rpms/blender/EL-5 blender-2.45-cve-2008-4863.patch, NONE, 1.1 blender.spec, 1.40, 1.41

Jochen Schmitt s4504kr at fedoraproject.org
Mon Nov 3 17:47:45 UTC 2008 

Author: s4504kr

Update of /cvs/extras/rpms/blender/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12787

Modified Files:
	blender.spec 
Added Files:
	blender-2.45-cve-2008-4863.patch 
Log Message:
Fix security issue CVE-2008-4863

blender-2.45-cve-2008-4863.patch:

--- NEW FILE blender-2.45-cve-2008-4863.patch ---
diff -up blender-2.45/source/blender/python/BPY_interface.c.cve blender-2.45/source/blender/python/BPY_interface.c
--- blender-2.45/source/blender/python/BPY_interface.c.cve	2007-09-18 06:58:31.000000000 +0200
+++ blender-2.45/source/blender/python/BPY_interface.c	2008-11-03 18:30:59.000000000 +0100
@@ -216,6 +216,8 @@ void BPY_start_python( int argc, char **
 	Py_Initialize(  );
 	PySys_SetArgv( argc_copy, argv_copy );
 
+	PyRun_SimpleString('import sys; sys.path = filter(None, sys.path)');
+
 	//Overrides __import__
 	init_ourImport(  );
 	init_ourReload(  );


Index: blender.spec
===================================================================
RCS file: /cvs/extras/rpms/blender/EL-5/blender.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- blender.spec	29 Apr 2008 16:00:36 -0000	1.40
+++ blender.spec	3 Nov 2008 17:47:14 -0000	1.41
@@ -3,7 +3,7 @@
 
 Name:           blender
 Version:        2.45
-Release: 	13%{?dist}
+Release: 	14%{?dist}
 
 Summary:        3D modeling, animation, rendering and post-production
 
@@ -32,6 +32,7 @@
 Patch5:		blender-2.45-sc.patch
 
 Patch100:	blender-2.45-cve-2008-1102.patch
+Patch101:	blender-2.45-cve-2008-4863.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -85,7 +86,8 @@
 %patch4 -p1
 %endif
 
-%patch100 -p1 -b .cve
+%patch100 -p1
+%patch101 -p1 -b .cve
 
 PYVER=$(%{__python} -c "import sys ; print sys.version[:3]")
 
@@ -189,6 +191,9 @@
 %{_datadir}/mime/packages/blender.xml
 
 %changelog
+* Mon Nov  3 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-14
+- Fix security issue (#469655, CVE-2008-4863)
+
 * Sun Apr 27 2008 Jochen Schmitt <Jochen herr-schmitt de> 2.45-13
 - More generic patch for scons issue

More information about the scm-commits mailing list