blender
/
blender
136
406
Fork 589
Code Issues 6.3k Pull Requests 765 Projects 19 Wiki Activity

Build: mark remaining CVEs reported by cve_check as mitigated or ignored 

After the last library update cve_check still reported some false positives.
One GMP issues was mitigated with a patch in the library update. The others
are ignored, with a description explaining why they do not affect Blender.

Ref D16269, T101403
This commit is contained in:
Brecht Van Lommel 2022-10-20 13:26:47 +02:00
parent 2fb0640740
commit da0d699d92
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
build_files/build_environment/cmake/cve_check.cmake
View File

@ -27,10 +27,12 @@ get_cmake_property(_variableNames VARIABLES)
foreach (_variableName ${_variableNames})
if(_variableName MATCHES "CPE$")
string(REPLACE ":" ";" CPE_LIST ${${_variableName}})
string(REPLACE "_CPE" "_ID" CPE_DEPNAME ${_variableName})
list(GET CPE_LIST 3 CPE_VENDOR)
list(GET CPE_LIST 4 CPE_NAME)
list(GET CPE_LIST 5 CPE_VERSION)
set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}\n")
set(${CPE_DEPNAME} "${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}")
set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION},,,\n")
endif()
endforeach()
configure_file(${CMAKE_SOURCE_DIR}/cmake/cve_check.csv.in ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv @ONLY)

23
build_files/build_environment/cmake/cve_check.csv.in
View File

@ -1,2 +1,23 @@
vendor,product,version
vendor,product,version,cve_number,remarks,comment
@OPENJPEG_ID@,CVE-2016-9675,Ignored,issue in convert command line tool not used by blender
@PYTHON_ID@,CVE-2009-2940,Ignored,issue in pygresql not used by blender
@PYTHON_ID@,CVE-2020-29396,Ignored,issue in odoo not used by blender
@PYTHON_ID@,CVE-2021-32052,Ignored,issue in django not used by blender
@PYTHON_ID@,CVE-2009-3720,Ignored,already fixed in libexpat version used
@SSL_ID@,CVE-2009-1390,Ignored,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3765,Ignored,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3766,Ignored,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3767,Ignored,issue in ldap not used by blender
@SSL_ID@,CVE-2019-0190,Ignored,issue in apache not used by blender
@TIFF_ID@,CVE-2022-2056,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2057,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2058,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2519,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2520,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2521,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2953,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-34526,Ignored,issue in tiff command line tool not used by blender
@XML2_ID@,CVE-2016-3709,Ignored,not affecting blender and not considered a security issue upstream
@GMP_ID@,CVE-2021-43618,Mitigated,patched using upstream commit 561a9c25298e
@SQLITE_ID@,CVE-2022-35737,Ignored,only affects SQLITE_ENABLE_STAT4 compile option not used by blender or python
@SBOMCONTENTS@