| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The function signature changed though the ABI stayed the same.
Change-Id: I86ca361b5e4f0c523e1031910df438c23beee876
Fixes: QTBUG-77037
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
(cherry picked from commit b84e8682b312fb16b16ffb9591415067ceae69f8)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
The compiler crashes when trying to resolve a compile time division.
We can avoid it being compile-time by making the function producing the
numbers non-inline.
Change-Id: I152c4955ef974c7b45bb1f42d5ce8c55b9a2d7cc
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already cleared the thumbnails from persistent storage, but they
remained in the in-memory cache, so they remained accessible (until the
next Chrome restart) even after all browsing data was cleared.
Bug: 758169
Reviewed-on: https://chromium-review.googlesource.com/758640
Commit-Queue: Marc Treib <treib@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514861}
(CVE-2018-6053)
Change-Id: I4d35f2935f836237ed5d1fd7cf10264046bf8775
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=441275
R=tsepez@chromium.org,mkwst@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/768367
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#516666}
(CVE-2018-6051)
Change-Id: I528f4f40ced3ae1dd8b852089aeb7079462fa2cf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=763194
R=estark@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/732652
Reviewed-by: Emily Stark <estark@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511211}
(CVE-2018-6048)
Change-Id: Ia3ff201c9382a8cd71a937ad8434ce9838fc35f8
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Map Malaylam U+0D1F to 's'.
2. Map 'small-cap-like' Cyrillic letters to "look-alike" Latin lowercase
letters.
The characters in new confusable map entries are replaced by their Latin
"look-alike" characters before the skeleton is calculated to compare with
top domain names.
TBR=jshin@chromium.org
(cherry picked from commit b3f0207c14fccc11aaa9d4975ebe46554ad289cb)
Bug: 784761,773930
Test: components_unittests --gtest_filter=*IDNToUni*
Reviewed-on: https://chromium-review.googlesource.com/805214
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#521648}
Reviewed-on: https://chromium-review.googlesource.com/852973
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#421}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6042)
Change-Id: Ie3bf95a49aacda093e5e8f91e44c0a8a7dda08f0
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first patch is a re-upload of
https://chromium-review.googlesource.com/c/chromium/src/+/646754
The follow-up patches will add some modifcations on how we preview
username and password suggestions.
The suggestions will be in black text, and the password suggestions
should be hidden behind dots.
Bug: 753645
Tbr: tkent@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/702056
Commit-Queue: Sebastien Seguin-Gagnon <sebsg@chromium.org>
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Reviewed-by: Roger McFarlane <rogerm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509961}
(CVE-2018-6037)
Change-Id: I3b3ac18726598a3150329d5838d6811d5975d70f
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
U+0131 (doltess i) and U+0237 (dotless j) are blocked from being
followed by a combining mark in U+0300 block.
Bug: 774842
Test: See the bug
Reviewed-on: https://chromium-review.googlesource.com/767888
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517605}
(CVE-2018-6050)
Change-Id: Ib2dce153bc81de78a9f6b5d867d3729a4c2d3985
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=797511
TEST=Manually, see https://crbug.com/797511#c1
TBR=rob@robwu.nl
(cherry picked from commit 90585e657db48f93bd73bc45d4caa975323da41b)
Reviewed-on: https://chromium-review.googlesource.com/844076
Commit-Queue: Rob Wu <rob@robwu.nl>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#526197}
Reviewed-on: https://chromium-review.googlesource.com/874471
Reviewed-by: Rob Wu <rob@robwu.nl>
Cr-Commit-Position: refs/branch-heads/3282@{#541}
(CVE-2018-6054)
Change-Id: I4ae431b43251c018e21442551acc36e9b9e1caa3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's a legacy keyword that was accidentially removed
BUG=615608
R=estark@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/772234
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517114}
(CVE-2018-6052)
Change-Id: Ib528e23ec90e578072c358ee32bc0188a05ef85f
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The WebGL exception message text contains the full URL of a blocked
cross-origin resource. It should instead contain only a generic notice.
Bug: 799847
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/854986
Reviewed-by: Brandon Jones <bajones@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Commit-Queue: Eric Lawrence <elawrence@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#528458}(cherry picked from commit fae4d7b7d7e5c8a04a8b7a3258c0fc8362afa24c)
Reviewed-on: https://chromium-review.googlesource.com/868831
Reviewed-by: Eric Lawrence <elawrence@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#509}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6047)
Change-Id: Id9970811725002071e0ec7d47a1a1ff51be0504c
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL makes sure we don't delete the pending NavigationEntry when
RenderFrameHostManager::GetFrameHostForNavigation is called following a
call to NavigationController::NavigateToEntry.
BUG=796135,760342
Reviewed-on: https://chromium-review.googlesource.com/867030
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#529954}(cherry picked from commit 4820ab1967e126c20c98e00606ee4648f071f62f)
Reviewed-on: https://chromium-review.googlesource.com/876362
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#549}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6040) [3/3]
Change-Id: I840e945db73a06cac5cd704c4241826dc75fa61d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL fixes an issue where we would attempt to discard a pending
NavigationEntry when a cross-process navigation to this NavigationEntry
is interrupted by another navigation to the same NavigationEntry.
BUG=760342,797656,796135
Reviewed-on: https://chromium-review.googlesource.com/850877
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Camille Lamy <clamy@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#528611}(cherry picked from commit 5cd363bc34f508c63b66e653bc41bd1783a4b711)
Reviewed-on: https://chromium-review.googlesource.com/875944
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#548}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6040) [2/3]
Change-Id: I27ac1fdb0b4c0d5b680a06169dc06bbe7b524f3a
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL fixes a security issue where a website could succeed in spoofing the
URL of a cross-process navigation by issuing an endless loop of JavaScript
navigations. When the cross-site navigation was ready to commit, a
renderer-initiated navigation would start, causing the deletion of the
speculative RenderFrameHost. However, we would not update the visible URL for
the tab, even though the load of the cross-site navigation had stopped (due to
the deletion of the speculative RFH). This CL ensures that the pending
NavigationEntry is deleted in that case.
BUG=760342
Reviewed-on: https://chromium-review.googlesource.com/808924
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522231}(cherry picked from commit 372343377dfdc9736630ba80887bab27e047f4e6)
Reviewed-on: https://chromium-review.googlesource.com/876342
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#547}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6040) [1/3]
Change-Id: I1cc18d069095af30674b1e5b8fd2eb8676949b70
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
inherited CSP
When inheriting the CSP from a parent document to a local-scheme CSP,
it does not always get propagated to the PlzNavigate CSP. This means
that PlzNavigate CSP checks (like `frame-src`) would be ran against
a blank policy instead of the proper inherited policy.
Bug: 778658
Reviewed-on: https://chromium-review.googlesource.com/765969
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518245}
(CVE-2018-6040)
Change-Id: Iaa11f67f950fc58c213a5f2c09ffeae41d5f8dac
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PREMULTIPLY_ALPHA.
BUG=774174
TEST=https://github.com/KhronosGroup/WebGL/pull/2555
R=kbr@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/808665
Commit-Queue: Zhenyao Mo <zmo@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522003}(cherry picked from commit 9b99a43fc119a2533a87e2357cad8f603779a7b9)
Reviewed-on: https://chromium-review.googlesource.com/814698
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#75}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6038)
Change-Id: I01bd0d359c985f1148128d17ea593f5d32e05943
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sections in WebAssembly.Module.customSections()."
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
BUG=chromium:789952
This is a reland of 163c1c82622f09f64fe7c3a1c93f81b566200493
Original change's description:
> [wasm] Gracefully handle malformed custom sections in WebAssembly.Module.customSections().
>
> R=clemensh@chromium.org
> BUG=chromium:789952
>
> Change-Id: Ida627fa6cdeacff01a0ec4d20e58281f17528010
> Reviewed-on: https://chromium-review.googlesource.com/800941
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49767}
Bug: chromium:789952
Reviewed-on: https://chromium-review.googlesource.com/803575
Commit-Queue: Ben L. Titzer <titzer@google.com>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#49796}(cherry picked from commit b6ca58e57ec6b1d66c68d9f61eab87c3ca5f6c6c)
Reviewed-on: https://chromium-review.googlesource.com/808225
Cr-Commit-Position: refs/branch-heads/6.4@{#5}
Cr-Branched-From: 0407506af3d9d7e2718be1d8759296165b218fcf-refs/heads/6.4.388@{#1}
Cr-Branched-From: a5fc4e085ee543cb608eb11034bc8f147ba388e1-refs/heads/master@{#49724}
(CVE-2018-6036)
Change-Id: If66cdf7ef532543acc147743d0ce3a5ac0549120
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=784183
TEST=test case in the bug in ASAN build
R=<U+200B>kbr@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/811826
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Commit-Queue: Zhenyao Mo <zmo@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522213}(cherry picked from commit 3298d3abf47b3a7a10e44c07d821c68a5c8aa935)
Reviewed-on: https://chromium-review.googlesource.com/815775
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#80}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
(CVE-2018-6034)
Change-Id: I18da82e2b063350caf56add656cd85a97537f8ae
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BoringSSL cherry-picks a little complex due to generated files spanning
two repositories. (We'll need to come up with a better story here...)
This is the result of running generate_build_files.py at this revision:
https://boringssl.googlesource.com/boringssl/+/a20bb7ff8bb5057065a2e7941249773f9676cf45
Conveniently, all affected files in this commit are Chromium-side, but
I'll do a DEPS update too, just to keep it all in sync.
Bug: 793030
Reviewed-on: https://chromium-review.googlesource.com/820333
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#145}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
Change-Id: I6fea7106d5d1a667bb48cd90da54289339296cab
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When one download overwrites another completed download, calling download.open in the old download causes the new download to open, which could be dangerous and undesirable. In this CL, we are trying to avoid this by blocking the opening of the old download.
TBR=shaktisahu@chromium.org
(cherry picked from commit a8d6ae61d266d8bc44c3dd2d08bda32db701e359)
Bug: 793620
Reviewed-on: https://chromium-review.googlesource.com/826477
Reviewed-by: David Trainor <dtrainor@chromium.org>
Reviewed-by: Xing Liu <xingliu@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/849195
Reviewed-by: Shakti Sahu <shaktisahu@chromium.org>
(CVE-2018-6033)
Change-Id: Ia7d2ea6f904cbef2df734479ad2731bea3b8450b
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When traversing the |deferred_page_unloads_| list and handling the
unloads it's possible for new pages to get added to the list which will
invalidate the iterator.
This CL swaps the list with an empty list and does the iteration on the
list copy. New items that are unloaded while handling the defers will be
unloaded at a later point.
Bug: 780450
Reviewed-on: https://chromium-review.googlesource.com/758916
Reviewed-by: Lei Zhang <thestig@chromium.org>
(CVE-2018-6031)
Change-Id: I259aec91d0006c6a3fa9fb4255b506fa2d12f113
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a problem where performance.now or Date.now can in rare cases
move slightly backwards due to a loss of arithmetic precision.
BUG=801341,799127,798964
TBR=skyostil@chromium.org
(cherry picked from commit 874bac6e00e5b0b5fe291cc51518e5fd1e83c69d)
Reviewed-on: https://chromium-review.googlesource.com/867062
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#529407}
Reviewed-on: https://chromium-review.googlesource.com/882783
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#588}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
Change-Id: If5bdc9933373cf320e9cf2efe8141275ef8c40c4
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
The feature is default on at run-time and we don't use it.
Change-Id: Ie08fbe52f92165c2361abc882b2cd60cf3bd38eb
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reduces the resolution of performance.now() from 5us to 100us
and adds pseudorandom jitter on top.
TBR=skyostil@chromium.org
(cherry picked from commit a77687fd89adc1bc2ce91921456e0b9b59388120)
Authors: Ross McIlroy <rmcilroy@chromium.org>, Sami Kyostila <skyostil@chromium.org>
Bug: 798964
Reviewed-on: https://chromium-review.googlesource.com/849993
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#527008}
Reviewed-on: https://chromium-review.googlesource.com/853505
Reviewed-by: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#439}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
Change-Id: Ia7e1171e1505ddc73cb5356fcc0aac2466f49e08
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-64726
Change-Id: Ia4c3f535a43212b01a93f879b7585339b356b732
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:798864
R=jschuh@chromium.org,binji@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/849429
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Justin Schuh <jschuh@chromium.org>
Reviewed-by: Darin Fisher <darin@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#527460}
Reviewed-on: https://chromium-review.googlesource.com/852902
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#431}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
Change-Id: I6ab4bbfb64de8dda536b652c7575baf5d8a4060c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current script mixing policy (moderately restricitive) allows
mixing of Latin-ASCII and one non-Latin script (unless the non-Latin
script is Cyrillic or Greek).
This CL tightens up the policy to block mixing of Latin-ASCII and
a non-Latin script unless the non-Latin script is Chinese (Hanzi,
Bopomofo), Japanese (Kanji, Hiragana, Katakana) or Korean (Hangul,
Hanja).
Major gTLDs (.net/.org/.com) do not allow the registration of
a domain that has both Latin and a non-Latin script. The only
exception is names with Latin + Chinese/Japanese/Korean scripts.
The same is true of ccTLDs with IDNs.
Given the above registration rules of major gTLDs and ccTLDs, allowing
mixing of Latin and non-Latin other than CJK has no practical effect. In
the meantime, domain names in TLDs with a laxer policy on script mixing
would be subject to a potential spoofing attempt with the current
moderately restrictive script mixing policy. To protect users from those
risks, there are a few ad-hoc rules in place.
By switching to highly restrictive those ad-hoc rules can be removed
simplifying the IDN display policy implementation a bit.
This is also coordinated with Mozilla. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1399939 .
BUG=726950, 756226, 756456, 756735, 770465
TEST=components_unittests --gtest_filter=*IDN*
Reviewed-on: https://chromium-review.googlesource.com/688825
Reviewed-by: Brett Wilson <brettw@chromium.org>
Reviewed-by: Lucas Garron <lgarron@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
(CVE-2017-15424, CVE-2017-15425, CVE-2017-15426)
Change-Id: I8a79bf804c911c354a14dba34d7915c3e93ea59f
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a DnsTransaction finishes synchronously, it posts a task to run its
callback. In the meantime, DnsAttempts can keep running, and if a TCP
attempt starts, it will delete all the previous attempts. Then the
callback will run and use an attempt which was just deleted.
This fix is designed to be easy to merge to branches.
Bug: 788131, 793099
Change-Id: I768418dfdff70f88454b6daa9c6f4b8b0639619a
Reviewed-on: https://chromium-review.googlesource.com/817681
Reviewed-by: Julia Tuttle <juliatuttle@chromium.org>
Commit-Queue: Miriam Gershenson <mgersh@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#522883}(cherry picked from commit 9069772b10e2796e4a09d6248a81b3c4ea4506d5)
Reviewed-on: https://chromium-review.googlesource.com/822891
Reviewed-by: Miriam Gershenson <mgersh@chromium.org>
Cr-Commit-Position: refs/branch-heads/3239@{#664}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to a copy-paste error, the call to |left_shift_3| is missing after
reducing the password scalar in SPAKE2. This means that three bits of
the password leak in Alice's message. (Two in Bob's message as the point
N happens to have order 4l, not 8l.)
The “correct” fix is to put in the missing call to |left_shift_3|, but
that would be a breaking change. In order to fix this in a unilateral
way, we add points of small order to the masking point to bring it into
prime-order subgroup.
BUG=chromium:778101
Reviewed-on: https://boringssl-review.googlesource.com/22445
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
(CVE-2017-15423)
Change-Id: I3773de57a4437ccbf30e8beea5ddad0aa52c64f0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream CL is at https://ssl.icu-project.org/trac/changeset/40654 .
Previously, only a part was cherry-picked.
Bug: 774382
(CVE-2017-15422)
Change-Id: Ia8155248313fe0cfa4e82c2b3ac7280ff622b871
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
| |
Bug: 774382
Test: See the bug
(CVE-2017-774382)
Change-Id: I587754fe6664c5486fa4569d6299579c71abe523
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Bug: 779314
Reviewed-on: https://chromium-review.googlesource.com/747725
Reviewed-on: https://chromium-review.googlesource.com/754084
(CVE-2017-15416)
Change-Id: I2bac7f52e8650da5b14e91b9a68e7e8a1e83f848
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
BUG=765512
Reviewed-on: https://chromium-review.googlesource.com/679441
(CVE-2017-15415)
Change-Id: I1c73afb2030d088243788b9c1819d19c75e55bfb
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SetVisible() may be called during Destroy() which may be called
during SetVisible().
This fixes the latest in a family of bugs that happen after an
instance is freed by code triggered by JS code while it's executing
a method.
The CL has a lot of protection for many of these points where JS
may be executed and potentially destroy objects. The return types
of many methods that may execute JS have been changed to bool,
indicating whether the instance is still alive after the call.
Bug: chromium:770148
Reviewed-on: https://pdfium-review.googlesource.com/15190
(CVE-2017-15411)
Change-Id: Id0f24bcd6d0d8ee482a03e5490e2eb91c9ae123d
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a widget has focus set, this can trigger an Invalidation call which
can trigger a page and annotation reload. This reload can destroy the
current widget we're handling.
This CL adds ObservedPtrs as needed so we can make sure the widgets are
still alive after we've done the Invalidation.
Bug: chromium:765921
Reviewed-on: https://pdfium-review.googlesource.com/14290
(CVE-2017-15410)
Change-Id: Ic7420bf80e42db4d2f76b3ae0408b0692b2bd64c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is no longer necessary after r477371.
BUG=777419
TEST=See bug for repro steps.
TBR=creis@chromium.org
(cherry picked from commit 56a84aa67bb071a33a48ac1481b555c48e0a9a59)
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Reviewed-on: https://chromium-review.googlesource.com/733959
Reviewed-on: https://chromium-review.googlesource.com/751765
(CVE-2017-777419)
Change-Id: I8852101950d5e9911a058307d4f612a4960769bc
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subframes
We only want to record resource timing for the load that was initiated
by parent document. We filter out subsequent navigations for <iframe>,
but we should do it for other types of subframes too.
TBR=japhet@chromium.org
Bug: 780312
Reviewed-on: https://chromium-review.googlesource.com/750487
Reviewed-on: https://chromium-review.googlesource.com/753205
(CVE-2017-780312)
Change-Id: I0da5e29204783f458b098d8425fcf5f88b777c38
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We no longer need to look at the field snugRB except to check for the
simple no-pixels case. This is good, because our snugRB <= ramRB check
is actually too weak, and is the source of this linked Chromium issue.
BUG=chromium:765858
Instead of doing complicated checks against that stored snugRB and the
computed ramRB, we now just ignore snugRB. We know the images written
by write_row_bytes() will be snug, so we can just look at width, height,
and color type to figure out exactly how many bytes we should be
reading.
Then it becomes the call to readByteArray()'s responsibility to make
sure that we have an array there of exactly that many bytes to read.
We've just got to make sure we check for its failure.
Reviewed-on: https://skia-review.googlesource.com/50800
(CVE-2017-15418)
Change-Id: I39d04a7205dc7c4f59838fc53005ebb74181adbd
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
| |
Bug: skia:
Change-Id: I2606cb6d4d41db1b568c5182483abdd05d12afda
Reviewed-on: https://skia-review.googlesource.com/26304
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align by 4 safely before calling malloc.
BUG=chromium:763972
Reviewed-on: https://skia-review.googlesource.com/49760
(CVE-2017-15409)
Change-Id: I04d2feacc20b9b0eaa4921c6e0378fcad88fcd42
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=778505
TBR=rch@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/748282
Reviewed-on: https://chromium-review.googlesource.com/755001
(CVE-2017-15407)
Change-Id: Ia563451918e62e5d81d24f1d47c40c5210bb840e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What essentially happens is that the main thread is waiting for all
other threads end, whereas an IO thread tries to recreate the
in-process GPU thread, fails, tries again, fails and so on.
The fix is to move the condition that checks that the application main
loop has not finished, earlier.
Task-number: QTBUG-65239
Change-Id: I5800d19b986657a249b1f672c95297d01f8dc11b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
The old flags for ignoring unknown options were needed in cflags not in
cflags_cc.
Change-Id: Ie90d00397119872d13696246b6f4878533519686
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
| |
Do not let some be for remote fetching only.
Change-Id: I33efd366b957396a746f7bb14bd0a6977ed93b9e
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
| |
Add 'name-sanitized', 'license-type' placeholders
Task-number: QTBUG-64799
Change-Id: Icdc71725acfe22070a8372eed035314ff2910399
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
"cause the night is crap and full of warnings"
Change-Id: Ic391ac12428c23ccfde8bc4aa5eaa0fa64235ff3
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
renderer dies
Without this a DCHECK fires when the new process re-sends these flags.
Originally added in https://chromium-review.googlesource.com/c/chromium/src/+/562616
R=JAM
BUG=754515
Reviewed-on: https://chromium-review.googlesource.com/630243
Task-number: QTBUG-58698
Change-Id: Ia0bfe31be092e44d09ba83c717e1d7892dd5dfc1
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
With the remote inspector, the internal server creates the clients, and
we in the external API does not know the client. The devtools agent host
impl does however know all the sessions, and when there can be only one
it can figure it out.
Change-Id: I55a79cc90d39e6203d74a63ce86575599fe58232
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
| |
Change-Id: I19e348aa999b5b3c7b44008c1d351e40b2557a3f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Task-number: QTBUG-64759
Change-Id: Ifd366e496ce08365f63216943f93864fc285b8b0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|