13395c69fafd46c6ec5e997ef5b
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 87e5a52b..c91f4d20:
> FIXUP: Extend url library for WebEngine custom schemes
> Fix angle_platform_impl after 80 rebase
Fixes: QTBUG-85119
Change-Id: Iba5127f82d3ade9ca5868ce453ce7b402504d327
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Was not used
Change-Id: Ic87e35c12c8d6454ed10ca83dfba9ea732919be4
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|