summaryrefslogtreecommitdiff
path: root/graphics
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2011-04-01 11:31:56 +0000
committerwiz <wiz@pkgsrc.org>2011-04-01 11:31:56 +0000
commitfd054c8917c5c625b2a9e6b88e1ac2209934e804 (patch)
tree0c186d80d6e0d52f00c734f0565bc1f8f77d61e8 /graphics
parenta741f622c62e8975da759240a6d9d2aad9562acb (diff)
downloadpkgsrc-fd054c8917c5c625b2a9e6b88e1ac2209934e804.tar.gz
Fix CVE-2008-4863 using the Debian patch by James Vega.
Bump PKGREVISION. Mark MAKE_JOBS_SAFE=no since installation fails with -j16.
Diffstat (limited to 'graphics')
-rw-r--r--graphics/blender/Makefile6
-rw-r--r--graphics/blender/distinfo3
-rw-r--r--graphics/blender/patches/patch-source_blender_python_BPY__interface.c21
3 files changed, 27 insertions, 3 deletions
diff --git a/graphics/blender/Makefile b/graphics/blender/Makefile
index 1723e05c866..d0041fc73c2 100644
--- a/graphics/blender/Makefile
+++ b/graphics/blender/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.74 2011/04/01 10:59:56 wiz Exp $
+# $NetBSD: Makefile,v 1.75 2011/04/01 11:31:56 wiz Exp $
DISTNAME= blender-2.49b
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= graphics
MASTER_SITES= http://download.blender.org/source/
@@ -17,6 +17,8 @@ CMAKE_ARG_PATH= ..
CONFIGURE_DIRS= _build
PKG_DESTDIR_SUPPORT= user-destdir
+MAKE_JOBS_SAFE= no
+
LDFLAGS+= -lcrypto
.include "options.mk"
diff --git a/graphics/blender/distinfo b/graphics/blender/distinfo
index d3069994596..6d84b85a25c 100644
--- a/graphics/blender/distinfo
+++ b/graphics/blender/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2009/11/03 19:06:51 markd Exp $
+$NetBSD: distinfo,v 1.30 2011/04/01 11:31:56 wiz Exp $
SHA1 (blender-2.49b.tar.gz) = 43f71e7de4efe79c518d45f4b5a04e03c28d5fc5
RMD160 (blender-2.49b.tar.gz) = 5b641de7b41af5e4186c9721b66eddc6870f9fbc
@@ -12,3 +12,4 @@ SHA1 (patch-aj) = 59c935bc84101e3a57af5231d6f1153897bbbb03
SHA1 (patch-ak) = 98c93b7ee12e60aff0d8890cd1cdc7213515d270
SHA1 (patch-al) = 8589d359484351766bfb99e58debf075bebbfd66
SHA1 (patch-am) = 6da69ace1e9da706124621f6721fd4d4f804cc6f
+SHA1 (patch-source_blender_python_BPY__interface.c) = 9cc72c2fea93e9bfdf9b2f9cc147be90c044d53d
diff --git a/graphics/blender/patches/patch-source_blender_python_BPY__interface.c b/graphics/blender/patches/patch-source_blender_python_BPY__interface.c
new file mode 100644
index 00000000000..be05a7c993a
--- /dev/null
+++ b/graphics/blender/patches/patch-source_blender_python_BPY__interface.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-source_blender_python_BPY__interface.c,v 1.1 2011/04/01 11:31:56 wiz Exp $
+
+Fix http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4863
+using patch from James Vega via
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
+
+--- source/blender/python/BPY_interface.c.orig 2009-09-01 15:21:12.000000000 +0000
++++ source/blender/python/BPY_interface.c
+@@ -236,6 +236,12 @@ void BPY_start_python( int argc, char **
+ Py_Initialize( );
+
+ PySys_SetArgv( argc_copy, argv_copy );
++
++ /* Sanitize sys.path to prevent relative imports loading modules in
++ * the current working directory
++ */
++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
++
+ /* Initialize thread support (also acquires lock) */
+ PyEval_InitThreads();
+