rpms/blender/devel blender-2.45-cve-2008-1102.patch, NONE, 1.1 blender.spec, 1.72, 1.73
Jochen Schmitt (s4504kr)
fedora-extras-commits at redhat.com
Thu Apr 24 14:37:04 UTC 2008
Author: s4504kr
Update of /cvs/extras/rpms/blender/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18655
Modified Files:
blender.spec
Added Files:
blender-2.45-cve-2008-1102.patch
Log Message:
Fix CVE-2008-1102
blender-2.45-cve-2008-1102.patch:
--- NEW FILE blender-2.45-cve-2008-1102.patch ---
diff -up blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv blender-2.45/source/blender/imbuf/intern/radiance_hdr.c
--- blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv 2008-04-24 16:22:36.000000000 +0200
+++ blender-2.45/source/blender/imbuf/intern/radiance_hdr.c 2008-04-24 16:25:59.000000000 +0200
@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char
}
}
if (found) {
- sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width);
+ if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height,
+ (char*)&oriX, &width) != 4) return NULL;
/* find end of this line, data right behind it */
ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n');
Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/devel/blender.spec,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- blender.spec 12 Mar 2008 15:44:38 -0000 1.72
+++ blender.spec 24 Apr 2008 14:36:26 -0000 1.73
@@ -3,7 +3,7 @@
Name: blender
Version: 2.45
-Release: 10%{?dist}
+Release: 11%{?dist}
Summary: 3D modeling, animation, rendering and post-production
@@ -30,6 +30,8 @@
Patch3: blender-2.45-gcc43.patch
Patch4: blender-2.45-yafray.patch
+Patch100: blender-2.45-cve-2008-1102.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: desktop-file-utils
@@ -76,10 +78,13 @@
%patch2 -p1 -b .bid
%patch3 -p1 -b .gcc43
+
%if "%{?_lib}" == "lib64"
%patch4 -p1
%endif
+%patch100 -p1 -b .cve
+
PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
sed -e 's|@LIB@|%{_libdir}|g' -e "s/@PYVER@/$PYVER/g" \
@@ -182,6 +187,9 @@
%{_datadir}/mime/packages/blender.xml
%changelog
+* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-11
+- Fix CVS-2008-1102 (#443937)
+
* Wed Mar 12 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-10
- Clarification of restrictions caused by legal issues
More information about the fedora-extras-commits
mailing list