| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Changes:
9f4aba1869 FIXUP: Building with plugins but webrtc disabled
37195be7fc [Backport] Fix for CVE-2018-17478
2095a35f30 FIXUP: Building with plugins but webrtc disabled
Change-Id: I2a95bb45c8e580246b4c00620045a45aafc635cd
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
33fd7a21ed - [Backport] Fix for CVE-2018-17466
4a6c45c124 - [Backport] Second fix for CVE-2018-12371
cf0481a4fb - [Backport] Fix for security issue 875494
f428bbce2a - [Backport] Fix for security issue 888678
5d514fa9ba - [Backport][Blink/SPv175+] Change DCHECK(chunk clip escaped layer clip) to a DLOG
Fixes: QTBUG-71203
Change-Id: I20449b1e688e09313cb96e111f9e356120ba7088
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
1b6fc616ee - [Backport] Fix for CVE-2018-17462
567960cec4 - [Backport] Update LCMS
39ae61b30a - [Backport] Fix for CVE-2018-17468
ddd25ab971 - [Backport] Fix for CVE-2018-17469
37b5fe3597 - [Backport] Fix for CVE-2018-17470
e467d56363 - [Backport] Fix for CVE-2018-17471
2dcf2c6d0c - [Backport] Fix for CVE-2018-17474
976446bcc0 - [Backport] Fix for CVE-2018-17473
cb98d8cc57 - Build fix for [Backport] Fix for CVE-2018-17470
bc188914f3 - Fixup for fix for CVE-2018-17469
ccb8f3ea6e - Fixup for Fix for CVE-2018-17468
8a39f81276 - [Backport] Fix for CVE-2018-17476
Task-number: QTBUG-71203
Change-Id: I6b698e77272cd762ca40f73c94fa31ce746bd8ff
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
| |
Some first party requests has no site_for_cookies yet, and thus returns
an empty string. The logic matches that of StaticCookiePolicy.
Change-Id: I10caf978dc410639cd21fc2aa01eb2bf6dc67c1f
Fixes: QTBUG-71393
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
This reads the hw.model string through sysctlbyname and sets the
environment variable QT_MAC_PRO_WEBENGINE_WORKAROUND to tell the
Cocoa platform plugin to not enable offline renderers upon creation
of the platform OpenGL context.
Task-number: QTBUG-70062
Change-Id: I986d9d76a80f96a215f3fcd08b3d47e546682e35
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
| |
This adds proxy resolver service as a part of content utility process
and pulls in the corresponding change in Chromium.
Fixes: QTBUG-69281
Change-Id: Icb2b67e1e506a5b511531322a8c13d7df0e11f9f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Do no access m_request from ui thread. The auth request can get cancelled,
this can happen for example when a new navigation interrupts the current one.
Fixes: QTBUG-71128
Change-Id: I140b1a164294342bad13a76342c1f642ba0960c8
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-69281
Change-Id: If48d1a7ad723b18d4577d675b11c0cdc5e22f758
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
| |
Pull in fix for build failure on macOS with 10.14
Fixes: QTBUG-70981
Change-Id: Ie302e3b7f21edfe4390248c4953dbcce6525715a
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
| |
Pass interface to io thread and bind there.
Task-number: QTBUG-69281
Change-Id: Ia8630cb7ff216cecaec5274a0b3da3ef0881fcea
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More security fixes from Chrome 69
Changes:
dd94e4234936 [Backport] CVE-2018-16066
9dec1e5d1048 [Backport] CVE-2018-16070
7610166df941 [Backport] Security patch 864932
9ffeaf4caa98 [Backport] CVE-2018-16076
af4500d25e07 [Backport] CVE-2018-16077
02d134e58d36 [Backport] CVE-2018-16083
22a79645f8d3 [Backport] CVE-2018-16085
8ea8f7a2e7ca [Backport] Security issue 867306
3b44cd3d8a9c [Backport] Security issue 867792
13aed800921e [Backport] Security issue 868592
Change-Id: I465915ee61443e8eab2204b56cbf9aca1123aab4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-66871
Change-Id: I246d667dfe341a6bfe7a74b24286403bec4dde8b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-68462
Change-Id: I6d3358d36bb3df91c05d434275e9c69682c982a9
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
High security fixes from Chrome 69
Changes:
c92e99aa5f [Backport] CVE-2018-16067
38b701b44f [Backport] CVE-2018-16068
5adda98099 [Backport] CVE-2018-16071
021e3ee70e [Backport] CVE-2018-16072
cfc13dfc78 [Backport] Correctly handle blob:file:///... URIs in SiteInstance::GetSiteForURL.
f1f5e7417e [Backport] Avoid unneeded call to Origin::GetURL from SiteInstance::GetSiteForURL.
c952ab2ef5 [Backport] CVE-2018-16074
ae14d10af6 [Backport] CVE-2018-16073
ebbf15c58c Update usrsctp
Change-Id: Ia5d1c6622992f855de9d86fb2e99a972012f6fc0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
Either overlooked or added after we make the GN switch.
Change-Id: I93bfc27c2e71165901c2046ab2ea902d9dad39d3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|\
| |
| |
| | |
Change-Id: Idee34fa6d4cc54effd84d3b78e3666fa7fcce8db
|
| |
| |
| |
| |
| | |
Change-Id: I134876aa68bd42356c0b897a5d7d5881f27724a4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The max was bumbed from 11 to 256, now document it.
Task-number: QTBUG-69904
Change-Id: I6cbf64afe3409c4722d7a903d833124880b32bc0
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This pulls in the following changes:
* 708511 Fix hunspell::NodeReader::affix_id_for_leaf bounds check
Change-Id: I54a3775c171361f227a27bfd3846ab4f5a78e76c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This pulls in the following changes:
* 084a80 [Backport] Security Bug 831117 2/2
* f78390 [Backport] Security Bug 831117 1/2
* d739b9 [Backport] Security Bug 683418
* cf51b5 [Backport] Security Bug 840695
* 009019 [Backport] Security Bug 838886
* 424911 [Backport] CVE-2018-6158
* 6d5f60 Fix compilation issues in introduced previous commits
* a6e2ca [Backport] Security fix for Chromium bug 860721
* 3e6d0c [Backport] Security fix for Chromium bug 839197
* f4115a [Backport] additional patch for security fix for Chromium bug 839197
Task-number: QTBUG-69663
Change-Id: I6ad8509efb210972b753d8763e02cc31e90e0f8a
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|/
|
|
|
|
|
|
| |
We do not have it working together with the building of Chromium.
Task-number: QTBUG-66571
Change-Id: Ib000a4102b02902f2ac257347e406297fe1608cf
Reviewed-by: Samuli Piippo <samuli.piippo@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls in the following changes :
* 827405 [Backport] Security fix for Chromium bug 854887
* e79b92 [Backport] Security fix for Chromium bug 861571
* d845af [Backport] CVE-2018-6161
* 3cdf31 [Backport] CVE-2018-6159
* 625870 [Backport] CVE-2018-6162
* 2b111a [Backport] CVE-2018-6164
* eb5360 [Backport] blink: disable XML catalogs at runtime
* 273272 Bump maximum number of custom isolated world ids
* 8f53e0 [Backport] CVE-2018-6167
* 07c34e [Backport] CVE-2018-6172 CVE-2018-6163
* 5d8596 [Backport] CVE-2018-6165
* e8b9ae [Backport] CVE-2018-6177 CVE-2018-6168
* 0cce34 [Backport] CVE-2018-4117
Task-number: QTBUG-69663
Change-Id: Ied119f9d0b28ccba4954c087ab7bcf129969d52a
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--enable-webgl-software-rendering is supposed to be used together
with mesa llvmpipe / opengl32sw.dll. However, Chromium did still use
the built-in GPU blacklist to disable features based on the hardware
GPU driver.
Avoid this by always passing --ignore-gpu-blacklist for this mode.
Task-number: QTBUG-69236
Change-Id: I430d101f6eac64478585de54f705e76859c80597
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit pulls in security patches:
* CVE-2018-6150
* CVE-2018-6152
* CVE-2018-6175
* CVE-2018-6155
Task-number: QTBUG-69663
Change-Id: If70e7817f4f9aa1fa482559b734085e6cdff89ed
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
| |
Not needed and triggers race condition.
Task-number: QTBUG-69007
Change-Id: Id57ba527387e5dbe44a8dd6c5a49e7278403ce64
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
2d61f0a269 Work around MSVC2017 optimizer bug when printing a page usind Pdfium
6d6103fe51 [Backport] flush to zero tiny radii
edf63ed29d [Backport] use double to compute root to avoid overflow
7777b6ac95 [Backport] Generate GL errors more strictly in StrictIdHandler.
0c00f4a924 [Backport] Validate all incoming WebGLObjects.
a6a96845cc [Backport] Prevent potential buffer overflow in UlpfecReceiver
a3d55fb8e4 [Backport] Check number of nalus in packet before checking nalu types.
Change-Id: Icd501a956ce396a38098272848bc25065ad92748
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
| |
Change-Id: I74f6a607d96733fa379526be40c6a13c31203d4e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
| |
IODevice::close and therefore aboutToClose is called by io thread,
connecting it to deleteLater will register deferred delete
on event loop of IODevice instance, which is on ui thread.
This could be racy since deletion on ui thread can happen before job
is done.
Change-Id: I895e6a71649ba65944d069f254d119cc60aada6c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an HTML select box was clicked inside of a QWebEngineView and
the parent QWebEngineView window was moved using the mouse
(via window decoration toolbar for example) the popup window
would stay around instead of being closed.
This happened because of the usage of the Qt:Tool window flag for the
popup window, which implies a tool that floats near its parent window.
The fix is threefold:
1) Use Qt::Popup instead, similarly to how QMenu does it.
Whenever the parent window is moved, the popup will now get a
CloseEvent.
2) Handle the CloseEvent by telling Chromium to close and destroy
the popup.
3) On Windows the OS might send mouse move events to the popup RWHVQD
instance after its parent QWebEngineView, RWHVQD,
QWebEnginePagePrivate (client adapter) is destroyed. We need to
guard the mouse forwarding code not to access the client adapter
if it has already been destroyed.
The second point is done by telling Chromium that its popup lost focus
which it interprets as a sign to hide it, and automatically destroy
it. This will destroy the underlying RWHVQtDelegateWidget and
RWHVQt instances.
Task-number: QTBUG-59891
Change-Id: I47f94a93c495a6caa5de92a6022eaca154994eda
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-69605
Change-Id: I863db484ff2bcf558585f75c73963097fb43148a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include following patches:
c020786f57 Fix compilation failure in time_win.cc
eea22d3cac [Backport] media: Increase DecoderBuffer::kPaddingSize to 64
91d24cdd6f Reduce severity level of messages when kDisableGpu switch is
used
298fb05460 Fix --single-process --disable-gpu combination not to hit
asserts
db81dc68a8 Remove incomplete logic to detect AMD K2 CPU's
b11fd882e8 Do not write <protocol>.json to source directory
Change-Id: I4e3c0c2f3908f358b43ae4af8baebc2012c9830b
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
| |
The documentation says we require 4.7 or later but actually already since the
5.10.0 release our qmake config has been checking for version 5 or later.
Task-number: QTBUG-69535
Change-Id: Ia2f74b35570a9ba6fd1423b9507fe636d850db76
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
| |
Adds note for QWebEnginePage::print(...) function.
Change-Id: I52ec78ccfc5c4eeb98ee69f9aaab01b380f97a81
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Szabolcs David <davidsz@inf.u-szeged.hu>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The empty URL is used both for representing a missing origin (browser-initiated
navigation request) and a unique/opaque origin. This is problematic since the
security implications are very different in these two cases: browser-initiated
requests usually should have high security clearance, while requests from unique
origins should be restricted.
Task-number: QTBUG-69372
Change-Id: Iff73fd1c9a29f1c5c281a8945536333081ff2d6b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
- Use OpenURL on the devtools WebContents.
- Guard against self-destruction (otherwise quicknanobrowser crashes).
- Change quicknanobrowser to open links in new tabs.
Task-number: QTBUG-69359
Change-Id: I4db379731c6fa855124d38c5066b0aad622861d2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
DragTargetDragEnter expects the 'int key_modifiers' parameter to have values
from the enum blink::WebInputEvent::Modifiers and not ui::EventFlags.
Also, contrary to the name, mouse modifiers are also expected.
Task-number: QTBUG-69231
Change-Id: I2369609775243fded563dde7675c4bc2dfc81021
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
| |
Task-number: QTBUG-69231
Change-Id: I35b503dae7e2d90b26b6e61a4c7c260e45df2b62
Reviewed-by: Filipe Azevedo <filipe.azevedo@kdab.com>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Because windows.pri is included from a replace function gnArgs,
fatal does not work:
src/core/config/windows.pri:60: 'fatal' is not a recognized test function.
Change-Id: Ib831e1ffa7e8e345477692d453bbcc568864b98c
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
|
|
|
|
|
|
|
|
| |
This should enable excluding such snippets from
documentation in some cases.
Change-Id: I46854412546e3774889e09831254828d18362f29
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|
|
|
|
| |
Change-Id: I7e03d6e3347ee9b81a7414574098827b5773b7b4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Regenerate the tree when different nodes are clipped.
Task-number: QTBUG-68699
Change-Id: Ib59a0b92463c47f89b7a6c662abe532fb4130c3c
Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org>
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-68933
Change-Id: I395157a9931a0e0789b3791cc9b4d55dbcf8a4c2
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
|\
| |
| |
| | |
Change-Id: Ia68ebcab9d04914cf65bff3548396f081485ce6a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following commits:
* bad02200 [Backport] CVE-2018-6149
* 8cc9828a Workaround long path issue on Window
* b42eb615 [Backport] gpu: Address piman's nits from crrev.com/c/969639
Change-Id: I3077df475503db990988ff0ab42724d11341db25
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in security patches:
* CVE-2018-6148
* Security Bug 835371
Change-Id: I00ac63f834082217b7290c90deb261dae0c99746
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|/
|
|
|
|
|
|
| |
Use the GLContext to find address for eglGetProcAddress symbol, if it's
not found with dlopen.
Change-Id: I3f5330c21ecc9b66e5e376d50d3fc6965b227f85
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
| |
We could end up dropping visible blocks during scrolling if only one
pixel line was left and the viewport got rounding one line too small.
Task-number: QTBUG-68699
Change-Id: I1ab646f23d8dd4911b32d02df68c80d6a8d78651
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following security patches:
* Security Bug 836511
* Security Bug 835184
* Security Bug 823864
Change-Id: I479a12be518a288db4aed88447d5a8cc33f41822
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following security patches:
* Security Bug 826946
* Security Bug 826193
* Security Bug 825524
* CVE-2018-6145
Change-Id: Iae4ada1157df1793cb1c5a06be55835d696df3d5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following security patches:
* CVE-2018-6144
* CVE-2018-6143
* CVE-2018-6142
* CVE-2018-6137
Change-Id: I878529f2061e3da2397756ac5adf8ee0139e7602
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|