Third Party Code in Qt: Difference between revisions
Jump to navigation
Jump to search
(add urls to the image codecs) |
Manordheim (talk | contribs) (Add sha* modules) |
||
Line 6: | Line 6: | ||
|- | |- | ||
|qtbase||Qt Core||pcre2||regular expressions||-||http://www.pcre.org/<nowiki/>||Routine pre-release checks of their release [https://github.com/PCRE2Project/pcre2/releases page] on GitHub. Their front-page is lagging a little behind at time of writing. | |qtbase||Qt Core||pcre2||regular expressions||-||http://www.pcre.org/<nowiki/>||Routine pre-release checks of their release [https://github.com/PCRE2Project/pcre2/releases page] on GitHub. Their front-page is lagging a little behind at time of writing. | ||
|- | |||
|qtbase | |||
|Qt Core | |||
|sha1 | |||
|arbitrary stream of bytes | |||
| - | |||
|https://www.dominik-reichl.de/projects/csha1/ | |||
|Replace the .cpp file with the new version from upstream | |||
|- | |||
|qtbase | |||
|Qt Core | |||
|sha{224,256,384,512} | |||
|arbitrary stream of bytes | |||
| - | |||
|https://www.rfc-editor.org/rfc/rfc6234#section-8 | |||
|None, maybe look at errata or CVEs | |||
|- | |||
|qtbase | |||
|Qt Core | |||
|sha3 | |||
|arbitrary stream of bytes | |||
| - | |||
|https://keccak.team/archives.html | |||
|None, the upstream implementation is obsolete | |||
|- | |- | ||
|qtbase||Qt Core||tinycbor||Streaming CBOR object||-||https://github.com/intel/tinycbor<nowiki/>||Thiago is its maintainer, so brings us updates when he makes them. | |qtbase||Qt Core||tinycbor||Streaming CBOR object||-||https://github.com/intel/tinycbor<nowiki/>||Thiago is its maintainer, so brings us updates when he makes them. |
Revision as of 09:33, 9 March 2023
This page provides security- and maintenance-relevant information for the 3rd party code in Qt. For a complete list of 3rd party modules, including the currently included version, see the documentation page with the list of licenses used in Qt.
repository | Qt module | 3rdparty module | processed untrusted content | patches | upstream | upgrade process |
---|---|---|---|---|---|---|
qtbase | Qt Core | pcre2 | regular expressions | - | http://www.pcre.org/ | Routine pre-release checks of their release page on GitHub. Their front-page is lagging a little behind at time of writing. |
qtbase | Qt Core | sha1 | arbitrary stream of bytes | - | https://www.dominik-reichl.de/projects/csha1/ | Replace the .cpp file with the new version from upstream |
qtbase | Qt Core | sha{224,256,384,512} | arbitrary stream of bytes | - | https://www.rfc-editor.org/rfc/rfc6234#section-8 | None, maybe look at errata or CVEs |
qtbase | Qt Core | sha3 | arbitrary stream of bytes | - | https://keccak.team/archives.html | None, the upstream implementation is obsolete |
qtbase | Qt Core | tinycbor | Streaming CBOR object | - | https://github.com/intel/tinycbor | Thiago is its maintainer, so brings us updates when he makes them. |
qtbase | Qt Core | zlib | zlib compressed data | build fixes for Windows and Apple; exporting symbols; security fixes not yet released by upstream | http://zlib.net/ | Routine pre-release check of their front page, which links the latest release. |
qtbase | Qt GUI | harfbuzz-ng | fonts | - | ||
qtbase | Qt GUI | freetype | fonts | - | https://gitlab.freedesktop.org/freetype | fetch latest tar-ball, run script. Might involve manual fixing of license and build system files, depending on what changed upstream. |
qtbase | Qt GUI | libpng | PNG images | - | http://www.libpng.org/pub/png/libpng.html | |
qtbase | Qt GUI | libjpeg | JPEG images | - | https://sourceforge.net/projects/libjpeg-turbo/ | |
qtbase | Qt GUI | md4c | markdown text | Fix compiler warnings with MSVC | ||
qtbase | Qt Network | Public Suffix List | only indirectly | - | https://publicsuffix.org/list/ | Download the recent version of the list. Then follow the instructions in src/3rdparty/libpsl/README.txt to regenerate our sources.
Then bump qt_attribution.json SHA to the latest from their repo. |
qtbase | Qt SQL | sqlite | SQL database files and queries | - | https://sqlite.org | Download the latest source code amalgation package and unzip into relevant directory |
qtimageformats | Qt ImageFormats | libtiff | TIFF images | - | https://gitlab.com/libtiff/libtiff | |
qtimageformats | Qt ImageFormats | libwebp | webp images | - | https://developers.google.com/speed/webp | |
qtmultimedia | Qt Multimedia | FFmpeg | Decoding compressed audio & video | FFmpeg is provisioned in CI and used by the binary packages | ||
qtmultimedia | Qt Spatial Audio | Eigen | Processing of audio data | - | ||
qtmultimedia | Qt Spatial Audio | pffft | Processing of audio data | - | ||
qtmultimedia | Qt Spatial Audio | resonance audio | Processing of audio data | - | ||
qtquick3d | Qt Quick 3D | assimp | 3D assets | - | ||
qtquick3d | Qt Quick 3D | tinyexr | Loading EXR images | - | ||
qtquick3dphysics | Qt Quick 3D Physics | PhysX | Read/write meshes | Build fixes | https://github.com/NVIDIAGameWorks/PhysX | See src/3rdparty/PhysX/README.md |