From adb8677717472e020e35084839ab3726920ec386 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Thu, 25 Jan 2018 12:49:56 +0100 Subject: Disable shared workers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The feature has been redesigned for security reasons in 64. [ChangeLog][General] SharedWorkers have been disabled as they have been changed in the newest spec for security reasons. Change-Id: I3d0e03f170ef646a0352a38b65030bb4c06f3397 Reviewed-by: Michael BrĂ¼ning --- src/3rdparty | 2 +- src/core/web_engine_context.cpp | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/3rdparty b/src/3rdparty index b7a9c9bf5..2ce39c69e 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit b7a9c9bf5b6bc08ae8746b7679317a9027868681 +Subproject commit 2ce39c69ea6e27d023775ae4efe1401e78d44411 diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp index 6a8c8ae73..fb249c7ff 100644 --- a/src/core/web_engine_context.cpp +++ b/src/core/web_engine_context.cpp @@ -339,6 +339,9 @@ WebEngineContext::WebEngineContext() // Enabled on OS X and Linux but currently not working. It worked in 5.7 on OS X. parsedCommandLine->AppendSwitch(switches::kDisableGpuMemoryBufferVideoFrames); + // Shared workers are not safe until Chromium 64 + parsedCommandLine->AppendSwitch(switches::kDisableSharedWorkers); + #if defined(Q_OS_MACOS) // Accelerated decoding currently does not work on macOS due to issues with OpenGL Rectangle // texture support. See QTBUG-60002. -- cgit v1.2.3 From c309e309ef2a7ec0fd56e1dd9ced4bcabacb5976 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Mon, 29 Jan 2018 10:25:10 +0100 Subject: Update Chromium MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes: c21017c7e251 [Backport] M64: Ensure clamped time always moves forward 966fee89515d [Backport] [pdf] Use a temporary list when unloading pages 631144d9f0b7 [Backport] Downloads : Fixed an issue of opening incorrect download file 439b32a6aa2c [Backport] Chromium-side changes for BoringSSL cherry-pick. 543692ef8d0e [Backport] Tighten about IntRect use in WebGL with overflow detection Change-Id: I6eeac4c28bba51b46bf7b825478dd9e2f7734865 Reviewed-by: Michael BrĂ¼ning --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/3rdparty b/src/3rdparty index f0775ea93..543692ef8 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit f0775ea93ab66f0676993db1633c9098dfb3a3ad +Subproject commit 543692ef8d0e17adecc36b07f36164f9bc93e85c -- cgit v1.2.3 From 47a5d4d100f9ac84ef089db5de102ab4001ed80e Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Thu, 1 Feb 2018 13:06:10 +0100 Subject: Update Chromium Pulls in the second set of security updates from Chrome 64 Changes: cf3a94e300 [Backport] Merged: Reland "[wasm] Gracefully handle malformed custom sections in WebAssembly.Module.customSections()." ce4d3b4e0a [Backport] Implement 2D texture uploading from client array with FLIP_Y or PREMULTIPLY_ALPHA. 66a21db864 [Backport] Fixed bug where PlzNavigate CSP in a iframe did not get the inherited CSP 176f276a43 [Backport] Fix for URL spoof caused by deletion of speculative RFH 652815756e [Backport] Fix issue with pending NavigationEntry being discarded incorrectly 23fb7e37ae [Backport] Fix issue with pending NavigationEntry being wrongly deleted 74f10ff13d [Backport] Simplify WebGL error message 6f4d9abf1f [Backport] Add back support for "none" referrer policy 232288de9e [Backport] Validate frame after conversion in chrome.send Task-number: QTBUG-66124 Change-Id: Ibc40fdcdbdd99c711f48974f38f549e661eef4b5 Reviewed-by: Alexandru Croitor --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/3rdparty b/src/3rdparty index 543692ef8..232288de9 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 543692ef8d0e17adecc36b07f36164f9bc93e85c +Subproject commit 232288de9e12c0c4fb8b5686a7fe81280ee4852f -- cgit v1.2.3 From e83264111410670513602badd25bab753d5fd0e0 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Fri, 2 Feb 2018 11:41:10 +0100 Subject: Update Chromium Pulls in the last set of security updates from Chrome 64 Changes: 0d62ec3da6 [Backport] Block dotless-i / j + a combining mark 5cb725e1b4 [Backport] [Autofill] Use ShadowDOM placeholder to preview suggestions. 2d07ab2066 [Backport] [M64 branch] Add a few more confusable map entries 1d1c8edbe6 [Backport] Inherit referrer and policy when creating a nested browsing context 72eab06955 [Backport] Restrict the xss audit report URL to same origin 65819c3399 [Backport] TopSites: Clear thumbnails from the cache when their URLs get removed c858cc7609 Work-around internal compiler error in gcc 7 and 8 Task-number: QTBUG-66124 Change-Id: I9961dbae2ef1db798042cc31e5c1c8c7032a6e0c Reviewed-by: Alexandru Croitor --- src/3rdparty | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/3rdparty b/src/3rdparty index 232288de9..c858cc760 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 232288de9e12c0c4fb8b5686a7fe81280ee4852f +Subproject commit c858cc76099db0af82a264b3c6f921a287cfcb42 -- cgit v1.2.3 From e864d8656c2682fc79a5affe789992de318c8f8a Mon Sep 17 00:00:00 2001 From: Michal Klocek Date: Tue, 30 Jan 2018 18:05:18 +0100 Subject: Shutdown storage in browser context adapter destructor Shutdown storage should take place in destructor, otherwise it might get recreated on web content destruction. Task-number: QTBUG-66081 Change-Id: Ibba3fce50e05e09131cf45061320a9f99267babd Reviewed-by: Allan Sandfeld Jensen --- src/core/browser_context_adapter.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/core/browser_context_adapter.cpp b/src/core/browser_context_adapter.cpp index 41b5b1932..683b9c0d2 100644 --- a/src/core/browser_context_adapter.cpp +++ b/src/core/browser_context_adapter.cpp @@ -103,11 +103,11 @@ BrowserContextAdapter::BrowserContextAdapter(const QString &storageName) BrowserContextAdapter::~BrowserContextAdapter() { Q_ASSERT(!m_downloadManagerDelegate); + m_browserContext->ShutdownStoragePartitions(); } void BrowserContextAdapter::shutdown() { - m_browserContext->ShutdownStoragePartitions(); if (m_downloadManagerDelegate) { m_browserContext->GetDownloadManager(m_browserContext.data())->Shutdown(); m_downloadManagerDelegate.reset(); -- cgit v1.2.3 From 7604806e71e6b7931b3ea06ed3aa9aae33ac5883 Mon Sep 17 00:00:00 2001 From: Michal Klocek Date: Thu, 8 Feb 2018 10:55:01 +0100 Subject: Ignore PKG_CONFIG* shell exports for Yocto Yocto sets GN_HOST_PKG_CONFIG script for native tools builds, therefore skip host pkg-config script generation even if PKG_CONFIG* shell variables for target are exported. Task-number: QTBUG-66275 Change-Id: I4a9939cd67ca5f32faeb827b5df0d3274ae7c30e Reviewed-by: Samuli Piippo --- src/core/config/linux.pri | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/core/config/linux.pri b/src/core/config/linux.pri index d337f686f..1ce3ea89d 100644 --- a/src/core/config/linux.pri +++ b/src/core/config/linux.pri @@ -115,12 +115,12 @@ host_build { PKG_CONFIG_HOST = $$(GN_PKG_CONFIG_HOST) pkgConfigLibDir = $$(PKG_CONFIG_LIBDIR) pkgConfigSysrootDir = $$(PKG_CONFIG_SYSROOT_DIR) - isEmpty(PKG_CONFIG_HOST): PKG_CONFIG_HOST = $$QMAKE_PKG_CONFIG_HOST - cross_compile { + isEmpty(PKG_CONFIG_HOST): cross_compile { !isEmpty(pkgConfigLibDir)|!isEmpty(pkgConfigSysrootDir) { PKG_CONFIG_HOST = $$pkgConfigHostExecutable() } } + isEmpty(PKG_CONFIG_HOST): PKG_CONFIG_HOST = $$QMAKE_PKG_CONFIG_HOST gn_args += host_pkg_config=\"$$PKG_CONFIG_HOST\" } -- cgit v1.2.3