Sākums Izpētīt Palīdzība
Pierakstīties
PUBLIC_REPOS
/
buildroot
spogulis no git://git.buildroot.net/buildroot
2
1
Atdalīts 0
Faili
Pārlūkot izejas kodu

package/qt5/qt5base: security bump

This fixes CVE-2022-25255 and CVE-2022-25634.

Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Quentin Schulz 3 gadi atpakaļ
vecāks
5ed1baa7e2
revīzija
1cae2aa844
2 mainītis faili ar 6 papildinājumiem un 2 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 1 1
      package/qt5/qt5base/qt5base.hash
  2. 5 1
      package/qt5/qt5base/qt5base.mk

+ 1 - 1
package/qt5/qt5base/qt5base.hash
Parādīt failu 

@@ -1,5 +1,5 @@
 
 # Locally calculated
 
-sha256  96b1c96041ae7b5186c94f231979217bd50e3c0a4caeba32982faa8054a6d113  qtbase-d16bf02a11953dcac01dca73e6f3778f293adefe.tar.bz2
 
+sha256  18c17d441fbefa9dd13d1d6bfb5f542c986ba86cc37930247f9e4d782df2244b  qtbase-f31e001a9399e4e620847ea2c3e90749350140ae.tar.bz2
 
 
 # Hashes for license files:
 
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  LICENSE.GPL2

+ 5 - 1
package/qt5/qt5base/qt5base.mk
Parādīt failu 

@@ -4,7 +4,7 @@
 
 #
 
 ################################################################################
 
 
-QT5BASE_VERSION = d16bf02a11953dcac01dca73e6f3778f293adefe
 
+QT5BASE_VERSION = f31e001a9399e4e620847ea2c3e90749350140ae
 
 QT5BASE_SITE = $(QT5_SITE)/qtbase/-/archive/$(QT5BASE_VERSION)
 
 QT5BASE_SOURCE = qtbase-$(QT5BASE_VERSION).tar.bz2
 
 
@@ -14,6 +14,10 @@ QT5BASE_SYNC_QT_HEADERS = YES
 
 
 # 0006-Improve-fix-for-avoiding-huge-number-of-tiny-dashes.patch
 
 QT5BASE_IGNORE_CVES += CVE-2021-38593
 
+# From commit 2766b2cba6ca4b1c430304df5437e2a6c874b107 "QProcess/Unix: ensure we don't accidentally execute something from CWD"
 
+QT5BASE_IGNORE_CVES += CVE-2022-25255
 
+# From commit e68ca8e51375d963b2391715f70b42707992dbd8 "Windows: use QSystemLibrary instead of LoadLibrary directly"
 
+QT5BASE_IGNORE_CVES += CVE-2022-25634
 
 
 # A few comments:
 
 #  * -no-pch to workaround the issue described at