From 5c579b95c81388c9b596b209380a1a061718f5c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Wed, 21 Aug 2019 16:12:52 +0200 Subject: Update Chromium This pulls in the following changes: a90e18d2d30 [Backport] Security bug 983938 0699308555b [Backport] Security bug 976050 852040586ec [Backport] Security bug 983850 a9f2f201ec6 [Backport] Security bug 973893 4bc95ce8486 [Backport] Security bug 958717 456aa9409ea [Backport] CVE-2019-5856 8ad3193acea [Backport] CVE-2019-5852 c1a19035306 [Backport] CVE-2019-5854 de78692c035 [Backport] CVE-2019-5855 ac7d5d7df5a [Backport] CVE-2019-5851 81417ff67b7 [Backport] Critical security issue 977057 ffbd836a7c8 [Backport] CVE-2019-5857 6693cf14341 [Backport] CVE-2019-5860 134a78ac91b [Backport] Security bug 981602 e981e2326a8 [Backport] CVE-2019-5865 b814b7b7d71 [Backport] CVE-2019-5862 1/4 dbb531a8212 [Backport] CVE-2019-5862 2/4 8502a1f7be2 [Backport] CVE-2019-5862 3/4 b71efe4a834 [Backport] CVE-2019-5862 4/4 d377f182ec3 [Backport] CVE-2019-5861 1/2 e13a9847f21 [Backport] CVE-2019-5861 2/2 4d84676d74a [Backport] Security bug 974627 d0d509db8c7 [Backport] Security bug 961674 691d632f7af [Backport] Security bug 960785 bdb7acb5afd [Backport] Security bug 964002 6e2562dd1ef Fix build with recent linux kernel. 7a779d01607 Fix skcms build with avx Fixes: QTBUG-77402 Change-Id: Ib9fe63c806149c299714bb1f76e4adf2877389d5 Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index f7765bc85..7a779d016 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit f7765bc85318b9f7cb8090b85d268238fa5a4cfa +Subproject commit 7a779d0160771dcf6b4a644bc11137753c25982c -- cgit v1.2.3 From c75c3670e44bb848b043918fb742a86e5fba780d Mon Sep 17 00:00:00 2001 From: Kirill Burtsev Date: Fri, 12 Jul 2019 13:14:13 +0200 Subject: Fix WebEngineView.findText with a callback doc parameter description Change-Id: I6415ccd9486433d6c449ea0d18b65f354e4bcd42 Reviewed-by: Leena Miettinen Reviewed-by: Peter Varga --- src/webengine/doc/src/webengineview_lgpl.qdoc | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/webengine/doc/src/webengineview_lgpl.qdoc b/src/webengine/doc/src/webengineview_lgpl.qdoc index 6194a800e..a4f07ddd9 100644 --- a/src/webengine/doc/src/webengineview_lgpl.qdoc +++ b/src/webengine/doc/src/webengineview_lgpl.qdoc @@ -438,14 +438,13 @@ To clear the search highlight, just pass an empty string. - The \a resultCallback must take a boolean parameter. It will be called with - a value of true if the \a subString was found; otherwise the callback value - will be false. + The \a resultCallback must take an integer parameter. It will be called with + the number of found occurrences of the \a subString. \code - findText("Qt", WebEngineView.FindCaseSensitively, function(success) { - if (success) - console.log("Qt was found!"); + findText("Qt", WebEngineView.FindCaseSensitively, function(matchCount) { + if (matchCount > 0) + console.log("'Qt' tokens found:", matchCount); }); \endcode */ -- cgit v1.2.3 From dbc0d09be2bbc3dce01ace956f534c4012402fba Mon Sep 17 00:00:00 2001 From: Antti Kokko Date: Tue, 20 Aug 2019 13:16:25 +0300 Subject: Add changes file for Qt 5.12.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I68aae7202d853802bd67bd11c41a037de93554b9 Reviewed-by: Jüri Valdmann --- dist/changes-5.12.5 | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 dist/changes-5.12.5 diff --git a/dist/changes-5.12.5 b/dist/changes-5.12.5 new file mode 100644 index 000000000..15f0bcde6 --- /dev/null +++ b/dist/changes-5.12.5 @@ -0,0 +1,80 @@ +Qt 5.12.5 is a bug-fix release. It maintains both forward and backward +compatibility (source and binary) with Qt 5.12.0 through 5.12.4. + +For more details, refer to the online documentation included in this +distribution. The documentation is also available online: + +https://doc.qt.io/qt-5/index.html + +The Qt version 5.12 series is binary compatible with the 5.11.x series. +Applications compiled for 5.11 will continue to run with 5.12. + +Some of the changes listed in this file include issue tracking numbers +corresponding to tasks in the Qt Bug Tracker: + +https://bugreports.qt.io/ + +Each of these identifiers can be entered in the bug tracker to obtain more +information about a particular change. + +**************************************************************************** +* Qt 5.12.5 Changes * +**************************************************************************** + +General +------- + + - [QTBUG-62106] Fixed possible crash after rapid tapping. + - [QTBUG-75884] Fixed crash on setHttpUserAgent. + - [QTBUG-76249] Fixed user-agent on some new windows. + - [QTBUG-76268] Fixed tab key send on minimize. + - [QTBUG-76347] Fixed duplicate events being send from tablets. + - [QTBUG-76828] Clear shared context on exit. + - [QTBUG-76958] Fixed possible crash when loading in background. + +Chromium +-------- + + - Security fixes from Chromium up to version 76.0.3809.87, including: + + - CVE-2019-5829 + - CVE-2019-5831 + - CVE-2019-5832 + - CVE-2019-5837 + - CVE-2019-5839 + - CVE-2019-5842 + - CVE-2019-5851 + - CVE-2019-5852 + - CVE-2019-5854 + - CVE-2019-5855 + - CVE-2019-5856 + - CVE-2019-5857 + - CVE-2019-5860 + - CVE-2019-5861 + - CVE-2019-5862 + - CVE-2019-5865 + - Critical security issue 977057 + - Security bug 934161 + - Security bug 939644 + - Security bug 948172 + - Security bug 948228 + - Security bug 948944 + - Security bug 950005 + - Security bug 952849 + - Security bug 956625 + - Security bug 958457 + - Security bug 958689 + - Security bug 959193 + - Security bug 959518 + - Security bug 958717 + - Security bug 960785 + - Security bug 961674 + - Security bug 961597 + - Security bug 962083 + - Security bug 964002 + - Security bug 973893 + - Security bug 974627 + - Security bug 976050 + - Security bug 981602 + - Security bug 983850 + - Security bug 983938 -- cgit v1.2.3 From 83c5182c998b74858c5c28fcf2feb1d4e07754bb Mon Sep 17 00:00:00 2001 From: Kirill Burtsev Date: Wed, 14 Aug 2019 18:37:35 +0200 Subject: Fix reporting overridable flag for QML WebEngineCertificateError type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also remove confusion inside CertificateErrorController constructor and overridable method by matching documentation for AllowCertificateError method of ContentBrowserClient api. Change-Id: I7e10ef71a4429dcf5acc4b714a8a45f67a2ec684 Reviewed-by: Jüri Valdmann --- src/core/certificate_error_controller.cpp | 6 +++--- src/core/certificate_error_controller_p.h | 4 ++-- src/core/content_browser_client_qt.cpp | 2 +- src/webenginewidgets/api/qwebenginepage.cpp | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp index a747451df..3309db8f1 100644 --- a/src/core/certificate_error_controller.cpp +++ b/src/core/certificate_error_controller.cpp @@ -79,14 +79,14 @@ CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_er const net::SSLInfo& ssl_info, const GURL &request_url, content::ResourceType resource_type, - bool _overridable, + bool fatal_error, bool strict_enforcement, const base::Callback& cb ) : certError(CertificateErrorController::CertificateError(cert_error)) , requestUrl(toQt(request_url)) , resourceType(CertificateErrorController::ResourceType(resource_type)) - , overridable(_overridable) + , fatalError(fatal_error) , strictEnforcement(strict_enforcement) , callback(cb) { @@ -118,7 +118,7 @@ QUrl CertificateErrorController::url() const bool CertificateErrorController::overridable() const { - return d->overridable; + return !d->fatalError && !d->strictEnforcement; } bool CertificateErrorController::strictEnforcement() const diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h index abde9a7d5..3b4d0f3bf 100644 --- a/src/core/certificate_error_controller_p.h +++ b/src/core/certificate_error_controller_p.h @@ -59,7 +59,7 @@ QT_BEGIN_NAMESPACE class CertificateErrorControllerPrivate { public: - CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, content::ResourceType resource_type, bool overridable, bool strict_enforcement, const base::Callback& callback); + CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, content::ResourceType resource_type, bool fatal_error, bool strict_enforcement, const base::Callback& callback); void accept(bool accepted); @@ -68,7 +68,7 @@ public: QDateTime validStart; QDateTime validExpiry; CertificateErrorController::ResourceType resourceType; - bool overridable; + bool fatalError; bool strictEnforcement; const base::Callback callback; }; diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp index 0a51cc261..acd652b15 100644 --- a/src/core/content_browser_client_qt.cpp +++ b/src/core/content_browser_client_qt.cpp @@ -355,7 +355,7 @@ void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webCont ssl_info, request_url, resource_type, - !IsCertErrorFatal(cert_error), + IsCertErrorFatal(cert_error), strict_enforcement, callback))); contentsDelegate->allowCertificateError(errorController); diff --git a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp index 35fe542e8..d7f65c23b 100644 --- a/src/webenginewidgets/api/qwebenginepage.cpp +++ b/src/webenginewidgets/api/qwebenginepage.cpp @@ -1787,7 +1787,7 @@ void QWebEnginePagePrivate::allowCertificateError(const QSharedPointererror(), controller->url(), controller->overridable() && !controller->strictEnforcement(), controller->errorString()); + QWebEngineCertificateError error(controller->error(), controller->url(), controller->overridable(), controller->errorString()); accepted = q->certificateError(error); if (error.isOverridable()) -- cgit v1.2.3 From d5d0cd81cc770d696b19305717cc827ec1a89bd4 Mon Sep 17 00:00:00 2001 From: Kirill Burtsev Date: Wed, 14 Aug 2019 18:45:36 +0200 Subject: Reject certificate error for non-overridable errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On certificate validation error page load is just halted meaning that no progress or load result are reported and no default error page for certificate errors is shown. Even though documentation states that 'By default, an invalid certificate will be automatically rejected' and that aligns with default implementation of certificateError method within Page and non-deferred errors in quick View, page or view silently stays in an intermediate state for non-overridable errors. Fix this inconsistent behavior by automatically rejecting certificate for every invalid case (non-overridable error, not deferred or not implemented overridable method). Change-Id: Id1cee2ee5cc45bdcb5f262a6c99c84274e6ca374 Reviewed-by: Jüri Valdmann --- src/webengine/api/qquickwebengineview.cpp | 2 +- src/webenginewidgets/api/qwebenginepage.cpp | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/webengine/api/qquickwebengineview.cpp b/src/webengine/api/qquickwebengineview.cpp index c8ba64f49..8097689ad 100644 --- a/src/webengine/api/qquickwebengineview.cpp +++ b/src/webengine/api/qquickwebengineview.cpp @@ -294,7 +294,7 @@ void QQuickWebEngineViewPrivate::allowCertificateError(const QSharedPointernewQObject(quickController); Q_EMIT q->certificateError(quickController); - if (!quickController->deferred() && !quickController->answered()) + if (!quickController->overridable() || (!quickController->deferred() && !quickController->answered())) quickController->rejectCertificate(); else m_certificateErrorControllers.append(errorController); diff --git a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp index d7f65c23b..aeed6ce85 100644 --- a/src/webenginewidgets/api/qwebenginepage.cpp +++ b/src/webenginewidgets/api/qwebenginepage.cpp @@ -1789,9 +1789,7 @@ void QWebEnginePagePrivate::allowCertificateError(const QSharedPointererror(), controller->url(), controller->overridable(), controller->errorString()); accepted = q->certificateError(error); - - if (error.isOverridable()) - controller->accept(accepted); + controller->accept(error.isOverridable() && accepted); } void QWebEnginePagePrivate::selectClientCert(const QSharedPointer &controller) -- cgit v1.2.3 From 99b27e9654bcaf6af0719e33989ba0c956af1c3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Wed, 4 Sep 2019 13:34:55 +0200 Subject: Update Chromium This pulls in the following change: 111349f18a4 Rename Chromium bootstrap name to prevent collisions Change-Id: I7003c35c5bad96f32b69900d507e637252a4950d Fixes: QTBUG-77938 Reviewed-by: Allan Sandfeld Jensen --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/3rdparty b/src/3rdparty index 7a779d016..111349f18 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 7a779d0160771dcf6b4a644bc11137753c25982c +Subproject commit 111349f18a4d352d40c1c106a6f8e98a9f843894 -- cgit v1.2.3