rpms/blender/devel blender-2.48a-cve-2008-4863.patch, NONE, 1.1 blender.spec, 1.90, 1.91
Jochen Schmitt
s4504kr at fedoraproject.org
Mon Nov 3 16:43:26 UTC 2008
- Previous message: comps comps-f10.xml.in,1.162,1.163
- Next message: rpms/kernel/devel linux-2.6-defaults-pciehp.patch, NONE, 1.1 linux-2.6-pciehp-update.patch, NONE, 1.1 config-generic, 1.189, 1.190 kernel.spec, 1.1112, 1.1113
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: s4504kr
Update of /cvs/extras/rpms/blender/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4195
Modified Files:
blender.spec
Added Files:
blender-2.48a-cve-2008-4863.patch
Log Message:
Fix security isseu CVE-2008-4863
blender-2.48a-cve-2008-4863.patch:
--- NEW FILE blender-2.48a-cve-2008-4863.patch ---
diff -up blender-2.48a/source/blender/python/BPY_interface.c.cve blender-2.48a/source/blender/python/BPY_interface.c
--- blender-2.48a/source/blender/python/BPY_interface.c.cve 2008-11-03 17:31:19.000000000 +0100
+++ blender-2.48a/source/blender/python/BPY_interface.c 2008-11-03 17:35:01.000000000 +0100
@@ -225,6 +225,11 @@ void BPY_start_python( int argc, char **
Py_Initialize( );
PySys_SetArgv( argc_copy, argv_copy );
+
+ /* Sanitize sys.path to prevent relative imports loading modules in
+ the current working directory */
+ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+
/* Initialize thread support (also acquires lock) */
PyEval_InitThreads();
Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/devel/blender.spec,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- blender.spec 26 Oct 2008 21:04:54 -0000 1.90
+++ blender.spec 3 Nov 2008 16:42:56 -0000 1.91
@@ -3,7 +3,7 @@
Name: blender
Version: 2.48a
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: 3D modeling, animation, rendering and post-production
@@ -30,6 +30,7 @@
Patch2: blender-2.44-bid.patch
Patch100: blender-2.46rc3-cve-2008-1103-1.patch
+Patch101: blender-2.48a-cve-2008-4863.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -77,7 +78,8 @@
%patch1 -p1 -b .org
%patch2 -p1 -b .bid
-%patch100 -p1 -b .cve
+%patch100 -p1
+%patch101 -p1
PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
@@ -185,6 +187,9 @@
%{_datadir}/mime/packages/blender.xml
%changelog
+* Mon Nov 3 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-4
+- Fix security issue (#469655, CVE-2008-4863)
+
* Sun Oct 26 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.48a-3
- Create %%{_libdir}/blender/scripts/ to claim ownership
- Previous message: comps comps-f10.xml.in,1.162,1.163
- Next message: rpms/kernel/devel linux-2.6-defaults-pciehp.patch, NONE, 1.1 linux-2.6-pciehp-update.patch, NONE, 1.1 config-generic, 1.189, 1.190 kernel.spec, 1.1112, 1.1113
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list