[pkgsrc/trunk]: pkgsrc/graphics/blender Fix an Apple specific buffer overflow...

[joerg <joerg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0284e04e6421
branches:  trunk
changeset: 508014:0284e04e6421
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Sun Feb 12 21:52:18 2006 +0000

description:
Fix an Apple specific buffer overflow. To skip the first argument from
Finder, some copying to and from a local buffer in main is done, without
argument checking.

When a web browser or MUA is configured to start Blender automatically,
this might be exploitable to gain priviledges of the current user.

This is related to CVE-2005-3151.

diffstat:

 graphics/blender/Makefile         |   3 ++-
 graphics/blender/distinfo         |   3 ++-
 graphics/blender/patches/patch-aa |  14 ++++++++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diffs (44 lines):

diff -r 51a8d7cd31f2 -r 0284e04e6421 graphics/blender/Makefile
--- a/graphics/blender/Makefile Sun Feb 12 21:32:38 2006 +0000
+++ b/graphics/blender/Makefile Sun Feb 12 21:52:18 2006 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.51 2006/02/12 21:32:38 jschauma Exp $
+# $NetBSD: Makefile,v 1.52 2006/02/12 21:52:18 joerg Exp $
 
 DISTNAME=      blender-2.41
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.cs.umn.edu/pub/blender.org/source/ \
                http://download.blender.org/source/
diff -r 51a8d7cd31f2 -r 0284e04e6421 graphics/blender/distinfo
--- a/graphics/blender/distinfo Sun Feb 12 21:32:38 2006 +0000
+++ b/graphics/blender/distinfo Sun Feb 12 21:52:18 2006 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.19 2006/02/10 20:34:25 adam Exp $
+$NetBSD: distinfo,v 1.20 2006/02/12 21:52:18 joerg Exp $
 
 SHA1 (blender-2.41.tar.gz) = 839dfece3b6efbf10694ac535d88e3745c3253ec
 RMD160 (blender-2.41.tar.gz) = 7857eac2acda18ee24db4bb147bcf780025e2c12
 Size (blender-2.41.tar.gz) = 9464385 bytes
+SHA1 (patch-aa) = 21dd95ff4ab51bb9b1084f28e4e080ca38421bce
 SHA1 (patch-ab) = 3c8b57b1aac2aba141d8392ce8e9c7759febd68f
 SHA1 (patch-ac) = dcfa14519404915a69bd626c8a5a6029d2535ca2
 SHA1 (patch-ae) = 4d9fdef4141445534e0fb476d9e14b42fcaf29d7
diff -r 51a8d7cd31f2 -r 0284e04e6421 graphics/blender/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/blender/patches/patch-aa Sun Feb 12 21:52:18 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aa,v 1.5 2006/02/12 21:52:19 joerg Exp $
+
+--- intern/ghost/intern/GHOST_SystemCarbon.cpp.orig    2006-02-12 22:17:07.000000000 +0100
++++ intern/ghost/intern/GHOST_SystemCarbon.cpp
+@@ -527,7 +527,8 @@ static char g_firstFileBuf[512];
+ 
+ extern "C" int GHOST_HACK_getFirstFile(char buf[512]) { 
+       if (g_hasFirstFile) {
+-              strcpy(buf, g_firstFileBuf);
++              strncpy(buf, g_firstFileBuf, sizeof(buf) - 1);
++              buf[sizeof(buf) - 1] = '\0';
+               return 1;
+       } else {
+               return 0;