| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Correct application/x-extension-html to text/html
Fixes: QTBUG-97392
Fixes: QTBUG-106688
Change-Id: I0d65c6950c5ba1504586cf564268463c5d4cd483
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
(cherry picked from commit 84ebd698597cf7a45b5e0967221547c21b1d67e8)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
The writable watcher will trigger all the time if we use automatic
arming, instead we need to arm it manually when it is needed.
Task-number: QTBUG-106461
Change-Id: Ia381db338adb1b1994d1da9b50c6d6ff542ea3e5
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b30559565cb91501baddea495362101341a0aa22)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7e11d69b..be349eaf:
* [Backport] Security bug 1343889
* [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
* [Backport] CVE-2022-2477 : Use after free in Guest View
* [Backport] CVE-2022-27406
* [Backport] CVE-2022-27405 (2/2)
* [Backport] CVE-2022-27405 (1/2)
* [Backport] CVE-2022-27404
* [Backport] Security bug 1287804
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
* [Backport] CVE-2022-2295: Type Confusion in V8
* [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools
* [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
* [Backport] CVE-2022-2158: Type Confusion in V8
* [Backport] Security bug 1316578
* [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
* [Backport] CVE-2022-2010: Out of bounds read in compositing
* [Backport] CVE-2022-1854: Use after free in ANGLE.
* [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API
* [Backport] CVE-2022-1855: Use after free in Messaging
* FIXUP: Fix url_utils for QtWebEngine
Fixes: QTBUG-105500
Task-number: QTBUG-105499
Change-Id: I718648cb74346f1c7ac49a112378f9e2538e3b72
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gnome WM doesn't send expose event when minimizing then restoring a
window. Presumably, due to the missing expose event the top-level
QWebEngineView is not redrawn. As a workaround, force to update
RenderWidgetHostViewQtDelegateWidget when shown.
The workaround is not needed in 6.4 and later because the issue is fixed
by 5d1ef38f9 Create a RWHV delegate in core
Fixes: QTBUG-104763
Change-Id: I4761d670d17f6dbbe3e0de82a00179eb7fd7913c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 4a9fc6792fd5b37f1c40c53f47281c8bc74ad9c9)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The QtDesigner plugin was marked as 'tool_plugin', which restricts its
build to release-only, even in debug_and_release builds. This was done
to avoid building debug plugins for tools that are only build as
release. However, the designer plugins are also loaded when using
QUiLoader and thus are not exclusively meant for the designer tool.
Task-number: QTBUG-104755
Change-Id: Id87012f57ad06984c7b0f0d318f75ad2c9a596f2
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Detected by codechecker.
Change-Id: I8814180ef6bd591ed3e95fc4b4abff3454f10bdf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 51faba3af76f4a7c67c769a5ab0be17c9aa54f83)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* 7857ff290ab FIXUP: Workaround MSVC2022 ICE in constexpr functions
* a7a23ccc69e [Backport] Linux sandbox: ENOSYS for some statx syscalls
* ecc2bb74f1f [Backport] CVE-2022-0796: Use after free in Media
* 7e11d69b957 Fixup: CVE-2022-0796: Use after free in Media
Change-Id: Ic563baee5a7a0c5c0bf95bdbb47a0d92ae6f6e22
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
With the native dialog, there were either problems with the modality
when using it asynchronously or with the life cycle when using it
synchronously. Not using the native dialog avoids these problems.
Task-number: QTBUG-102099
Change-Id: Icb9a9afda48c47558b8e8ecb6d89adc0961d5063
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
In 5.15 we have sparate coded gn call for qtpdf.
This commit amends 41e94fc482eca3e40082c34d8332821a15aefba0
Change-Id: I2b9c7ed1e0c539006fbcac656aa8673a0f00d8b9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
It seems that condition module.widgets is not evaluated in time
when configured with "-no-widget" to be picked up by the webengine
when doing 'top level' build.
Use 'widget' feature instead.
Fixes: QTBUG-103618
Change-Id: I881e4ba899d376690984c4866336a03d7dae246c
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Earlier fix cf8bc1899a introduced the logic, where all system
synthesized mouse events are ignored. But after c56169f7a1 this is
undesired since for widget with Qt::Popup flag touch input is
ignored by QWidgetWindow, and input is expected to be delivered to
popup as synthesized mouse event (either synthesized by Qt or for
capabable devices by system). So allow system synthesized mouse events
to let through for popup. Synthesis by Qt is suppress automatically
for accepted touch event, it's only system event are still delivered
unconditionally, so still ignore them for widgets impl. Global ignore
in core is not needed, since QQuickWidget ignores system synthesized
events unconditionally.
Fixes: QTBUG-79254
Change-Id: Ie8f55eb8b9c2677d8a98381effb3cb31d9388ac7
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Martin Negyokru <negyokru@inf.u-szeged.hu>
(cherry picked from commit 1f6495af6331f5504de9d3f7e43f5202345c7a8c)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Ammends d236c5a8a3. Zoom level was set as a temporal one, which is
invalidated each time when a renderer process or widget are changed
(on new navigation, for example), so it needs to be reapplied.
Fixes: QTBUG-101030
Change-Id: Iecff9686fbe2b79e99b46f67cab92f66127be085
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 1e27d42a8071532b6cc30a9bcc5f700edc56952a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 0d984c7f..caba2fcb:
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1306507
> [Backport] Security bug 1304659
> [Backport] Security bug 1269999
> [Backport] Roll libxml from a46e85f6 to dea91c97
> [Backport] Roll libxml from bfd2f430 to a46e85f6
> [Backport] Roll libxml to bfd2f430
> [Backport] Roll libxml to 7279d236
> [Backport] Roll libxml to f93ca3e1
> [Backport] Security bug 1292905
> [Backport] CVE-2022-1314: Type Confusion in V8
> [Backport] CVE-2022-1310: Use after free in regular expressions
> [Backport] CVE-2022-1305: Use after free in storage
> [Backport] CVE-2022-1125
> [Backport] Security bug 1280852
> [Backport] Secuirity Bug 1296876
> [Backport] CVE-2022-0978: Use after free in ANGLE
> [Backport] CVE-2022-1493: Use after free in Dev Tools
> [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor.
> Quick fix for regression in service workers by reverting backports
> [Backport] CVE-2022-0797: Out of bounds memory access in Mojo
Task-number: QTBUG-103034
Task-number: QTBUG-103038
Task-number: QTBUG-103040
Change-Id: I04e973cb5d9996f8d3590a8fa9a6c47a7b867b87
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit c4aec7f9beca7b15c7733dab9808816fc46962aa)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
For some reason the proxied_loader_receiver can still be bound
in this case.
Pick-to: 5.15.10
Change-Id: If0bbe181eca5de41e82eebaced412361fe12fb40
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit ffb831d9896dcdd3d469fdbeee407d96d631dbda)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ci 'gn' can crash making it hard to integrate, if there
is high load crashes occur more frequently sometimes even
blocking integrations for few days.
Limit number of worker threads for gn as this improves situation
however increases time for generating ninja files from 2s to 7s.
Note this will not prevent crashes however significantly reduces the
issue (when running in loop from 1 per ~10min to 1 per ~3days)
Compilation with address or thread sanitizer does not lead to meaningful
traces. Moreover running gn with sanitizer creates deadlocks for
unknown reason every few runs.
Current assumptions is that macos vms are unstable as crashes also occur
for sscache calls (compiler) and python calls.
Set one thread only for macos, in 6.x series this is ci depended but
in 5.x series would require coin source changes.
Change-Id: I1c488796eb0547eedd20101606f18ed55718e9c2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
User can override with env variable AR archiver for
cross compilation pass archiver from qmake for gn.
Fixes: QTBUG-103578
Change-Id: I055d7403ecb829f4b1bbe57ec27c0bca7323484c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Cache the read extensions as an std::string, since the returned C string
may be not be permanent.
Change-Id: I856b2b784ab4027da25996b2bf741b30cda10e05
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit fd2fc0d2a86f39d563720563555ca6319f8ab223)
|
| |
|
|
|
|
|
|
|
| |
They are passed in another part of the DropItem object.
Task-number: QTBUG-102192
Change-Id: If52a88ce2688c25ea0edcc0d1e8f962f2cdd29dd
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 742e6786aeb500ef9bc850bf84803d5f388e3927)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As 5.15 is in maintenance mode add basic support for
universal build without doing major refactors.
The popper implementation should unify build layout instead
of adding "isUniversal()" hacks.
Add intermediate build files per architecture for Chromium build part
and lipo them before final module linking.
Task-number: QTBUG-85279
Change-Id: Iebfd7a277b23c1b10c8719041c5959fd9d5e2f06
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
| |
Coin exports bogus LIBRARY_PATH which ends up as linker warning.
Task-number: COIN-854
Change-Id: I8036b38cdc5677056c14aa428e8b584b9ee6dc10
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in following patches:
* 019a6b9282e Fix arm64 Skia build for macOS
* 368eaa630ba Fixes for universal build
* 08b4e141cc1 Fix clang set-but-unused-variable warning
* 2082566249c [Backport] On arm64 hosts, set host_cpu to 'arm64', not
'arm'.
* f47f334c8ba Fix undefined symbol for universal link
* 23e13d55d84 Add crossbuild support for x64/x86 on macos-arm64
* 8a5738c744e Fix mac toolchain python linker script call
* d3119947e27 Fix python calls
* if1850dc7af Fix cross-compilation arm64->x86_64
* 0d984c7f044 Fix missing dependency for gpu sources
Change-Id: Ib6ac1224b2e5e043c8351905066c7c041e308413
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reverts "Don't unconditionally log that Apple Silicon is not supported"
This reverts commit 3387ca53e550c1a63ed32ddf4f1dc48e61e9fa62.
Revert "Skip QtWebEngine and QtPdf if building for Apple Silicon"
This reverts commit 1c9785bf7eee038f6f0b8e2d73dcb9588f6d60c1.
[ChangeLog] Apple Silicon universal- and cross-builds on macOS
are now supported.
Change-Id: I01973e3a29def4cd001b5dcb6354d23dbfe15dcd
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
To cross-compile for arm64 we just need target_cpu
sysroot is not required.
Adding target_cpu will result in "-arch arm64 -mcpu=apple-a12"
Change-Id: Id27e0f48309ca1d85728b5f3ca6761d8fd27e3ab
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty ab3a3447a..d13d0924c:
> [Backport] CVE-2022-0971
> [Backport] CVE-2022-1096
> [Backport] sandbox: build if glibc 2.34+ dynamic stack size is enabled
Task-number: QTBUG-102144
Change-Id: I88c5a4b18640e1579c67c874f21c627caabdf991
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
(cherry picked from commit 4f570bd7add21725d66ac8396dcf21917c3a603f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
| |
On high-dpi screens we want the rendered pixels to match device pixels.
Fixes: QTBUG-86948
Change-Id: I4879adc0aeb001750d42abc1e7d50ca3f11a5fe8
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
(cherry picked from commit 931e1be35058e43552963510f858766683cbb310)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty: 48a205f9..ab3a3447:
> [Backport] CVE-2022-0108: Inappropriate implementation in Navigation
> [Backport] Dependency for CVE-2022-0108
> Bump V8_PATCH_LEVEL
> [Backport] CVE-2022-0111 and CVE-2022-0117 (2/2)
> [Backport] CVE-2022-0111 and CVE-2022-0117 (1/2)
> [Backport] Dependency for CVE-2022-0111 and CVE-2022-0117
> [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager
> [Backport] CVE-2022-23852
> [Backport] Security bug 1289394
> [Backport] CVE-2022-0608: Integer overflow in Mojo
> [Backport] Security bug 1270014
> [Backport] Security bug 1261415
> [Backport] CVE-2022-0291: Inappropriate implementation in Storage
> [Backport] CVE-2022-0293: Use after free in Web packaging
> [Backport] CVE-2022-0607: Use after free in GPU
> [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API
> [Backport] CVE-2022-0606: Use after free in ANGLE
> [Backport] Security bug 1292537
> [Backport] CVE-2022-0609: Use after free in Animation
> [Backport] Security bug 1265570
> [Backport] CVE-2022-0116: Inappropriate implementation in Compositing
> [Backport] Dependency for CVE-2022-0116
> [Backport] CVE-2022-0102: Type Confusion in V8
> [Backport] Security bug 1256885
> [Backport] CVE-2022-0460: Use after free in Window Dialog
> [Backport] CVE-2022-0459: Use after free in Screen Capture
> [Backport] CVE-2022-0461: Policy bypass in COOP
> [Backport] Security bug 1280743
> [Backport] Security bug 1274113
> [Backport] CVE-2022-0456: Use after free in Web Search
> [Backport] CVE-2022-0298: Use after free in Scheduling
> [Backport] Security bug 1276331
> [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API
> [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
> [Backport] CVE-2022-0289: Use after free in Safe browsing
> [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API
> [Backport] CVE-2022-0113: Inappropriate implementation in Blink
> [Backport] Security bug 1258603
> [Backport] Security bug 1259557
> [Backport] CVE-2022-0103: Use after free in SwiftShader
> [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (2/2)
> [Backport] CVE-2022-0109: Inappropriate implementation in Autofill (1/2)
> [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE
> [Backport] Security bug 1268448
> Replace base::ranges::set_union with std::set_union to fix MSVC2017 build
Task-number: QTBUG-99721
Task-number: QTBUG-101053
Change-Id: I7a834174f05381b1445ee4b222a4e7e67f13472c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For certain types of redirect navigations (for example, with a non-default
useragent set) 'IsLoadingToDifferentDocument()' can be unexpectedly false.
In such cases 'navigation_handle->IsSameDocument()' also returns false.
Fixes: QTBUG-94924
Change-Id: Ie2c17127e1a00ffc515829526320ba2f71d45af5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 8b5e3a46f253cd82dc48bc20c4233f1bf79fcb87)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Delegate printing task down to the guest WebContents if any is present.
Also update PrintWebViewHelperDelegateQt to find the plugin element
properly for printing.
Task-number: QTBUG-98941
Change-Id: I81004a2275e0870a17565af527b1450472afb24b
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 455efe7ef204c6cd8de72b9b1f922f1681f58589)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
We used to have this, but it got dropped at some point in an adaptions.
Fixes: QTBUG-99263
Change-Id: I3bf86a1b42edca0cd792723c85d7dcb7877fea37
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit fbaab46becbf5ea063a8b4a01abf8cd1d4a1725d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 0ad281437..48a205f9e:
> Do not overwrite signal handlers in the browser process.
> [Backport] Copy 'name_' member during StyleRuleProperty::Copy
Change-Id: Ifd4b0c0d130d024e6b97f6898180d9b39cf19814
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
| |
Chromium defaults to using it now
Change-Id: I24f711ad0a7811b6ab644cef78a1ae0fac7b3d42
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty b77d64307..0ad281437:
> [Backport] CVE-2021-4102: Use after free in V8
> [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
> [Backport] CVE-2021-4099: Use after free in Swiftshader
> [Backport] CVE-2021-4098: Insufficient data validation in Mojo
> Try to fix build on Apple Monterey
> [Backport] Handle long SIGSTKSZ in glibc > 2.33
> [Backport] abseil-cpp: Fixes build with latest glibc
Fixes: QTBUG-99403
Change-Id: I24fe2b4cc0834200296c345fb29ffe5d1d4b1bb0
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
| |
Change-Id: I0971900ab654e7426359204d6bddbc61c38143e9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
The signal is updated much faster for paused media now.
Fixes: QTBUG-98918
Change-Id: Ifa3b54e212436a7c93e101dc244d7edcbf473b63
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b6099cd9d1efab2af4a38476b3f543796f26f065)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty bfc2de04..b77d6430:
> Bump V8_PATCH_LEVEL
> [Backport] CVE-2021-4078: Type confusion in V8
> [Backport] CVE-2021-4079: Out of bounds write in WebRTC
> [Backport] Security bug 1259899
> [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
> [Backport] CVE-2021-4059: Insufficient data validation in loader
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
> [Backport] CVE-2021-4057: Use after free in file API
> Use wglSetPixelFormat directly only if in software mode
> Compile with GCC 11 -std=c++20
Task-number: QTBUG-98854
Change-Id: I7279387c9c7afece1eb51abb2f68d2e65f4dd31f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
| |
Add feature to enable compilation with static runtime.
Fixes: QTBUG-94046
Change-Id: I6e150cfaad020dfd942c45111139556b7e50dce5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Adds -fembed-bitcode-marker for debug or -fembed-bitcode
in case of release.
Fixes: QTBUG-94368
Change-Id: I65031a545517799245e8d08d79e78141d26e9c58
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8c0a9b44..bfc2de04:
> [Backport] CVE-2021-37996 : Insufficient validation of untrusted
input in Downloads
> [Backport] CVE-2021-38001 : Type Confusion in V8
> [Backport] Security bug 1252858
> [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
> [Backport] Dependency for CVE-2021-37989
> [Backport] CVE-2021-38022: Inappropriate implementation in
WebAuthentication
> [Backport] CVE-2021-38012: Type Confusion in V8
> [Backport] CVE-2021-38010: Inappropriate implementation in service
workers
> [Backport] CVE-2021-38021: Inappropriate implementation in referrer
> [Backport] CVE-2021-38005: Use after free in loader (3/3)
> [Backport] CVE-2021-38005: Use after free in loader (2/3)
> [Backport] CVE-2021-38005: Use after free in loader (1/3)
> [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
> [Backport] CVE-2021-38007: Type Confusion in V8
> [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
sandbox
> [Backport] CVE-2021-38009: Inappropriate implementation in cache
> [Backport] Dependency for CVE-2021-38009
> [Backport] CVE-2021-38015: Inappropriate implementation in input
> [Backport] CVE-2021-38018: Inappropriate implementation in
navigation
> Revert "Stop orphan child processes from staying alive on Windows"
> Fix stack overflow on gpu channel recreate with an error
> [Backport] Security bug 1245870
> [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
> [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
> [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
> [Backport] CVE-2021-37987 : Use after free in Network APIs
> [Backport] CVE-2021-38003 : Inappropriate implementation in V8
> [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
attack bypasses all existing protection mechanisms
> [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in
xmlEncodeEntitiesInternal() in entities.c
Task-number: QTBUG-98854
Fixes: QTBUG-98855
Fixes: QTBUG-98400
Fixes: QTBUG-98401
Change-Id: Idb07729bf45ed59eb8163186925095e1a1e30318
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems accessing accessibility from qt post routines ends
badly since caches are gone already.
Add closingDown() function to web context, which is similar to
QCoreApplication::closingDown(), however return true on
post routine.
Guard delete accessibility calls.
Note the widget part is not necessary, but added for completeness,
since only qml can release profiles due to garbage collection.
Fixes: QTBUG-90904
Change-Id: Ic0e7115cd17eb58f3d58f70fefbc197dfb7a6493
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 89bb3c97eee9cd4bf9fb536f024715e606e49ae0)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
The network-service isn't sandboxed anyway, so there is no added
security by the process separation.
Fixes: QTBUG-84105
Change-Id: Ie3fbda26f0cf8f31166b37a8537b7e1b6d11b560
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit bc175fb62a1d2aba9c98ba761d5e21d3d7426678)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 9f71911e3..8c0a9b445:
> Revert "[Backport] Security bug 1239116"
> [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
> [Backport] sandbox: linux: allow clock_nanosleep & gettime64
> [Backport] Linux sandbox: update syscall numbers for all platforms.
> Revert "[Backport] CVE-2021-37976 : Information leak in core"
> [Backport] Ease HarfBuzz API change with feature detection
> Bump V8_PATCH_LEVEL
> CVE-2021-37972 : Out of bounds read in libjpeg-turbo
> Add switch for static and dynamic crt
> [Backport] Security bug 1248665
> [Backport] CVE-2021-37975 : Use after free in V8
> [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
> [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
> [Backport] CVE-2021-37976 : Information leak in core
> [Backport] CVE-2021-30616: Use after free in Media.
> [Backport] Dependency for CVE-2021-30616
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
> [Backport] CVE-2021-37973 : Use after free in Portals
> [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
> [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
> [Backport] Linux sandbox: return ENOSYS for clone3
> [Backport] Linux sandbox: fix fstatat() crash
> [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
> [Backport] Security bug 1238178 (2/2)
> [Backport] Security bug 1238178 (1/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
> [Backport] CVE-2021-30630: Inappropriate implementation in Blink
> [Backport] CVE-2021-30629: Use after free in Permissions
> [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
> [Backport] CVE-2021-30625: Use after free in Selection API
> [Backport] Security bug 1239116
> [Backport] Security bug 1206289
> [Backport] CVE-2021-30613: Use after free in Base internals
> [Backport] Security bug 1227228
> [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
Task-number: QTBUG-96908
Change-Id: Ib473ba7dc4ac799288d69812d59e229118793d41
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit f0a1cb8da24518c03858b85378f9ad82b0603a1a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pinch gesture on a touchpad is expected to zoom-in and zoom-out. It has
been broken since the pinch gestures are routed because for routing the
event target has to be found. The event target is only tried to be found
on a pinch begin gesture.
As a fix, handle Qt::BeginNativeGesture and Qt::EndNativeGesture events
too.
Fixes: QTBUG-96930
Change-Id: Ic8fe5bee933b5e0fbc8f5ba6234363a0a625648d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit ff54ccc82fdba26cf16b9a64b387e3b428fb3038)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Struct _XkbRF_VarDefs for XkbRF_GetNamesProp needs special cleanup
logic, but it's currently missing from API:
https://gitlab.freedesktop.org/xorg/lib/libxkbfile/-/issues/6
Workaround it with manual deinitialization.
Change-Id: I3ebe20f58199277521b31b2cd8034c92fd1f2b7f
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit acf9d9de2bb3ac195adc257f4a307e447e171614)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
XRRMonitorInfo struct is supposed to be cleaned-up after getMonitors
with a separate call to freeMonitors.
Change-Id: Iacc296d1f5e434a1d52798fe09d57833660b7952
(cherry picked from commit b868f2893b3ba2fb02d9c7212de7e01b3f9e498a)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-96849
Change-Id: I0e0a1530b8b31341c632a1fd00abd339b5152da0
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit f6f8f258be09fef90585b0228bd82a9708ef34a6)
|
| |
|
|
|
|
|
|
|
|
|
| |
We invalidate the weak pointer factory before waiting on the error
callback, meaning it will never come.
Task-number: QTBUG-96928
Change-Id: Ia5091f7398e79f835ce34dfd48f3c36859382b53
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 7c35fa991f0e523e6d0901109caceed5aaac3658)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c8087cb6..9f71911e:
> [Backport] CVE-2021-30560: Use after free in Blink XSLT
Task-number: QTBUG-94103
Change-Id: I3e43653b6b3370d71b09b52a781a3b1d6c82293e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 2acbba86362ac3a1c2d8c20390dc263875f8f09c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 24fe4f70..c8087cb6:
> [Backport] CVE-2021-30566: Stack buffer overflow in Printing
> [Backport] CVE-2021-30585: Use after free in sensor handling
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1228036
> [Backport] CVE-2021-30604: Use after free in ANGLE
> [Backport] CVE-2021-30603: Race in WebAudio
> [Backport] CVE-2021-30602: Use after free in WebRTC
> [Backport] CVE-2021-30599: Type Confusion in V8
> [Backport] CVE-2021-30598: Type Confusion in V8
> [Backport] Security bug 1227933
> [Backport] Security bug 1205059
> [Backport] Security bug 1184294
> [Backport] Security bug 1198385
> [Backport] CVE-2021-30588: Type Confusion in V8
> [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
> [Backport] CVE-2021-30573: Use after free in GPU
> [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
> [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
> [Backport] CVE-2021-30541: Use after free in V8
> [Backport] Security bugs 1197786 and 1194330
Task-number: QTBUG-94103
Task-number: QTBUG-95581
Change-Id: I1900426d64727fc065d438a0e4b3b9e916d537c0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 1b9897bbe11c6ed6b27fe45b6faa20f300149b99)
|
| |
|
|
|
|
|
|
| |
Newer MSVC 2019 versions reports this number
Change-Id: Iab20de746416705f10f7da95eeb319815512e07d
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Do not try to use WebContentsDelegate of a guest WebContents.
Pick-to: dev 6.2
Task-number: QTBUG-95269
Change-Id: If7bbd25bcac26c30a4ff1bee3f732ba01215ec4b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
