[qtnetworkauth] add patch for CVE-2024-36048 (#39056)

Fixes #38968.

- [x] Changes comply with the [maintainer
guide](https://github.com/microsoft/vcpkg-docs/blob/main/vcpkg/contributing/maintainer-guide.md).
- [x] SHA512s are updated for each updated download.
- [x] The "supports" clause reflects platforms that may be fixed by this
new version.
- [x] Any fixed [CI
baseline](https://github.com/microsoft/vcpkg/blob/master/scripts/ci.baseline.txt)
entries are removed from that file.
- [x] Any patches that are no longer applied are deleted from the port's
directory.
- [x] The version database is fixed by rerunning `./vcpkg x-add-version
--all` and committing the result.
- [x] Only one version is added to each modified port's versions file.

Changes:
* added patch for CVE-2024-36048 to `qtnetworkauth`.

ports/qtnetworkauth/patches/CVE-2024-36048-qtnetworkauth-6.7.diff

@@ -0,0 +1,53 @@
+diff --git a/src/oauth/qabstractoauth.cpp b/src/oauth/qabstractoauth.cpp
+index a3cbea7..f98fd28 100644
+--- a/src/oauth/qabstractoauth.cpp
++++ b/src/oauth/qabstractoauth.cpp
+@@ -11,7 +11,6 @@
+ #include <QtCore/qurl.h>
+ #include <QtCore/qpair.h>
+ #include <QtCore/qstring.h>
+-#include <QtCore/qdatetime.h>
+ #include <QtCore/qurlquery.h>
+ #include <QtCore/qjsondocument.h>
+ #include <QtCore/qmessageauthenticationcode.h>
+@@ -20,6 +19,9 @@
+ #include <QtNetwork/qnetworkaccessmanager.h>
+ #include <QtNetwork/qnetworkreply.h>
+ 
++#include <QtCore/qrandom.h>
++#include <QtCore/private/qlocking_p.h>
++
+ #include <random>
+ 
+ QT_BEGIN_NAMESPACE
+@@ -273,15 +275,19 @@ void QAbstractOAuthPrivate::setStatus(QAbstractOAuth::Status newStatus)
+     }
+ }
+ 
++Q_CONSTINIT static QBasicMutex prngMutex;
++Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system()))
++
+ QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length)
+ {
+-    const char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+-    static std::mt19937 randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch());
++    constexpr char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+     std::uniform_int_distribution<int> distribution(0, sizeof(characters) - 2);
+     QByteArray data;
+     data.reserve(length);
++    auto lock = qt_unique_lock(prngMutex);
+     for (quint8 i = 0; i < length; ++i)
+-        data.append(characters[distribution(randomEngine)]);
++        data.append(characters[distribution(*prng)]);
++    lock.unlock();
+     return data;
+ }
+ 
+@@ -591,6 +597,7 @@ void QAbstractOAuth::resourceOwnerAuthorization(const QUrl &url, const QMultiMap
+ }
+ 
+ /*!
++    \threadsafe
+     Generates a random string which could be used as state or nonce.
+     The parameter \a length determines the size of the generated
+     string.

ports/qtnetworkauth/portfile.cmake

@@ -1,7 +1,10 @@
 set(SCRIPT_PATH "${CURRENT_INSTALLED_DIR}/share/qtbase")
 include("${SCRIPT_PATH}/qt_install_submodule.cmake")
 
-set(${PORT}_PATCHES)
+set(${PORT}_PATCHES 
+    # CVE fixes from https://download.qt.io/official_releases/qt/6.7/
+    patches/CVE-2024-36048-qtnetworkauth-6.7.diff # fixed in Qt 6.7.1
+)
 
 qt_install_submodule(PATCHES    ${${PORT}_PATCHES}
                      CONFIGURE_OPTIONS

ports/qtnetworkauth/vcpkg.json

@@ -1,6 +1,7 @@
 {
   "name": "qtnetworkauth",
   "version": "6.7.0",
+  "port-version": 1,
   "description": "Qt Network Authorization provides a set of APIs that enable Qt applications to obtain limited access to online accounts and HTTP services without exposing users' passwords.",
   "homepage": "https://www.qt.io/",
   "license": null,

versions/baseline.json

@@ -7402,7 +7402,7 @@
     },
     "qtnetworkauth": {
       "baseline": "6.7.0",
-      "port-version": 0
+      "port-version": 1
     },
     "qtopcua": {
       "baseline": "6.7.0",

versions/q-/qtnetworkauth.json

@@ -1,5 +1,10 @@
 {
   "versions": [
+    {
+      "git-tree": "1dd3e35ef8221a6e7fa7bafeab299e5fe70beed0",
+      "version": "6.7.0",
+      "port-version": 1
+    },
     {
       "git-tree": "d236629382d95c0e6916d99d736676624b7590fa",
       "version": "6.7.0",