From bdc9563113dfa10a51d26f299db469f48cc38f34 Mon Sep 17 00:00:00 2001 From: Jochen Schmitt Date: Apr 24 2008 14:55:43 +0000 Subject: Fix CVE-2008-1102 --- diff --git a/blender-2.45-cve-2008-1102.patch b/blender-2.45-cve-2008-1102.patch new file mode 100644 index 0000000..43015b3 --- /dev/null +++ b/blender-2.45-cve-2008-1102.patch @@ -0,0 +1,13 @@ +diff -up blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv blender-2.45/source/blender/imbuf/intern/radiance_hdr.c +--- blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv 2008-04-24 16:22:36.000000000 +0200 ++++ blender-2.45/source/blender/imbuf/intern/radiance_hdr.c 2008-04-24 16:25:59.000000000 +0200 +@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char + } + } + if (found) { +- sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width); ++ if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height, ++ (char*)&oriX, &width) != 4) return NULL; + + /* find end of this line, data right behind it */ + ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n'); diff --git a/blender-2.45-gcc43.patch b/blender-2.45-gcc43.patch new file mode 100644 index 0000000..6aa444e --- /dev/null +++ b/blender-2.45-gcc43.patch @@ -0,0 +1,87 @@ +diff -up blender-2.45/source/blender/yafray/intern/yafray_Render.cpp.gcc43 blender-2.45/source/blender/yafray/intern/yafray_Render.cpp +--- blender-2.45/source/blender/yafray/intern/yafray_Render.cpp.gcc43 2007-09-18 06:58:44.000000000 +0200 ++++ blender-2.45/source/blender/yafray/intern/yafray_Render.cpp 2008-01-17 20:49:05.000000000 +0100 +@@ -8,6 +8,8 @@ + + #include + ++#include ++ + using namespace std; + + void yafrayRender_t::clearAll() +diff -up blender-2.45/source/blender/yafray/intern/export_File.cpp.gcc43 blender-2.45/source/blender/yafray/intern/export_File.cpp +--- blender-2.45/source/blender/yafray/intern/export_File.cpp.gcc43 2007-09-18 06:58:44.000000000 +0200 ++++ blender-2.45/source/blender/yafray/intern/export_File.cpp 2008-01-17 20:49:05.000000000 +0100 +@@ -2,6 +2,8 @@ + + #include + ++#include ++ + using namespace std; + + static string command_path = ""; +diff -up blender-2.45/source/blender/yafray/intern/export_Plugin.cpp.gcc43 blender-2.45/source/blender/yafray/intern/export_Plugin.cpp +--- blender-2.45/source/blender/yafray/intern/export_Plugin.cpp.gcc43 2007-09-18 06:58:44.000000000 +0200 ++++ blender-2.45/source/blender/yafray/intern/export_Plugin.cpp 2008-01-17 20:49:05.000000000 +0100 +@@ -1,6 +1,9 @@ + #include "export_Plugin.h" + + #include ++ ++#include ++ + using namespace std; + + +diff -up blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp.gcc43 blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp +--- blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp.gcc43 2008-01-17 20:56:36.000000000 +0100 ++++ blender-2.45/source/gameengine/GamePlayer/common/GPC_KeyboardDevice.cpp 2008-01-17 20:57:03.000000000 +0100 +@@ -32,6 +32,8 @@ + + #include "GPC_KeyboardDevice.h" + ++#include ++ + /** + * NextFrame toggles currentTable with previousTable, + * and copies relevant event information from previous to current table +diff -up blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h.gcc43 blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h +--- blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h.gcc43 2007-09-18 06:58:17.000000000 +0200 ++++ blender-2.45/source/gameengine/Rasterizer/RAS_OpenGLRasterizer/RAS_GLExtensionManager.h 2008-01-17 20:49:05.000000000 +0100 +@@ -56,7 +56,7 @@ + # undef GL_ARB_vertex_program + #endif + +-#include "glext.h" ++// #include "glext.h" + + #include "EXT_separate_specular_color.h" + #include "ARB_multitexture.h" +diff -up blender-2.45/intern/string/STR_String.h.gcc43 blender-2.45/intern/string/STR_String.h +--- blender-2.45/intern/string/STR_String.h.gcc43 2007-09-18 06:58:01.000000000 +0200 ++++ blender-2.45/intern/string/STR_String.h 2008-01-17 20:49:05.000000000 +0100 +@@ -47,6 +47,10 @@ + + #include + #include ++ ++#include ++#include ++ + using namespace std; + + +diff -up blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp.gcc43 blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp +--- blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp.gcc43 2007-09-18 06:57:51.000000000 +0200 ++++ blender-2.45/intern/ghost/intern/GHOST_WindowX11.cpp 2008-01-17 20:49:05.000000000 +0100 +@@ -42,6 +42,8 @@ + #include + #endif + ++#include ++#include + + // For obscure full screen mode stuuf + // lifted verbatim from blut. diff --git a/blender.spec b/blender.spec index 33b1d8a..0a176cc 100644 --- a/blender.spec +++ b/blender.spec @@ -3,7 +3,7 @@ Name: blender Version: 2.45 -Release: 10%{?dist} +Release: 11%{?dist} Summary: 3D modeling, animation, rendering and post-production @@ -26,8 +26,12 @@ Source6: blender-wrapper Source7: blender-2.44.config Patch1: blender-2.44-scons.patch +Patch2: blender-2.44-bid.patch +Patch3: blender-2.45-gcc43.patch Patch4: blender-2.45-yafray.patch +Patch100: blender-2.45-cve-2008-1102.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: desktop-file-utils @@ -71,11 +75,16 @@ available. %prep %setup -q %patch1 -p1 -b .org +%patch2 -p1 -b .bid +%patch3 -p1 -b .gcc43 + %if "%{?_lib}" == "lib64" %patch4 -p1 %endif +%patch100 -p1 -b .cve + PYVER=$(%{__python} -c "import sys ; print sys.version[:3]") sed -e 's|@LIB@|%{_libdir}|g' -e "s/@PYVER@/$PYVER/g" \ @@ -178,13 +187,16 @@ update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || : %{_datadir}/mime/packages/blender.xml %changelog +* Thu Apr 24 2008 Jochen Schmitt 2.45-11 +- Fix CVS-2008-1102 (#443936) + * Wed Mar 12 2008 Jochen Schmitt 2.45-10 - Clarification of restrictions caused by legal issues * Tue Mar 4 2008 Jochen Schmitt 2.45-9 -- Enable yafray patch only for 64 bit systems +- Apply yafray patch only on 64-bit systems -* Thu Feb 28 2008 Jochen Schmitt 2.45-8.1 +* Thu Feb 28 2008 Jochen Schmitt 2.45-8 - Fix yafray load bug (#451571) * Sun Feb 10 2008 Jochen Schmitt 2.45-7