rpms/blender/F-7 blender-2.45-cve-2008-1102.patch, NONE, 1.1 blender-2.45-gcc43.patch, NONE, 1.1 blender.spec, 1.65, 1.66
Jochen Schmitt (s4504kr)
fedora-extras-commits at redhat.com
Thu Apr 24 14:56:19 UTC 2008
- Previous message (by thread): rpms/blender/F-8 blender-2.45-cve-2008-1102.patch, NONE, 1.1 blender-2.45-gcc43.patch, NONE, 1.1 blender.spec, 1.70, 1.71
- Next message (by thread): rpms/coreutils/devel coreutils-6.10-configuration.patch, 1.6, 1.7 coreutils.spec, 1.210, 1.211
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: s4504kr
Update of /cvs/extras/rpms/blender/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19659
Modified Files:
blender.spec
Added Files:
blender-2.45-cve-2008-1102.patch blender-2.45-gcc43.patch
Log Message:
Fix CVE-2008-1102
blender-2.45-cve-2008-1102.patch:
--- NEW FILE blender-2.45-cve-2008-1102.patch ---
diff -up blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv blender-2.45/source/blender/imbuf/intern/radiance_hdr.c
--- blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv 2008-04-24 16:22:36.000000000 +0200
+++ blender-2.45/source/blender/imbuf/intern/radiance_hdr.c 2008-04-24 16:25:59.000000000 +0200
@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char
}
}
if (found) {
- sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width);
+ if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height,
+ (char*)&oriX, &width) != 4) return NULL;
/* find end of this line, data right behind it */
ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n');
blender-2.45-gcc43.patch:
--- NEW FILE blender-2.45-gcc43.patch ---
diff -up blender-2.45/source/blender/yafray/intern/yafray_Render.cpp.gcc43 blender-2.45/source/blender/yafray/intern/yafray_Render.cpp
--- blender-2.45/source/blender/yafray/intern/yafray_Render.cpp.gcc43 2007-09-18 06:58:44.000000000 +0200
+++ blender-2.45/source/blender/yafray/intern/yafray_Render.cpp 2008-01-17 20:49:05.000000000 +0100
@@ -8,6 +8,8 @@
#include <math.h>
+#include <cstring>
+
using namespace std;
void yafrayRender_t::clearAll()
diff -up blender-2.45/source/blender/yafray/intern/export_File.cpp.gcc43 blender-2.45/source/blender/yafray/intern/export_File.cpp
--- blender-2.45/source/blender/yafray/intern/export_File.cpp.gcc43 2007-09-18 06:58:44.000000000 +0200
+++ blender-2.45/source/blender/yafray/intern/export_File.cpp 2008-01-17 20:49:05.000000000 +0100
@@ -2,6 +2,8 @@
#include <math.h>
+#include <cstring>
+
using namespace std;
static string command_path = "";
diff -up blender-2.45/source/blender/yafray/intern/export_Plugin.cpp.gcc43 blender-2.45/source/blender/yafray/intern/export_Plugin.cpp
--- blender-2.45/source/blender/yafray/intern/export_Plugin.cpp.gcc43 2007-09-18 06:58:44.000000000 +0200
+++ blender-2.45/source/blender/yafray/intern/export_Plugin.cpp 2008-01-17 20:49:05.000000000 +0100
@@ -1,6 +1,9 @@
#include "export_Plugin.h"
#include <math.h>
+
+#include <cstring>
+
using namespace std;
diff -up blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp.gcc43 blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp
--- blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp.gcc43 2008-01-17 20:56:36.000000000 +0100
+++ blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp 2008-01-17 20:57:03.000000000 +0100
@@ -32,6 +32,8 @@
#include "GPC_KeyboardDevice.h"
+#include <cstdlib>
+
/**
* NextFrame toggles currentTable with previousTable,
* and copies relevant event information from previous to current table
diff -up blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h.gcc43 blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h
--- blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h.gcc43 2007-09-18 06:58:17.000000000 +0200
+++ blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h 2008-01-17 20:49:05.000000000 +0100
@@ -56,7 +56,7 @@
# undef GL_ARB_vertex_program
#endif
-#include "glext.h"
+// #include "glext.h"
#include "EXT_separate_specular_color.h"
#include "ARB_multitexture.h"
diff -up blender-2.45/intern/string/STR_String.h.gcc43 blender-2.45/intern/string/STR_String.h
--- blender-2.45/intern/string/STR_String.h.gcc43 2007-09-18 06:58:01.000000000 +0200
+++ blender-2.45/intern/string/STR_String.h 2008-01-17 20:49:05.000000000 +0100
@@ -47,6 +47,10 @@
#include <vector>
#include <limits.h>
+
+#include <cstring>
+#include <cstdlib>
+
using namespace std;
diff -up blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp.gcc43 blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp
--- blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp.gcc43 2007-09-18 06:57:51.000000000 +0200
+++ blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp 2008-01-17 20:49:05.000000000 +0100
@@ -42,6 +42,8 @@
#include <strings.h>
#endif
+#include <cstring>
+#include <cstdio>
// For obscure full screen mode stuuf
// lifted verbatim from blut.
Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/F-7/blender.spec,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- blender.spec 12 Mar 2008 15:50:52 -0000 1.65
+++ blender.spec 24 Apr 2008 14:55:43 -0000 1.66
@@ -3,7 +3,7 @@
Name: blender
Version: 2.45
-Release: 10%{?dist}
+Release: 11%{?dist}
Summary: 3D modeling, animation, rendering and post-production
@@ -26,8 +26,12 @@
Source7: blender-2.44.config
Patch1: blender-2.44-scons.patch
+Patch2: blender-2.44-bid.patch
+Patch3: blender-2.45-gcc43.patch
Patch4: blender-2.45-yafray.patch
+Patch100: blender-2.45-cve-2008-1102.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: desktop-file-utils
@@ -71,11 +75,16 @@
%prep
%setup -q
%patch1 -p1 -b .org
+%patch2 -p1 -b .bid
+%patch3 -p1 -b .gcc43
+
%if "%{?_lib}" == "lib64"
%patch4 -p1
%endif
+%patch100 -p1 -b .cve
+
PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
sed -e 's|@LIB@|%{_libdir}|g' -e "s/@PYVER@/$PYVER/g" \
@@ -178,13 +187,16 @@
%{_datadir}/mime/packages/blender.xml
%changelog
+* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-11
+- Fix CVS-2008-1102 (#443936)
+
* Wed Mar 12 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-10
- Clarification of restrictions caused by legal issues
* Tue Mar 4 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-9
-- Enable yafray patch only for 64 bit systems
+- Apply yafray patch only on 64-bit systems
-* Thu Feb 28 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-8.1
+* Thu Feb 28 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-8
- Fix yafray load bug (#451571)
* Sun Feb 10 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-7
- Previous message (by thread): rpms/blender/F-8 blender-2.45-cve-2008-1102.patch, NONE, 1.1 blender-2.45-gcc43.patch, NONE, 1.1 blender.spec, 1.70, 1.71
- Next message (by thread): rpms/coreutils/devel coreutils-6.10-configuration.patch, 1.6, 1.7 coreutils.spec, 1.210, 1.211
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list