| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7ff159da..0ad28143:
> [Backport] CVE-2021-4102: Use after free in V8
> [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
> [Backport] CVE-2021-4099: Use after free in Swiftshader
> [Backport] CVE-2021-4098: Insufficient data validation in Moj
Task-number: QTBUG-98854
Change-Id: Ic6b7ed9e3950bba758af17e95b653b5308d764a2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty bfc2de04..b77d6430:
> Bump V8_PATCH_LEVEL
> [Backport] CVE-2021-4078: Type confusion in V8
> [Backport] CVE-2021-4079: Out of bounds write in WebRTC
> [Backport] Security bug 1259899
> [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
> [Backport] CVE-2021-4059: Insufficient data validation in loader
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
> [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
> [Backport] CVE-2021-4057: Use after free in file API
> Use wglSetPixelFormat directly only if in software mode
> Compile with GCC 11 -std=c++20
Task-number: QTBUG-98854
Change-Id: I7279387c9c7afece1eb51abb2f68d2e65f4dd31f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
| |
Add feature to enable compilation with static runtime.
Fixes: QTBUG-94046
Change-Id: I6e150cfaad020dfd942c45111139556b7e50dce5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Adds -fembed-bitcode-marker for debug or -fembed-bitcode
in case of release.
Fixes: QTBUG-94368
Change-Id: I65031a545517799245e8d08d79e78141d26e9c58
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8c0a9b44..bfc2de04:
> [Backport] CVE-2021-37996 : Insufficient validation of untrusted
input in Downloads
> [Backport] CVE-2021-38001 : Type Confusion in V8
> [Backport] Security bug 1252858
> [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
> [Backport] Dependency for CVE-2021-37989
> [Backport] CVE-2021-38022: Inappropriate implementation in
WebAuthentication
> [Backport] CVE-2021-38012: Type Confusion in V8
> [Backport] CVE-2021-38010: Inappropriate implementation in service
workers
> [Backport] CVE-2021-38021: Inappropriate implementation in referrer
> [Backport] CVE-2021-38005: Use after free in loader (3/3)
> [Backport] CVE-2021-38005: Use after free in loader (2/3)
> [Backport] CVE-2021-38005: Use after free in loader (1/3)
> [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
> [Backport] CVE-2021-38007: Type Confusion in V8
> [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
sandbox
> [Backport] CVE-2021-38009: Inappropriate implementation in cache
> [Backport] Dependency for CVE-2021-38009
> [Backport] CVE-2021-38015: Inappropriate implementation in input
> [Backport] CVE-2021-38018: Inappropriate implementation in
navigation
> Revert "Stop orphan child processes from staying alive on Windows"
> Fix stack overflow on gpu channel recreate with an error
> [Backport] Security bug 1245870
> [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
> [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
> [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
> [Backport] CVE-2021-37987 : Use after free in Network APIs
> [Backport] CVE-2021-38003 : Inappropriate implementation in V8
> [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
attack bypasses all existing protection mechanisms
> [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in
xmlEncodeEntitiesInternal() in entities.c
Task-number: QTBUG-98854
Fixes: QTBUG-98855
Fixes: QTBUG-98400
Fixes: QTBUG-98401
Change-Id: Idb07729bf45ed59eb8163186925095e1a1e30318
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems accessing accessibility from qt post routines ends
badly since caches are gone already.
Add closingDown() function to web context, which is similar to
QCoreApplication::closingDown(), however return true on
post routine.
Guard delete accessibility calls.
Note the widget part is not necessary, but added for completeness,
since only qml can release profiles due to garbage collection.
Fixes: QTBUG-90904
Change-Id: Ic0e7115cd17eb58f3d58f70fefbc197dfb7a6493
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 89bb3c97eee9cd4bf9fb536f024715e606e49ae0)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
The network-service isn't sandboxed anyway, so there is no added
security by the process separation.
Fixes: QTBUG-84105
Change-Id: Ie3fbda26f0cf8f31166b37a8537b7e1b6d11b560
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit bc175fb62a1d2aba9c98ba761d5e21d3d7426678)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 9f71911e3..8c0a9b445:
> Revert "[Backport] Security bug 1239116"
> [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
> [Backport] sandbox: linux: allow clock_nanosleep & gettime64
> [Backport] Linux sandbox: update syscall numbers for all platforms.
> Revert "[Backport] CVE-2021-37976 : Information leak in core"
> [Backport] Ease HarfBuzz API change with feature detection
> Bump V8_PATCH_LEVEL
> CVE-2021-37972 : Out of bounds read in libjpeg-turbo
> Add switch for static and dynamic crt
> [Backport] Security bug 1248665
> [Backport] CVE-2021-37975 : Use after free in V8
> [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
> [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
> [Backport] CVE-2021-37976 : Information leak in core
> [Backport] CVE-2021-30616: Use after free in Media.
> [Backport] Dependency for CVE-2021-30616
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
> [Backport] CVE-2021-37973 : Use after free in Portals
> [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
> [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
> [Backport] Linux sandbox: return ENOSYS for clone3
> [Backport] Linux sandbox: fix fstatat() crash
> [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
> [Backport] Security bug 1238178 (2/2)
> [Backport] Security bug 1238178 (1/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
> [Backport] CVE-2021-30630: Inappropriate implementation in Blink
> [Backport] CVE-2021-30629: Use after free in Permissions
> [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
> [Backport] CVE-2021-30625: Use after free in Selection API
> [Backport] Security bug 1239116
> [Backport] Security bug 1206289
> [Backport] CVE-2021-30613: Use after free in Base internals
> [Backport] Security bug 1227228
> [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
Task-number: QTBUG-96908
Change-Id: Ib473ba7dc4ac799288d69812d59e229118793d41
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit f0a1cb8da24518c03858b85378f9ad82b0603a1a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pinch gesture on a touchpad is expected to zoom-in and zoom-out. It has
been broken since the pinch gestures are routed because for routing the
event target has to be found. The event target is only tried to be found
on a pinch begin gesture.
As a fix, handle Qt::BeginNativeGesture and Qt::EndNativeGesture events
too.
Fixes: QTBUG-96930
Change-Id: Ic8fe5bee933b5e0fbc8f5ba6234363a0a625648d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit ff54ccc82fdba26cf16b9a64b387e3b428fb3038)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Struct _XkbRF_VarDefs for XkbRF_GetNamesProp needs special cleanup
logic, but it's currently missing from API:
https://gitlab.freedesktop.org/xorg/lib/libxkbfile/-/issues/6
Workaround it with manual deinitialization.
Change-Id: I3ebe20f58199277521b31b2cd8034c92fd1f2b7f
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit acf9d9de2bb3ac195adc257f4a307e447e171614)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
XRRMonitorInfo struct is supposed to be cleaned-up after getMonitors
with a separate call to freeMonitors.
Change-Id: Iacc296d1f5e434a1d52798fe09d57833660b7952
(cherry picked from commit b868f2893b3ba2fb02d9c7212de7e01b3f9e498a)
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-96849
Change-Id: I0e0a1530b8b31341c632a1fd00abd339b5152da0
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit f6f8f258be09fef90585b0228bd82a9708ef34a6)
|
| |
|
|
|
|
|
|
|
|
|
| |
We invalidate the weak pointer factory before waiting on the error
callback, meaning it will never come.
Task-number: QTBUG-96928
Change-Id: Ia5091f7398e79f835ce34dfd48f3c36859382b53
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 7c35fa991f0e523e6d0901109caceed5aaac3658)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty c8087cb6..9f71911e:
> [Backport] CVE-2021-30560: Use after free in Blink XSLT
Task-number: QTBUG-94103
Change-Id: I3e43653b6b3370d71b09b52a781a3b1d6c82293e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 2acbba86362ac3a1c2d8c20390dc263875f8f09c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 24fe4f70..c8087cb6:
> [Backport] CVE-2021-30566: Stack buffer overflow in Printing
> [Backport] CVE-2021-30585: Use after free in sensor handling
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1228036
> [Backport] CVE-2021-30604: Use after free in ANGLE
> [Backport] CVE-2021-30603: Race in WebAudio
> [Backport] CVE-2021-30602: Use after free in WebRTC
> [Backport] CVE-2021-30599: Type Confusion in V8
> [Backport] CVE-2021-30598: Type Confusion in V8
> [Backport] Security bug 1227933
> [Backport] Security bug 1205059
> [Backport] Security bug 1184294
> [Backport] Security bug 1198385
> [Backport] CVE-2021-30588: Type Confusion in V8
> [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
> [Backport] CVE-2021-30573: Use after free in GPU
> [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
> [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
> [Backport] CVE-2021-30541: Use after free in V8
> [Backport] Security bugs 1197786 and 1194330
Task-number: QTBUG-94103
Task-number: QTBUG-95581
Change-Id: I1900426d64727fc065d438a0e4b3b9e916d537c0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 1b9897bbe11c6ed6b27fe45b6faa20f300149b99)
|
| |
|
|
|
|
|
|
| |
Newer MSVC 2019 versions reports this number
Change-Id: Iab20de746416705f10f7da95eeb319815512e07d
Reviewed-by: Tarja Sundqvist <tarja.sundqvist@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Do not try to use WebContentsDelegate of a guest WebContents.
Pick-to: dev 6.2
Task-number: QTBUG-95269
Change-Id: If7bbd25bcac26c30a4ff1bee3f732ba01215ec4b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 5db4492a..24fe4f70:
> [Backport] Security bug 1194689
> [Backport] CVE-2021-30563: Type Confusion in V8
> [Backport] Security bug 1211215
> [Backport] Security bug 1209558
> [Backport] CVE-2021-30553: Use after free in Network service
> [Backport] CVE-2021-30548: Use after free in Loader
> [Backport] CVE-2021-30547: Out of bounds write in ANGLE
> [Backport] CVE-2021-30556: Use after free in WebAudio
> [Backport] CVE-2021-30559: Out of bounds write in ANGLE
> [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
> [Backport] Security bug 1202534
> [Backport] CVE-2021-30536: Out of bounds read in V8
Task-number: QTBUG-94103
Change-Id: I500b3258a90ea4f5d932777b9f217b6da1b8778c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7948becb..5db4492a:
> [Backport] CVE-2021-30522: Use after free in WebAudio
> [Backport] CVE-2021-30554 Use after free in WebGL
> [Backport] CVE-2021-30551: Type Confusion in V8
> [Backport] CVE-2021-30544: Use after free in BFCache
> [Backport] CVE-2021-30535: Double free in ICU
> [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
> [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio
> [Backport] CVE-2021-30523: Use after free in WebRTC
Task-number: QTBUG-94103
Change-Id: Ib1d77dae4c4b0f98f3eaf99442159374b8003fe7
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
| |
Submodule src/3rdparty eaffb82d..7948becb:
> Generate mojo bindings before compiling extension API registration
Change-Id: Ie01368c9a082142801f0d0f8672ed7461631cfa1
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
| |
The input event router does not like MayBegin.
Fixes: QTBUG-93082
Change-Id: I4ac9677d7f69da3d36fc33c17541026f011feb42
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 588ea0d45f983f70e707a502cb4f3e429bbd3876)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty dc35950b..eaffb82d:
> [Backport] Security bug 1201938
> [Backport] Security bug 1201340
> [Backport] Security bug 1195331
> [Backport] Security bug 1204071
> [Backport] CVE-2021-30518: Heap buffer overflow in Reader Mode
> [Backport] CVE-2021-30516: Heap buffer overflow in History.
> [Backport] CVE-2021-30515: Use after free in File API
> [Backport] CVE-2021-30513: Type Confusion in V8
> [Backport] CVE-2021-30512: Use after free in Notifications
> [Backport] CVE-2021-30510: Race in Aura
> [Backport] CVE-2021-30508: Heap buffer overflow in Media Feeds
> Workaround revoked certificate check on Linux
Fixes: QTBUG-92895
Change-Id: Ib83f18a256822a2a6feb5dcdd1df7e933a2dd271
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Speculative fix.
Add custom qtwebengine mojo_bindings as a dependency for compiling
chrome sources.
Change-Id: I930a8c94b8ffe02188659169fd9f27c99f42fb0b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 1d3b13e9..dc35950b:
> FIXUP: third_party perfetto: add missing include for clang, asan and no_pch
> Bump V8_PATCH_LEVEL
> Fix build with GCC 11
Fixes: QTBUG-93744
Change-Id: If79bfb844f03052eab4d11018f07357b383626a7
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-93304
Change-Id: If2f30aab1c6a6eb81cfbad51318ec31adf5e96b6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: If2445171232864cb4ac51888ccc93bc00cb099a2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pulls in the following changes:
Submodule src/3rdparty 6c7b4ffb..1d3b13e9
> 1d3b13e9634 Make clang to inline load/store atomic calls for YieldSortKey struct
> f6730fe81a0 Enable XkbKeyboardLayoutEngine::SetCurrentLayoutByName for Qt
Fixes: QTBUG-92971
Change-Id: I0c0cddfe4d3e25fd6d3f7e0764b302c300303172
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
If they use NORMAL, then we should too.
Change-Id: I252b4606c692ba483434c126fcda3a7484f399e2
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was added to suppress progress notification for error page load
after failure, but since error page load is reported as a new navigation
(which clears list of tracked frames), it was actually doing the
opposite thing. The only situation where it suppresses progress is when
navigation was not finished (due to invalid domain or network error),
but in this case it was real progress change for whole load which should
propagate further.
Change-Id: Ifd1d681fb5c6495fb3afdc4247364afb4472c959
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change tries to match how chromium treats one single load. Before
the pair of loadStarted/loadFinished methods for api classes was called
on delegate's DidStartNavigation/DidFinishNavigation, which might be many
within one single logical load. This is true for multiple usecases (like
multiple redirects on load, immediate form submit on DOM load, page's
subresource load, or just an error page load on failure). Tracking these
methods and deciding when to emit signals based on states are error-prone
and complicates logic for no benefits. Also it somewhat lies about when
real load is done, which is only started and finished on outer methods
DidStartLoading/DidStopLoading, which are conveniently called only once
for all mentioned usecases. So, this change uses these methods to issue
signals for load start/finish, and only makes exception for error page,
which is needed for quick's private test support.
Fixes: QTBUG-65223
Fixes: QTBUG-76802
Fixes: QTBUG-87089
Fixes: QTBUG-90342
Fixes: QTBUG-91773
Fixes: QTBUG-92063
Change-Id: I9cc99b639030fedd8cf6a9dc04d0869d6be6357d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
| |
Task-number: QTBUG-76802
Change-Id: I38cd148706c0479ffbad1e0d2877adc1cad9038d
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
This form of OCSP is not good, so try to at least allow it to be
disabled, until we remove it.
Fixes: QTBUG-91467
Change-Id: Ied9e8c4960e6ea1503dea39ebbced2ad1af08d5d
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 3f594ea1..6c7b4ffb:
> FIXUP: Avoid crashing on new window in cross-origin isolated content
> [Backport] Security bug 1198309
> [Backport] CVE-2021-21231: Insufficient data validation in V8
> [Backport] CVE-2021-21230: Type Confusion in V8
> [Backport] CVE-2021-21233: Heap buffer overflow in ANGLE
> [Backport] CVE-2021-21227: Insufficient data validation in V8
> Avoid crashing on new window in cross-origin isolated content
> Fix build with system ICU 69
Change-Id: Iab339abb1a34ce93e03f64608c6b5c5719f36fce
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |\
| |
| |
| | |
Change-Id: I659eb87245dfd59f014a7ca152c9f261ad400238
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty dd45b1a1..3f594ea1:
> [Backport] Security bug 1155297 (3/3)
> [Backport] Security bug 1155297 (2/3)
> [Backport] Security bug 1155297 (1/3)
> [Backport] Security bug 1192552
> [Backport] CVE-2021-21225: Out of bounds memory access in V8 (2/2)
> [Backport] CVE-2021-21225: Out of bounds memory access in V8 (1/2)
> [Backport] CVE-2021-21224: Type Confusion in V8
> [Backport] CVE-2021-21223: Integer overflow in Mojo
> [Backport] CVE-2021-21222: Heap buffer overflow in V8
Task-number: QTBUG-92895
Change-Id: I9c5c3aa451d8a4cab018e23a6407fd0e1f7a58de
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty c38ae3ec..dd45b1a1:
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (5/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (4/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (3/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (2/5)
> [Backport] CVE-2021-21209: Inappropriate implementation in storage (1/5)
> [Backport] Security bug 1184441
> [Backport] Security bug 1162424
Task-number: QTBUG-92895
Change-Id: I04217fe2026d0087e4b7bd9bc6d5e8fcb5e25ebd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submodule src/3rdparty 6764c29f..c38ae3ec:
> [Backport] Security bug 1190525
> [Backport] Security bug 1161759
> [Backport] Security bug 1175503
> [Backport] Security bugs 1175522 and 1181276
> [Backport] CVE-2021-21219: Uninitialized Use in PDFium
> [Backport] CVE-2021-21217 and CVE-2021-21218: Uninitialized Use in PDFium
> [Backport] CVE-2021-21214: Use after free in Network API
> [Backport] CVE-2021-21213: Use after free in WebMIDI
> [Backport] CVE-2021-21207: Use after free in IndexedDB
> [Backport] CVE-2021-21221: Insufficient validation of untrusted input in Mojo
> [Backport] CVE-2021-21204: Use after free in Blink.
> [Backport] CVE-2021-21203: Use after free in Blink
> [Backport] CVE-2021-21202: Use after free in extensions.
> [Backport] CVE-2021-21201: Use after free in permissions
Task-number: QTBUG-92895
Change-Id: I7e6f3d443366bb291cab027510f76788c14fc023
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A server redirect might not have been reflected in the navigation type
at this point, so also check the is_redirect value.
Fixes: QTBUG-92819
Change-Id: I711ef041de69552bc3485c9cf3db68c9e6033d6a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit b29b245fcb9db741d14180ea7e8dcb3ad2d4f49a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When printing with the default resolution of QPrinter, rasterized images
of pages are just too small to produce sharp result. Documentation of
QPrinter also mentions that the default ScreenResolution should
only be used for drafts.
Change-Id: I5fe93f7985d16b1126cf2bbcb9b4a4ddbdfd21f2
Task-number: QTBUG-92185
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Different countries (with the same language) can have different number
formatting and navigator.language should report not only the language,
but also the country. Locale normalization often falls back by cutting
the country off, because we have common .pak files for countries with
the same language.
This patch:
- Uses the locale resolvation only for concatenating .pak file paths
and reports the full locale everywhere else.
- Properly sets default ICU locale for JS number formats and prevents
l10n_util::GetApplicationLocale() to set it sneakily to some resolved
one.
- Fixes the crashing --lang command line argument and always prefers
its value over QLocale.
Task-number: QTBUG-91225
Change-Id: I1c09798abdb523b80f0b7a3d69fa8d7a08c7c09a
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
| |
A server redirect might not have been reflected in the navigation type
at this point, so also check the is_redirect value.
Pick-to: 5.15.4
Fixes: QTBUG-92819
Change-Id: I711ef041de69552bc3485c9cf3db68c9e6033d6a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Stop using SiteForCookies::RepresentativeUrl() if it is used to provide
first party url because it returns a truncated URL and our API is expected
to return the full url of the first party.
Fixes: QTBUG-90231
Change-Id: I628f7f31bfbeaf3de976ae9af1a8fa6408b661c5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d13920f2..048f5e99:
> [Backport] CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64
> [Backport] CVE-2021-21206: Use after free in Blink
> Fix build with no extensions on mac
Task-number: QTBUG-92080
Change-Id: I0265d3992ac3ec7fe0f55405daf58d1fc2789b12
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: Iafdfb3c740ce42119a9891729be1ea0c89249039
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When using QtWebView with WebEngine then it will hook the call to
QtWebEngine::initialize() to the start up of the application object which
means it will output the warning because it already exists. However
there is still time at this point to set what is needed because it is
still being initialized. So by checking if the application is running
(i.e. !startingUp()) then we can be safe in knowing that it is still
able to do the initialization.
Change-Id: I8c5d8808b4b09e1e7bbf4be52e5efc0786ce1472
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cover all cases from https://pdfobject.com/static
- Plugin placeholder is generally broken: displays garbage and crashes
on interaction. Fix it and show when PDFs are included by <embed>
or <object> tags.
- Do not start an automatical download when the disabled PDF plugin
was requested by an iframe. Show a clickable placeholder and let the
end-users start it manually.
- Remove unused class PluginPlaceholderQt
Task-number: QTBUG-76314
Change-Id: I01a0c93ab23f54e4272f5aeb30578de0dcf18932
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since 42b5da qtbase supports an installation of 3rdpaty
in case of static builds. Depend on 'public' qtbase 3rdparty
installed libs. This fixes prl generation by not including
build paths.
Task-number: QTBUG-91385
Change-Id: Ib0609b2b92d6759aad639154617b45fc2fe96916
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use correct qt zlib lib in case of windows.
Passing qtzlib is actually just done in shake of clarity
and proper dependency tracking since qtCore is most likely
always a dependency for any user app.
Fixes: QTBUG-91476
Change-Id: I20816ebf926472c642847e2611797a6decdeecee
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Fix duplicated symbols for category logging between
core and qml plugin.
Task-number: QTBUG-91476
Change-Id: I532ad35b8b0e8a0b93e51b9b7a7b3a4602fad9b3
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule update src/3rdparty 8d49f9a2..d13920f2:
> [Backport] Security bug 1185482
> [Backport] Security bug 1161847
> [Backport] Security bug 1161379
> [Backport] CVE-2021-21198: Out of bounds read in IPC
> [Backport] CVE-2021-21195: Use after free in V8
Task-number: QTBUG-92080
Change-Id: I638a0fa0285d46736cfbf5406874702bd3600580
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
