| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Escape any HTML encodings, as we have no convenient way to set formating
to Qt::PlainText.
Fixes: QTBUG-83338
Change-Id: I4d8cb05fe643eb018d3e40119c629e7304fe0813
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-83101
Change-Id: I7ca8271cc88c7e157c36c79e06fa378f4bce48e4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
With the later versions of Chrome it will place the WidevineCdm plugin
inside the Program Files folder, so we need to check in there for the
plugin on Windows as well as the older locations.
Change-Id: I4ce10536dbd4779a2c3631827a9cb3a5eb8cb7d0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the following changes:
ab79f5394af [Backport] CVE-2020-6426: Inappropriate implementation in V8.
c110d4f93df [Backport] CVE-2020-6422: Use after free in WebGL.
8f4cef2a9d9 [Backport] CVE-2020-6427: Use after free in audio.
72d0936150f [Backport] CVE-2020-6428: Use after free in audio.
2a9a1c057d8 [Backport] CVE-2020-6429: Use after free in audio.
9aabebeb69b [Backport] CVE-2020-6449: Use after free in audio.
6c9be50c2d9 [Backport] CVE-2019-20503: Out of bounds read in usersctplib
Task-number: QTBUG-81909
Change-Id: I15d5a786db945202f8577e894e9f0e1fb6bf6086
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Running build in parallel for debug and release on mac os
was resulting in corrupted resource, due to possible
simultaneous QMAKE_BUNDLE_DATA resources write
from release and debug builds. Add missing qtConfig checks.
Fixes: QTBUG-76549
Change-Id: Icc0dee7b06d442e9c15d7afa53c0372e8d82b4a2
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Pulls in the following change
f7ffd2f7dff Fixup for [Backport] CVE-2020-6401 (2/3)
Fixes: QTBUG-81909
Change-Id: I735544d31dc97c0e85a0abf912ed3651b3adee1c
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pulls in the following changes:
80bf361c042 [Backport] Dependency for security bug 925035
4af826b4d35 [Backport] Fix for security issue 925035
Change-Id: I1941c5c9b91028129e76b1f95186d2ec2140ab8b
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the following changes:
7622e2b8071 [Backport] CVE-2020-6395 - Out of bounds read in JavaScript
2643eee04e0 [Backport] CVE-2020-6410 - Insufficient policy enforcement in navigation
f938fe1765e [Backport] CVE-2020-6412 - Insufficient validation of untrusted input in Omnibox
98f5d9e5b14 [Backport] CVE-2020-6413 - Inappropriate implementation in Blink
e95d8df0220 [Backport] CVE-2020-6415 - Inappropriate implementation in JavaScript
cac651b7205 [Backport] Security bug 1020031
20b67be01c3 [Backport] Security bug 1016506
5043a049628 [Backport] Security bug 1026293
edd82d1d7ce [Backport] Security bug 1047097
334bb80e4ce [Backport] Security bug 1025442
6f1a37c63ba [Backport] Security bug 1016038
Change-Id: I443677e4d832c7f7336eb95cd640f69be11dbe1e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |\
| |
| |
| | |
Change-Id: I50afabc6022fea5b3db2a7dcb8659b654573661f
|
| | |
| |
| |
| |
| | |
Change-Id: I1420b0c6293fbd3caf5dce3ada3b6fec90c74bfc
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Without this, an already focused web element might not be read
when QQuickWebEngineView gets the active focus.
QWidget::setFocus() does this for Widget.
Fixes: QTBUG-81539
Change-Id: Iaa418c416871e580583ea05e50b223dea3501fd8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The RenderWidgetHostViewQtDelegate(Widget|Quick)Accessible interfaces
are forwarding their queries to the WebEngineView. In case of widget,
the view also forwards the query to the page.
The accessible interfaces may outlive the view and page. The interfaces
are not supposed to be used after the destruction of the underlying
objects. Thus, set the RenderWidgetHostViewQtDelegate and WebEngineView
accessible interfaces invalid if the corresponding pointers are null.
Also fix querying the root accessible interface of the web page when
the render frame host is not available.
This fixes crash when
QT_LOGGING_RULES="qt.accessibility.cache.debug=true"
is set and logger tries to pretty-print QAccessibleInterfaces during
destruction.
Task-number: QTBUG-78284
Change-Id: If18af0605061fcd82d019d0042dbf1c9d3a910be
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ACCESSIBILITY_EVENTS permission is used to enable AOM
(Accessibility Object Model) event listeners in blink. The current
implementation of the AOM is deprecated and it doesn't seem to be
supported in the foreseeable future by QtWebEngine.
Avoid the "Not implemented" error message in case of this permission
type because it is kept unsupported on purpose but blink still registers
permission status listener when AXObjectCache is created.
Change-Id: I4e9babb06015635e6c4c94c8fe433c714329692b
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The RenderViewObserverQt_SetBackgroundColor message was sent with wrong
Routing ID.
This fix also cleans up RenderWidgetHostViewQt::UpdateBackgroundColor()
method.
Fixes: QTBUG-81781
Change-Id: Ida198fb061715d389859ace17e1f773db491c51d
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in the following changes:
b6fde543e11 FIXUP: Fix build with gcc 5
feeaf8ecd52 [Backport] CVE-2020-6406 - Use after free in audio
ada63371baf [Backport] CVE-2020-6392 - Insufficient policy enforcement in extensions
80029e44737 [Backport] CVE-2020-6393 - Insufficient policy enforcement in Blink
cfd1a2eb98c [Backport] CVE-2020-6394 - Insufficient policy enforcement in Blink
8b524801b75 [Backport] CVE-2020-6396 - Inappropriate implementation in Skia
7b2e898f2b4 [Backport] CVE-2020-6398 - Uninitialized use in PDFium
d8c1659ae97 [Backport] CVE-2020-6400 - Inappropriate implementation in CORS
4d5dbe41ae3 [Backport] CVE-2020-6401 (1/3) and CVE-2020-6411
b88a10e7a66 [Backport] CVE-2020-6401 (2/3)
25b6ec913a1 [Backport] CVE-2020-6401 (3/3)
31bf030226a [Backport] CVE-2020-6404 - Inappropriate implementation in Blink
42e3d739230 [Backport] CVE-2020-6399 - Insufficient policy enforcement in AppCache
02f1da71840 [Backport] Security bug 1035723
3e757b536e5 [Backport] Dependency for CVE-2020-6391
f720be4aac5 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (1/3)
e7980ade9ab [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (2/3)
3f6e9bf1fb0 [Backport] CVE-2020-6391 - Insufficient validation of untrusted input in Blink (3/3)
6b0d12aa31a [Backport] Security bug 1018629
Change-Id: I929158db502b6e3705e50cd3c0da6601d3a17c04
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in the following changes:
a7d90c1eadc Fix undefined range-based for loops in torque
24581ca7dde [Backport] Security bug 1040700
e4659a4c8a8 [Backport] CVE-2020-6418 - Type confusion in V8
5707cc4f757 [Backport] CVE-2020-6383 - Type confusion in V8
642c7bea74e [Backport] CVE-2020-6407: Out of bounds memory access in streams
d8724284f47 [Backport] CVE-2020-6384: Use after free in WebAudio
e87caa4598d [Backport] Security bug 1029865
da60616b969 [Backport] Security bug 1044570
51012dcb3e6 [Backport] CVE-2020-6387 - Out of bounds write in WebRTC
6c4b486ce60 [Backport] CVE-2020-6389 - Out of bounds write in WebRTC
1c3145818e4 [Backport] CVE-2020-6420: Insufficient policy enforcement in media
4a01d3a4103 [Backport] Security bug 1031909
Change-Id: Ic6d76f64a82d3f5738c31a53cf7e0f3f37183767
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This pulls in the following changes:
ac97c98fc69 Restore -fno-delete-null-pointer-checks
ca787f956d8 [Backport] CVE-2020-6385 - Insufficient policy enforcement in storage
5887eeff3a3 [Backport] CVE-2020-6388 - Out of bounds memory access in WebAudio
5751c8f7214 [Backport] CVE-2020-6390 - Out of bounds memory access in streams
08bb21bc0ae [Backport] CVE-2020-6381 - Integer overflow in Javascript
18b9ecb1968 [Backport] CVE-18197 - Multiple vulnerabilities in XML
dcfdd7e5cac [Backport] Fix multiple CVEs and security bugs in sqlite
Change-Id: I4e175da43127c7a14f53c7ffcfda30bb715e050a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch aims to handle 3 deadlocks on exit:
(1) Do not attempt to restart Viz thread on shutdown,
this will make deadlock with no separate gpu thread,
since force shut down of FrameSinkManager requires
interaction with gpu process.
(2) QCoreApplication, QGuiApplication, QApplication
behave differently when doing qt post routine,
~QGuiApplication calls the post routine handler after
closing event dispatcher, which will on windows stop processing
timer events, which we need to pump message loop when
shuting down viz. Do not use QEventLoop and switch
to active pulling. The proper solution is to fix QGuiApplication
destructor to call post routine first, but this change might
have side effects on already existing user code.
(3) Since 7f1649b438329e we delete root frame sink asynchronously,
which will in gpu thread running in separate thread create a deadlock.
Viz requires gpu to destruct root frame sink, however if main process
tries to close gpu process this will in turn try close viz, but viz calls
back gpu now since the root frame sink is not destroyed.
Use the same solution as in (1).
Change-Id: Ic6bc904bdac90ee01a5c5b9398a2e2746be3bbd8
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Remove code duplication on triggering new url load, and use direct
code to clear SelectedText instead of CollapseSelection as it assumes
focused frame and might be ignored.
Fixes: QTBUG-81574
Change-Id: I01cf02967e118f407c8a3997e176d5b258478a5a
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls in the following changes:
c1be521d4b0 Create an AudioOutputIPCFactory even without WebRTC
35b6d2c4838 third_party perfetto: add missing include for clang, asan and no_pch
6c2cf4c4571 Fix access after move
86de069171e FIXUP: Fix building with g++ 5
5c2d377121c Suppress racy DCHECK
458aa4294db Fix generation of attribution documentation
a370b2f7a7e Don't force gpu process launch on macOS with vizdc and no GL
5b79320c013 Expose StoragePartitionImpl::InitNetworkContext
bbc3a3082b4 [Backport] Fix input spinner double-increment.
432e1a9b1a0 Suppress DCHECK triggered by NGInlineNode::ComputeMinMaxSize
caa20eed16d Add explicit dependencies on spellcheck buildflags
c3737fb3824 [Backport] metatrace: remove memset and trivial-ctor assumption
12a57d9c943 Fix recursive deadlock in sandbox::InitLibcLocaltimeFunctions
Change-Id: Id06aa2d5a148d3805ebd172ab21db2400f78f19a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Fixes: QTBUG-81783
Change-Id: I107a4009630dc261013498a05987c0e8e29651eb
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The size of QJsonDocument's binary format is well known and we don't
need the header to know what it is. This fixes the build with 5.15,
where the contents of the previous QJsonPrivate namespace are now
in QBinaryJsonPrivate.
web_channel_ipc_transport_host.cpp:148:51: error: 'Header' is not a member of 'QJsonPrivate'
Change-Id: Id7decde0c426479bbf61fffd15dcc5c20a9eca2c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
Profile interceptors run also on ui thread.
Change-Id: Iacfce46549e7ffd821033308077ba5f4fa410575
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Same as the widget fix:
ffdf7ece Fix widget accessibility on macOS
This patch depends on a focusChild() fix in qtdeclarative:
6420ad91d3 Fix QAccessibleQuickWindow::focusChild() to return focused descendant
Task-number: QTBUG-78284
Task-number: QTBUG-81539
Change-Id: If0da937d2c778a158ce02e1433b28ca0888692d8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Setting an empty string instead of "()" fixes that case where the file
input doesn't have "accept" attribute.
Task-number: QTBUG-82109
Change-Id: I8a72f819fa6d8bbab4e5f1067b38ad75ff11e118
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Ammends 445235bc01. Preserve some previous assumptions on order of
change events for url and title. Fixes flaky failures in previously
written tests like WebEngineViewSource::test_viewSource.
Fixes: QTBUG-81855
Change-Id: I487d27d594d5a0d74d39b7b58e815e5c75a73fb3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since 5.14.1, it is supported.
List restrictions on Linux and ways of explicitly disabling sandboxing
on all platforms.
Fixes: QTBUG-81688
Change-Id: I7f8fc08b921cc0e50056cc143cbf63b62be90b4e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed RootCompositorFrameSinks to be destroyed asynchronously (in
HostFrameSinkManager::InvalidateFrameSinkId) which means that one can still
exist during shutdown in GpuThreadControllerQt::destroyGpuProcess. This results
in a deadlock in single threaded GPU mode: in destroyGpuProcess we wait for the
viz thread to exit, but the FrameSinkManagerImpl on the viz thread will try to
destroy the RootCompositorFrameSink, which waits for work to be done on the
GPU=UI thread, which is waiting for the viz thread to exit.
Fix by destroying all RootCompositorFrameSinks before destroyGpuProcess.
Change-Id: I4cf135f29b90ae0bf78525d5747567dc10a775e6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |\
| |
| |
| | |
Change-Id: I5a856d3976581806e75b775c2f383c6e4ed35530
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulls in following changes:
* 3bbfff059e3 FIXUP: Support GPU service on UI thread with viz
* a9a20127e8a Improve jpeg headers handling
Change-Id: I0c81edbb24e984a798bb71444a4a6498a38abb38
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
macOS Accessibility queries the window for the focused accessibility
element. The window forwards the query to the widget with active focus.
This widget is the RWHVQtDelegateWidget if a web element is focused
in QWebEngineView. Therefore, a QAccessibleWidget interface has been
implemented for the RWHVQtDelegateWidget to forward the request to the
QWebEngineView.
The focused accessibility element expected to be returned by the
QAccessibleInterface::focusChild() method. In case of the macOS accessibility
backend, it is called by the accessibilityFocusedUIElement() NSAccessibility
API function. It expects the focused web accessibility element otherwise
VoiceOver won't focus properly.
The focused web accessiblity element is looked up by the new
BrowserAccessibilityQt::focusChild() method.
RenderWidgetHostviewQtDelegateWidget::focusChild() and
QWebengineViewAccessible::focusChild() methods have been also implemented
to forward it.
This patch depends on a focusChild() fix in qtbase:
a132e02540 Fix QAccessibleWidget::focusChild() to return focused descendant
Microsoft Narrator also uses focusChild() to query the current focused
element when it starts but it is still functional without this fix.
Task-number: QTBUG-78284
Task-number: QTBUG-81539
Change-Id: I3c4861e58622ccbb5046c60c4efcc19842400a88
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| | |
| |
| |
| |
| |
| |
| | |
Fixes: QTBUG-81521
Change-Id: I8ca82224cd834b667471d1e96a44430164d3669e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |\ \ |
|
| | |\ \
| | |/
| | |
| | | |
Change-Id: Ic2b5f2a3e6f5af56d92652e57c05a631481201b3
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pulls in the following change:
* 0f7953646c1 [Backport] Allow restricted clock_nanosleep in Linux sandbox
Change-Id: I317ff3c5f068577e2eb7e0a49820ec19f4eb5300
Fixes: QTBUG-81313
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: Ifb5f7c866c26746f989ab4e8c49c48bcbdb50077
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pulls in following changes:
* c68e3faa08f [Backport] CVE-2019-13735: Out of bounds write in V8
* c0a7f013646 [Backport] CVE-2019-13754: Insufficient policy enforcement in extensions. (1/3)
* 11f1bad3655 [Backport] CVE-2019-13754: Insufficient policy enforcement in extensions (2/3)
* 9df23a4c06e [Backport] CVE-2019-13754: Insufficient policy enforcement in extensions. (3/3)
* fd8cf772447 [Backport] Security bug 1028191
* 8417e835260 [Backport] Security bug 974375
* 046bd9f50b6 [Backport] Security bug 889276
* 5fc987f210c [Backport] Security bug 1033260
* 9f87a1ede7c [Backport] CVE-2019-13755: Insufficient policy enforcement in extensions.
* cb8bce9edb2 Fix compile issues for ios
* fb54428bc4c Fix crash on page allocator
* e687bc69cdc Fix properly not working about_credits target
* 41d474d0e7c [Backport] CVE-2019-13745 1/2
* 6cd2b35a453 [Backport] CVE-2019-13746 1/2
* e89fce7cfa3 [Backport] CVE-2019-13746 2/2
* b7ce677ea5c [Backport] CVE-2019-13745 2/2
Task-number: QTBUG-80735
Change-Id: I15be332ef55ede2d110e0ba87c54fa936fd0bf18
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pulls in security patches:
* 545b591cee6 [Backport] Security bug 1027905
* 9e44d0450c1 [Backport] CVE-2019-13747: Uninitialized Use in rendering.
* f32f09593b6 [Backport] Security bug 1025089
* 684a48706ad [Backport] Security bug 1016703
* ee0ec6e55f0 [Backport] CVE-2019-13757: Incorrect security UI in Omnibox (1/2)
* d5651e21821 [Backport] CVE-2019-13757: Incorrect security UI in Omnibox (2/2)
* 05833b160db [Backport] CVE-2019-13739
* 5e753a5b1d7 [Backport] CVE-2019-13738
Task-number: QTBUG-80735
Change-Id: Iad1afccce59ee09496e560f69d9dbe3743b29b06
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pulls in following patches:
* 8da0a5162d1 Downgrade ninja to 1.8.2
* b7034d08035 Add icudtl for ios build
* 9720a8a9863 [Backport] CVE-2020-6377
* 253d8a0fa71 [Backport] CVE-2019-13728: Out of bounds write in V8
* def05352967 [Backport] Re-land: Only invoke text and element fragment anchors after layout.
* 73ef65b5273 [Backport] CVE-2019-13741: Insufficient validation of untrusted input in Blink
* f49943cf837 [Backport] CVE-2019-13762: Insufficient policy enforcement in downloads.
* 5357f8ae628 [Backport] CVE-2019-13758: Insufficient policy enforcement in navigation.
* 5ca9a877b4b [Backport] CVE-2019-13761: Incorrect security UI in Omnibox.
Task-number: QTBUG-80735
Change-Id: If217ba889192cc124705faec79c46c9aec535baf
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | | |\
| | | |
| | | |
| | | | |
Change-Id: Ibc671c7a5ac4b070f3406c41598d071fd978e420
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Pulls in following security patches:
* cc309aa8518 [Backport] Avoid leaking GamepadService in tests
* b7e2744f519 [Backport] Fix for CVE-2019-13727
* 85d5ec666bd Reland [Backport] CVE-2019-13701
* 114a6d752f1 [Backport] Fix for CVE-2019-13730: Type Confusion in V8
* ad6efac8e5b [Backport] Fix for CVE-2019-13732: Use after free in WebAudio
* 446eda0fc43 [Backport] Fix for CVE-2019-13764: Type Confusion in V8
* 13e4a6f608c [Backport] CVE-2019-13734: Out of bounds write in SQLite
* 7d9eea8e630 [Backport] Security bug 1017020
* 3d5ac733f8b [Backport] Security bug 1017961
* 945f5405f3e [Backport] CVE-2019-13736
* 3299cadf406 [Backport] CVE-2019-13737
Task-number: QTBUG-80735
Change-Id: Iea135ae6c655046464470929296efb728e1286e4
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Due security changes to prevent url spoofing, our implementation
is getting extra invalidate url requests. Unfortunately, this breaks our
url handling, which now gets lots of new back and fort url changed signals and
make several unit test failures. After tedious investigation of Chromium
omnibox handing and trying out different approaches, it seems that
only sensible solution is to follow Chromium logic and make
NavigationStateChanged to update 'ui' in asynchronous matter.
This change tries not break any tests and simplify url handling.
The only side effect of this change is that WebEnginePage::setContent will
get extra 'url' signal of initial 'urlData' and later 'baseUrl' change
is emitted.
Fix one of qml tests which did not expect to have url on LoadStartedStatus.
Task-number: QTBUG-63388
Task-number: QTBUG-48995
Change-Id: Id347f4325c036e16bfae7bf2f694905e0f21f8d7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is essential when Chromium tries to load media files in multiple jobs
over custom protocols, like qrc. Allow subsequent jobs to continue reading
media files from specified positions to avoid media glitches and errors.
Task-number: QTBUG-80234
Change-Id: I9a7e98c0cb08b2399b7928ecf026c0deb90a1bcb
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Windows IME does not support hidden text therefore IME input is disabled
on password fields. The shortcuts are supposed to be overridden in input
fields. Checking the keyboard focus on an input field is done by
verifying if the IME is enabled. This won't work with password fields on
platforms where hidden text is not supported, so also check if the
Qt::ImhHiddenText IME hint is set.
Fixes: QTBUG-81206
Change-Id: I81870beb556a9dda67295496dad8b672fbc5eba2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |/
|/|
| |
| |
| |
| | |
Task-number: QTBUG-78284
Change-Id: Ie3bf247752308fb104ab0f244736bd3a8d070762
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The exported symbols in the helper process does not work when ltcg is
enabled, and we already disable the same for qtwebengine core.
Change-Id: Ia0b662bb64f368e77bdfcdc02e6f853525dda0b3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
TouchCancel events have an empty touchPoints() list, which first trips
when accessing touchPoints[0], and later on crashes Chromium if we pass
the empty list to m_touchSelectionController.
Rework handleTouchEvent() to route TouchCancel events like other touch
events, and make sure we pass a non-empty touchpoints list to Chromium.
Task-number: QTBUG-80893
Change-Id: Ie8396a1191f72b5bbb2b047f131794b37cfded48
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
| |
Was bool but it's really a string.
Change-Id: I79eace4892e8048212ce3296b28e342d72c43667
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-74602
Change-Id: I8ba358e03472e58c40363fede56e87dfd665ae83
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable sandboxing on Windows. Enable heterogeneous sandbox symbol
resolution and statically link the sandboxing code into the helper
process. This means we have two copies of the sandboxing code,
one statically linked in the executable and one in the shared
library. Since they are not exported they don't conflict, but
we need to take to initialize the right version in the helper process
binary, and pass its sandbox interface to shared library using it.
For sandbox debug output, we also need to initialize the second copy
of the commandlineparser and logging system.
Fixes: QTBUG-51170
Change-Id: I8f503c8d6b40674465f32772ef906817dad2b449
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
