summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Update ChromiumMichal Klocek2018-05-311-0/+0
| | | | | | | | | | | Pulls in security patches: * CVE-2018-6120 * Security Bug 831984 * Security Bug 816768 * Security Bug 797298 Change-Id: Iaced3c596f231b54db196a659a879317e421cfd2 Reviewed-by: Kai Koehne <kai.koehne@qt.io>
* Update ChromiumMichal Klocek2018-05-281-0/+0
| | | | | | | | | | | Pulls in security patches: * CVE-2018-6115 * CVE-2018-6114 * CVE-2018-6118 * CVE-2018-6103 Change-Id: Id587c97d7618f97934bc7315c128d89ed459ea2f Reviewed-by: Kai Koehne <kai.koehne@qt.io>
* Update ChromiumMichal Klocek2018-05-281-0/+0
| | | | | | | | | | | Pulls in following commits: * d2d69ca7 [Backport] CVE-2018-6101 * b22f4f24 [Backport] CVE-2018-6096 * f3987062 Fix compilation with system ICU 60 * 35636b81 Fix build with GCC 8.1.0 Change-Id: Ida2f51fca3966ee7d24748838c9e511f716a2888 Reviewed-by: Kai Koehne <kai.koehne@qt.io>
* Update ChromiumMichal Klocek2018-05-281-0/+0
| | | | | | | | | | | Pulls in security patches: * CVE-2018-6085 * CVE-2018-6086 * CVE-2018-6088 * CVE-2018-6090 Change-Id: I2f8fdd4c0139d558fc26609d457719cad54ae784 Reviewed-by: Kai Koehne <kai.koehne@qt.io>
* Only add the first found widevine CDMAllan Sandfeld Jensen2018-05-171-0/+1
| | | | | | | | | | | Otherwise Chromium will pick the last added, meaning we will use the wrong one. Task-number: QTBUG-64071 Change-Id: Id5c939b6a5c70643ed047625c0cbb152dd8c7169 Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io> (cherry picked from commit bd3687d2c5cc78e7571406471689b2d0fafbb1bf) Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Update ChromiumAlexandru Croitor2018-05-021-0/+0
| | | | | | | | Pull in the following changes: a684d354b0 Remove NOTREACHED in ScreenWin::GetNativeWindowFromHWND Change-Id: I4c25ca1b6a6297f1bf36e738f212410595bf75ae Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Update Chromiumv5.9.5Kai Koehne2018-04-101-0/+0
| | | | | | | | | | | | Pulls in patches for mitigating issues with Certificate Transparency 4f2e755be2 Import latest log_list.json from Chromium 70b89b1709 [BACKPORT] Certificate Transparency: Generate the known logs list from JSON Task-number: QTBUG-67577 Change-Id: I120eeadb87e7c0a85388809444540d105f2aae4b Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Implement IsMostRecentDownloadItemAtFilePath callMichal Klocek2018-03-162-0/+22
| | | | | | | | | Implement IsMostRecentDownloadItemAtFilePath for download_manager_delegate_qt. This is required for CVE-2018-6033. Change-Id: I9f48dfa159d684f0fda894e68b81ff622aceaae2 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-141-0/+0
| | | | | | | | | | | Pulls in security patches: * [Backport] Security Bug 798410 * [Backport] Security Bug 806122 * [Backport] Security Bug 789764 Change-Id: I87f745606f2ff1269b12803bd44e09fe0f68a218 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-131-0/+0
| | | | | | | | | | | | Pulls in security patches: * [Backport] CVE-2018-6060 * [Backport] CVE-2018-6062 * [Backport] CVE-2018-6064 * [Backport] CVE-2018-6082 Change-Id: I15e425565fa58a74ed30f62531f3a439b216cbe4 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-131-0/+0
| | | | | | | | | | | | Pulls in security patches: * [Backport] CVE-2018-6081 * [Backport] CVE-2018-6079 * [Backport] CVE-2018-6076 * [Backport] CVE-2018-6073 Change-Id: Ibe0db5c9d0abca446b83b41cac93f746487e7b7b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-121-0/+0
| | | | | | | | | | | | Pulls in security patches: * [Backport] Security Bug 774833 * [Backport] Security Bug 770734 * [Backport] CVE-2018-6071 * [Backport] CVE-2018-6069 Change-Id: I370615bf25f789610592f3b37ab45dbeb6225700 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-121-0/+0
| | | | | | | | | | | | Pulls in security patches: * [Backport] CVE-2017-15429 * [Backport] CVE-2018-6054 * [Backport] CVE-2018-6052 * [Backport] CVE-2018-6040 Change-Id: I95596d78f04b85d013f6c13b3b2521d75549c9c3 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-091-0/+0
| | | | | | | | | | | | Pulls in security patches: * [Backport] CVE-2018-6051 * [Backport] CVE-2018-6048 * [Backport] CVE-2018-6047 * [Backport] CVE-2018-6038 Change-Id: I0d0a4c133dd82e0b57c572db1df756bd34e09f6a Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumMichal Klocek2018-03-081-0/+0
| | | | | | | | | | | | Pulls in security patches: * [Backport] CVE-2018-6031 * [Backport] CVE-2018-6033 * [Backport] CVE-2018-6034 * [Backport] CVE-2018-6037 Change-Id: I5808afbdd1e0407aafb1b785c3a08d75cd6ea141 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Separate argv for QCoreApplication and Chromium in WebEngineProcessKai Koehne2018-02-261-3/+25
| | | | | | | | | | | | | | | | | On Linux, Chromium manipulates argv, merging all command line arguments into argv[0] and deleting the other arguments - see set_process_title_linux.cc for the glory details. This potentially confuses QCoreApplication::applicationDirPath(), which assumes that argv[0] contains the binary path. This in turn caused a regression in Qt 5.9.4 where resource files could not be located anymore for QtWebEngineProcess. Avoid this by making two distinct copies of argv already in main(). Task-number: QTBUG-66346 Reviewed-by: Michal Klocek <michal.klocek@qt.io> (cherry picked from commit 488b8e8ed01018c155812e5cfb06162a5e216c7a) Change-Id: I22f0abf9e8a253a9cfcf919cdea6940a440a73e6
* Fix crash on accessing WebEngineView properties too earlyPeter Varga2018-02-071-0/+4
| | | | | | | | | | | WebContentsAdapter is not created together with the QQuickWebEngineView. Thus querying a view property can lead to a crash if it uses the adapter. This fix adds the missing guards for contentSize and scrollPosition as it is done for similar WebEngineView properties. Task-number: QTBUG-65942 Change-Id: I9c2668a059b08325629f5730608280ba7f3669cf Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
* Shutdown storage in browser context adapter destructorMichal Klocek2018-02-051-1/+1
| | | | | | | | | Shutdown storage should take place in destructor, otherwise it might get recreated on web content destruction. Task-number: QTBUG-66081 Change-Id: Ibba3fce50e05e09131cf45061320a9f99267babd Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Disable shared workersAllan Sandfeld Jensen2018-01-312-0/+3
| | | | | | | | | | The feature has been redesigned for security reasons in 64. [ChangeLog][General] SharedWorkers have been disabled as they have been changed in the newest spec for security reasons. Change-Id: I3d0e03f170ef646a0352a38b65030bb4c06f3397 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Fix QWebEngineDownloadItem::type()Jüri Valdmann2018-01-193-10/+17
| | | | | | Task-number: QTBUG-62640 Change-Id: I2b16f24533b38c20a7071319723382ba240e35f3 Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
* Fix incorrect GLX pbuffer attributes terminatorFrank Richter2018-01-181-1/+1
| | | | | | | | | The glXCreatePbuffer() documentation states that the attributes list must be terminated with "None or NULL". However, GLX_NONE does not have a null value. Mesa is sensitive to this. Change-Id: I9606d95a6a0dadec446496abb8e0213950e3d700 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Fix qmake recursive callMichal Klocek2018-01-161-7/+7
| | | | | | | | | Change order of parsing buildtools.pro to avoid missing toolchain generated files. Change-Id: I40456cbf38573903c119313d036e4c2aea039b16 Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io> Reviewed-by: Kai Koehne <kai.koehne@qt.io>
* Merge "Merge remote-tracking branch 'origin/5.9.4' into 5.9" into ↵Allan Sandfeld Jensen2018-01-161-0/+0
|\ | | | | | | refs/staging/5.9
| * Merge remote-tracking branch 'origin/5.9.4' into 5.9Allan Sandfeld Jensen2018-01-151-0/+0
| |\ | | | | | | | | | Change-Id: I63420b008c4511022868175ebac60949cf8aa434
| | * Update Chromiumv5.9.4Allan Sandfeld Jensen2018-01-151-0/+0
| | | | | | | | | | | | | | | | | | | | | Pull in SPECTRE mitigation Change-Id: I3849adce737c5518d02a5b27431bac50224c2065 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
| | * Update ChromiumMichael Brüning2018-01-111-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulling in the second set of security patches from Chrome 63. Changes: eebf32c32027 [Backport] Fix UAF in SetVisible(). a6ca6057e7e9 [Backport] [BlobStorage] Fixing potential overflow 0f0ad4d73977 [Backport] Fix a range bug in Persian calendar 81ed5d7a47a2 [Backport] Cherry-pick the entire fix for Persian calendar 9b1e7a460573 [Backport] Add size_t variants of constant-time functions. 941bccbf33f5 [Backport] Clear bottom three bits of password scalar in SPAKE2. 1f43353c961a [Backport] Change the script mixing policy to highly restrictive Task-number: QTBUG-65042 Change-Id: I668700e17f89297bbf2593a248f301f56904c72c Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
| | * Update ChromiumAllan Sandfeld Jensen2018-01-091-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulling in the first set of security patches from Chrome 63 Changes: 4318c22e5167 Add missing .gitattributes -file in 3rdparty submodule eb4e4c294b56 [Backport] Fix OOB Write in QuicStreamSequencerBuffer::OnStreamData 13d8b0ed6a3a [Backport] Remove unsafe align4 call 93362702cc7e [Backport] Don't clear DnsAttempts that have received a response eeffcf490fd6 [Backport] Serialize struct tm in a safe way. 864b219901f8 [Backport] Simplify / fix SkBitmap::ReadRawPixels() 13827fc77195 [Backport] Resource Timing: Do not report subsequent navigations within subframes 07527dc5cae2 [Backport] Make CPWL_Wnd classes be observable. 0ce0976538dc [Backport] Setting focus on a widget may destroy the widget Task-number: QTBUG-65042 Change-Id: I6bb1b93d37111ada696ae77c2b2c04ecc17d2ca3 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* | | Protect QML profiles as well as coreAllan Sandfeld Jensen2018-01-157-54/+181
|/ / | | | | | | | | | | | | | | | | Moves QWebEngineBrowserContext to core and makes use of it from both widget and qml. Change-Id: I34748f302b0515b11b5831690d28478dfa6a852b Reviewed-by: Michal Klocek <michal.klocek@qt.io> Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
* | ProxyConfigServiceQt: Use default HostPortPair for SCHEME_DIRECTJüri Valdmann2018-01-151-8/+6
| | | | | | | | | | | | | | | | | | Unlike QNetworkProxy, Chromium's net::ProxyServer expects the hostname and port to be at default values for special schemes (DIRECT and INVALID). Otherwise, a DCHECK is triggered at proxy_server.cc:73. Change-Id: I1ac6c425ea03fcbfe084d25c2fd05bf174c753d6 Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io>
* | Fix backward compatibilityPeter Varga2018-01-082-0/+9
| | | | | | | | | | | | | | | | | | - Guard QTemporaryDir::filePath (5.9) usage in the drag and drop implementation. - Guard QQuickItem::mapToGlobal (5.7) usage in the Quick context menu implementation. Change-Id: If383fa55fbbd1b2a3fe4abd57373598a1703786c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* | Fix access after free on shutdownAllan Sandfeld Jensen2018-01-056-9/+44
| | | | | | | | | | | | | | | | | | | | After we keep around the browser-context after the profile is deleted it was keeping pointers to deleted objects and would sometimes use them on shutdown. Change-Id: Ib67d0ee0b27cb1a1b64d9b8b4c348ed418b9bbc3 Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu> Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* | Initialize ScreenWin singleton to fix dpi glitches on WindowsKai Koehne2018-01-041-1/+8
|/ | | | | | | | | | | | | | | | Static function ScreenWin::GetSystemMetricsInDIP returned an incorrect (already scaled) size for the scrollbars. To take system scaling into account an instance of the ScreenWin singleton has to be created once. So let's use ScreenWin directly, instead of DesktopScreenQt, which is just a mock object anyway. [ChangeLog][Windows] Fixed issues with too large scrollbars on Hi-DPI monitors. Task-number: QTBUG-60705 Change-Id: I7cbc10e98b2a5217b0a0e78afb32818c1cb199d7 Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io> Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io>
* Doc: QWebEngineUrlRequestJob: mention when to delete the deviceDavid Faure2017-12-201-0/+7
| | | | | | | | | | It's used from another thread, so it shouldn't be deleted immediately, and it's not deleted by the QtWebEngine code, so tell people to do it themselves at the right time. Change-Id: I54786be320f5fe82f144e7b1c2e6137260d9ceab Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Update ChromiumAlexandru Croitor2017-12-181-0/+0
| | | | | | | | 2ee59e45bd Fix hanging of process when application is closed too fast cdecf3ca05 Silence most spurious warnings with gcc Change-Id: I220ec63538e13cd5e71552a5f6d99de564a3f0ea Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Hardcode default argument for mimetype in ::setContentKai Koehne2017-12-183-9/+9
| | | | | | | | | | | | | | | | The docs were wrong in that the default is actually text/plain with US-ASCII encoding (see e.g. data_url_unittest.cc). Anyhow, saying it might change in the future does not help anyone, and is actually a potential security risk - see e.g. the discussion about 'magic' in QTextEdit::setText(). Because of this, it's unlikely that Chromium ever changes the default. Anyhow, we can as well hardcode the default, and document it then. Change-Id: I949111598a30fa69d152d3e98d76e9d96df92d54 Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io> Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Turn off caching of images rendered for the printerMichael Brüning2017-12-143-19/+15
| | | | | | | | | | | | | | | When printing very large documents using the QPrinter-based API, it was possible to run out of memory because the images that pdfium has generated was cached for reuse when printing multiple copies of the document. Caching the images is now removed as printing multiple copies is not the default use case and is nowadays often also handled by the printer itself. Task-number: QTBUG-58400 Change-Id: I27bd17b33a839a845ca1b387b0c3bd0466b6592f Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix invalid access in currentTimeForEventAlexandru Croitor2017-12-141-1/+2
| | | | | | | | | The method currentTimeForEvent() tried to access the timestamp() method for a QEvent::Leave event. Leave events are regular QEvents and not QInputEvents, and thus have no such method. Change-Id: Iecc20d239b0e2a5b39b995dabdd7ca8fb44491aa Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix QSGSoftwareLayer renderingJüri Valdmann2017-12-131-1/+1
| | | | | | | | Software layers (added in qtdeclarative 5.8) also need updating. Task-number: QTBUG-62867 Change-Id: If7a941d7e360871822e1776cde3845abcb1f7efa Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Fix favicon update from JavaScriptPeter Varga2017-12-131-0/+3
| | | | | | Task-number: QTBUG-64967 Change-Id: Ida79d6cdb682d510e9a2e91e3e3ca263acf34a99 Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io>
* Check for null renderViewAllan Sandfeld Jensen2017-12-111-4/+10
| | | | | | | | | | | It can according to documentation potentially be null, even if it might not happen in our cases. Task-number: QTBUG-63854 Change-Id: I76029c83fe32c163c2707568fe81b7590a79b4fe Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io> Reviewed-by: Michael Brüning <michael.bruning@qt.io> Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io>
* Refactor QWebEngineView tooltip handlingPeter Varga2017-12-082-6/+28
| | | | | | | | | Hide tooltip on empty text and make tooltips more fluent by ignoring duplicate requests. Task-number: QTBUG-64933 Change-Id: Ib82cb06ceda938548429cd694b849a2faadd2633 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix Message Bubble position for High-DPIPeter Varga2017-12-051-4/+18
| | | | | | | Task-number: QTBUG-64812 Change-Id: I9df71253cf6c541622e431b1ff444fc49269d0c3 Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix viewport supportAllan Sandfeld Jensen2017-12-021-2/+3
| | | | | | | | | Set the viewport related preferences together. Task-number: QTWB-2 Task-number: QTBUG-57206 Change-Id: Ib06bf0159d0e0d77d963f8fa3752b668e4795f8b Reviewed-by: Michal Klocek <michal.klocek@qt.io>
* Ensure BeginFrameSource is created before useJüri Valdmann2017-11-291-6/+5
| | | | | | | | | | | | | | | In RenderWidgetHostViewQt::RenderWidgetHostViewQt we first call m_host->SetView(this) and then initialize the m_beginFrameSource member. However, since Chromium 55, m_host->SetView(this) ends up calling RenderWidgetHostViewQt::SetNeedsBeginFrames which already needs the m_beginFrameSource member. Fix by initializing m_beginFrameSource before calling m_host->SetView(this). Task-number: QTBUG-64560 Change-Id: Idda188977d0eec0656297fb4e3f3b3d2302f5eba Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Fix crash on exit-fullscreen using context menuAllan Sandfeld Jensen2017-11-291-1/+2
| | | | | | | | The context menu does not like when we delete current widget while handling the context menu actions. Change-Id: I18dc9d19ae2a669c97c9d4bc833950fcdc0204b0 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
* Fill pointerType member of pointer eventsSzabolcs David2017-11-242-1/+3
| | | | | | | | | | | | | | Fix pointerType of the currently supported (mouse and touch) events. Support of pen and eraser types is coming with QTBUG-62975. Backport of 5.10 fix: 64ad0e8b335509970062ba550a06018426b7c285 Task-number: QTBUG-63266 Task-number: QTBUG-64436 Change-Id: Ief32b9680ab5acfb15537aba74c2bcdd6f51c978 Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
* Restore loading libEGL and libGLES2 symbols implicitlyMichal Klocek2017-11-151-30/+20
| | | | | | | | | | | | | | | This recommits d4c621f6a6b87f2a86069fa393b9f7c4f9e7b9ad and fixes the issue that on some platforms "eglGetProcAddress" call was not resolved. On some platforms libGLESv2 does not link to libEGL and eglGetProcAddress is resolved in qpa plugin, therefore use it as fallback. Task-number: QTBUG-63341 Task-number: QTBUG-57761 Change-Id: I14f0853a1b92f8f2a9ae7e40f16ce80ab55db331 Reviewed-by: Viktor Engelmann <viktor.engelmann@qt.io>
* Merge remote-tracking branch 'origin/5.9.3' into 5.9Allan Sandfeld Jensen2017-11-141-0/+0
|\ | | | | | | Change-Id: Iceb6449776de31c9a2716ed83377ad432f2992b0
| * Update ChromiumAlexandru Croitor2017-11-121-0/+0
| | | | | | | | | | | | | | | | | | | | Changes: a83d8cdb8d [Backport] Fix Stack Buffer Overflow in QuicClientPromisedInfo::OnPromiseHeaders Change-Id: I1a3f36a84d5f4838912bb5b6716f94282b064299 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| * Update ChromiumAlexandru Croitor2017-11-091-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: c394f9bd67 [Backport] Ensure REG_SZ and REG_MULTI_SZ are null 180b9b53aa [Backport] IDN display: Block U+0307 after i or U+0131 4398e36a05 [Backport] Fix for CVE-2017-15396 [2/2] 8d7c3609b1 [Backport] Fix for CVE-2017-15396 [1/2] d95317e241 [Backport] Remove getOptimalLanguageTag logic 2d6e9c3fc4 [Backport] Fix for CVE-2017-15387 f84377a4e0 [Backport] Fix for CVE-2017-15386 ebccd98fb3 [Backport] Cherry pick: Don't allow iteration through da91cdeb1f [Backport] Fix for CVE-2017-5133 Change-Id: Ie85db1786594bac1feba2c7ca3e26559edfff7f2 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 05:45:04 +0000