qt6-6.8.0

[Bruce Dubbs]

New minor version.

[thomas]

​https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.8.0/release-note.md

...

Important Changes

Security fixes

• CVE-2024-39936 in qtbase
• CVE-2024-36048 in qtnetworkauth
• CVE-2024-33861 in qtbase
• CVE-2024-30161 in qtbase
• CVE-2024-25580 in qtbase
• CVE-2023-51714 in qtbase

qtbase

...

[thomas]

had to remove the -Wno-dev option (configure failed with Illegal option)

/home/thomas/qt-everywhere-src-6.8.0/qtbase/configure -top-level -prefix /opt/qt6 -sysconfdir /etc/xdg -dbus-linked -openssl-linked -system-sqlite -nomake examples -no-rpath -syslog -skip qt3d -skip qtquick3dphysics -skip qtwebengine -no-feature-clang -W no-dev
CMake Error at qtbase/cmake/QtProcessConfigureArgs.cmake:373 (message):
  Unknown command line option '-W'.
Call Stack (most recent call first):
  qtbase/cmake/QtProcessConfigureArgs.cmake:777 (qtConfAddError)


CMake Error at cmake/QtIRProcessHelpers.cmake:173 (message):
  /home/thomas/qt-everywhere-src-6.8.0/qtbase/configure -top-level -prefix
  /opt/qt6 -sysconfdir /etc/xdg -dbus-linked -openssl-linked -system-sqlite
  -nomake examples -no-rpath -syslog -skip qt3d -skip qtquick3dphysics -skip
  qtwebengine -no-feature-clang -W no-dev exited with status: 1

Call Stack (most recent call first):
  cmake/QtTopLevelHelpers.cmake:35 (qt_ir_execute_process_and_log_and_handle_error)
  cmake/QtTopLevelHelpers.cmake:57 (qt_tl_run_toplevel_configure)
  cmake/QtTopLevelConfigureScript.cmake:17 (qt_tl_run_main_script)

but cmake's configure output still mentions -Wno-dev to suppress some messages.

[martyj19]

I didn't have any problem with -Wno-dev. I notice in your output that there is a space between -W and no-dev and maybe that is the issue.

[Xi Ruoyao]

The book has a space between -W and no-dev. That's completely deliberate for styling consistency.

[Xi Ruoyao]

The problem is if -W no-dev is really supported by CMake. In cmake --help the examples for -D and -G has a space, but -Wno-dev does not.

Another problem is if we should really keep -Wno-dev (with or without the space) in the book. We are not silencing the compiler warnings so why must the CMake warnings have to be silenced explicitly?

[Bruce Dubbs]

We've seen the issue of spaces come up before. Typically the shell interprets spaces as separating entries so -wno-dev is one and -w no-dev is two. These are passed to the applications in an array, argv[]. It's up to the application to manage variations such as -Done, -D two, including -Dx=three and -D x=four.

The typical application uses getopt (man getopt) to parse the input command line. This generally takes care of the issue of one or two command line entries and does the right thing. If the application does something custom, then the space can become significant.

Whether we should remove -Wno-dev completely is a different issue. We need to compare the output with and without that option to decide.

[Douglas R. Reno]

Replying to thomas:

​https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.8.0/release-note.md

...

Important Changes

Security fixes

• CVE-2024-39936 in qtbase
• CVE-2024-36048 in qtnetworkauth
• CVE-2024-33861 in qtbase
• CVE-2024-30161 in qtbase
• CVE-2024-25580 in qtbase
• CVE-2023-51714 in qtbase

qtbase

...

We've got the security fixes listed here in point releases of Qt6 already :)

[Bruce Dubbs]

Updated at commits

52b457186b Update to qt-everywhere-src-6.8.0 (Security Update).
9192fec80c Update to qtwebengine-6.8.0 (Security Update).

Holding open for security advisories.

[Douglas R. Reno]

This one does not need a security advisory as the issues were already fixed in 6.7.3. QtWebEngine does though