tornavis

History

Julian Squires 466eb426ed Extern: Update TinyGLTF to include fix for CVE-2022-3008 The use of wordexp(3) permits arbitrary code execution from manually-crafted glTF files. See https://github.com/syoyo/tinygltf/issues/368 for more details. In practice this shouldn't be an issue for Blender since the GlTF data isn't manually crafted but from the OpenXR runtime (a bit like a driver). But updating the library to include the fix is not a big deal anyway. Note that the warning that required the local modification is no longer present upstream since `0bfcb4f49e` Pull Request: https://projects.blender.org/blender/blender/pulls/105536	2023-03-10 14:56:35 +01:00
..
README.blender	Extern: Update TinyGLTF to include fix for CVE-2022-3008	2023-03-10 14:56:35 +01:00
tiny_gltf.h	Extern: Update TinyGLTF to include fix for CVE-2022-3008	2023-03-10 14:56:35 +01:00

Julian Squires 466eb426ed Extern: Update TinyGLTF to include fix for CVE-2022-3008

The use of wordexp(3) permits arbitrary code execution from manually-crafted
glTF files. See https://github.com/syoyo/tinygltf/issues/368 for more details.
In practice this shouldn't be an issue for Blender since the GlTF data isn't
manually crafted but from the OpenXR runtime (a bit like a driver). But
updating the library to include the fix is not a big deal anyway.

Note that the warning that required the local modification is no longer present upstream since
  0bfcb4f49e

Pull Request: https://projects.blender.org/blender/blender/pulls/105536

2023-03-10 14:56:35 +01:00

README.blender Extern: Update TinyGLTF to include fix for CVE-2022-3008 2023-03-10 14:56:35 +01:00

tiny_gltf.h Extern: Update TinyGLTF to include fix for CVE-2022-3008 2023-03-10 14:56:35 +01:00

README.blender

Project: TinyGLTF
URL: https://github.com/syoyo/tinygltf
License: MIT
Upstream version: 2.8.3, 84a83d39f55d
Local modifications: None