summaryrefslogtreecommitdiffstats
path: root/src/3rdparty
Commit message (Collapse)AuthorAgeFilesLines
* Update ChromiumMichael Brüning2021-11-231-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 6ae16282af..39aa0ea99a: > CVE-2021-38022: Inappropriate implementation in WebAuthentication > CVE-2021-38015: Inappropriate implementation in input > CVE-2021-38019: Insufficient policy enforcement in CORS > CVE-2021-38009: Inappropriate implementation in cache > Dependency for CVE-2021-38009 > CVE-2021-38010: Inappropriate implementation in service workers > CVE-2021-38005: Use after free in loader (3/3) > CVE-2021-38005: Use after free in loader (2/3) > CVE-2021-38005: Use after free in loader (1/3) > CVE-2021-38007: Type Confusion in V8 > CVE-2021-38017: Insufficient policy enforcement in iframe sandbox > CVE-2021-38012: Type Confusion in V8 > Fixup for CVE-2021-38018: Inappropriate implementation in navigation > CVE-2021-38018: Inappropriate implementation in navigation > CVE-2021-38021: Inappropriate implementation in referrer > CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms > CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c > CVE-2021-38001 : Type Confusion in V8 > Security bug 1252858 > CVE-2021-38003 : Inappropriate implementation in V8 > CVE-2021-37996 : Insufficient validation of untrusted input in Downloads > CVE-2021-37989 : Inappropriate implementation in Blink > CVE-2021-37987 : Use after free in Network APIs > Security bug 1245870 > CVE-2021-37992 : Out of bounds read in WebAudio > CVE-2021-37993 : Use after free in PDF Accessibility > Security bug 1241912 > CVE-2021-37984 : Heap buffer overflow in PDFium > Fix build with Win10 21H1 SDK and Win11 SDK Change-Id: Ie208cc60c8c65c37ddf0d727fe7e1e315e538255 Task-number: QTBUG-98400 Task-number: QTBUG-98401 Task-number: QTBUG-98523 Fixes: QTBUG-98522 Pick-to: 6.2 6.2.2 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2021-10-271-0/+0
| | | | | | | | | | | | Submodule src/3rdparty 6b7b3f1b..6ae16282: > [Backport] Security bug 1185801 > [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox > [Backport] CVE-2021-37973 : Use after free in Portals Fixes: QTBUG-96907 Pick-to: 6.2 Change-Id: I90082480a6c69772a0563ffa86e76a14fab95b35 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-10-181-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 202e34476..6b7b3f1bf: > [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms > [Backport] sandbox: linux: allow clock_nanosleep & gettime64 > [Backport] Linux sandbox: update syscall numbers for all platforms. > [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API > [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API > [Backport] CVE-2021-37978 : Heap buffer overflow in Blink > [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2) > [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2) > [Backport] Ease HarfBuzz API change with feature detection > [Backport] CVE-2021-37975 : Use after free in V8 > [Backport] Security bug 1248665 > [Backport] CVE-2021-37976 : Information leak in core > [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2) > [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2) > [Backport] Security bug 1215711 > [Backport] CVE-2021-37972 : Out of bounds read in libjpeg-turbo > [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI. > [Backport] Linux sandbox: return ENOSYS for clone3 > Bump V8_PATCH_LEVEL > [Backport] Security bug 1238178 (2/2) > [Backport] Security bug 1238178 (1/2) > [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2) > [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2) > [Backport] Security bug 1242257 > [Backport] CVE-2021-30632: Out of bounds write in V8 > [Backport] CVE-2021-30625: Use after free in Selection API > [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE > [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE > [Backport] CVE-2021-30629: Use after free in Permissions > [Backport] CVE-2021-30630: Inappropriate implementation in Blink > [Backport] CVE-2021-30627: Type Confusion in Blink layout > [Backport] Linux sandbox: fix fstatat() crash > [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" > Revert "Fix sandboxed font rendering with newer glibc" > breakpad: fix build with glibc-2.34 > abseil-cpp: fix build with glibc-2.34 > Fix QtWebEngine build with clang-cl Fixes: QTBUG-96907 Change-Id: I2d35c7a9deef9124189290219efbac2c9807d449 Reviewed-by: Michal Klocek <michal.klocek@qt.io> (cherry picked from commit b55ebadc3013e7f197cde1d2054002b34898ae6c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update ChromiumMichael Brüning2021-09-091-0/+0
| | | | | | | | | | | | | | | | | | Submodule src/3rdparty f8a944bb..202e3447: > [Backport] CVE-2021-30566: Stack buffer overflow in Printing > [Backport] CVE-2021-30618: Inappropriate implementation in DevTools > [Backport] CVE-2021-30616: Use after free in Media. > [Backport] Security bug 1227228 > [Backport] Security bug 1239116 > [Backport] Security bug 1216595 > [Backport] Security bug 1206289 > [Backport] CVE-2021-30613: Use after free in Base internals Pick-to: 6.2 6.2.0 Change-Id: I52c611ae7029baafcc182a6d66890f4bfff81d34 Fixes: QTBUG-96209 Task-number: QTBUG-96292 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Extend cflags also for mcpuMichal Klocek2021-09-061-0/+0
| | | | | | | | | Updates Chromium with: * f8a944bbe5f Add support for mcpu Pick-to: 6.2 Change-Id: I3f9d31f3ec99badd62d82fca911bee22dde5985f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-09-051-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty: 0fd1fa10..5b90394d > Bump V8_PATCH_LEVEL > [Backport] CVE-2021-30604: Use after free in ANGLE > [Backport] CVE-2021-30599: Type Confusion in V8 > [Backport] CVE-2021-30598: Type Confusion in V8 (2/2) > [Backport] CVE-2021-30598: Type Confusion in V8 (1/2) > [Backport] CVE-2021-30603: Race in WebAudio > [Backport] CVE-2021-30602: Use after free in WebRTC > [Backport] Security bug 1228036 > [Backport] Security bug 1221068 > [Backport] CVE-2021-30590: Heap buffer overflow in Bookmarks > [Backport] Security bug 1227933 > [Backport] CVE-2021-30591: Use after free in File System API > [Backport] CVE-2021-30585: Use after free in sensor handling > [Backport] Security bug 1205059 > [Backport] Security bug 1217598 > [Backport] CVE-2021-30588: Type Confusion in V8 > [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows > [Backport] CVE-2021-30582: Inappropriate implementation in Animation > [Backport] CVE-2021-30579: Use after free in UI framework > [Backport] CVE-2021-30573: Use after free in GPU > [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 > [Backport] CVE-2021-30568: Heap buffer overflow in WebGL > [Backport] CVE-2021-30560: Use after free in Blink XSLT > [Backport] CVE-2021-30541: Use after free in V8 > [Backport] CVE-2021-30562: Use after free in WebSerial > [Backport] CVE-2021-30563: Type Confusion in V8 > [Backport] CVE-2021-30559: Out of bounds write in ANGLE > [Backport] Security bug 1184294 > [Backport] Security bug 1194689 > [Backport] CVE-2021-30547: Out of bounds write in ANGLE > [Backport] CVE-2021-30548: Use after free in Loader Pick-to: 6.2 Fixes: QTBUG-96210 Task-number: QTBUG-96209 Change-Id: I921920b5ec445b421af465b214a41f8a36d13e31 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2021-09-041-0/+0
| | | | | | | | | | | | Pulls in following changes: * f41bb66fa5f Fix build with MSVC 2019 * b0d6e444a0b [Backport] CVE-2021-30536: Out of bounds read in V8 * dcdec1a9807 Add pdf resources only if enable_pdf Pick-to: 6.2 Change-Id: I69558c72bdb9efd490ddbb0d50e1c9523643357f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2021-08-291-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This pulls in the following changes: * 291982fed7c Use Chrome HSTS * a0947f39232 FIXUP: Fix printing sources for Qt and add them to the build. * dfacfba809d FIXUP: Stop sending ViewMsg_SetBackgroundOpaque to renderer * 4febbcfdaaa FIXUP: Add cookie filter to URL requests cookie headers * b814ac9c9b1 FIXUP: Fix building on macOS with Xcode * 27e9e7673eb FIXUP: Fix for our tests * 3c230af9b21 [Backport] Remove a local frame root usage in RenderFrameImpl * 7b06ec91336 [Backport] Remove unused variable in SourceBufferStream * fd1f81a69a3 Fix some compiler warnings * 62a8a367d4e FIXUP: Silence most warnings * 3f518b2824d Revert "Fix not working video in debug builds" * 43426393a42 [Backport] Gate breaking FreeType change in COLRv1 struct names * 190b2c47a54 Workaround debug iterator issues with MSVC * 9104847e516 Revert "Fix build with MSVC standard library" * 0a09f2e87b6 FIXUP: Forward cleared selections * c96e352f979 Revert "Protect against nullptr dereference in GetSelectedText" * 8535c9a306e Revert "Prepare net-internals for QtWebEngine usage" * b0b96e3c0ef [Backport] Remove unneeded includes from net_internals_ui.cc * 709aa60c812 Revert "Silence assert on MessageWindow::WindowClass destruction" * 7d02d54400d Fix navigation when clicking on links in a PDF * 556edad682b Add rsp target writer * 0fd1fa101f3 Remove obsolete cmake link writer Change-Id: If65fe84ffb7e5eaa2d43a545bb5f4c8ba1fec6d6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Add support for macOS universal buildsAllan Sandfeld Jensen2021-07-221-0/+0
| | | | | | Pick-to: 6.2 Change-Id: I416036a925167204cf5121108922911bce854352 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-07-121-0/+0
| | | | | | | | | | Submodule src/3rdparty 4898b1c1..2e775bd8: > Fix compilation error for qemu > Fix enable_extension=false builds Pick-to: 6.2 Change-Id: Ibf994eccbd24d04b2ee0ada3601de52865b568c4 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Adaptations for 90-basedAllan Sandfeld Jensen2021-07-081-0/+0
| | | | | | Pick-to: 6.2 Change-Id: I8402b044d8e12d75e144a00984b856f3de10bffd Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Update ChromumMichal Klocek2021-06-281-0/+0
| | | | | | | | | * 8c0140aa607 Fix missing deps for extensions api * ab55fde35ec Fix jumbo builds for windows Pick-to: 6.2 Change-Id: I38367152a5f381dafd70f848bc452a177718b822 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumJüri Valdmann2021-06-221-0/+0
| | | | | | | | | | | | | This pulls in the following changes: 2dcf8209da0 FIXUP: Use ui::Compositor (3rdparty) b66c489188e FIXUP: Use ui::Compositor (3rdparty) bcafeb81bc9 FIXUP: Stop using C++20 initialization 39e02adb989 Enable in-process vulkan Pick-to: 6.2 Change-Id: Ie1e0478f9ac0d5985e9391c0042d9d86a705c6d0 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-06-181-0/+0
| | | | | | | | | | | Submodule src/3rdparty 9e5e3189..9b19802a: > Add media:media_buildflags to public dependencies Fixes: QTBUG-94572 Change-Id: I77c8f67683447ac14e07392a4b1e5e71c45e2a5c Reviewed-by: Michal Klocek <michal.klocek@qt.io> (cherry picked from commit 88ae3d6d3ca37270bd4b3e8bb25cd7830e948be7) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update ChromiumAllan Sandfeld Jensen2021-06-091-0/+0
| | | | | | | | | | Submodule src/3rdparty d8835555..9e5e3189: > Generate mojo bindings before compiling extension API registration > Try to fix finding xkbcommon.h on OpenSUSE Pick-to: 6.2 Change-Id: I697c856191a9eae42a4c5beae3ca077cf180d7ce Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Update ChromiumAllan Sandfeld Jensen2021-06-031-0/+0
| | | | | | | | | | | | Submodule src/3rdparty a8c1986a..d8835555: > FIXUP: Stop using C++20 initialization > Fix build error for macOS arm64 on x86_64 > Fix arm64 Skia build for macOS > Make convert_dict as a root project > Adapt favicon and history component for WebEngine Change-Id: I6a11e1859b09e4841f1b076e08e2c38ce1388017 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumMichal Klocek2021-05-281-0/+0
| | | | | | | | | | Pulls in following changes: * cfdd5dee584 Workaround revoked certificate check on Linux * a8c1986a628 Add support for QT_GN_VERSION Change-Id: Iba0d513e10dfa6aae83c71541ab355019e8deb76 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2021-05-221-0/+0
| | | | | | | | | | | Pulls in following changes: * f80d7ed91c2 Add cmake link writer for specific configuration * e785a72d31a Fix gn build windows issue * 22968137276 Fix missing dependency for qtwebengine/browser/pdf Change-Id: I0cd5f003f84164b35dac437e0ca63e5d20f5010b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Merge remote-tracking branch 'origin/5.15' into devAllan Sandfeld Jensen2021-05-121-0/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: examples/webenginewidgets/printme/printhandler.cpp src/3rdparty src/core/api/qwebenginepage_p.h src/core/content_browser_client_qt.h src/core/web_contents_adapter_client.h src/core/web_contents_delegate_qt.cpp src/core/web_contents_delegate_qt.h src/webenginequick/api/qquickwebengineview_p_p.h tests/auto/quick/qmltests/data/tst_download.qml tests/auto/quick/qmltests/data/tst_viewSoure.qml tests/auto/widgets/loadsignals/tst_loadsignals.cpp tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp Change-Id: I9c1819ec15e13d4f8e244defe860e26274b5d4be
| * Update ChromiumAllan Sandfeld Jensen2021-04-291-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 3f594ea1..6c7b4ffb: > FIXUP: Avoid crashing on new window in cross-origin isolated content > [Backport] Security bug 1198309 > [Backport] CVE-2021-21231: Insufficient data validation in V8 > [Backport] CVE-2021-21230: Type Confusion in V8 > [Backport] CVE-2021-21233: Heap buffer overflow in ANGLE > [Backport] CVE-2021-21227: Insufficient data validation in V8 > Avoid crashing on new window in cross-origin isolated content > Fix build with system ICU 69 Change-Id: Iab339abb1a34ce93e03f64608c6b5c5719f36fce Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
| * Update Chromiumv5.15.4-lts-lgplv5.15.4-ltsMichael Brüning2021-04-211-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty dd45b1a1..3f594ea1: > [Backport] Security bug 1155297 (3/3) > [Backport] Security bug 1155297 (2/3) > [Backport] Security bug 1155297 (1/3) > [Backport] Security bug 1192552 > [Backport] CVE-2021-21225: Out of bounds memory access in V8 (2/2) > [Backport] CVE-2021-21225: Out of bounds memory access in V8 (1/2) > [Backport] CVE-2021-21224: Type Confusion in V8 > [Backport] CVE-2021-21223: Integer overflow in Mojo > [Backport] CVE-2021-21222: Heap buffer overflow in V8 Task-number: QTBUG-92895 Change-Id: I9c5c3aa451d8a4cab018e23a6407fd0e1f7a58de Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumMichael Brüning2021-04-211-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty c38ae3ec..dd45b1a1: > [Backport] CVE-2021-21209: Inappropriate implementation in storage (5/5) > [Backport] CVE-2021-21209: Inappropriate implementation in storage (4/5) > [Backport] CVE-2021-21209: Inappropriate implementation in storage (3/5) > [Backport] CVE-2021-21209: Inappropriate implementation in storage (2/5) > [Backport] CVE-2021-21209: Inappropriate implementation in storage (1/5) > [Backport] Security bug 1184441 > [Backport] Security bug 1162424 Task-number: QTBUG-92895 Change-Id: I04217fe2026d0087e4b7bd9bc6d5e8fcb5e25ebd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update Chromium and adapt PermissionManagerQtMichael Brüning2021-04-201-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 6764c29f..c38ae3ec: > [Backport] Security bug 1190525 > [Backport] Security bug 1161759 > [Backport] Security bug 1175503 > [Backport] Security bugs 1175522 and 1181276 > [Backport] CVE-2021-21219: Uninitialized Use in PDFium > [Backport] CVE-2021-21217 and CVE-2021-21218: Uninitialized Use in PDFium > [Backport] CVE-2021-21214: Use after free in Network API > [Backport] CVE-2021-21213: Use after free in WebMIDI > [Backport] CVE-2021-21207: Use after free in IndexedDB > [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo > [Backport] CVE-2021-21204: Use after free in Blink. > [Backport] CVE-2021-21203: Use after free in Blink > [Backport] CVE-2021-21202: Use after free in extensions. > [Backport] CVE-2021-21201: Use after free in permissions Task-number: QTBUG-92895 Change-Id: I7e6f3d443366bb291cab027510f76788c14fc023 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Fix first party url for cookie filterTamas Zakor2021-04-151-0/+0
| | | | | | | | | | | | | | | | | | | | Stop using SiteForCookies::RepresentativeUrl() if it is used to provide first party url because it returns a truncated URL and our API is expected to return the full url of the first party. Fixes: QTBUG-90231 Change-Id: I628f7f31bfbeaf3de976ae9af1a8fa6408b661c5 Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
| * Update ChromiumMichael Brüning2021-04-141-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty d13920f2..048f5e99: > [Backport] CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64 > [Backport] CVE-2021-21206: Use after free in Blink > Fix build with no extensions on mac Task-number: QTBUG-92080 Change-Id: I0265d3992ac3ec7fe0f55405daf58d1fc2789b12 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* | Update ChromiumAllan Sandfeld Jensen2021-04-161-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 23f869c7..6011d6c0: > FIXUP: Fixes for jumbo build > Work-around linker error on armv7 > FIXUP: Windows fixes after 88-merge > Fix build with no extensions on mac > FIXUP: Allow overriding GetXDisplay Change-Id: I65396ac7c98dc839d3f0acc8384ecab761d2ff91 Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* | Adaptations for Chromium 88Allan Sandfeld Jensen2021-04-151-0/+0
|/ | | | | Change-Id: Ie66e95dbb9fbcafe961bb98d5c277f8c32d66b96 Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
* Update ChromiumMichael Brüning2021-04-011-0/+0
| | | | | | | | | | | | | | Submodule update src/3rdparty 8d49f9a2..d13920f2: > [Backport] Security bug 1185482 > [Backport] Security bug 1161847 > [Backport] Security bug 1161379 > [Backport] CVE-2021-21198: Out of bounds read in IPC > [Backport] CVE-2021-21195: Use after free in V8 Task-number: QTBUG-92080 Change-Id: I638a0fa0285d46736cfbf5406874702bd3600580 Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
* Update ChromiumMichael Brüning2021-03-311-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 6ec3297a..9d237e39: > Fixup for: [Backport] Security bug 1062941 > [Backport] CVE-2021-21193: Use after free in Blink > [Backport] CVE-2021-21191: Use after free in WebRTC > [Backport] Security bug 1161048 > [Backport] Security bug 1155710 > [Backport] Security bug 1062941 > [Backport] Security bug 1142712 (2/2) > [Backport] Security bug 1142712 (1/2) > [Backport] Security bug 1146813 (2/2) > [Backport] Security bug 1146813 (1/2) > [Backport] CVE-2021-21166: Object lifecycle issue in audio > [Backport] CVE-2021-21187: Insufficient data validation in URL formatting > [Backport] CVE-2021-21183 and CVE-2021-21184: Inappropriate implementation in performance APIs > [Backport] CVE-2020-27844: Heap buffer overflow in OpenJPEG > Fix crashes when webrtc is not compiled in Task-number: QTBUG-92080 Change-Id: Ifaac3e24a5f0cacb8ba783f453ae30c8ae5e9abf Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
* Update ChromiumMichael Brüning2021-03-241-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 302379ca..79f989b8: > Build fix for "[Backport] CVE-2021-21160..." with gcc > [Backport] CVE-2021-21160: Heap buffer overflow in WebAudio > [Backport] CVE-2021-21173: Side-channel information leakage in Network Internals. > [Backport] CVE-2021-21190: Uninitialized Use in PDFium > [Backport] CVE-2021-21188: Use after free in Blink. > [Backport] CVE-2021-21178: Inappropriate implementation in Compositing > [Backport] CVE-2021-21175: Inappropriate implementation in Site isolation > [Backport] CVE-2021-21174: Inappropriate implementation in Referrer. > [Backport] CVE-2021-21172: Insufficient policy enforcement in File System API > [Backport] CVE-2021-21171: Incorrect security UI in TabStrip and Navigation > [Backport] CVE-2021-21169: Out of bounds memory access in V8 (2/2) > [Backport] CVE-2021-21169: Out of bounds memory access in V8 (1/2) > [Backport] CVE-2021-21168: Insufficient policy enforcement in appcache > [Backport] CVE-2021-21165: Object lifecycle issue in audio > [Backport] CVE-2021-21162: Use after free in WebRTC > [Backport] CVE-2021-21179: Use after free in Network Internals > [Backport] Security bug 1175975 > [Backport] Security bug 1167277 > [Backport] Security bug 1180871 > Fix WebRtcLoggingController for QtWebEngine Task-number: QTBUG-92080 Change-Id: I8578ea4a3fe13b9e5a3e6ed01f8fe9d3053353fc Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-03-151-0/+0
| | | | | | | | | | | Submodule src/3rdparty 7c8217b3..302379ca: > Fix multiple include dirs > Revert "Use devtools app for Qt" > Prepare net-internals for QtWebEngine usage Task-number: QTBUG-91799 Change-Id: I527fd06a1f3f142cafb098d93ee3bfc0026984f9 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update chromiumAllan Sandfeld Jensen2021-03-121-0/+0
| | | | | | | | | | | Submodule src/3rdparty d9d9e606..7c8217b3: > [Backport] Remove mouse wheel handler DCHECK > PDF viewer: Restore createBrowserApi() function > [Backport] CVE-2021-21138: Use after free in DevTools Change-Id: I1190e71d109c98285a57365f8ed1315b50895da1 Reviewed-by: Szabolcs David <davidsz@inf.u-szeged.hu> Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
* Update Chromiumv5.15.3-lts-lgplv5.15.3-ltsMichael Brüning2021-02-241-0/+0
| | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 4cb55651..d77379c5: > [Backport] CVE-2021-21153: Stack overflow in GPU Process > [Backport] CVE-2021-21152: Heap buffer overflow in Media > [Backport] CVE-2021-21157: Use after free in Web Sockets > [Backport] CVE-2021-21156: Heap buffer overflow in V8 > [Backport] Security bug 1171954 > [Backport] CVE-2021-21149: Stack overflow in Data Transfer > [Backport] Dependency for CVE-2021-21150: Use after free in Downloads [1/1] > [Backport] CVE-2021-21150: Use after free in Downloads > FIXUP: [Backport] CVE-2021-21149: Stack overflow in Data Transfer > FIXUP: [Backport] CVE-2021-21149: Stack overflow in Data Transfer Task-number: QTBUG-90575 Pick-to: 5.15 Change-Id: I37640b05028616fae93e1bb301d92968ef24b0b1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Remove QtPdf dependency on nss at build-timeAllan Sandfeld Jensen2021-02-171-0/+0
| | | | | Change-Id: I653dee03adcad422d1210fda48bdd5b701382b00 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update ChromiumMichael Brüning2021-02-161-0/+0
| | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty a38752bf..391a8eef6: > Fix memory thresholds over 20GiB > [Backport] Security bug 1162198 > [Backport] Security bug 1161654 > [Backport] CVE-2021-21140: Uninitialized Use in USB [1/2] > [Backport] CVE-2021-21140: Uninitialized Use in USB [2/2] > [Backport] CVE-2021-21132: Inappropriate implementation in DevTools > [Backport] Security bug 1135594 > Make nss certificates disableable for QtPdf > [Backport] Security bug 1144646 > [Backport] WebRTC bug 12105 > [Backport] Security bug 1127774 > [Backport] Dependendy for security bug 937131 (1/1) > [Backport] Security bug 937131 > [Backport] CVE-2021-21122: Use after free in Blink Task-number: QTBUG-90575 Change-Id: I6761314f7b2da13854362c39fbb80ab0db138fb2 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-02-121-0/+0
| | | | | | | | | | | Submodule src/3rdparty 1711a9c9..a38752bf: > [Backport] CVE-2021-21147: Inappropriate implementation in Skia > [Backport] CVE-2021-21146: Use after free in Navigation > [Backport] CVE-2021-21145: Use after free in Fonts > [Backport] CVE-2021-21148: Heap buffer overflow in V8 Change-Id: I4955f682de0e741a0bf279218fb3ce2efa9f8aac Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Add tracing UI resourcesPeter Varga2021-02-101-0/+0
| | | | | | | | | | | Also add third party python dependencies of tracing to the snapshot. Pulls in the following changes: a7c1c17e0b9 [Revert] Do not bundle the tracing UI resources 1711a9c9bf4 Enable build of tracing UI Change-Id: I0a6abfeb04cb66ae33b26b6353edad2aecf39365 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Enable webrtc logging and the corresponding WebUIPeter Varga2021-02-091-0/+0
| | | | | | | | | | | | | | | | | | The corresponding WebUI is chrome://webrtc-logs It only makes sense with the hangout services extension. It seems to be only useable with meet.google.com. The behavior is same for Chrome. Uploading logs to Google is disabled in the Chromium patch. It is an extension API functionality. The WebUI only lists the previously generated logs. Pulls in the following changes: 1dda5314b02 Enable webrtcLoggingPrivate extension API for hangout extension 7d71aca116d FIXUP: Enable webrtcLoggingPrivate extension API for hangout extension Change-Id: I455fce7c8081e71967e55ab1f889df6ef91ed253 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-02-081-0/+0
| | | | | | | | | | | | | Submodule src/3rdparty 19c6bab8..471e102b: > [Backport] CVE-2021-21123: Insufficient data validation in File System API (3/3) > [Backport] CVE-2021-21123: Insufficient data validation in File System API (2/3) > [Backport] CVE-2021-21123(1/3), CVE-2021-21125, CVE-2021-21129,CVE-2021-21130, CVE-2021-21131, CVE-2021-21141 > [Backport] CVE-2021-21137: Inappropriate implementation in DevTools > [Backport] CVE-2021-21135: Inappropriate implementation in Performance API Change-Id: Icb814f643421b814a0065c859942d9c6000695eb Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu> Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-02-051-0/+0
| | | | | | | | | | | | | | | | | | | Submodule src/3rdparty f9845463..19c6bab8: > [Backport] Security bug 1097499 > [Backport] CVE-2021-21128: Heap buffer overflow in Blink > [Backport] CVE-2021-21127: Insufficient policy enforcement in extensions > [Backport] CVE-2021-21126: Insufficient policy enforcement in extensions > [Backport] CVE-2020-16044: Use after free in WebRTC [3/3] > [Backport] CVE-2020-16044: Use after free in WebRTC [2/3] > [Backport] CVE-2020-16044: Use after free in WebRTC [1/3] > [Backport] CVE-2021-21121: Use after free in Omnibox > [Backport] CVE-2021-21120: Use after free in WebSQL > [Backport] CVE-2021-21119: Use after free in Media > FIXUP: Fix build with msvc2019 16.8.0 > FIXUP: Make GpuSwitchingManager::RemoveObserver() thread safe Change-Id: Ib77701fa61c9e05d1c29485edb12da5c016982ad Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
* Update ChromiumSzabolcs David2021-02-031-0/+0
| | | | | | | | | | | | | Pulls in the following changes: * f9845463789 FIXUP: Fixes for jumbo build * 50a83c68629 [Backport] CVE-2021-21118 (3/3) * d964369bee6 [Backport] CVE-2021-21118 (2/3) * 85b0d34712c [Backport] CVE-2021-21118 (1/3) Change-Id: I06d55d9f27cb99815174aef44cb959af189f6dfd Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu> Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Start supporting chrome.resourcesPrivate APISzabolcs David2021-01-261-0/+0
| | | | | | | | | | | | | - Register browser interface binders for PDF viewer. Copied back this logic from the guest view implementation (from dev) to enable usage of chrome.resourcesPrivate API in the PDF viewer of 5.15. - Implement template replacements for extensions. Replace i18n placeholders in the PDF viewer HTML to prevent syntax issues and support localization. Task-number: QTBUG-90035 Change-Id: Ief5fc536435e5c183dc987462d89311dfa429970 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Enable hangout services extensionPeter Varga2021-01-201-0/+0
| | | | | | | | | | | [ChangeLog] Enable hangout services extension and implement its WebRTC desktop capture extension API dependency. Fixes: QTBUG-85731 Task-number: QTBUG-51185 Task-number: QTBUG-61676 Change-Id: I7a659c2b0039243ac8d8c58685716ffc55265e3b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Adaptations for Chromium 87Allan Sandfeld Jensen2021-01-131-0/+0
| | | | | Change-Id: Ic4ffd98e02f986dbaf986405360e727c813e696e Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Suppress error pages also for http errors if they are disabledKirill Burtsev2021-01-061-0/+0
| | | | | | | | | | | | | | | | | Load with client or server http error results in successful navigation, which leads to 'true' loadFinished result, and subsequent chromium's error page load and display with second set of loadStarted/loadFinished signals. This effectively ignores QWebEngineSettings::ErrorPageEnabled. Fixing it requires submodule change to ask embedder if error pages should also be suppressed for http errors. Also update chromium for required change, which pulls in the following changes: * e71010069b4 Fix embedded builds with printing enabled * f5a93d251cc Allow the embedder to suppress an error page for http errors Change-Id: I731678575439a6dad90dfb89e79b0083c63b49c2 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2020-12-111-0/+0
| | | | | | | | | | | | Pulls in the following changes: * dfe93385f41 [Revert] Don't use harfbuzz-subset * 9087c921839 Add user script data mojo interface and traits * 25db271c9b5 Add WebEnginePageRenderFrame mojo interface Change-Id: I3bf77b63acb3dab3113f70105d3dd304d2d34b95 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2020-12-081-0/+0
| | | | | | | | | | | | | | | | Pulls in the following changes: * f830b86ef77 [Backport] mac: make find_sdk.py work when the sdk goes to 11 * 9236b21c883 Fix build with system ICU 68 * 138a7203f16 Fix build with msvc2019 16.8.0 * 1ca6cb93ca8 Add qt static dependencies: qtfreetype, qtharfbuzz * 29b90d82710 Add qt static dependencies: qtlibpng * da115b70738 Add qt static dependencies: qtlibjpeg * bb90182aa90 Add qt static dependencies: qtzlib Change-Id: Ib986dde7db99c7d6663d12f933ddbb4acc4e79e1 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
* Update ChromiumAllan Sandfeld Jensen2020-11-041-0/+0
| | | | | | | | | | | | | | | Including security issue under active exploit. Submodule src/3rdparty 55b3d183..fb6ab5e4: > [Backport] Security bug 1137608 > [Backport] CVE-2020-16011: Heap buffer overflow in UI on Windows. > [Backport] CVE-2020-16009: Inappropriate implementation in V8 > [Backport] CVE-2020-16008: Stack buffer overflow in WebRTC > [Backport] CVE-2020-16005: Insufficient policy enforcement in ANGLE > Fix assert when running tests build with -no-webengine-webrtc Change-Id: Ic9ee45fbd78c999881454e5e0e3091489f637aae Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update ChromiumMichael Brüning2020-10-291-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in the changes: 2cad1d38b57 [Backport] CVE-2020-6540: Heap buffer overflow in Skia e1f5ffc2a12 [Backport] CVE-2020-6569: Integer overflow in WebUSB 75b417b86b4 [Backport] CVE-2020-6570: Side-channel information leakage in WebRTC 0785cd83782 [Backport] CVE-2020-6573: Use after free in video 3ddb1e9639a [Backport] CVE-2020-6575: Race in Mojo e967bb155a0 [Backport] CVE-2020-6576: Use after free in offscreen canvas 40cebfb3051 [Backport] CVE-2020-15959: Insufficient policy enforcement in networking 405e7526583 [Backport] CVE-2020-15965: Out of bounds write in V8 295feb590b1 [Backport] CVE-2020-15963 and CVE-2020-15966 43812fd40d4 [Backport] CVE-2020-15961: Insufficient policy enforcement in extensions 08a25bf9dd2 Only upgrade to WebSocket when WebSocket was requested 2f75c909270 [Backport] CVE-2020-15962: Insufficient policy enforcement in serial 06afd03d826 [Backport] CVE-2020-15960: Out of bounds read in storage 9e5518f06ad [Backport] Security bug 1111149 b627f77e859 [Backport] CVE-2020-15964: Insufficient data validation in media bc35c7711ad Fix assert when checking if RendererAppContainer feature is enabled 06b27f95d60 [Backport] CVE-2020-6571: Incorrect security UI in Omnibox 8227b9613d1 CVE-2020-15999: Heap buffer overflow in freetype cc1e87a0d71 [Backport] CVE-2020-15978 Insufficient data validation in navigation 308da5d58b4 [Backport] CVE-2020-15969: Use after free in WebRTC. 9f5fde5b649 [Backport] CVE-2020-15968: Use after free in Blink 97b92535b31 [Backport] CVE-2020-15972: Use after free in audio. 873abc1112c [Backport] CVE-2020-15979: Inappropriate implementation in V8. c0343ceec47 [Backport] CVE-2020-15976: Use after free in WebXR e874d48f9e6 [Backport] CVE-2020-15992 Insufficient policy enforcement in networking 956ce06c56c [Backport] CVE-2020-15974: Integer overflow in Blink 4662223422d [Backport] Security bug 1125199 74e26aab318 [Backport] Security bug 1107824 33e9e655166 [Backport] CVE-2020-15977: Insufficient data validation in dialogs. f6db4999b0e [Backport] CVE-2020—15973: Insufficient policy enforcement in extensions (1/2) 466da17a0cd [Backport] CVE-2020—15973: Insufficient policy enforcement in extensions (2/2) 027c3d7bae7 [Backport] CVE-2020-15989: Uninitialized Use in PDFium 14e9b6f6d3a [Backport] CVE-2020-16003: Use after free in printing 8527c994fe3 [Backport] CVE-2020-16002: Use after free in PDFium 4f461642a79 [Backport] CVE-2020-16001: Use after free in media. 99877493b32 Fixup: [Backport] CVE-2020-16001: Use after free in media 489d6e637e5 [Backport] CVE-2020-15987: Use after free in WebRTC (1/2) 6ef8f4ed829 [Backport] CVE-2020-15987: Use after free in WebRTC (2/2) 9d173d02d5e [Backport] Security bug 1106091 327474aed0e [Backport] CVE-2020-6557: Inappropriate implementation in networking 55b3d183921 [Backport] CVE-2020-15985: Inappropriate implementation in Blink. Task-number: QTBUG-87967 Change-Id: Ibca52ab97ac407679e4bac5c6b7dc2285f8bcd37 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2020-09-211-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in the following changes: 8776c7b2c15 [Backport] Security bug 1052492 22d88d240bc [Backport] CVE-2020-6533: Type Confusion in V8. 3c832d33641 [Backport] CVE-2020-6532: Use after free in SCTP 388b838dbb3 [Backport] CVE-2020-6541: Use after free in WebUSB 27fa668c5ee [Backport] Security bug 1102408 d3a76ebde8e [Backport] CVE-2020-6542: Use after free in ANGLE 4694a85f33e [Backport] CVE-2020-6543: Use after free in task scheduling 583f976f9a7 [Backport] CVE-2020-6544: Use after free in media fa97385b501 [Backport] CVE-2020-6548: Heap buffer overflow in Skia 32655453cd7 [Backport] CVE-2020-6549: Use after free in media ddcf711e69e [Backport] CVE-2020-6550: Use after free in IndexedDB 6a0f49a17b0 [Backport] CVE-2020-6551: Use after free in WebXR b385b7bbbe4 [Backport] CVE-2020-6545: Use after free in audio fe23e656183 [Backport] CVE-2020-6559: Use after free in presentation API 4466538c610 [Backport] Security issue 1102137 c3d07802d40 [Backport] Security issue 1108639 b1c7638148b [Backport] Security issue 1098860 011af517d81 [Backport] CVE-2020-6555: Out of bounds read in WebGL 273005ea959 [Backport] Security bugs 1087629 and 1029569 bdb438eff33 [Backport] Dependency for CVE-2020-6561 (1/2) c223f423808 [Backport] Dependency for CVE-2020-6561 (2/2) 607bff335b1 [Backport] CVE-2020-6561: Inappropriate implementation in Content Security Policy ed4b6792e13 [Backport] CVE-2020-6562: Insufficient policy enforcement in Blink c5637fa9071 [Revert] [build] Remove jumbo build configs Task-number: QTBUG-86342 Change-Id: I7ad617e1c617ef405a608e05cdafbfae5ad412fa Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 05:44:10 +0000