| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8c839a298..331447653:
> FIXUP: Adapt DevToolsUIBindings for WebEngine
> FIXUP: Remove linking with libatomic
> Fix build with enable_vulkan=false
> FIXUP: Workaround debug iterator issues with MSVC
Pick-to: 6.5
Change-Id: I95d7bc540aeb4f62354e0a547f3fe9dc08b72051
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the following patches:
* 8c839a298a5 Custom URL Schemes usable with HTML5 Fetch API
Task-number: QTBUG-88830
Change-Id: I113dbe0359269c6e50e4f369fbc0258b4784c462
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* a99ba129737 [Backport] CVE-2023-0474: Use after free in GuestView
* 05ea098dd34 [Backport] CVE-2023-0473: Type Confusion in ServiceWorker
API
* 163ca80e46f [Backport] CVE-2023-0472: Use after free in WebRTC
* c033e30b908 [Backport] CVE-2023-0471: Use after free in WebTransport
* 23b96f58c5e [Backport] Security bug 1406115
* c67083d788a [Backport] Security bug 1404811
* 1c46e13f96b Adapt DevToolsUIBindings for WebEngine
* 9e1092cefd7 FIXUP: Fixes for jumbo build
* f088c97075a Do not override getaddrinfo in libc_interceptor
* be1ee6225d0 Drop dependency on content/public/browser in content gpu
Pick-to: 6.5
Change-Id: I0af3a1f12a315fc4756d9463d3837de87db888b0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* 0b138dc30d0 FIXUP: Avoid using libdrm
* 006ab12dc35 [Backport] CVE-2023-0138: Heap buffer overflow in
libphonenumber
* c49e5e48ff6 [Backport] CVE-2023-0141: Insufficient policy
enforcement in CORS (2/2)
* 4f89844cf42 [Backport] CVE-2023-0141: Insufficient policy
enforcement in CORS (1/2)
* 63077f1575b [Backport] CVE-2023-0131: Inappropriate
implementation in iframe Sandbox
* ee6f7906f9b [Backport] CVE-2023-0132: Inappropriate
implementation in Permission prompts
* 1f19a05eaa8 [Backport] CVE-2023-0129: Heap buffer overflow
in Network Service
* d4b983b72ad FIXUP: Remove VkDevice parameter from
SurfaceFactoryOzone::CreateNativePixmap()
Fixes: QTBUG-110272
Change-Id: I9fe5bd6c3643342b6f1b0f8a6c5daaec65e76944
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit d248cd2d37c413f878c6d5effa70c4b917dfc5de)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d7abc8b24..1ccfe20ad:
> FIXUP: Jumbo builds
> Merge remote-tracking branch 'origin/upstream-master' into 108-based
Pick-to: 6.5
Change-Id: Ib11a7e5422415229c5ed109d63375c4953df97d2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 95eaac0c8..d7abc8b24:
> [Backport] Fix up guarding SharedImage factories using Vulkan
> [Backport] Remove VkDevice parameter from SurfaceFactoryOzone::CreateNativePixmap()
> [Backport] viz: Do IWYU in skia_output_surface_impl_on_gpu.cc and .h
> FIXUP: Fixes for building with MSVC
> FIXUP: Fix gn build windows issue
> Update project's url for lighthouse
> Fix initalization for FCM
> Remove custom push servcie endpoint support
Pick-to: 6.5
Change-Id: I1febdb78004cfca7076b0fd348a8aae2f5c563da
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.5
Task-number: QTBUG-105147
Change-Id: I65ba9ab91fb55b51b20583a5dacc8b2d9634c42e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* 481d91afcf3 Fix initialization for FCM
* df46b0483d4 Force python to write with utf8 encoding
* 1051027a309 Remove custom push service endpoint support
* 702cba29bcc FIXUP: Fixes for jumbo build
* fb8de43885e FIXUP: Fixes for jumbo build
Change-Id: Ifcd7fe759ea0b8033ee3a0fce889f4fd165a5af7
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
| |
Use QInputDevice to query pointer device specs.
Fixes: QTBUG-63174
Change-Id: I34737c903d2d9c8cb387941ef5e9b1b93afce1f0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty be36115f0..d3786fd69:
> FIXUP: Fix browser DCHECK
> FIXUP: Fixes for jumbo build
> Merge branch 'upstream-master' into 106-based
> Fix browser DCHECK
Change-Id: Ia38b518a9c51f7a0da51de02f28b32374f5b9a3c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-105147
Change-Id: I47b9e46df18420b75b205e818b117ee632680873
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Updates 3rdparty:
* 8b7ce4ef70d Make GrVkImage external
Task-number: QTBUG-107669
Change-Id: If7fbe1f20538598dd1d4f3a67be17c9f7d06a3cd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Sumbmodule src/3rdparty 24df9c9b..9457651e:
> [Backport] CVE-2022-3723: Type Confusion in V8
Task-number: QTBUG-108106
Change-Id: Ic6ae78e84df7198e5729f1377b60d774e1b1e5fa
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 546d8e05..24df9c9b:
> [Backport] Security bug 1361627
> [Backport] Security bug 1361612
> [Backport] Security bug 1373314
> [Backport] CVE-2022-3661: Insufficient data validation in Extensions
> [Backport] Security bug 1356234
> [Backport] CVE-2022-3656: Insufficient data validation in File System
> [Backport] CVE-2022-3653: Heap buffer overflow in Vulkan
> [Backport] CVE-2022-3654: Use after free in Layout
> [Backport] CVE-2022-3652: Type Confusion in V8
> [Backport] CVE-2022-3445: Use after free in Skia
> [Backport] CVE-2022-3450: Use after free in Peer Connection
> [Backport] CVE-2022-3446 and CVE-2022-35737
> Reland two changes for establishing gpu channel
> FIXUP: Stop using C++20 initialization
> FIXUP: Legalize the bloody code
> [Backport] CVE-2022-3308: Insufficient policy enforcement in Developer Tools (2/2)
> [Backport] CVE-2022-3308: Insufficient policy enforcement in Developer Tools (1/2)
> [Backport] Security bug 1360936
> [Backport] CVE-2022-3313: Incorrect security UI in Full Screen
> [Backport] CVE-2022-3307: Use after free in Media.
> [Backport] CVE-2022-3315: Type confusion in Blink
> [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2)
> [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2)
> [Backport] CVE-2022-3304: Use after free in CSS
> [Backport] CVE-2022-3373: Out of bounds write in V8
> [Backport] Security bug 1356308
> [Backport] CVE-2022-3370: Use after free in Custom Elements
> [Backport] Security bug 1348283
> [Backport] Security bugs 1346938 and 1338114
> [Backport] CVE-2022-3200: Heap buffer overflow in Internals
Pick-to: 6.4
Fixes: QTBUG-108104
Fixes: QTBUG-108105
Task-number: QTBUG-108106
Change-Id: I2766eec4f7d16b286e3b1ab6be07e9872cc52c19
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use embedder_support component to generate user agent metadata and
support this API. ContentBrowserClientQt::GetUserAgentMetadata() has
been implemented only for safe-keeping, because we always override
that value in RendererPreferences.
Task-number: QTBUG-107260
Task-number: QTBUG-107451
Change-Id: Ibbcd8d9c1e9c2c0ebacf97f4b9d4ed1aa55dc881
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 43b92e07d..1dc53de69:
> [Backport] CVE-2022-3040: Use after free in Layout
> [Backport] CVE-2022-3041: Use after free in WebSQL
> [Backport] CVE-2022-3038: Use after free in Network Service
> Merge branch 'upstream-master' into 102-based
Fixes: QTBUG-106254
Pick-to: 6.4 6.4.0
Change-Id: Ifd55481c8d26f0e2cf8cb9e01cdaa8aa530354d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use Chrome's implementation of PushMessagingService. This feature
relies on notification permissions, so it is not different from
Web Notification from end-users perspective.
We don't persist push subscriptions, because it seems these have
to be consistent with persisting notification permissions.
Make address of push service configurable by a profile setting.
It is empty by default - which means the feature is disabled until
the user sets the address of a push service.
Task-number: QTBUG-98904
Task-number: QTBUG-53457
Change-Id: If44f459fecf2da482c28fee5562f62fe40de103e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Now the extensions can be enabled when printing is disabled.
Pick-to: 6.4
Change-Id: I6183c795298eedf9cdf5110e580e73ba88f45828
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7ed043a1b..a7ecbb5ca:
> Avoid calling git in build scripts
> FIXUP: Fixes for jumbo build
Pick-to: 6.4
Change-Id: I47ae3494c00750adefae192a45da270ca3706e86
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 4c842ebb1..7ed043a1b:
> Move gio to public_config
> Fix building with system ffmpeg 4.4 or 5.1
Pick-to: 6.4
Change-Id: I7d657b874a3e7d8307c1af9447b8dffc2ab92546
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8496e134..620599a6:
* 2nd fixup for [Backport] CVE-2022-2605
* Fixup for [Backport] CVE-2022-2605: Out of bounds read in Dawn (1/3)
* [Backport] CVE-2022-2854: Use after free in SwiftShader
* [Backport] CVE-2022-2860: Insufficient policy enforcement in Cookies
* [Backport] CVE-2022-2855: Use after free in ANGLE
* [Backport] CVE-2022-2857: Use after free in Blink
* [Backport] CVE-2022-2853: Heap buffer overflow in Downloads
* Disable accelerated_2d_canvas for Intel drivers on Windows
* [Backport] CVE-2022-2605: Out of bounds read in Dawn (3/3)
* [Backport] CVE-2022-2605: Out of bounds read in Dawn (2/3)
* [Backport] CVE-2022-2605: Out of bounds read in Dawn (1/3)
* Native spellchecker: Fix it when enabled
* Fix build without spellcheck
* [Backport] Security bug 1264288
* [Backport] Security bug 1333970
* [Backport] Security bug 1343889
Pick-to: 6.4
Fixes: QTBUG-104640
Task-number: QTBUG-1053266
Change-Id: I9fec122a689bcdf0afdec482b7a60cb5f811543d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was broken after 102-based merge
Submodule src/3rdparty c57592220..8496e1340:
> Revert "Jumbo build mojom files"
> FIXUP: Fix building with optimize_webui=false
> Revert "Add remove_v8base_debug_symbols to GN"
> FIXUP: Fix crashes and asserts
> Add missing node modules for PDF support
> [Backport] CVE-2022-2614: Use after free in Sign-In Flow
> [Backport] CVE-2022-2618: Insufficient validation of untrusted input in Internals
> [Backport] CVE-2022-2612: Side-channel information leakage in Keyboard input
> [Backport] CVE-2022-2613: Use after free in Input
> [Backport] CVE-2022-2624: Heap buffer overflow in PDF
> [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
> [Backport] CVE-2022-2615: Insufficient policy enforcement in Cookies
> [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC
> [Backport] CVE-2022-2478 : Use after free in PDF
> Jumbo build mojom files
Pick-to: 6.4
Change-Id: I4fc608c21ab8aaa508329e708446b57cccbddf76
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* e74437286f2 [Backport] CVE-2022-2480 : Use after free in Service Worker API
* 0081e38b3cd [Backport] Security bug 1340335
* bedc4b56837 [Backport] Security bug 1334864
* 54a39c446af [Backport] Security bug 1336014
* ff5ca5ee77f [Backport] Security bug 1340654
* c5759222032 [Backport] Security bug 1287804
Pick-to: 6.4
Change-Id: I2994fa3274ade68ed8a3cbb3fc391755d371aa59
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
| |
Pick-to: 6.4
Change-Id: I7ef0ad616f2ea0fae482253335e95998aa2d360e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The datalist uses Chromium's autofill component to fetch and filter
predefined options in the list and autocomplete the field with the
selected option. Autofill component is added to build and bound to
WebEngine. All the unnecessary autofill features for datalist are
supposed to be disabled: payment/credit card support, password manager,
save profile data, store suggestions in database etc.
Custom popups for the dropdown are implemented for Widget and Quick.
Scrolling in dropdown is not implemented in this change.
Fixes: QTBUG-54433
Pick-to: 6.4
Change-Id: I155d02d6dbc9d88fbca4bc5f55b76c19d0ba7a9d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6559e00a3..88398c89a7b:
> Fix broken bundled zlib for cross compilation
> FIXUP: Fix url_utils for QtWebEngine
> Make sure we do not compile minizip from 3rdparty
> Trim down some dependencies of push messaging
Pick-to: 6.4
Change-Id: I3062f536fd144d00f72ea783ddcc56931a46a98f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Query PDF settings from view-level WebEngineSettings instead of profile.
Change-Id: I4ee7c99d6757d5341b1a4d47251228c1c46f99b7
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 3443c0d61..72d76568f:
> FIXUP: Disable alternate window station of Windows sandbox
> Find fontconfig using pkg-config
Change-Id: I85def9b7f22623d31072a9e2ee2bf9b4ebfc3044
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* f0151b67cfa Fix mac toolchain python linker script call
* 8c647adb6ad FIXUP: Fixes for building with MSVC
* 599a6221a4b Minor. Use FilePath directly for qt sandbox path
* 3443c0d6144 Minor. Add defined to checks
Change-Id: I452e2bc801117bc261dd39c8fdf3cc7b7d5dfb06
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Pulling in 98-based changes.
Change-Id: Ia6dd4b5596f63fa1fd1f38d480867f8769d97336
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* 748d325bb6a [Backport] sandbox: build if glibc 2.34+ dynamic stack
size is enabled
* b5afc89ed07 FIXUP: Fix building with system ffmpeg < 5.0
* a205c506e73 [Backport] CVE-2022-23852
* a12fe545281 Add switch for static and dynamic crt
* d89c7b12b91 [Backport] CVE-2022-0796: Use after free in Media
* 00a0b8138d2 [Backport] CVE-2022-0789: Heap buffer overflow in ANGLE
* 1e4dd159ca4 [Backport] CVE-2022-0797: Out of bounds memory access
in Mojo
* 2ca738dcf79 [Backport] CVE-2022-0803: Inappropriate
implementation in Permissions
* 5288c457bdb [Backport] Security bug 1269999
* bedf281d7c2 Do not add glType to command line again
Pick-to: 6.3
Change-Id: I6f8c59aebd3400dd0aba71e54c8710c4fa35ede6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 96ef19263..7e3cb70a2:
> Add crossbuild support for x64/x86 on macos-arm64
> Fix building with system ffmpeg
> Fix static build with qt3rdparty libs
Fixes: QTBUG-100672
Pick-to: 6.3
Change-Id: I4c56952cb8e2c56ba8b636b08f849128ace367f1
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 3rdparty installed headers so static builds can
use bundled qt libs.
Fix static gn and archiver/librarian setup.
Updates 3rdparty:
* 5d88de975 Fix static build with qt3rdparty libs
Task-number: QTBUG-87154
Task-number: QTBUG-88614
Pick-to: 6.3 6.2
Change-Id: Iad7682da92b558b500140f415acc0bc9c9a1c22e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 2aad1f40..7dba564e:
> Revert "[Backport] CVE-2022-0297: Use after free in Vulkan"
> [Backport] CVE-2022-0297: Use after free in Vulkan
> [Backport] Security bug 1292537
> [Backport] Security bug 1289394
> [Backport] Security bug 1289384
> [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API
> [Backport] CVE-2022-0609: Use after free in Animation
> [Backport] CVE-2022-0608: Integer overflow in Mojo
> [Backport] CVE-2022-0607: Use after free in GPU
> [Backport] CVE-2022-0606: Use after free in ANGLE
> [Backport] CVE-2022-0303: Race in GPU Watchdog
> [Backport] CVE-2021-4056: Type Confusion in loader
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (4/4)
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (3/4)
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (2/4)
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (1/4)
> [Backport] CVE-2021-4066: Integer underflow in ANGLE
> [Backport] Security bug 1268448
> [Backport] Security bug 1265570
> [Backport] Security bug 1252562
> [Backport] Security bug 1274113
> [Backport] CVE-2022-0470: Out of bounds memory access in V8
> [Backport] CVE-2022-0457: Type Confusion in V8
> [Backport] CVE-2022-0456: Use after free in Web Search
> [Backport] CVE-2022-0453: Use after free in Reader Mode
> [Backport] CVE-2022-0464: Use after free in Accessibility
> [Backport] Security bug 1261415
> [Backport] CVE-2021-4053: Use after free in UI
> [Backport] Security bug 1271747
> [Backport] CVE-2022-0468: Use after free in Payments (2/2)
> [Backport] CVE-2022-0468: Use after free in Payments (1/2)
> [Backport] CVE-2022-0461: Policy bypass in COOP
> [Backport] CVE-2022-0460: Use after free in Window Dialog
> [Backport] CVE-2022-0459: Use after free in Screen Capture
> [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
> FIXUP: Keep the close button when "undocked", as we can dock differently
> Fix more windows build errors on build without jumbo
> FIXUP: Add missing include for Supplement
Change-Id: I82671c60c00c940c4943a0df4234ac7286e9c0dd
Pick-to: 6.3
Task-number: QTBUG-101051
Task-number: QTBUG-99099
Task-number: QTBUG-99720
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d1338207..2aad1f40:
> [Backport] Security bug 1212957
> [Backport] Security bug 1276331
> [Backport] Security bug 1280743
> [Backport] Security bugs 1283805 and 1283807
> [Backport] CVE-2022-0290: Use after free in Site isolation
> [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API
> [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API
> [Backport] CVE-2022-0293: Use after free in Web packaging
> [Backport] CVE-2022-0289: Use after free in Safe browsing
> [Backport] Security bug 1242339
> [Backport] Security bug 1270014
> [Backport] Security bug 1256885
> [Backport] Security bug 1258603
> [Backport] Security bug 1259557
> [Backport] Security bug 1267426
> [Backport] CVE-2022-0116: Inappropriate implementation in Compositing
> [Backport] CVE-2022-0111 and CVE-2022-0117 (2/2)
> [Backport] CVE-2022-0111 and CVE-2022-0117 (1/2)
> [Backport] IWYU: add algorithm for std::max and std::min
> [Backport] trace_processor: Fix IWYU
> Revert "Fix include of <algorithm>"
> [Backport] CVE-2022-0097: Inappropriate implementation in DevTools (3/3)
> [Backport] CVE-2022-0097: Inappropriate implementation in DevTools (2/3)
> [Backport] CVE-2022-0097: Inappropriate implementation in DevTools (1/3)
> [Backport] CVE-2022-0113: Inappropriate implementation in Blink
> [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (2/2)
> [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (1/2)
> [Backport] CVE-2022-0108: Inappropriate implementation in Navigation
> [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE
> [Backport] CVE-2022-0103: Use after free in SwiftShader
> [Backport] CVE-2022-0102: Type Confusion in V8
> [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API
> Revert "Fix build with GCC 10"
Pick-to: 6.3
Task-number: QTBUG-99099
Task-number: QTBUG-99720
Change-Id: I4d734dca71af23babc29c8570a0eaa09544ea1db
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following commits:
* ceaca362c9a Fix ios compilation issues
* c6dd23dca6e FIXUP: Remove fat lib support
* 4d33af9093a Add qtpdf ios gn adaptations
* b09e95c3fe8 Revert "Make compile time switch at compile time"
* ca78f43edb2 Revert "Disable long presentation time DCHECK"
* b042491acb4 Revert "Fix disabling reporting"
* d5ae47fe7af [Backport] Fix build for 'enable-reporting=false'
* ee7acb3042a [Backport] Remove NOTREACHED assertions from
NetworkContext's reporting methods
* d133820740f Do not create empty rsp files
Change-Id: I22f1587ba1364392c311c70b46aa99b55760d324
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 206bed415..5bdf41e55:
> Revert "[macOS] Fix build error with new deployment target"
> Add GN arg to pass gssapi include directory
Change-Id: Id4187c57eef4f4a3d9d07c7d45b1249ab362a217
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty dd2725bea..206bed415:
> Allow accessing file protocol from protocols with local-access
> Add allow_remote_access_from_local_urls setting
> FIXUP: Optimize skvx::fma for GCC
> FIXUP: Optimize skvx::fma for GCC
> [Backport] Fix wrong mipmap sampling option for Medium filter quality
> Speculative fix for build error
> [Backport] CVE-2021-4102: Use after free in V8
> [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader
> [Backport] CVE-2021-4100: Object lifecycle issue in ANGLE
> [Backport] CVE-2021-4099: Use after free in Swiftshader
> [Backport] CVE-2021-4098: Insufficient data validation in Mojo
> [Backport] CVE-2021-4079: Out of bounds write in WebRTC
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
> Fix compilation with c++20
> [Backport][heap] implement more stub method to fix build with msvc
> Revert "Forward declare newer EGL typedefs"
> Revert "Fix Linux kernel lacking V4L2_CID_POWER_LINE_FREQUENCY_AUTO"
> Optimize skvx::fma for GCC
> Use clang builtins in gcc when available
Pick-to: 6.3
Change-Id: I01d2274ee3b7467dad431365985112864e39a1fc
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 2335554cb..dd2725bea:
> Do not overwrite signal handlers in the browser process.
> Quiet false error message
> FIXUP: Stop using C++20 initialization
Pick-to: 6.3
Change-Id: I1d284f43d5042d094736b89385c638089b9c8c2f
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 735b1a39..2335554c:
> [Backport] Security bug 1259899
> [Backport] CVE-2021-4057: Use after free in file API
> [Backport] CVE-2021-4078: Type confusion in V8
> [Backport] CVE-2021-4059: Insufficient data validation in loader
> [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
> Fix crashes with MSVC
> Bundle all localisation files for DevTools
> Speculative fixes for build race conditions
> Allow DevTools to download remote translations
> FIXUP: Fix disabling reporting
> Use wglSetPixelFormat directly only if in software mode
> Fix jumbo build: syntax error in v8 token.h(211)
> [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
> [Backport] CVE-2021-37987 : Use after free in Network APIs
> [Backport] CVE-2021-38015: Inappropriate implementation in input
> [Backport] CVE-2021-38018: Inappropriate implementation in navigation
> [Backport] CVE-2021-38021: Inappropriate implementation in referrer
> [Backport] CVE-2021-38005: Use after free in loader (3/3)
> [Backport] CVE-2021-38005: Use after free in loader (2/3)
> [Backport] CVE-2021-38005: Use after free in loader (1/3)
> [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
> [Backport] CVE-2021-38007: Type Confusion in V8
> [Backport] CVE-2021-38009: Inappropriate implementation in cache
> [Backport] Dependency for CVE-2021-38009
> [Backport] CVE-2021-38012: Type Confusion in V8
> [Backport] CVE-2021-38010: Inappropriate implementation in service workers
> [Backport] Security bug 1252858
> [Backport] Security bug 1241912
> [Backport] CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox
> [Backport] Dependency for CVE-2021-37994
> [Backport] CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
> [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
> [Backport] CVE-2021-37985 : Use after free in V8
> [Backport] Security bug 1245870
> [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
> [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
Task-number: QTBUG-95568
Task-number: QTBUG-99099
Fixes: QTBUG-99282
Fixes: QTBUG-99285
Change-Id: I0b5d1fff98e1c83458a99d4badf40b7ef49cc660
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty be03c63b3..735b1a398:
> [Backport] Handle long SIGSTKSZ in glibc > 2.33
> FIXUP: Fixes for jumbo build
> Compile with GCC 11 -std=c++20
> FIXUP: Fix navigation when clicking on links in a PDF
> FIXUP: Adapt accessibility code for our needs after chromium 90
> FIXUP: Add user script data mojo interface and traits
> FIXUP: Make GpuSwitchingManager::RemoveObserver() thread safe
> [Backport] Return proper value in GLES2DecoderImpl::GetUniformSetup
> [Backport][Extensions] Remove string literal conversions by ASCIIToUTF16()
> Disable debug info for crbug.com/1224432
Change-Id: I3ddb49ed6853fc78a2b857637888d66af950f8d9
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
|
|
|
|
|
| |
Change-Id: I9fb8998a3a7762b0aea70993ca231f0bbf4f7761
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6ae16282af..39aa0ea99a:
> CVE-2021-38022: Inappropriate implementation in WebAuthentication
> CVE-2021-38015: Inappropriate implementation in input
> CVE-2021-38019: Insufficient policy enforcement in CORS
> CVE-2021-38009: Inappropriate implementation in cache
> Dependency for CVE-2021-38009
> CVE-2021-38010: Inappropriate implementation in service workers
> CVE-2021-38005: Use after free in loader (3/3)
> CVE-2021-38005: Use after free in loader (2/3)
> CVE-2021-38005: Use after free in loader (1/3)
> CVE-2021-38007: Type Confusion in V8
> CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
> CVE-2021-38012: Type Confusion in V8
> Fixup for CVE-2021-38018: Inappropriate implementation in navigation
> CVE-2021-38018: Inappropriate implementation in navigation
> CVE-2021-38021: Inappropriate implementation in referrer
> CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
> CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
> CVE-2021-38001 : Type Confusion in V8
> Security bug 1252858
> CVE-2021-38003 : Inappropriate implementation in V8
> CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
> CVE-2021-37989 : Inappropriate implementation in Blink
> CVE-2021-37987 : Use after free in Network APIs
> Security bug 1245870
> CVE-2021-37992 : Out of bounds read in WebAudio
> CVE-2021-37993 : Use after free in PDF Accessibility
> Security bug 1241912
> CVE-2021-37984 : Heap buffer overflow in PDFium
> Fix build with Win10 21H1 SDK and Win11 SDK
Change-Id: Ie208cc60c8c65c37ddf0d727fe7e1e315e538255
Task-number: QTBUG-98400
Task-number: QTBUG-98401
Task-number: QTBUG-98523
Fixes: QTBUG-98522
Pick-to: 6.2 6.2.2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6b7b3f1b..6ae16282:
> [Backport] Security bug 1185801
> [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
> [Backport] CVE-2021-37973 : Use after free in Portals
Fixes: QTBUG-96907
Pick-to: 6.2
Change-Id: I90082480a6c69772a0563ffa86e76a14fab95b35
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 202e34476..6b7b3f1bf:
> [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
> [Backport] sandbox: linux: allow clock_nanosleep & gettime64
> [Backport] Linux sandbox: update syscall numbers for all platforms.
> [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
> [Backport] Ease HarfBuzz API change with feature detection
> [Backport] CVE-2021-37975 : Use after free in V8
> [Backport] Security bug 1248665
> [Backport] CVE-2021-37976 : Information leak in core
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
> [Backport] Security bug 1215711
> [Backport] CVE-2021-37972 : Out of bounds read in libjpeg-turbo
> [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
> [Backport] Linux sandbox: return ENOSYS for clone3
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1238178 (2/2)
> [Backport] Security bug 1238178 (1/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
> [Backport] Security bug 1242257
> [Backport] CVE-2021-30632: Out of bounds write in V8
> [Backport] CVE-2021-30625: Use after free in Selection API
> [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
> [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
> [Backport] CVE-2021-30629: Use after free in Permissions
> [Backport] CVE-2021-30630: Inappropriate implementation in Blink
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] Linux sandbox: fix fstatat() crash
> [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
> Revert "Fix sandboxed font rendering with newer glibc"
> breakpad: fix build with glibc-2.34
> abseil-cpp: fix build with glibc-2.34
> Fix QtWebEngine build with clang-cl
Fixes: QTBUG-96907
Change-Id: I2d35c7a9deef9124189290219efbac2c9807d449
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b55ebadc3013e7f197cde1d2054002b34898ae6c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty f8a944bb..202e3447:
> [Backport] CVE-2021-30566: Stack buffer overflow in Printing
> [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
> [Backport] CVE-2021-30616: Use after free in Media.
> [Backport] Security bug 1227228
> [Backport] Security bug 1239116
> [Backport] Security bug 1216595
> [Backport] Security bug 1206289
> [Backport] CVE-2021-30613: Use after free in Base internals
Pick-to: 6.2 6.2.0
Change-Id: I52c611ae7029baafcc182a6d66890f4bfff81d34
Fixes: QTBUG-96209
Task-number: QTBUG-96292
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Updates Chromium with:
* f8a944bbe5f Add support for mcpu
Pick-to: 6.2
Change-Id: I3f9d31f3ec99badd62d82fca911bee22dde5985f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty: 0fd1fa10..5b90394d
> Bump V8_PATCH_LEVEL
> [Backport] CVE-2021-30604: Use after free in ANGLE
> [Backport] CVE-2021-30599: Type Confusion in V8
> [Backport] CVE-2021-30598: Type Confusion in V8 (2/2)
> [Backport] CVE-2021-30598: Type Confusion in V8 (1/2)
> [Backport] CVE-2021-30603: Race in WebAudio
> [Backport] CVE-2021-30602: Use after free in WebRTC
> [Backport] Security bug 1228036
> [Backport] Security bug 1221068
> [Backport] CVE-2021-30590: Heap buffer overflow in Bookmarks
> [Backport] Security bug 1227933
> [Backport] CVE-2021-30591: Use after free in File System API
> [Backport] CVE-2021-30585: Use after free in sensor handling
> [Backport] Security bug 1205059
> [Backport] Security bug 1217598
> [Backport] CVE-2021-30588: Type Confusion in V8
> [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
> [Backport] CVE-2021-30582: Inappropriate implementation in Animation
> [Backport] CVE-2021-30579: Use after free in UI framework
> [Backport] CVE-2021-30573: Use after free in GPU
> [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
> [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
> [Backport] CVE-2021-30560: Use after free in Blink XSLT
> [Backport] CVE-2021-30541: Use after free in V8
> [Backport] CVE-2021-30562: Use after free in WebSerial
> [Backport] CVE-2021-30563: Type Confusion in V8
> [Backport] CVE-2021-30559: Out of bounds write in ANGLE
> [Backport] Security bug 1184294
> [Backport] Security bug 1194689
> [Backport] CVE-2021-30547: Out of bounds write in ANGLE
> [Backport] CVE-2021-30548: Use after free in Loader
Pick-to: 6.2
Fixes: QTBUG-96210
Task-number: QTBUG-96209
Change-Id: I921920b5ec445b421af465b214a41f8a36d13e31
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following changes:
* f41bb66fa5f Fix build with MSVC 2019
* b0d6e444a0b [Backport] CVE-2021-30536: Out of bounds read in V8
* dcdec1a9807 Add pdf resources only if enable_pdf
Pick-to: 6.2
Change-Id: I69558c72bdb9efd490ddbb0d50e1c9523643357f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls in the following changes:
* 291982fed7c Use Chrome HSTS
* a0947f39232 FIXUP: Fix printing sources for Qt and add them to the build.
* dfacfba809d FIXUP: Stop sending ViewMsg_SetBackgroundOpaque to renderer
* 4febbcfdaaa FIXUP: Add cookie filter to URL requests cookie headers
* b814ac9c9b1 FIXUP: Fix building on macOS with Xcode
* 27e9e7673eb FIXUP: Fix for our tests
* 3c230af9b21 [Backport] Remove a local frame root usage in RenderFrameImpl
* 7b06ec91336 [Backport] Remove unused variable in SourceBufferStream
* fd1f81a69a3 Fix some compiler warnings
* 62a8a367d4e FIXUP: Silence most warnings
* 3f518b2824d Revert "Fix not working video in debug builds"
* 43426393a42 [Backport] Gate breaking FreeType change in COLRv1 struct names
* 190b2c47a54 Workaround debug iterator issues with MSVC
* 9104847e516 Revert "Fix build with MSVC standard library"
* 0a09f2e87b6 FIXUP: Forward cleared selections
* c96e352f979 Revert "Protect against nullptr dereference in GetSelectedText"
* 8535c9a306e Revert "Prepare net-internals for QtWebEngine usage"
* b0b96e3c0ef [Backport] Remove unneeded includes from net_internals_ui.cc
* 709aa60c812 Revert "Silence assert on MessageWindow::WindowClass destruction"
* 7d02d54400d Fix navigation when clicking on links in a PDF
* 556edad682b Add rsp target writer
* 0fd1fa101f3 Remove obsolete cmake link writer
Change-Id: If65fe84ffb7e5eaa2d43a545bb5f4c8ba1fec6d6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|