Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=69fb20f48108df075df70190f417402bec0f8d42

commit 69fb20f48108df075df70190f417402bec0f8d42
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sun Mar 29 14:06:02 2009 +0200

blender-2.48a-2-i686

- add cve-2008-4863.patch
- closes #3726

diff --git a/source/xapps-extra/blender/FrugalBuild 
b/source/xapps-extra/blender/FrugalBuild
index 5b53eb3..8450094 100644
--- a/source/xapps-extra/blender/FrugalBuild
+++ b/source/xapps-extra/blender/FrugalBuild
@@ -5,7 +5,7 @@
pkgname=blender
pkgver=2.48a
pkgextraver=
-pkgrel=1
+pkgrel=2
pkgdesc="A 3D modeling/rendering/animation/gaming application"
url="http://blender.org";
Finclude python
@@ -15,11 +15,11 @@ archs=('i686' 'x86_64' 'ppc')
makedepends=('cmake' 'ftgl')
up2date="lynx -dump http://www.blender.org/download/source-code/ |grep tar |sed 
-ne 's/.*r \(.*\).ta.*/\1/;1p' -e s/$pkgextraver//"
source=(http://download.blender.org/source/$pkgname-$pkgver$pkgextraver.tar.gz \
-       blender.desktop blender.png py$_F_python_ver.patch)
+       blender.desktop blender.png blender-2.48a-cve-2008-4863.patch)
sha1sums=('9fb2dbf5d6cfcba8ae2d6d9b93ca9e3e66aae6c7' \
'44ee67a0ed814481aacca0dfc8cf45ae7a48eed5' \
'5d2583d847735c913c26c96ace8192a646323da8' \
-          'c7357731664aa7fa704d05d74b75d9e101cf7af5')
+         '0d54c1c1acff478fd2bb3adcc1f8296a9692da51')

build() {
unset MAKEFLAGS
diff --git a/source/xapps-extra/blender/blender-2.48a-cve-2008-4863.patch 
b/source/xapps-extra/blender/blender-2.48a-cve-2008-4863.patch
new file mode 100644
index 0000000..4fa3c6f
--- /dev/null
+++ b/source/xapps-extra/blender/blender-2.48a-cve-2008-4863.patch
@@ -0,0 +1,15 @@
+diff -up blender-2.48a/source/blender/python/BPY_interface.c.cve 
blender-2.48a/source/blender/python/BPY_interface.c
+--- blender-2.48a/source/blender/python/BPY_interface.c.cve    2008-11-03 
17:31:19.000000000 +0100
++++ blender-2.48a/source/blender/python/BPY_interface.c        2008-11-03 
17:35:01.000000000 +0100
+@@ -225,6 +225,11 @@ void BPY_start_python( int argc, char **
+       Py_Initialize(  );
+
+       PySys_SetArgv( argc_copy, argv_copy );
++
++      /* Sanitize sys.path to prevent relative imports loading modules in
++         the current working directory */
++      PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
++
+       /* Initialize thread support (also acquires lock) */
+       PyEval_InitThreads();
+
diff --git a/source/xapps-extra/blender/py2.5.patch 
b/source/xapps-extra/blender/py2.5.patch
deleted file mode 100644
index 8f1cba7..0000000
--- a/source/xapps-extra/blender/py2.5.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -Naur blender-2.42a/source/gameengine/Expressions/Value.cpp 
blender-2.42a-p/source/gameengine/Expressions/Value.cpp
---- blender-2.42a/source/gameengine/Expressions/Value.cpp      2006-01-06 
04:46:52.000000000 +0100
-+++ blender-2.42a-p/source/gameengine/Expressions/Value.cpp    2007-02-13 
15:16:10.000000000 +0100
-@@ -649,8 +649,8 @@
-               CListValue* listval = new CListValue();
-               bool error = false;
-
--              int i;
--              int numitems = PyList_Size(pyobj);
-+              Py_ssize_t i;
-+              Py_ssize_t numitems = PyList_Size(pyobj);
-               for (i=0;i<numitems;i++)
-               {
-                       PyObject* listitem = PyList_GetItem(pyobj,i); /* 
borrowed ref */
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to