diff options
| author | Kai Köhne <kai.koehne@qt.io> | 2023-03-03 14:19:33 +0100 |
|---|---|---|
| committer | Kai Köhne <kai.koehne@qt.io> | 2023-05-03 10:55:24 +0100 |
| commit | 46fa217d01b3bb0d433196ae0b03aa997514071d (patch) | |
| tree | 92931fb970ed46d3e5ec2712963434676e524cf1 | |
| parent | bc62ab9f2e170fce9d3b9628939ccabbac65fb99 (diff) | |
| download | qtimageformats-46fa217d01b3bb0d433196ae0b03aa997514071d.tar.gz | |
Highlight third-party modules that are security critical
Mark any modules listed as 'processing untrusted content' in
https://wiki.qt.io/Third_Party_Code_in_Qt also in the
qt_attribution.json files.
For reasoning, see also
https://lists.qt-project.org/pipermail/development/2023-February/043667.html
Pick-to: 6.5
Change-Id: I1fe9b7e9e7f49db86f8289fbd87813ed4049377e
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
| -rw-r--r-- | src/3rdparty/libtiff/qt_attribution.json | 3 | ||||
| -rw-r--r-- | src/3rdparty/libwebp/qt_attribution.json | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/3rdparty/libtiff/qt_attribution.json b/src/3rdparty/libtiff/qt_attribution.json index 7787e89..822b239 100644 --- a/src/3rdparty/libtiff/qt_attribution.json +++ b/src/3rdparty/libtiff/qt_attribution.json @@ -3,10 +3,13 @@ "Name": "TIFF Software Distribution (libtiff)", "QDocModule": "qtimageformats", "QtUsage": "Used in the qtiff image plugin if no system libtiff is found.", + "SecurityCritical": true, "Description": "", "Homepage": "http://www.simplesystems.org/libtiff/", "Version": "4.5.0", + "DownloadLocation": "https://download.osgeo.org/libtiff/tiff-4.5.0.tar.gz", + "License": "libtiff License", "LicenseId": "libtiff", "LicenseFile": "COPYRIGHT", diff --git a/src/3rdparty/libwebp/qt_attribution.json b/src/3rdparty/libwebp/qt_attribution.json index 258f7ff..d5e8985 100644 --- a/src/3rdparty/libwebp/qt_attribution.json +++ b/src/3rdparty/libwebp/qt_attribution.json @@ -3,10 +3,13 @@ "Name": "WebP (libwebp)", "QDocModule": "qtimageformats", "QtUsage": "Used in the qwebp image plugin if no system libwebp is found.", + "SecurityCritical": true, "Description": "WebP is a new image format that provides lossless and lossy compression for images on the web.", "Homepage": "https://developers.google.com/speed/webp/", "Version": "1.3.0", + "DownloadLocation": "https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.3.0.tar.gz", + "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseId": "BSD-3-Clause", "LicenseFile": "COPYING", |