rpms/blender/F-8 blender-2.45-cve-2008-1103-1.patch, NONE, 1.1 blender-2.45-cve-2008-1103-2.patch, NONE, 1.1 blender.spec, 1.75, 1.76

Wed May 7 15:51:35 UTC 2008

Author: s4504kr

Update of /cvs/extras/rpms/blender/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30432

Modified Files:
	blender.spec 
Added Files:
	blender-2.45-cve-2008-1103-1.patch 
	blender-2.45-cve-2008-1103-2.patch 
Log Message:
Fix CVE-2008-1103

blender-2.45-cve-2008-1103-1.patch:

--- NEW FILE blender-2.45-cve-2008-1103-1.patch ---
diff -urN blender-2.36.orig/source/blender/blenkernel/intern/blender.c blender-2.36/source/blender/blenkernel/intern/blender.c
--- blender-2.36.orig/source/blender/blenkernel/intern/blender.c	2005-03-11 01:54:56.000000000 +0900
+++ blender-2.36/source/blender/blenkernel/intern/blender.c	2005-03-11 01:57:26.000000000 +0900
@@ -647,7 +647,7 @@
 		
 	BLI_make_file_string("/", str, U.tempdir, "quit.blend");
 
-	file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666);
+	file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC+O_EXCL, 0666);
 	if(file == -1) {
 		printf("Unable to save %s\n", str);
 		return;

blender-2.45-cve-2008-1103-2.patch:

--- NEW FILE blender-2.45-cve-2008-1103-2.patch ---
diff -up blender-2.45/source/blender/src/usiblender.c.cve3 blender-2.45/source/blender/src/usiblender.c
--- blender-2.45/source/blender/src/usiblender.c.cve3	2007-09-18 06:58:42.000000000 +0200
+++ blender-2.45/source/blender/src/usiblender.c	2008-05-07 17:32:10.000000000 +0200
@@ -172,10 +172,12 @@ static void init_userdef_file(void)
 		U.tb_rightmouse= 5;
 	}
 	if(U.mixbufsize==0) U.mixbufsize= 2048;
-	if (BLI_streq(U.tempdir, "/")) {
+	if (BLI_streq(U.tempdir, "/") || BLI_streq(U.tempdir, "/tmp/")) {
 		char *tmp= getenv("TEMP");
+                char *home= getenv("HOME");
 		
-		strcpy(U.tempdir, tmp?tmp:"/tmp/");
+		strcpy(U.tempdir, tmp?tmp:home);
+                if (!tmp) strcat(U.tempdir, "/.blender/");
 	}
 	if (U.savetime <= 0) {
 		U.savetime = 1;


Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/F-8/blender.spec,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- blender.spec	27 Apr 2008 20:00:22 -0000	1.75
+++ blender.spec	7 May 2008 15:50:57 -0000	1.76
@@ -3,7 +3,7 @@
 
 Name:           blender
 Version:        2.45
-Release: 	13%{?dist}
+Release: 	14%{?dist}
 
 Summary:        3D modeling, animation, rendering and post-production
 
@@ -32,6 +32,8 @@
 Patch5:		blender-2.45-sc.patch
 
 Patch100:	blender-2.45-cve-2008-1102.patch
+Patch101:	blender-2.45-cve-2008-1103-1.patch
+Patch102:	blender-2.45-cve-2008-1103-2.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -78,15 +80,16 @@
 %patch1 -p1 -b .org
 %patch2 -p1 -b .bid
 %patch3 -p1 -b .gcc43
+%patch5 -p1 -b .scons
 
 
 %if "%{?_lib}" == "lib64"
 %patch4 -p1
 %endif
 
-%patch5 -p1 -b .scons
-
-%patch100 -p1 -b .cve
+%patch100 -p1 -b .cve1
+%patch101 -p1 -b .cve2
+%patch102 -p1 -b .cve3
 
 PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
 
@@ -173,6 +176,7 @@
 update-mime-database %{_datadir}/mime > /dev/null 2>&1 || :
 update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
 
+
 %postun
 update-mime-database %{_datadir}/mime > /dev/null 2>&1 || :
 update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
@@ -189,14 +193,17 @@
 %{_datadir}/mime/packages/blender.xml
 
 %changelog
+* Wed May  7 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-14
+- Fix CVE-2008-1103 (#444535)
+
 * Sun Apr 27 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-13
 - More generic patch to solve scons issue
 
-* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-12.1
-- Fix scons compatiblity issue
+* Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-12
+- Fix odd scons compatibility issue
 
 * Thu Apr 24 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-11
-- Fix CVS-2008-1102 (#443936)
+- Fix CVS-2008-1102 (#443937)
 
 * Wed Mar 12 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-10
 - Clarification of restrictions caused by legal issues


