Build: update 3.3 libraries to address CVEs #112530

Merged
Brecht Van Lommel merged 5 commits from brecht/blender:fix-cves-3.3 into blender-v3.3-release 2023-10-09 15:49:16 +02:00

5 Commits

Author SHA1 Message Date
d4d21e339d Fix USD hash for renamed repo 2023-10-09 15:48:11 +02:00
1ee103a1ff CMake: Update platform_win32.cmake with webp 1.3 support
All checks were successful
buildbot/vexp-code-patch-coordinator Build done.
WebP 1.3 changed the library filenames to include a lib prefix and
added an additional library.
2023-09-28 15:28:46 +02:00
bb0f3ece3c deps_builder: Fix missing Webp support in OIIO build on windows
webp 1.3 changed the filenames on windows to include a `lib` prefix
(ie libwebp.lib rather than webp.lib) now this is a common thing
on linux and cmake has a `CMAKE_FIND_LIBRARY_PREFIXES` variable that
has a list of prefixes to look for during a `find_library` call.

`CMAKE_FIND_LIBRARY_PREFIXES` gets set during the call to the
`project` method in the main CMakeLists of a project. Now for windows
`lib` is *not* a common prefix by CMake, and it doesn't add "lib" to
CMAKE_FIND_LIBRARY_PREFIXES during that call.

so find library doesn't look for it, the libs are not found and an
unhappy time is had by all. Now the most obvious solution would be to
pass `-DCMAKE_FIND_LIBRARY_PREFIXES=lib` to CMake to sidestep this
however, the `project` call will set the variable overwriting
anything you passed through the CLI.

So the fix here is to have `find_library` counter-intuitively look
for both `libwebp` and `webp`
2023-09-28 15:27:46 +02:00
783bf99909 deps_builder: OIIO validate deps at configure time
The last webp update changed the filenames of the webp libraries
on windows causing oiio not to find them and oiio silently build
without webp support, which only came to light after all of
blender was build and a test failed.

This change makes the OIIO validate and error out if certain
dependencies are not found at configure time so these mistakes
are caught early.
2023-09-28 15:27:40 +02:00
42b87d7ff3 Build: update 3.3 libraries to address CVEs
And ignore a few CVEs that do not affect Blender.

ffmpeg 6.0.0
libxml2 2.10.4
openssl 3.1.2
python 3.10.13 (with changes to use our own ssl)
sndfile 1.2.2
tiff 4.5.1
webp 1.3.2
2023-09-18 15:52:09 +02:00