diff options
Diffstat (limited to 'media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch')
-rw-r--r-- | media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch b/media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch new file mode 100644 index 0000000..956eb50 --- /dev/null +++ b/media-gfx/blender/files/blender-2.62-CVE-2009-3850-v4.patch @@ -0,0 +1,164 @@ +diff -Npur blender-2.61.orig/SConstruct blender-2.61/SConstruct +--- blender-2.61.orig/SConstruct 2012-01-02 16:57:51.329355164 +0100 ++++ blender-2.61/SConstruct 2012-01-02 17:04:36.232349086 +0100 +@@ -346,6 +346,10 @@ if 'blenderplayer' in B.targets: + if 'blendernogame' in B.targets: + env['WITH_BF_GAMEENGINE'] = False + ++# build without python autoexec security? ++if env['WITH_PYTHON_SECURITY'] == True: ++ env.Append(CPPFLAGS=['-DWITH_PYTHON_SECURITY']) ++ + # build without elbeem (fluidsim)? + if env['WITH_BF_FLUID'] == 1: + env['CPPFLAGS'].append('-DWITH_MOD_FLUID') +diff -Npur blender-2.61.orig/build_files/scons/tools/btools.py blender-2.61/build_files/scons/tools/btools.py +--- blender-2.61.orig/build_files/scons/tools/btools.py 2012-01-02 16:56:21.351357062 +0100 ++++ blender-2.61/build_files/scons/tools/btools.py 2012-01-02 17:01:37.760350726 +0100 +@@ -96,7 +96,7 @@ def print_arguments(args, bc): + + def validate_arguments(args, bc): + opts_list = [ +- 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', ++ 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', 'WITH_PYTHON_SECURITY', + 'WITH_BF_OPENAL', 'BF_OPENAL', 'BF_OPENAL_INC', 'BF_OPENAL_LIB', 'BF_OPENAL_LIBPATH', 'WITH_BF_STATICOPENAL', 'BF_OPENAL_LIB_STATIC', + 'WITH_BF_SDL', 'BF_SDL', 'BF_SDL_INC', 'BF_SDL_LIB', 'BF_SDL_LIBPATH', + 'WITH_BF_JACK', 'BF_JACK', 'BF_JACK_INC', 'BF_JACK_LIB', 'BF_JACK_LIBPATH', +@@ -256,6 +256,7 @@ def read_opts(env, cfg, args): + (BoolVariable('WITH_BF_STATICPYTHON', 'Staticly link to python', False)), + (BoolVariable('WITH_OSX_STATICPYTHON', 'Staticly link to python', True)), + ('BF_PYTHON_ABI_FLAGS', 'Python ABI flags (suffix in library version: m, mu, etc)', ''), ++ (BoolVariable('WITH_PYTHON_SECURITY', 'Disables execution of scripts within blend files by default (recommend to leave off)', False)), + + (BoolVariable('WITH_BF_FLUID', 'Build with Fluid simulation (Elbeem)', True)), + (BoolVariable('WITH_BF_DECIMATE', 'Build with decimate modifier', True)), +diff -Npur blender-2.61.orig/source/blender/blenkernel/intern/blender.c blender-2.61/source/blender/blenkernel/intern/blender.c +--- blender-2.61.orig/source/blender/blenkernel/intern/blender.c 2012-01-02 16:57:51.329355164 +0100 ++++ blender-2.61/source/blender/blenkernel/intern/blender.c 2012-01-02 16:48:10.700365736 +0100 +@@ -144,6 +144,7 @@ void initglobals(void) + G.f |= G_SCRIPT_AUTOEXEC; + #else + G.f &= ~G_SCRIPT_AUTOEXEC; ++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ + #endif + } + +diff -Npur blender-2.61.orig/source/blender/makesrna/intern/rna_userdef.c blender-2.61/source/blender/makesrna/intern/rna_userdef.c +--- blender-2.61.orig/source/blender/makesrna/intern/rna_userdef.c 2012-01-02 16:57:51.330355184 +0100 ++++ blender-2.61/source/blender/makesrna/intern/rna_userdef.c 2012-01-02 16:48:10.701365735 +0100 +@@ -114,9 +114,17 @@ static void rna_userdef_show_manipulator + + static void rna_userdef_script_autoexec_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr) + { +- UserDef *userdef = (UserDef*)ptr->data; +- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; +- else G.f |= G_SCRIPT_AUTOEXEC; ++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { ++ /* Blender run with --enable-autoexec */ ++ UserDef *userdef = (UserDef*)ptr->data; ++ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; ++ else G.f |= G_SCRIPT_AUTOEXEC; ++ } ++} ++ ++static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) { ++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ ++ return !(G.f & G_SCRIPT_OVERRIDE_PREF); + } + + static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr) +@@ -2729,6 +2737,8 @@ static void rna_def_userdef_system(Blend + "Allow any .blend file to run scripts automatically " + "(unsafe with blend files from an untrusted source)"); + RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update"); ++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ ++ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable"); + + prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE); + RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE); +diff -Npur blender-2.61.orig/source/blender/windowmanager/intern/wm_files.c blender-2.61/source/blender/windowmanager/intern/wm_files.c +--- blender-2.61.orig/source/blender/windowmanager/intern/wm_files.c 2012-01-02 16:57:51.330355184 +0100 ++++ blender-2.61/source/blender/windowmanager/intern/wm_files.c 2012-01-02 16:48:10.702365735 +0100 +@@ -286,13 +286,18 @@ static void wm_init_userdef(bContext *C) + + /* set the python auto-execute setting from user prefs */ + /* enabled by default, unless explicitly enabled in the command line which overrides */ +- if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { ++ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) { ++ /* Blender run with --enable-autoexec */ + if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC; + else G.f &= ~G_SCRIPT_AUTOEXEC; + } + + /* update tempdir from user preferences */ + BLI_init_temporary_dir(U.tempdir); ++ ++ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */ ++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC)) ++ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; + } + + +diff -Npur blender-2.61.orig/source/blender/windowmanager/intern/wm_operators.c blender-2.61/source/blender/windowmanager/intern/wm_operators.c +--- blender-2.61.orig/source/blender/windowmanager/intern/wm_operators.c 2012-01-02 16:57:51.331355194 +0100 ++++ blender-2.61/source/blender/windowmanager/intern/wm_operators.c 2012-01-02 16:48:10.703365736 +0100 +@@ -1601,12 +1601,13 @@ static int wm_open_mainfile_exec(bContex + G.fileflags &= ~G_FILE_NO_UI; + else + G.fileflags |= G_FILE_NO_UI; +- +- if(RNA_boolean_get(op->ptr, "use_scripts")) ++ ++ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */ ++ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF))) + G.f |= G_SCRIPT_AUTOEXEC; + else + G.f &= ~G_SCRIPT_AUTOEXEC; +- ++ + // XXX wm in context is not set correctly after WM_read_file -> crash + // do it before for now, but is this correct with multiple windows? + WM_event_add_notifier(C, NC_WINDOW, NULL); +@@ -1618,6 +1619,8 @@ static int wm_open_mainfile_exec(bContex + + static void WM_OT_open_mainfile(wmOperatorType *ot) + { ++ PropertyRNA * use_scripts_checkbox = NULL; ++ + ot->name= "Open Blender File"; + ot->idname= "WM_OT_open_mainfile"; + ot->description="Open a Blender file"; +@@ -1629,7 +1632,12 @@ static void WM_OT_open_mainfile(wmOperat + WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH); + + RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file"); +- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences"); ++ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts", ++ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source", ++ "Allow blend file execute scripts automatically, default available from system preferences"); ++ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */ ++ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF)) ++ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE); + } + + /* **************** link/append *************** */ +diff -Npur blender-2.61.orig/source/creator/creator.c blender-2.61/source/creator/creator.c +--- blender-2.61.orig/source/creator/creator.c 2012-01-02 16:57:51.332355222 +0100 ++++ blender-2.61/source/creator/creator.c 2012-01-02 16:48:10.704365737 +0100 +@@ -330,14 +330,14 @@ static int end_arguments(int UNUSED(argc + static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) + { + G.f |= G_SCRIPT_AUTOEXEC; +- G.f |= G_SCRIPT_OVERRIDE_PREF; ++ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */ + return 0; + } + + static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) + { + G.f &= ~G_SCRIPT_AUTOEXEC; +- G.f |= G_SCRIPT_OVERRIDE_PREF; ++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ + return 0; + } + |