From 46fa217d01b3bb0d433196ae0b03aa997514071d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kai=20K=C3=B6hne?= <kai.koehne@qt.io>
Date: Fri, 3 Mar 2023 14:19:33 +0100
Subject: Highlight third-party modules that are security critical

Mark any modules listed as 'processing untrusted content' in
https://wiki.qt.io/Third_Party_Code_in_Qt also in the
qt_attribution.json files.

For reasoning, see also

https://lists.qt-project.org/pipermail/development/2023-February/043667.html

Pick-to: 6.5
Change-Id: I1fe9b7e9e7f49db86f8289fbd87813ed4049377e
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
---
 src/3rdparty/libtiff/qt_attribution.json | 3 +++
 src/3rdparty/libwebp/qt_attribution.json | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'src')

diff --git a/src/3rdparty/libtiff/qt_attribution.json b/src/3rdparty/libtiff/qt_attribution.json
index 7787e89..822b239 100644
--- a/src/3rdparty/libtiff/qt_attribution.json
+++ b/src/3rdparty/libtiff/qt_attribution.json
@@ -3,10 +3,13 @@
     "Name": "TIFF Software Distribution (libtiff)",
     "QDocModule": "qtimageformats",
     "QtUsage": "Used in the qtiff image plugin if no system libtiff is found.",
+    "SecurityCritical": true,
 
     "Description": "",
     "Homepage": "http://www.simplesystems.org/libtiff/",
     "Version": "4.5.0",
+    "DownloadLocation": "https://download.osgeo.org/libtiff/tiff-4.5.0.tar.gz",
+
     "License": "libtiff License",
     "LicenseId": "libtiff",
     "LicenseFile": "COPYRIGHT",
diff --git a/src/3rdparty/libwebp/qt_attribution.json b/src/3rdparty/libwebp/qt_attribution.json
index 258f7ff..d5e8985 100644
--- a/src/3rdparty/libwebp/qt_attribution.json
+++ b/src/3rdparty/libwebp/qt_attribution.json
@@ -3,10 +3,13 @@
     "Name": "WebP (libwebp)",
     "QDocModule": "qtimageformats",
     "QtUsage": "Used in the qwebp image plugin if no system libwebp is found.",
+    "SecurityCritical": true,
 
     "Description": "WebP is a new image format that provides lossless and lossy compression for images on the web.",
     "Homepage": "https://developers.google.com/speed/webp/",
     "Version": "1.3.0",
+    "DownloadLocation": "https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.3.0.tar.gz",
+
     "License": "BSD 3-clause \"New\" or \"Revised\" License",
     "LicenseId": "BSD-3-Clause",
     "LicenseFile": "COPYING",
-- 
cgit v1.2.1