rpms/blender/EL-5 blender-2.45-cve-2008-4863.patch, NONE, 1.1 blender.spec, 1.40, 1.41
Jochen Schmitt
s4504kr at fedoraproject.org
Mon Nov 3 17:47:45 UTC 2008
Author: s4504kr
Update of /cvs/extras/rpms/blender/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12787
Modified Files:
blender.spec
Added Files:
blender-2.45-cve-2008-4863.patch
Log Message:
Fix security issue CVE-2008-4863
blender-2.45-cve-2008-4863.patch:
--- NEW FILE blender-2.45-cve-2008-4863.patch ---
diff -up blender-2.45/source/blender/python/BPY_interface.c.cve blender-2.45/source/blender/python/BPY_interface.c
--- blender-2.45/source/blender/python/BPY_interface.c.cve 2007-09-18 06:58:31.000000000 +0200
+++ blender-2.45/source/blender/python/BPY_interface.c 2008-11-03 18:30:59.000000000 +0100
@@ -216,6 +216,8 @@ void BPY_start_python( int argc, char **
Py_Initialize( );
PySys_SetArgv( argc_copy, argv_copy );
+ PyRun_SimpleString('import sys; sys.path = filter(None, sys.path)');
+
//Overrides __import__
init_ourImport( );
init_ourReload( );
Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/EL-5/blender.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- blender.spec 29 Apr 2008 16:00:36 -0000 1.40
+++ blender.spec 3 Nov 2008 17:47:14 -0000 1.41
@@ -3,7 +3,7 @@
Name: blender
Version: 2.45
-Release: 13%{?dist}
+Release: 14%{?dist}
Summary: 3D modeling, animation, rendering and post-production
@@ -32,6 +32,7 @@
Patch5: blender-2.45-sc.patch
Patch100: blender-2.45-cve-2008-1102.patch
+Patch101: blender-2.45-cve-2008-4863.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -85,7 +86,8 @@
%patch4 -p1
%endif
-%patch100 -p1 -b .cve
+%patch100 -p1
+%patch101 -p1 -b .cve
PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
@@ -189,6 +191,9 @@
%{_datadir}/mime/packages/blender.xml
%changelog
+* Mon Nov 3 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-14
+- Fix security issue (#469655, CVE-2008-4863)
+
* Sun Apr 27 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-13
- More generic patch for scons issue
More information about the scm-commits
mailing list