summaryrefslogtreecommitdiffstats
path: root/src/3rdparty
Commit message (Collapse)AuthorAgeFilesLines
...
* Update ChromiumPeter Varga2023-02-131-0/+0
| | | | | | | | | | | | Submodule src/3rdparty 8c839a298..331447653: > FIXUP: Adapt DevToolsUIBindings for WebEngine > FIXUP: Remove linking with libatomic > Fix build with enable_vulkan=false > FIXUP: Workaround debug iterator issues with MSVC Pick-to: 6.5 Change-Id: I95d7bc540aeb4f62354e0a547f3fe9dc08b72051 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumYigit Akcay2023-02-081-0/+0
| | | | | | | | | | Pulls in the following patches: * 8c839a298a5 Custom URL Schemes usable with HTML5 Fetch API Task-number: QTBUG-88830 Change-Id: I113dbe0359269c6e50e4f369fbc0258b4784c462 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2023-02-021-0/+0
| | | | | | | | | | | | | | | | | | | | Pulls in following patches: * a99ba129737 [Backport] CVE-2023-0474: Use after free in GuestView * 05ea098dd34 [Backport] CVE-2023-0473: Type Confusion in ServiceWorker API * 163ca80e46f [Backport] CVE-2023-0472: Use after free in WebRTC * c033e30b908 [Backport] CVE-2023-0471: Use after free in WebTransport * 23b96f58c5e [Backport] Security bug 1406115 * c67083d788a [Backport] Security bug 1404811 * 1c46e13f96b Adapt DevToolsUIBindings for WebEngine * 9e1092cefd7 FIXUP: Fixes for jumbo build * f088c97075a Do not override getaddrinfo in libc_interceptor * be1ee6225d0 Drop dependency on content/public/browser in content gpu Pick-to: 6.5 Change-Id: I0af3a1f12a315fc4756d9463d3837de87db888b0 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2023-02-011-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * 0b138dc30d0 FIXUP: Avoid using libdrm * 006ab12dc35 [Backport] CVE-2023-0138: Heap buffer overflow in libphonenumber * c49e5e48ff6 [Backport] CVE-2023-0141: Insufficient policy enforcement in CORS (2/2) * 4f89844cf42 [Backport] CVE-2023-0141: Insufficient policy enforcement in CORS (1/2) * 63077f1575b [Backport] CVE-2023-0131: Inappropriate implementation in iframe Sandbox * ee6f7906f9b [Backport] CVE-2023-0132: Inappropriate implementation in Permission prompts * 1f19a05eaa8 [Backport] CVE-2023-0129: Heap buffer overflow in Network Service * d4b983b72ad FIXUP: Remove VkDevice parameter from SurfaceFactoryOzone::CreateNativePixmap() Fixes: QTBUG-110272 Change-Id: I9fe5bd6c3643342b6f1b0f8a6c5daaec65e76944 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit d248cd2d37c413f878c6d5effa70c4b917dfc5de) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update ChromiumAllan Sandfeld Jensen2023-01-141-0/+0
| | | | | | | | | | Submodule src/3rdparty d7abc8b24..1ccfe20ad: > FIXUP: Jumbo builds > Merge remote-tracking branch 'origin/upstream-master' into 108-based Pick-to: 6.5 Change-Id: Ib11a7e5422415229c5ed109d63375c4953df97d2 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update ChromiumPeter Varga2023-01-121-0/+0
| | | | | | | | | | | | | | | | Submodule src/3rdparty 95eaac0c8..d7abc8b24: > [Backport] Fix up guarding SharedImage factories using Vulkan > [Backport] Remove VkDevice parameter from SurfaceFactoryOzone::CreateNativePixmap() > [Backport] viz: Do IWYU in skia_output_surface_impl_on_gpu.cc and .h > FIXUP: Fixes for building with MSVC > FIXUP: Fix gn build windows issue > Update project's url for lighthouse > Fix initalization for FCM > Remove custom push servcie endpoint support Pick-to: 6.5 Change-Id: I1febdb78004cfca7076b0fd348a8aae2f5c563da Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update Chromium to 108-basedAllan Sandfeld Jensen2023-01-061-0/+0
| | | | | | | Pick-to: 6.5 Task-number: QTBUG-105147 Change-Id: I65ba9ab91fb55b51b20583a5dacc8b2d9634c42e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2022-12-221-0/+0
| | | | | | | | | | | | | Pulls in following patches: * 481d91afcf3 Fix initialization for FCM * df46b0483d4 Force python to write with utf8 encoding * 1051027a309 Remove custom push service endpoint support * 702cba29bcc FIXUP: Fixes for jumbo build * fb8de43885e FIXUP: Fixes for jumbo build Change-Id: Ifcd7fe759ea0b8033ee3a0fce889f4fd165a5af7 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Override chromium's pointer_device implementationsMartin Negyokru2022-12-121-0/+0
| | | | | | | | Use QInputDevice to query pointer device specs. Fixes: QTBUG-63174 Change-Id: I34737c903d2d9c8cb387941ef5e9b1b93afce1f0 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-12-021-0/+0
| | | | | | | | | | | Submodule src/3rdparty be36115f0..d3786fd69: > FIXUP: Fix browser DCHECK > FIXUP: Fixes for jumbo build > Merge branch 'upstream-master' into 106-based > Fix browser DCHECK Change-Id: Ia38b518a9c51f7a0da51de02f28b32374f5b9a3c Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update chromium to 106-basedAllan Sandfeld Jensen2022-11-281-0/+0
| | | | | | Task-number: QTBUG-105147 Change-Id: I47b9e46df18420b75b205e818b117ee632680873 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Add Vulkan rendering supportPeter Varga2022-11-101-0/+0
| | | | | | | | | | Updates 3rdparty: * 8b7ce4ef70d Make GrVkImage external Task-number: QTBUG-107669 Change-Id: If7fbe1f20538598dd1d4f3a67be17c9f7d06a3cd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2022-11-031-0/+0
| | | | | | | | | | Sumbmodule src/3rdparty 24df9c9b..9457651e: > [Backport] CVE-2022-3723: Type Confusion in V8 Task-number: QTBUG-108106 Change-Id: Ic6ae78e84df7198e5729f1377b60d774e1b1e5fa Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2022-10-311-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 546d8e05..24df9c9b: > [Backport] Security bug 1361627 > [Backport] Security bug 1361612 > [Backport] Security bug 1373314 > [Backport] CVE-2022-3661: Insufficient data validation in Extensions > [Backport] Security bug 1356234 > [Backport] CVE-2022-3656: Insufficient data validation in File System > [Backport] CVE-2022-3653: Heap buffer overflow in Vulkan > [Backport] CVE-2022-3654: Use after free in Layout > [Backport] CVE-2022-3652: Type Confusion in V8 > [Backport] CVE-2022-3445: Use after free in Skia > [Backport] CVE-2022-3450: Use after free in Peer Connection > [Backport] CVE-2022-3446 and CVE-2022-35737 > Reland two changes for establishing gpu channel > FIXUP: Stop using C++20 initialization > FIXUP: Legalize the bloody code > [Backport] CVE-2022-3308: Insufficient policy enforcement in Developer Tools (2/2) > [Backport] CVE-2022-3308: Insufficient policy enforcement in Developer Tools (1/2) > [Backport] Security bug 1360936 > [Backport] CVE-2022-3313: Incorrect security UI in Full Screen > [Backport] CVE-2022-3307: Use after free in Media. > [Backport] CVE-2022-3315: Type confusion in Blink > [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2) > [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2) > [Backport] CVE-2022-3304: Use after free in CSS > [Backport] CVE-2022-3373: Out of bounds write in V8 > [Backport] Security bug 1356308 > [Backport] CVE-2022-3370: Use after free in Custom Elements > [Backport] Security bug 1348283 > [Backport] Security bugs 1346938 and 1338114 > [Backport] CVE-2022-3200: Heap buffer overflow in Internals Pick-to: 6.4 Fixes: QTBUG-108104 Fixes: QTBUG-108105 Task-number: QTBUG-108106 Change-Id: I2766eec4f7d16b286e3b1ab6be07e9872cc52c19 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Support navigator.userAgentDataSzabolcs David2022-10-111-0/+0
| | | | | | | | | | | | Use embedder_support component to generate user agent metadata and support this API. ContentBrowserClientQt::GetUserAgentMetadata() has been implemented only for safe-keeping, because we always override that value in RendererPreferences. Task-number: QTBUG-107260 Task-number: QTBUG-107451 Change-Id: Ibbcd8d9c1e9c2c0ebacf97f4b9d4ed1aa55dc881 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-09-131-0/+0
| | | | | | | | | | | | | Submodule src/3rdparty 43b92e07d..1dc53de69: > [Backport] CVE-2022-3040: Use after free in Layout > [Backport] CVE-2022-3041: Use after free in WebSQL > [Backport] CVE-2022-3038: Use after free in Network Service > Merge branch 'upstream-master' into 102-based Fixes: QTBUG-106254 Pick-to: 6.4 6.4.0 Change-Id: Ifd55481c8d26f0e2cf8cb9e01cdaa8aa530354d8 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Enable Push MessagingSzabolcs David2022-09-121-0/+0
| | | | | | | | | | | | | | | | | | Use Chrome's implementation of PushMessagingService. This feature relies on notification permissions, so it is not different from Web Notification from end-users perspective. We don't persist push subscriptions, because it seems these have to be consistent with persisting notification permissions. Make address of push service configurable by a profile setting. It is empty by default - which means the feature is disabled until the user sets the address of a push service. Task-number: QTBUG-98904 Task-number: QTBUG-53457 Change-Id: If44f459fecf2da482c28fee5562f62fe40de103e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix build with disabled webengine_printing_and_pdfPeter Varga2022-08-241-0/+0
| | | | | | | | Now the extensions can be enabled when printing is disabled. Pick-to: 6.4 Change-Id: I6183c795298eedf9cdf5110e580e73ba88f45828 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumPeter Varga2022-08-241-0/+0
| | | | | | | | | | Submodule src/3rdparty 7ed043a1b..a7ecbb5ca: > Avoid calling git in build scripts > FIXUP: Fixes for jumbo build Pick-to: 6.4 Change-Id: I47ae3494c00750adefae192a45da270ca3706e86 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-08-221-0/+0
| | | | | | | | | | Submodule src/3rdparty 4c842ebb1..7ed043a1b: > Move gio to public_config > Fix building with system ffmpeg 4.4 or 5.1 Pick-to: 6.4 Change-Id: I7d657b874a3e7d8307c1af9447b8dffc2ab92546 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update ChromiumMichael Brüning2022-08-191-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 8496e134..620599a6: * 2nd fixup for [Backport] CVE-2022-2605 * Fixup for [Backport] CVE-2022-2605: Out of bounds read in Dawn (1/3) * [Backport] CVE-2022-2854: Use after free in SwiftShader * [Backport] CVE-2022-2860: Insufficient policy enforcement in Cookies * [Backport] CVE-2022-2855: Use after free in ANGLE * [Backport] CVE-2022-2857: Use after free in Blink * [Backport] CVE-2022-2853: Heap buffer overflow in Downloads * Disable accelerated_2d_canvas for Intel drivers on Windows * [Backport] CVE-2022-2605: Out of bounds read in Dawn (3/3) * [Backport] CVE-2022-2605: Out of bounds read in Dawn (2/3) * [Backport] CVE-2022-2605: Out of bounds read in Dawn (1/3) * Native spellchecker: Fix it when enabled * Fix build without spellcheck * [Backport] Security bug 1264288 * [Backport] Security bug 1333970 * [Backport] Security bug 1343889 Pick-to: 6.4 Fixes: QTBUG-104640 Task-number: QTBUG-1053266 Change-Id: I9fec122a689bcdf0afdec482b7a60cb5f811543d Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Fix PDF viewerAllan Sandfeld Jensen2022-08-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | It was broken after 102-based merge Submodule src/3rdparty c57592220..8496e1340: > Revert "Jumbo build mojom files" > FIXUP: Fix building with optimize_webui=false > Revert "Add remove_v8base_debug_symbols to GN" > FIXUP: Fix crashes and asserts > Add missing node modules for PDF support > [Backport] CVE-2022-2614: Use after free in Sign-In Flow > [Backport] CVE-2022-2618: Insufficient validation of untrusted input in Internals > [Backport] CVE-2022-2612: Side-channel information leakage in Keyboard input > [Backport] CVE-2022-2613: Use after free in Input > [Backport] CVE-2022-2624: Heap buffer overflow in PDF > [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch > [Backport] CVE-2022-2615: Insufficient policy enforcement in Cookies > [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC > [Backport] CVE-2022-2478 : Use after free in PDF > Jumbo build mojom files Pick-to: 6.4 Change-Id: I4fc608c21ab8aaa508329e708446b57cccbddf76 Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Update ChromiumMichal Klocek2022-08-051-0/+0
| | | | | | | | | | | | | | | Pulls in following patches: * e74437286f2 [Backport] CVE-2022-2480 : Use after free in Service Worker API * 0081e38b3cd [Backport] Security bug 1340335 * bedc4b56837 [Backport] Security bug 1334864 * 54a39c446af [Backport] Security bug 1336014 * ff5ca5ee77f [Backport] Security bug 1340654 * c5759222032 [Backport] Security bug 1287804 Pick-to: 6.4 Change-Id: I2994fa3274ade68ed8a3cbb3fc391755d371aa59 Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
* Adaptations for Chromium 102Allan Sandfeld Jensen2022-08-041-0/+0
| | | | | | Pick-to: 6.4 Change-Id: I7ef0ad616f2ea0fae482253335e95998aa2d360e Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Support HTML5 <datalist> elementPeter Varga2022-06-191-0/+0
| | | | | | | | | | | | | | | | | The datalist uses Chromium's autofill component to fetch and filter predefined options in the list and autocomplete the field with the selected option. Autofill component is added to build and bound to WebEngine. All the unnecessary autofill features for datalist are supposed to be disabled: payment/credit card support, password manager, save profile data, store suggestions in database etc. Custom popups for the dropdown are implemented for Widget and Quick. Scrolling in dropdown is not implemented in this change. Fixes: QTBUG-54433 Pick-to: 6.4 Change-Id: I155d02d6dbc9d88fbca4bc5f55b76c19d0ba7a9d Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-06-131-0/+0
| | | | | | | | | | | | Submodule src/3rdparty 6559e00a3..88398c89a7b: > Fix broken bundled zlib for cross compilation > FIXUP: Fix url_utils for QtWebEngine > Make sure we do not compile minizip from 3rdparty > Trim down some dependencies of push messaging Pick-to: 6.4 Change-Id: I3062f536fd144d00f72ea783ddcc56931a46a98f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix PluginServiceFilterQt::IsPluginAvailable()Szabolcs David2022-05-301-0/+0
| | | | | | | Query PDF settings from view-level WebEngineSettings instead of profile. Change-Id: I4ee7c99d6757d5341b1a4d47251228c1c46f99b7 Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Update ChromiumAllan Sandfeld Jensen2022-05-121-0/+0
| | | | | | | | | Submodule src/3rdparty 3443c0d61..72d76568f: > FIXUP: Disable alternate window station of Windows sandbox > Find fontconfig using pkg-config Change-Id: I85def9b7f22623d31072a9e2ee2bf9b4ebfc3044 Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
* Update ChromiumMichal Klocek2022-05-091-0/+0
| | | | | | | | | | | | | Pulls in following patches: * f0151b67cfa Fix mac toolchain python linker script call * 8c647adb6ad FIXUP: Fixes for building with MSVC * 599a6221a4b Minor. Use FilePath directly for qt sandbox path * 3443c0d6144 Minor. Add defined to checks Change-Id: I452e2bc801117bc261dd39c8fdf3cc7b7d5dfb06 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-03-291-0/+0
| | | | | | | Pulling in 98-based changes. Change-Id: Ia6dd4b5596f63fa1fd1f38d480867f8769d97336 Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Update ChromiumMichal Klocek2022-03-171-0/+0
| | | | | | | | | | | | | | | | | | | | | | Pulls in following patches: * 748d325bb6a [Backport] sandbox: build if glibc 2.34+ dynamic stack size is enabled * b5afc89ed07 FIXUP: Fix building with system ffmpeg < 5.0 * a205c506e73 [Backport] CVE-2022-23852 * a12fe545281 Add switch for static and dynamic crt * d89c7b12b91 [Backport] CVE-2022-0796: Use after free in Media * 00a0b8138d2 [Backport] CVE-2022-0789: Heap buffer overflow in ANGLE * 1e4dd159ca4 [Backport] CVE-2022-0797: Out of bounds memory access in Mojo * 2ca738dcf79 [Backport] CVE-2022-0803: Inappropriate implementation in Permissions * 5288c457bdb [Backport] Security bug 1269999 * bedf281d7c2 Do not add glType to command line again Pick-to: 6.3 Change-Id: I6f8c59aebd3400dd0aba71e54c8710c4fa35ede6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-03-111-0/+0
| | | | | | | | | | | | Submodule src/3rdparty 96ef19263..7e3cb70a2: > Add crossbuild support for x64/x86 on macos-arm64 > Fix building with system ffmpeg > Fix static build with qt3rdparty libs Fixes: QTBUG-100672 Pick-to: 6.3 Change-Id: I4c56952cb8e2c56ba8b636b08f849128ace367f1 Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
* Add static builds for qtpdfMichal Klocek2022-03-091-0/+0
| | | | | | | | | | | | | | | | | | Add 3rdparty installed headers so static builds can use bundled qt libs. Fix static gn and archiver/librarian setup. Updates 3rdparty: * 5d88de975 Fix static build with qt3rdparty libs Task-number: QTBUG-87154 Task-number: QTBUG-88614 Pick-to: 6.3 6.2 Change-Id: Iad7682da92b558b500140f415acc0bc9c9a1c22e Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2022-02-281-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 2aad1f40..7dba564e: > Revert "[Backport] CVE-2022-0297: Use after free in Vulkan" > [Backport] CVE-2022-0297: Use after free in Vulkan > [Backport] Security bug 1292537 > [Backport] Security bug 1289394 > [Backport] Security bug 1289384 > [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API > [Backport] CVE-2022-0609: Use after free in Animation > [Backport] CVE-2022-0608: Integer overflow in Mojo > [Backport] CVE-2022-0607: Use after free in GPU > [Backport] CVE-2022-0606: Use after free in ANGLE > [Backport] CVE-2022-0303: Race in GPU Watchdog > [Backport] CVE-2021-4056: Type Confusion in loader > [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (4/4) > [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (3/4) > [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (2/4) > [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (1/4) > [Backport] CVE-2021-4066: Integer underflow in ANGLE > [Backport] Security bug 1268448 > [Backport] Security bug 1265570 > [Backport] Security bug 1252562 > [Backport] Security bug 1274113 > [Backport] CVE-2022-0470: Out of bounds memory access in V8 > [Backport] CVE-2022-0457: Type Confusion in V8 > [Backport] CVE-2022-0456: Use after free in Web Search > [Backport] CVE-2022-0453: Use after free in Reader Mode > [Backport] CVE-2022-0464: Use after free in Accessibility > [Backport] Security bug 1261415 > [Backport] CVE-2021-4053: Use after free in UI > [Backport] Security bug 1271747 > [Backport] CVE-2022-0468: Use after free in Payments (2/2) > [Backport] CVE-2022-0468: Use after free in Payments (1/2) > [Backport] CVE-2022-0461: Policy bypass in COOP > [Backport] CVE-2022-0460: Use after free in Window Dialog > [Backport] CVE-2022-0459: Use after free in Screen Capture > [Backport] CVE-2022-0306: Heap buffer overflow in PDFium > FIXUP: Keep the close button when "undocked", as we can dock differently > Fix more windows build errors on build without jumbo > FIXUP: Add missing include for Supplement Change-Id: I82671c60c00c940c4943a0df4234ac7286e9c0dd Pick-to: 6.3 Task-number: QTBUG-101051 Task-number: QTBUG-99099 Task-number: QTBUG-99720 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2022-02-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty d1338207..2aad1f40: > [Backport] Security bug 1212957 > [Backport] Security bug 1276331 > [Backport] Security bug 1280743 > [Backport] Security bugs 1283805 and 1283807 > [Backport] CVE-2022-0290: Use after free in Site isolation > [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API > [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API > [Backport] CVE-2022-0293: Use after free in Web packaging > [Backport] CVE-2022-0289: Use after free in Safe browsing > [Backport] Security bug 1242339 > [Backport] Security bug 1270014 > [Backport] Security bug 1256885 > [Backport] Security bug 1258603 > [Backport] Security bug 1259557 > [Backport] Security bug 1267426 > [Backport] CVE-2022-0116: Inappropriate implementation in Compositing > [Backport] CVE-2022-0111 and CVE-2022-0117 (2/2) > [Backport] CVE-2022-0111 and CVE-2022-0117 (1/2) > [Backport] IWYU: add algorithm for std::max and std::min > [Backport] trace_processor: Fix IWYU > Revert "Fix include of <algorithm>" > [Backport] CVE-2022-0097: Inappropriate implementation in DevTools (3/3) > [Backport] CVE-2022-0097: Inappropriate implementation in DevTools (2/3) > [Backport] CVE-2022-0097: Inappropriate implementation in DevTools (1/3) > [Backport] CVE-2022-0113: Inappropriate implementation in Blink > [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (2/2) > [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (1/2) > [Backport] CVE-2022-0108: Inappropriate implementation in Navigation > [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE > [Backport] CVE-2022-0103: Use after free in SwiftShader > [Backport] CVE-2022-0102: Type Confusion in V8 > [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API > Revert "Fix build with GCC 10" Pick-to: 6.3 Task-number: QTBUG-99099 Task-number: QTBUG-99720 Change-Id: I4d734dca71af23babc29c8570a0eaa09544ea1db Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2022-02-041-0/+0
| | | | | | | | | | | | | | | | | | Pulls in following commits: * ceaca362c9a Fix ios compilation issues * c6dd23dca6e FIXUP: Remove fat lib support * 4d33af9093a Add qtpdf ios gn adaptations * b09e95c3fe8 Revert "Make compile time switch at compile time" * ca78f43edb2 Revert "Disable long presentation time DCHECK" * b042491acb4 Revert "Fix disabling reporting" * d5ae47fe7af [Backport] Fix build for 'enable-reporting=false' * ee7acb3042a [Backport] Remove NOTREACHED assertions from NetworkContext's reporting methods * d133820740f Do not create empty rsp files Change-Id: I22f1587ba1364392c311c70b46aa99b55760d324 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-02-021-0/+0
| | | | | | | | | Submodule src/3rdparty 206bed415..5bdf41e55: > Revert "[macOS] Fix build error with new deployment target" > Add GN arg to pass gssapi include directory Change-Id: Id4187c57eef4f4a3d9d07c7d45b1249ab362a217 Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-01-281-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty dd2725bea..206bed415: > Allow accessing file protocol from protocols with local-access > Add allow_remote_access_from_local_urls setting > FIXUP: Optimize skvx::fma for GCC > FIXUP: Optimize skvx::fma for GCC > [Backport] Fix wrong mipmap sampling option for Medium filter quality > Speculative fix for build error > [Backport] CVE-2021-4102: Use after free in V8 > [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader > [Backport] CVE-2021-4100: Object lifecycle issue in ANGLE > [Backport] CVE-2021-4099: Use after free in Swiftshader > [Backport] CVE-2021-4098: Insufficient data validation in Mojo > [Backport] CVE-2021-4079: Out of bounds write in WebRTC > [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2) > [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2) > Fix compilation with c++20 > [Backport][heap] implement more stub method to fix build with msvc > Revert "Forward declare newer EGL typedefs" > Revert "Fix Linux kernel lacking V4L2_CID_POWER_LINE_FREQUENCY_AUTO" > Optimize skvx::fma for GCC > Use clang builtins in gcc when available Pick-to: 6.3 Change-Id: I01d2274ee3b7467dad431365985112864e39a1fc Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumAllan Sandfeld Jensen2022-01-121-0/+0
| | | | | | | | | | | Submodule src/3rdparty 2335554cb..dd2725bea: > Do not overwrite signal handlers in the browser process. > Quiet false error message > FIXUP: Stop using C++20 initialization Pick-to: 6.3 Change-Id: I1d284f43d5042d094736b89385c638089b9c8c2f Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update ChromiumMichael Brüning2021-12-181-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 735b1a39..2335554c: > [Backport] Security bug 1259899 > [Backport] CVE-2021-4057: Use after free in file API > [Backport] CVE-2021-4078: Type confusion in V8 > [Backport] CVE-2021-4059: Insufficient data validation in loader > [Backport] CVE-2021-4062: Heap buffer overflow in BFCache > Fix crashes with MSVC > Bundle all localisation files for DevTools > Speculative fixes for build race conditions > Allow DevTools to download remote translations > FIXUP: Fix disabling reporting > Use wglSetPixelFormat directly only if in software mode > Fix jumbo build: syntax error in v8 token.h(211) > [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe sandbox > [Backport] CVE-2021-37987 : Use after free in Network APIs > [Backport] CVE-2021-38015: Inappropriate implementation in input > [Backport] CVE-2021-38018: Inappropriate implementation in navigation > [Backport] CVE-2021-38021: Inappropriate implementation in referrer > [Backport] CVE-2021-38005: Use after free in loader (3/3) > [Backport] CVE-2021-38005: Use after free in loader (2/3) > [Backport] CVE-2021-38005: Use after free in loader (1/3) > [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS > [Backport] CVE-2021-38007: Type Confusion in V8 > [Backport] CVE-2021-38009: Inappropriate implementation in cache > [Backport] Dependency for CVE-2021-38009 > [Backport] CVE-2021-38012: Type Confusion in V8 > [Backport] CVE-2021-38010: Inappropriate implementation in service workers > [Backport] Security bug 1252858 > [Backport] Security bug 1241912 > [Backport] CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox > [Backport] Dependency for CVE-2021-37994 > [Backport] CVE-2021-37996 : Insufficient validation of untrusted input in Downloads > [Backport] CVE-2021-37989 : Inappropriate implementation in Blink > [Backport] CVE-2021-37985 : Use after free in V8 > [Backport] Security bug 1245870 > [Backport] CVE-2021-37992 : Out of bounds read in WebAudio > [Backport] CVE-2021-37993 : Use after free in PDF Accessibility Task-number: QTBUG-95568 Task-number: QTBUG-99099 Fixes: QTBUG-99282 Fixes: QTBUG-99285 Change-Id: I0b5d1fff98e1c83458a99d4badf40b7ef49cc660 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-12-061-0/+0
| | | | | | | | | | | | | | | | | Submodule src/3rdparty be03c63b3..735b1a398: > [Backport] Handle long SIGSTKSZ in glibc > 2.33 > FIXUP: Fixes for jumbo build > Compile with GCC 11 -std=c++20 > FIXUP: Fix navigation when clicking on links in a PDF > FIXUP: Adapt accessibility code for our needs after chromium 90 > FIXUP: Add user script data mojo interface and traits > FIXUP: Make GpuSwitchingManager::RemoveObserver() thread safe > [Backport] Return proper value in GLES2DecoderImpl::GetUniformSetup > [Backport][Extensions] Remove string literal conversions by ASCIIToUTF16() > Disable debug info for crbug.com/1224432 Change-Id: I3ddb49ed6853fc78a2b857637888d66af950f8d9 Reviewed-by: Marc Mutz <marc.mutz@qt.io>
* Adaptations for Chromium 94Allan Sandfeld Jensen2021-12-021-0/+0
| | | | | Change-Id: I9fb8998a3a7762b0aea70993ca231f0bbf4f7761 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumMichael Brüning2021-11-231-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 6ae16282af..39aa0ea99a: > CVE-2021-38022: Inappropriate implementation in WebAuthentication > CVE-2021-38015: Inappropriate implementation in input > CVE-2021-38019: Insufficient policy enforcement in CORS > CVE-2021-38009: Inappropriate implementation in cache > Dependency for CVE-2021-38009 > CVE-2021-38010: Inappropriate implementation in service workers > CVE-2021-38005: Use after free in loader (3/3) > CVE-2021-38005: Use after free in loader (2/3) > CVE-2021-38005: Use after free in loader (1/3) > CVE-2021-38007: Type Confusion in V8 > CVE-2021-38017: Insufficient policy enforcement in iframe sandbox > CVE-2021-38012: Type Confusion in V8 > Fixup for CVE-2021-38018: Inappropriate implementation in navigation > CVE-2021-38018: Inappropriate implementation in navigation > CVE-2021-38021: Inappropriate implementation in referrer > CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms > CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c > CVE-2021-38001 : Type Confusion in V8 > Security bug 1252858 > CVE-2021-38003 : Inappropriate implementation in V8 > CVE-2021-37996 : Insufficient validation of untrusted input in Downloads > CVE-2021-37989 : Inappropriate implementation in Blink > CVE-2021-37987 : Use after free in Network APIs > Security bug 1245870 > CVE-2021-37992 : Out of bounds read in WebAudio > CVE-2021-37993 : Use after free in PDF Accessibility > Security bug 1241912 > CVE-2021-37984 : Heap buffer overflow in PDFium > Fix build with Win10 21H1 SDK and Win11 SDK Change-Id: Ie208cc60c8c65c37ddf0d727fe7e1e315e538255 Task-number: QTBUG-98400 Task-number: QTBUG-98401 Task-number: QTBUG-98523 Fixes: QTBUG-98522 Pick-to: 6.2 6.2.2 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichael Brüning2021-10-271-0/+0
| | | | | | | | | | | | Submodule src/3rdparty 6b7b3f1b..6ae16282: > [Backport] Security bug 1185801 > [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox > [Backport] CVE-2021-37973 : Use after free in Portals Fixes: QTBUG-96907 Pick-to: 6.2 Change-Id: I90082480a6c69772a0563ffa86e76a14fab95b35 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-10-181-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty 202e34476..6b7b3f1bf: > [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms > [Backport] sandbox: linux: allow clock_nanosleep & gettime64 > [Backport] Linux sandbox: update syscall numbers for all platforms. > [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API > [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API > [Backport] CVE-2021-37978 : Heap buffer overflow in Blink > [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2) > [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2) > [Backport] Ease HarfBuzz API change with feature detection > [Backport] CVE-2021-37975 : Use after free in V8 > [Backport] Security bug 1248665 > [Backport] CVE-2021-37976 : Information leak in core > [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2) > [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2) > [Backport] Security bug 1215711 > [Backport] CVE-2021-37972 : Out of bounds read in libjpeg-turbo > [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI. > [Backport] Linux sandbox: return ENOSYS for clone3 > Bump V8_PATCH_LEVEL > [Backport] Security bug 1238178 (2/2) > [Backport] Security bug 1238178 (1/2) > [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2) > [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2) > [Backport] Security bug 1242257 > [Backport] CVE-2021-30632: Out of bounds write in V8 > [Backport] CVE-2021-30625: Use after free in Selection API > [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE > [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE > [Backport] CVE-2021-30629: Use after free in Permissions > [Backport] CVE-2021-30630: Inappropriate implementation in Blink > [Backport] CVE-2021-30627: Type Confusion in Blink layout > [Backport] Linux sandbox: fix fstatat() crash > [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" > Revert "Fix sandboxed font rendering with newer glibc" > breakpad: fix build with glibc-2.34 > abseil-cpp: fix build with glibc-2.34 > Fix QtWebEngine build with clang-cl Fixes: QTBUG-96907 Change-Id: I2d35c7a9deef9124189290219efbac2c9807d449 Reviewed-by: Michal Klocek <michal.klocek@qt.io> (cherry picked from commit b55ebadc3013e7f197cde1d2054002b34898ae6c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Update ChromiumMichael Brüning2021-09-091-0/+0
| | | | | | | | | | | | | | | | | | Submodule src/3rdparty f8a944bb..202e3447: > [Backport] CVE-2021-30566: Stack buffer overflow in Printing > [Backport] CVE-2021-30618: Inappropriate implementation in DevTools > [Backport] CVE-2021-30616: Use after free in Media. > [Backport] Security bug 1227228 > [Backport] Security bug 1239116 > [Backport] Security bug 1216595 > [Backport] Security bug 1206289 > [Backport] CVE-2021-30613: Use after free in Base internals Pick-to: 6.2 6.2.0 Change-Id: I52c611ae7029baafcc182a6d66890f4bfff81d34 Fixes: QTBUG-96209 Task-number: QTBUG-96292 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Extend cflags also for mcpuMichal Klocek2021-09-061-0/+0
| | | | | | | | | Updates Chromium with: * f8a944bbe5f Add support for mcpu Pick-to: 6.2 Change-Id: I3f9d31f3ec99badd62d82fca911bee22dde5985f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAllan Sandfeld Jensen2021-09-051-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Submodule src/3rdparty: 0fd1fa10..5b90394d > Bump V8_PATCH_LEVEL > [Backport] CVE-2021-30604: Use after free in ANGLE > [Backport] CVE-2021-30599: Type Confusion in V8 > [Backport] CVE-2021-30598: Type Confusion in V8 (2/2) > [Backport] CVE-2021-30598: Type Confusion in V8 (1/2) > [Backport] CVE-2021-30603: Race in WebAudio > [Backport] CVE-2021-30602: Use after free in WebRTC > [Backport] Security bug 1228036 > [Backport] Security bug 1221068 > [Backport] CVE-2021-30590: Heap buffer overflow in Bookmarks > [Backport] Security bug 1227933 > [Backport] CVE-2021-30591: Use after free in File System API > [Backport] CVE-2021-30585: Use after free in sensor handling > [Backport] Security bug 1205059 > [Backport] Security bug 1217598 > [Backport] CVE-2021-30588: Type Confusion in V8 > [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows > [Backport] CVE-2021-30582: Inappropriate implementation in Animation > [Backport] CVE-2021-30579: Use after free in UI framework > [Backport] CVE-2021-30573: Use after free in GPU > [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 > [Backport] CVE-2021-30568: Heap buffer overflow in WebGL > [Backport] CVE-2021-30560: Use after free in Blink XSLT > [Backport] CVE-2021-30541: Use after free in V8 > [Backport] CVE-2021-30562: Use after free in WebSerial > [Backport] CVE-2021-30563: Type Confusion in V8 > [Backport] CVE-2021-30559: Out of bounds write in ANGLE > [Backport] Security bug 1184294 > [Backport] Security bug 1194689 > [Backport] CVE-2021-30547: Out of bounds write in ANGLE > [Backport] CVE-2021-30548: Use after free in Loader Pick-to: 6.2 Fixes: QTBUG-96210 Task-number: QTBUG-96209 Change-Id: I921920b5ec445b421af465b214a41f8a36d13e31 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2021-09-041-0/+0
| | | | | | | | | | | | Pulls in following changes: * f41bb66fa5f Fix build with MSVC 2019 * b0d6e444a0b [Backport] CVE-2021-30536: Out of bounds read in V8 * dcdec1a9807 Add pdf resources only if enable_pdf Pick-to: 6.2 Change-Id: I69558c72bdb9efd490ddbb0d50e1c9523643357f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2021-08-291-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This pulls in the following changes: * 291982fed7c Use Chrome HSTS * a0947f39232 FIXUP: Fix printing sources for Qt and add them to the build. * dfacfba809d FIXUP: Stop sending ViewMsg_SetBackgroundOpaque to renderer * 4febbcfdaaa FIXUP: Add cookie filter to URL requests cookie headers * b814ac9c9b1 FIXUP: Fix building on macOS with Xcode * 27e9e7673eb FIXUP: Fix for our tests * 3c230af9b21 [Backport] Remove a local frame root usage in RenderFrameImpl * 7b06ec91336 [Backport] Remove unused variable in SourceBufferStream * fd1f81a69a3 Fix some compiler warnings * 62a8a367d4e FIXUP: Silence most warnings * 3f518b2824d Revert "Fix not working video in debug builds" * 43426393a42 [Backport] Gate breaking FreeType change in COLRv1 struct names * 190b2c47a54 Workaround debug iterator issues with MSVC * 9104847e516 Revert "Fix build with MSVC standard library" * 0a09f2e87b6 FIXUP: Forward cleared selections * c96e352f979 Revert "Protect against nullptr dereference in GetSelectedText" * 8535c9a306e Revert "Prepare net-internals for QtWebEngine usage" * b0b96e3c0ef [Backport] Remove unneeded includes from net_internals_ui.cc * 709aa60c812 Revert "Silence assert on MessageWindow::WindowClass destruction" * 7d02d54400d Fix navigation when clicking on links in a PDF * 556edad682b Add rsp target writer * 0fd1fa101f3 Remove obsolete cmake link writer Change-Id: If65fe84ffb7e5eaa2d43a545bb5f4c8ba1fec6d6 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 04:11:04 +0000