On Wednesday, 27 July 2022 09:43:32 PDT Albert Astals Cid wrote: > > 5.15: > > https://download.qt.io/official_releases/qt/5.15/CVE-2022-27404-27405-2740 > > 6 > > -qtbase-5.15.diff > > This patch doesn't seem to apply over the v5.15.5-lts-lgpl tag for me, can > someone please double check in case I'm doing something wrong?
Looks like Freetype in the current 5.15 branch does not match what's in the patch. $ git show origin/5.15:src/3rdparty/freetype/docs/CHANGES | head -2 CHANGES BETWEEN 2.10.0 and 2.10.1 $ curl -sL https://download.qt.io/official_releases/qt/5.15/ CVE-2022-27404-27405-27406-qtbase-5.15.diff | \ grep -A3 b/src/3rdparty/freetype/docs/CHANGES diff --git a/src/3rdparty/freetype/docs/CHANGES b/src/3rdparty/freetype/docs/ CHANGES index 3bd5291ae1..3ad7ec4333 100644 --- a/src/3rdparty/freetype/docs/CHANGES +++ b/src/3rdparty/freetype/docs/CHANGES @@ -1,4 +1,235 @@ -CHANGES BETWEEN 2.10.3 and 2.10.4 +CHANGES BETWEEN 2.12.0 and 2.12.1 The patch was created on top of FreeType 2.10.3, while the branch has 2.10.1. I repeat :stop using the bundled third party content unless you're willing to update it yourself. In which case, you should simply update to 2.12.1 on your own. Ignore the patches in the CVE. -- Thiago Macieira - thiago.macieira (AT) intel.com Cloud Software Architect - Intel DCAI Cloud Engineering _______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
