From 7969abf21680235cae58e478088e36442a0dc6d3 Mon Sep 17 00:00:00 2001 From: Jochen Schmitt Date: May 07 2008 16:17:53 +0000 Subject: Fix CVE-2008-1103 --- diff --git a/blender-2.45-cve-2008-1103-1.patch b/blender-2.45-cve-2008-1103-1.patch new file mode 100644 index 0000000..b1c5a9d --- /dev/null +++ b/blender-2.45-cve-2008-1103-1.patch @@ -0,0 +1,12 @@ +diff -urN blender-2.36.orig/source/blender/blenkernel/intern/blender.c blender-2.36/source/blender/blenkernel/intern/blender.c +--- blender-2.36.orig/source/blender/blenkernel/intern/blender.c 2005-03-11 01:54:56.000000000 +0900 ++++ blender-2.36/source/blender/blenkernel/intern/blender.c 2005-03-11 01:57:26.000000000 +0900 +@@ -647,7 +647,7 @@ + + BLI_make_file_string("/", str, U.tempdir, "quit.blend"); + +- file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666); ++ file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC+O_EXCL, 0666); + if(file == -1) { + printf("Unable to save %s\n", str); + return; diff --git a/blender-2.45-cve-2008-1103-2.patch b/blender-2.45-cve-2008-1103-2.patch new file mode 100644 index 0000000..96cd097 --- /dev/null +++ b/blender-2.45-cve-2008-1103-2.patch @@ -0,0 +1,18 @@ +diff -up blender-2.45/source/blender/src/usiblender.c.cve3 blender-2.45/source/blender/src/usiblender.c +--- blender-2.45/source/blender/src/usiblender.c.cve3 2007-09-18 06:58:42.000000000 +0200 ++++ blender-2.45/source/blender/src/usiblender.c 2008-05-07 17:32:10.000000000 +0200 +@@ -172,10 +172,12 @@ static void init_userdef_file(void) + U.tb_rightmouse= 5; + } + if(U.mixbufsize==0) U.mixbufsize= 2048; +- if (BLI_streq(U.tempdir, "/")) { ++ if (BLI_streq(U.tempdir, "/") || BLI_streq(U.tempdir, "/tmp/")) { + char *tmp= getenv("TEMP"); ++ char *home= getenv("HOME"); + +- strcpy(U.tempdir, tmp?tmp:"/tmp/"); ++ strcpy(U.tempdir, tmp?tmp:home); ++ if (!tmp) strcat(U.tempdir, "/.blender/"); + } + if (U.savetime <= 0) { + U.savetime = 1; diff --git a/blender.spec b/blender.spec index f3cf2bb..9fa4136 100644 --- a/blender.spec +++ b/blender.spec @@ -3,7 +3,7 @@ Name: blender Version: 2.45 -Release: 13%{?dist} +Release: 14%{?dist} Summary: 3D modeling, animation, rendering and post-production @@ -32,6 +32,8 @@ Patch4: blender-2.45-yafray.patch Patch5: blender-2.45-sc.patch Patch100: blender-2.45-cve-2008-1102.patch +Patch101: blender-2.45-cve-2008-1103-1.patch +Patch102: blender-2.45-cve-2008-1103-2.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -78,15 +80,16 @@ available. %patch1 -p1 -b .org %patch2 -p1 -b .bid %patch3 -p1 -b .gcc43 +%patch5 -p1 -b .scons %if "%{?_lib}" == "lib64" %patch4 -p1 %endif -%patch5 -p1 -b .scons - -%patch100 -p1 -b .cve +%patch100 -p1 -b .cve1 +%patch101 -p1 -b .cve2 +%patch102 -p1 -b .cve3 PYVER=$(%{__python} -c "import sys ; print sys.version[:3]") @@ -190,14 +193,17 @@ update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || : %{_datadir}/mime/packages/blender.xml %changelog +* Wed May 7 2008 Jochen Schmitt 2.45-14 +- Fix CVE-2008-1103 (#444535) + * Sun Apr 27 2008 Jochen Schmitt 2.45-13 - More generic patch to solve scons issue * Thu Apr 24 2008 Jochen Schmitt 2.45-12 -- Fix scons incompatiblity issue +- Fix odd scons compatibility issue * Thu Apr 24 2008 Jochen Schmitt 2.45-11 -- Fix CVS-2008-1102 (#443936) +- Fix CVS-2008-1102 (#443937) * Wed Mar 12 2008 Jochen Schmitt 2.45-10 - Clarification of restrictions caused by legal issues