diff --git a/build_files/build_environment/cmake/cve_check.csv.in b/build_files/build_environment/cmake/cve_check.csv.in index fd59eb111e2..6210e657c2d 100644 --- a/build_files/build_environment/cmake/cve_check.csv.in +++ b/build_files/build_environment/cmake/cve_check.csv.in @@ -25,9 +25,14 @@ vendor,product,version,cve_number,remarks,comment @TIFF_ID@,CVE-2022-3599,Ignored,issue in tiff command line tool not used by blender @TIFF_ID@,CVE-2022-3626,Ignored,issue in tiff command line tool not used by blender @TIFF_ID@,CVE-2022-3627,Ignored,issue in tiff command line tool not used by blender +@TIFF_ID@,CVE-2023-40745,Ignored,issue in tiff command line tool not used by blender +@TIFF_ID@,CVE-2023-41175,Ignored,issue in tiff command line tool not used by blender @XML2_ID@,CVE-2016-3709,Ignored,not affecting blender and not considered a security issue upstream @XML2_ID@,CVE-2023-39615,Ignored,not affecting blender and not considered a security issue upstream @XML2_ID@,CVE-2020-7595,Ignored,already fixed in the libxml2 version used @GMP_ID@,CVE-2021-43618,Mitigated,patched using upstream commit 561a9c25298e @SQLITE_ID@,CVE-2022-35737,Ignored,only affects SQLITE_ENABLE_STAT4 compile option not used by blender or python +@SQLITE_ID@,CVE-2023-7104,Ignored,does not affect blender use of sqlite +@SQLITE_ID@,CVE-2024-0232,Ignored,does not affect blender use of sqlite +@ZLIB_ID@,CVE-2023-45853,Ignored,only affects minizip not used by blender @SBOMCONTENTS@ diff --git a/build_files/build_environment/cmake/versions.cmake b/build_files/build_environment/cmake/versions.cmake index 378496d3def..4379a0d228f 100644 --- a/build_files/build_environment/cmake/versions.cmake +++ b/build_files/build_environment/cmake/versions.cmake @@ -56,7 +56,7 @@ set(BLOSC_URI https://github.com/Blosc/c-blosc/archive/v${BLOSC_VERSION}.tar.gz) set(BLOSC_HASH 134b55813b1dca57019d2a2dc1f7a923) set(BLOSC_HASH_TYPE MD5) set(BLOSC_FILE blosc-${BLOSC_VERSION}.tar.gz) -set(BLOSC_CPE "cpe:2.3:a:c-blosc2_project:c-blosc2:${BLOSC_VERSION}:*:*:*:*:*:*:*") +set(BLOSC_CPE "cpe:2.3:a:c-blosc_project:c-blosc:${BLOSC_VERSION}:*:*:*:*:*:*:*") set(PTHREADS_VERSION 3.0.0) set(PTHREADS_URI http://prdownloads.sourceforge.net/pthreads4w/pthreads4w-code-v${PTHREADS_VERSION}.zip) @@ -218,11 +218,11 @@ set(OSL_FILE OpenShadingLanguage-${OSL_VERSION}.tar.gz) # BZIP2, FFI, SQLITE and change the versions in this file as well. For compliance # reasons there can be no exceptions to this. -set(PYTHON_VERSION 3.11.6) +set(PYTHON_VERSION 3.11.7) set(PYTHON_SHORT_VERSION 3.11) set(PYTHON_SHORT_VERSION_NO_DOTS 311) set(PYTHON_URI https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tar.xz) -set(PYTHON_HASH d0c5a1a31efe879723e51addf56dd206) +set(PYTHON_HASH d96c7e134c35a8c46236f8a0e566b69c) set(PYTHON_HASH_TYPE MD5) set(PYTHON_FILE Python-${PYTHON_VERSION}.tar.xz) set(PYTHON_CPE "cpe:2.3:a:python:python:${PYTHON_VERSION}:-:*:*:*:*:*:*") @@ -318,9 +318,9 @@ set(FLAC_FILE flac-${FLAC_VERSION}.tar.xz) set(FLAC_CPE "cpe:2.3:a:flac_project:flac:${FLAC_VERSION}:*:*:*:*:*:*:*") set(FLAC_HOMEPAGE https://xiph.org/flac/) -set(VPX_VERSION 1.11.0) +set(VPX_VERSION 1.14.0) set(VPX_URI https://github.com/webmproject/libvpx/archive/v${VPX_VERSION}/libvpx-v${VPX_VERSION}.tar.gz) -set(VPX_HASH 965e51c91ad9851e2337aebcc0f517440c637c506f3a03948062e3d5ea129a83) +set(VPX_HASH 5f21d2db27071c8a46f1725928a10227ae45c5cd1cad3727e4aafbe476e321fa) set(VPX_HASH_TYPE SHA256) set(VPX_FILE libvpx-v${VPX_VERSION}.tar.gz) set(VPX_CPE "cpe:2.3:a:webmproject:libvpx:${VPX_VERSION}:*:*:*:*:*:*:*") @@ -347,9 +347,9 @@ set(OPENJPEG_HASH_TYPE SHA256) set(OPENJPEG_FILE openjpeg-v${OPENJPEG_VERSION}.tar.gz) set(OPENJPEG_CPE "cpe:2.3:a:uclouvain:openjpeg:${OPENJPEG_VERSION}:*:*:*:*:*:*:*") -set(FFMPEG_VERSION 6.0) +set(FFMPEG_VERSION 6.1.1) set(FFMPEG_URI http://ffmpeg.org/releases/ffmpeg-${FFMPEG_VERSION}.tar.bz2) -set(FFMPEG_HASH 47d062731c9f66a78380e35a19aac77cebceccd1c7cc309b9c82343ffc430c3d) +set(FFMPEG_HASH 5e3133939a61ef64ac9b47ffd29a5ea6e337a4023ef0ad972094b4da844e3a20) set(FFMPEG_HASH_TYPE SHA256) set(FFMPEG_FILE ffmpeg-${FFMPEG_VERSION}.tar.bz2) set(FFMPEG_CPE "cpe:2.3:a:ffmpeg:ffmpeg:${FFMPEG_VERSION}:*:*:*:*:*:*:*") @@ -479,9 +479,9 @@ set(LZMA_FILE xz-${LZMA_VERSION}.tar.bz2) set(LZMA_HOMEPAGE https://tukaani.org/lzma/) # NOTE: Python's build has been modified to use our ssl version. -set(SSL_VERSION 3.1.2) +set(SSL_VERSION 3.1.5) set(SSL_URI https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz) -set(SSL_HASH a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539) +set(SSL_HASH 6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262) set(SSL_HASH_TYPE SHA256) set(SSL_FILE openssl-${SSL_VERSION}.tar.gz) set(SSL_CPE "cpe:2.3:a:openssl:openssl:${SSL_VERSION}:*:*:*:*:*:*:*") @@ -490,9 +490,9 @@ set(SSL_HOMEPAGE https://www.openssl.org) # Note: This will *HAVE* to match the version python ships on windows which # is hardcoded in pythons PCbuild/get_externals.bat for compliance reasons there # can be no exceptions to this. -set(SQLITE_VERSION 3.42.0) -set(SQLLITE_LONG_VERSION 3420000) -set(SQLITE_URI https://www.sqlite.org/2023/sqlite-autoconf-${SQLLITE_LONG_VERSION}.tar.gz) +set(SQLITE_VERSION 3.45.1) +set(SQLLITE_LONG_VERSION 3450100) +set(SQLITE_URI https://www.sqlite.org/2024/sqlite-autoconf-${SQLLITE_LONG_VERSION}.tar.gz) set(SQLITE_HASH 036575929b174c1b829769255491ba2b32bda9ee) set(SQLITE_HASH_TYPE SHA1) set(SQLITE_FILE sqlite-autoconf-${SQLLITE_LONG_VERSION}.tar.gz)