| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2056850:
Merged: [heap] Fix data race in Sweeper::MakeIterable
Revision: 31d36add8c5970078feba27b9791033aee107b2f
BUG=chromium:1040700
Change-Id: If3d88e1c93b5b2e9c07fb3e51f0a5ff00573e130
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Range-based for is undefined if the container is modified while being
iterated over.
Detected by MSVC.
Change-Id: Id5e530160cd30bb3e0c7ec24837bd4db60d1795b
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update sqlite to include several bug fix backports.
Fixes the following security bugs:
* CVE-2019-19926 Inappropriate implementation in SQLite
* CVE-2020-6405 Out of bounds read in SQLite
* CVE-2019-19923 Out of bounds memory access in SQLite
* CVE-2019-19925: Multiple vulnerabilities in SQLite
* Security bug 1033461
Change-Id: I8da8585cad43e9b8656645c054d6cf6cbebc2a1a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/1998984
and https://chromium-review.googlesource.com/c/chromium/src/+/1906950
Roll libxml2 and libxslt
M-80 merge
The new libxml git hash is a7fe7ee45938c53a8dd028dd40baa461191a2fd2
The new libxslt git hash is 3653123f992db24cec417d12600f4c67388025e3
Unfortunately we don't have the old hashes.
Some xslt template's were updated because the new version of libxslt
requires a MATCH or TEST attribute for a template tag. This is per spec.
(cherry picked from commit 6718c0cd782a6360f819133a945b898fe9e4859f)
Bug: 1020745
Change-Id: I6c43aa29ec4e1bca92c2891b2f310476e703e328
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/1992424:
Merged: [arm] Fix constant pool hickup for huge table switch
The {cmp} instruction might add an entry to the constant pool at a time
where we didn't expect any entries to be added.
This can be fixed by moving the {CheckConstPool} call *after* the {cmp}.
TBR=mslekova@chromium.org
(cherry picked from commit 2d89d8a92685cfa0df8724a0ae057d97ff4b2fec)
Bug: chromium:1034394
"
Change-Id: I37f46321b30220ce9823625267ef5c77c9d76860
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2025573:
Move ReadableStream requests onto the stack before iteration.
This might be subject to concurrent modification by script.
(cherry picked from commit 12310ed05f15fea5fa6824c6a6b5d86f81532e25)
Bug: 1045874
Contributed-by: Sergei Glazunov <glazunov@google.com>
Change-Id: I24263327e67e7799df6de3b7592ac641ddf6cfcf
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2011132:
Always allocate extra space for alignment of AudioArrays
Instead of trying an allocation to see if it's aligned, just always
allocate extra space for alignment. We waste a bit of space, but this
should not be huge. Arrays are typically at least 128 floats or more
(the render size), and we need 16-byte alignment so we'll only waste
3% worst case. This simplifies the algorithm too.
This means we don't need the static int that leads to data races.
(cherry picked from commit 7760babc3a1cf49af1f12bad772abfdab2dcbfd8)
Bug: 1042879
Change-Id: I8b820a207d13ebb0680c67bae60f4db2a45700b4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch orginally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/1975165:
Introduce ChildProcessSecurityPolicyImpl::Handle.
Merging to M80 branch
This change introduces a Handle object so that Mojo services can
preserve the security state beyond the lifetime of the
RenderProcessHostImpl object. This allows consistent security
checks to occur even during the period when the renderer process is
shutting down and there are still pending Mojo operations in flight.
This will be used to remove all remaining uses of
ChildProcessSecurityPolicyImpl::HasSecurityState() in follow-up CLs.
- Implements new Handle object that allows security checks to provide
consistent results after ChildProcessSecurityPolicyImpl::Remove() is
called.
- Convert blob code to use Handle instead of the HasSecurityState()
workaround.
This is an updated version of https://crrev.com/c/1534368 . Further
discussion of the history and reasons for this CL can be found there.
(cherry picked from commit 4fcbe415172be634fee82ecb300e50f67b27f0b1)
Bug: 1035399, 943887
Change-Id: I8967936cc894f8f66168abed8a8a2387bf3a5c20
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit https://chromium-review.googlesource.com/c/chromium/src/+/1294449
removed this in an apparent brainfart when it was first moved from gcc to clang,
then removed from the patch alltogether.
This exposed an issue with a nullptr check in logging that has been fixed.
Task-number: QTBUG-77671
Change-Id: I59677ed997da4278c01676b01950c0ea03c67126
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
(cherry picked from commit 32e459f495dc0475cdc1703514a257b45ccd3d84)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QtWebEngineProcess overrides the C library's localtime* functions by redefining
the symbols in src/process/main.cpp and then using dlsym(RTLD_NEXT, ...) to
fetch the original symbols in //sandbox/linux/services/libc_interceptor.cc. The
functions InitLibcLocaltimeFunctions{,Impl} use pthread_once to guarantee that
this symbol resolution happens only once.
If dlsym fails, for example because the C library is earlier in the search path
than QtWebEngineCore, then InitLibcLocaltimeFunctionsImpl tries to print an
error message with LOG(ERROR). However, printing a log message involves also
printing the timestamp in the local time zone, using, of course, localtime_r.
Thus, InitLibcLocaltimeFunctions depends on localtime_r depends on
InitLibcLocaltimeFunctions, and we get a deadlock due to the recursive use of
pthread_once.
This deadlock happens only for utility processes and not for zygotes or
renderers, since the latter proxy the localtime* calls back to the main process.
(See service_manager::ZygoteMain, where the first function call is to
sandbox::SetAmZygoteOrRenderer, and compare with content::UtilityMain)
Task-number: QTBUG-82186
Change-Id: I32009e8482b2634c47082a4c89393dc61c22507e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out that on MSVC std::atomic<int> is not trivially constructible
(although I think is still a plain old int, it just fails the check).
Fall back on resetting each element individually.
Thankfully the compiler can see through and eventually figures out
it can do a memset: https://godbolt.org/z/wMre8O
Bug: chromium:1010616
Fixes: QTBUG-82272
Change-Id: I971ff888306d6bdbaf6e6b886f9ca506ddc1b30a
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
| |
We use the buildflags even when we don't use anything else from
spellchecking.
Change-Id: I105614497cc07e83d2d42da8957b80e4a28e34f0
Fixes: QTBUG-82143
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-82060
Change-Id: I59cd70e179d8e44d214c37e7a1dcf026ca0e65a1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=990863
Fixes: QTBUG-79667
Change-Id: Ic733f8a45f730fd2ad1e4c06520430fad929189a
Commit-Queue: Avi Drissman <avi@chromium.org>
Auto-Submit: Avi Drissman <avi@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#690751}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Allows recreating the NetworkContext used inside a storage partition so as to
change network settings dynamically.
Task-number: QTBUG-81558
Change-Id: I7b4b0a7d203eed976e13fdf3dbd4375acdae6265
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
| |
|
|
|
|
|
|
|
| |
Turns out Chromium on macOS expects vizdc to run inside the GPU process. In
fact, Chromium attempts to launch a GPU process even with --disable-gpu, because
GpuDataManager::GpuProcessStartAllowed returns true whenever vizdc is enabled.
Change-Id: I2f31ad8accfb418446fc242ed00ebf1f6accd6fd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
| |
By updating the licenses.py script, commit e687bc69 undid the
adaptations from d089b7f3. Re-apply them.
Fixes: QTBUG-81965
Change-Id: I28b17107c4cfb2a136fb1e981791a0f3a86099e1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
| |
Appears to trigger on tst_qwebengineprofile::initiator() randomly.
Suppress it for now.
Change-Id: Ia9236f50c231bb1270393e747bf374633b022b22
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
| |
|
|
|
|
|
|
| |
Force all the constexpr BasicStringPiece constructors to be always-
inline, otherwise they will be missing at link time with debug builds.
Change-Id: Icaae32d3eefd5f7babfbac141209eefd7061ca88
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
|
|
|
| |
We can't both access and move an object in the same expression. This
is undefined behavior and causes crashes with gcc 5.
Change-Id: I916927c27c7dec0f15620dfd22c795267a6bddc0
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
| |
|
|
|
| |
Change-Id: If4350e3c8c62bbf7a2f263d80e8025a74d5995d0
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
| |
We need it for non-WebRTC audio as well.
Change-Id: I51a2de68db26838394d0f6d079bcf4e60aeb9a5f
Fixes: QTBUG-80627
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add pkg-config support to libjpeg.
Add shim support, it seems that some features from pdfium
are using libjpeg.h.
This is re-uploaded from 73-based.
Task-number: QTBUG-77827
Change-Id: I671f16899e86057a83efdb48332cbf496da39788
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
| |
Expose VizCompositorThreadRunner in order to call CleanupForShutdown.
Change-Id: I454fb74d55e187cdd823fa258c17356859465a63
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
To support glibc 2.30, allow clock_nanosleep in the baseline BPF
policy, with the same clock_id restrictions as clock_gettime and
other clock_* syscalls.
Bug: 1025739
Task-number: QTBUG-81313
Change-Id: I2632dfb79182aa781388716c4a47c4ce1853ba30
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gn support fat builds with additional_target_cpus,
however this expects only fat builds for same type of
architecture like for ex. arm and arm64. Qt build
does fat builds for arm64 and x64, this is tricky to support
and would require some changes to support parsing builds
with two acitve toolchains.
Add poor man workaround to compile x64 together with arm64, by
using Xarch to separate parameters. Unfortunately arm64
includes neon files by default which can not be compiled
for x64. Therefore for release builds it is adviced
to do CONFIG-=simulator, which will not compile for
simulator, however will include NEON for arm64.
Task-number: QTBUG-77931
Change-Id: I26f9a656187a205ce8448eb3b888201c786476c7
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disallow cross-origin redirects for media downloads.
Cross-origin redirects for downloads aren't allowed, but media
elements didn't notice. This CL causes them to fail rather than
download or navigate.
It replaces LocalFrameClient::CrossOriginRedirects with the
pre-existing network::mojom::RedirectMode, which includes the
option kError. We use that to indicate that no cross-origin
redirect should be followed.
Last, this CL partially addresses a TODO in parallel_job_download to
fail redirects, but failing cross-origin redirects.
Bug: 990867
Change-Id: I6488759142d225067030a3b608253c2bc0d83a3e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clear matching pending NavigationEntry on NavigationRequest deletion.
The goal is to fix a big class of URL spoof issues. They happen when
a NavigationRequest is canceled, but the associated pending navigation
entry remains. This causes the wrong URL to be displayed in the
omnibox.
To fix it, delete the matching pending NavigationEntry in the
NavigationRequest's destructor.
This is a bit more complex:
1) During an history navigation, several NavigationRequest can starts
at the same time for iframes. All of them are associated with the
same pending NavigationEntry.
2) A pending NavigationEntry can be used, discarded and reused. It can
is used twice, but not associated with the same NavigationRequest(s)
on every use.
The class PendingEntryRef is used to track one NavigationRequest being
associated with a pending NavigationEntry for a given history
navigation.
Bug: 999932
Change-Id: I0a63dec4293d09120c892411cd9d9ea47a79af66
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix wrong NavigationRequest / pending NavigationEntry association.
When a new renderer initiated navigations starts it will either:
1) Create a new pending navigation entry and use it.
2) Reuse the existing pending navigation entry.
The problem is that (2) is very wrong. There is no reasons to do it.
For instance, when a main frame navigation starts, it creates a pending
NavigationEntry. Then if a subframe navigation starts, is reuses the
same pending NavigationEntry. This doesn't make sense.
Bug: 999932
Change-Id: If0da4fb7824f71ab1a488a616b8eb93c61482e30
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Capture redirect target for media download.
Instead of using the current src URL when downloading media, use
the final target after all redirects from resource selection.
Additionally, do not download the media file if any cross-origin
redirect is requested by the server.
Bug: 990867
Change-Id: Ic7c708c4001bae81aa85a158aed9e109c3297c93
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
| |
Our licenses python script was out of date and
did not support new arguments like depfile, which
caused constant rebuilds. Use the script
from 77 chromium branch.
Change-Id: Icd18c8fea61a38f8d0884a15606a64b34da4e19e
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-77931
Change-Id: I0090a2d84b07a7653f9235e6f43a8b7e0bd9a7da
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
| |
Task-number: QTBUG-77931
Change-Id: I3699ff2b1548818b2142bff2fe5f15a53c881fab
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Content Verification: Make computed hashes aware of dot/space
suffix treatment.
On windows, filename with (.| )+ suffix is ignored, i.e. "foo.html."
and "foo.html" are treated the same.
VerifiedContents is already aware of this and it stores a
canonicalized version of filename for filenames containing (.| )+
suffix.
This CL makes ComputedHashes aware of the change too, so that searching
for hashes will consider canonicalized version of the filename as
candidate. This makes ComputedHashes::Reader and VerifiedContents treat
this suffix behavior consistently.
This CL also adds unittest and browsertest for the fix.
Bug: 696208
Test: See bug for test repro.
Change-Id: I98e3f851b2f4cf3cb9cdb4a49f5414c476e2d5bd
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
macOS 10.13+ switched to using trustd over XPC to verify
certificates, but can (for unknown reasons) occasionally
fail, affecting the legacy/non-built-in verifier
(CertVerifyProcMac).
When this happens, don't re-validate the same certificate
multiple times, since trustd will keep complaining.
TBR=mattm@chromium.org
(cherry picked from commit a7bdc8bfd0fdf679e8667e16c489c592ca973f37)
Bug: 1033260
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#724437}
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/branch-heads/3945@{#1006}
Cr-Branched-From: e4635fff7defbae0f9c29e798349f6fc0cce4b1b-refs/heads/master@{#706915}
Change-Id: I57ad4ebeac4059f232624b6af4345021ea3fbcfb
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Delete PermissionServiceContext instance when shutting down RPHI.
The PermissionServiceContext holds PermissionSubscriptions originating
from service workers. These subscriptions observe the
PermissionControllerImpl that is owned by the Profile. When we delete
the profile, we terminate the RenderProcessHosts associated with
the profile first but however, in the OTR case, the RenderProcessHost
corresponding to PermissionControllerImpl is not deleted before
Profile.
The fix was to explicitly delete the PermissionServiceContext instance
when we call the RenderProcessHost::CleanUp method.
(cherry picked from commit 2045162fc4bd5ef1966dee183162cc1984941629)
Bug: 889276
Commit-Queue: Rohit Agarwal <roagarwal@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#724643}
Cr-Commit-Position: refs/branch-heads/3945@{#1014}
Cr-Branched-From: e4635fff7defbae0f9c29e798349f6fc0cce4b1b-refs/heads/master
@{#706915}
Change-Id: I302e40fba225a5b732f681a734c68e4d113374b6
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Implement NativePixmapHandle validation
Now ClientNativePixmapDmaBuf and ScenicClientNativePixmapFactory
validate layout of the NativePixmapHandle to ensure that the buffer
fits the image.
Bug: 957314, 974375
Change-Id: Ifc0c0deae2c833e7a74ae96f84a41ae4a0657890
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport of patch:
Merged: [turbofan] Fixes crash caused by truncated bigint
(cherry picked from commit 3ce6be027562ff6641977d7c9caa530c74a279ac)
Bug: chromium:1028191
Change-Id: I7ace89a9a77d84e2357d9e847771c5a35daeed9b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Change WebRequest proxy redirect logic to match NavigationURLLoaderImpl
The safe redirect checking logic in NavigationURLLoaderImpl was changed
in http://crrev.com/c/1779310 to remove the check for web accessible
extensions resources. There was similar logic in the WebRequest proxy
that should be removed to match.
This was causing the network_service_web_request_proxy_browser_tests to
fail on the Mojo Linux bot. These tests run with a WebRequest proxy
forced on to test the logic:
https://ci.chromium.org/p/chromium/builders/ci/Mojo%20Linux/40022
Bug: 442579
Change-Id: Ifb90d3e5478faec1956877f7fe683e306f7664d3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Remove ContentBrowserClient::IsSafeRedirectTarget.
The deleted ChromeContentBrowserClient::IsSafeRedirectTarget was mostly
redundant wrt ExtensionNavigationThrottle ("mostly", because the
throttle considers only the navigation initiator - doesn't consider
origins of intermediate hops as initiators; this aspect of behavior is
not important to preserve).
Bug: 442579
Change-Id: I7a8e36b6152788ca63507f09ba368ae75074e0cf
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of relevant parts of
Use |initiator_origin| in ExtensionNavigationThrottle.
Before this CL, ExtensionNavigationThrottle would more-or-less ignore
main frame navigations (except for special-casing some GuestView
scenarios). This allowed some undesirable navigations as pointed out in
https://crbug.com/442579. After this CL the throttle continues with
WebAccessibleResources checks even for main frames.
Before this CL, ExtensionNavigationThrottle would check if the target
is one of WebAccessibleResources iff the frame being navigated has an
ancestor that has a different origin than the target of the navigation.
This doesn't work for main frames (which have no parent). This could
be addressed by also going over opener relationship, but the right fix
here is to directly consider |initiator_origin| (which is trustworthy
and browser-verified). After this CL, |initiator_origin| is considered.
Applying the throttle checks to more navigations means that the throttle
has to replicate some exceptions from
ChromeContentBrowserClientExtensionsPart::ShouldAllowOpenURL.
Specifically, the throttle needs to ignore navigations ignored by
origins with chrome://, chrome-search:// and devtools:// schemes.
Additionally the changes mean that opaque origins (even if they have
been derived from an extension origin) cannot navigate to
non-WebAccessibleResources. This requires tweaking the
sandboxed_pages_csp test.
Bug: 442579
Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org>
Change-Id: I861344f323ebbe328770a49e95102b7f9d1300b1
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Merged: Squashed multiple commits.
Merged: Ensure root maps do not have slack in descriptor array
Revision: 31fab144f0652a6aa1f284b60655300ed746b2b6
Merged: Properly share descriptor arrays
Revision: f53c728f55f61deeeacbf669d6aff726244ea5fe
Merged: Fix too restrictive check in Map::MapVerify
Revision: e34e5271d954f7d7e4f87c4c7ab867b3c8e6d891
BUG=chromium:1025468,chromium:1027498,chromium:1028396
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=verwaest@chromium.org
Cr-Branched-From: be181e241c6da9baa49a424b7d91613c8ebf76f8-refs/heads/7.9.317@{#1}
Cr-Branched-From: 0d7889d0b14939fa5c09c39a0a5eb155b74163e4-refs/heads/master@{#64307
Change-Id: I8b1cd3a94ab60fae3a1108726e780110fdc6bc3d
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent sandboxed iframe Document from sharing execution context with initial about:blank Document
This change fixes an issue where a sandboxed iframe can be created such
that it contains a sandboxed Document with an opaque origin that still
shares a script context with the iframe's initial un-sandboxed
about:blank Document. The scenario is set up in the following manner:
1) Create a new iframe dynamically, and set its src to a same-domain page
that we are going to sandbox.
2) Insert the iframe into a Document, and synchronously grab a reference
to its initial about:blank Document.
3) Synchronously set iframe.sandbox = "allow-scripts" (this is still
before the same-domain page has loaded in the frame).
4) The iframe’s navigation to the same-domain page occurs, asynchronously.
FrameLoader::ShouldReuseDefaultView is called to determine the mode in
which to load the new page. FrameLoader::ShouldReuseDefaultView fails
to check the iframe’s sandbox flags (it only looks at the CSP ones),
so the navigation proceeds without resetting the type system of the
iframe. The result is that the newly loaded page shares the type
system of the initial about:blank Document.
5) Code in the sandboxed iframe is now free to make changes to its type
system that can affect any usage of the about:blank Document since
they share the same type system. This is a sandbox escape in that if
the same-domain page that the iframe is navigated to contains
user-generated code, it could run outside the iframe. It can also
result in crashes if we poke things in the right way, since an object
that should be considered cross-origin can bleed into the top-level
page, with the result that access checks which are never expected to
fail can now fail.
This change fixes the issue by making FrameLoader::ShouldReuseDefaultView()
check the iframe's sandbox flags via FrameLoader::EffectiveSandboxFlags(),
in addition to the existing check for CSP sandbox flags.
Bug: 1017441
Change-Id: I0a8ad4e156fa3053415d0578b4ffef5dc68a58e2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add more charsets to URL unescape banned list
Adds remaining characters from the the Default Ignorable and Formatting
character sets to the URL unescape ban list.
Bug: 824715
Change-Id: I118b2aa71877a830f32a8bff76e3f7f28c9760b0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport of patch:
Add ю to the set of Cyrillic/Latin lookalikes.
This CL adds ю to the set of Cyrillic characters that look like Latin
characters. It also adds a missing period.
Bug: 884693
Change-Id: Id60195fc0f9b07a4c23871acc548b3855bbdd6bf
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add ы (U+042B) and ԍ (U+050D) to set of Cyrillic look-alikes.
This CL adds ы and ԍ to the set of Cyrillic characters that look like
Latin characters, as well as a test case to verify.
Bug: 884693
Change-Id: I18bd5303564931c065fb91af947be881190c1a00
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch:
Merged: [heap]: Make addition of detached contexts robust for GC
Revision: b33a8508ccad452b2581bf1e234b88b8871e6e5f
BUG=chromium:1016703
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=hablich@chromium.org
Change-Id: Ie60d9ebfd19196eb38b4ce00cb56c426dc5120c2
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport of patch:
[m79] Fix number of arguments being passed when setting the thread name on Windows.
BUGS=webrtc:11079,chromium:1025089
(cherry picked from commit 7d5fe67b835e128ca688ccb361c98dd432556e2c)
Change-Id: I0ed17dd53ab0b2eeb295689192a5c0586991340f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport of patch:
Expand use_virtualized_gl_contexts to even older Mali
We already had this workaround on Mali-T*, but it's needed on Mali-400
as well (and most likely Mali-300, if that even supports WebGL).
Bug: 1018528
Change-Id: I286a2f0873a819f8a0c6d29ec4592ac788e0066f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport of patch:
Do not generate layout boxes for non-rendered foreignObject.
This change effectively re-introduces the code from [1] but only let it
affect layout tree building, not style computation, which was the reason
why the code was removed in the first place.
This also fixes the resolved style for width/height returned from
getComputedStyle() to return 'auto' for a computed value of 'auto'.
This matches the Firefox behavior.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1070137
(cherry picked from commit 1d1d6aac6bb169e788c9c081f655e85fe67f2e9f)
Bug: 1027905
Change-Id: I70e01302ce8b995ee89db2d6c20eb676e1f479e8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
