diff options
| author |   Sebastian Pipping <sping@gentoo.org> | 2011-04-21 09:15:32 +0000 |
|---|---|---|
| committer | Sebastian Pipping <sping@gentoo.org> | 2011-04-21 09:15:32 +0000 |
| commit | 8cb550fedda45d7041d253f399dbeea210085e69 (patch) | |
| tree | 9df99feea1d3ace4cff747bc281ba7763d0bf6d1 /media-gfx | |
| parent | Add glade/libx86 dep #364061 by Robert Cernansky. (diff) | |
| download | historical-8cb550fedda45d7041d253f399dbeea210085e69.tar.gz historical-8cb550fedda45d7041d253f399dbeea210085e69.tar.bz2 historical-8cb550fedda45d7041d253f399dbeea210085e69.zip | |
media-gfx/blender: Integrate patch for CVE-2009-3850 (bug #293130)
Package-Manager: portage-2.1.9.46/cvs/Linux x86_64
Diffstat (limited to 'media-gfx')
| -rw-r--r-- | media-gfx/blender/ChangeLog | 8 | ||||
| -rw-r--r-- | media-gfx/blender/Manifest | 4 | ||||
| -rw-r--r-- | media-gfx/blender/blender-2.49b-r1.ebuild | 174 | ||||
| -rw-r--r-- | media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v3.patch | 105 |
4 files changed, 289 insertions, 2 deletions
diff --git a/media-gfx/blender/ChangeLog b/media-gfx/blender/ChangeLog index c6906210b4a1..1673c729272d 100644 --- a/media-gfx/blender/ChangeLog +++ b/media-gfx/blender/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-gfx/blender # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/blender/ChangeLog,v 1.187 2011/03/28 02:08:35 lu_zero Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-gfx/blender/ChangeLog,v 1.188 2011/04/21 09:15:32 sping Exp $ + +*blender-2.49b-r1 (21 Apr 2011) + + 21 Apr 2011; Sebastian Pipping <sping@gentoo.org> +blender-2.49b-r1.ebuild, + +files/blender-2.49b-CVE-2009-3850-v3.patch: + Integrate patch for CVE-2009-3850 (bug #293130) 27 Mar 2011; Luca Barbato <lu_zero@gentoo.org> blender-2.48a-r3.ebuild, blender-2.49a.ebuild, blender-2.49b.ebuild: diff --git a/media-gfx/blender/Manifest b/media-gfx/blender/Manifest index 37bea33de687..2853081defa6 100644 --- a/media-gfx/blender/Manifest +++ b/media-gfx/blender/Manifest @@ -6,6 +6,7 @@ AUX blender-2.48-ffmpeg-20081014.patch 839 RMD160 b1fbad04a890dcc1698d02f5351d6d AUX blender-2.48a-CVE-2008-4863.patch 696 RMD160 b61dc085d0154be3850fa4b53985f670cd177adf SHA1 805f18290965c2e74778628c4e2a1888ea77d8ab SHA256 fee1896c791a623181ebf681f4ad67c610677e82575a95a46e896b747f980418 AUX blender-2.49a-bake.patch 669 RMD160 19e167e2d3c8fcd573f9755dee8c6cb59984829e SHA1 5ae418e697c90418cf65652134b08ba6da3f93c1 SHA256 dcaaaba19ad57b6d054df830dfa303c4656303622e1e7ef15817d304958d8f3c AUX blender-2.49a-sys-openjpeg.patch 452 RMD160 7029b3d257839d4ca8ce58a9f8e46503651b1765 SHA1 85551623c4293d9dff4dc8d26584a753b3ccd581 SHA256 437f016b9f7c48281015838a22203c4db9ef6b62dac01aa86faa1c9793bff182 +AUX blender-2.49b-CVE-2009-3850-v3.patch 3891 RMD160 9a51681f426f1f87cc418b6316ce678025a93bbb SHA1 dc7baef8f0434e067f863e0a2c6ef0d8d9acc70b SHA256 5dc289f00ab59b13b7f1d3e8b4a77b8c9930460f8ee575b38a60da3577e2b1ba AUX blender.desktop 194 RMD160 5b154d86d52f46a3f1fcd29da90322e1727f1107 SHA1 a1b70789388f72f2a292939588365a0b845b83b7 SHA256 9d21fe8823f249f0720895107817854dd8ce64afe6586317af08805b94fe0fab AUX blender.png 2119 RMD160 e06574002001f41198dc9408ef1bba45493fcc27 SHA1 9a0d713235ce99f8e4fde4f062209ab989e48c0f SHA256 bef633319c81323bb82db274004d89082ca05cab6650eb4c4bf43f830ccb5cad DIST blender-2.48a.tar.gz 21502247 RMD160 5ef94d6019302bfea86d5657af738d1d86a8bcd5 SHA1 9fb2dbf5d6cfcba8ae2d6d9b93ca9e3e66aae6c7 SHA256 781d4d9e2332f4f3887af1d66fb70c4c6dd0b89166391403ee4853108abf4e46 @@ -13,6 +14,7 @@ DIST blender-2.49a.tar.gz 23039535 RMD160 f37100c7a02c75b622b8e055f32f06e064a62d DIST blender-2.49b.tar.gz 22918377 RMD160 5b641de7b41af5e4186c9721b66eddc6870f9fbc SHA1 43f71e7de4efe79c518d45f4b5a04e03c28d5fc5 SHA256 23554db4aa10b00e0e760a8bf9c4a9f749670d815c8bc874a04746adc4752488 EBUILD blender-2.48a-r3.ebuild 4102 RMD160 0f81a40dc113cab72bf62af3ce02fa4a51de8480 SHA1 fa24681dc76ab0d0ecaba6e03920472c5968afbe SHA256 a5367888ec81f6b308c1eaeb9d36437533575d115e02760079fd192daafc5c20 EBUILD blender-2.49a.ebuild 4877 RMD160 fa9208a6827ea53a870ee5724a1ecb280640f705 SHA1 3eedb3cd7eaf0bf52810f14198a3fc6ce843429d SHA256 8c5bac48f2d7b2174761f08bfaa0c848ca3150a86386ec34a486f279c3572e07 +EBUILD blender-2.49b-r1.ebuild 4894 RMD160 d0bc81bdc8254b7b7ca85854f11e5dc86b5912dd SHA1 d4fd74fa3f49511ede2c61e906aa70ca19b2bd0f SHA256 567e8f780172de113b35a1372b2966fc7490e4ccad906cf21a4d28c076ee27dd EBUILD blender-2.49b.ebuild 4836 RMD160 8c16866a3fb21f51c9905893ebb4e8d7049938d9 SHA1 c1d4142fa01be9bf310e0748311d7f12959e4f5d SHA256 b12120e7f45daa70ded64a6373b31b28142d139b5d97711bb0b7a0d793d3d972 -MISC ChangeLog 27728 RMD160 9519f51ae8ab1ec62e10aeb9658ca8fc78732f41 SHA1 553a88b26c6fbc4f5fa9ab351700961c963349aa SHA256 9aab5b16749f58fea96a5da1457830a1b7c2185f0ea10274b4ad5f626a99dfaf +MISC ChangeLog 27935 RMD160 23433a7d21e463e3c70eb1c393e13bd17c259762 SHA1 e110eeac4691f384974681259754b454671bf088 SHA256 36678fdffad8f79406f4f89f19c75beaad5ebc666863c618b3991cbd77127882 MISC metadata.xml 719 RMD160 132dfe4fc49228b922ed39f556c403347e992ef9 SHA1 7896fb17bd0dd87d8a072b0f6f6072876c1eed94 SHA256 6409856f1883ed49aae365c885d5512a38784a5a48a2bbf7dd583b8054d32510 diff --git a/media-gfx/blender/blender-2.49b-r1.ebuild b/media-gfx/blender/blender-2.49b-r1.ebuild new file mode 100644 index 000000000000..420a3c11ae61 --- /dev/null +++ b/media-gfx/blender/blender-2.49b-r1.ebuild @@ -0,0 +1,174 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/blender/blender-2.49b-r1.ebuild,v 1.1 2011/04/21 09:15:32 sping Exp $ + +EAPI=2 + +inherit multilib eutils python + +IUSE="blender-game ffmpeg nls ogg openmp verse openal" + +DESCRIPTION="3D Creation/Animation/Publishing System" +HOMEPAGE="http://www.blender.org/" +SRC_URI="http://download.blender.org/source/${P}.tar.gz" + +SLOT="0" +LICENSE="|| ( GPL-2 BL BSD )" +KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" + +RDEPEND="ffmpeg? ( virtual/ffmpeg[encode,theora] ) + media-libs/openjpeg + media-libs/tiff + >=dev-lang/python-2.5 + nls? ( >=media-libs/freetype-2.0 + virtual/libintl + >=media-libs/ftgl-2.1 ) + openal? ( >=media-libs/openal-1.6.372 + >=media-libs/freealut-1.1.0-r1 ) + media-libs/openexr + media-libs/libpng + blender-game? ( >=media-libs/libsdl-1.2[joystick] ) + >=media-libs/libsdl-1.2 + ogg? ( media-libs/libogg ) + virtual/jpeg + virtual/opengl" +DEPEND=">=dev-util/scons-0.98 + sys-devel/gcc[openmp?] + x11-base/xorg-server + ${RDEPEND}" + +blend_with() { + local UWORD="$2" + if [ -z "${UWORD}" ]; then + UWORD="$1" + fi + if useq $1; then + echo "WITH_BF_${UWORD}=1" | tr '[:lower:]' '[:upper:]' \ + >> "${S}"/user-config.py + else + echo "WITH_BF_${UWORD}=0" | tr '[:lower:]' '[:upper:]' \ + >> "${S}"/user-config.py + fi +} + +src_prepare() { + epatch "${FILESDIR}"/blender-2.48a-CVE-2008-4863.patch + epatch "${FILESDIR}"/${PN}-2.37-dirs.patch + epatch "${FILESDIR}"/${PN}-2.44-scriptsdir.patch + epatch "${FILESDIR}"/${PN}-2.49a-sys-openjpeg.patch + epatch "${FILESDIR}"/${PN}-2.49b-CVE-2009-3850-v3.patch + rm -f "${S}/release/scripts/bpymodules/"*.pyc +} + +src_configure() { + + # add ffmpeg info to the scons build info + cat <<- EOF >> "${S}"/user-config.py + BF_FFMPEG="/usr" + BF_FFMPEG_LIB="avdevice avformat avcodec swscale avutil" + EOF + + # set python version to current version in use + cat <<- EOF >> "${S}"/user-config.py + BF_PYTHON_VERSION="$(python_get_version)" + BF_PYTHON_INC="$(python_get_includedir)" + BF_PYTHON_BINARY="$(PYTHON -a)" + BF_PYTHON_LIB="python$(python_get_version)" + EOF + + # add system openjpeg into scons build. + cat <<- EOF >> "${S}"/user-config.py + BF_OPENJPEG = "/usr" + BF_OPENJPEG_INC = "/usr/include" + BF_OPENJPEG_LIB = "openjpeg" + EOF + + #set CFLAGS used in /etc/make.conf correctly + + echo "CFLAGS= [`for i in ${CFLAGS[@]}; do printf "%s \'$i"\',; done`] " \ + | sed -e "s:,]: ]:" >> "${S}"/user-config.py + + echo "CXXFLAGS= [`for i in ${CFLAGS[@]}; do printf "%s \'$i"\',; done`]" \ + | sed -e "s:,]: ]:" >> "${S}"/user-config.py + + # check for blender-game USE flag. + # blender-game will merge with blenderplayer. + + for arg in \ + 'openal'\ + 'ffmpeg' \ + 'blender-game player' \ + 'blender-game gameengine' \ + 'nls international' \ + 'ogg' \ + 'openmp' \ + 'verse' ; do + blend_with ${arg} + done +} + +src_compile() { + # scons uses -l differently -> remove it + scons ${MAKEOPTS/-l[0-9]} || die \ + '!!! Please add "${S}/scons.config" when filing bugs reports \ + to bugs.gentoo.org' + + cd "${WORKDIR}"/install/linux2/plugins + chmod 755 bmake + emake || die +} + +src_install() { + exeinto /usr/bin/ + doexe "${WORKDIR}"/install/linux2/blender + use blender-game && doexe "${WORKDIR}"/install/linux2/blenderplayer + + dodir /usr/share/${PN} + + exeinto /usr/$(get_libdir)/${PN}/textures + doexe "${WORKDIR}"/install/linux2/plugins/texture/*.so + exeinto /usr/$(get_libdir)/${PN}/sequences + doexe "${WORKDIR}"/install/linux2/plugins/sequence/*.so + insinto /usr/include/${PN} + doins "${WORKDIR}"/install/linux2/plugins/include/*.h + + if use nls ; then + mv "${WORKDIR}"/install/linux2/.blender/{.Blanguages,.bfont.ttf} \ + "${D}"/usr/share/${PN} + mv "${WORKDIR}"/install/linux2/.blender/locale \ + "${D}"/usr/share/locale + fi + + mv "${WORKDIR}"/install/linux2/.blender/scripts "${D}"/usr/share/${PN} + + insinto /usr/share/pixmaps + doins "${WORKDIR}"/install/linux2/icons/scalable/blender.svg + insinto /usr/share/applications + doins "${FILESDIR}"/${PN}.desktop + + dodoc INSTALL README + dodoc "${WORKDIR}"/install/linux2/BlenderQuickStart.pdf + +} + +pkg_preinst(){ + if [ -h "${ROOT}/usr/$(get_libdir)/blender/plugins/include" ]; + then + rm -f "${ROOT}"/usr/$(get_libdir)/blender/plugins/include + fi +} + +pkg_postinst(){ + elog "blender uses python integration. As such, may have some" + elog "inherit risks with running unknown python scripting." + elog " " + elog "CVE-2008-1103-1.patch has been removed as it interferes" + elog "with autosave undo features. Up stream blender coders" + elog "have not addressed the CVE issue as the status is still" + elog "a CANDIDATE and not CONFIRMED." + elog " " + elog "It is recommended to change your blender temp directory" + elog "from /tmp to ~tmp or another tmp file under your home" + elog "directory. This can be done by starting blender, then" + elog "dragging the main menu down do display all paths." +} diff --git a/media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v3.patch b/media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v3.patch new file mode 100644 index 000000000000..9cf17a5b7c2e --- /dev/null +++ b/media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v3.patch @@ -0,0 +1,105 @@ +From 072e11130a2f96642972b0d4ac7ad2a9cd19fbf2 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Wed, 20 Apr 2011 16:42:17 +0200 +Subject: [PATCH] Flip default of "Auto Run Python Scripts" to disabled + (CVE-2009-3850) + +Manual overriding through new parameter -666 is supported +--- + source/blender/blenkernel/intern/blender.c | 11 ++++++++++- + source/blender/python/api2_2x/sceneRender.c | 3 ++- + source/creator/creator.c | 14 ++++++++++---- + 3 files changed, 22 insertions(+), 6 deletions(-) + +diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c +index bf208c8..029b7cf 100644 +--- a/source/blender/blenkernel/intern/blender.c ++++ b/source/blender/blenkernel/intern/blender.c +@@ -388,7 +388,16 @@ static void setup_app_data(BlendFileData *bfd, char *filename) + if (G.f & G_DEBUG) bfd->globalf |= G_DEBUG; + else bfd->globalf &= ~G_DEBUG; + +- if ((U.flag & USER_DONT_DOSCRIPTLINKS)) bfd->globalf &= ~G_DOSCRIPTLINKS; ++ if (G.f & G_DOSCRIPTLINKS) { ++ /* Blender running in -666 mode */ ++ /* NOTE: In background mode U.flag has not been initialized from ~/.B.blend */ ++ if (! G.background && (U.flag & USER_DONT_DOSCRIPTLINKS)) ++ /* Prefer disabled "Auto Run Python Scripts" over -666 */ ++ bfd->globalf &= ~G_DOSCRIPTLINKS; ++ } else { ++ /* Blender NOT running in -666 mode, deny pulling G_DOSCRIPTLINKS in */ ++ bfd->globalf &= ~G_DOSCRIPTLINKS; ++ } + + G.f= bfd->globalf; + +diff --git a/source/blender/python/api2_2x/sceneRender.c b/source/blender/python/api2_2x/sceneRender.c +index 1bf2b75..e34a361 100644 +--- a/source/blender/python/api2_2x/sceneRender.c ++++ b/source/blender/python/api2_2x/sceneRender.c +@@ -498,7 +498,8 @@ static PyObject *RenderData_Render( BPy_RenderData * self ) + + RE_BlenderFrame(re, G.scene, G.scene->r.cfra); + +- BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); ++ if (G.f & G_DOSCRIPTLINKS) ++ BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); + + set_scene_bg( oldsce ); + } +diff --git a/source/creator/creator.c b/source/creator/creator.c +index a562fc3..994180d 100644 +--- a/source/creator/creator.c ++++ b/source/creator/creator.c +@@ -232,7 +232,8 @@ static void print_help(void) + printf (" -nojoystick\tDisable joystick support\n"); + printf (" -noglsl\tDisable GLSL shading\n"); + printf (" -h\t\tPrint this help text\n"); +- printf (" -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n"); ++ printf (" -666\t\tEnables automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n"); ++ printf (" -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes) (default)\n"); + printf (" -P <filename>\tRun the given Python script (filename or Blender Text)\n"); + #ifdef WIN32 + printf (" -R\t\tRegister .blend extension\n"); +@@ -366,7 +367,7 @@ int main(int argc, char **argv) + + /* first test for background */ + +- G.f |= G_DOSCRIPTLINKS; /* script links enabled by default */ ++ G.f &= ~G_DOSCRIPTLINKS; /* script links disabled by default */ + + for(a=1; a<argc; a++) { + +@@ -388,6 +389,10 @@ int main(int argc, char **argv) + exit(0); + } + ++ if (!strcmp(argv[a], "-666")){ ++ G.f |= G_DOSCRIPTLINKS; ++ } ++ + /* Handle -* switches */ + else if(argv[a][0] == '-') { + switch(argv[a][1]) { +@@ -405,7 +410,7 @@ int main(int argc, char **argv) + a= argc; + break; + +- case 'y': ++ case 'y': /* NOTE: -y works the exact opposite way in version 2.57! */ + G.f &= ~G_DOSCRIPTLINKS; + break; + +@@ -680,7 +685,8 @@ int main(int argc, char **argv) + #endif + RE_BlenderAnim(re, G.scene, frame, frame, G.scene->frame_step); + #ifndef DISABLE_PYTHON +- BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); ++ if (G.f & G_DOSCRIPTLINKS) ++ BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); + #endif + } + } else { +-- +1.7.5.rc1 + |