Third Party Code in Qt

From Qt Wiki
Revision as of 09:35, 9 March 2023 by Manordheim (talk | contribs)
Jump to navigation Jump to search

This page provides security- and maintenance-relevant information for the 3rd party code in Qt. For a complete list of 3rd party modules, including the currently included version, see the documentation page with the list of licenses used in Qt.

repository Qt module 3rdparty module processed untrusted content patches upstream upgrade process
qtbase Qt Core pcre2 regular expressions - http://www.pcre.org/ Routine pre-release checks of their release page on GitHub. Their front-page is lagging a little behind at time of writing.
qtbase Qt Core sha1 arbitrary stream of bytes - https://www.dominik-reichl.de/projects/csha1/ Replace the .cpp file with the new version from upstream
qtbase Qt Core sha{224,256,384,512} arbitrary stream of bytes - https://www.rfc-editor.org/rfc/rfc6234#section-8 None, maybe look at errata or CVEs
qtbase Qt Core sha3 arbitrary stream of bytes - https://keccak.team/archives.html None, the upstream implementation is obsolete. Look for CVEs
qtbase Qt Core tinycbor Streaming CBOR object - https://github.com/intel/tinycbor Thiago is its maintainer, so brings us updates when he makes them.
qtbase Qt Core zlib zlib compressed data build fixes for Windows and Apple; exporting symbols; security fixes not yet released by upstream http://zlib.net/ Routine pre-release check of their front page, which links the latest release.
qtbase Qt GUI harfbuzz-ng fonts -
qtbase Qt GUI freetype fonts - https://gitlab.freedesktop.org/freetype fetch latest tar-ball, run script. Might involve manual fixing of license and build system files, depending on what changed upstream.
qtbase Qt GUI libpng PNG images - http://www.libpng.org/pub/png/libpng.html
qtbase Qt GUI libjpeg JPEG images - https://sourceforge.net/projects/libjpeg-turbo/
qtbase Qt GUI md4c markdown text Fix compiler warnings with MSVC
qtbase Qt Network Public Suffix List only indirectly - https://publicsuffix.org/list/

https://github.com/publicsuffix/list

Download the recent version of the list. Then follow the instructions in src/3rdparty/libpsl/README.txt to regenerate our sources.

Then bump qt_attribution.json SHA to the latest from their repo.

qtbase Qt SQL sqlite SQL database files and queries - https://sqlite.org Download the latest source code amalgation package and unzip into relevant directory
qtimageformats Qt ImageFormats libtiff TIFF images - https://gitlab.com/libtiff/libtiff
qtimageformats Qt ImageFormats libwebp webp images - https://developers.google.com/speed/webp
qtmultimedia Qt Multimedia FFmpeg Decoding compressed audio & video FFmpeg is provisioned in CI and used by the binary packages
qtmultimedia Qt Spatial Audio Eigen Processing of audio data -
qtmultimedia Qt Spatial Audio pffft Processing of audio data -
qtmultimedia Qt Spatial Audio resonance audio Processing of audio data -
qtquick3d Qt Quick 3D assimp 3D assets -
qtquick3d Qt Quick 3D tinyexr Loading EXR images -
qtquick3dphysics Qt Quick 3D Physics PhysX Read/write meshes Build fixes https://github.com/NVIDIAGameWorks/PhysX See src/3rdparty/PhysX/README.md