Extern: Update TinyGLTF to include fix for CVE-2022-3008
The use of wordexp(3) permits arbitrary code execution from manually-crafted
glTF files. See https://github.com/syoyo/tinygltf/issues/368 for more details.
In practice this shouldn't be an issue for Blender since the GlTF data isn't
manually crafted but from the OpenXR runtime (a bit like a driver). But
updating the library to include the fix is not a big deal anyway.
Note that the warning that required the local modification is no longer present upstream since
0bfcb4f49e
Pull Request: blender/blender#105536
This commit is contained in:
5
extern/tinygltf/README.blender
vendored
5
extern/tinygltf/README.blender
vendored
@@ -1,6 +1,5 @@
|
|||||||
Project: TinyGLTF
|
Project: TinyGLTF
|
||||||
URL: https://github.com/syoyo/tinygltf
|
URL: https://github.com/syoyo/tinygltf
|
||||||
License: MIT
|
License: MIT
|
||||||
Upstream version: 2.5.0, 19a41d20ec0
|
Upstream version: 2.8.3, 84a83d39f55d
|
||||||
Local modifications:
|
Local modifications: None
|
||||||
* Silence "enum value not handled in switch" warnings due to JSON dependency.
|
|
||||||
|
|||||||
BIN
extern/tinygltf/patches/TinyGLTF.diff
vendored
BIN
extern/tinygltf/patches/TinyGLTF.diff
vendored
Binary file not shown.
2085
extern/tinygltf/tiny_gltf.h
vendored
2085
extern/tinygltf/tiny_gltf.h
vendored
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user