<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">> On 19 Aug 2022, at 16:28, Albert Astals Cid <aacid@kde.org> wrote:<br>
> In case you don't understand what i am speaking about, i mean the Qt 5.15 patch corresponding to
<br>
> <a href="https://code.qt.io/cgit/qt/qtbase.git/commit/src/3rdparty/freetype?id=cfa631e0fb5d78aac80cb580eb092fafa1cd9a8f">
https://code.qt.io/cgit/qt/qtbase.git/commit/src/3rdparty/freetype?id=cfa631e0fb5d78aac80cb580eb092fafa1cd9a8f</a><br>
> which you didn't mark as Pick-to: 5.15 but from reading the CVE-2022-27404-27405-27406-qtbase-5.15.diff patch it's clear you did.<br>
<br>
<br>
There is no patch that upgrades the freetype version 2.10.1 that is bundled with Qt 5.15.5 to freetype 2.12.1.<br>
<br>
Someone has to sit down and cherry-pick <a href="https://codereview.qt-project.org/c/qt/qtbase/+/422316">
https://codereview.qt-project.org/c/qt/qtbase/+/422316</a> down to the publicly available Qt 5.15 branch. This can perhaps skip over the intermediate upgrade to freetype 2.10.4. I’ve attached Liang's patch that upgraded freetype from 2.10.1 to 2.10.4 in the
 Qt 5.15 branch, so whoever wants to pick this up can see if that helps with creating a consolidated patch.<br>
<br>
I assume that the Qt5 patch collection infrastructure that the KDE community maintains is exactly designed for making such a consolidated patch available and rebasing it e.g. 5.15.6 when that becomes available.<br>
<br>
Chances are that I simply didn’t understand that you have basically been asking and waiting for the 5.15 version of cfa631e0fb5d78aac80cb580eb092fafa1cd9a8f. Apologies if that signal got lost in the duststorm of this email thread.<br>
<br>
Volker<br>
<br>
</div>
</span></font></div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText"><br>
<br>
</div>
</span></font></div>
</body>
</html>