rpms/blender/F-11 blender-2.49b-cve.patch, NONE, 1.1 blender-2.49b-uid.patch, NONE, 1.1 blender.spec, 1.115, 1.116

Jochen Schmitt s4504kr at fedoraproject.org
Fri Apr 2 16:06:32 UTC 2010 

Author: s4504kr

Update of /cvs/pkgs/rpms/blender/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv3632

Modified Files:
	blender.spec 
Added Files:
	blender-2.49b-cve.patch blender-2.49b-uid.patch 
Log Message:
Try to fix BZ 572186

blender-2.49b-cve.patch:
 blenkernel/intern/blender.c |   21 +++++++++++++++------
 python/BPY_interface.c      |    5 +++++
 2 files changed, 20 insertions(+), 6 deletions(-)

--- NEW FILE blender-2.49b-cve.patch ---
diff -up blender-2.49b/source/blender/blenkernel/intern/blender.c.cve blender-2.49b/source/blender/blenkernel/intern/blender.c
--- blender-2.49b/source/blender/blenkernel/intern/blender.c.cve	2009-09-01 17:21:17.000000000 +0200
+++ blender-2.49b/source/blender/blenkernel/intern/blender.c	2010-01-13 17:32:11.312632711 +0100
@@ -41,6 +41,7 @@
 	#define write _write
 #endif
 
+#include <errno.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -753,7 +754,7 @@ void BKE_undo_save_quit(void)
 {
 	UndoElem *uel;
 	MemFileChunk *chunk;
-	int file;
+	int file = -1;
 	char str[FILE_MAXDIR+FILE_MAXFILE];
 	
 	if( (U.uiflag & USER_GLOBALUNDO)==0) return;
@@ -767,12 +768,20 @@ void BKE_undo_save_quit(void)
 	/* no undo state to save */
 	if(undobase.first==undobase.last) return;
 		
-	BLI_make_file_string("/", str, btempdir, "quit.blend");
+	BLI_make_file_string("/", str, BLI_gethome(), ".blender/quit.blend");
 
-	file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666);
-	if(file == -1) {
-		error("Unable to save %s, check you have permissions", str);
-		return;
+	int flags = O_BINARY+O_WRONLY+O_TRUNC+O_EXCL+O_CREAT;
+	
+        while(file == -1) {
+	  file = open(str,flags,0666);
+	  if(file == -1) {
+	    if(errno == EEXIST) {
+	      flags ^= O_CREAT;
+	    } else {
+	      error("Unable to save %s, check you have permissions", str);
+	      return;
+	    }
+	  }
 	}
 
 	chunk= uel->memfile.chunks.first;
diff -up blender-2.49b/source/blender/python/BPY_interface.c.cve blender-2.49b/source/blender/python/BPY_interface.c
--- blender-2.49b/source/blender/python/BPY_interface.c.cve	2009-09-01 17:21:12.000000000 +0200
+++ blender-2.49b/source/blender/python/BPY_interface.c	2010-01-13 17:08:19.567752630 +0100
@@ -236,6 +236,11 @@ void BPY_start_python( int argc, char **
 	Py_Initialize(  );
 	
 	PySys_SetArgv( argc_copy, argv_copy );
+	
+	/* Sanitize sys.path to prevent relative imports loading modules in
+	   the current working directory */
+	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+
 	/* Initialize thread support (also acquires lock) */
 	PyEval_InitThreads();
 	

blender-2.49b-uid.patch:
 storage.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- NEW FILE blender-2.49b-uid.patch ---
diff -up blender-2.49b/source/blender/blenlib/intern/storage.c.sf blender-2.49b/source/blender/blenlib/intern/storage.c
--- blender-2.49b/source/blender/blenlib/intern/storage.c.sf	2010-03-28 10:14:15.140027561 +0200
+++ blender-2.49b/source/blender/blenlib/intern/storage.c	2010-03-28 10:19:55.630278553 +0200
@@ -381,7 +381,8 @@ void BLI_adddirstrings()
 			struct passwd *pwuser;
 			pwuser = getpwuid(files[num].s.st_uid);
 			if ( pwuser ) {
-			strcpy(files[num].owner, pwuser->pw_name);
+			  strncpy(files[num].owner, pwuser->pw_name, sizeof(files[num].owner)-1);
+                          files[num].owner[sizeof(files[num].owner)-1] = '\0';
 			} else {
 				sprintf(files[num].owner, "%d", files[num].s.st_uid);
             }


Index: blender.spec
===================================================================
RCS file: /cvs/pkgs/rpms/blender/F-11/blender.spec,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -p -r1.115 -r1.116
--- blender.spec	8 Sep 2009 19:50:06 -0000	1.115
+++ blender.spec	2 Apr 2010 16:06:32 -0000	1.116
@@ -5,7 +5,7 @@
 
 Name:           blender
 Version:        2.49b
-Release: 	1%{?dist}
+Release: 	6%{?dist}
 
 Summary:        3D modeling, animation, rendering and post-production
 
@@ -24,10 +24,12 @@ Source100:      blender-repack.sh
 
 Patch1:         blender-2.49-scons.patch
 Patch2:		blender-2.44-bid.patch
+Patch3:		blender-2.49b-uid.patch
 
 # Both patches are forwarded to upstream via email
-Patch100:	blender-2.46rc3-cve-2008-1103-1.patch
-Patch101:	blender-2.48a-cve-2008-4863.patch
+#Patch100:	blender-2.46rc3-cve-2008-1103-1.patch
+#Patch101:	blender-2.48a-cve-2008-4863.patch
+Patch100:	blender-2.49b-cve.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -104,9 +106,10 @@ Blender Game Engine.
 %setup -q 
 %patch1 -p1 -b .org
 %patch2 -p1 -b .bid
+%patch3 -p1 -b .uid
 
-%patch100 -p1
-%patch101 -p1
+%patch100 -p1 -b .cve
+# %patch101 -p1
 
 # binreloc is not a part of fedora
 rm -rf extern/ffmpeg
@@ -168,7 +171,6 @@ mkdir -p ${RPM_BUILD_ROOT}%{blenderarch}
 install -pm 755 release/plugins/sequence/*.so ${RPM_BUILD_ROOT}%{blenderarch}/plugins/sequence
 install -pm 755 release/plugins/texture/*.so ${RPM_BUILD_ROOT}%{blenderarch}/plugins/texture
 
-
 find bin/.blender/locale -name '.svn' -exec rm -f {} ';'
 
 cp -a bin/.blender/locale ${RPM_BUILD_ROOT}%{_datadir}
@@ -181,7 +183,7 @@ install -pm 644 bin/.blender/.Blanguages
 #
 # Create link to DejaVu-Sans
 #
-ln -sf %{_fontbasedir}/dejavu/DejaVuSans.ttf ${RPM_BUILD_ROOT}%{blenderlib}/.bfont.ttf
+# ln -sf %{_fontbasedir}/dejavu/DejaVuSans.ttf ${RPM_BUILD_ROOT}%{blenderlib}/.bfont.ttf
 
 find ${RPM_BUILD_ROOT}%{blenderlib}/scripts -type f -exec sed -i -e 's/\r$//g' {} \;
 
@@ -244,6 +246,22 @@ fi || :
 %{_bindir}/blenderplayer.bin
 
 %changelog
+* Sun Mar 28 2010 Jochen Schmitt <s4504kr at omega> 2.49b-6
+- Try to fix copy of userid into files.owner (#572186)
+
+* Wed Jan 13 2010 Jochen Schmitt <Jochen herr-schmitt de> 2.49b-5
+- Add forgotten patch
+
+* Wed Jan 13 2010 Jochen Schmitt <Jochen herr-schmitt de> 2.49b-4
+- Fix O_CREAT issue on existing quit.blend file (#553959)
+- Move quit.blend to ~/.blender
+
+* Mon Nov 23 2009 Jochen Schmitt <Jochen herr-schmitt de> 2.49b-3
+- Remove symlink to DejaVu font from package
+
+* Thu Nov 12 2009 Jochen Schmitt <Jochen herr-schmitt de> 2.49b-2
+- Rebuild
+
 * Mon Sep  7 2009 Jochen Schmitt <Jochen herr-schmitt de> 2.49b-1
 - New upstream release (#520780)

More information about the scm-commits mailing list