| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6ae16282af..39aa0ea99a:
> CVE-2021-38022: Inappropriate implementation in WebAuthentication
> CVE-2021-38015: Inappropriate implementation in input
> CVE-2021-38019: Insufficient policy enforcement in CORS
> CVE-2021-38009: Inappropriate implementation in cache
> Dependency for CVE-2021-38009
> CVE-2021-38010: Inappropriate implementation in service workers
> CVE-2021-38005: Use after free in loader (3/3)
> CVE-2021-38005: Use after free in loader (2/3)
> CVE-2021-38005: Use after free in loader (1/3)
> CVE-2021-38007: Type Confusion in V8
> CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
> CVE-2021-38012: Type Confusion in V8
> Fixup for CVE-2021-38018: Inappropriate implementation in navigation
> CVE-2021-38018: Inappropriate implementation in navigation
> CVE-2021-38021: Inappropriate implementation in referrer
> CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
> CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
> CVE-2021-38001 : Type Confusion in V8
> Security bug 1252858
> CVE-2021-38003 : Inappropriate implementation in V8
> CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
> CVE-2021-37989 : Inappropriate implementation in Blink
> CVE-2021-37987 : Use after free in Network APIs
> Security bug 1245870
> CVE-2021-37992 : Out of bounds read in WebAudio
> CVE-2021-37993 : Use after free in PDF Accessibility
> Security bug 1241912
> CVE-2021-37984 : Heap buffer overflow in PDFium
> Fix build with Win10 21H1 SDK and Win11 SDK
Change-Id: Ie208cc60c8c65c37ddf0d727fe7e1e315e538255
Task-number: QTBUG-98400
Task-number: QTBUG-98401
Task-number: QTBUG-98523
Fixes: QTBUG-98522
Pick-to: 6.2 6.2.2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
C++20 deprecates [=]'s implicit capture of this, but [this] is
sufficient, anyway.
Pick-to: 6.2
Change-Id: I0e962d62b672883495da05abce12d7ea2f2b1020
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
Fixes (qdoc) warning: Can't link to 'Versionless commands'
Change-Id: Ia2940a3b244df57cdefe386734bdac0df18cd039
Reviewed-by: Venugopal Shivashankar <Venugopal.Shivashankar@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Fix spellchecker example and test to use new api.
Note we should not use qt6 prefix in cmake api in examples.
Change-Id: Ib800bf2b7bd83e10060fa01ccd8d4a262752e09b
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The call to nativeResourceForScreen can return egl native display
handle if called with "display", since it gets mapped to XLibDisplay
but egl device intergration can return EGLDisplay.
This is not the case for nativeResourceForIntegration.
Use new native QX11Application interface to query for display,
note there is not need to use nativeResourceForScreen for "display"
anyway since qt does not support multiple x connections to different
displays.
This fixes places where code queries "display" and bails out
if it is null.
Fixes: QTBUG-97472
Pick-to: 6.2 6.2.2
Change-Id: Ibc5f8f96e612389bfa24a81268202c9e47a7580b
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In Quick examples, providing any answer to ui::SelectFileDialog::Listener
results immediate destruction of FilePickerController and its m_isHandled
flag remains false before the controller is destroyed. An "unhandled"
controller calls reject() in destructor, so the controller will be
answered twice.
Pick-to: 6.2
Change-Id: Iaff5b0f4f54b0b11a447ac624f5652e592a88e6e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems accessing accessibility from qt post routines ends
badly since caches are gone already.
Add closingDown() function to web context, which is similar to
QCoreApplication::closingDown(), however return true on
post routine.
Guard delete accessibility calls.
Note the widget part is not necessary, but added for completeness,
since only qml can release profiles due to garbage collection.
Fixes: QTBUG-90904
Pick-to: 6.2 6.2.2 5.15
Change-Id: Ic0e7115cd17eb58f3d58f70fefbc197dfb7a6493
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
C++20 deprecates [=]'s implicit capture of this, but the replacement
[=, this] isn't available in C++17. So, need to bite the bullet and
list every captured variable manually.
Pick-to: 6.2
Change-Id: I47c62f9bf93e5d7b6c64cdbdac73bdcc9ecab8b5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
| |
Change-Id: Ifa2914e7bca9c224670a1891785d0ba8262cd61b
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
| |
|
|
|
|
|
|
| |
This should enable use of system DoH settings on macOS and Windows
Task-number: QTBUG-98284
Change-Id: Iab019e46341f55146224df6830bc7902db85ff40
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
| |
Fixes: QTBUG-92539
Pick-to: 6.2
Change-Id: Iece974e7b045bd793ceb8870f370803bf2524c33
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
The network-service isn't sandboxed anyway, so there is no added
security by the process separation.
Pick-to: 6.2 5.15
Fixes: QTBUG-84105
Change-Id: Ie3fbda26f0cf8f31166b37a8537b7e1b6d11b560
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to docs:
"You must call XkbQueryExtension or XkbOpenDisplay
before using any other Xkb library interfaces"
Task-number: QTBUG-97472
Pick-to: 6.2
Change-Id: I84c1bc49b077224a93d9f8d7a9ac29fe089de13e
Reviewed-by: Liang Qi <liang.qi@qt.io>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
| |
Pick-to: 6.2
Task-number: QTBUG-97836
Change-Id: If32e78144695cefd5ff6092bfd3b845c04891dd7
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
|
| |
|
|
|
|
|
| |
Fixes: QTBUG-97926
Pick-to: 6.2
Change-Id: I2abba9044d64765fca48d987c70494792529f6ca
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tooltips should disappear when chromium requests it and it is done by an
explicit call of QToolTip::hideText() (see QTBUG-64933).
This, however would also hide a custom "global" tooltip because the
custom tooltip event notifies QWebEngineView to remove its own tooltip
to avoid more than one in a window. The QWebEngineView's tooltip handler
was override and it resulted custom tooltips to hide themselves.
As a fix, remove the custom tooltip handler from QWebEngineView and hide
tooltips only if requested by Chromium.
Fixes: QTBUG-97897
Pick-to: 6.2
Change-Id: I976e49218ec975b10e2f155096f6aec124270fdc
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dict tool can be run during the build, therefore
copy just in case icu data file to tool application path,
so it does not require installation and can
run no matter if it is a prefix non prefix build.
Guard for webengine_system_icu since there is no icu file
in that case.
Remove awesome looking genex from examples.
Pick-to: 6.2
Change-Id: I2fd5ecf6c99ae1d003a1ac1c7bce2bb61a05f73f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QT_SUPERBUILD is never cached and user can run
only qtbase as super build and compile any other
module as separate module build, moreover this can be
also 'no prefix' build.
Fix missing checks to support that case and clean up
install of resources.
For mac framework builds copy bundle to right place
in case of 'no-prefix' builds.
Fixes: QTBUG-94604
Task-number: QTBUG-96375
Pick-to: 6.2
Change-Id: I4ab7d4fed2c2be93f2a048a510419849361883ba
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can configure webenigne repository with
FEATURE_qtpdf_build and FEATURE_qtwebegine_build
so make them public. The handling is still affected
by QTBUG-96936,however private vs public features
will most likely get better handling soon.
Fix build summary to better reflect build options.
Pick-to: 6.2
Change-Id: Ic6ef54a68b68d0f05c520a058665e6294efbe041
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 6b7b3f1b..6ae16282:
> [Backport] Security bug 1185801
> [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
> [Backport] CVE-2021-37973 : Use after free in Portals
Fixes: QTBUG-96907
Pick-to: 6.2
Change-Id: I90082480a6c69772a0563ffa86e76a14fab95b35
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-85043
Change-Id: Iecd2f5ae20fcf031937a1d44cc154f2e2a3ff52f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
If screencastEnabled preference is not found, ScreencastApp.ts defaults
it to true. This happens at the first start of a browser application.
Task-number: QTBUG-96942
Pick-to: 6.2
Change-Id: I15788737640cfe07c0016b31fc471906452aad1b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
With software compositing render thread of Qt's scene graph and Viz's
thread may hit the same mutex inside output surface during frame update.
Pick-to: 6.2
Fixes: QTBUG-97598
Change-Id: Ic02e161f7b16b22c9099b93f2b1a91e78347975f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Submodule src/3rdparty 202e34476..6b7b3f1bf:
> [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
> [Backport] sandbox: linux: allow clock_nanosleep & gettime64
> [Backport] Linux sandbox: update syscall numbers for all platforms.
> [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
> [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
> [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
> [Backport] Ease HarfBuzz API change with feature detection
> [Backport] CVE-2021-37975 : Use after free in V8
> [Backport] Security bug 1248665
> [Backport] CVE-2021-37976 : Information leak in core
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
> [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
> [Backport] Security bug 1215711
> [Backport] CVE-2021-37972 : Out of bounds read in libjpeg-turbo
> [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
> [Backport] Linux sandbox: return ENOSYS for clone3
> Bump V8_PATCH_LEVEL
> [Backport] Security bug 1238178 (2/2)
> [Backport] Security bug 1238178 (1/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
> [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
> [Backport] Security bug 1242257
> [Backport] CVE-2021-30632: Out of bounds write in V8
> [Backport] CVE-2021-30625: Use after free in Selection API
> [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
> [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
> [Backport] CVE-2021-30629: Use after free in Permissions
> [Backport] CVE-2021-30630: Inappropriate implementation in Blink
> [Backport] CVE-2021-30627: Type Confusion in Blink layout
> [Backport] Linux sandbox: fix fstatat() crash
> [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
> Revert "Fix sandboxed font rendering with newer glibc"
> breakpad: fix build with glibc-2.34
> abseil-cpp: fix build with glibc-2.34
> Fix QtWebEngine build with clang-cl
Fixes: QTBUG-96907
Change-Id: I2d35c7a9deef9124189290219efbac2c9807d449
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit b55ebadc3013e7f197cde1d2054002b34898ae6c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
| |
|
|
|
|
|
|
|
| |
The nodiscard values can be Check()ed.
Pick-to: 6.2
Change-Id: I9ee38ca3404c4013c6cda6d3d0833529c2b59105
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I4e659dffa119a8c9f41a266cd71e9afb9c36362e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
The only not cover part in cmake port are:
* ios builds for qtpdf
* qt static dependecies for qpdf
Pick-to: 6.2
Change-Id: Iefe624c35d847b4a9c3cd970192487340b1657f9
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
| |
If called without args print versions.
Pick-to: 6.2
Change-Id: Id34179a099e9d53111a6638f0cddadcb401e61e5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A bug in QtBase breaks downloading files into a root directory
on Windows (eg. C:\): QTBUG-85997
Check if the "non-existent" directory is an existing drive and do
not cancel the download in this case.
Fixes: QTBUG-96855
Pick-to: 6.2
Change-Id: Icf0e472df723fc4f6ad36f4560509aafa69e3582
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pinch gesture on a touchpad is expected to zoom-in and zoom-out. It has
been broken since the pinch gestures are routed because for routing the
event target has to be found. The event target is only tried to be found
on a pinch begin gesture.
As a fix, handle Qt::BeginNativeGesture and Qt::EndNativeGesture events
too.
Fixes: QTBUG-96930
Pick-to: 6.2 5.15
Change-Id: Ic8fe5bee933b5e0fbc8f5ba6234363a0a625648d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
Pick-to: 6.2 5.15
Task-number: QTBUG-96849
Change-Id: I0e0a1530b8b31341c632a1fd00abd339b5152da0
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Call qt_internal_return_unless_building_tools() directly after
qt_internal_add_tool() to avoid having to special-case code for when
this function only creates imported targets in cross-builds.
Task-number: QTBUG-85084
Change-Id: If43de0acd45b53032cae25ce0062c390e3f7abf2
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
We invalidate the weak pointer factory before waiting on the error
callback, meaning it will never come.
Pick-to: 6.2 5.15
Task-number: QTBUG-96928
Change-Id: Ia5091f7398e79f835ce34dfd48f3c36859382b53
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Struct _XkbRF_VarDefs for XkbRF_GetNamesProp needs special cleanup
logic, but it's currently missing from API:
https://gitlab.freedesktop.org/xorg/lib/libxkbfile/-/issues/6
Workaround it with manual deinitialization.
Pick-to: 6.2
Change-Id: I3ebe20f58199277521b31b2cd8034c92fd1f2b7f
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
| |
XRRMonitorInfo struct is supposed to be cleaned-up after getMonitors
with a separate call to freeMonitors.
Pick-to: 6.2 5.15
Change-Id: Iacc296d1f5e434a1d52798fe09d57833660b7952
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
| |
We can't recover from a failure to post
Change-Id: I6a5addf7346e36112e16878e3173048cf85fb7b5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.2
Change-Id: Ic1c25724ea2d6c2241ab2665703380002efae8c3
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
There is no derived class from UIDelegatesManager any more.
Pick-to: 6.2
Task-number: QTBUG-93666
Change-Id: I7316e7e37f1f5f5a40d0f2ea71344f093ab5ad1b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
| |
Not sure this is actually used. Discovered in static analyzer
Pick-to: 6.2
Change-Id: I1c143002e5da1ec809887626e348ea08a74b3715
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
| |
Do not call the copy to selection with the unique data source pointer.
Pick-to: 6.2
Change-Id: Ie2c60e3efd2eb4e634bf95f8bdbe1ba8f1f89301
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I5b242bc27f27a844d9d2fe0725e2a1f48e50b25b
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
WebChannel was not working in ApplicationWorld with JavaScript disabled
in MainWorld, because WebChannelIPCTransport::DidClearWindowObject() is
called only when the window object was cleared in the main world. Moving
the WebChannelTransport installation logic to DidCreateScriptContext()
works in other worlds, so fixes the problem.
Task-number: QTBUG-88875
Pick-to: 6.2
Change-Id: Ia75613b66a1e049f617f0664684b153b6875e9de
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
In case of ozone x11 backend we need x11, which
is pulled by use_webrtc_x11, however in case of no
webrtc build we lack x11 dependency.
Add missing dependency.
Change-Id: I19eada846115073251cdf85ce1fabd4d1d2baf2e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
(cherry picked from commit 630062f1189b95689e28e40c5c76d95d3214d123)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
licenses.py takes the value of the URL attribute directly from
Chromium's license attribution files, and uses it as a link
target for QDoc's \l command.
Some of the URLs are not valid, however. Add \externalpage entries
for the invalid ones to either direct to the correct URL or to
expand to an empty '#' link.
Pick-to: 6.2
Change-Id: I06e9c54bceb5465c89de115cb8cd8aa0e75e9c51
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
|
| |
|
|
|
|
|
|
| |
Was missing the calls to the qt cmake standard methods for that.
Pick-to: 6.2
Change-Id: I47507c6fa89b7f3e66fe4eb7526f6fb6074f2293
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
| |
Pick-to: 6.2
Change-Id: I70a491617faff31901162cb382b388a7594816fa
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
QtBase should be disabling it now, if not supported.
Pick-to: 6.2
Change-Id: I79bae11764d3cbaba1ae1e0987bf0a472eee3325
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
|
| |
|
|
|
|
|
|
| |
Unfortunately it requires manual updating, unless we agree on a separate
place to store it.
Change-Id: Ib150afec05005b05b254ef5aeb143f5187ea969d
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
| |
Pick-to: 6.2
Fixes: QTBUG-96002
Change-Id: Ib7434b568ffa0ad7998eaf66a8d989fc3cd2aa1d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The error is:
CMake Error at src/CMakeLists.txt:166 (add_dependencies):
Cannot add target-level dependencies to non-existent target
"run_core_GnReady".
Change-Id: I8adc3a90d18fc0edab39ba9a37eaf3e18636b30e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit d8bf7df001670b879492743cd4431c5956708653)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
|
