| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bd792030 [Backport] Fix for security issue 951322
* b82fa580 [Backport] Fix for CVE-2019-5827
* 77de851f [Backport] Fix for CVE-2019-5825
* 3b283bc5 [Backport] Fix for CVE-2019-5826
* 546e8a27 [Backport] Fix for CVE-2019-5824
* 1660b7b1 [Backport] Fix for security issue 894933
* 048b1aee [Backport] Fix for security issue 937663
* bf0e274c [Backport] Fix for security issue 908669
* b8f953da [Backport] Fix for security issue 931949 (2/2)
* 422411de [Backport] Fix for security issue 931949 (1/2)
* f659a4d7 [Backport] Fix for security issue 939316
* f3378a1c [Backport] Fix for security issue 940205
* af9444ec [Backport] Fix for security issue 949015
* 8f58d94e [Backport] Fix for CVE-2019-5823
Task-number: QTBUG-75497
Change-Id: Id4330b3d08a444dcd95d072905dac6da212fd93b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* 41a5b412 [Backport] Fix for CVE-2019-5822
* 233802ed [Backport] Fix for CVE-2019-5821
* c9ade8f0 [Backport] Fix for CVE-2019-5820
* c2dbb31a [Backport] Fix for CVE-2019-5819
* 7a8ae930 [Backport] Fix for CVE-2019-5818
* b5436c7a [Backport] Fix for CVE-2019-5815
* d3584684 [Backport] Fix for CVE-2019-5814
* 891c0a91 [Backport] Fix for CVE-2019-5808
* 23e798e8 [Backport] Fix for CVE-2019-5806
* 4d6500c2 [Backport] Fix for CVE-2019-5805
* 7b6a459e Try different versions when creating a CoreProfile context on macOS
Task-number: QTBUG-75497
Task-number: QTBUG-73799
Change-Id: Ica812747467fc02a142f83d8638ec995589f1e5a
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Chromium sources contain assembly code that causes the library to
default to executable stack (the linker requires that *all* .o files
have a .note.GNU-stack section in order to default to
non-executable). So add the -z noexecstack linker flag to change the
setting.
The other libraries are not affected.
Change-Id: I0bf9ebeb5aa34d19be30fffd15a3d3063dea2005
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support --auth-server-whitelist
Read it and pass it to an HttpAuthPreference.
Change-Id: I37c23f4d777ff11b2c0480fa9c28ea6fbe029737
Task-number: QTBUG-75539
Task-number: QTBUG-57729
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
(cherry picked from commit b81d7095825cdd4f486e83894c801e596f248936)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls in the following changes:
11c5d00ab75 Use MessagePumpMac for desktop capture thread on macOS
Fixes: QTBUG-76045
Change-Id: I9fe920afeb39b34b837d9a5603c79e128942922d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix issues with messed up linker path:
* do not use LIBS_PRIVATE on linux at least for passing object
and archive responses files.
* do not use QT and QT_PRIVATE with same libs, it simply
includes libs in LIB and LIB_PRIVATE so doubles linker libs.
* remove bogus dependency for gui and core for webengineheaders pseudo module.
* remove unused egl config flag
Fixes: QTBUG-75832
Task-number: QTBUG-75357
Change-Id: I1720394e636e3f89d546f372b10932dd4ad395fe
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit ee12b53eba009e8a3ca12ef77031d9a48c609cb4)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For yocto builds linker can get quite long path
since all archives are listed as absolute paths.
This can end up as "execvp: /bin/sh: Argument list too long"
Use rsp files also for archives.
Change-Id: I096e2f35ed72b68261bf465e84baddd1f78cd917
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 546c42e42643a209d893d5291c26c3f8ef7102a3)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Do not set path if it ends with separator or if
it matches with an already existing directory name.
Task-number: QTBUG-75566
Change-Id: I4b78b28afe034c7589633c569a4945a36b32008e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Configure tests must run in a clean environment. That's why functions
that are defined below the mkspecs directory are discarded during the
configure run. As a result, extractCFlag could not be found when
running qtConftest_hasThumbFlag.
This patch moves extractCFlag to src/core/config/functions.pri. Also,
extractCFlag gets a qtwebengine_ prefix to avoid collisions with
functions defined in other modules. The alias extractCFlag in
functions.prf lets us use the old function within QtWebEngine itself.
Fixes: QTBUG-75748
Change-Id: I6be613fbc569d5f7b3c145ef44b9a7be8e2ecb9d
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure the HTTP referer is properly placed on a request when it's set
via the QWebEngineUrlRequestInterceptor.
Added test case to catch future incidents.
Fixes: QTBUG-60203
Change-Id: Ida2f713a7352c3199fc9f8e15b5d8350d50afdda
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
To suppress QDoc warnings in the doc snapshot server:
http://doc-snapshots.qt.io/qt5-5.13/qdoc-warnings.log
Change-Id: I75a54cb584251877e329c22c380ec4ae5f95f2fb
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls in the following changes:
* 8d400b02 Fix crashes due to pa_context_get_server_info
* b439cd9e Link with -latomic on mipsel
* 4c061bfd Fix building GN with VS 2019
Change-Id: I26bef10d1ad051d29dd4a809d8c089a157d93ea9
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Fixes: QTBUG-69567
Change-Id: Icdf5a200f7be1eb7a98cce62848e3a641c49e804
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Disallow installing handler for "about" and everything in kStandardURLSchemes of
url/url_util.cc. Except for "gopher" which is used in tests. Suppress warning
about custom schemes for "gopher" since it's not a custom scheme.
Also lowercase the scheme in urlSchemeHandler() and removeUrlSchemeHandler().
Change-Id: I72b06d4fa6433882019405a0d600a593c8971bf1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
This amends 26ac59af2306
Fixes: QTBUG-75465
Change-Id: I22df5dc851f80724a44c028310269289548dacc5
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
|
|
|
|
|
|
|
|
| |
Deregistering the widget or deleting the view should be able to handle
a now missing d_ptr in the old page.
Change-Id: Ic843f7bde12776b6aad4fad865ccf14a25695154
Fixes: QTBUG-75547
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
| |
...by overloading QWebEnginePage::acceptNavigationRequest()
Task-number: QTBUG-75185
Change-Id: Ieaf9cacd5dd9259159767edba319191cf93f19ad
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Pass the ownership on to the the new view, so it is still handled like
an implicit page.
Change-Id: I76ad3cb349a492e60e3ad2bdd4aebaabed07bd4f
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
| |
Change-Id: I05ef67b81d9b871d38fcc51639b742b2a7b8a387
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-75212
Change-Id: I1d1a99d9a5b6684d23e51cf55d384e7dfee6ef2a
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
QPageLayout::pageSize() is always defined in portrait orientation.
Removing margins without considering the actual orientation was incorrent.
Use QPageLayout::paintRect() instead.
Task-number: QTBUG-75092
Change-Id: I34c19d3f0587ae21da2d985e3107b6ec673f53d0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Also fix QWebEnginePage::setView not deleting old page
Also fix wrong page being deleted if it's parented to the view.
Fixes: QTBUG-75131
Fixes: QTBUG-75175
Change-Id: Ie4dfb15b3182de7aa3a94cddcac54ea40a86121b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Pull in 3rdparty patch and add test.
Fixes: QTBUG-74864
Change-Id: I5440f58ff55297c2a51f896d43f479404ff6ca2f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Delegate assumed to be owned and released by BrowserContext instance
Change-Id: I1b5dc3ad2ace6f5c40b9f56e7ed7eb6b23b60925
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes regression, introduced by the fix for QTBUG-66011, where setting
JavascriptEnabled to false stops all scripts from running instead of only
MainWorld scripts (as documented). Only the DocumentCreation injection point is
affected.
The original change which introduced the regression consisted of moving the
DocumentCreation injection point from
ContentRendererClient::RunScriptsAtDocumentStart
to
RenderFrameObserver::DidClearWindowObject.
The problem of scripts not working on view-source URLs was fixed by this move,
but it turns out that the call to DidClearWindowObject happens to be conditional
on Document::CanExecuteScripts and this is, of course, false if JS is disabled.
Hence the regression.
This new patch moves the injection point again to a task launched from
RenderFrameObserver::DidCommitProvisionalLoad.
DidCommitProvisionalLoad and DidClearWindowObject are both indirectly called
from DocumentLoader::InstallNewDocument, however the former is called before the
Document is opened and is therefore too early for script execution. As such, the
execution is delayed by posting a task which, in theory, should be scheduled
very soon after the normal call to DidClearWindowObject.
Fixes: QTBUG-74304
Change-Id: Iac8714bcc5651c287b73181811af26996d955af5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|\
| |
| |
| | |
refs/staging/5.12
|
| |\
| | |
| | |
| | | |
Change-Id: I8a087fefcb9f0f1c750747d29819e53c11984b41
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pulls in security patches:
* [Backport] Security bug 933743
* [Backport] Security bug 917608
* [Backport] Security bug 916874
* [Backport] Security bug 914511
Task-number: QTBUG-74445
Change-Id: Id1ad904857e8f8e15208ae80c8c0258e3d8f4faa
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also fixes the fact that WebEngine was passing POST data to Chromium
even if the request was not a POST request. This triggered an assert
in the backported code.
3aaf2ca833c [Backport] Security bug 906739
e4e10461659 [Backport] Security bug 906437
0a717e1dbe9 [Backport] Security bug 913212
c7fa9a16957 [Backport] CVE-2019-5803
ebe1e7068ca [Backport] Dependency for CVE-2019-5802 (1/5)
597dae52a3b [Backport] CVE-2019-5802 (1/5)
64d3770e5e9 [Backport] CVE-2019-5802 (2/5)
a34d2fb5dd1 [Backport] CVE-2019-5802 (3/5)
62f25b2d83f [Backport] CVE-2019-5802 (4/5)
a63d51633ab [Backport] Dependency for CVE-2019-5802 (5/5)
c6d0023bc59 [Backport] CVE-2019-5802 (5/5)
f7fcbe53871 [Backport] Security bug 905509 (1/13)
94f1317917f [Backport] Security bug 905509 (2/13)
812a9e68a2c [Backport] Security bug 905509 (3/13)
36c2c5e8b27 [Backport] Security bug 905509 (4/13)
8b01fa3780a [Backport] Security bug 905509 (5/13)
69b772f1e9a [Backport] Security bug 905509 (6/13)
f2dfd87785a [Backport] Security bug 905509 (7/13)
ec503eae3ed [Backport] Security bug 905509 (8/13)
f5a4144a132 [Backport] Security bug 905509 (9/13)
03d8580cf59 [Backport] Security bug 905509 (10/13)
03c4a4ffb98 [Backport] Security bug 905509 (11/13)
700a4af1fb5 [Backport] Security bug 905509 (12/13)
03be3aa656a [Backport] Security bug 917707
269d53ceabd [Backport] Security bug 905509 (13/13)
d720564a5ba [Backport] Security bug 938251
85136fedbde [Backport] Security Bug 929088
037efcfdba3 [Backport] Security Bug 931640 1/2
bea83ccee0f [Backport] Security Bug 931640 2/2
dd18af1614f [Backport] Security Bug 924905
e54c1076009 [Backport] Security Bug 919572
258feedf8e1 [Backport] Security Bug 919340
f4f1e852df5 [Backport] CVE-2019-5789
8566ec6cc21 FIXUP: [Backport] Security bug 905509 (3/13)
3d59c5717de FIXUP: [Backport] Security bug 906739
dd6863f4aea FIXUP: [Backport] Security bug 905509
43c92056fab FIXUP: [Backport] CVE-2019-5802
d6d21a17c5a FIXUP: [Backport] Security bug 913212
a4a129005d8 FIXUP: [Backport] Security bug 905509
38a6ae037ee FIXUP: [Backport] Security Bug 924905
d147ad350da FIXUP: [Backport] Security bug 905509 (3/13)
Task-number: QTBUG-74445
Change-Id: Ic8d750bc89950c0e020eb43881dbf03328108940
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|/ /
| |
| |
| |
| |
| |
| | |
Task-number: QTBUG-74698
Task-number: QTBUG-74251
Change-Id: I4358feb7fb28b226edb24ed10611e797fcd3c326
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|/
|
|
|
|
|
|
|
|
| |
Remove the previous workaround (internal \externalpage command) that
was used for this purpose, and replace it with a \QWE macro that
expands to the string 'Qt \WebEngine'. The backslash in the expanded
string instructs QDoc not to attempt auto-linking the word.
Change-Id: If4e1c95423fa07479b1af055e4760a890c0ac667
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
|
|
|
|
|
|
|
| |
Based on https://chromium-review.googlesource.com/c/chromium/src/+/1432882
Task-number: QTBUG-74764
Change-Id: I74b4711f5146d2d2261487f13ccac702b9aa969e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
The modern media controls in 69-based were not completely ready, so
stay with the legacy media controls until 5.13.
Fixes: QTBUG-74484
Change-Id: I06de16d8210341443a10d8c984f1978d373de0d9
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
| |
Go back to making the tooltip richtext, but set a white-space:pre to
keep the tooltip mostly unwrapped.
Fixes: QTBUG-74659
Change-Id: I5e30ee0098a608eda969b090355915a75f55405f
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in security patches:
* [Backport] CVE-2019-5787
* [Backport] Security bug 906652
* [Backport] CVE-2019-5797
* [Backport] Dependency for CVE-2019-5797 2/2
* [Backport] Dependency for CVE-2019-5797 1/2
* [Backport] CVE-2019-5795
Change-Id: I273570d8c5d57e0ce441a6509360d862f2568bab
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Some things controlled by the OFFICIAL_BUILD defined are commented as
unsafe to ship in production, so we need that as well.
Note that GOOGLE_CHROME and OFFICIAL_BUILD are two different settings,
so this just denotes the build as one shipped in production.
Change-Id: I1fdcfec7f5c5142dd2bdc5f1d1f9a296a60e5708
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
| |
This logic was incorrectly stripped out in adaptations
for Chromium 68, but is still needed.
Fixes: QTBUG-74519
Change-Id: Iefe7aba352bd43148898c1abeea34f4afe354d72
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
| |
Follow the other implementation and pass TakeFocus to WebContents
Delegate, and hook to our UI from there. Also fixes use of Blur instead
of LostFocus, which means we now render unfocused more correctly.
Change-Id: I34a1882489bc68b9ff36ed5139af0ee8a3a95b79
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
| |
Fixes false navigation type on http-equiv refresh, and javascript
redirects.
Task-number: QTBUG-74490
Change-Id: Ie6fa5c94ae9642a7e9c689198a4977747f4101ce
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in security patches:
* [Backport] CVE-2019-5794
* [Backport] CVE-2019-5793
* [Backport] CVE-2019-5792
* [Backport] CVE-2019-5791
* [Backport] CVE-2019-5790
Change-Id: I81a094398931f3c212906472005b1bb76589372f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|\
| |
| |
| | |
Change-Id: Icd8a5966a160e2466dc32a89d4ed7d904a3bcb4c
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in latest security fix from 72 releases, one which is actively
exploited.
Fixes: QTBUG-74254
Change-Id: Iaef4cecb15295e45a795bc37cc1b467de5cc7bc1
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adapt DownloadManagerDelegateQt::m_currentId to
https://chromium-review.googlesource.com/1144311
Update Chromium:
09516a434b [Backport] Allow DownloadManagerImpl to get InProgressDownloadManager from DownloadManagerService
b3edbf2a84 [Backport] Make DownloadManagerImpl to generate download IDs for in-progress DB
Task-number: QTBUG-70702
Change-Id: I1224643398a2084fcd5d70d2c04b105ed69c1f3d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 8600d3d22d86be364a4c29e559dda7990594d0c5)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
| |
| |
| |
| |
| | |
Task-number: QTBUG-74311
Change-Id: If912564ecd29e4f11a613905f2b9169326207ec2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add the source files within a "lupdate_run" scope.
Task-number: QTBUG-74152
Change-Id: Idb7b5f58d6f7964b8ed67f34bd9f485bb7bba7b8
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently users might forget to delete webcontent client before
profile adapter. This might be nasty if users are not aware of default
profile. Instead of asserting badly in chromium, clean up and release
chromium resources.
This avoids the crash, but might leak memory if users never deletes
page.
Task-number: QTBUG-74021
Change-Id: I66f466f169d12f7ee08866d505260dca47800bb0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Issue takes place when QQmlApplicationEngine is a child of qApp.
In case WebEngineContext gets destructed do not try to get default
profile, which is anyway already gone.
Task-number: QTBUG-74116
Change-Id: I24ea87baf677360a420d444b4c964feb722ab317
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adapt DownloadManagerDelegateQt::m_currentId to
https://chromium-review.googlesource.com/1144311
Update Chromium:
09516a434b [Backport] Allow DownloadManagerImpl to get InProgressDownloadManager from DownloadManagerService
b3edbf2a84 [Backport] Make DownloadManagerImpl to generate download IDs for in-progress DB
Task-number: QTBUG-70702
Change-Id: I1224643398a2084fcd5d70d2c04b105ed69c1f3d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|\ \
| | |
| | |
| | | |
refs/staging/5.12
|
| |\|
| | |
| | |
| | | |
Change-Id: I423ab09061b0fb1963953438e6e6b09b2602254f
|