El divendres, 19 d’agost de 2022, a les 18:13:15 (CEST), Volker Hilsheimer va escriure: > > On 19 Aug 2022, at 16:28, Albert Astals Cid <aa...@kde.org> wrote: > > In case you don't understand what i am speaking about, i mean the Qt 5.15 > > patch corresponding to > > https://code.qt.io/cgit/qt/qtbase.git/commit/src/3rdparty/freetype?id=cfa > > 631e0fb5d78aac80cb580eb092fafa1cd9a8f which you didn't mark as Pick-to: > > 5.15 but from reading the CVE-2022-27404-27405-27406-qtbase-5.15.diff > > patch it's clear you did. > > > There is no patch that upgrades the freetype version 2.10.1 that is bundled > with Qt 5.15.5 to freetype 2.12.1. > Someone has to sit down and cherry-pick > https://codereview.qt-project.org/c/qt/qtbase/+/422316 down to the publicly > available Qt 5.15 branch. This can perhaps skip over the intermediate > upgrade to freetype 2.10.4. I’ve attached Liang's patch that upgraded > freetype from 2.10.1 to 2.10.4 in the Qt 5.15 branch, so whoever wants to > pick this up can see if that helps with creating a consolidated patch. > I assume that the Qt5 patch collection infrastructure that the KDE community > maintains is exactly designed for making such a consolidated patch > available and rebasing it e.g. 5.15.6 when that becomes available. > Chances are that I simply didn’t understand that you have basically been > asking and waiting for the 5.15 version of > cfa631e0fb5d78aac80cb580eb092fafa1cd9a8f. Apologies if that signal got lost > in the duststorm of this email thread.
Yes, i wanted the cfa631e0fb5d78aac80cb580eb092fafa1cd9a8f version of 5.15. I now realize no special "version" of that patch is needed since that patch applies and builds fine in 5.15 already. So as a summary anyone that finds themselves that they can't apply https://download.qt.io/official_releases/qt/5.15/CVE-2022-27404-27405-27406-qtbase-5.15.diff to their Qt 5.15 they just need to apply https://code.qt.io/cgit/qt/qtbase.git/commit/src/3rdparty/freetype?id=cfa631e0fb5d78aac80cb580eb092fafa1cd9a8f first and all will be good. Cheers, Albert > Volker > > > _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development