diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-05-17 10:33:15 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-05-17 10:33:15 +0000 |
| commit | 04839ffa37244ece4ad0c0126a93c86a96712afa (patch) | |
| tree | e3184713b133d17f4eb085e2e99273b0b07eb73b | |
| parent | 1f8accbf4c1ce49aae1830bd4dd46c5571dc106d (diff) | |
| download | pkgsrc-04839ffa37244ece4ad0c0126a93c86a96712afa.tar.gz | |
Fix CVEs CVE-2008-1102 and CVE-2008-1102 for blender:
- Fix arbitrary code execution vulnerability in .bend files which contain
a crafted RGBE file (CVE-2008-1102).
- Create various temporary files in safer paths (CVE-2008-1103).
| -rw-r--r-- | graphics/blender/Makefile | 4 | ||||
| -rw-r--r-- | graphics/blender/distinfo | 5 | ||||
| -rw-r--r-- | graphics/blender/patches/patch-ae | 19 | ||||
| -rw-r--r-- | graphics/blender/patches/patch-af | 13 | ||||
| -rw-r--r-- | graphics/blender/patches/patch-ag | 14 |
5 files changed, 52 insertions, 3 deletions
diff --git a/graphics/blender/Makefile b/graphics/blender/Makefile index 35d71a67d9c..1566f7d2a7b 100644 --- a/graphics/blender/Makefile +++ b/graphics/blender/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.60 2008/01/18 05:06:38 tnn Exp $ +# $NetBSD: Makefile,v 1.61 2008/05/17 10:33:15 tonnerre Exp $ DISTNAME= blender-2.45 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.cs.umn.edu/pub/blender.org/source/ \ http://download.blender.org/source/ diff --git a/graphics/blender/distinfo b/graphics/blender/distinfo index a0cc82edf1e..ac5ba410dfe 100644 --- a/graphics/blender/distinfo +++ b/graphics/blender/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.23 2008/01/04 19:56:45 markd Exp $ +$NetBSD: distinfo,v 1.24 2008/05/17 10:33:15 tonnerre Exp $ SHA1 (blender-2.45.tar.gz) = ff66ec5f0129fd04a2ba5c063627ef13033c0598 RMD160 (blender-2.45.tar.gz) = fd39b59de0f4d770fe26ce39d51356e98b1ec8ea @@ -6,5 +6,8 @@ Size (blender-2.45.tar.gz) = 14226829 bytes SHA1 (patch-ab) = 7f5b4966bd08333f5d726cf9b6d7c2300e62d711 SHA1 (patch-ac) = dcfa14519404915a69bd626c8a5a6029d2535ca2 SHA1 (patch-ad) = cfec8537593071381687df1f37906a6f28eb45cf +SHA1 (patch-ae) = 45ea375bc405948d4eadc786379f8a8b700c8d91 +SHA1 (patch-af) = ce57bcf10e9291ed156e54b66d154950b0079eb9 +SHA1 (patch-ag) = bd3fae7b10349dd2c1ef45a18346d980530e01a4 SHA1 (patch-ah) = b45f534b4c5850da13e9b421f73e33c8d079696f SHA1 (patch-ai) = 8909e9d698b9370bb756b81c41812a05790da419 diff --git a/graphics/blender/patches/patch-ae b/graphics/blender/patches/patch-ae new file mode 100644 index 00000000000..452dd4ded94 --- /dev/null +++ b/graphics/blender/patches/patch-ae @@ -0,0 +1,19 @@ +$NetBSD: patch-ae,v 1.7 2008/05/17 10:33:15 tonnerre Exp $ + +--- source/blender/src/usiblender.c.orig 2007-09-18 04:58:42.000000000 +0000 ++++ source/blender/src/usiblender.c +@@ -172,10 +172,12 @@ static void init_userdef_file(void) + U.tb_rightmouse= 5; + } + if(U.mixbufsize==0) U.mixbufsize= 2048; +- if (BLI_streq(U.tempdir, "/")) { ++ if (BLI_streq(U.tempdir, "/") || BLI_streq(U.tempdir, "/tmp/")) { + char *tmp= getenv("TEMP"); ++ char *home= getenv("HOME"); + +- strcpy(U.tempdir, tmp?tmp:"/tmp/"); ++ strcpy(U.tempdir, tmp?tmp:home); ++ if (!tmp) strcat(U.tempdir, "/.blender/"); + } + if (U.savetime <= 0) { + U.savetime = 1; diff --git a/graphics/blender/patches/patch-af b/graphics/blender/patches/patch-af new file mode 100644 index 00000000000..2735f07e088 --- /dev/null +++ b/graphics/blender/patches/patch-af @@ -0,0 +1,13 @@ +$NetBSD: patch-af,v 1.6 2008/05/17 10:33:15 tonnerre Exp $ + +--- source/blender/blenkernel/intern/blender.c.orig 2007-09-18 04:58:33.000000000 +0000 ++++ source/blender/blenkernel/intern/blender.c +@@ -714,7 +714,7 @@ void BKE_undo_save_quit(void) + + BLI_make_file_string("/", str, U.tempdir, "quit.blend"); + +- file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666); ++ file = open(str,O_BINARY|O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0666); + if(file == -1) { + printf("Unable to save %s\n", str); + return; diff --git a/graphics/blender/patches/patch-ag b/graphics/blender/patches/patch-ag new file mode 100644 index 00000000000..6f44e5c0256 --- /dev/null +++ b/graphics/blender/patches/patch-ag @@ -0,0 +1,14 @@ +$NetBSD: patch-ag,v 1.6 2008/05/17 10:33:15 tonnerre Exp $ + +--- source/blender/imbuf/intern/radiance_hdr.c.orig 2007-09-18 04:58:45.000000000 +0000 ++++ source/blender/imbuf/intern/radiance_hdr.c +@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char + } + } + if (found) { +- sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width); ++ if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height, ++ (char*)&oriX, &width) != 4) return NULL; + + /* find end of this line, data right behind it */ + ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n'); |