diff --git a/blender-2.45-cve-2008-1102.patch b/blender-2.45-cve-2008-1102.patch new file mode 100644 index 0000000..43015b3 --- /dev/null +++ b/blender-2.45-cve-2008-1102.patch @@ -0,0 +1,13 @@ +diff -up blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv blender-2.45/source/blender/imbuf/intern/radiance_hdr.c +--- blender-2.45/source/blender/imbuf/intern/radiance_hdr.c.csv 2008-04-24 16:22:36.000000000 +0200 ++++ blender-2.45/source/blender/imbuf/intern/radiance_hdr.c 2008-04-24 16:25:59.000000000 +0200 +@@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char + } + } + if (found) { +- sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width); ++ if (sscanf((char *)&mem[x+1], "%79s %d %79s %d", (char*)&oriY, &height, ++ (char*)&oriX, &width) != 4) return NULL; + + /* find end of this line, data right behind it */ + ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n'); diff --git a/blender.spec b/blender.spec index 381c29e..c1adc6e 100644 --- a/blender.spec +++ b/blender.spec @@ -3,7 +3,7 @@ Name: blender Version: 2.45 -Release: 10%{?dist} +Release: 11%{?dist} Summary: 3D modeling, animation, rendering and post-production @@ -30,6 +30,8 @@ Patch2: blender-2.44-bid.patch Patch3: blender-2.45-gcc43.patch Patch4: blender-2.45-yafray.patch +Patch100: blender-2.45-cve-2008-1102.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: desktop-file-utils @@ -76,10 +78,13 @@ available. %patch2 -p1 -b .bid %patch3 -p1 -b .gcc43 + %if "%{?_lib}" == "lib64" %patch4 -p1 %endif +%patch100 -p1 -b .cve + PYVER=$(%{__python} -c "import sys ; print sys.version[:3]") sed -e 's|@LIB@|%{_libdir}|g' -e "s/@PYVER@/$PYVER/g" \ @@ -182,6 +187,9 @@ update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || : %{_datadir}/mime/packages/blender.xml %changelog +* Thu Apr 24 2008 Jochen Schmitt 2.45-11 +- Fix CVS-2008-1102 (#443937) + * Wed Mar 12 2008 Jochen Schmitt 2.45-10 - Clarification of restrictions caused by legal issues