Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[qtbase] apply cve fix #34588

Merged
merged 2 commits into from
Oct 20, 2023
Merged

[qtbase] apply cve fix #34588

merged 2 commits into from
Oct 20, 2023

Conversation

jimwang118
Copy link
Contributor

@jimwang118 jimwang118 commented Oct 19, 2023
edited
Loading

Fixes #34545

Use upstream patches CVE-2023-43114-6.5.patch to fix qt vulnerabilities.

  • Changes comply with the maintainer guide
  • SHA512s are updated for each updated download
  • The "supports" clause reflects platforms that may be fixed by this new version
  • Any fixed CI baseline entries are removed from that file.
  • Any patches that are no longer applied are deleted from the port's directory.
  • The version database is fixed by rerunning ./vcpkg x-add-version --all and committing the result.
  • Only one version is added to each modified port's versions file.

Usage test pass with following triplets:

x86-windows
x64-windows
x64-windows-static

@jimwang118 jimwang118 added category:port-feature The issue is with a library, which is requesting new capabilities that didn’t exist info:internal This PR or Issue was filed by the vcpkg team. labels Oct 19, 2023
@jimwang118 jimwang118 marked this pull request as ready for review October 20, 2023 02:00
@carsten-grimm-at-ipolog
Copy link
Contributor

If the CVE is also fixed by updating to Qt 6.6.0, we could wait for #34426, which appears to be near completion.

@Neumann-A
Copy link
Contributor

If the CVE is also fixed by updating to Qt 6.6.0, we could wait for #34426, which appears to be near completion.

I am not going to put that PR out of draft before this PR is merged since 6.5 is an LTS release

@jimwang118 jimwang118 added category:port-bug The issue is with a library, which is something the port should already support and removed category:port-feature The issue is with a library, which is requesting new capabilities that didn’t exist labels Oct 20, 2023
@Cheney-W Cheney-W added the info:reviewed Pull Request changes follow basic guidelines label Oct 20, 2023
@JavierMatosD JavierMatosD merged commit 830f86f into microsoft:master Oct 20, 2023
15 checks passed
@ajtribick ajtribick mentioned this pull request Oct 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Cheney-W Cheney-W

Labels
category:port-bug The issue is with a library, which is something the port should already support info:internal This PR or Issue was filed by the vcpkg team. info:reviewed Pull Request changes follow basic guidelines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[qtbase] apply cve fix
5 participants
@jimwang118 @carsten-grimm-at-ipolog @Neumann-A @Cheney-W @JavierMatosD