Some first party requests has no site_for_cookies yet, and thus returns
an empty string. The logic matches that of StaticCookiePolicy.

Change-Id: I10caf978dc410639cd21fc2aa01eb2bf6dc67c1f
Fixes: QTBUG-71393
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

This reads the hw.model string through sysctlbyname and sets the
environment variable QT_MAC_PRO_WEBENGINE_WORKAROUND to tell the
Cocoa platform plugin to not enable offline renderers upon creation
of the platform OpenGL context.

Task-number: QTBUG-70062
Change-Id: I986d9d76a80f96a215f3fcd08b3d47e546682e35
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Task-number: QTBUG-71128
Task-number: QTBUG-69281
Task-number: QTBUG-71229
Change-Id: If6b839ce12efb3ccd69c270d99b10b3756014bb2
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

This adds proxy resolver service as a part of content utility process
and pulls in the corresponding change in Chromium.

Fixes: QTBUG-69281
Change-Id: Icb2b67e1e506a5b511531322a8c13d7df0e11f9f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Do no access m_request from ui thread. The auth request can get cancelled,
this can happen for example when a new navigation interrupts the current one.

Fixes: QTBUG-71128
Change-Id: I140b1a164294342bad13a76342c1f642ba0960c8
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

Task-number: QTBUG-69281
Change-Id: If48d1a7ad723b18d4577d675b11c0cdc5e22f758
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

Unfortunately the versions reported by system freetype packages with
pkg-config are not always consistent with the actual freetype version.

Instead, we now use a compile time check, similar to what the
corresponding check for qtgui does.

Change-Id: I3316f5dfe423ffead5fd9cfec1542407c2b21bd8
Fixes: QTBUG-71033
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Pull in fix for build failure on macOS with 10.14

Fixes: QTBUG-70981
Change-Id: Ie302e3b7f21edfe4390248c4953dbcce6525715a
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>

Pass interface to io thread and bind there.

Task-number: QTBUG-69281
Change-Id: Ia8630cb7ff216cecaec5274a0b3da3ef0881fcea
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

Task-number: QTBUG-68462
Task-number: QTBUG-70728
Change-Id: I4314bce427555504cb49de93af45c910de554479
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

More security fixes from Chrome 69

Changes:
dd94e4234936 [Backport] CVE-2018-16066
9dec1e5d1048 [Backport] CVE-2018-16070
7610166df941 [Backport] Security patch 864932
9ffeaf4caa98 [Backport] CVE-2018-16076
af4500d25e07 [Backport] CVE-2018-16077
02d134e58d36 [Backport] CVE-2018-16083
22a79645f8d3 [Backport] CVE-2018-16085
8ea8f7a2e7ca [Backport] Security issue 867306
3b44cd3d8a9c [Backport] Security issue 867792
13aed800921e [Backport] Security issue 868592

Change-Id: I465915ee61443e8eab2204b56cbf9aca1123aab4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Task-number: QTBUG-66871
Change-Id: I246d667dfe341a6bfe7a74b24286403bec4dde8b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Task-number: QTBUG-68462
Change-Id: I6d3358d36bb3df91c05d434275e9c69682c982a9
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

High security fixes from Chrome 69

Changes:
c92e99aa5f [Backport] CVE-2018-16067
38b701b44f [Backport] CVE-2018-16068
5adda98099 [Backport] CVE-2018-16071
021e3ee70e [Backport] CVE-2018-16072
cfc13dfc78 [Backport] Correctly handle blob:file:///

... URIs in SiteInstance::GetSiteForURL.
f1f5e7417e [Backport] Avoid unneeded call to Origin::GetURL from SiteInstance::GetSiteForURL.
c952ab2ef5 [Backport] CVE-2018-16074
ae14d10af6 [Backport] CVE-2018-16073
ebbf15c58c Update usrsctp

Change-Id: Ia5d1c6622992f855de9d86fb2e99a972012f6fc0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

Either overlooked or added after we make the GN switch.

Change-Id: I93bfc27c2e71165901c2046ab2ea902d9dad39d3
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Change-Id: Idee34fa6d4cc54effd84d3b78e3666fa7fcce8db

We do not have it working together with the building of Chromium.

Task-number: QTBUG-66571
Change-Id: Ib000a4102b02902f2ac257347e406297fe1608cf
Reviewed-by: Samuli Piippo <samuli.piippo@qt.io>

Change-Id: I134876aa68bd42356c0b897a5d7d5881f27724a4
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Add a few missed changes from 3rdparty

Change-Id: Ie503da76d20440729516224c48bf0c95aade66d7
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Change-Id: Ia3fe234353e489732ee5f914204ee3f46c894a52
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Change-Id: Iea03d76799b1e94991e536c056a5b918d63041a4

The max was bumbed from 11 to 256, now document it.

Task-number: QTBUG-69904
Change-Id: I6cbf64afe3409c4722d7a903d833124880b32bc0
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

This pulls in the following changes:

* 708511 Fix hunspell::NodeReader::affix_id_for_leaf bounds check

Change-Id: I54a3775c171361f227a27bfd3846ab4f5a78e76c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Changes have been made upstream, backported in
http://code.qt.io/cgit/qt/qtwebengine-chromium.git/commit/?h=65-based&id=eb5360b2


that make it possible to link against system libxml2 again, even if
it has been compiled with catalog support.

Thanks to Arfrever Frehtes Taifersar Arahesis for their help on this.

Change-Id: I61a49ab806f6dbbd96a2df09946c1a14062e6df5
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Somehow it's the case that QtTest 5.9 doesn't know how to QCOMPARE a QString
with a normal string literal:

  ld: error: undefined symbol: bool QTest::qCompare<QString, char [31]>(QString
  const&, char const (&) [31], char const*, char const*, char const*, int)

Change-Id: I13ce50689d9f1c157378b862fb1ed4a572ac7f79
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Task-number: QTBUG-62053
Change-Id: I2df300239f4f02bb74f1ec27a74874b3877aabd0
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

This pulls in the following changes:

* 084a80 [Backport] Security Bug 831117 2/2
* f78390 [Backport] Security Bug 831117 1/2
* d739b9 [Backport] Security Bug 683418
* cf51b5 [Backport] Security Bug 840695
* 009019 [Backport] Security Bug 838886
* 424911 [Backport] CVE-2018-6158
* 6d5f60 Fix compilation issues in introduced previous commits
* a6e2ca [Backport] Security fix for Chromium bug 860721
* 3e6d0c [Backport] Security fix for Chromium bug 839197
* f4115a [Backport] additional patch for security fix for Chromium bug 839197

Task-number: QTBUG-69663
Change-Id: I6ad8509efb210972b753d8763e02cc31e90e0f8a
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

This pulls in the following changes :
* 827405 [Backport] Security fix for Chromium bug 854887
* e79b92 [Backport] Security fix for Chromium bug 861571
* d845af [Backport] CVE-2018-6161
* 3cdf31 [Backport] CVE-2018-6159
* 625870 [Backport] CVE-2018-6162
* 2b111a [Backport] CVE-2018-6164
* eb5360 [Backport] blink: disable XML catalogs at runtime
* 273272 Bump maximum number of custom isolated world ids
* 8f53e0 [Backport] CVE-2018-6167
* 07c34e [Backport] CVE-2018-6172 CVE-2018-6163
* 5d8596 [Backport] CVE-2018-6165
* e8b9ae [Backport] CVE-2018-6177 CVE-2018-6168
* 0cce34 [Backport] CVE-2018-4117

Task-number: QTBUG-69663
Change-Id: Ied119f9d0b28ccba4954c087ab7bcf129969d52a
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

Although the test should have been fixed by the change and did succeed
during local tests and CI runs, it still fails on the CI.

This prevents a merge to dev.

Partially reverts commit: d62cb919



Task-number: QTBUG-66527
Change-Id: I1571c918034d84bd969ca0d401d4cfb17a10fd68
Reviewed-by: Kai Koehne <kai.koehne@qt.io>

--enable-webgl-software-rendering is supposed to be used together
with mesa llvmpipe / opengl32sw.dll. However, Chromium did still use
the built-in GPU blacklist to disable features based on the hardware
GPU driver.

Avoid this by always passing --ignore-gpu-blacklist for this mode.

Task-number: QTBUG-69236
Change-Id: I430d101f6eac64478585de54f705e76859c80597
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>

This commit pulls in security patches:
 * CVE-2018-6150
 * CVE-2018-6152
 * CVE-2018-6175
 * CVE-2018-6155

Task-number: QTBUG-69663
Change-Id: If70e7817f4f9aa1fa482559b734085e6cdff89ed
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

Not needed and triggers race condition.

Task-number: QTBUG-69007
Change-Id: Id57ba527387e5dbe44a8dd6c5a49e7278403ce64
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Changes:
2d61f0a269 Work around MSVC2017 optimizer bug when printing a page usind Pdfium
6d6103fe51 [Backport] flush to zero tiny radii
edf63ed29d [Backport] use double to compute root to avoid overflow
7777b6ac95 [Backport] Generate GL errors more strictly in StrictIdHandler.
0c00f4a924 [Backport] Validate all incoming WebGLObjects.
a6a96845cc [Backport] Prevent potential buffer overflow in UlpfecReceiver
a3d55fb8e4 [Backport] Check number of nalus in packet before checking nalu types.

Change-Id: Icd501a956ce396a38098272848bc25065ad92748
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

The view did not get all the movement events if the mouse was moved
onto the view after it had loaded the page. Fix this by placing the
mouse onto the view before setting the html content.

Task-number: QTBUG-66527
Change-Id: I6d6847d5215005fe9490250b5b4f0c01ce317c23
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>

Change-Id: I74f6a607d96733fa379526be40c6a13c31203d4e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>

Change-Id: Ic2f6a39e5e87c3cd606e161abac0bc6294c708d6

IODevice::close and therefore aboutToClose is called by io thread,
connecting it to deleteLater will register deferred delete
on event loop of IODevice instance, which is on ui thread.
This could be racy since deletion on ui thread can happen before job
is done.

Change-Id: I895e6a71649ba65944d069f254d119cc60aada6c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

When an HTML select box was clicked inside of a QWebEngineView and
the parent QWebEngineView window was moved using the mouse
(via window decoration toolbar for example) the popup window
would stay around instead of being closed.

This happened because of the usage of the Qt:Tool window flag for the
popup window, which implies a tool that floats near its parent window.

The fix is threefold:
1) Use Qt::Popup instead, similarly to how QMenu does it.
   Whenever the parent window is moved, the popup will now get a
   CloseEvent.
2) Handle the CloseEvent by telling Chromium to close and destroy
   the popup.
3) On Windows the OS might send mouse move events to the popup RWHVQD
   instance after its parent QWebEngineView, RWHVQD,
   QWebEnginePagePrivate (client adapter) is destroyed. We need to
   guard the mouse forwarding code not to access the client adapter
   if it has already been destroyed.

The second point is done by telling Chromium that its popup lost focus
which it interprets as a sign to hide it, and automatically destroy
it. This will destroy the underlying RWHVQtDelegateWidget and
RWHVQt instances.

Task-number: QTBUG-59891
Change-Id: I47f94a93c495a6caa5de92a6022eaca154994eda
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

Task-number: QTBUG-69605
Change-Id: I863db484ff2bcf558585f75c73963097fb43148a
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Include following patches:
c020786f57 Fix compilation failure in time_win.cc
eea22d3cac [Backport] media: Increase DecoderBuffer::kPaddingSize to 64
91d24cdd6f Reduce severity level of messages when kDisableGpu switch is
used
298fb05460 Fix --single-process --disable-gpu combination not to hit
asserts
db81dc68a8 Remove incomplete logic to detect AMD K2 CPU's
b11fd882e8 Do not write <protocol>.json to source directory

Change-Id: I4e3c0c2f3908f358b43ae4af8baebc2012c9830b
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>