1 files changed, 61 insertions, 0 deletions

diff --git a/vcpkg/ports/qt5-base/patches/CVE-2025-4211-qtbase-5.15.diff b/vcpkg/ports/qt5-base/patches/CVE-2025-4211-qtbase-5.15.diff
new file mode 100644
index 0000000..1437f33
--- /dev/null
+++ b/vcpkg/ports/qt5-base/patches/CVE-2025-4211-qtbase-5.15.diff
@@ -0,0 +1,61 @@
+From 3d20cd0105c2ae06605c5078e7675e200f1a001a Mon Sep 17 00:00:00 2001
+From: Mårten Nordheim <marten.nordheim@qt.io>
+Date: Mon, 17 Mar 2025 14:22:11 +0100
+Subject: [PATCH] QFileSystemEngine/Win: Use GetTempPath2 when available
+
+Because the documentation for GetTempPath nows says apps should call
+GetTempPath2.[0]
+
+Starting with Windows 11[1], and recently Windows 10[2],
+GetTempPath2 was added. The difference being that elevated
+processes are returned a different directory. Usually
+'C:\Windows\SystemTemp'.
+
+Currently temporary files of an elevated process may be placed in a
+world write-able location. GetTempPath2, by default, but can be
+overridden, places it in a directory that's only accessible by SYSTEM
+and administrators.
+
+[0] https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-gettemppathw#remarks
+[1] https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-gettemppath2w
+(Minimum supported client - Windows 11 Build 22000)
+[2] https://blogs.windows.com/windows-insider/2025/03/13/releasing-windows-10-build-19045-5674-to-the-release-preview-channel/
+(This update enables system processes to store temporary files ...)
+
+[ChangeLog][QtCore][Important Behavior Changes] On
+Windows, generating temporary directories for processes with elevated
+privileges may now return a different path with a stricter
+set of permissions. Please consult Microsoft's documentation from when
+they made the same change for the .NET framework:
+https://support.microsoft.com/en-us/topic/gettemppath-changes-in-windows-february-cumulative-update-preview-4cc631fb-9d97-4118-ab6d-f643cd0a7259
+
+Change-Id: I5caf11151fb2f711bbc5599231f140598b3c9d03
+Reviewed-by: Marc Mutz <marc.mutz@qt.io>
+(cherry picked from commit 69633bcb58e681bac5bff3744e5a2352788dc36c)
+Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
+(cherry picked from commit 6a684a53b371ec483b27bf243af24819be63f85f)
+(cherry picked from commit bbeccc0c22e520f46f0b33e281fa5ac85ac9c727)
+(cherry picked from commit 59d7eb9bbb4f13cccbd9323fd995a8c108b56e60)
+---
+
+diff --git a/src/corelib/io/qfilesystemengine_win.cpp b/src/corelib/io/qfilesystemengine_win.cpp
+index 75c661f..37a400f 100644
+--- a/src/corelib/io/qfilesystemengine_win.cpp
++++ b/src/corelib/io/qfilesystemengine_win.cpp
+@@ -1390,7 +1390,15 @@
+     QString ret;
+ #ifndef Q_OS_WINRT
+     wchar_t tempPath[MAX_PATH];
+-    const DWORD len = GetTempPath(MAX_PATH, tempPath);
++    using GetTempPathPrototype = DWORD (WINAPI *)(DWORD, LPWSTR);
++    // We try to resolve GetTempPath2 and use that, otherwise fall back to GetTempPath:
++    static GetTempPathPrototype getTempPathW = []() {
++        const HMODULE kernel32 = GetModuleHandleW(L"kernel32.dll");
++        if (auto *func = QFunctionPointer(GetProcAddress(kernel32, "GetTempPath2W")))
++            return GetTempPathPrototype(func);
++        return GetTempPath;
++    }();
++    const DWORD len = getTempPathW(MAX_PATH, tempPath);
+     if (len) { // GetTempPath() can return short names, expand.
+         wchar_t longTempPath[MAX_PATH];
+         const DWORD longLen = GetLongPathName(tempPath, longTempPath, MAX_PATH);