| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 22fec96c..d3c3d748:
* Revert "[Backport] CVE-2023-0704: Insufficient policy enforcement in DevTools"
* Do not stop navigation during saving the page if not necessary
* Pass through non-keymutex share handles
* [Backport] CVE-2023-1236: Inappropriate implementation in Internals
* [Backport] CVE-2023-0704: Insufficient policy enforcement in DevTools
* [Backport] Security bug 1417585
* [Backport] Security bug 1418734 (2/2)
* [Backport] Security bug 1418734 (1/2)
* [Backport] Security bug 1415249
* [Backport] Security bug 1402921
* [Backport] Security bug 1337747
* [Backport] Security bug 1412991
* [Backport] CVE-2023-1532: Out of bounds read in GPU Video
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] CVE-2023-1530: Use after free in PDF (2/2)
* [Backport] CVE-2023-1530: Use after free in PDF (1/2)
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1235: Type Confusion in DevTools
* [Backport] CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* [Backport] CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (3/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (2/3)
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics (1/3)
* [Backport] CVE-2023-1218: Use after free in WebRTC
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1215: Type Confusion in CSS
* [Backport] CVE-2023-1214: Type Confusion in V8
Pick-to: 6.5
Fixes: QTBUG-112166
Change-Id: I747f60f72cbf6847bc0ee89bee655972968da921
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 7e5ee9d6..10e54a07:
* FIXUP: Fixes for building with MSVC
* Fixup for [Backport] CVE-2023-0705: Integer overflow in Core (2/2)
* Fix android on mac support
* Add android config support
* Merge branch 'upstream-master' into HEAD
* Add android required resources for chromium repo
* [Backport] CVE-2023-0696: Type Confusion in V8
* [Backport] Security bug 829317 (2/2)
* [Backport] Security bug 829317 (1/2)
* [Backport] CVE-2023-0705: Integer overflow in Core (2/2)
* [Backport] CVE-2023-0705: Integer overflow in Core (1/2)
* [Backport] Security bug 1400809
* [Backport] Security bug 1325096
* [Backport] CVE-2023-0701: Heap buffer overflow in WebUI.
* [Backport] CVE-2023-0702: Type Confusion in Data Transfer
* [Backport] CVE-2023-0699: Use after free in GPU (2/2)
* [Backport] CVE-2023-0699: Use after free in GPU (1/2)
* [Backport] CVE-2023-0703: Type Confusion in DevTools
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC (2/2)
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC (1/2)
* Merge branch 'upstream-master' into 108-based
* BASELINE: Update Chromium to 108.0.5359.220
Pick-to: 6.5
Task-number: QTBUG-111363
Task-number: QTBUG-83459
Change-Id: Id67893339f68e382e10ae10bbfddeffc8b60ae88
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Pick-to: 6.5
Change-Id: If905393d73892256175ac5059503a9fc4a6a32f6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty d7abc8b24..1ccfe20ad:
> FIXUP: Jumbo builds
> Merge remote-tracking branch 'origin/upstream-master' into 108-based
Pick-to: 6.5
Change-Id: Ib11a7e5422415229c5ed109d63375c4953df97d2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
Pick-to: 6.5
Fixes: QTBUG-105147
Change-Id: I0022964903f3443cc97843c62468ab9be8ae2ed8
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty be36115f0..d3786fd69:
> FIXUP: Fix browser DCHECK
> FIXUP: Fixes for jumbo build
> Merge branch 'upstream-master' into 106-based
> Fix browser DCHECK
Change-Id: Ia38b518a9c51f7a0da51de02f28b32374f5b9a3c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-105147
Change-Id: I47b9e46df18420b75b205e818b117ee632680873
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Sumbmodule src/3rdparty 24df9c9b..9457651e:
> [Backport] CVE-2022-3723: Type Confusion in V8
Task-number: QTBUG-108106
Change-Id: Ic6ae78e84df7198e5729f1377b60d774e1b1e5fa
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 43b92e07d..1dc53de69:
> [Backport] CVE-2022-3040: Use after free in Layout
> [Backport] CVE-2022-3041: Use after free in WebSQL
> [Backport] CVE-2022-3038: Use after free in Network Service
> Merge branch 'upstream-master' into 102-based
Fixes: QTBUG-106254
Pick-to: 6.4 6.4.0
Change-Id: Ifd55481c8d26f0e2cf8cb9e01cdaa8aa530354d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 8496e134..620599a6:
* 2nd fixup for [Backport] CVE-2022-2605
* Fixup for [Backport] CVE-2022-2605: Out of bounds read in Dawn (1/3)
* [Backport] CVE-2022-2854: Use after free in SwiftShader
* [Backport] CVE-2022-2860: Insufficient policy enforcement in Cookies
* [Backport] CVE-2022-2855: Use after free in ANGLE
* [Backport] CVE-2022-2857: Use after free in Blink
* [Backport] CVE-2022-2853: Heap buffer overflow in Downloads
* Disable accelerated_2d_canvas for Intel drivers on Windows
* [Backport] CVE-2022-2605: Out of bounds read in Dawn (3/3)
* [Backport] CVE-2022-2605: Out of bounds read in Dawn (2/3)
* [Backport] CVE-2022-2605: Out of bounds read in Dawn (1/3)
* Native spellchecker: Fix it when enabled
* Fix build without spellcheck
* [Backport] Security bug 1264288
* [Backport] Security bug 1333970
* [Backport] Security bug 1343889
Pick-to: 6.4
Fixes: QTBUG-104640
Task-number: QTBUG-1053266
Change-Id: I9fec122a689bcdf0afdec482b7a60cb5f811543d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Otherwise it will look like we are still vulnerable to
the critical CVEs
Change-Id: I205e4b5cb72021f56621772d36a27f9fa5dc340c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 00e4a2ac3f694b5ec1999af3518f1c550b662057)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 2aad1f40..7dba564e:
> Revert "[Backport] CVE-2022-0297: Use after free in Vulkan"
> [Backport] CVE-2022-0297: Use after free in Vulkan
> [Backport] Security bug 1292537
> [Backport] Security bug 1289394
> [Backport] Security bug 1289384
> [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API
> [Backport] CVE-2022-0609: Use after free in Animation
> [Backport] CVE-2022-0608: Integer overflow in Mojo
> [Backport] CVE-2022-0607: Use after free in GPU
> [Backport] CVE-2022-0606: Use after free in ANGLE
> [Backport] CVE-2022-0303: Race in GPU Watchdog
> [Backport] CVE-2021-4056: Type Confusion in loader
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (4/4)
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (3/4)
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (2/4)
> [Backport] CVE-2022-0466: Inappropriate implementation in Extensions Platform (1/4)
> [Backport] CVE-2021-4066: Integer underflow in ANGLE
> [Backport] Security bug 1268448
> [Backport] Security bug 1265570
> [Backport] Security bug 1252562
> [Backport] Security bug 1274113
> [Backport] CVE-2022-0470: Out of bounds memory access in V8
> [Backport] CVE-2022-0457: Type Confusion in V8
> [Backport] CVE-2022-0456: Use after free in Web Search
> [Backport] CVE-2022-0453: Use after free in Reader Mode
> [Backport] CVE-2022-0464: Use after free in Accessibility
> [Backport] Security bug 1261415
> [Backport] CVE-2021-4053: Use after free in UI
> [Backport] Security bug 1271747
> [Backport] CVE-2022-0468: Use after free in Payments (2/2)
> [Backport] CVE-2022-0468: Use after free in Payments (1/2)
> [Backport] CVE-2022-0461: Policy bypass in COOP
> [Backport] CVE-2022-0460: Use after free in Window Dialog
> [Backport] CVE-2022-0459: Use after free in Screen Capture
> [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
> FIXUP: Keep the close button when "undocked", as we can dock differently
> Fix more windows build errors on build without jumbo
> FIXUP: Add missing include for Supplement
Change-Id: I82671c60c00c940c4943a0df4234ac7286e9c0dd
Pick-to: 6.3
Task-number: QTBUG-101051
Task-number: QTBUG-99099
Task-number: QTBUG-99720
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
| |
Change-Id: I9fb8998a3a7762b0aea70993ca231f0bbf4f7761
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
| |
Should have been with the security patch merge
Change-Id: I7d41fb7eb8cb61a7eebf4edec70199e013db6561
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit f861c5cbc305992f971e168646473f3ee60a3750)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
|
Change-Id: I9796f31dab4cac7f8fbf0fdc2474304f0cde8fc3
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 9b10ac64734f76c635c96d902217fd9d954915c1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|