* [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump
@ 2022-03-17 16:38 Quentin Schulz
2022-03-17 16:38 ` [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch Quentin Schulz
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Quentin Schulz @ 2022-03-17 16:38 UTC (permalink / raw)
To: buildroot; +Cc: Quentin Schulz, Quentin Schulz, Peter Seiderer, Julien Corjon
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
This fixes CVE-2022-25255 and CVE-2022-25634.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
---
package/qt5/qt5base/qt5base.hash | 2 +-
package/qt5/qt5base/qt5base.mk | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/package/qt5/qt5base/qt5base.hash b/package/qt5/qt5base/qt5base.hash
index 1b9ff43ab2..c031f71c77 100644
--- a/package/qt5/qt5base/qt5base.hash
+++ b/package/qt5/qt5base/qt5base.hash
@@ -1,5 +1,5 @@
# Locally calculated
-sha256 96b1c96041ae7b5186c94f231979217bd50e3c0a4caeba32982faa8054a6d113 qtbase-d16bf02a11953dcac01dca73e6f3778f293adefe.tar.bz2
+sha256 18c17d441fbefa9dd13d1d6bfb5f542c986ba86cc37930247f9e4d782df2244b qtbase-f31e001a9399e4e620847ea2c3e90749350140ae.tar.bz2
# Hashes for license files:
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE.GPL2
diff --git a/package/qt5/qt5base/qt5base.mk b/package/qt5/qt5base/qt5base.mk
index ef02edfc1d..8fd5800822 100644
--- a/package/qt5/qt5base/qt5base.mk
+++ b/package/qt5/qt5base/qt5base.mk
@@ -4,7 +4,7 @@
#
################################################################################
-QT5BASE_VERSION = d16bf02a11953dcac01dca73e6f3778f293adefe
+QT5BASE_VERSION = f31e001a9399e4e620847ea2c3e90749350140ae
QT5BASE_SITE = $(QT5_SITE)/qtbase/-/archive/$(QT5BASE_VERSION)
QT5BASE_SOURCE = qtbase-$(QT5BASE_VERSION).tar.bz2
@@ -15,6 +15,10 @@ QT5BASE_SYNC_QT_HEADERS = YES
# 0010-Avoid-processing-intensive-painting-of-high-number-o.patch
# 0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
QT5BASE_IGNORE_CVES += CVE-2021-38593
+# From commit 2766b2cba6ca4b1c430304df5437e2a6c874b107 "QProcess/Unix: ensure we don't accidentally execute something from CWD"
+QT5BASE_IGNORE_CVES += CVE-2022-25255
+# From commit e68ca8e51375d963b2391715f70b42707992dbd8 "Windows: use QSystemLibrary instead of LoadLibrary directly"
+QT5BASE_IGNORE_CVES += CVE-2022-25634
# A few comments:
# * -no-pch to workaround the issue described at
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch
2022-03-17 16:38 [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Quentin Schulz
@ 2022-03-17 16:38 ` Quentin Schulz
2022-03-24 21:42 ` Arnout Vandecappelle
2022-03-30 7:12 ` Peter Korsgaard
2022-03-17 16:38 ` [Buildroot] [PATCH 3/3] package/qt5/qt5base: update comment pointing to patches fixing CVE-2021-38593 Quentin Schulz
` (2 subsequent siblings)
3 siblings, 2 replies; 8+ messages in thread
From: Quentin Schulz @ 2022-03-17 16:38 UTC (permalink / raw)
To: buildroot; +Cc: Quentin Schulz, Quentin Schulz, Peter Seiderer, Julien Corjon
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
CVE-2021-38593 fixes originally missed a usecase that was covered by the
to-be-removed patch. However, this patch was incorrect and added some
issues on its own, which was then fixed by now-removed
0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch.
Unfortunately for us, the to-be-removed patch (fixed by
0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch) can actually
be applied (with fuzz; by `patch` only) on top of the now-removed patch.
When the move to KDE Qt fork was made, some patches were removed as they
were already part of the new git fork. However, the to-be-removed patch
was not. This means the
0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch was actually
undone when Buildroot patched qt5base.
Let's remove this patch to fix this oversight.
As a reference:
e7ea2ed27c Improve fix for avoiding huge number of tiny dashes
fixed by
65b3aa6a1c Refix for avoiding huge number of tiny dashes
in the git repo.
Fixes: 5770a645a3a49 "package/qt5: bump packages to latest kde submodule versions"
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
---
...-avoiding-huge-number-of-tiny-dashes.patch | 37 -------------------
1 file changed, 37 deletions(-)
delete mode 100644 package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
diff --git a/package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch b/package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
deleted file mode 100644
index 16e0f20200..0000000000
--- a/package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 856d11f695fb6effe26a359f9ad0efdf24067085 Mon Sep 17 00:00:00 2001
-From: Eirik Aavitsland <eirik.aavitsland@qt.io>
-Date: Fri, 23 Jul 2021 15:53:56 +0200
-Subject: [PATCH] Improve fix for avoiding huge number of tiny dashes
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some pathological cases were not caught by the previous fix.
-
-Fixes: QTBUG-95239
-Pick-to: 6.2 6.1 5.15
-Change-Id: I0337ee3923ff93ccb36c4d7b810a9c0667354cc5
-Reviewed-by: Robert Löhning <robert.loehning@qt.io>
-(cherry picked from commit 6b400e3147dcfd8cc3a393ace1bd118c93762e0c)
-[Retrieved from: https://invent.kde.org/qt/qt/qtbase/-/commit/fed5713eeba5bf8e0ee413cb4e77109bfa7c2bce]
-Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
----
- src/gui/painting/qpaintengineex.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gui/painting/qpaintengineex.cpp b/src/gui/painting/qpaintengineex.cpp
-index 55fdb0c2a0..19e4b23423 100644
---- a/src/gui/painting/qpaintengineex.cpp
-+++ b/src/gui/painting/qpaintengineex.cpp
-@@ -426,7 +426,7 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen)
- patternLength *= pen.widthF();
- if (qFuzzyIsNull(patternLength)) {
- pen.setStyle(Qt::NoPen);
-- } else if (extent / patternLength > 10000) {
-+ } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) {
- // approximate stream of tiny dashes with semi-transparent solid line
- pen.setStyle(Qt::SolidLine);
- QColor color(pen.color());
---
-2.34.1
-
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 3/3] package/qt5/qt5base: update comment pointing to patches fixing CVE-2021-38593
2022-03-17 16:38 [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Quentin Schulz
2022-03-17 16:38 ` [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch Quentin Schulz
@ 2022-03-17 16:38 ` Quentin Schulz
2022-03-31 15:48 ` Peter Korsgaard
2022-03-24 21:35 ` [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Arnout Vandecappelle
2022-03-31 15:48 ` Peter Korsgaard
3 siblings, 1 reply; 8+ messages in thread
From: Quentin Schulz @ 2022-03-17 16:38 UTC (permalink / raw)
To: buildroot; +Cc: Quentin Schulz, Quentin Schulz, Peter Seiderer, Julien Corjon
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
The patches aren't in Buildroot anymore but in the qt5base sources
directly, so let's give the commit hash of the fixes instead.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
---
package/qt5/qt5base/qt5base.mk | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/qt5/qt5base/qt5base.mk b/package/qt5/qt5base/qt5base.mk
index 8fd5800822..972d217ef1 100644
--- a/package/qt5/qt5base/qt5base.mk
+++ b/package/qt5/qt5base/qt5base.mk
@@ -12,8 +12,9 @@ QT5BASE_DEPENDENCIES = host-pkgconf pcre2 zlib
QT5BASE_INSTALL_STAGING = YES
QT5BASE_SYNC_QT_HEADERS = YES
-# 0010-Avoid-processing-intensive-painting-of-high-number-o.patch
-# 0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
+# From commits:
+# 4ce7053a59 "Avoid processing-intensive painting of high number of tiny dashes"
+# e7ea2ed27c "Improve fix for avoiding huge number of tiny dashes"
QT5BASE_IGNORE_CVES += CVE-2021-38593
# From commit 2766b2cba6ca4b1c430304df5437e2a6c874b107 "QProcess/Unix: ensure we don't accidentally execute something from CWD"
QT5BASE_IGNORE_CVES += CVE-2022-25255
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump
2022-03-17 16:38 [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Quentin Schulz
2022-03-17 16:38 ` [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch Quentin Schulz
2022-03-17 16:38 ` [Buildroot] [PATCH 3/3] package/qt5/qt5base: update comment pointing to patches fixing CVE-2021-38593 Quentin Schulz
@ 2022-03-24 21:35 ` Arnout Vandecappelle
2022-03-31 15:48 ` Peter Korsgaard
3 siblings, 0 replies; 8+ messages in thread
From: Arnout Vandecappelle @ 2022-03-24 21:35 UTC (permalink / raw)
To: Quentin Schulz, buildroot; +Cc: Quentin Schulz, Peter Seiderer, Julien Corjon
On 17/03/2022 17:38, Quentin Schulz wrote:
> From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
>
> This fixes CVE-2022-25255 and CVE-2022-25634.
>
> Cc: Quentin Schulz <foss+buildroot@0leil.net>
> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
> ---
> package/qt5/qt5base/qt5base.hash | 2 +-
> package/qt5/qt5base/qt5base.mk | 6 +++++-
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/package/qt5/qt5base/qt5base.hash b/package/qt5/qt5base/qt5base.hash
> index 1b9ff43ab2..c031f71c77 100644
> --- a/package/qt5/qt5base/qt5base.hash
> +++ b/package/qt5/qt5base/qt5base.hash
> @@ -1,5 +1,5 @@
> # Locally calculated
> -sha256 96b1c96041ae7b5186c94f231979217bd50e3c0a4caeba32982faa8054a6d113 qtbase-d16bf02a11953dcac01dca73e6f3778f293adefe.tar.bz2
> +sha256 18c17d441fbefa9dd13d1d6bfb5f542c986ba86cc37930247f9e4d782df2244b qtbase-f31e001a9399e4e620847ea2c3e90749350140ae.tar.bz2
>
> # Hashes for license files:
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE.GPL2
> diff --git a/package/qt5/qt5base/qt5base.mk b/package/qt5/qt5base/qt5base.mk
> index ef02edfc1d..8fd5800822 100644
> --- a/package/qt5/qt5base/qt5base.mk
> +++ b/package/qt5/qt5base/qt5base.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -QT5BASE_VERSION = d16bf02a11953dcac01dca73e6f3778f293adefe
> +QT5BASE_VERSION = f31e001a9399e4e620847ea2c3e90749350140ae
> QT5BASE_SITE = $(QT5_SITE)/qtbase/-/archive/$(QT5BASE_VERSION)
> QT5BASE_SOURCE = qtbase-$(QT5BASE_VERSION).tar.bz2
>
> @@ -15,6 +15,10 @@ QT5BASE_SYNC_QT_HEADERS = YES
> # 0010-Avoid-processing-intensive-painting-of-high-number-o.patch
> # 0011-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
> QT5BASE_IGNORE_CVES += CVE-2021-38593
FYI, this no longer applies cleanly to master.
Regards,
Arnout
> +# From commit 2766b2cba6ca4b1c430304df5437e2a6c874b107 "QProcess/Unix: ensure we don't accidentally execute something from CWD"
> +QT5BASE_IGNORE_CVES += CVE-2022-25255
> +# From commit e68ca8e51375d963b2391715f70b42707992dbd8 "Windows: use QSystemLibrary instead of LoadLibrary directly"
> +QT5BASE_IGNORE_CVES += CVE-2022-25634
>
> # A few comments:
> # * -no-pch to workaround the issue described at
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch
2022-03-17 16:38 ` [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch Quentin Schulz
@ 2022-03-24 21:42 ` Arnout Vandecappelle
2022-03-30 7:12 ` Peter Korsgaard
1 sibling, 0 replies; 8+ messages in thread
From: Arnout Vandecappelle @ 2022-03-24 21:42 UTC (permalink / raw)
To: Quentin Schulz, buildroot; +Cc: Quentin Schulz, Peter Seiderer, Julien Corjon
On 17/03/2022 17:38, Quentin Schulz wrote:
> From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
>
> CVE-2021-38593 fixes originally missed a usecase that was covered by the
> to-be-removed patch. However, this patch was incorrect and added some
> issues on its own, which was then fixed by now-removed
> 0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch.
>
> Unfortunately for us, the to-be-removed patch (fixed by
> 0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch) can actually
> be applied (with fuzz; by `patch` only) on top of the now-removed patch.
> When the move to KDE Qt fork was made, some patches were removed as they
> were already part of the new git fork. However, the to-be-removed patch
> was not. This means the
> 0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch was actually
> undone when Buildroot patched qt5base.
>
> Let's remove this patch to fix this oversight.
>
> As a reference:
> e7ea2ed27c Improve fix for avoiding huge number of tiny dashes
> fixed by
> 65b3aa6a1c Refix for avoiding huge number of tiny dashes
> in the git repo.
>
> Fixes: 5770a645a3a49 "package/qt5: bump packages to latest kde submodule versions"
> Cc: Quentin Schulz <foss+buildroot@0leil.net>
> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Applied to master, thanks.
I've also renumbered patches 7 and 8.
Regards,
Arnout
> ---
> ...-avoiding-huge-number-of-tiny-dashes.patch | 37 -------------------
> 1 file changed, 37 deletions(-)
> delete mode 100644 package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
>
> diff --git a/package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch b/package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
> deleted file mode 100644
> index 16e0f20200..0000000000
> --- a/package/qt5/qt5base/0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -From 856d11f695fb6effe26a359f9ad0efdf24067085 Mon Sep 17 00:00:00 2001
> -From: Eirik Aavitsland <eirik.aavitsland@qt.io>
> -Date: Fri, 23 Jul 2021 15:53:56 +0200
> -Subject: [PATCH] Improve fix for avoiding huge number of tiny dashes
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -Some pathological cases were not caught by the previous fix.
> -
> -Fixes: QTBUG-95239
> -Pick-to: 6.2 6.1 5.15
> -Change-Id: I0337ee3923ff93ccb36c4d7b810a9c0667354cc5
> -Reviewed-by: Robert Löhning <robert.loehning@qt.io>
> -(cherry picked from commit 6b400e3147dcfd8cc3a393ace1bd118c93762e0c)
> -[Retrieved from: https://invent.kde.org/qt/qt/qtbase/-/commit/fed5713eeba5bf8e0ee413cb4e77109bfa7c2bce]
> -Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
> ----
> - src/gui/painting/qpaintengineex.cpp | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/src/gui/painting/qpaintengineex.cpp b/src/gui/painting/qpaintengineex.cpp
> -index 55fdb0c2a0..19e4b23423 100644
> ---- a/src/gui/painting/qpaintengineex.cpp
> -+++ b/src/gui/painting/qpaintengineex.cpp
> -@@ -426,7 +426,7 @@ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen)
> - patternLength *= pen.widthF();
> - if (qFuzzyIsNull(patternLength)) {
> - pen.setStyle(Qt::NoPen);
> -- } else if (extent / patternLength > 10000) {
> -+ } else if (qFuzzyIsNull(extent) || extent / patternLength > 10000) {
> - // approximate stream of tiny dashes with semi-transparent solid line
> - pen.setStyle(Qt::SolidLine);
> - QColor color(pen.color());
> ---
> -2.34.1
> -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch
2022-03-17 16:38 ` [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch Quentin Schulz
2022-03-24 21:42 ` Arnout Vandecappelle
@ 2022-03-30 7:12 ` Peter Korsgaard
1 sibling, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2022-03-30 7:12 UTC (permalink / raw)
To: Quentin Schulz; +Cc: Quentin Schulz, Peter Seiderer, Julien Corjon, buildroot
>>>>> "Quentin" == Quentin Schulz <foss+buildroot@0leil.net> writes:
> From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
> CVE-2021-38593 fixes originally missed a usecase that was covered by the
> to-be-removed patch. However, this patch was incorrect and added some
> issues on its own, which was then fixed by now-removed
> 0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch.
> Unfortunately for us, the to-be-removed patch (fixed by
> 0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch) can actually
> be applied (with fuzz; by `patch` only) on top of the now-removed patch.
> When the move to KDE Qt fork was made, some patches were removed as they
> were already part of the new git fork. However, the to-be-removed patch
> was not. This means the
> 0012-Refix-for-avoiding-huge-number-of-tiny-dashes.patch was actually
> undone when Buildroot patched qt5base.
> Let's remove this patch to fix this oversight.
> As a reference:
> e7ea2ed27c Improve fix for avoiding huge number of tiny dashes
> fixed by
> 65b3aa6a1c Refix for avoiding huge number of tiny dashes
> in the git repo.
> Fixes: 5770a645a3a49 "package/qt5: bump packages to latest kde submodule versions"
> Cc: Quentin Schulz <foss+buildroot@0leil.net>
> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump
2022-03-17 16:38 [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Quentin Schulz
` (2 preceding siblings ...)
2022-03-24 21:35 ` [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Arnout Vandecappelle
@ 2022-03-31 15:48 ` Peter Korsgaard
3 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2022-03-31 15:48 UTC (permalink / raw)
To: Quentin Schulz; +Cc: Quentin Schulz, Peter Seiderer, Julien Corjon, buildroot
>>>>> "Quentin" == Quentin Schulz <foss+buildroot@0leil.net> writes:
> From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
> This fixes CVE-2022-25255 and CVE-2022-25634.
> Cc: Quentin Schulz <foss+buildroot@0leil.net>
> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Buildroot] [PATCH 3/3] package/qt5/qt5base: update comment pointing to patches fixing CVE-2021-38593
2022-03-17 16:38 ` [Buildroot] [PATCH 3/3] package/qt5/qt5base: update comment pointing to patches fixing CVE-2021-38593 Quentin Schulz
@ 2022-03-31 15:48 ` Peter Korsgaard
0 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2022-03-31 15:48 UTC (permalink / raw)
To: Quentin Schulz; +Cc: Quentin Schulz, Peter Seiderer, Julien Corjon, buildroot
>>>>> "Quentin" == Quentin Schulz <foss+buildroot@0leil.net> writes:
> From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
> The patches aren't in Buildroot anymore but in the qt5base sources
> directly, so let's give the commit hash of the fixes instead.
> Cc: Quentin Schulz <foss+buildroot@0leil.net>
> Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-03-31 15:48 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-17 16:38 [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Quentin Schulz
2022-03-17 16:38 ` [Buildroot] [PATCH 2/3] package/qt5/qt5base: remove leftover patch Quentin Schulz
2022-03-24 21:42 ` Arnout Vandecappelle
2022-03-30 7:12 ` Peter Korsgaard
2022-03-17 16:38 ` [Buildroot] [PATCH 3/3] package/qt5/qt5base: update comment pointing to patches fixing CVE-2021-38593 Quentin Schulz
2022-03-31 15:48 ` Peter Korsgaard
2022-03-24 21:35 ` [Buildroot] [PATCH 1/3] package/qt5/qt5base: security bump Arnout Vandecappelle
2022-03-31 15:48 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.