Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 314189 Details for
Bug 394871
media-gfx/blender-2.63a version bump
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
blender-2.63-CVE-2009-3850-v5.patch
blender-2.63-CVE-2009-3850-v5.patch (text/plain), 8.85 KB, created by
Simone Scanzoni
on 2012-06-04 11:57:57 UTC
(
hide
)
Description:
blender-2.63-CVE-2009-3850-v5.patch
Filename:
MIME Type:
Creator:
Simone Scanzoni
Created:
2012-06-04 11:57:57 UTC
Size:
8.85 KB
patch
obsolete
>diff -Npur blender-2.63.orig/build_files/scons/tools/btools.py blender-2.63/build_files/scons/tools/btools.py >--- blender-2.63.orig/build_files/scons/tools/btools.py 2012-05-08 00:05:06.963498491 +0200 >+++ blender-2.63/build_files/scons/tools/btools.py 2012-05-08 00:06:42.238496807 +0200 >@@ -96,7 +96,7 @@ def print_arguments(args, bc): > > def validate_arguments(args, bc): > opts_list = [ >- 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', >+ 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', 'WITH_PYTHON_SECURITY', > 'WITH_BF_OPENAL', 'BF_OPENAL', 'BF_OPENAL_INC', 'BF_OPENAL_LIB', 'BF_OPENAL_LIBPATH', 'WITH_BF_STATICOPENAL', 'BF_OPENAL_LIB_STATIC', > 'WITH_BF_SDL', 'BF_SDL', 'BF_SDL_INC', 'BF_SDL_LIB', 'BF_SDL_LIBPATH', > 'WITH_BF_JACK', 'BF_JACK', 'BF_JACK_INC', 'BF_JACK_LIB', 'BF_JACK_LIBPATH', >@@ -261,6 +261,7 @@ def read_opts(env, cfg, args): > (BoolVariable('WITH_BF_STATICPYTHON', 'Staticly link to python', False)), > (BoolVariable('WITH_OSX_STATICPYTHON', 'Staticly link to python', True)), > ('BF_PYTHON_ABI_FLAGS', 'Python ABI flags (suffix in library version: m, mu, etc)', ''), >+ (BoolVariable('WITH_PYTHON_SECURITY', 'Disables execution of scripts within blend files by default (recommend to leave off)', False)), > > (BoolVariable('WITH_BF_FLUID', 'Build with Fluid simulation (Elbeem)', True)), > (BoolVariable('WITH_BF_DECIMATE', 'Build with decimate modifier', True)), >diff -Npur blender-2.63.orig/SConstruct blender-2.63/SConstruct >--- blender-2.63.orig/SConstruct 2012-05-08 00:05:06.933498492 +0200 >+++ blender-2.63/SConstruct 2012-05-08 00:05:45.665497801 +0200 >@@ -349,6 +349,10 @@ if 'blenderplayer' in B.targets: > if 'blendernogame' in B.targets: > env['WITH_BF_GAMEENGINE'] = False > >+# build without python autoexec security? >+if env['WITH_PYTHON_SECURITY'] == True: >+ env.Append(CPPFLAGS=['-DWITH_PYTHON_SECURITY']) >+ > # build without elbeem (fluidsim)? > if env['WITH_BF_FLUID'] == 1: > env['CPPFLAGS'].append('-DWITH_MOD_FLUID') >diff -Npur blender-2.63.orig/source/blender/blenkernel/intern/blender.c blender-2.63/source/blender/blenkernel/intern/blender.c >--- blender-2.63.orig/source/blender/blenkernel/intern/blender.c 2012-05-08 00:05:06.994498491 +0200 >+++ blender-2.63/source/blender/blenkernel/intern/blender.c 2012-05-08 00:07:04.274496414 +0200 >@@ -145,6 +145,7 @@ void initglobals(void) > G.f |= G_SCRIPT_AUTOEXEC; > #else > G.f &= ~G_SCRIPT_AUTOEXEC; >+ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ > #endif > } > >diff -Npur blender-2.63.orig/source/blender/makesrna/intern/rna_userdef.c blender-2.63/source/blender/makesrna/intern/rna_userdef.c >--- blender-2.63.orig/source/blender/makesrna/intern/rna_userdef.c 2012-05-08 00:05:07.002498491 +0200 >+++ blender-2.63/source/blender/makesrna/intern/rna_userdef.c 2012-05-08 00:08:04.547495355 +0200 >@@ -126,9 +126,17 @@ static void rna_userdef_show_manipulator > > static void rna_userdef_script_autoexec_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr) > { >- UserDef *userdef = (UserDef*)ptr->data; >- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; >- else G.f |= G_SCRIPT_AUTOEXEC; >+ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { >+ /* Blender run with --enable-autoexec */ >+ UserDef *userdef = (UserDef*)ptr->data; >+ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; >+ else G.f |= G_SCRIPT_AUTOEXEC; >+ } >+} >+ >+static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) { >+ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ >+ return !(G.f & G_SCRIPT_OVERRIDE_PREF); > } > > static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr) >@@ -2994,6 +3002,8 @@ static void rna_def_userdef_system(Blend > "Allow any .blend file to run scripts automatically " > "(unsafe with blend files from an untrusted source)"); > RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update"); >+ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ >+ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable"); > > prop = RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE); > RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE); >diff -Npur blender-2.63.orig/source/blender/windowmanager/intern/wm_files.c blender-2.63/source/blender/windowmanager/intern/wm_files.c >--- blender-2.63.orig/source/blender/windowmanager/intern/wm_files.c 2012-05-08 00:05:07.094498489 +0200 >+++ blender-2.63/source/blender/windowmanager/intern/wm_files.c 2012-05-08 00:09:20.964493999 +0200 >@@ -288,13 +288,18 @@ static void wm_init_userdef(bContext *C) > > /* set the python auto-execute setting from user prefs */ > /* enabled by default, unless explicitly enabled in the command line which overrides */ >- if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { >+ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) { >+ /* Blender run with --enable-autoexec */ > if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC; > else G.f &= ~G_SCRIPT_AUTOEXEC; > } > > /* update tempdir from user preferences */ > BLI_init_temporary_dir(U.tempdir); >+ >+ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */ >+ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC)) >+ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; > } > > >diff -Npur blender-2.63.orig/source/blender/windowmanager/intern/wm_operators.c blender-2.63/source/blender/windowmanager/intern/wm_operators.c >--- blender-2.63.orig/source/blender/windowmanager/intern/wm_operators.c 2012-05-08 00:05:07.093498489 +0200 >+++ blender-2.63/source/blender/windowmanager/intern/wm_operators.c 2012-05-08 00:10:59.325492259 +0200 >@@ -1627,12 +1627,13 @@ static int wm_open_mainfile_exec(bContex > G.fileflags &= ~G_FILE_NO_UI; > else > G.fileflags |= G_FILE_NO_UI; >- >- if (RNA_boolean_get(op->ptr, "use_scripts")) >+ >+ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */ >+ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF))) > G.f |= G_SCRIPT_AUTOEXEC; > else > G.f &= ~G_SCRIPT_AUTOEXEC; >- >+ > // XXX wm in context is not set correctly after WM_read_file -> crash > // do it before for now, but is this correct with multiple windows? > WM_event_add_notifier(C, NC_WINDOW, NULL); >@@ -1644,6 +1645,8 @@ static int wm_open_mainfile_exec(bContex > > static void WM_OT_open_mainfile(wmOperatorType *ot) > { >+ PropertyRNA * use_scripts_checkbox = NULL; >+ > ot->name = "Open Blender File"; > ot->idname = "WM_OT_open_mainfile"; > ot->description = "Open a Blender file"; >@@ -1656,8 +1659,12 @@ static void WM_OT_open_mainfile(wmOperat > WM_FILESEL_FILEPATH, FILE_DEFAULTDISPLAY); > > RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file"); >- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", >+ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts", >+ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source", > "Allow .blend file to execute scripts automatically, default available from system preferences"); >+ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */ >+ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF)) >+ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE); > } > > /* **************** link/append *************** */ >diff -Npur blender-2.63.orig/source/creator/creator.c blender-2.63/source/creator/creator.c >--- blender-2.63.orig/source/creator/creator.c 2012-05-08 00:05:06.987498491 +0200 >+++ blender-2.63/source/creator/creator.c 2012-05-08 00:11:37.213491621 +0200 >@@ -342,14 +342,14 @@ static int end_arguments(int UNUSED(argc > static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) > { > G.f |= G_SCRIPT_AUTOEXEC; >- G.f |= G_SCRIPT_OVERRIDE_PREF; >+ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */ > return 0; > } > > static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) > { > G.f &= ~G_SCRIPT_AUTOEXEC; >- G.f |= G_SCRIPT_OVERRIDE_PREF; >+ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ > return 0; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 394871
:
295977
|
295979
|
295981
|
295983
|
300193
|
301289
|
301297
|
314171
|
314175
|
314177
|
314179
|
314181
|
314183
|
314185
|
314187
| 314189 |
314191
|
314195
|
314197