From a919a1627da3301ee7691912f16d8c048d15c288 Mon Sep 17 00:00:00 2001 From: Michal Klocek Date: Thu, 27 Aug 2020 12:37:08 +0200 Subject: Do not use rsp file when static linking This supposed to be covered by ff50fbf but got lost in following patchsets and static ios build did not complain about it. Change-Id: Ie4e34dc12d942442824ba1f0e3483bed682b3157 Reviewed-by: Shawn Rutledge --- src/buildtools/config/linking.pri | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/buildtools/config/linking.pri b/src/buildtools/config/linking.pri index e4f40ba71..e76f6ef10 100644 --- a/src/buildtools/config/linking.pri +++ b/src/buildtools/config/linking.pri @@ -25,28 +25,31 @@ for(archive, NINJA_ARCHIVES): RSP_A_CONTENT += $$archive write_file($$RSP_ARCHIVE_FILE, RSP_A_CONTENT) if(macos|ios) { - QMAKE_LFLAGS += -Wl,-filelist,$$shell_quote($${RSP_OBJECT_FILE}) !static { + QMAKE_LFLAGS += -Wl,-filelist,$$shell_quote($${RSP_OBJECT_FILE}) QMAKE_LFLAGS += @$${RSP_ARCHIVE_FILE} } else { + OBJECTS += $$NINJA_OBJECTS LIBS_PRIVATE += $${NINJA_ARCHIVES} } } linux { - QMAKE_LFLAGS += @$${RSP_OBJECT_FILE} !static { + QMAKE_LFLAGS += @$${RSP_OBJECT_FILE} QMAKE_LFLAGS += -Wl,--start-group @$${RSP_ARCHIVE_FILE} -Wl,--end-group } else { + OBJECTS += $$NINJA_OBJECTS LIBS_PRIVATE += -Wl,--start-group @$${NINJA_ARCHIVES} -Wl,--end-group } } win32 { - QMAKE_LFLAGS += @$${RSP_OBJECT_FILE} !static { + QMAKE_LFLAGS += @$${RSP_OBJECT_FILE} QMAKE_LFLAGS += @$${RSP_ARCHIVE_FILE} } else { + OBJECTS += $$NINJA_OBJECTS LIBS_PRIVATE += $${NINJA_ARCHIVES} } } -- cgit v1.2.3 From f59e8fdf97ad0933eda2c88acd4de70bd318035d Mon Sep 17 00:00:00 2001 From: Michal Klocek Date: Mon, 31 Aug 2020 11:53:37 +0200 Subject: Update Chromium * e31cc67a44d Fix neon support in libpng Change-Id: Ib06498f303106d113cc3b4c5b70d20685c9e6b9f Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index 4e0b66a6f..e31cc67a4 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 4e0b66a6f2d6901b4c738c8bcfb9d89d74def602 +Subproject commit e31cc67a44d8af96578680f51d2a7b2f4a5b1279 -- cgit v1.2.3 From 99b5a45fea6c19dbf65cf5a151be01a6cd0c36e7 Mon Sep 17 00:00:00 2001 From: Kirill Burtsev Date: Thu, 27 Aug 2020 14:44:50 +0200 Subject: Do not call deprecated profile interceptor on ui thread Otherwise unchanged intercepted request leads to second call in the same interceptor but on ui thread after io thread. Ammends a05bb73747. Fixes: QTBUG-86267 Change-Id: I4e7c662d24a58be5445f5c8b6d0bf3751f40cc05 Reviewed-by: Allan Sandfeld Jensen --- src/core/net/proxying_url_loader_factory_qt.cpp | 2 +- .../tst_qwebengineurlrequestinterceptor.cpp | 37 ++++++++++++++++------ 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp index b42aa64bb..8e084a40b 100644 --- a/src/core/net/proxying_url_loader_factory_qt.cpp +++ b/src/core/net/proxying_url_loader_factory_qt.cpp @@ -258,7 +258,7 @@ void InterceptedRequest::InterceptOnIOThread(base::WaitableEvent *event) void InterceptedRequest::InterceptOnUIThread() { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); - if (profile_request_interceptor_) + if (profile_request_interceptor_ && !profile_request_interceptor_->property("deprecated").toBool()) profile_request_interceptor_->interceptRequest(request_info_); if (!request_info_.changed() && page_request_interceptor_) diff --git a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp index 350c15174..5d845dcdb 100644 --- a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp +++ b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp @@ -118,29 +118,42 @@ struct RequestInfo { static const QByteArray kHttpHeaderReferrerValue = QByteArrayLiteral("http://somereferrer.com/"); static const QByteArray kHttpHeaderRefererName = QByteArrayLiteral("referer"); +static const QUrl kRedirectUrl = QUrl("qrc:///resources/content.html"); class TestRequestInterceptor : public QWebEngineUrlRequestInterceptor { public: QList requestInfos; - bool shouldIntercept; + bool shouldRedirect = false; QMap> requestInitiatorUrls; + QMap headers; void interceptRequest(QWebEngineUrlRequestInfo &info) override { QCOMPARE(QThread::currentThread() == QCoreApplication::instance()->thread(), !property("deprecated").toBool()); + // Since 63 we also intercept some unrelated blob requests.. if (info.requestUrl().scheme() == QLatin1String("blob")) return; - info.block(info.requestMethod() != QByteArrayLiteral("GET")); - if (shouldIntercept && info.requestUrl().toString().endsWith(QLatin1String("__placeholder__"))) - info.redirect(QUrl("qrc:///resources/content.html")); - // Set referrer header - info.setHttpHeader(kHttpHeaderRefererName, kHttpHeaderReferrerValue); + bool block = info.requestMethod() != QByteArrayLiteral("GET"); + bool redirect = shouldRedirect && info.requestUrl() != kRedirectUrl; + + if (block) { + info.block(true); + } else if (redirect) { + info.redirect(kRedirectUrl); + } else { + // set additional headers if any required by test + for (auto it = headers.begin(); it != headers.end(); ++it) info.setHttpHeader(it.key(), it.value()); + } requestInitiatorUrls[info.requestUrl()].insert(info.initiator()); requestInfos.append(info); + + // MEMO avoid unintentionally changing request when it is not needed for test logic + // since api behavior depends on 'changed' state of the info object + Q_ASSERT(info.changed() == (block || redirect || !headers.empty())); } bool shouldSkipRequest(const RequestInfo &requestInfo) @@ -182,8 +195,8 @@ public: return false; } - TestRequestInterceptor(bool intercept) - : shouldIntercept(intercept) + TestRequestInterceptor(bool redirect) + : shouldRedirect(redirect) { } }; @@ -252,7 +265,7 @@ void tst_QWebEngineUrlRequestInterceptor::interceptRequest() QFETCH(InterceptorSetter, setter); QWebEngineProfile profile; profile.settings()->setAttribute(QWebEngineSettings::ErrorPageEnabled, false); - TestRequestInterceptor interceptor(/* intercept */ true); + TestRequestInterceptor interceptor(/* intercept */ false); (profile.*setter)(&interceptor); QWebEnginePage page(&profile); QSignalSpy loadSpy(&page, SIGNAL(loadFinished(bool))); @@ -272,6 +285,7 @@ void tst_QWebEngineUrlRequestInterceptor::interceptRequest() QVERIFY(!success.toBool()); loadSpy.clear(); + interceptor.shouldRedirect = true; page.load(QUrl("qrc:///resources/__placeholder__")); QTRY_COMPARE(loadSpy.count(), 1); success = loadSpy.takeFirst().takeFirst(); @@ -372,6 +386,8 @@ void tst_QWebEngineUrlRequestInterceptor::requestedUrl() QCOMPARE(page.requestedUrl(), QUrl("qrc:///resources/__placeholder__")); QCOMPARE(page.url(), QUrl("qrc:///resources/content.html")); + interceptor.shouldRedirect = false; + page.setUrl(QUrl("qrc:/non-existent.html")); QTRY_COMPARE(spy.count(), 2); QVERIFY(interceptor.requestInfos.count() >= 3); @@ -668,7 +684,8 @@ void tst_QWebEngineUrlRequestInterceptor::passRefererHeader() }); QWebEngineProfile profile; - TestRequestInterceptor interceptor(true); + TestRequestInterceptor interceptor(false); + interceptor.headers.insert(kHttpHeaderRefererName, kHttpHeaderReferrerValue); (profile.*setter)(&interceptor); QWebEnginePage page(&profile); -- cgit v1.2.3 From 2c23a66a43e8a47823eb733f53f0a2cffe4d5511 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Mon, 31 Aug 2020 15:47:36 +0200 Subject: Update Chromium Submodule src/3rdparty 4e0b66a6..62bc4758: > [Backport] Security issue 1098860 > [Backport] Security issue 1108639 > [Backport] Security issue 1102137 > [Backport] CVE-2020-6559: Use after free in presentation API Change-Id: Ifa6ba52fa2d760b20e3b36abb10adaca0fc79cf8 Reviewed-by: Michal Klocek --- dist/changes-5.15.1 | 6 +++++- src/3rdparty | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dist/changes-5.15.1 b/dist/changes-5.15.1 index eebe5957e..263f04ec3 100644 --- a/dist/changes-5.15.1 +++ b/dist/changes-5.15.1 @@ -66,7 +66,7 @@ General Chromium -------- - - Security fixes from Chromium up to version 84.0.4147.125, including: + - Security fixes from Chrome up to version 85.0.4183.83, including: * CVE-2020-6467 * CVE-2020-6468 @@ -114,6 +114,7 @@ Chromium * CVE-2020-6550: Use after free in IndexedDB * CVE-2020-6551: Use after free in WebXR * CVE-2020-6555: Out of bounds read in WebGL + * CVE-2020-6559: Use after free in presentation API * Security bug 1025302 * Security bug 1029569 * Security Bug 1048619 @@ -131,4 +132,7 @@ Chromium * Security bug 1087158 * Security bug 1087629 * Security bug 1090543 + * Security bug 1098860 + * Security bug 1102137 * Security bug 1102408 + * Security bug 1108639 diff --git a/src/3rdparty b/src/3rdparty index e31cc67a4..62bc47587 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit e31cc67a44d8af96578680f51d2a7b2f4a5b1279 +Subproject commit 62bc475876cbae17e2e39175fe321780512e5951 -- cgit v1.2.3 From 9e4d1eb45d5c6299e79ac3f28282fd76f949980e Mon Sep 17 00:00:00 2001 From: Michal Klocek Date: Tue, 1 Sep 2020 13:02:34 +0200 Subject: Add static dependency libs to installer package Change-Id: Ic62389b2253f2ee4982c34e33111f84f44ed6bc5 Reviewed-by: Shawn Rutledge --- coin/qt-installer-package-config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/coin/qt-installer-package-config.json b/coin/qt-installer-package-config.json index f9584a100..8507c9ec9 100644 --- a/coin/qt-installer-package-config.json +++ b/coin/qt-installer-package-config.json @@ -8,6 +8,7 @@ "**/lib/cmake/Qt5PdfWidgets/*", "**/lib/pkgconfig/Qt5Pdf*", "**/lib/libQt5Pdf*", + "**/lib/static_chrome/*", "**/mkspecs/modules/qt_lib_pdf*", "**/plugins/imageformats/*", "**/qml/QtQuick/**/*" -- cgit v1.2.3