Highlight third-party modules that are security critical

Mark any modules listed as 'processing untrusted content' in https://wiki.qt.io/Third_Party_Code_in_Qt also in the qt_attribution.json files. For reasoning, see also https://lists.qt-project.org/pipermail/development/2023-February/043667.html Pick-to: 6.5 Change-Id: Id547d4f7e77dac8c7e8e382e65169e7bd0330fcf Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
author: Kai Köhne <kai.koehne@qt.io> 2023-03-06 12:32:24 +0100
committer: Kai Köhne <kai.koehne@qt.io> 2023-03-31 02:10:53 +0100
commit: 1ba89e35bd2f10524441c1449d476ba1952c3ace (patch)
tree: a02a986bb23a285b0e670cadbb2998dba6aba664 /src/3rdparty/harfbuzz-ng/qt_attribution.json
parent: 7350088ab7ef55f51325fc6a48320a1cdc87bd28 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/3rdparty/harfbuzz-ng/qt_attribution.json b/src/3rdparty/harfbuzz-ng/qt_attribution.json
index 1779409e3b..f7aa46c34f 100644
--- a/src/3rdparty/harfbuzz-ng/qt_attribution.json
+++ b/src/3rdparty/harfbuzz-ng/qt_attribution.json
@@ -3,10 +3,12 @@
     "Name": "HarfBuzz-NG",
     "QDocModule": "qtgui",
     "QtUsage": "Optionally used in Qt GUI. Configure with -system-harfbuzz to force the use of the system library, or -qt-harfbuzz to link statically to the library that is bundled with your Qt version.",
+    "SecurityCritical": true,
 
     "Description": "HarfBuzz is an OpenType text shaping engine.",
     "Homepage": "http://harfbuzz.org",
     "Version": "7.0.1",
+    "DownloadLocation": "https://github.com/harfbuzz/harfbuzz/releases/tag/7.1.0",
 
     "License": "MIT License",
     "LicenseId": "MIT",
author	Kai Köhne <kai.koehne@qt.io>	2023-03-06 12:32:24 +0100
committer	Kai Köhne <kai.koehne@qt.io>	2023-03-31 02:10:53 +0100
commit	1ba89e35bd2f10524441c1449d476ba1952c3ace (patch)
tree	a02a986bb23a285b0e670cadbb2998dba6aba664 /src/3rdparty/harfbuzz-ng/qt_attribution.json
parent	7350088ab7ef55f51325fc6a48320a1cdc87bd28 (diff)