diff options
| author | wiz <wiz> | 2011-04-01 11:31:56 +0000 |
|---|---|---|
| committer | wiz <wiz> | 2011-04-01 11:31:56 +0000 |
| commit | d7f6681a1d853ab2856c430369797a8dcb5ddd3f (patch) | |
| tree | 0c186d80d6e0d52f00c734f0565bc1f8f77d61e8 /graphics/blender | |
| parent | 348db03d0abcf7e1fd19e46672ee8e54bd968331 (diff) | |
| download | pkgsrc-d7f6681a1d853ab2856c430369797a8dcb5ddd3f.tar.gz | |
Fix CVE-2008-4863 using the Debian patch by James Vega.
Bump PKGREVISION.
Mark MAKE_JOBS_SAFE=no since installation fails with -j16.
Diffstat (limited to 'graphics/blender')
| -rw-r--r-- | graphics/blender/Makefile | 6 | ||||
| -rw-r--r-- | graphics/blender/distinfo | 3 | ||||
| -rw-r--r-- | graphics/blender/patches/patch-source_blender_python_BPY__interface.c | 21 |
3 files changed, 27 insertions, 3 deletions
diff --git a/graphics/blender/Makefile b/graphics/blender/Makefile index 1723e05c866..d0041fc73c2 100644 --- a/graphics/blender/Makefile +++ b/graphics/blender/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.74 2011/04/01 10:59:56 wiz Exp $ +# $NetBSD: Makefile,v 1.75 2011/04/01 11:31:56 wiz Exp $ DISTNAME= blender-2.49b -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= graphics MASTER_SITES= http://download.blender.org/source/ @@ -17,6 +17,8 @@ CMAKE_ARG_PATH= .. CONFIGURE_DIRS= _build PKG_DESTDIR_SUPPORT= user-destdir +MAKE_JOBS_SAFE= no + LDFLAGS+= -lcrypto .include "options.mk" diff --git a/graphics/blender/distinfo b/graphics/blender/distinfo index d3069994596..6d84b85a25c 100644 --- a/graphics/blender/distinfo +++ b/graphics/blender/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.29 2009/11/03 19:06:51 markd Exp $ +$NetBSD: distinfo,v 1.30 2011/04/01 11:31:56 wiz Exp $ SHA1 (blender-2.49b.tar.gz) = 43f71e7de4efe79c518d45f4b5a04e03c28d5fc5 RMD160 (blender-2.49b.tar.gz) = 5b641de7b41af5e4186c9721b66eddc6870f9fbc @@ -12,3 +12,4 @@ SHA1 (patch-aj) = 59c935bc84101e3a57af5231d6f1153897bbbb03 SHA1 (patch-ak) = 98c93b7ee12e60aff0d8890cd1cdc7213515d270 SHA1 (patch-al) = 8589d359484351766bfb99e58debf075bebbfd66 SHA1 (patch-am) = 6da69ace1e9da706124621f6721fd4d4f804cc6f +SHA1 (patch-source_blender_python_BPY__interface.c) = 9cc72c2fea93e9bfdf9b2f9cc147be90c044d53d diff --git a/graphics/blender/patches/patch-source_blender_python_BPY__interface.c b/graphics/blender/patches/patch-source_blender_python_BPY__interface.c new file mode 100644 index 00000000000..be05a7c993a --- /dev/null +++ b/graphics/blender/patches/patch-source_blender_python_BPY__interface.c @@ -0,0 +1,21 @@ +$NetBSD: patch-source_blender_python_BPY__interface.c,v 1.1 2011/04/01 11:31:56 wiz Exp $ + +Fix http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4863 +using patch from James Vega via +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 + +--- source/blender/python/BPY_interface.c.orig 2009-09-01 15:21:12.000000000 +0000 ++++ source/blender/python/BPY_interface.c +@@ -236,6 +236,12 @@ void BPY_start_python( int argc, char ** + Py_Initialize( ); + + PySys_SetArgv( argc_copy, argv_copy ); ++ ++ /* Sanitize sys.path to prevent relative imports loading modules in ++ * the current working directory ++ */ ++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)"); ++ + /* Initialize thread support (also acquires lock) */ + PyEval_InitThreads(); + |