| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Pulls in latest security fix from 72 releases, one which is actively
exploited.
Fixes: QTBUG-74254
Change-Id: Iaef4cecb15295e45a795bc37cc1b467de5cc7bc1
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Change-Id: I41bb4f924b9091b550354065211672e31088d1cb
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|
|
|
|
| |
Change-Id: Ic750e5a1668c533b197ef0224dceb747d5b1fde3
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
.qmake.conf
examples/webenginewidgets/minimal/doc/src/minimal.qdoc
Change-Id: I7475770b8a18a69a33601cf88842a7873ba6003c
|
| |
| |
| |
| |
| |
| | |
Change-Id: Id4bef9a7bd6a798511f8b8850d27f48f75fbeebd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
| |
| |
| |
| |
| | |
Change-Id: I8b940140bbbb132e4b4524ac0b205551750a9585
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Includes one security fix from Chrome 70.0.3538.102
Changes:
ce79ab59a09c [Backport] Skip deleted object files in POSIX base::debug::StackTrace
573ac8f40079 Disable some DCHECKs to fix printing
9ca99cf7418b Cherry-pick certain macOS V2 sandbox rules into the V1 sandbox rules
ba7a77a4fbd5 Stop orphan child processes from staying alive on Windows
c04d5ad155f0 Do not make tools for webkit layout tests
071af956fdf4 Make sure we do not use png for host build
c2aeb1c6d21c [Backport] Fix for CVE-2018-17478
91432e048e9b Fix assert in V8 mksnapshot when building on macOS
Change-Id: I80fce63a87cc15d0bfe26f8b98dcfe5bca05c0e7
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|/
|
|
|
|
| |
Change-Id: I2183c58732b168acccfcddd195cb93cd50090414
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
Add a few missed changes from 3rdparty
Change-Id: Ie503da76d20440729516224c48bf0c95aade66d7
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
| |
Change-Id: Ia3fe234353e489732ee5f914204ee3f46c894a52
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following commits:
* bad02200 [Backport] CVE-2018-6149
* 8cc9828a Workaround long path issue on Window
* b42eb615 [Backport] gpu: Address piman's nits from crrev.com/c/969639
Change-Id: I3077df475503db990988ff0ab42724d11341db25
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
| |
Change-Id: Id0e405d5e3d08c979c482badc8337b08d1705e16
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
Change-Id: I02a88abcac5e965abf7d1e9698aa5f7c332f5102
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 5e89c5356aade16a057d2a4ea84df3f420dbdf1f)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Change-Id: I75316370dc39564f013e558065e84defed89d3d9
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit cc526afe9c2cdd4502c90b8f9b505812c984ea08)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulling in security fixes from Chrome 66.0.3359.139
Changes:
a816f8401c Update the ICU shim headers
a329fc0080 [Backport] [MemCache] Fix bug while iterating LRU list in range doom
492afe7432 [Backport] Merged: [keys] Don't keep chain of OrderedHashSets in KeyAccumulator
1785e2c1eb [Backport] Merged: [wasm] Call AsyncInstantiate directly when instantiating a module object
Task-number: QTBUG-67800
Change-Id: Id84a3e58f5eb4fc7b8e73f57c8edb8f0574e6547
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
Add a list of public CVEs security patches have been cherry picked for.
Change-Id: I64703fea470070e79fb1327e960b59e0f7d88437
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
Change-Id: I95f34b613e72c28ae1d9cfea02ccdb1d45f5c7db
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
| |
Change-Id: Icd07aaf0eb29aef87644dc66a650f6bc3d1ecd63
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/3rdparty
src/core/web_contents_adapter.cpp
src/webengine/api/qquickwebengineprofile.cpp
src/webenginewidgets/api/qwebengineprofile.cpp
tests/auto/widgets/qwebenginedownloads/tst_qwebenginedownloads.cpp
tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp
Change-Id: I56c093ebab5ee8b577783ce71761719159cd3ddd
|
| |
| |
| |
| |
| |
| |
| | |
Pull in SPECTRE mitigation
Change-Id: I3849adce737c5518d02a5b27431bac50224c2065
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
| |
| |
| |
| | |
Change-Id: I0ff5721c1317ca97b574538c8c52127a87f73c29
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@qt.io>
|
|\|
| |
| |
| | |
Change-Id: I05f7952ea887536674045ed0779967e23388c5d1
|
| |
| |
| |
| |
| | |
Change-Id: I5ab44cf691c4a0fa4e7e96a8fe957dc849dc6f19
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| | |
Change-Id: I032afc7d0784f5d755da1f93e8a621171f53bed9
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|/
|
|
|
| |
Change-Id: I688c3e9e474772a12099c5d9a5fd939f29cb637f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-62746
Change-Id: I92bfcc4788af6b4c41cba18f4726333ea6297481
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
| |
Imported and expanded from 5.6 branch
Task-number: QTBUG-62705
Change-Id: I89d060d18fec20eeb255625b8c78520163aeb83d
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|
|
|
|
| |
Change-Id: Ic58c0d6c7ff65c482f6ec7a70eb0207417ef77fc
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulling in the remaining security patches from Chrome 57 and 58
Changes:
e7de22b [Backport] Clear the FrameBuffer in case of a backward jump in
the picture id.
eccf7e6 [Backport] Don't update the jitter estimate with frames containing
retransmitted packets.
0917c40 [Backport] Fix for CVE-2017-5068 (1/2)
9ae3b1f [Backport] Fix for CVE-2017-5068 (2/2)
67b158e [Backport] Fix of CVE-2017-5061 and CVE-2017-5067
b428c84 [Backport] Fix for CVE-2017-5052
f4df648 [Backport] Fix for CVE-2017-5053
ad6bdc3 [Backport] Fix for CVE-2017-5054
Change-Id: Ib853362fc17d64117937cfa59e2a7db8b4fd0c16
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Document changes to configure system and ensure we don't output nonsense
when the two systems are mixed.
Also updates changes to include security fixes and that binary compatibily
was fixed, and lists all relevant bug-fixes I could fine.
Change-Id: I68aa729e0846a0c0c18fd7d91e016b551157ddd6
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
| |
Listing important changes and bug-fixes. The list should not be considered complete yet.
Change-Id: Id7c15aec497b3f4124ea145c87c58571c19cd70e
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the remainding security updates from the first Chrome 55 release.
Changes:
f0e73b6d Add mus and catapult project files
804dc2f Merge remote-tracking branch 'origin/upstream-master' into 53-based
461b9af [Backport] Merge: "INPUT element: Do not dispatch events in detachLayoutTree()." to M55 branch.
0119f04 [Backport] Disallow frame swap during frame detach.
7aab930 [Backport] Do not call an event listener on a cloned node in svg <use>'s UA shadow tree
e9660fc [Backport] Do not re-create the page view when accessing from Document::removeField.
2ff5d16 [Backport] Merge to 2883 "[DevTools] Move sanitize url to devtools_ui.cc."
482005e [Backport] Null CPDF_CountedObj::m_pObj prior to deletion
ba38b74 [Backport] [inspector] added check that context always survives inspected context
02ac973 [Backport] Don't send loading completion callbacks for detaching frames.
803a9bb [Backport] Merged: Avoid using stale InspectedContext pointers
b6888f2 [Backport] cc: disable denorm handling before calling into Skia's filter code.
7713975 [Backport] Don't show the pending URL for chrome.tabs API navigations
10e27e9 [Backport] Drop navigations to NavigationEntry with invalid virtual URLs.
75b24b6 [Backport] Use safe math in ValidateCopyBufferSubData.
9b21229 [Backport] Use better fallback URLs when calling AVScanFile().
15f8e8e [Backport] Make WebViewImpl::textInputInfo update layout before working on ranges.
Change-Id: If25235295f4ebf43d15f4c584cfcbecf16f46840
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the first half of security changes from the Chrome 55.0.2883.75
release.
Changes:
fb104e7 Add webengine target to root BUILD.gn
c9be6be [Backport] [runtime] Better encapsulation of dictionary objects handling in lookup iterator.
04a8a91 [Backport] Merged: Squashed multiple commits.
e63cc35 [Backport] Enforce form-action CSP even when form.target is present.
167831d [Backport] Walk up frame tree for srcdoc referrer policies
97d1433 [Backport] M55: Convert from int to float values.
1903e5a [Backport] Limit PDF helper extension to print preview only
a71fdf5 [Backport] M55: [pdf] Defer page unloading in JS callback.
0755498 [Backport] Update mix bus carefully for MediaStreamAudioDestinationNode
80d11e3 [Backport] Strengthen bounds check in CWeightTable::Calc.
238654a [Backport] Strengthen bounds check in CWeightTable::Calc * part II
bd3626a [Backport] Don't run handleEvent getter in V8EventListener::getListenerFunction if script is forbidden.
b5e68b8 [Backport] M55: PDF: Don't follow redirects in the plugin.
Change-Id: Iaecaae474bd490a62aef0591549f3dc314166afb
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in security patches from the Chrome 54 releases and build fixes.
Changes:
d16995e Revert "Add FirstVisuallyNonEmptyLayout support for RenderViewObserver"
6f9bddb [Backport] Blink-in-JS should not run micro tasks
69f2204 [Backport] Fix CPDFSDK_PageView cleanup.
544aa01 [Backport] Disallow reentrance of FrameView::updateLifecyclePhasesInternal()
1a33a6c [Backport] Keep top controls visible if SHOW is called right after HIDE.
a5c8560 [Backport] Check CORS policy on redirect in TextTrackLoader
ce506f1 [Backport] Merge to 2840 "[DevTools] Avoid current_ and pending_ being the same host in RenderFrameDevToolsAgentHost."
e38afe4 [Backport] avformat/mov: Fix potential integer overflow in mov_read_keys
e1d977f [Backport] Remove leak of internal class
9097a63 [Backport] Merges six security fixes to M54, related to blobs.
2b2c7fc Fix loading of blobs which have a qrc:// origin
4750e41 Reject createImageBitmap promise when the cropRect or resize is too big
d8a6a2b Fix include order of texture_manager.h includes.
366d476 Fix use_system_icu builds
e6427d6 Add shadow option to gn bootstrap
c2366a7 Add option to pass ninja binary path to gn bootstrap
c952f54 Fix FORTIFY redefined warnings
f22cd00 Fix missing enable_remoting check in tests
52e8806 FIXUP: Fix use_system_icu builds
Change-Id: I1c046e16722e0e2dadb431ff0d3f5b7f69edd86f
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
| |
Listing important changes and bug-fixes.
Change-Id: Ief57951009b59dc0c0b861315b2dfa35543dd960
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|
|
|
|
|
|
|
| |
Pulls in the security fix from Chrome 54.0.2840.87
Change-Id: I70064927cba01b7978742951ba0636b780d9eb68
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
|
|
|
|
| |
Change-Id: Ib683ecda4c4bb2d58f36ad92f703d58f00e9d445
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in security fixes from the Chromium 54.0.2840.59 release,
Changes included:
- Fix renderer crash on null family strings
- [Backport] Blink-in-JS should not run micro tasks
- [Backport] Disallow reentrance of FrameView::updateLifecyclePhasesInternal()
- [Backport] Check CORS policy on redirect in TextTrackLoader
- [Backport] Keep top controls visible if SHOW is called right after HIDE.
- [Backport] Merge to 2840 "[DevTools] Avoid current_ and pending_ being the same host in RenderFrameDevToolsAgentHost."
- [Backport] Enable do not allow default action for untrusted events.
- [Backport] Compare font-feature-settings as part of Font::operator==().
- Stop the flood of accessibility messages
- [Backport] Fix for hitting an assert when refreshing a page with an image
- [Backport] Report the decoded size to ImageObserver, instead of deltas
Change-Id: I142cc070ba7fb215e4a5b9c162852b583dab9784
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
| |
Change-Id: Iec54a4a3a117ce5f6bca8ff22218eb8fea0008e8
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|\
| |
| |
| | |
Change-Id: I2452f25335174d0e0c15a9e069fe50e1d92db1b8
|
| |
| |
| |
| |
| | |
Change-Id: I45fcde261328114510ce260a30ad83b8d598c222
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|\|
| |
| |
| | |
Change-Id: Ib010ede9756fb02992a3276ae7ec90ef1ab56a00
|
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in cherry-picked security fixes from Chromium 51.
Change-Id: I4c16b2c8633c53e6c2ae3a6fcdd446bcc404335b
Task-number: QTBUG-53643
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
|
| |
| |
| |
| |
| | |
Change-Id: I559fb89b585d6aebca3a6a351706676a27f98ef4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in cherry-picked security fixes from Chromium 51.
Change-Id: I78075cf0379808ddd37f00aadf6e0b4e776311da
Task-number: QTBUG-53643
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/3rdparty
src/core/browser_context_adapter.cpp
src/core/web_contents_adapter.cpp
src/webengine/doc/src/qtwebengine-platform-notes.qdoc
tests/auto/widgets/qwebenginepage/BLACKLIST
Change-Id: I768fc954a9a2147fc3669961286163a0a824def3
|
| |
| |
| |
| |
| |
| | |
Change-Id: Ic36c55b5deaceb2a7944f33aead62c6cb31a01f9
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In Chromium 51 WebAudio will be always on, and can not be runtime
enabled or disabled. We should avoid introducing a setting we can
not even support in the next version.
Change-Id: I42f7d4f3f7f952f38361ef73dfe7b318ea1a4cf5
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
|
|/
|
|
|
|
|
| |
Adds first version of the changes file.
Change-Id: I1359ad92c83654030bf4aa90f355251b1726e648
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
|
|
|
|
|
|
|
|
|
| |
Update the Chromium SHA1 to include security fixes cherry-picked from
the Chromium 49 release.
Change-Id: Ia5ec7311a65bac886ed13f880b79242712e32ab9
Task-number: QTBUG-51636
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>
|