rpms/blender/devel blender-2.45-cve-2008-1102.patch, NONE, 1.1 blender.spec, 1.72, 1.73

Jochen Schmitt (s4504kr) fedora-extras-commits at redhat.com
Thu Apr 24 14:37:04 UTC 2008 

Author: s4504kr

Update of /cvs/extras/rpms/blender/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18655

Modified Files:
	blender.spec 
Added Files:
	blender-2.45-cve-2008-1102.patch 
Log Message:
Fix CVE-2008-1102

blender-2.45-cve-2008-1102.patch:

--- NEW FILE blender-2.45-cve-2008-1102.patch ---
diff -up blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv blender-2.45/source/blender/imbuf/intern/radiance_hdr.c
--- blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv	2008-04-24 16:22:36.000000000 +0200
+++ blender-2.45/source/blender/imbuf/intern/radiance_hdr.c	2008-04-24 16:25:59.000000000 +0200
@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char 
 			}
 		}
 		if (found) {
-			sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width);
+			if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height, 
+				(char*)&oriX, &width) != 4) return NULL;
 
 			/* find end of this line, data right behind it */
 			ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n');


Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/devel/blender.spec,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- blender.spec	12 Mar 2008 15:44:38 -0000	1.72
+++ blender.spec	24 Apr 2008 14:36:26 -0000	1.73
@@ -3,7 +3,7 @@
 
 Name:           blender
 Version:        2.45
-Release: 	10%{?dist}
+Release: 	11%{?dist}
 
 Summary:        3D modeling, animation, rendering and post-production
 
@@ -30,6 +30,8 @@
 Patch3:		blender-2.45-gcc43.patch
 Patch4:         blender-2.45-yafray.patch
 
+Patch100:	blender-2.45-cve-2008-1102.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  desktop-file-utils
@@ -76,10 +78,13 @@
 %patch2 -p1 -b .bid
 %patch3 -p1 -b .gcc43
 
+
 %if "%{?_lib}" == "lib64"
 %patch4 -p1
 %endif
 
+%patch100 -p1 -b .cve
+
 PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
 
 sed -e 's|@LIB@|%{_libdir}|g' -e "s/@PYVER@/$PYVER/g" \
@@ -182,6 +187,9 @@
 %{_datadir}/mime/packages/blender.xml
 
 %changelog
+* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-11
+- Fix CVS-2008-1102 (#443937)
+
 * Wed Mar 12 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-10
 - Clarification of restrictions caused by legal issues

More information about the fedora-extras-commits mailing list