| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Pick-to: 6.7
Change-Id: I2c7433530a02a1cb37054b6e6e292d2e13ab8184
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nvidia driver does not support GPU memory buffer (GMB) properly. The
NativePixmap is only available if the SharedImage is backed by GMB.
OverlayImageRepresentation only provides NativePixmap to access the
texture memory by default.
ExternalVkImageBacking is a fallback for OzoneImageBacking if GMB is
not supported and native Vulkan rendering is used on Linux (see
//gpu/command_buffer/service/shared_image/shared_image_factory.cc).
It uses VkImage backing instead of GMB by default. This VkImage can be
accessed via SkiaImageRepresentation what we already use for
synchronizing texture rendering into the backing buffer.
As a workaround for Nvidia, the backing VkImage is imported into the
Qt's Vulkan context instead of NativePixmap.
Pick-to: 6.7
Change-Id: I94a29488521473291a5ba547abca34a3dba567a2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty e403fbe5.. da62c2f7:
* Fix clang-cl builds
* [Backport] Security bug 325296797
* Fix python warning in gen.py
* Fix build race condition for ozone build flags
* Revert "Revert "Do not initialize default locale in local isolate""
* [Backport] CVE-2024-2173: Out of bounds memory access in V8
* [Backport] CVE-2024-1938: Type Confusion in V8
Pick-to: 6.7.0 6.7
Fixes: QTBUG-122917
Fixes: QTBUG-123203
Change-Id: I5ea28b4a91eb7e506869371bb66122ad223f5286
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty b9e19616d..9edd685c:
* [Backport] CVE-2024-1676: Inappropriate implementation in Navigation
* [Backport] CVE-2024-1672: Inappropriate implementation in Content Security Policy.
* [Backport] CVE-2024-1671: Inappropriate implementation in Site Isolation (2/2)
* [Backport] CVE-2024-1671: Inappropriate implementation in Site Isolation (1/2)
* [Backport] CVE-2024-1670: Use after free in Mojo
* [Backport] Security bug 1509340 / 41481948 (3/3)
* [Backport] Security bug 1509340 / 41481948 (2/3)
* [Backport] Security bug 1509340 / 41481948 (1/3)
* [Backport] Security bug 1504473 / 40945008
* [Backport] Security bug 1508758 / 41481379
* [Backport] Security bug 1518994
* Merge branch 'upstream-master' into 118-based
* Do not assert when ozone uses qt platform with vaapi
* Correctly load GL implementation parts in GPUInfo, in-process GPU mode
Pick-to: 6.7
Task-number: QTBUG-121589
Task-number: QTBUG-118035
Change-Id: I1c98d66bb70e406324f4ca098654b179edbbe8f9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty e142f6610..b9e19616:
* FIXUP: Bundle DevTools localization files
* [Backport] CVE-2024-0808: Integer underflow in WebUI
* [Backport] Security bug 1407197 (2/2)
* [Backport] Security bug 1407197 (1/2)
* [Backport] CVE-2024-1283: Heap buffer overflow in Skia
* [Backport] CVE-2024-1284: Use after free in Mojo
* [Backport] CVE-2024-1077: Use after free in Network
* [Backport] CVE-2024-1060: Use after free in Canvas
* [Backport] CVE-2024-1059: Use after free in WebRTC
* [Backport] Security bug 1511389 (2/2)
* [Backport] Security bug 1511389 (1/2)
* [Backport] CVE-2024-0810: Insufficient policy enforcement in DevTools
* Bundle DevTools localization files
* [Backport] Security bug 1519980
* [Backport] Security bug 1515252
* [Backport] CVE-2024-0807: Use after free in WebAudio
* [Backport] Security bug 1505148
* [Backport] Use raw strings for regexps in Python code.
Pick-to: 6.7
Fixes: QTBUG-121844
Fixes: QTBUG-121843
Fixes: QTBUG-122188
Change-Id: I6408e04792fd3724e7d72b2f875ca359ec30aab1
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of exported QTWEBENGINE_CHROMIUM_FLAGS webEngineArgs are
overridden, this is not an issue till user forgets about an export
and wonders why things do not work as expected.
Note some of our tests use webEngineArgs and setting
QTWEBENGINE_CHROMIUM_FLAGS will simply end in some failed test cases.
Save some trouble and warn about potential issue.
Pick-to: 6.7
Change-Id: Ifd8cf76403179f5844eb11ad0dc60f6300a6af4e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 97af90e4..e142f661:
* FIXUP: Fix build with VS Toolset 17.8
* [Backport] Update vendored copy of six to 1.16.0.
* Fix build with VS Toolset 17.8
* [Backport] Security bug 1506535
* [Backport] CVE-2024-0519: Out of bounds memory access in V8
* [Backport] CVE-2024-0518: Type Confusion in V8
* [Backport] CVE-2024-0517: Out of bounds write in V8
* Accept system_libdir with mulit-paths for pkg-config.py
* [Backport] renderergl_utils: check strings from glGetString for nullptr
Pick-to: 6.7
Fixes: QTBUG-121552
Change-Id: Ie650a63c595711ca37a3f45be45ef893fff198f4
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Ozone: keep using Vulkan backend for Chromium rendering and
export the Vulkan texture from NativePixmap.
Windows: use Angle backend for Chromium rendering and
export the Vulkan texture from Direct3D11 texture.
Pick-to: 6.7
Change-Id: I8b05a5d29d0ff74e41390dd632162895fc0d9e61
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 1ad96f19..ab8cec0c:
* FIXUP: FIXUP Do not include xproto when no x11
* FIXUP: Fix compilation with system ICU*
* FIXUP: Do not include xproto when no x11
* Do not use always_inline for recursive calls in libAngle
* Do not include xproto when no x11
* [Backport] Security bug 1506726
* [Backport] Security bug 1505632
* [Backport] CVE-2023-6706: Use after free in FedCM
* [Backport] CVE-2023-6705: Use after free in WebRTC
* [Backport] CVE-2023-6704: Use after free in libavif
* [Backport] CVE-2023-6703: Use after free in Blink
* [Backport] CVE-2023-6702: Type Confusion in V8
* FIXUP: Add missing pkg_config calls for system libs
* Add missing pkg_config calls for system libs
Pick-to: 6.7
Fixes: QTBUG-120719
Change-Id: I156411f3a7a0b8c5860aafd2d27b1717e29c2b47
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
| |
Change-Id: I8eea99a472cc597ff9864b570c90b28b79b3751e
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
| |
Change-Id: Ie297e6ddef21cda8d71ef3daeaa4bcb82e806911
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- This is required due to the recent changes in chromium
https://chromium-review.googlesource.com/c/chromium/src/+/4106102
- As per this change , it will reject all debugging web socket connections with a defined Origin header, unless the browser is started with a new flag `--remote-allow-origins=<origin>[,<origin>, ...]`. The star origin `*` which allows all origins.
Fixes: QTBUG-118995
Pick-to: 6.6
Change-Id: I53169cd401988155bac5797b4c56e7456a2c742a
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 772cb04f..6c805bf7:
* [Backport] CVE-2023-6112: Use after free in Navigation
* [Backport] CVE-2023-5997: Use after free in Garbage Collection
Task-number: QTBUG-119158
Change-Id: I3b4a8a330e060cc476f67cdc4436279616072348
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty b2896d1f0..772cb04f:
* Add android on windows build support
* CVE-2023-5996: Use after free in WebAudio
Pick-to: 6.6
Fixes: QTBUG-118891
Change-Id: Ic93d91df7365de9c8bc1b3c5b667c2537e9da6b1
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8146bf85..4253d879:
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip (2/2)
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip (1/2)
* [Backport] Security bug 1471305
* [Backport] CVE-2023-5482 and CVE-2023-5849
* [Backport] Security bug 1478470
Pick-to: 6.6
Fixes: QTBUG-118682
Change-Id: I067d1d9f7791d57d95a12a1f9762998d56ed4de2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
| |
This has not been working since 5.15.
Task-number: QTBUG-71126
Change-Id: I04afed657a960cec9fc8782416c82fcb3de8de21
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 75a9a538..8146bf85:
* [Backport] CVE-2023-5218: Use after free in Site Isolation
* [Backport] CVE-2023-5476: Use after free in Blink History
* [Backport] CVE-2023-5486: Inappropriate implementation in Input
* [Backport] Dependency for CVE-2023-5486: Inappropriate implementation in Input
* [Backport] CVE-2023-5474: Heap buffer overflow in PDF
* [Backport] CVE-2023-5475: Inappropriate implementation in DevTools
* [Backport] CVE-2023-5484: Inappropriate implementation in Navigation
* [Backport] CVE-2023-5487: Inappropriate implementation in Fullscreen
* [Backport] Security bug 1472368
* [Backport] Security bug 1472365 and 1472366
* [Backport] Security bug 1486316
* Add shorter include paths workaround
Pick-to: 6.6
Task-number: QTBUG-118480
Change-Id: I8968b249bdea9e234c925cbdacf50d92d5c2f4c6
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
It was not compiled in -no-opengl builds even though it should not
depend on OpenGL and was also used in non-OpenGL builds.
Pick-to: 6.5 6.6
Fixes: QTBUG-117751
Change-Id: I0bcb8496d25004573d1e00ffc276511f82e489bd
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 14780aaa..75a9a538:
* [Backport] Add Intel Meteorlake GPU series type
* Fix ffmpeg assembly with newer binutil
* [Backport] Security bug 1447972 (2/2)
* [Backport] Security bug 1447972 (1/2)
* [Backport] Security bug 1479104
* [Backport] Security bug 1480184
* [Backport] CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
* Zygote: Prevent leaking control socket to child processes
* FIXUP: jumbo build
* [Backport] Set ABSL_OPTION_USE_STD_ANY to 2
* [Backport] Replace uses of re2::StringPiece::set().
* [Backport] Make absl::string_view a typedef for std::string_view
* Fix broken copy of non-BMP characters
Fixes: QTBUG-117653
Pick-to: 6.6
Change-Id: I49b82a1f97ffda0f7ba2b3607217a178e51ee222
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty a71ba6ff..14780aaa:
* [Backport] Security bug 1427288 (2/2)
* [Backport] Security bug 1427288 (1/2)
* [Backport] Security bug 1449166
* [Backport] Security bug 1469534
* [Backport] CVE-2023-4909: Inappropriate implementation in Interstitials
* [Backport] CVE-2023-4908: Inappropriate implementation in Picture in Picture
* [Backport] CVE-2023-4902: Inappropriate implementation in Input
Pick-to: 6.6
Task-number: QTBUG-117059
Change-Id: I22da560b291cb984fffe1599a5f9845192458107
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 17c036b2a20f55daf7edcdafaf603a77130b8b04)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rhi can decide to run D3D11 with the software rendering
through the software adapter aka "Microsoft Basic Render Driver".
This unfortunately does not work well with ANGLE as it can
use another adapter and sharing resources between
qt and skia can fail.
Try to guess which adapter might be used by rhi support
or rhi backing store support classes and pass luid for ANGLE.
Unfortunately this solution is far from perfect as
it creates QRhi just to check what might be used later,
however the user can select something totally different with
QQuickGraphicsConfiguration.
At lest for now we respect QSG_RHI_PREFER_SOFTWARE_RENDERER
and QT_D3D_ADAPTER_INDEX. Moreover this patch should cover
the case when rhi retrys with DXGI_ADAPTER_FLAG_SOFTWARE adapter
if accelerated adapter fails.
This is just a band aid patch to support windows on vm
and we should come up with better solution.
Fixes: QTBUG-116445
Pick-to: 6.6 6.5 6.6.0 6.5.3
Change-Id: I416dd82d688726ce872dc276570fe455d733a48e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty b295bd04..a71ba6ff:
* [Backport] CVE-2023-4863: Heap buffer overflow in WebP
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-4762: Type Confusion in V8
* [Backport] CVE-2023-4763: Use after free in Networks
* [Backport] blink::HTMLMediaElement::ShouldReusePlayer: avoid dereferencing a potentally NULL domWindow
* FIXUP: Qt GN integration
* Avoid using libdrm
Pick-to: 6.6
Fixes: QTBUG-115470
Fixes: QTBUG-116501
Change-Id: Ibeff96e0dca65b42ffe512627eab3c2f0f349c8c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The use case is that the append methods of base::CommandLine class
lowercase the switches due to historical reasons on Windows.
For example, the following code results "--webengineargs" on Windows:
base::CommandLine command(program);
command.AppendSwitch("--webEngineArgs");
Make it valid.
Task-number: QTBUG-82046
Change-Id: Idc38c51cd3a526acb153ed619775d2bcf5dcfb5b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty b02cdcee..b295bd04:
* FIXUP: Temporary fix for missing macOS 12.3 SDK
* Temporary fix for missing macOS 12.3 SDK
* Fix build with clang
* Disable Windows IME for GPU thread
Pick-to: 6.6
Task-number: QTBUG-73994
Fixes: QTBUG-116278
Change-Id: I9894f341a82b0c5887d38e9d2597ecc2bde11392
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 2d71c20d..cfa9a71a:
* Fix for QtWebEngine crash on Windows
* FIXUP: Add minimal webrtcdesktopcapture api for hangout services extension
* FIXUP: Jumbo build
* [Backport] CVE-2023-4078: Inappropriate implementation in Extensions (2/2)
* [Backport] CVE-2023-4077: Insufficient data validation in Extensions (3/3)
* [Backport] CVE-2023-4077 (2/3) and CVE-2023-4078 (1/2)
* [Backport] CVE-2023-4077: Insufficient data validation in Extensions (1/3)
* [Backport] Security bug 1429353 (2/2)
* [Backport] Security bug 1429353 (1/2), dependency for CVE-2023-4077 and CVE-2023-4078
* [Backport] Security bug 1454544
* [Backport] Security bug 1465224
* [Backport] CVE-2023-4070: Type Confusion in V8
* [Backport] CVE-2023-4073: Out of bounds memory access in ANGLE.
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling
* [Backport] CVE-2023-4068: Type Confusion in V8
* [Backport] Security bug 1464680
* [Backport] Security bug 1464682
* FIXUP: Fix build with enable_vulkan=false
Pick-to: 6.6
Task-number: QTBUG-115470
Fixes: QTBUG-115703
Change-Id: I1478381717e2189f74041c9e3b62751bdd089d45
Reviewed-by: Anu Aliyas <anu.aliyas@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty dd25f259..9a59b581:
* Disable advanced arm64 control-flow
* [Backport] Security bug 1443100
* [Backport] CVE-2023-3740: Insufficient validation of untrusted input in Themes
* [Backport] CVE-2023-3737: Inappropriate implementation in Notifications
* [Backport] CVE-2023-3732: Out of bounds memory access in Mojo
* FIXUP: Fix license generation
* FIXUP: Fixes for building with MSVC
* FIXUP: Add missing include for Supplement
* FIXUP: Fixes for jumbo build
Fixes: QTBUG-115469
Task-number: QTBUG-115470
Pick-to: 6.6
Change-Id: I8be904e52c684bcfd1270e86025e5eec50de4838
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Support opengl backend for macOS without CGL support in Chromium.
Means we can remove a lot of hacks.
Pick-to: 6.6
Change-Id: I3773fab24ab851bc471411fb31baf93727b9c110
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
| |
Pick-to: 6.6
Change-Id: I1bb84b20a080d7f615bf0795ac2d97739e99ac1d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.6
Change-Id: I56e1695ee4fc2b0e12da6580a5673df80bba8b6d
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty ba3cfe92..a4a9769c:
* [Backport] Security bug 1447430
Task-number: QTBUG-114754
Change-Id: I0aaa8c8783f5fdbb9617b0dc850caf31db6c3a36
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
(cherry picked from commit 8c23756c8a7b3dcadd6dff20f76d156e4dace876)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 34482ee5..06943d86:
* Fix name clash with SetForm
* Add is_mingw helper and fix gn configurations
* [Backport] CVE-2023-2724: Type Confusion in V8
* [Backport] CVE-2023-2723: Use after free in DevTools
* [Backport] Security bug 1439691
* [Backport] Security bug 1442263
* [Backport] Security bug 1425115
* [Backport] CVE-2023-2721: Use after free in Navigation
* Add workaround for broken windows.foundation.h header on mingw
* Do not use posix_memalign with mingw
* Fix nasm config for mingw
* Add gn mingw compilation
Change-Id: I557330876c215a700fa42fdf2679eb9218e50431
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
This patch fixes the devtools eyedropper.
The EyeDropperAPI is an experimental feature which
we don't implement and devtools uses it by default.
Pick-to: 6.5
Change-Id: Iaa28ee5d0381750fc967dbc72d725b46b239a656
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
| |
Pick-to: 6.5
Task-number: QTBUG-112280
Fixes: QTBUG-109401
Change-Id: Iaebb79921030ce42bcfe8be1ba46d309c93dca6d
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 22fec96c..d3c3d748:
* Revert "[Backport] CVE-2023-0704: Insufficient policy enforcement in DevTools"
* Do not stop navigation during saving the page if not necessary
* Pass through non-keymutex share handles
* [Backport] CVE-2023-1236: Inappropriate implementation in Internals
* [Backport] CVE-2023-0704: Insufficient policy enforcement in DevTools
* [Backport] Security bug 1417585
* [Backport] Security bug 1418734 (2/2)
* [Backport] Security bug 1418734 (1/2)
* [Backport] Security bug 1415249
* [Backport] Security bug 1402921
* [Backport] Security bug 1337747
* [Backport] Security bug 1412991
* [Backport] CVE-2023-1532: Out of bounds read in GPU Video
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] CVE-2023-1530: Use after free in PDF (2/2)
* [Backport] CVE-2023-1530: Use after free in PDF (1/2)
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1235: Type Confusion in DevTools
* [Backport] CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* [Backport] CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (3/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (2/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (1/3)
* [Backport] CVE-2023-1218: Use after free in WebRTC
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1215: Type Confusion in CSS
* [Backport] CVE-2023-1214: Type Confusion in V8
Pick-to: 6.5
Fixes: QTBUG-112166
Change-Id: I747f60f72cbf6847bc0ee89bee655972968da921
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Move graphics details into compositor, and add support for a native
buffer mode uses ANGLE on the Chromium side.
The initially support is for Metal.
Pick-to: 6.5
Fixes: QTBUG-112282
Task-number: QTBUG-112280
Change-Id: I066ba1d3e72508e047d259ae5797659d45335fb2
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
| |
We haven't needed our own since we got rid of the graphics node
integration.
Pick-to: 6.5
Change-Id: I20b0fdb440c07e451d0e0152e8012ddf59e159cf
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
| |
Add missing calls to match RunBrowser() logic.
Pick-to: 6.5
Change-Id: Ia4a14acb279cc43cc8ab4930f1f5432b03a8cbed
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7e5ee9d6..10e54a07:
* FIXUP: Fixes for building with MSVC
* Fixup for [Backport] CVE-2023-0705: Integer overflow in Core (2/2)
* Fix android on mac support
* Add android config support
* Merge branch 'upstream-master' into HEAD
* Add android required resources for chromium repo
* [Backport] CVE-2023-0696: Type Confusion in V8
* [Backport] Security bug 829317 (2/2)
* [Backport] Security bug 829317 (1/2)
* [Backport] CVE-2023-0705: Integer overflow in Core (2/2)
* [Backport] CVE-2023-0705: Integer overflow in Core (1/2)
* [Backport] Security bug 1400809
* [Backport] Security bug 1325096
* [Backport] CVE-2023-0701: Heap buffer overflow in WebUI.
* [Backport] CVE-2023-0702: Type Confusion in Data Transfer
* [Backport] CVE-2023-0699: Use after free in GPU (2/2)
* [Backport] CVE-2023-0699: Use after free in GPU (1/2)
* [Backport] CVE-2023-0703: Type Confusion in DevTools
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC (2/2)
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC (1/2)
* Merge branch 'upstream-master' into 108-based
* BASELINE: Update Chromium to 108.0.5359.220
Pick-to: 6.5
Task-number: QTBUG-111363
Task-number: QTBUG-83459
Change-Id: Id67893339f68e382e10ae10bbfddeffc8b60ae88
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.5
Change-Id: If905393d73892256175ac5059503a9fc4a6a32f6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
To do so, we need to deal with the macros a bit differently, so here, I
replaced the macros with available utility functions, and added one for
the QTWEBENGINEPROCESS_NAME.
Fixes: QTBUG-110873
Task-number: QTBUG-99238
Change-Id: I29b41ffb8059511d2d93bfc01d40308aedaa8ad4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
error messages
Also fix typos.
Pick-to: 6.4 6.5
Change-Id: I6e505102dc2241e4e00b181d0c4a097af4a40d35
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Resolving TODO, the corresponding Active Qt issue has been fixed.
This amends commit 614d6639b875f53b21eaabd2d5928b84b59af707
Pick-to: 6.5
Change-Id: If0144af83cd1d512b151ce82a38e47b4811fbfa8
Taks-number: QTBUG-110157
Taks-number: QTBUG-110158
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a corner case, QCoreApplication::arguments() might be empty. For
example, the embedder sets argc=0. It is invalid but doesn't crash
or warn.
base::CommandLine expects program name to be set and Chromium code might
use it. It is not possible to set program name if argv is not passed to
QCoreApplication.
This change does not handle this corner case but detects it, and warns
the user to not expect proper behavior.
Pick-to: 6.5
Task-number: QTBUG-110157
Change-Id: Ibf14b11bbf8b8c72d8a1d8419377a25b311b9ebe
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Keep it enabled for simplebrowser and quicknanobrowser examples. Also
add documentation how to enable it.
[ChangeLog][WebEngineCore] Disabled WebEngineContext dump by default.
Fixes: QTBUG-109040
Pick-to: 6.5
Change-Id: I4bd3c0e9eb532771f9b455863324e9dacaae884a
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d7abc8b24..1ccfe20ad:
> FIXUP: Jumbo builds
> Merge remote-tracking branch 'origin/upstream-master' into 108-based
Pick-to: 6.5
Change-Id: Ib11a7e5422415229c5ed109d63375c4953df97d2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
| |
Pick-to: 6.5
Fixes: QTBUG-105147
Change-Id: I0022964903f3443cc97843c62468ab9be8ae2ed8
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Requesting host quota is no longer supported by Chromium.
navigator.webkitPersistentStorage has became an alias for
navigator.webkitTemporaryStorage after the Chromium 106 update.
Requesting quota for temporary storage is needless because the
allocation is automatic and storage can't be requested beyond the
maximum limit.
The logic of the persistent storage will be entirely removed in the next
Chromium update so just deprecate the API and remove the corresponding
implementations.
[ChangeLog][QtWebEngineCore] Deprecate QWebEnginePage::quotaRequested()
signal and QWebEngineQuotaRequest class. The signal is not emmitted
anymore.
[ChangeLog][QtWebEngineQuick] Deprecate QWebEngineView.quoataRequested()
signal. The signal is not emitted anymore.
Task-number: QTBUG-56354
Change-Id: Ie397598c416d9e811270ba56a97f8984948277f7
Reviewed-by: Szabolcs David <davidsz@inf.u-szeged.hu>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Change-Id: I2fe91c06ce91dfaace7825a0589b56ee375479b6
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Change-Id: Ieb44b5c98b3342adca38916d8b77c54e8ed8e1d7
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Updates 3rdparty:
* 8b7ce4ef70d Make GrVkImage external
Task-number: QTBUG-107669
Change-Id: If7fbe1f20538598dd1d4f3a67be17c9f7d06a3cd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
