diff options
| author | Ray Molenkamp <github@lazydodo.com> | 2022-10-10 20:48:05 +0300 |
|---|---|---|
| committer | Ray Molenkamp <github@lazydodo.com> | 2022-10-10 20:48:05 +0300 |
| commit | 9b8be81eef93a8d4a33ce8c6ca291c9d4584d681 (patch) | |
| tree | 13f9327a8e7f7ce67d346328c4ba1a244335ac42 /build_files | |
| parent | 03fd2f7a5a4fdb8cf6bdd19e055beffd099648c0 (diff) | |
deps_builder: Add support for cve-bin-tool
This change adds support for intels cve-bin-tool [1]
in the deps builder. This adds 2 new targets to the
builder that do not build automatically but can be
build on demand when required.
`make cve_check` will output to the console.
`make cve_check_html` will output a html file that
can be shared with other people.
Requirements:
- A working installation of cve-bin-tool on the system
Not required but higly recommended:
- Obtaining a key from the nvd [2] to speed up the
database download. you can pass the key to cmake
using `-DCVE_CHECK_NVD_KEY=your_api_key`
[1] https://github.com/intel/cve-bin-tool
[2] https://nvd.nist.gov/developers/request-an-api-key
Reviewed By: brecht
Differential Revision: https://developer.blender.org/D16160
Diffstat (limited to 'build_files')
4 files changed, 129 insertions, 4 deletions
diff --git a/build_files/build_environment/CMakeLists.txt b/build_files/build_environment/CMakeLists.txt index 03c85742ada..4f40f44ad18 100644 --- a/build_files/build_environment/CMakeLists.txt +++ b/build_files/build_environment/CMakeLists.txt @@ -176,3 +176,4 @@ if(UNIX AND NOT APPLE) endif() include(cmake/harvest.cmake) +include(cmake/cve_check.cmake) diff --git a/build_files/build_environment/cmake/cve_check.cmake b/build_files/build_environment/cmake/cve_check.cmake new file mode 100644 index 00000000000..dfb190bcffa --- /dev/null +++ b/build_files/build_environment/cmake/cve_check.cmake @@ -0,0 +1,73 @@ +# SPDX-License-Identifier: GPL-2.0-or-later + +# CVE Check requirements +# +# - A working installation of intels cve-bin-tool [1] has to be available in +# your path +# +# - Not strictly required, but highly recommended is obtaining a NVD key from +# nist since it significantly speeds up downloading/updating the required +# databases one can request a key on the following website: +# https://nvd.nist.gov/developers/request-an-api-key + +# Bill of Materials construction +# +# This constructs a CSV cve-bin-tool [1] can read and process. Sadly +# cve-bin-tool at this point does not take a list of CPE's and output a check +# based on that list. so we need to pick apart the CPE retrieve the vendor, +# product and version tokens and generate a CSV. +# +# [1] https://github.com/intel/cve-bin-tool + +# Because not all deps are downloaded (ie python packages) but can still have a +# xxx_CPE declared loop over all variables and look for variables ending in CPE. + +set(SBOMCONTENTS) +get_cmake_property(_variableNames VARIABLES) +foreach (_variableName ${_variableNames}) + if(_variableName MATCHES "CPE$") + string(REPLACE ":" ";" CPE_LIST ${${_variableName}}) + list(GET CPE_LIST 3 CPE_VENDOR) + list(GET CPE_LIST 4 CPE_NAME) + list(GET CPE_LIST 5 CPE_VERSION) + set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}\n") + endif() +endforeach() +configure_file(${CMAKE_SOURCE_DIR}/cmake/cve_check.csv.in ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv @ONLY) + +# Custom Targets +# +# This defines two new custom targets one could run in the build folder +# `cve_check` which will output the report to the console, and `cve_check_html` +# which will write out blender_dependencies.html in the build folder that one +# could share with other people or be used to get more information on the +# reported CVE's. +# +# cve-bin-tool takes data from the nist nvd database which rate limits +# unauthenticated requests to 1 requests per 6 seconds making the database +# download take "quite a bit" of time. +# +# When adding -DCVE_CHECK_NVD_KEY=your_api_key_here to your cmake invocation +# this key will be passed on to cve-bin-tool speeding up the process. +# +if(DEFINED CVE_CHECK_NVD_KEY) + set(NVD_ARGS --nvd-api-key ${CVE_CHECK_NVD_KEY}) +endif() + +# This will just report to the console +add_custom_target(cve_check + COMMAND cve-bin-tool + ${NVD_ARGS} + -i ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv + --affected-versions + SOURCES ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv +) + +# This will write out blender_dependencies.html +add_custom_target(cve_check_html + COMMAND cve-bin-tool + ${NVD_ARGS} + -i ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv + -f html + SOURCES ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv +) diff --git a/build_files/build_environment/cmake/cve_check.csv.in b/build_files/build_environment/cmake/cve_check.csv.in new file mode 100644 index 00000000000..6e7e8db5609 --- /dev/null +++ b/build_files/build_environment/cmake/cve_check.csv.in @@ -0,0 +1,2 @@ +vendor,product,version +@SBOMCONTENTS@ diff --git a/build_files/build_environment/cmake/versions.cmake b/build_files/build_environment/cmake/versions.cmake index 938ecd393dc..6e36db1e387 100644 --- a/build_files/build_environment/cmake/versions.cmake +++ b/build_files/build_environment/cmake/versions.cmake @@ -1,10 +1,19 @@ # SPDX-License-Identifier: GPL-2.0-or-later +# CPE's are used to identify dependencies, for more information on what they +# are please see https://nvd.nist.gov/products/cpe +# +# We use them in combination with cve-bin-tool to scan for known security issues. +# +# Not all of our dependencies are currently in the nvd database so not all +# dependencies have one assigned. + set(ZLIB_VERSION 1.2.12) set(ZLIB_URI https://zlib.net/zlib-${ZLIB_VERSION}.tar.gz) set(ZLIB_HASH 5fc414a9726be31427b440b434d05f78) set(ZLIB_HASH_TYPE MD5) set(ZLIB_FILE zlib-${ZLIB_VERSION}.tar.gz) +set(ZLIB_CPE "cpe:2.3:a:zlib:zlib:${ZLIB_VERSION}:*:*:*:*:*:*:*") set(OPENAL_VERSION 1.21.1) set(OPENAL_URI http://openal-soft.org/openal-releases/openal-soft-${OPENAL_VERSION}.tar.bz2) @@ -17,12 +26,14 @@ set(PNG_URI http://prdownloads.sourceforge.net/libpng/libpng-${PNG_VERSION}.tar. set(PNG_HASH 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca) set(PNG_HASH_TYPE SHA256) set(PNG_FILE libpng-${PNG_VERSION}.tar.xz) +set(PNG_CPE "cpe:2.3:a:libpng:libpng:${PNG_VERSION}:*:*:*:*:*:*:*") set(JPEG_VERSION 2.1.3) set(JPEG_URI https://github.com/libjpeg-turbo/libjpeg-turbo/archive/${JPEG_VERSION}.tar.gz) set(JPEG_HASH 627b980fad0573e08e4c3b80b290fc91) set(JPEG_HASH_TYPE MD5) set(JPEG_FILE libjpeg-turbo-${JPEG_VERSION}.tar.gz) +set(JPEG_CPE "cpe:2.3:a:d.r.commander:libjpeg-turbo:${JPEG_VERSION}:*:*:*:*:*:*:*") set(BOOST_VERSION 1.78.0) set(BOOST_VERSION_SHORT 1.78) @@ -32,12 +43,14 @@ set(BOOST_URI https://boostorg.jfrog.io/artifactory/main/release/${BOOST_VERSION set(BOOST_HASH c2f6428ac52b0e5a3c9b2e1d8cc832b5) set(BOOST_HASH_TYPE MD5) set(BOOST_FILE boost_${BOOST_VERSION_NODOTS}.tar.gz) +set(BOOST_CPE "cpe:2.3:a:boost:boost:${BOOST_VERSION}:*:*:*:*:*:*:*") set(BLOSC_VERSION 1.21.1) set(BLOSC_URI https://github.com/Blosc/c-blosc/archive/v${BLOSC_VERSION}.tar.gz) set(BLOSC_HASH 134b55813b1dca57019d2a2dc1f7a923) set(BLOSC_HASH_TYPE MD5) set(BLOSC_FILE blosc-${BLOSC_VERSION}.tar.gz) +set(BLOSC_CPE "cpe:2.3:a:c-blosc2_project:c-blosc2:${BLOSC_VERSION}:*:*:*:*:*:*:*") set(PTHREADS_VERSION 3.0.0) set(PTHREADS_URI http://prdownloads.sourceforge.net/pthreads4w/pthreads4w-code-v${PTHREADS_VERSION}.zip) @@ -50,6 +63,7 @@ set(OPENEXR_URI https://github.com/AcademySoftwareFoundation/openexr/archive/v${ set(OPENEXR_HASH a92f38eedd43e56c0af56d4852506886) set(OPENEXR_HASH_TYPE MD5) set(OPENEXR_FILE openexr-${OPENEXR_VERSION}.tar.gz) +set(OPENEXR_CPE "cpe:2.3:a:openexr:openexr:${OPENEXR_VERSION}:*:*:*:*:*:*:*") set(IMATH_VERSION 3.1.5) set(IMATH_URI https://github.com/AcademySoftwareFoundation/Imath/archive/v${OPENEXR_VERSION}.tar.gz) @@ -79,6 +93,7 @@ set(FREETYPE_URI http://prdownloads.sourceforge.net/freetype/freetype-${FREETYPE set(FREETYPE_HASH bd4e3b007474319909a6b79d50908e85) set(FREETYPE_HASH_TYPE MD5) set(FREETYPE_FILE freetype-${FREETYPE_VERSION}.tar.gz) +SET(FREETYPE_CPE "cpe:2.3:a:freetype:freetype:${FREETYPE_VERSION}:*:*:*:*:*:*:*") set(EPOXY_VERSION 1.5.10) set(EPOXY_URI https://github.com/anholt/libepoxy/archive/refs/tags/${EPOXY_VERSION}.tar.gz) @@ -97,6 +112,7 @@ set(ALEMBIC_URI https://github.com/alembic/alembic/archive/${ALEMBIC_VERSION}.ta set(ALEMBIC_HASH 2cd8d6e5a3ac4a014e24a4b04f4fadf9) set(ALEMBIC_HASH_TYPE MD5) set(ALEMBIC_FILE alembic-${ALEMBIC_VERSION}.tar.gz) +SET(FREETYPE_CPE "cpe:2.3:a:freetype:freetype:${FREETYPE_VERSION}:*:*:*:*:*:*:*") set(OPENSUBDIV_VERSION v3_4_4) set(OPENSUBDIV_URI https://github.com/PixarAnimationStudios/OpenSubdiv/archive/${OPENSUBDIV_VERSION}.tar.gz) @@ -109,6 +125,7 @@ set(SDL_URI https://www.libsdl.org/release/SDL2-${SDL_VERSION}.tar.gz) set(SDL_HASH a53acc02e1cca98c4123229069b67c9e) set(SDL_HASH_TYPE MD5) set(SDL_FILE SDL2-${SDL_VERSION}.tar.gz) +set(SDL_CPE "cpe:2.3:a:libsdl:sdl:${SDL_VERSION}:*:*:*:*:*:*:*") set(OPENCOLLADA_VERSION v1.6.68) set(OPENCOLLADA_URI https://github.com/KhronosGroup/OpenCOLLADA/archive/${OPENCOLLADA_VERSION}.tar.gz) @@ -127,6 +144,7 @@ set(LLVM_URI https://github.com/llvm/llvm-project/releases/download/llvmorg-${LL set(LLVM_HASH 5a4fab4d7fc84aefffb118ac2c8a4fc0) set(LLVM_HASH_TYPE MD5) set(LLVM_FILE llvm-project-${LLVM_VERSION}.src.tar.xz) +set(LLVM_CPE "cpe:2.3:a:llvm:compiler:${LLVM_VERSION}:*:*:*:*:*:*:*") if(APPLE) # Cloth physics test is crashing due to this bug: @@ -154,6 +172,7 @@ set(FMT_URI https://github.com/fmtlib/fmt/archive/refs/tags/${FMT_VERSION}.tar.g set(FMT_HASH 7bce0e9e022e586b178b150002e7c2339994e3c2bbe44027e9abb0d60f9cce83) set(FMT_HASH_TYPE SHA256) set(FMT_FILE fmt-${FMT_VERSION}.tar.gz) +set(FMT_CPE "cpe:2.3:a:fmt:fmt:${FMT_VERSION}:*:*:*:*:*:*:*") # 0.6.2 is currently oiio's preferred version although never versions may be available. # the preferred version can be found in oiio's externalpackages.cmake @@ -168,6 +187,7 @@ set(TIFF_URI http://download.osgeo.org/libtiff/tiff-${TIFF_VERSION}.tar.gz) set(TIFF_HASH 376f17f189e9d02280dfe709b2b2bbea) set(TIFF_HASH_TYPE MD5) set(TIFF_FILE tiff-${TIFF_VERSION}.tar.gz) +set(TIFF_CPE "cpe:2.3:a:libtiff:libtiff:${TIFF_VERSION}:*:*:*:*:*:*:*") set(OSL_VERSION 1.11.17.0) set(OSL_URI https://github.com/imageworks/OpenShadingLanguage/archive/Release-${OSL_VERSION}.tar.gz) @@ -182,12 +202,15 @@ set(PYTHON_URI https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTH set(PYTHON_HASH 14e8c22458ed7779a1957b26cde01db9) set(PYTHON_HASH_TYPE MD5) set(PYTHON_FILE Python-${PYTHON_VERSION}.tar.xz) +set(PYTHON_CPE "cpe:2.3:a:python:python:${PYTHON_VERSION}:-:*:*:*:*:*:*") -set(TBB_VERSION 2020_U3) +set(TBB_YEAR 2020) +set(TBB_VERSION ${TBB_YEAR}_U3) set(TBB_URI https://github.com/oneapi-src/oneTBB/archive/${TBB_VERSION}.tar.gz) set(TBB_HASH 55ec8df6eae5ed6364a47f0e671e460c) set(TBB_HASH_TYPE MD5) set(TBB_FILE oneTBB-${TBB_VERSION}.tar.gz) +set(TBB_CPE "cpe:2.3:a:intel:threading_building_blocks:${TBB_YEAR}:*:*:*:*:*:*:*") set(OPENVDB_VERSION 9.0.0) set(OPENVDB_URI https://github.com/AcademySoftwareFoundation/openvdb/archive/v${OPENVDB_VERSION}.tar.gz) @@ -198,6 +221,7 @@ set(OPENVDB_FILE openvdb-${OPENVDB_VERSION}.tar.gz) set(IDNA_VERSION 3.3) set(CHARSET_NORMALIZER_VERSION 2.0.10) set(URLLIB3_VERSION 1.26.8) +set(URLLIB3_CPE "cpe:2.3:a:urllib3:urllib3:${URLLIB3_VERSION}:*:*:*:*:*:*:*") set(CERTIFI_VERSION 2021.10.8) set(REQUESTS_VERSION 2.27.1) set(CYTHON_VERSION 0.29.26) @@ -214,12 +238,14 @@ set(NUMPY_URI https://github.com/numpy/numpy/releases/download/v${NUMPY_VERSION} set(NUMPY_HASH 252de134862a27bd66705d29622edbfe) set(NUMPY_HASH_TYPE MD5) set(NUMPY_FILE numpy-${NUMPY_VERSION}.zip) +set(NUMPY_CPE "cpe:2.3:a:numpy:numpy:${NUMPY_VERSION}:*:*:*:*:*:*:*") set(LAME_VERSION 3.100) set(LAME_URI http://downloads.sourceforge.net/project/lame/lame/3.100/lame-${LAME_VERSION}.tar.gz) set(LAME_HASH 83e260acbe4389b54fe08e0bdbf7cddb) set(LAME_HASH_TYPE MD5) set(LAME_FILE lame-${LAME_VERSION}.tar.gz) +set(LAME_CPE "cpe:2.3:a:lame_project:lame:${LAME_VERSION}:*:*:*:*:*:*:*") set(OGG_VERSION 1.3.5) set(OGG_URI http://downloads.xiph.org/releases/ogg/libogg-${OGG_VERSION}.tar.gz) @@ -232,6 +258,7 @@ set(VORBIS_URI http://downloads.xiph.org/releases/vorbis/libvorbis-${VORBIS_VERS set(VORBIS_HASH 0e982409a9c3fc82ee06e08205b1355e5c6aa4c36bca58146ef399621b0ce5ab) set(VORBIS_HASH_TYPE SHA256) set(VORBIS_FILE libvorbis-${VORBIS_VERSION}.tar.gz) +set(VORBIS_CPE "cpe:2.3:a:xiph.org:libvorbis:${VORBIS_VERSION}:*:*:*:*:*:*:*") set(THEORA_VERSION 1.1.1) set(THEORA_URI http://downloads.xiph.org/releases/theora/libtheora-${THEORA_VERSION}.tar.bz2) @@ -244,12 +271,14 @@ set(FLAC_URI http://downloads.xiph.org/releases/flac/flac-${FLAC_VERSION}.tar.xz set(FLAC_HASH 8ff0607e75a322dd7cd6ec48f4f225471404ae2730d0ea945127b1355155e737 ) set(FLAC_HASH_TYPE SHA256) set(FLAC_FILE flac-${FLAC_VERSION}.tar.xz) +set(FLAC_CPE "cpe:2.3:a:flac_project:flac:${FLAC_VERSION}:*:*:*:*:*:*:*") set(VPX_VERSION 1.11.0) set(VPX_URI https://github.com/webmproject/libvpx/archive/v${VPX_VERSION}/libvpx-v${VPX_VERSION}.tar.gz) set(VPX_HASH 965e51c91ad9851e2337aebcc0f517440c637c506f3a03948062e3d5ea129a83) set(VPX_HASH_TYPE SHA256) set(VPX_FILE libvpx-v${VPX_VERSION}.tar.gz) +set(VPX_CPE "cpe:2.3:a:webmproject:libvpx:${VPX_VERSION}:*:*:*:*:*:*:*") set(OPUS_VERSION 1.3.1) set(OPUS_URI https://archive.mozilla.org/pub/opus/opus-${OPUS_VERSION}.tar.gz) @@ -275,12 +304,14 @@ set(OPENJPEG_URI https://github.com/uclouvain/openjpeg/archive/v${OPENJPEG_VERSI set(OPENJPEG_HASH 8702ba68b442657f11aaeb2b338443ca8d5fb95b0d845757968a7be31ef7f16d) set(OPENJPEG_HASH_TYPE SHA256) set(OPENJPEG_FILE openjpeg-v${OPENJPEG_VERSION}.tar.gz) +set(OPENJPEG_CPE "cpe:2.3:a:uclouvain:openjpeg:${OPENJPEG_VERSION}:*:*:*:*:*:*:*") set(FFMPEG_VERSION 5.0) set(FFMPEG_URI http://ffmpeg.org/releases/ffmpeg-${FFMPEG_VERSION}.tar.bz2) set(FFMPEG_HASH c0130b8db2c763430fd1c6905288d61bc44ee0548ad5fcd2dfd650b88432bed9) set(FFMPEG_HASH_TYPE SHA256) set(FFMPEG_FILE ffmpeg-${FFMPEG_VERSION}.tar.bz2) +set(FFMPEG_CPE "cpe:2.3:a:ffmpeg:ffmpeg:${FFMPEG_VERSION}:*:*:*:*:*:*:*") set(FFTW_VERSION 3.3.10) set(FFTW_URI http://www.fftw.org/fftw-${FFTW_VERSION}.tar.gz) @@ -299,12 +330,14 @@ set(SNDFILE_URI http://www.mega-nerd.com/libsndfile/files/libsndfile-${SNDFILE_V set(SNDFILE_HASH 646b5f98ce89ac60cdb060fcd398247c) set(SNDFILE_HASH_TYPE MD5) set(SNDFILE_FILE libsndfile-${SNDFILE_VERSION}.tar.gz) +set(SNDFILE_CPE "cpe:2.3:a:libsndfile_project:libsndfile:${SNDFILE_VERSION}:*:*:*:*:*:*:*") set(WEBP_VERSION 1.2.2) set(WEBP_URI https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-${WEBP_VERSION}.tar.gz) set(WEBP_HASH b5e2e414a8adee4c25fe56b18dd9c549) set(WEBP_HASH_TYPE MD5) set(WEBP_FILE libwebp-${WEBP_VERSION}.tar.gz) +set(WEBP_CPE "cpe:2.3:a:webmproject:libwebp:${WEBP_VERSION}:*:*:*:*:*:*:*") set(SPNAV_VERSION 0.2.3) set(SPNAV_URI http://downloads.sourceforge.net/project/spacenav/spacenav%20library%20%28SDK%29/libspnav%20${SPNAV_VERSION}/libspnav-${SPNAV_VERSION}.tar.gz) @@ -323,6 +356,7 @@ set(XML2_URI http://xmlsoft.org/sources/libxml2-${XML2_VERSION}.tar.gz) set(XML2_HASH 10942a1dc23137a8aa07f0639cbfece5) set(XML2_HASH_TYPE MD5) set(XML2_FILE libxml2-${XML2_VERSION}.tar.gz) +set(XML2_CPE "cpe:2.3:a:xmlsoft:libxml2:${XML2_VERSION}:*:*:*:*:*:*:*") set(TINYXML_VERSION 2_6_2) set(TINYXML_VERSION_DOTS 2.6.2) @@ -330,12 +364,14 @@ set(TINYXML_URI https://nchc.dl.sourceforge.net/project/tinyxml/tinyxml/${TINYXM set(TINYXML_HASH c1b864c96804a10526540c664ade67f0) set(TINYXML_HASH_TYPE MD5) set(TINYXML_FILE tinyxml_${TINYXML_VERSION}.tar.gz) +set(TINYXML_CPE "cpe:2.3:a:tinyxml_project:tinyxml:${TINYXML_VERSION_DOTS}:*:*:*:*:*:*:*") set(YAMLCPP_VERSION 0.6.3) set(YAMLCPP_URI https://codeload.github.com/jbeder/yaml-cpp/tar.gz/yaml-cpp-${YAMLCPP_VERSION}) set(YAMLCPP_HASH b45bf1089a382e81f6b661062c10d0c2) set(YAMLCPP_HASH_TYPE MD5) set(YAMLCPP_FILE yaml-cpp-${YAMLCPP_VERSION}.tar.gz) +set(YAMLCPP "cpe:2.3:a:yaml-cpp_project:yaml-cpp:${YAMLCPP_VERSION}:*:*:*:*:*:*:*") set(PYSTRING_VERSION v1.1.3) set(PYSTRING_URI https://codeload.github.com/imageworks/pystring/tar.gz/refs/tags/${PYSTRING_VERSION}) @@ -344,16 +380,19 @@ set(PYSTRING_HASH_TYPE MD5) set(PYSTRING_FILE pystring-${PYSTRING_VERSION}.tar.gz) set(EXPAT_VERSION 2_4_4) +set(EXPAT_VERSION_DOTS 2.4.4) set(EXPAT_URI https://github.com/libexpat/libexpat/archive/R_${EXPAT_VERSION}.tar.gz) set(EXPAT_HASH 2d3e81dee94b452369dc6394ff0f8f98) set(EXPAT_HASH_TYPE MD5) set(EXPAT_FILE libexpat-${EXPAT_VERSION}.tar.gz) +set(EXPAT_CPE "cpe:2.3:a:libexpat_project:libexpat:${EXPAT_VERSION_DOTS}:*:*:*:*:*:*:*") set(PUGIXML_VERSION 1.10) set(PUGIXML_URI https://github.com/zeux/pugixml/archive/v${PUGIXML_VERSION}.tar.gz) set(PUGIXML_HASH 0c208b0664c7fb822bf1b49ad035e8fd) set(PUGIXML_HASH_TYPE MD5) set(PUGIXML_FILE pugixml-${PUGIXML_VERSION}.tar.gz) +set(PUGIXML_CPE "cpe:2.3:a:pugixml_project:pugixml:${PUGIXML_VERSION}:*:*:*:*:*:*:*") set(FLEXBISON_VERSION 2.5.24) set(FLEXBISON_URI http://prdownloads.sourceforge.net/winflexbison/win_flex_bison-${FLEXBISON_VERSION}.zip) @@ -376,12 +415,14 @@ set(BZIP2_URI http://http.debian.net/debian/pool/main/b/bzip2/bzip2_${BZIP2_VERS set(BZIP2_HASH ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269) set(BZIP2_HASH_TYPE SHA256) set(BZIP2_FILE bzip2_${BZIP2_VERSION}.orig.tar.gz) +set(BZIP2_CPE "cpe:2.3:a:bzip:bzip2:${BZIP2_VERSION}:*:*:*:*:*:*:*") set(FFI_VERSION 3.3) set(FFI_URI https://sourceware.org/pub/libffi/libffi-${FFI_VERSION}.tar.gz) set(FFI_HASH 72fba7922703ddfa7a028d513ac15a85c8d54c8d67f55fa5a4802885dc652056) set(FFI_HASH_TYPE SHA256) set(FFI_FILE libffi-${FFI_VERSION}.tar.gz) +set(FFI_CPE "cpe:2.3:a:libffi_project:libffi:${FFI_VERSION}:*:*:*:*:*:*:*") set(LZMA_VERSION 5.2.5) set(LZMA_URI https://tukaani.org/xz/xz-${LZMA_VERSION}.tar.bz2) @@ -403,12 +444,14 @@ else() set(SSL_HASH_TYPE SHA256) set(SSL_FILE openssl-${SSL_VERSION}.tar.gz) endif() +set(SSL_CPE "cpe:2.3:a:openssl:openssl:${SSL_VERSION}:*:*:*:*:*:*:*") set(SQLITE_VERSION 3.31.1) set(SQLITE_URI https://www.sqlite.org/2018/sqlite-src-3240000.zip) set(SQLITE_HASH fb558c49ee21a837713c4f1e7e413309aabdd9c7) set(SQLITE_HASH_TYPE SHA1) set(SQLITE_FILE sqlite-src-3240000.zip) +set(SQLITE_CPE "cpe:2.3:a:sqlite:sqlite:${SQLITE_VERSION}:*:*:*:*:*:*:*") set(EMBREE_VERSION 3.13.4) set(EMBREE_URI https://github.com/embree/embree/archive/v${EMBREE_VERSION}.zip) @@ -439,12 +482,14 @@ set(MESA_URI ftp://ftp.freedesktop.org/pub/mesa/mesa-${MESA_VERSION}.tar.xz) set(MESA_HASH 022c7293074aeeced2278c872db4fa693147c70f8595b076cf3f1ef81520766d) set(MESA_HASH_TYPE SHA256) set(MESA_FILE mesa-${MESA_VERSION}.tar.xz) +set(MESA_CPE "cpe:2.3:a:mesa3d:mesa:${MESA_VERSION}:*:*:*:*:*:*:*") set(NASM_VERSION 2.15.02) set(NASM_URI https://github.com/netwide-assembler/nasm/archive/nasm-${NASM_VERSION}.tar.gz) set(NASM_HASH aded8b796c996a486a56e0515c83e414116decc3b184d88043480b32eb0a8589) set(NASM_HASH_TYPE SHA256) set(NASM_FILE nasm-${NASM_VERSION}.tar.gz) +set(NASM_PCE "cpe:2.3:a:nasm:nasm:${NASM_VERSION}:*:*:*:*:*:*:*") set(XR_OPENXR_SDK_VERSION 1.0.22) set(XR_OPENXR_SDK_URI https://github.com/KhronosGroup/OpenXR-SDK/archive/release-${XR_OPENXR_SDK_VERSION}.tar.gz) @@ -481,12 +526,14 @@ set(GMP_URI https://gmplib.org/download/gmp/gmp-${GMP_VERSION}.tar.xz) set(GMP_HASH 0b82665c4a92fd2ade7440c13fcaa42b) set(GMP_HASH_TYPE MD5) set(GMP_FILE gmp-${GMP_VERSION}.tar.xz) +set(GMP_CPE "cpe:2.3:a:gmplib:gmp:${GMP_VERSION}:*:*:*:*:*:*:*") set(POTRACE_VERSION 1.16) set(POTRACE_URI http://potrace.sourceforge.net/download/${POTRACE_VERSION}/potrace-${POTRACE_VERSION}.tar.gz) set(POTRACE_HASH 5f0bd87ddd9a620b0c4e65652ef93d69) set(POTRACE_HASH_TYPE MD5) set(POTRACE_FILE potrace-${POTRACE_VERSION}.tar.gz) +set(POTRACE_CPE "cpe:2.3:a:icoasoft:potrace:${POTRACE_VERSION}:*:*:*:*:*:*:*") set(HARU_VERSION 2_3_0) set(HARU_URI https://github.com/libharu/libharu/archive/RELEASE_${HARU_VERSION}.tar.gz) @@ -499,6 +546,7 @@ set(ZSTD_URI https://github.com/facebook/zstd/releases/download/v${ZSTD_VERSION} set(ZSTD_HASH 5194fbfa781fcf45b98c5e849651aa7b3b0a008c6b72d4a0db760f3002291e94) set(ZSTD_HASH_TYPE SHA256) set(ZSTD_FILE zstd-${ZSTD_VERSION}.tar.gz) +set(ZSTD_CPE "cpe:2.3:a:facebook:zstandard:${ZSTD_VERSION}:*:*:*:*:*:*:*") set(SSE2NEON_VERSION fe5ff00bb8d19b327714a3c290f3e2ce81ba3525) set(SSE2NEON_URI https://github.com/DLTcollab/sse2neon/archive/${SSE2NEON_VERSION}.tar.gz) @@ -506,11 +554,12 @@ set(SSE2NEON_HASH 0780253525d299c31775ef95853698d03db9c7739942af8570000f4a25a5d6 set(SSE2NEON_HASH_TYPE SHA256) set(SSE2NEON_FILE sse2neon-${SSE2NEON_VERSION}.tar.gz) -set(BROTLI_VERSION v1.0.9) -set(BROTLI_URI https://github.com/google/brotli/archive/refs/tags/${BROTLI_VERSION}.tar.gz) +set(BROTLI_VERSION 1.0.9) +set(BROTLI_URI https://github.com/google/brotli/archive/refs/tags/v${BROTLI_VERSION}.tar.gz) set(BROTLI_HASH f9e8d81d0405ba66d181529af42a3354f838c939095ff99930da6aa9cdf6fe46) set(BROTLI_HASH_TYPE SHA256) -set(BROTLI_FILE brotli-${BROTLI_VERSION}.tar.gz) +set(BROTLI_FILE brotli-v${BROTLI_VERSION}.tar.gz) +set(BROTLI_CPE "cpe:2.3:a:google:brotli:${BROTLI_VERSION}:*:*:*:*:*:*:*") set(OPENPGL_VERSION v0.3.1-beta) set(OPENPGL_SHORT_VERSION 0.3.1) |