summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch')
-rw-r--r--media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch164
1 files changed, 164 insertions, 0 deletions
diff --git a/media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch b/media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch
new file mode 100644
index 0000000..956eb50
--- /dev/null
+++ b/media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch
@@ -0,0 +1,164 @@
+diff -Npur blender-2.61.orig/SConstruct blender-2.61/SConstruct
+--- blender-2.61.orig/SConstruct 2012-01-02 16:57:51.329355164 +0100
++++ blender-2.61/SConstruct 2012-01-02 17:04:36.232349086 +0100
+@@ -346,6 +346,10 @@ if 'blenderplayer' in B.targets:
+ if 'blendernogame' in B.targets:
+ env['WITH_BF_GAMEENGINE'] = False
+
++# build without python autoexec security?
++if env['WITH_PYTHON_SECURITY'] == True:
++ env.Append(CPPFLAGS=['-DWITH_PYTHON_SECURITY'])
++
+ # build without elbeem (fluidsim)?
+ if env['WITH_BF_FLUID'] == 1:
+ env['CPPFLAGS'].append('-DWITH_MOD_FLUID')
+diff -Npur blender-2.61.orig/build_files/scons/tools/btools.py blender-2.61/build_files/scons/tools/btools.py
+--- blender-2.61.orig/build_files/scons/tools/btools.py 2012-01-02 16:56:21.351357062 +0100
++++ blender-2.61/build_files/scons/tools/btools.py 2012-01-02 17:01:37.760350726 +0100
+@@ -96,7 +96,7 @@ def print_arguments(args, bc):
+
+ def validate_arguments(args, bc):
+ opts_list = [
+- 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS',
++ 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', 'WITH_PYTHON_SECURITY',
+ 'WITH_BF_OPENAL', 'BF_OPENAL', 'BF_OPENAL_INC', 'BF_OPENAL_LIB', 'BF_OPENAL_LIBPATH', 'WITH_BF_STATICOPENAL', 'BF_OPENAL_LIB_STATIC',
+ 'WITH_BF_SDL', 'BF_SDL', 'BF_SDL_INC', 'BF_SDL_LIB', 'BF_SDL_LIBPATH',
+ 'WITH_BF_JACK', 'BF_JACK', 'BF_JACK_INC', 'BF_JACK_LIB', 'BF_JACK_LIBPATH',
+@@ -256,6 +256,7 @@ def read_opts(env, cfg, args):
+ (BoolVariable('WITH_BF_STATICPYTHON', 'Staticly link to python', False)),
+ (BoolVariable('WITH_OSX_STATICPYTHON', 'Staticly link to python', True)),
+ ('BF_PYTHON_ABI_FLAGS', 'Python ABI flags (suffix in library version: m, mu, etc)', ''),
++ (BoolVariable('WITH_PYTHON_SECURITY', 'Disables execution of scripts within blend files by default (recommend to leave off)', False)),
+
+ (BoolVariable('WITH_BF_FLUID', 'Build with Fluid simulation (Elbeem)', True)),
+ (BoolVariable('WITH_BF_DECIMATE', 'Build with decimate modifier', True)),
+diff -Npur blender-2.61.orig/source/blender/blenkernel/intern/blender.c blender-2.61/source/blender/blenkernel/intern/blender.c
+--- blender-2.61.orig/source/blender/blenkernel/intern/blender.c 2012-01-02 16:57:51.329355164 +0100
++++ blender-2.61/source/blender/blenkernel/intern/blender.c 2012-01-02 16:48:10.700365736 +0100
+@@ -144,6 +144,7 @@ void initglobals(void)
+ G.f |= G_SCRIPT_AUTOEXEC;
+ #else
+ G.f &= ~G_SCRIPT_AUTOEXEC;
++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
+ #endif
+ }
+
+diff -Npur blender-2.61.orig/source/blender/makesrna/intern/rna_userdef.c blender-2.61/source/blender/makesrna/intern/rna_userdef.c
+--- blender-2.61.orig/source/blender/makesrna/intern/rna_userdef.c 2012-01-02 16:57:51.330355184 +0100
++++ blender-2.61/source/blender/makesrna/intern/rna_userdef.c 2012-01-02 16:48:10.701365735 +0100
+@@ -114,9 +114,17 @@ static void rna_userdef_show_manipulator
+
+ static void rna_userdef_script_autoexec_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr)
+ {
+- UserDef *userdef = (UserDef*)ptr->data;
+- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
+- else G.f |= G_SCRIPT_AUTOEXEC;
++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
++ /* Blender run with --enable-autoexec */
++ UserDef *userdef = (UserDef*)ptr->data;
++ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
++ else G.f |= G_SCRIPT_AUTOEXEC;
++ }
++}
++
++static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) {
++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
++ return !(G.f & G_SCRIPT_OVERRIDE_PREF);
+ }
+
+ static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr)
+@@ -2729,6 +2737,8 @@ static void rna_def_userdef_system(Blend
+ "Allow any .blend file to run scripts automatically "
+ "(unsafe with blend files from an untrusted source)");
+ RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update");
++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
++ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable");
+
+ prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE);
+ RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE);
+diff -Npur blender-2.61.orig/source/blender/windowmanager/intern/wm_files.c blender-2.61/source/blender/windowmanager/intern/wm_files.c
+--- blender-2.61.orig/source/blender/windowmanager/intern/wm_files.c 2012-01-02 16:57:51.330355184 +0100
++++ blender-2.61/source/blender/windowmanager/intern/wm_files.c 2012-01-02 16:48:10.702365735 +0100
+@@ -286,13 +286,18 @@ static void wm_init_userdef(bContext *C)
+
+ /* set the python auto-execute setting from user prefs */
+ /* enabled by default, unless explicitly enabled in the command line which overrides */
+- if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
++ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {
++ /* Blender run with --enable-autoexec */
+ if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC;
+ else G.f &= ~G_SCRIPT_AUTOEXEC;
+ }
+
+ /* update tempdir from user preferences */
+ BLI_init_temporary_dir(U.tempdir);
++
++ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */
++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC))
++ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE;
+ }
+
+
+diff -Npur blender-2.61.orig/source/blender/windowmanager/intern/wm_operators.c blender-2.61/source/blender/windowmanager/intern/wm_operators.c
+--- blender-2.61.orig/source/blender/windowmanager/intern/wm_operators.c 2012-01-02 16:57:51.331355194 +0100
++++ blender-2.61/source/blender/windowmanager/intern/wm_operators.c 2012-01-02 16:48:10.703365736 +0100
+@@ -1601,12 +1601,13 @@ static int wm_open_mainfile_exec(bContex
+ G.fileflags &= ~G_FILE_NO_UI;
+ else
+ G.fileflags |= G_FILE_NO_UI;
+-
+- if(RNA_boolean_get(op->ptr, "use_scripts"))
++
++ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */
++ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF)))
+ G.f |= G_SCRIPT_AUTOEXEC;
+ else
+ G.f &= ~G_SCRIPT_AUTOEXEC;
+-
++
+ // XXX wm in context is not set correctly after WM_read_file -> crash
+ // do it before for now, but is this correct with multiple windows?
+ WM_event_add_notifier(C, NC_WINDOW, NULL);
+@@ -1618,6 +1619,8 @@ static int wm_open_mainfile_exec(bContex
+
+ static void WM_OT_open_mainfile(wmOperatorType *ot)
+ {
++ PropertyRNA * use_scripts_checkbox = NULL;
++
+ ot->name= "Open Blender File";
+ ot->idname= "WM_OT_open_mainfile";
+ ot->description="Open a Blender file";
+@@ -1629,7 +1632,12 @@ static void WM_OT_open_mainfile(wmOperat
+ WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH);
+
+ RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file");
+- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences");
++ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts",
++ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source",
++ "Allow blend file execute scripts automatically, default available from system preferences");
++ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */
++ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF))
++ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE);
+ }
+
+ /* **************** link/append *************** */
+diff -Npur blender-2.61.orig/source/creator/creator.c blender-2.61/source/creator/creator.c
+--- blender-2.61.orig/source/creator/creator.c 2012-01-02 16:57:51.332355222 +0100
++++ blender-2.61/source/creator/creator.c 2012-01-02 16:48:10.704365737 +0100
+@@ -330,14 +330,14 @@ static int end_arguments(int UNUSED(argc
+ static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
+ {
+ G.f |= G_SCRIPT_AUTOEXEC;
+- G.f |= G_SCRIPT_OVERRIDE_PREF;
++ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */
+ return 0;
+ }
+
+ static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
+ {
+ G.f &= ~G_SCRIPT_AUTOEXEC;
+- G.f |= G_SCRIPT_OVERRIDE_PREF;
++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
+ return 0;
+ }
+