rpms/blender/F-8 blender-2.45-cve-2008-1103-1.patch, NONE, 1.1 blender-2.45-cve-2008-1103-2.patch, NONE, 1.1 blender.spec, 1.75, 1.76
Jochen Schmitt (s4504kr)
fedora-extras-commits at redhat.com
Wed May 7 15:51:35 UTC 2008
- Previous message (by thread): rpms/foomatic/devel foomatic-sigpipe.patch, NONE, 1.1 foomatic.spec, 1.184, 1.185
- Next message (by thread): rpms/gtk-vnc/devel .cvsignore, 1.5, 1.6 gtk-vnc.spec, 1.16, 1.17 sources, 1.8, 1.9 gtk-vnc-0.3.4-endianess.patch, 1.1, NONE gtk-vnc-0.3.4-makecontext.patch, 1.1, NONE gtk-vnc-0.3.4-protocol-version.patch, 1.1, NONE gtk-vnc-0.3.4-render.patch, 1.2, NONE gtk-vnc-0.3.4-scaling-crash.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: s4504kr
Update of /cvs/extras/rpms/blender/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30432
Modified Files:
blender.spec
Added Files:
blender-2.45-cve-2008-1103-1.patch
blender-2.45-cve-2008-1103-2.patch
Log Message:
Fix CVE-2008-1103
blender-2.45-cve-2008-1103-1.patch:
--- NEW FILE blender-2.45-cve-2008-1103-1.patch ---
diff -urN blender-2.36.orig/source/blender/blenkernel/intern/blender.c blender-2.36/source/blender/blenkernel/intern/blender.c
--- blender-2.36.orig/source/blender/blenkernel/intern/blender.c 2005-03-11 01:54:56.000000000 +0900
+++ blender-2.36/source/blender/blenkernel/intern/blender.c 2005-03-11 01:57:26.000000000 +0900
@@ -647,7 +647,7 @@
BLI_make_file_string("/", str, U.tempdir, "quit.blend");
- file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666);
+ file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC+O_EXCL, 0666);
if(file == -1) {
printf("Unable to save %s\n", str);
return;
blender-2.45-cve-2008-1103-2.patch:
--- NEW FILE blender-2.45-cve-2008-1103-2.patch ---
diff -up blender-2.45/source/blender/src/usiblender.c.cve3 blender-2.45/source/blender/src/usiblender.c
--- blender-2.45/source/blender/src/usiblender.c.cve3 2007-09-18 06:58:42.000000000 +0200
+++ blender-2.45/source/blender/src/usiblender.c 2008-05-07 17:32:10.000000000 +0200
@@ -172,10 +172,12 @@ static void init_userdef_file(void)
U.tb_rightmouse= 5;
}
if(U.mixbufsize==0) U.mixbufsize= 2048;
- if (BLI_streq(U.tempdir, "/")) {
+ if (BLI_streq(U.tempdir, "/") || BLI_streq(U.tempdir, "/tmp/")) {
char *tmp= getenv("TEMP");
+ char *home= getenv("HOME");
- strcpy(U.tempdir, tmp?tmp:"/tmp/");
+ strcpy(U.tempdir, tmp?tmp:home);
+ if (!tmp) strcat(U.tempdir, "/.blender/");
}
if (U.savetime <= 0) {
U.savetime = 1;
Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/F-8/blender.spec,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- blender.spec 27 Apr 2008 20:00:22 -0000 1.75
+++ blender.spec 7 May 2008 15:50:57 -0000 1.76
@@ -3,7 +3,7 @@
Name: blender
Version: 2.45
-Release: 13%{?dist}
+Release: 14%{?dist}
Summary: 3D modeling, animation, rendering and post-production
@@ -32,6 +32,8 @@
Patch5: blender-2.45-sc.patch
Patch100: blender-2.45-cve-2008-1102.patch
+Patch101: blender-2.45-cve-2008-1103-1.patch
+Patch102: blender-2.45-cve-2008-1103-2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -78,15 +80,16 @@
%patch1 -p1 -b .org
%patch2 -p1 -b .bid
%patch3 -p1 -b .gcc43
+%patch5 -p1 -b .scons
%if "%{?_lib}" == "lib64"
%patch4 -p1
%endif
-%patch5 -p1 -b .scons
-
-%patch100 -p1 -b .cve
+%patch100 -p1 -b .cve1
+%patch101 -p1 -b .cve2
+%patch102 -p1 -b .cve3
PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
@@ -173,6 +176,7 @@
update-mime-database %{_datadir}/mime > /dev/null 2>&1 || :
update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
+
%postun
update-mime-database %{_datadir}/mime > /dev/null 2>&1 || :
update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
@@ -189,14 +193,17 @@
%{_datadir}/mime/packages/blender.xml
%changelog
+* Wed May 7 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-14
+- Fix CVE-2008-1103 (#444535)
+
* Sun Apr 27 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-13
- More generic patch to solve scons issue
-* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-12.1
-- Fix scons compatiblity issue
+* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-12
+- Fix odd scons compatibility issue
* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-11
-- Fix CVS-2008-1102 (#443936)
+- Fix CVS-2008-1102 (#443937)
* Wed Mar 12 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-10
- Clarification of restrictions caused by legal issues
- Previous message (by thread): rpms/foomatic/devel foomatic-sigpipe.patch, NONE, 1.1 foomatic.spec, 1.184, 1.185
- Next message (by thread): rpms/gtk-vnc/devel .cvsignore, 1.5, 1.6 gtk-vnc.spec, 1.16, 1.17 sources, 1.8, 1.9 gtk-vnc-0.3.4-endianess.patch, 1.1, NONE gtk-vnc-0.3.4-makecontext.patch, 1.1, NONE gtk-vnc-0.3.4-protocol-version.patch, 1.1, NONE gtk-vnc-0.3.4-render.patch, 1.2, NONE gtk-vnc-0.3.4-scaling-crash.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list