From 3b355d2be812e11d32d884056e29ff97f7da0342 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Thu, 5 Mar 2020 16:06:41 +0100 Subject: Update Chromium Pulls in the following changes: a7d90c1eadc Fix undefined range-based for loops in torque 24581ca7dde [Backport] Security bug 1040700 e4659a4c8a8 [Backport] CVE-2020-6418 - Type confusion in V8 5707cc4f757 [Backport] CVE-2020-6383 - Type confusion in V8 642c7bea74e [Backport] CVE-2020-6407: Out of bounds memory access in streams d8724284f47 [Backport] CVE-2020-6384: Use after free in WebAudio e87caa4598d [Backport] Security bug 1029865 da60616b969 [Backport] Security bug 1044570 51012dcb3e6 [Backport] CVE-2020-6387 - Out of bounds write in WebRTC 6c4b486ce60 [Backport] CVE-2020-6389 - Out of bounds write in WebRTC 1c3145818e4 [Backport] CVE-2020-6420: Insufficient policy enforcement in media 4a01d3a4103 [Backport] Security bug 1031909 Change-Id: Ic6d76f64a82d3f5738c31a53cf7e0f3f37183767 Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index dcfdd7e5c..4a01d3a41 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit dcfdd7e5cacd2cf01df7a9a467a7eeeee3348d1d +Subproject commit 4a01d3a410354bc8fe2e6ef03d32cbe39a770204 -- cgit v1.2.3 From 9377855eb7c2310951d67e0fe5454be35fefd72c Mon Sep 17 00:00:00 2001 From: Kai Koehne Date: Thu, 5 Mar 2020 17:12:30 +0100 Subject: Doc: Fix highlighting of QML import Change-Id: I1420b0c6293fbd3caf5dce3ada3b6fec90c74bfc Reviewed-by: Leena Miettinen --- src/webengine/doc/src/qtwebengine-qmlmodule.qdoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/webengine/doc/src/qtwebengine-qmlmodule.qdoc b/src/webengine/doc/src/qtwebengine-qmlmodule.qdoc index 44e6c7e27..4fd7e3a3b 100644 --- a/src/webengine/doc/src/qtwebengine-qmlmodule.qdoc +++ b/src/webengine/doc/src/qtwebengine-qmlmodule.qdoc @@ -35,9 +35,9 @@ The QML types can be imported into your application using the following import statements in your .qml file: - \badcode + \qml import QtWebEngine 1.10 - \endcode + \endqml To link against the module, add the following QT variable to your qmake .pro file: -- cgit v1.2.3 From 04da0b14840f12ebd98e85c4ef4d42063610e375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Fri, 6 Mar 2020 17:07:25 +0100 Subject: Update Chromium Pulls in the following changes: b6fde543e11 FIXUP: Fix build with gcc 5 feeaf8ecd52 [Backport] CVE-2020-6406 - Use after free in audio ada63371baf [Backport] CVE-2020-6392 - Insufficient policy enforcement in extensions 80029e44737 [Backport] CVE-2020-6393 - Insufficient policy enforcement in Blink cfd1a2eb98c [Backport] CVE-2020-6394 - Insufficient policy enforcement in Blink 8b524801b75 [Backport] CVE-2020-6396 - Inappropriate implementation in Skia 7b2e898f2b4 [Backport] CVE-2020-6398 - Uninitialized use in PDFium d8c1659ae97 [Backport] CVE-2020-6400 - Inappropriate implementation in CORS 4d5dbe41ae3 [Backport] CVE-2020-6401 (1/3) and CVE-2020-6411 b88a10e7a66 [Backport] CVE-2020-6401 (2/3) 25b6ec913a1 [Backport] CVE-2020-6401 (3/3) 31bf030226a [Backport] CVE-2020-6404 - Inappropriate implementation in Blink 42e3d739230 [Backport] CVE-2020-6399 - Insufficient policy enforcement in AppCache 02f1da71840 [Backport] Security bug 1035723 3e757b536e5 [Backport] Dependency for CVE-2020-6391 f720be4aac5 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (1/3) e7980ade9ab [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (2/3) 3f6e9bf1fb0 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (3/3) 6b0d12aa31a [Backport] Security bug 1018629 Change-Id: I929158db502b6e3705e50cd3c0da6601d3a17c04 Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index 4a01d3a41..6b0d12aa3 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 4a01d3a410354bc8fe2e6ef03d32cbe39a770204 +Subproject commit 6b0d12aa31ae3553db04277d46ce14f57a6e20b3 -- cgit v1.2.3 From b3458b3c3b7bfb02b194fef38709710ebb9f296d Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Wed, 4 Mar 2020 10:25:45 +0100 Subject: Fix gn_find_mocables for Python3 Change-Id: Id25796d4f95878f674009f27a221b2c7b73237fe Reviewed-by: Alexandru Croitor --- tools/scripts/gn_find_mocables.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/scripts/gn_find_mocables.py b/tools/scripts/gn_find_mocables.py index d1f682456..4dc2576e3 100644 --- a/tools/scripts/gn_find_mocables.py +++ b/tools/scripts/gn_find_mocables.py @@ -58,10 +58,10 @@ for f in filter(os.path.isfile, files): includedMocs.add(im.group(1)) for mocable in includedMocs: - print "Found included moc: " + mocable + print("Found included moc: " + mocable) assert len(includedMocs) == 0 , "Included mocs are not supported !" for mocable in mocables: - print mocable + print(mocable) sys.exit(0) -- cgit v1.2.3 From 62e55be6b8a23003ca877d917e5ef0cd3ff4110f Mon Sep 17 00:00:00 2001 From: Peter Varga Date: Wed, 4 Mar 2020 14:56:36 +0100 Subject: Fix applying background color on RenderView MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The RenderViewObserverQt_SetBackgroundColor message was sent with wrong Routing ID. This fix also cleans up RenderWidgetHostViewQt::UpdateBackgroundColor() method. Fixes: QTBUG-81781 Change-Id: Ida198fb061715d389859ace17e1f773db491c51d Reviewed-by: Jüri Valdmann --- src/core/common/qt_messages.h | 6 ++-- src/core/render_widget_host_view_qt.cpp | 18 +++++----- .../widgets/qwebenginepage/tst_qwebenginepage.cpp | 38 ++++++++++++++++++++++ 3 files changed, 49 insertions(+), 13 deletions(-) diff --git a/src/core/common/qt_messages.h b/src/core/common/qt_messages.h index b99204b74..43f07c9a6 100644 --- a/src/core/common/qt_messages.h +++ b/src/core/common/qt_messages.h @@ -36,6 +36,9 @@ IPC_MESSAGE_ROUTED1(RenderViewObserverQt_FetchDocumentMarkup, IPC_MESSAGE_ROUTED1(RenderViewObserverQt_FetchDocumentInnerText, uint64_t /* requestId */) +IPC_MESSAGE_ROUTED1(RenderViewObserverQt_SetBackgroundColor, + uint32_t /* color */) + // User scripts messages IPC_MESSAGE_ROUTED1(RenderFrameObserverHelper_AddScript, UserScriptData /* script */) @@ -65,9 +68,6 @@ IPC_MESSAGE_ROUTED2(RenderViewObserverHostQt_DidFetchDocumentInnerText, uint64_t /* requestId */, base::string16 /* innerText */) -IPC_MESSAGE_ROUTED1(RenderViewObserverQt_SetBackgroundColor, - uint32_t /* color */) - IPC_MESSAGE_ROUTED0(RenderViewObserverHostQt_DidFirstVisuallyNonEmptyLayout) //----------------------------------------------------------------------------- diff --git a/src/core/render_widget_host_view_qt.cpp b/src/core/render_widget_host_view_qt.cpp index e9be587cf..7a5118837 100644 --- a/src/core/render_widget_host_view_qt.cpp +++ b/src/core/render_widget_host_view_qt.cpp @@ -48,6 +48,7 @@ #include "touch_selection_controller_client_qt.h" #include "touch_selection_menu_controller.h" #include "type_conversion.h" +#include "web_contents_adapter.h" #include "web_contents_adapter_client.h" #include "web_event_factory.h" @@ -488,23 +489,20 @@ gfx::Rect RenderWidgetHostViewQt::GetViewBounds() void RenderWidgetHostViewQt::UpdateBackgroundColor() { + DCHECK(GetBackgroundColor()); + SkColor color = *GetBackgroundColor(); + + m_delegate->setClearColor(toQt(color)); + if (m_enableViz) { - DCHECK(GetBackgroundColor()); - SkColor color = *GetBackgroundColor(); bool opaque = SkColorGetA(color) == SK_AlphaOPAQUE; m_rootLayer->SetFillsBoundsOpaquely(opaque); m_rootLayer->SetColor(color); m_uiCompositor->SetBackgroundColor(color); - m_delegate->setClearColor(toQt(color)); - host()->Send(new RenderViewObserverQt_SetBackgroundColor(host()->GetRoutingID(), color)); - return; } - auto color = GetBackgroundColor(); - if (color) { - m_delegate->setClearColor(toQt(*color)); - host()->Send(new RenderViewObserverQt_SetBackgroundColor(host()->GetRoutingID(), *color)); - } + content::RenderViewHost *rvh = content::RenderViewHost::From(host()); + host()->Send(new RenderViewObserverQt_SetBackgroundColor(rvh->GetRoutingID(), color)); } // Return value indicates whether the mouse is locked successfully or not. diff --git a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp index 94b3f16c1..206e53a38 100644 --- a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp +++ b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp @@ -226,6 +226,7 @@ private Q_SLOTS: void customUserAgentInNewTab(); void renderProcessCrashed(); + void backgroundColor(); private: static QPoint elementCenter(QWebEnginePage *page, const QString &id); @@ -4368,6 +4369,43 @@ void tst_QWebEnginePage::renderProcessCrashed() status == QWebEnginePage::AbnormalTerminationStatus); } +void tst_QWebEnginePage::backgroundColor() +{ + QWebEngineProfile profile; + QWebEngineView view; + QWebEnginePage *page = new QWebEnginePage(&profile, &view); + + view.resize(640, 480); + view.show(); + QPoint center(view.size().width() / 2, view.size().height() / 2); + + QCOMPARE(page->backgroundColor(), Qt::white); + QTRY_COMPARE(view.grab().toImage().pixelColor(center), Qt::white); + + page->setBackgroundColor(Qt::red); + view.setPage(page); + + QCOMPARE(page->backgroundColor(), Qt::red); + QTRY_COMPARE(view.grab().toImage().pixelColor(center), Qt::red); + + page->setHtml(QString("" + "" + "
" + "")); + QSignalSpy spyFinished(page, &QWebEnginePage::loadFinished); + QVERIFY(spyFinished.wait()); + // Make sure the page is rendered and the test is not grabbing the color of the RenderWidgetHostViewQtDelegateWidget. + QTRY_COMPARE(view.grab().toImage().pixelColor(QPoint(5, 5)), Qt::black); + + QCOMPARE(page->backgroundColor(), Qt::red); + QCOMPARE(view.grab().toImage().pixelColor(center), Qt::red); + + page->setBackgroundColor(Qt::green); + + QCOMPARE(page->backgroundColor(), Qt::green); + QTRY_COMPARE(view.grab().toImage().pixelColor(center), Qt::green); +} + static QByteArrayList params = {QByteArrayLiteral("--use-fake-device-for-media-stream")}; W_QTEST_MAIN(tst_QWebEnginePage, params) -- cgit v1.2.3 From 8c1a4841174a90299ba2e2851b4d9e79da3b9b25 Mon Sep 17 00:00:00 2001 From: Kirill Burtsev Date: Fri, 6 Mar 2020 17:38:45 +0100 Subject: Support build with system ninja >= 1.10.0 Fixes: QTBUG-82715 Change-Id: I9a269efa20d092f75a8a43cb20d1e0dc0f46b9f9 Reviewed-by: Michal Klocek --- configure.pri | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.pri b/configure.pri index 3a144e3f8..3cfce71e0 100644 --- a/configure.pri +++ b/configure.pri @@ -163,7 +163,7 @@ defineTest(qtConfTest_detectNinja) { !isEmpty(ninja) { qtLog("Found ninja from path: $$ninja") qtRunLoggedCommand("$$ninja --version", version)|return(false) - contains(version, "1.[7-9].*"): return(true) + contains(version, "1\.([7-9]|1[0-9])\..*"): return(true) qtLog("Ninja version too old") } qtLog("Building own ninja") -- cgit v1.2.3 From 8ab924b7f735ba25a2b8ea40d16e997464d87378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Tue, 10 Mar 2020 16:51:43 +0100 Subject: Update Chromium Pulls in the following changes: 7622e2b8071 [Backport] CVE-2020-6395 - Out of bounds read in JavaScript 2643eee04e0 [Backport] CVE-2020-6410 - Insufficient policy enforcement in navigation f938fe1765e [Backport] CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox 98f5d9e5b14 [Backport] CVE-2020-6413 - Inappropriate implementation in Blink e95d8df0220 [Backport] CVE-2020-6415 - Inappropriate implementation in JavaScript cac651b7205 [Backport] Security bug 1020031 20b67be01c3 [Backport] Security bug 1016506 5043a049628 [Backport] Security bug 1026293 edd82d1d7ce [Backport] Security bug 1047097 334bb80e4ce [Backport] Security bug 1025442 6f1a37c63ba [Backport] Security bug 1016038 Change-Id: I443677e4d832c7f7336eb95cd640f69be11dbe1e Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index 6b0d12aa3..6f1a37c63 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 6b0d12aa31ae3553db04277d46ce14f57a6e20b3 +Subproject commit 6f1a37c63baf7cdbb919221258ad6fe294de9d82 -- cgit v1.2.3 From 9522dc8f71e189cf75eabdca4b3fab2d254d1542 Mon Sep 17 00:00:00 2001 From: Kirill Burtsev Date: Thu, 12 Mar 2020 16:08:51 +0000 Subject: Revert "Blacklist several Qt WebEngine quick dialog tests on macOS 10.13" This reverts commit d4022e03ccaeb92e41075f276e4011bd49627165 and partially fb430b4e104dd6313a776980b4798f1333193149. Reason for revert: initial blacklisting was done because of wrong assumption for test being flaky. But this is not the case. There is a non-zero chance that invalid build for macOS will be generated due to some undiscovered issue in build configuration or CI. Produced binaries are invalid and can't be used. If this first testcase fails then the whole suite will fail for every test. Blacklisting only moves failure further: first time from contextMenuRequested to javaScriptDialogRequested and etc, and second time to next test in whole suite tst_InspectorServer::testPageList. This creates a lot of really invalid failure entries in grafana testresults aggregator. It also creates confusion for the reason behind these kind of test failures and invalid bug report for other test failures. Task-number: QTBUG-76549 Change-Id: I1dfe850f6a9cabec352c6e2bd5471e7c4f2e99ca Reviewed-by: Allan Sandfeld Jensen --- tests/auto/quick/dialogs/BLACKLIST | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 tests/auto/quick/dialogs/BLACKLIST diff --git a/tests/auto/quick/dialogs/BLACKLIST b/tests/auto/quick/dialogs/BLACKLIST deleted file mode 100644 index 10b7391a0..000000000 --- a/tests/auto/quick/dialogs/BLACKLIST +++ /dev/null @@ -1,8 +0,0 @@ -[contextMenuRequested] -osx-10.13 -[javaScriptDialogRequested] -osx-10.13 -[colorDialogRequested] -osx-10.13 -[fileDialogRequested] -osx-10.13 -- cgit v1.2.3 From 1c8498cbc6929465c5acc33edfcc505bc3664720 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Fri, 13 Mar 2020 11:49:48 +0100 Subject: Update Chromium MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pulls in the following changes: 80bf361c042 [Backport] Dependency for security bug 925035 4af826b4d35 [Backport] Fix for security issue 925035 Change-Id: I1941c5c9b91028129e76b1f95186d2ec2140ab8b Reviewed-by: Jüri Valdmann Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index 6f1a37c63..4af826b4d 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 6f1a37c63baf7cdbb919221258ad6fe294de9d82 +Subproject commit 4af826b4d3512f93c6aaf891c9e4434da0f8a7f6 -- cgit v1.2.3 From e06fe400389a1e29abee94455eecec591e05c3bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Mon, 16 Mar 2020 17:53:22 +0100 Subject: Update Chromium MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pulls in the following change f7ffd2f7dff Fixup for [Backport] CVE-2020-6401 (2/3) Fixes: QTBUG-81909 Change-Id: I735544d31dc97c0e85a0abf912ed3651b3adee1c Reviewed-by: Jüri Valdmann --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index 4af826b4d..f7ffd2f7d 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 4af826b4d3512f93c6aaf891c9e4434da0f8a7f6 +Subproject commit f7ffd2f7dffd911e37f6a638bb410bd71da23491 -- cgit v1.2.3 From 540451ab9a7e8e9f85078b4cebcc7f619a8b6322 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Wed, 18 Mar 2020 17:41:27 +0100 Subject: Fix for macOS packaging problem Running build in parallel for debug and release on mac os was resulting in corrupted resource, due to possible simultaneous QMAKE_BUNDLE_DATA resources write from release and debug builds. Add missing qtConfig checks. Fixes: QTBUG-76549 Change-Id: Icc0dee7b06d442e9c15d7afa53c0372e8d82b4a2 Reviewed-by: Michal Klocek --- src/core/core_module.pro | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/core_module.pro b/src/core/core_module.pro index 4b9268e1a..d7e2ab8da 100644 --- a/src/core/core_module.pro +++ b/src/core/core_module.pro @@ -107,7 +107,7 @@ resources.files = $$REPACK_DIR/qtwebengine_resources.pak \ icu.files = $$OUT_PWD/$$getConfigDir()/icudtl.dat -!debug_and_release|!build_all|CONFIG(release, debug|release) { +!qtConfig(debug_and_release)|!qtConfig(build_all)|CONFIG(release, debug|release) { qtConfig(framework) { locales.version = Versions locales.path = Resources/qtwebengine_locales @@ -146,7 +146,7 @@ icu.files = $$OUT_PWD/$$getConfigDir()/icudtl.dat } } -!build_pass:debug_and_release { +!build_pass:qtConfig(debug_and_release) { # Special GNU make target that ensures linking isn't done for both debug and release builds # at the same time. notParallel.target = .NOTPARALLEL -- cgit v1.2.3 From 98af37969ec9cfd4eaa28884ea6d21dfbe008764 Mon Sep 17 00:00:00 2001 From: Antti Kokko Date: Tue, 3 Mar 2020 15:10:31 +0200 Subject: Add changes file for Qt 5.14.2 Change-Id: Iff32b1757c33698a878e926b5fd2b8c9326b364f Reviewed-by: Allan Sandfeld Jensen --- dist/changes-5.14.2 | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 dist/changes-5.14.2 diff --git a/dist/changes-5.14.2 b/dist/changes-5.14.2 new file mode 100644 index 000000000..17c784815 --- /dev/null +++ b/dist/changes-5.14.2 @@ -0,0 +1,100 @@ +Qt 5.14.2 is a bug-fix release. It maintains both forward and backward +compatibility (source and binary) with Qt 5.14.0 through 5.14.1. + +For more details, refer to the online documentation included in this +distribution. The documentation is also available online: + +https://doc.qt.io/qt-5/index.html + +The Qt version 5.14 series is binary compatible with the 5.13.x series. +Applications compiled for 5.13 will continue to run with 5.14. + +Some of the changes listed in this file include issue tracking numbers +corresponding to tasks in the Qt Bug Tracker: + +https://bugreports.qt.io/ + +Each of these identifiers can be entered in the bug tracker to obtain more +information about a particular change. + +**************************************************************************** +* Qt 5.14.2 Changes * +**************************************************************************** + +General +------- + + - [QTBUG-78284] Fixed conversion of tabpanel aria role + - [QTBUG-81206] Fixed overriding shortcuts in password input fields on Windows + - [QTBUG-80234] Fixed media playback issue on custom urls by supporting + HTTP ranges headers + - [QTBUG-81521] Update navigation actions when load finishes in a subframe + - [QTBUG-82109] Fixed name filters of GTK file picker + - [QTBUG-78284] Fixed widget accessibility on macOS + - [QTBUG-78284] Fixed quick accessibility on macOS + - [QTBUG-81783] Fixed event.key for Ctrl key combinations on Windows + - [QTBUG-81574] Clear previous page text selection on new navigation unconditionally + - [QTBUG-78284] Fixed VoiceOver navigation on web pages on macOS + - [QTBUG-81539] Update accessibility focus on FocusIn events for Quick + - [QTBUG-82715] Support build with system ninja >= 1.10.0 + - Fixed deadlocks on WebEngineContext destruction + - Suppress error message on ACCESSIBILITY_EVENTS permission type + - Example 'quicknanobrowser' improvements + +Chromium +-------- + + - Fixed build with gcc 5 + - Fixed -no-webengine-spellchecker build + + - Security fixes from Chromium up to version 80.0.3987.132, including: + + * CVE-2019-19880 + * CVE-2019-19923 - Out of bounds memory access in SQLite + * CVE-2019-19925 - Multiple vulnerabilities in SQLite + * CVE-2019-19926 - Inappropriate implementation in SQLite + * CVE-2019-18197 - Multiple vulnerabilities in XML + * CVE-2020-6381 - Integer overflow in Javascript + * CVE-2020-6383 - Type confusion in V8 + * CVE-2020-6384 - Use after free in WebAudio + * CVE-2020-6385 - Insufficient policy enforcement in storage + * CVE-2020-6387 - Out of bounds write in WebRTC + * CVE-2020-6388 - Out of bounds memory access in WebAudio + * CVE-2020-6389 - Out of bounds write in WebRTC + * CVE-2020-6390 - Out of bounds memory access in streams + * CVE-2020-6391 - Insufficient validation of untrusted input in Blink + * CVE-2020-6392 - Insufficient policy enforcement in extensions + * CVE-2020-6393 - Insufficient policy enforcement in Blink + * CVE-2020-6394 - Insufficient policy enforcement in Blink + * CVE-2020-6395 - Out of bounds read in JavaScript + * CVE-2020-6396 - Inappropriate implementation in Skia + * CVE-2020-6398 - Uninitialized use in PDFium + * CVE-2020-6399 - Insufficient policy enforcement in AppCache + * CVE-2020-6404 - Inappropriate implementation in Blink + * CVE-2020-6405 - Out of bounds read in SQLite + * CVE-2020-6406 - Use after free in audio + * CVE-2020-6410 - Insufficient policy enforcement in navigation + * CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox + * CVE-2020-6413 - Inappropriate implementation in Blink + * CVE-2020-6415 + * CVE-2020-6400 - Inappropriate implementation in CORS + * CVE-2020-6401 + * CVE-2020-6407 - Out of bounds memory access in streams + * CVE-2020-6411 + * CVE-2020-6418 - Type confusion in V8 + * CVE-2020-6420 - Insufficient policy enforcement in media + * Security bug 925035 + * Security bug 1016038 + * Security bug 1016506 + * Security bug 1018629 + * Security bug 1020031 + * Security bug 1025442 + * Security bug 1026293 + * Security bug 1029865 + * Security bug 1031909 + * Security bug 1033461 + * Security bug 1035723 + * Security bug 1040700 + * Security bug 1044570 + * Security bug 1047097 + -- cgit v1.2.3 From 35aa6c30f0e766b8825519e04242b7a4c93b6e0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Tue, 24 Mar 2020 10:16:30 +0100 Subject: Update Chromium Pulls in the following changes: ab79f5394af [Backport] CVE-2020-6426: Inappropriate implementation in V8. c110d4f93df [Backport] CVE-2020-6422: Use after free in WebGL. 8f4cef2a9d9 [Backport] CVE-2020-6427: Use after free in audio. 72d0936150f [Backport] CVE-2020-6428: Use after free in audio. 2a9a1c057d8 [Backport] CVE-2020-6429: Use after free in audio. 9aabebeb69b [Backport] CVE-2020-6449: Use after free in audio. 6c9be50c2d9 [Backport] CVE-2019-20503: Out of bounds read in usersctplib Task-number: QTBUG-81909 Change-Id: I15d5a786db945202f8577e894e9f0e1fb6bf6086 Reviewed-by: Allan Sandfeld Jensen --- dist/changes-5.14.2 | 15 +++++++++++---- src/3rdparty | 2 +- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/dist/changes-5.14.2 b/dist/changes-5.14.2 index 17c784815..3cf48a4f4 100644 --- a/dist/changes-5.14.2 +++ b/dist/changes-5.14.2 @@ -54,6 +54,7 @@ Chromium * CVE-2019-19925 - Multiple vulnerabilities in SQLite * CVE-2019-19926 - Inappropriate implementation in SQLite * CVE-2019-18197 - Multiple vulnerabilities in XML + * CVE-2019-20503 - Out of bounds read in usersctplib * CVE-2020-6381 - Integer overflow in Javascript * CVE-2020-6383 - Type confusion in V8 * CVE-2020-6384 - Use after free in WebAudio @@ -70,19 +71,25 @@ Chromium * CVE-2020-6396 - Inappropriate implementation in Skia * CVE-2020-6398 - Uninitialized use in PDFium * CVE-2020-6399 - Insufficient policy enforcement in AppCache + * CVE-2020-6400 - Inappropriate implementation in CORS + * CVE-2020-6401 * CVE-2020-6404 - Inappropriate implementation in Blink * CVE-2020-6405 - Out of bounds read in SQLite * CVE-2020-6406 - Use after free in audio + * CVE-2020-6407 - Out of bounds memory access in streams * CVE-2020-6410 - Insufficient policy enforcement in navigation + * CVE-2020-6411 * CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox * CVE-2020-6413 - Inappropriate implementation in Blink * CVE-2020-6415 - * CVE-2020-6400 - Inappropriate implementation in CORS - * CVE-2020-6401 - * CVE-2020-6407 - Out of bounds memory access in streams - * CVE-2020-6411 * CVE-2020-6418 - Type confusion in V8 * CVE-2020-6420 - Insufficient policy enforcement in media + * CVE-2020-6422 - Use after free in WebGL. + * CVE-2020-6426 - Inappropriate implementation in V8. + * CVE-2020-6427 - Use after free in audio. + * CVE-2020-6428 - Use after free in audio. + * CVE-2020-6429 - Use after free in audio. + * CVE-2020-6449 - Use after free in audio. * Security bug 925035 * Security bug 1016038 * Security bug 1016506 diff --git a/src/3rdparty b/src/3rdparty index f7ffd2f7d..6c9be50c2 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit f7ffd2f7dffd911e37f6a638bb410bd71da23491 +Subproject commit 6c9be50c2d901e66119679155fb3c7c9200448d1 -- cgit v1.2.3