rpms/blender/F-9 blender-2.48a-cve-2008-4863.patch, NONE, 1.1 blender.spec, 1.84, 1.85
Jochen Schmitt
s4504kr at fedoraproject.org
Mon Nov 3 17:02:20 UTC 2008
- Previous message (by thread): rpms/kernel/devel linux-2.6-defaults-pciehp.patch, NONE, 1.1 linux-2.6-pciehp-update.patch, NONE, 1.1 config-generic, 1.189, 1.190 kernel.spec, 1.1112, 1.1113
- Next message (by thread): rpms/php-Smarty/EL-5 php-Smarty-2.6.20-security.patch, NONE, 1.1 php-Smarty.spec, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: s4504kr
Update of /cvs/extras/rpms/blender/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6589
Modified Files:
blender.spec
Added Files:
blender-2.48a-cve-2008-4863.patch
Log Message:
Fix security issue CVE-2008-4863
blender-2.48a-cve-2008-4863.patch:
--- NEW FILE blender-2.48a-cve-2008-4863.patch ---
diff -up blender-2.48a/source/blender/python/BPY_interface.c.cve blender-2.48a/source/blender/python/BPY_interface.c
--- blender-2.48a/source/blender/python/BPY_interface.c.cve 2008-11-03 17:31:19.000000000 +0100
+++ blender-2.48a/source/blender/python/BPY_interface.c 2008-11-03 17:35:01.000000000 +0100
@@ -225,6 +225,11 @@ void BPY_start_python( int argc, char **
Py_Initialize( );
PySys_SetArgv( argc_copy, argv_copy );
+
+ /* Sanitize sys.path to prevent relative imports loading modules in
+ the current working directory */
+ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+
/* Initialize thread support (also acquires lock) */
PyEval_InitThreads();
Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/F-9/blender.spec,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- blender.spec 26 Oct 2008 20:00:11 -0000 1.84
+++ blender.spec 3 Nov 2008 17:01:49 -0000 1.85
@@ -3,7 +3,7 @@
Name: blender
Version: 2.48a
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: 3D modeling, animation, rendering and post-production
@@ -30,6 +30,7 @@
Patch2: blender-2.44-bid.patch
Patch100: blender-2.46rc3-cve-2008-1103-1.patch
+Patch101: blender-2.48a-cve-2008-4863.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -77,7 +78,8 @@
%patch1 -p1 -b .org
%patch2 -p1 -b .bid
-%patch100 -p1 -b .cve
+%patch100 -p1
+%patch101 -p1
PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
@@ -153,6 +155,12 @@
--add-category X-Fedora \
%{SOURCE4}
+#
+# Create empty %%{_libdir}/blender/scripts to claim ownership
+#
+
+install -d ${RPM_BUILD_ROOT}%{_libdir}/blender/scripts
+
%find_lang %name
%clean
@@ -179,7 +187,13 @@
%{_datadir}/mime/packages/blender.xml
%changelog
+* Mon Nov 3 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-4
+- Fix security issue (#469655, CVE-2008-4863)
+
* Sun Oct 26 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-3
+- Create %%{_libdir}/blender/scripts/ to claim ownership
+
+* Sun Oct 26 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-1
- New upstream release
* Wed Oct 15 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48-1
- Previous message (by thread): rpms/kernel/devel linux-2.6-defaults-pciehp.patch, NONE, 1.1 linux-2.6-pciehp-update.patch, NONE, 1.1 config-generic, 1.189, 1.190 kernel.spec, 1.1112, 1.1113
- Next message (by thread): rpms/php-Smarty/EL-5 php-Smarty-2.6.20-security.patch, NONE, 1.1 php-Smarty.spec, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list