[pkgsrc/pkgsrc-2008Q1]: pkgsrc/graphics/blender Pullup ticket 2386 - requeste...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e134f5009f73
branches:  pkgsrc-2008Q1
changeset: 540362:e134f5009f73
user:      tron <tron%pkgsrc.org@localhost>
date:      Mon May 19 17:35:17 2008 +0000

description:
Pullup ticket 2386 - requested by tonnerre
security update for blender

Revisions pulled up:
- graphics/blender/Makefile             1.61
- graphics/blender/patches/patch-ae     1.7
- graphics/blender/distinfo             1.24
- graphics/blender/patches/patch-af     1.6
- graphics/blender/patches/patch-ag     1.6

    Module Name:        pkgsrc
    Committed By:       tonnerre
    Date:               Sat May 17 10:33:15 UTC 2008

    Modified Files:
        pkgsrc/graphics/blender: Makefile distinfo
    Added Files:
        pkgsrc/graphics/blender/patches: patch-ae patch-af patch-ag

    Log Message:
    Fix CVEs CVE-2008-1102 and CVE-2008-1102 for blender:
     - Fix arbitrary code execution vulnerability in .bend files which
    contain a crafted RGBE file (CVE-2008-1102).
     - Create various temporary files in safer paths (CVE-2008-1103).

diffstat:

 graphics/blender/Makefile         |   4 ++--
 graphics/blender/distinfo         |   5 ++++-
 graphics/blender/patches/patch-ae |  19 +++++++++++++++++++
 graphics/blender/patches/patch-af |  13 +++++++++++++
 graphics/blender/patches/patch-ag |  14 ++++++++++++++
 5 files changed, 52 insertions(+), 3 deletions(-)

diffs (89 lines):

diff -r 3c7b1220279d -r e134f5009f73 graphics/blender/Makefile
--- a/graphics/blender/Makefile Sun May 18 15:47:32 2008 +0000
+++ b/graphics/blender/Makefile Mon May 19 17:35:17 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.60 2008/01/18 05:06:38 tnn Exp $
+# $NetBSD: Makefile,v 1.60.2.1 2008/05/19 17:35:17 tron Exp $
 
 DISTNAME=      blender-2.45
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.cs.umn.edu/pub/blender.org/source/ \
                http://download.blender.org/source/
diff -r 3c7b1220279d -r e134f5009f73 graphics/blender/distinfo
--- a/graphics/blender/distinfo Sun May 18 15:47:32 2008 +0000
+++ b/graphics/blender/distinfo Mon May 19 17:35:17 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.23 2008/01/04 19:56:45 markd Exp $
+$NetBSD: distinfo,v 1.23.2.1 2008/05/19 17:35:17 tron Exp $
 
 SHA1 (blender-2.45.tar.gz) = ff66ec5f0129fd04a2ba5c063627ef13033c0598
 RMD160 (blender-2.45.tar.gz) = fd39b59de0f4d770fe26ce39d51356e98b1ec8ea
@@ -6,5 +6,8 @@
 SHA1 (patch-ab) = 7f5b4966bd08333f5d726cf9b6d7c2300e62d711
 SHA1 (patch-ac) = dcfa14519404915a69bd626c8a5a6029d2535ca2
 SHA1 (patch-ad) = cfec8537593071381687df1f37906a6f28eb45cf
+SHA1 (patch-ae) = 45ea375bc405948d4eadc786379f8a8b700c8d91
+SHA1 (patch-af) = ce57bcf10e9291ed156e54b66d154950b0079eb9
+SHA1 (patch-ag) = bd3fae7b10349dd2c1ef45a18346d980530e01a4
 SHA1 (patch-ah) = b45f534b4c5850da13e9b421f73e33c8d079696f
 SHA1 (patch-ai) = 8909e9d698b9370bb756b81c41812a05790da419
diff -r 3c7b1220279d -r e134f5009f73 graphics/blender/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/blender/patches/patch-ae Mon May 19 17:35:17 2008 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ae,v 1.6.2.1 2008/05/19 17:35:17 tron Exp $
+
+--- source/blender/src/usiblender.c.orig       2007-09-18 04:58:42.000000000 +0000
++++ source/blender/src/usiblender.c
+@@ -172,10 +172,12 @@ static void init_userdef_file(void)
+               U.tb_rightmouse= 5;
+       }
+       if(U.mixbufsize==0) U.mixbufsize= 2048;
+-      if (BLI_streq(U.tempdir, "/")) {
++      if (BLI_streq(U.tempdir, "/") || BLI_streq(U.tempdir, "/tmp/")) {
+               char *tmp= getenv("TEMP");
++              char *home= getenv("HOME");
+               
+-              strcpy(U.tempdir, tmp?tmp:"/tmp/");
++              strcpy(U.tempdir, tmp?tmp:home);
++              if (!tmp) strcat(U.tempdir, "/.blender/");
+       }
+       if (U.savetime <= 0) {
+               U.savetime = 1;
diff -r 3c7b1220279d -r e134f5009f73 graphics/blender/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/blender/patches/patch-af Mon May 19 17:35:17 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.5.2.1 2008/05/19 17:35:17 tron Exp $
+
+--- source/blender/blenkernel/intern/blender.c.orig    2007-09-18 04:58:33.000000000 +0000
++++ source/blender/blenkernel/intern/blender.c
+@@ -714,7 +714,7 @@ void BKE_undo_save_quit(void)
+               
+       BLI_make_file_string("/", str, U.tempdir, "quit.blend");
+ 
+-      file = open(str,O_BINARY+O_WRONLY+O_CREAT+O_TRUNC, 0666);
++      file = open(str,O_BINARY|O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0666);
+       if(file == -1) {
+               printf("Unable to save %s\n", str);
+               return;
diff -r 3c7b1220279d -r e134f5009f73 graphics/blender/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/blender/patches/patch-ag Mon May 19 17:35:17 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ag,v 1.5.2.1 2008/05/19 17:35:17 tron Exp $
+
+--- source/blender/imbuf/intern/radiance_hdr.c.orig    2007-09-18 04:58:45.000000000 +0000
++++ source/blender/imbuf/intern/radiance_hdr.c
+@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char 
+                       }
+               }
+               if (found) {
+-                      sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width);
++                      if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height,
++                              (char*)&oriX, &width) != 4) return NULL;
+ 
+                       /* find end of this line, data right behind it */
+                       ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n');