[Bf-blender-cvs] [2fb06407403] blender-v3.3-release: Build: update various libraries for 3.4, fixing bugs and security issues

Ray Molenkamp noreply at git.blender.org
Thu Nov 3 15:04:28 CET 2022 

Commit: 2fb06407403a449740a1cd6de2aedb1ee92a9084
Author: Ray Molenkamp
Date:   Thu Oct 20 13:25:54 2022 +0200
Branches: blender-v3.3-release
https://developer.blender.org/rB2fb06407403a449740a1cd6de2aedb1ee92a9084

Build: update various libraries for 3.4, fixing bugs and security issues

THis is bumping dependencies to fix known CVEs, with the exception of
OpenImageIO which also includes bugfixes for performance and correctness
with some image types.

zlib 1.2.12 -> 1.2.13
freetype 2.11.1 -> 2.12.1
openimageio 2.3.13.0 -> 2.3.20.0
python 3.10.2 -> 3.10.8
openjpeg 2.4.0 -> 2.5.0
ffmpeg 5.0 -> 5.1.2
sndfile 1.0.28 -> 1.1.0
xml2 2.9.10 -> 2.10.3
expat 2.4.4 -> 2.4.9
openssl 1.1.1g/i -> 1.1.1q
sqlite 3.31.1 -> 3.37.2

Notable changes:
* AOM: the hack we had in place to make it not detect pthreads on windows no
  longer worked with a more recent cmake version. Disabled pthreads with a
  diff on Windows.
* Python: embedded copy of zlib 2.1.12 swapped out for our 2.1.13 copy with
  some folder manipulation on Windows.
* Freetype: was harbouring a copy of zlib 2.1.12 as well, so that had to end.
* FFmpeg: patch used to fix D11796 is no longer needed. Add new patch to deal
  with simple_idct.asm generating an object file with no sections in it,
  backport from upstream commit.
* TinyXML: still being downloaded but no longer used by OpenColorIO, removed.
* GMP applied upstream patch to fix CVE-2021-43618, as there is no release yet.
* SQLite and Libsndfile patches no longer needed.

Includes contributes by Ray Molenkamp, Campbell Barton and Brecht Van Lommel.

Ref T101403

Differential Revision: https://developer.blender.org/D16269

===================================================================

M	build_files/build_environment/cmake/aom.cmake
M	build_files/build_environment/cmake/download.cmake
M	build_files/build_environment/cmake/ffmpeg.cmake
M	build_files/build_environment/cmake/freetype.cmake
M	build_files/build_environment/cmake/gmp.cmake
M	build_files/build_environment/cmake/llvm.cmake
M	build_files/build_environment/cmake/osl.cmake
M	build_files/build_environment/cmake/python.cmake
M	build_files/build_environment/cmake/sndfile.cmake
M	build_files/build_environment/cmake/sqlite.cmake
M	build_files/build_environment/cmake/ssl.cmake
M	build_files/build_environment/cmake/tiff.cmake
M	build_files/build_environment/cmake/versions.cmake
M	build_files/build_environment/dependencies.dot
A	build_files/build_environment/patches/aom.diff
M	build_files/build_environment/patches/ffmpeg.diff
A	build_files/build_environment/patches/gmp.diff
M	build_files/build_environment/patches/osl.diff
D	build_files/build_environment/patches/python_windows.diff
D	build_files/build_environment/patches/sndfile.diff
D	build_files/build_environment/patches/sqlite.diff
A	build_files/build_environment/patches/ssl.diff
M	build_files/cmake/platform/platform_win32.cmake

===================================================================

diff --git a/build_files/build_environment/cmake/aom.cmake b/build_files/build_environment/cmake/aom.cmake
index 9f64439771f..11c81c3f6e4 100644
--- a/build_files/build_environment/cmake/aom.cmake
+++ b/build_files/build_environment/cmake/aom.cmake
@@ -8,11 +8,6 @@ if(WIN32)
   # building with mingw, it'll have an unhappy time with that and
   # we need to clear them out.
   set(AOM_CMAKE_FLAGS )
-  # CMake will correctly identify phreads being available, however
-  # we do not want to use them, as that gains a dependency on
-  # libpthreadswin.dll which we do not want. when pthreads is not
-  # available oam will use a pthreads emulation layer using win32 threads
-  set(AOM_EXTRA_ARGS_WIN32 -DCMAKE_HAVE_PTHREAD_H=OFF)
 else()
   set(AOM_GENERATOR "Unix Makefiles")
   set(AOM_CMAKE_FLAGS ${DEFAULT_CMAKE_FLAGS})
@@ -36,6 +31,7 @@ ExternalProject_Add(external_aom
   DOWNLOAD_DIR ${DOWNLOAD_DIR}
   URL_HASH ${AOM_HASH_TYPE}=${AOM_HASH}
   PREFIX ${BUILD_DIR}/aom
+  PATCH_COMMAND ${PATCH_CMD} --verbose -p 1 -N -d ${BUILD_DIR}/aom/src/external_aom < ${PATCH_DIR}/aom.diff
   CONFIGURE_COMMAND ${CONFIGURE_ENV} &&
     cd ${BUILD_DIR}/aom/src/external_aom-build/ &&
     ${CMAKE_COMMAND} -G "${AOM_GENERATOR}" -DCMAKE_INSTALL_PREFIX=${LIBDIR}/aom ${AOM_CMAKE_FLAGS} ${AOM_EXTRA_ARGS} ${BUILD_DIR}/aom/src/external_aom/
diff --git a/build_files/build_environment/cmake/download.cmake b/build_files/build_environment/cmake/download.cmake
index 20944bd2c19..27575430c34 100644
--- a/build_files/build_environment/cmake/download.cmake
+++ b/build_files/build_environment/cmake/download.cmake
@@ -62,7 +62,7 @@ function(download_source dep)
     # since the actual build of the dep will notify the
     # platform maintainer if there is a problem with the
     # source package and refuse to build.
-    if(NOT PACKAGE_USE_UPSTREAM_SOURCES)
+    if(NOT PACKAGE_USE_UPSTREAM_SOURCES OR FORCE_CHECK_HASH)
       file(${TARGET_HASH_TYPE} ${TARGET_FILE} LOCAL_HASH)
       if(NOT ${TARGET_HASH} STREQUAL ${LOCAL_HASH})
         message(FATAL_ERROR "${TARGET_FILE} ${TARGET_HASH_TYPE} mismatch\nExpected\t: ${TARGET_HASH}\nActual\t: ${LOCAL_HASH}")
@@ -114,7 +114,6 @@ download_source(WEBP)
 download_source(SPNAV)
 download_source(JEMALLOC)
 download_source(XML2)
-download_source(TINYXML)
 download_source(YAMLCPP)
 download_source(EXPAT)
 download_source(PUGIXML)
diff --git a/build_files/build_environment/cmake/ffmpeg.cmake b/build_files/build_environment/cmake/ffmpeg.cmake
index 7730607c514..e2b60e161f2 100644
--- a/build_files/build_environment/cmake/ffmpeg.cmake
+++ b/build_files/build_environment/cmake/ffmpeg.cmake
@@ -16,12 +16,6 @@ if(WIN32)
     --enable-libopenjpeg
     --disable-mediafoundation
   )
-  if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
-    set(FFMPEG_EXTRA_FLAGS
-      ${FFMPEG_EXTRA_FLAGS}
-      --x86asmexe=yasm
-    )
-  endif()
 else()
   set(FFMPEG_EXTRA_FLAGS
     ${FFMPEG_EXTRA_FLAGS}
diff --git a/build_files/build_environment/cmake/freetype.cmake b/build_files/build_environment/cmake/freetype.cmake
index b6f53ede2db..842e5c42e25 100644
--- a/build_files/build_environment/cmake/freetype.cmake
+++ b/build_files/build_environment/cmake/freetype.cmake
@@ -7,8 +7,11 @@ set(FREETYPE_EXTRA_ARGS
   -DFT_DISABLE_HARFBUZZ=ON
   -DFT_DISABLE_PNG=ON
   -DFT_REQUIRE_BROTLI=ON
+  -DFT_REQUIRE_ZLIB=ON
   -DPC_BROTLIDEC_INCLUDEDIR=${LIBDIR}/brotli/include
   -DPC_BROTLIDEC_LIBDIR=${LIBDIR}/brotli/lib
+  -DZLIB_LIBRARY=${LIBDIR}/zlib/lib/${ZLIB_LIBRARY}
+  -DZLIB_INCLUDE_DIR=${LIBDIR}/zlib/include
   )
 
 ExternalProject_Add(external_freetype
@@ -23,6 +26,7 @@ ExternalProject_Add(external_freetype
 add_dependencies(
   external_freetype
   external_brotli
+  external_zlib
 )
 
 if(BUILD_MODE STREQUAL Release AND WIN32)
diff --git a/build_files/build_environment/cmake/gmp.cmake b/build_files/build_environment/cmake/gmp.cmake
index e624778869e..ddfdba6662d 100644
--- a/build_files/build_environment/cmake/gmp.cmake
+++ b/build_files/build_environment/cmake/gmp.cmake
@@ -27,6 +27,7 @@ ExternalProject_Add(external_gmp
   DOWNLOAD_DIR ${DOWNLOAD_DIR}
   URL_HASH ${GMP_HASH_TYPE}=${GMP_HASH}
   PREFIX ${BUILD_DIR}/gmp
+  PATCH_COMMAND ${PATCH_CMD} -p 1 -d ${BUILD_DIR}/gmp/src/external_gmp < ${PATCH_DIR}/gmp.diff
   CONFIGURE_COMMAND ${CONFIGURE_ENV_NO_PERL} && cd ${BUILD_DIR}/gmp/src/external_gmp/ && ${CONFIGURE_COMMAND} --prefix=${LIBDIR}/gmp ${GMP_OPTIONS} ${GMP_EXTRA_ARGS}
   BUILD_COMMAND ${CONFIGURE_ENV_NO_PERL} && cd ${BUILD_DIR}/gmp/src/external_gmp/ && make -j${MAKE_THREADS}
   INSTALL_COMMAND ${CONFIGURE_ENV_NO_PERL} && cd ${BUILD_DIR}/gmp/src/external_gmp/ && make install
diff --git a/build_files/build_environment/cmake/llvm.cmake b/build_files/build_environment/cmake/llvm.cmake
index e4ddc7db846..11f6bf7c218 100644
--- a/build_files/build_environment/cmake/llvm.cmake
+++ b/build_files/build_environment/cmake/llvm.cmake
@@ -9,6 +9,7 @@ endif()
 if(APPLE)
   set(LLVM_XML2_ARGS
     -DLIBXML2_LIBRARY=${LIBDIR}/xml2/lib/libxml2.a
+    -DLIBXML2_INCLUDE_DIR=${LIBDIR}/xml2/include/libxml2
   )
   set(LLVM_BUILD_CLANG_TOOLS_EXTRA ^^clang-tools-extra)
   set(BUILD_CLANG_TOOLS ON)
diff --git a/build_files/build_environment/cmake/osl.cmake b/build_files/build_environment/cmake/osl.cmake
index 9719de94d47..8bac2c5c1ab 100644
--- a/build_files/build_environment/cmake/osl.cmake
+++ b/build_files/build_environment/cmake/osl.cmake
@@ -32,6 +32,8 @@ set(OSL_EXTRA_ARGS
   -DUSE_Qt5=OFF
   -DINSTALL_DOCS=OFF
   -Dpugixml_ROOT=${LIBDIR}/pugixml
+  -DTIFF_ROOT=${LIBDIR}/tiff
+  -DJPEG_ROOT=${LIBDIR}/jpeg
   -DUSE_PYTHON=OFF
   -DCMAKE_CXX_STANDARD=14
   -DImath_ROOT=${LIBDIR}/imath
diff --git a/build_files/build_environment/cmake/python.cmake b/build_files/build_environment/cmake/python.cmake
index 8fed10e9d72..72ae27ddfdb 100644
--- a/build_files/build_environment/cmake/python.cmake
+++ b/build_files/build_environment/cmake/python.cmake
@@ -15,9 +15,11 @@ if(WIN32)
   endmacro()
 
   set(PYTHON_EXTERNALS_FOLDER ${BUILD_DIR}/python/src/external_python/externals)
+  set(ZLIB_SOURCE_FOLDER ${BUILD_DIR}/zlib/src/external_zlib)
   set(DOWNLOADS_EXTERNALS_FOLDER ${DOWNLOAD_DIR}/externals)
 
   cmake_to_dos_path(${PYTHON_EXTERNALS_FOLDER} PYTHON_EXTERNALS_FOLDER_DOS)
+  cmake_to_dos_path(${ZLIB_SOURCE_FOLDER} ZLIB_SOURCE_FOLDER_DOS)
   cmake_to_dos_path(${DOWNLOADS_EXTERNALS_FOLDER} DOWNLOADS_EXTERNALS_FOLDER_DOS)
 
   ExternalProject_Add(external_python
@@ -25,12 +27,21 @@ if(WIN32)
     DOWNLOAD_DIR ${DOWNLOAD_DIR}
     URL_HASH ${PYTHON_HASH_TYPE}=${PYTHON_HASH}
     PREFIX ${BUILD_DIR}/python
-    CONFIGURE_COMMAND ""
+    # Python will download its own deps and there's very little we can do about
+    # that beyond placing some code in their externals dir before it tries.
+    # the foldernames *HAVE* to match the ones inside pythons get_externals.cmd.
+    # python 3.10.8 still ships zlib 1.2.12, replace it with our 1.2.13
+    # copy until they update.
+    CONFIGURE_COMMAND mkdir ${PYTHON_EXTERNALS_FOLDER_DOS} &&
+      mklink /J ${PYTHON_EXTERNALS_FOLDER_DOS}\\zlib-1.2.12 ${ZLIB_SOURCE_FOLDER_DOS} &&
+      ${CMAKE_COMMAND} -E copy ${ZLIB_SOURCE_FOLDER}/../external_zlib-build/zconf.h ${PYTHON_EXTERNALS_FOLDER}/zlib-1.2.12/zconf.h
     BUILD_COMMAND cd ${BUILD_DIR}/python/src/external_python/pcbuild/ && set IncludeTkinter=false && call build.bat -e -p x64 -c ${BUILD_MODE}
-    PATCH_COMMAND ${PATCH_CMD} --verbose -p1 -d ${BUILD_DIR}/python/src/external_python < ${PATCH_DIR}/python_windows.diff
     INSTALL_COMMAND ${PYTHON_BINARY_INTERNAL} ${PYTHON_SRC}/PC/layout/main.py -b ${PYTHON_SRC}/PCbuild/amd64 -s ${PYTHON_SRC} -t ${PYTHON_SRC}/tmp/ --include-stable --include-pip --include-dev --include-launchers  --include-venv --include-symbols ${PYTHON_EXTRA_INSTLAL_FLAGS} --copy ${LIBDIR}/python
   )
-
+  add_dependencies(
+    external_python
+    external_zlib
+  )
 else()
   if(APPLE)
     # Disable functions that can be in 10.13 sdk but aren't available on 10.9 target.
diff --git a/build_files/build_environment/cmake/sndfile.cmake b/build_files/build_environment/cmake/sndfile.cmake
index 192c25f5ed1..a2ac2a33779 100644
--- a/build_files/build_environment/cmake/sndfile.cmake
+++ b/build_files/build_environment/cmake/sndfile.cmake
@@ -11,18 +11,11 @@ else()
   set(SNDFILE_OPTIONS --enable-static --disable-shared )
 endif()
 
-if(UNIX)
-  set(SNDFILE_PATCH_CMD ${PATCH_CMD} --verbose -p 0 -d ${BUILD_DIR}/sndfile/src/external_sndfile < ${PATCH_DIR}/sndfile.diff)
-else()
-  set(SNDFILE_PATCH_CMD)
-endif()
-
 ExternalProject_Add(external_sndfile
   URL file://${PACKAGE_DIR}/${SNDFILE_FILE}
   DOWNLOAD_DIR ${DOWNLOAD_DIR}
   URL_HASH ${SNDFILE_HASH_TYPE}=${SNDFILE_HASH}
   PREFIX ${BUILD_DIR}/sndfile
-  PATCH_COMMAND ${SNDFILE_PATCH_CMD}
   CONFIGURE_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/sndfile/src/external_sndfile/ && ${SNDFILE_ENV} ${CONFIGURE_COMMAND} ${SNDFILE_OPTIONS} --prefix=${mingw_LIBDIR}/sndfile
   BUILD_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/sndfile/src/external_sndfile/ && make -j${MAKE_THREADS}
   INSTALL_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/sndfile/src/external_sndfile/ && make install
diff --git a/build_files/build_environment/cmake/sqlite.cmake b/build_files/build_environment/cmake/sqlite.cmake
index c82d832574a..c151a495ff1 100644
--- a/build_files/build_environment/cmake/sqlite.cmake
+++ b/build_files/build_environment/cmake/sqlite.cmake
@@ -48,7 +48,6 @@ ExternalProject_Add(external_sqlite
   DOWNLOAD_DIR ${DOWNLOAD_DIR}
   URL_HASH ${SQLITE_HASH_TYPE}=${SQLITE_HASH}
   PREFIX ${BUILD_DIR}/sqlite
-  PATCH_COMMAND ${PATCH_CMD} -p 1 -d ${BUILD_DIR}/sqlite/src/external_sqlite < ${PATCH_DIR}/sqlite.diff
   CONFIGURE_COMMAND ${SQLITE_CONFIGURE_ENV} && cd ${BUILD_DIR}/sqlite/src/external_sqlite/ && ${CONFIGURE_COMMAND} --prefix=${LIBDIR}/sqlite ${SQLITE_CONFIGURATION_ARGS}
   BUILD_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/sqlite/src/external_sqlite/ && make -j${MAKE_THREADS}
   INSTALL_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/sqlite/src/external_sqlite/ && make install
diff --git a/build_files/build_environment/cmake/ssl.cmake b/build_files/build_environment/cmake/ssl.cmake
index 21c4d2418c3..628187dc0ac 100644
--- a/build_files/build_environment/cmake/ssl.cmake


@@ Diff output truncated at 10240 characters. @@

More information about the Bf-blender-cvs mailing list