| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6ae16282af..39aa0ea99a:
> CVE-2021-38022: Inappropriate implementation in WebAuthentication
> CVE-2021-38015: Inappropriate implementation in input
> CVE-2021-38019: Insufficient policy enforcement in CORS
> CVE-2021-38009: Inappropriate implementation in cache
> Dependency for CVE-2021-38009
> CVE-2021-38010: Inappropriate implementation in service workers
> CVE-2021-38005: Use after free in loader (3/3)
> CVE-2021-38005: Use after free in loader (2/3)
> CVE-2021-38005: Use after free in loader (1/3)
> CVE-2021-38007: Type Confusion in V8
> CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
> CVE-2021-38012: Type Confusion in V8
> Fixup for CVE-2021-38018: Inappropriate implementation in navigation
> CVE-2021-38018: Inappropriate implementation in navigation
> CVE-2021-38021: Inappropriate implementation in referrer
> CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
> CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
> CVE-2021-38001 : Type Confusion in V8
> Security bug 1252858
> CVE-2021-38003 : Inappropriate implementation in V8
> CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
> CVE-2021-37989 : Inappropriate implementation in Blink
> CVE-2021-37987 : Use after free in Network APIs
> Security bug 1245870
> CVE-2021-37992 : Out of bounds read in WebAudio
> CVE-2021-37993 : Use after free in PDF Accessibility
> Security bug 1241912
> CVE-2021-37984 : Heap buffer overflow in PDFium
> Fix build with Win10 21H1 SDK and Win11 SDK
Change-Id: Ie208cc60c8c65c37ddf0d727fe7e1e315e538255
Task-number: QTBUG-98400
Task-number: QTBUG-98401
Task-number: QTBUG-98523
Fixes: QTBUG-98522
Pick-to: 6.2 6.2.2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
C++20 deprecates [=]'s implicit capture of this, but [this] is
sufficient, anyway.
Pick-to: 6.2
Change-Id: I0e962d62b672883495da05abce12d7ea2f2b1020
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Fixes (qdoc) warning: Can't link to 'Versionless commands'
Change-Id: Ia2940a3b244df57cdefe386734bdac0df18cd039
Reviewed-by: Venugopal Shivashankar <Venugopal.Shivashankar@qt.io>
|
|
|
|
|
|
|
|
|
| |
Fix spellchecker example and test to use new api.
Note we should not use qt6 prefix in cmake api in examples.
Change-Id: Ib800bf2b7bd83e10060fa01ccd8d4a262752e09b
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The call to nativeResourceForScreen can return egl native display
handle if called with "display", since it gets mapped to XLibDisplay
but egl device intergration can return EGLDisplay.
This is not the case for nativeResourceForIntegration.
Use new native QX11Application interface to query for display,
note there is not need to use nativeResourceForScreen for "display"
anyway since qt does not support multiple x connections to different
displays.
This fixes places where code queries "display" and bails out
if it is null.
Fixes: QTBUG-97472
Pick-to: 6.2 6.2.2
Change-Id: Ibc5f8f96e612389bfa24a81268202c9e47a7580b
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Quick examples, providing any answer to ui::SelectFileDialog::Listener
results immediate destruction of FilePickerController and its m_isHandled
flag remains false before the controller is destroyed. An "unhandled"
controller calls reject() in destructor, so the controller will be
answered twice.
Pick-to: 6.2
Change-Id: Iaff5b0f4f54b0b11a447ac624f5652e592a88e6e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems accessing accessibility from qt post routines ends
badly since caches are gone already.
Add closingDown() function to web context, which is similar to
QCoreApplication::closingDown(), however return true on
post routine.
Guard delete accessibility calls.
Note the widget part is not necessary, but added for completeness,
since only qml can release profiles due to garbage collection.
Fixes: QTBUG-90904
Pick-to: 6.2 6.2.2 5.15
Change-Id: Ic0e7115cd17eb58f3d58f70fefbc197dfb7a6493
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
If an example contains ui.qml it should also have
a .qmlproject file for Qt Design Studio.
The id 'item' is not allowed in ui.qml files.
Pick-to: 6.2
Change-Id: Ib01d22b361c00f67062f97af52489e9704aaf927
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
C++20 deprecates [=]'s implicit capture of this, but the replacement
[=, this] isn't available in C++17. So, need to bite the bullet and
list every captured variable manually.
Pick-to: 6.2
Change-Id: I47c62f9bf93e5d7b6c64cdbdac73bdcc9ecab8b5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ifa2914e7bca9c224670a1891785d0ba8262cd61b
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
|
| |
This should enable use of system DoH settings on macOS and Windows
Task-number: QTBUG-98284
Change-Id: Iab019e46341f55146224df6830bc7902db85ff40
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
| |
Fixes: QTBUG-92539
Pick-to: 6.2
Change-Id: Iece974e7b045bd793ceb8870f370803bf2524c33
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
The network-service isn't sandboxed anyway, so there is no added
security by the process separation.
Pick-to: 6.2 5.15
Fixes: QTBUG-84105
Change-Id: Ie3fbda26f0cf8f31166b37a8537b7e1b6d11b560
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
| |
Change-Id: I281a92e1e8e8f834974645c29c8248eee08284ab
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to docs:
"You must call XkbQueryExtension or XkbOpenDisplay
before using any other Xkb library interfaces"
Task-number: QTBUG-97472
Pick-to: 6.2
Change-Id: I84c1bc49b077224a93d9f8d7a9ac29fe089de13e
Reviewed-by: Liang Qi <liang.qi@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
| |
Check for windows 10 sdk was missing, add it back.
Fixes: QTBUG-97836
Pick-to: 6.2
Change-Id: I5551a217aff3e6f730aaec014d96c0d6ce7e396f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.2
Task-number: QTBUG-97836
Change-Id: If32e78144695cefd5ff6092bfd3b845c04891dd7
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|
|
|
|
|
|
| |
Fixes: QTBUG-97926
Pick-to: 6.2
Change-Id: I2abba9044d64765fca48d987c70494792529f6ca
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Since 40a7fe0 we no longer have certifiacteerror qml test,
however there were some leftovers.
Pick-to: 6.2
Change-Id: I1a5fd0756b3e6c0ff6766a6495509f6c174da095
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QtWebEngine uses Keving Burke's markdowncss for two of his examples.
An attribution file is provided for both uses, pointing to the homepage
of markdowncss "https://kevinburke.bitbucket.io/markdowncss/".
Nonetheless, the project is currently unmaintained and the homepage
doesn't exist anymore, meaning that the link to it is broken.
As there is not a reachable homepage anymore, the "Homepage" key for
markdowncss attributions was removed from the attribution files.
A link to the same page was changed to the link to the bitbucket
repository, which is still reachable, in the documentation for the
affected examples.
Task-number: QTBUG-96127
Pick-to: 6.2
Change-Id: Idd6c163eebeb2a2292ae76a73289fda5faa12b0a
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tooltips should disappear when chromium requests it and it is done by an
explicit call of QToolTip::hideText() (see QTBUG-64933).
This, however would also hide a custom "global" tooltip because the
custom tooltip event notifies QWebEngineView to remove its own tooltip
to avoid more than one in a window. The QWebEngineView's tooltip handler
was override and it resulted custom tooltips to hide themselves.
As a fix, remove the custom tooltip handler from QWebEngineView and hide
tooltips only if requested by Chromium.
Fixes: QTBUG-97897
Pick-to: 6.2
Change-Id: I976e49218ec975b10e2f155096f6aec124270fdc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I4c193b2af07033e117cd4d9c9b155d069843548a
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I1bf6016a509d9c6bea453b1babd0848a90ad3239
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
| |
We should not use qt6 prefixed functions in examples.
Pick-to: 6.2
Change-Id: Ibf2618ef4f64b560decb219527d619aad680f216
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dict tool can be run during the build, therefore
copy just in case icu data file to tool application path,
so it does not require installation and can
run no matter if it is a prefix non prefix build.
Guard for webengine_system_icu since there is no icu file
in that case.
Remove awesome looking genex from examples.
Pick-to: 6.2
Change-Id: I2fd5ecf6c99ae1d003a1ac1c7bce2bb61a05f73f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QT_SUPERBUILD is never cached and user can run
only qtbase as super build and compile any other
module as separate module build, moreover this can be
also 'no prefix' build.
Fix missing checks to support that case and clean up
install of resources.
For mac framework builds copy bundle to right place
in case of 'no-prefix' builds.
Fixes: QTBUG-94604
Task-number: QTBUG-96375
Pick-to: 6.2
Change-Id: I4ab7d4fed2c2be93f2a048a510419849361883ba
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can configure webenigne repository with
FEATURE_qtpdf_build and FEATURE_qtwebegine_build
so make them public. The handling is still affected
by QTBUG-96936,however private vs public features
will most likely get better handling soon.
Fix build summary to better reflect build options.
Pick-to: 6.2
Change-Id: Ic6ef54a68b68d0f05c520a058665e6294efbe041
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.2 5.15
Change-Id: I2124d6eef038157e0664a96dfa333b14064541c1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6b7b3f1b..6ae16282:
> [Backport] Security bug 1185801
> [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
> [Backport] CVE-2021-37973 : Use after free in Portals
Fixes: QTBUG-96907
Pick-to: 6.2
Change-Id: I90082480a6c69772a0563ffa86e76a14fab95b35
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-85043
Change-Id: Iecd2f5ae20fcf031937a1d44cc154f2e2a3ff52f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The QtPositioning module is now moved to its own repo, so we need to
update dependencies accordingly
Task-number: QTBUG-97188
Pick-to: 6.2
Change-Id: I492ceb1743bfe6a546ab962672ad21355471b567
Reviewed-by: Daniel Smith <Daniel.Smith@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
If screencastEnabled preference is not found, ScreencastApp.ts defaults
it to true. This happens at the first start of a browser application.
Task-number: QTBUG-96942
Pick-to: 6.2
Change-Id: I15788737640cfe07c0016b31fc471906452aad1b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Should have been with the security patch merge
Change-Id: I7d41fb7eb8cb61a7eebf4edec70199e013db6561
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit f861c5cbc305992f971e168646473f3ee60a3750)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
With software compositing render thread of Qt's scene graph and Viz's
thread may hit the same mutex inside output surface during frame update.
Pick-to: 6.2
Fixes: QTBUG-97598
Change-Id: Ic02e161f7b16b22c9099b93f2b1a91e78347975f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 202e34476..6b7b3f1bf:
> [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
> [Backport] sandbox: linux: allow clock_nanosleep & gettime64
> [Backport] Linux sandbox: update syscall numbers for all platforms.
> [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
> [Backport] Ease HarfBuzz API change with feature detection
> [Backport] CVE-2021-37975 : Use after free in V8
> [Backport] Security bug 1248665
> [Backport] CVE-2021-37976 : Information leak in core
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
> [Backport] Security bug 1215711
> [Backport] CVE-2021-37972 : Out of bounds read in libjpeg-turbo
> [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
> [Backport] Linux sandbox: return ENOSYS for clone3
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1238178 (2/2)
> [Backport] Security bug 1238178 (1/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
> [Backport] Security bug 1242257
> [Backport] CVE-2021-30632: Out of bounds write in V8
> [Backport] CVE-2021-30625: Use after free in Selection API
> [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
> [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
> [Backport] CVE-2021-30629: Use after free in Permissions
> [Backport] CVE-2021-30630: Inappropriate implementation in Blink
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] Linux sandbox: fix fstatat() crash
> [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
> Revert "Fix sandboxed font rendering with newer glibc"
> breakpad: fix build with glibc-2.34
> abseil-cpp: fix build with glibc-2.34
> Fix QtWebEngine build with clang-cl
Fixes: QTBUG-96907
Change-Id: I2d35c7a9deef9124189290219efbac2c9807d449
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b55ebadc3013e7f197cde1d2054002b34898ae6c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
Parameter "param" is not declared. Injection of parameters into
signal handlers is deprecated. Use JavaScript functions with formal
parameters instead.
Pick-to: 6.2
Change-Id: Iea3583feb10fc56424ebb070e9b19e605c252773
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
The nodiscard values can be Check()ed.
Pick-to: 6.2
Change-Id: I9ee38ca3404c4013c6cda6d3d0833529c2b59105
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I4e659dffa119a8c9f41a266cd71e9afb9c36362e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
The only not cover part in cmake port are:
* ios builds for qtpdf
* qt static dependecies for qpdf
Pick-to: 6.2
Change-Id: Iefe624c35d847b4a9c3cd970192487340b1657f9
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
| |
If called without args print versions.
Pick-to: 6.2
Change-Id: Id34179a099e9d53111a6638f0cddadcb401e61e5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: Ic5591396192c942d2a77e42d8ebf0bf21a1a0f5c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bug in QtBase breaks downloading files into a root directory
on Windows (eg. C:\): QTBUG-85997
Check if the "non-existent" directory is an existing drive and do
not cancel the download in this case.
Fixes: QTBUG-96855
Pick-to: 6.2
Change-Id: Icf0e472df723fc4f6ad36f4560509aafa69e3582
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pinch gesture on a touchpad is expected to zoom-in and zoom-out. It has
been broken since the pinch gestures are routed because for routing the
event target has to be found. The event target is only tried to be found
on a pinch begin gesture.
As a fix, handle Qt::BeginNativeGesture and Qt::EndNativeGesture events
too.
Fixes: QTBUG-96930
Pick-to: 6.2 5.15
Change-Id: Ic8fe5bee933b5e0fbc8f5ba6234363a0a625648d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.2 5.15
Task-number: QTBUG-96849
Change-Id: I0e0a1530b8b31341c632a1fd00abd339b5152da0
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Call qt_internal_return_unless_building_tools() directly after
qt_internal_add_tool() to avoid having to special-case code for when
this function only creates imported targets in cross-builds.
Task-number: QTBUG-85084
Change-Id: If43de0acd45b53032cae25ce0062c390e3f7abf2
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.2
Task-number: QTBUG-97414
Change-Id: I6f899a5f62b1a37345281a9c6467ed3b059cd2bd
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
| |
Change-Id: I7a472696f8766f1b4b9ba64767e66d841cfdad60
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since coin does not support doing matrix projects,
add primitive way to automate features builds.
Add self build launcher in form of external projects
to do few builds one after the other which test
some of our features.
These are just compilation tests and could also run in
coin as scheduled build.
Usage:
/path/to/qt-cmake-private /path/to/webenginesources -DMATRIX_BUILD=ON
Created currently builds:
* webengine_extensions-OFF
* webengine_printing_and_pdf-OFF
* webengine_proprietary_codecs-ON
* webengine_spellchecker-OFF
* webengine_webrtc-OFF
* qtwebengine_build-OFF
Pick-to: 6.2
Change-Id: Ie1bbc2cf9b01cb2e5089832d8f1cd6171e31b6fe
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
We invalidate the weak pointer factory before waiting on the error
callback, meaning it will never come.
Pick-to: 6.2 5.15
Task-number: QTBUG-96928
Change-Id: Ia5091f7398e79f835ce34dfd48f3c36859382b53
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
| |
Change-Id: I70b51075b0224268763ebdfb5505efe7fa61e4a1
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|