Ray molenkamp
21deba56aa
THis is bumping dependencies to fix known CVEs, with the exception of OpenImageIO which also includes bugfixes for performance and correctness with some image types. zlib 1.2.12 -> 1.2.13 freetype 2.11.1 -> 2.12.1 openimageio 2.3.13.0 -> 2.3.20.0 python 3.10.2 -> 3.10.8 openjpeg 2.4.0 -> 2.5.0 ffmpeg 5.0 -> 5.1.2 sndfile 1.0.28 -> 1.1.0 xml2 2.9.10 -> 2.10.3 expat 2.4.4 -> 2.4.9 openssl 1.1.1g/i -> 1.1.1q sqlite 3.31.1 -> 3.37.2 Notable changes: * AOM: the hack we had in place to make it not detect pthreads on windows no longer worked with a more recent cmake version. Disabled pthreads with a diff on Windows. * Python: embedded copy of zlib 2.1.12 swapped out for our 2.1.13 copy with some folder manipulation on Windows. * Freetype: was harbouring a copy of zlib 2.1.12 as well, so that had to end. * FFmpeg: patch used to fix D11796 is no longer needed. Add new patch to deal with simple_idct.asm generating an object file with no sections in it, backport from upstream commit. * TinyXML: still being downloaded but no longer used by OpenColorIO, removed. * GMP applied upstream patch to fix CVE-2021-43618, as there is no release yet. * SQLite and Libsndfile patches no longer needed. Includes contributes by Ray Molenkamp, Campbell Barton and Brecht Van Lommel. Ref T101403 Differential Revision: https://developer.blender.org/D16269
16 lines
421 B
Diff
16 lines
421 B
Diff
--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
|
|
+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
|
|
@@ -88,8 +88,11 @@
|
|
|
|
abs_csize = ABS (csize);
|
|
|
|
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
|
|
+ return 0; /* Bit size overflows */
|
|
+
|
|
/* round up to a multiple of limbs */
|
|
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
|
|
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
|
|
|
|
if (abs_xsize != 0)
|
|
{
|