Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/blender/files/blender-2.63-CVE-2009-3850-v5.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/blender/files/blender-2.63-CVE-2009-3850-v5.patch')
-rw-r--r--media-gfx/blender/files/blender-2.63-CVE-2009-3850-v5.patch164
1 files changed, 164 insertions, 0 deletions
diff --git a/media-gfx/blender/files/blender-2.63-CVE-2009-3850-v5.patch b/media-gfx/blender/files/blender-2.63-CVE-2009-3850-v5.patch
new file mode 100644
index 0000000..671e037
--- /dev/null
+++ b/media-gfx/blender/files/blender-2.63-CVE-2009-3850-v5.patch
@@ -0,0 +1,164 @@
+diff -Npur blender-2.63.orig/build_files/scons/tools/btools.py blender-2.63/build_files/scons/tools/btools.py
+--- blender-2.63.orig/build_files/scons/tools/btools.py 2012-05-08 00:05:06.963498491 +0200
++++ blender-2.63/build_files/scons/tools/btools.py 2012-05-08 00:06:42.238496807 +0200
+@@ -96,7 +96,7 @@ def print_arguments(args, bc):
+
+ def validate_arguments(args, bc):
+ opts_list = [
+- 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS',
++ 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', 'WITH_PYTHON_SECURITY',
+ 'WITH_BF_OPENAL', 'BF_OPENAL', 'BF_OPENAL_INC', 'BF_OPENAL_LIB', 'BF_OPENAL_LIBPATH', 'WITH_BF_STATICOPENAL', 'BF_OPENAL_LIB_STATIC',
+ 'WITH_BF_SDL', 'BF_SDL', 'BF_SDL_INC', 'BF_SDL_LIB', 'BF_SDL_LIBPATH',
+ 'WITH_BF_JACK', 'BF_JACK', 'BF_JACK_INC', 'BF_JACK_LIB', 'BF_JACK_LIBPATH',
+@@ -261,6 +261,7 @@ def read_opts(env, cfg, args):
+ (BoolVariable('WITH_BF_STATICPYTHON', 'Staticly link to python', False)),
+ (BoolVariable('WITH_OSX_STATICPYTHON', 'Staticly link to python', True)),
+ ('BF_PYTHON_ABI_FLAGS', 'Python ABI flags (suffix in library version: m, mu, etc)', ''),
++ (BoolVariable('WITH_PYTHON_SECURITY', 'Disables execution of scripts within blend files by default (recommend to leave off)', False)),
+
+ (BoolVariable('WITH_BF_FLUID', 'Build with Fluid simulation (Elbeem)', True)),
+ (BoolVariable('WITH_BF_DECIMATE', 'Build with decimate modifier', True)),
+diff -Npur blender-2.63.orig/SConstruct blender-2.63/SConstruct
+--- blender-2.63.orig/SConstruct 2012-05-08 00:05:06.933498492 +0200
++++ blender-2.63/SConstruct 2012-05-08 00:05:45.665497801 +0200
+@@ -349,6 +349,10 @@ if 'blenderplayer' in B.targets:
+ if 'blendernogame' in B.targets:
+ env['WITH_BF_GAMEENGINE'] = False
+
++# build without python autoexec security?
++if env['WITH_PYTHON_SECURITY'] == True:
++ env.Append(CPPFLAGS=['-DWITH_PYTHON_SECURITY'])
++
+ # build without elbeem (fluidsim)?
+ if env['WITH_BF_FLUID'] == 1:
+ env['CPPFLAGS'].append('-DWITH_MOD_FLUID')
+diff -Npur blender-2.63.orig/source/blender/blenkernel/intern/blender.c blender-2.63/source/blender/blenkernel/intern/blender.c
+--- blender-2.63.orig/source/blender/blenkernel/intern/blender.c 2012-05-08 00:05:06.994498491 +0200
++++ blender-2.63/source/blender/blenkernel/intern/blender.c 2012-05-08 00:07:04.274496414 +0200
+@@ -145,6 +145,7 @@ void initglobals(void)
+ G.f |= G_SCRIPT_AUTOEXEC;
+ #else
+ G.f &= ~G_SCRIPT_AUTOEXEC;
++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
+ #endif
+ }
+
+diff -Npur blender-2.63.orig/source/blender/makesrna/intern/rna_userdef.c blender-2.63/source/blender/makesrna/intern/rna_userdef.c
+--- blender-2.63.orig/source/blender/makesrna/intern/rna_userdef.c 2012-05-08 00:05:07.002498491 +0200
++++ blender-2.63/source/blender/makesrna/intern/rna_userdef.c 2012-05-08 00:08:04.547495355 +0200
+@@ -126,9 +126,17 @@ static void rna_userdef_show_manipulator
+
+ static void rna_userdef_script_autoexec_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr)
+ {
+- UserDef *userdef = (UserDef*)ptr->data;
+- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
+- else G.f |= G_SCRIPT_AUTOEXEC;
++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
++ /* Blender run with --enable-autoexec */
++ UserDef *userdef = (UserDef*)ptr->data;
++ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
++ else G.f |= G_SCRIPT_AUTOEXEC;
++ }
++}
++
++static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) {
++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
++ return !(G.f & G_SCRIPT_OVERRIDE_PREF);
+ }
+
+ static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr)
+@@ -2994,6 +3002,8 @@ static void rna_def_userdef_system(Blend
+ "Allow any .blend file to run scripts automatically "
+ "(unsafe with blend files from an untrusted source)");
+ RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update");
++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
++ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable");
+
+ prop = RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE);
+ RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE);
+diff -Npur blender-2.63.orig/source/blender/windowmanager/intern/wm_files.c blender-2.63/source/blender/windowmanager/intern/wm_files.c
+--- blender-2.63.orig/source/blender/windowmanager/intern/wm_files.c 2012-05-08 00:05:07.094498489 +0200
++++ blender-2.63/source/blender/windowmanager/intern/wm_files.c 2012-05-08 00:09:20.964493999 +0200
+@@ -288,13 +288,18 @@ static void wm_init_userdef(bContext *C)
+
+ /* set the python auto-execute setting from user prefs */
+ /* enabled by default, unless explicitly enabled in the command line which overrides */
+- if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
++ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {
++ /* Blender run with --enable-autoexec */
+ if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC;
+ else G.f &= ~G_SCRIPT_AUTOEXEC;
+ }
+
+ /* update tempdir from user preferences */
+ BLI_init_temporary_dir(U.tempdir);
++
++ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */
++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC))
++ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE;
+ }
+
+
+diff -Npur blender-2.63.orig/source/blender/windowmanager/intern/wm_operators.c blender-2.63/source/blender/windowmanager/intern/wm_operators.c
+--- blender-2.63.orig/source/blender/windowmanager/intern/wm_operators.c 2012-05-08 00:05:07.093498489 +0200
++++ blender-2.63/source/blender/windowmanager/intern/wm_operators.c 2012-05-08 00:10:59.325492259 +0200
+@@ -1627,12 +1627,13 @@ static int wm_open_mainfile_exec(bContex
+ G.fileflags &= ~G_FILE_NO_UI;
+ else
+ G.fileflags |= G_FILE_NO_UI;
+-
+- if (RNA_boolean_get(op->ptr, "use_scripts"))
++
++ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */
++ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF)))
+ G.f |= G_SCRIPT_AUTOEXEC;
+ else
+ G.f &= ~G_SCRIPT_AUTOEXEC;
+-
++
+ // XXX wm in context is not set correctly after WM_read_file -> crash
+ // do it before for now, but is this correct with multiple windows?
+ WM_event_add_notifier(C, NC_WINDOW, NULL);
+@@ -1644,6 +1645,8 @@ static int wm_open_mainfile_exec(bContex
+
+ static void WM_OT_open_mainfile(wmOperatorType *ot)
+ {
++ PropertyRNA * use_scripts_checkbox = NULL;
++
+ ot->name = "Open Blender File";
+ ot->idname = "WM_OT_open_mainfile";
+ ot->description = "Open a Blender file";
+@@ -1656,8 +1659,12 @@ static void WM_OT_open_mainfile(wmOperat
+ WM_FILESEL_FILEPATH, FILE_DEFAULTDISPLAY);
+
+ RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file");
+- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source",
++ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts",
++ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source",
+ "Allow .blend file to execute scripts automatically, default available from system preferences");
++ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */
++ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF))
++ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE);
+ }
+
+ /* **************** link/append *************** */
+diff -Npur blender-2.63.orig/source/creator/creator.c blender-2.63/source/creator/creator.c
+--- blender-2.63.orig/source/creator/creator.c 2012-05-08 00:05:06.987498491 +0200
++++ blender-2.63/source/creator/creator.c 2012-05-08 00:11:37.213491621 +0200
+@@ -342,14 +342,14 @@ static int end_arguments(int UNUSED(argc
+ static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
+ {
+ G.f |= G_SCRIPT_AUTOEXEC;
+- G.f |= G_SCRIPT_OVERRIDE_PREF;
++ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */
+ return 0;
+ }
+
+ static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
+ {
+ G.f &= ~G_SCRIPT_AUTOEXEC;
+- G.f |= G_SCRIPT_OVERRIDE_PREF;
++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
+ return 0;
+ }
+