feather/contrib/depends/patches/qt/CVE-2023-32762-qtbase-6.5.diff

--- a/src/network/access/qhsts.cpp
+++ b/src/network/access/qhsts.cpp
@@ -327,8 +327,8 @@ quoted-pair    = "\" CHAR
 bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
 {
     for (const auto &h : headers) {
-        // We use '==' since header name was already 'trimmed' for us:
-        if (h.first == "Strict-Transport-Security") {
+        // We compare directly because header name was already 'trimmed' for us:
+        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
             header = h.second;
             // RFC6797, 8.1:
             //
Revert "depends: update qt to 6.5.1" This reverts commit 120add421e8736c58f9a12f7b0461587d4dfef64. 2023-05-24 16:03:00 +00:00			`--- a/src/network/access/qhsts.cpp`
			`+++ b/src/network/access/qhsts.cpp`
			`@@ -327,8 +327,8 @@ quoted-pair = "\" CHAR`
			`bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)`
			`{`
			`for (const auto &h : headers) {`
			`- // We use '==' since header name was already 'trimmed' for us:`
			`- if (h.first == "Strict-Transport-Security") {`
			`+ // We compare directly because header name was already 'trimmed' for us:`
			`+ if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {`
			`header = h.second;`
			`// RFC6797, 8.1:`
			`//`