Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/blender/files/blender-2.57-CVE-2009-3850-v1.patch')
-rw-r--r--media-gfx/blender/files/blender-2.57-CVE-2009-3850-v1.patch105
1 files changed, 105 insertions, 0 deletions
diff --git a/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v1.patch b/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v1.patch
new file mode 100644
index 0000000..9c0f39f
--- /dev/null
+++ b/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v1.patch
@@ -0,0 +1,105 @@
+From dfb6ecd9a4a129b976b7a8d2002e32146125340f Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 24 Apr 2011 18:26:47 +0200
+Subject: [PATCH] Disable execution of embedded Python code unless run with
+ --enable-autoexec|-y|-666 (CVE-2009-3850)
+
+---
+ source/blender/blenkernel/intern/blender.c | 3 ++-
+ source/blender/makesrna/intern/rna_userdef.c | 9 ++++++---
+ source/blender/windowmanager/intern/wm_files.c | 3 ++-
+ source/creator/creator.c | 10 ++++++----
+ 4 files changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c
+index 5f08505..9c27ac7 100644
+--- a/source/blender/blenkernel/intern/blender.c
++++ b/source/blender/blenkernel/intern/blender.c
+@@ -141,7 +141,8 @@ void initglobals(void)
+ G.charmin = 0x0000;
+ G.charmax = 0xffff;
+
+- G.f |= G_SCRIPT_AUTOEXEC;
++ G.f &= ~G_SCRIPT_AUTOEXEC;
++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
+ }
+
+ /***/
+diff --git a/source/blender/makesrna/intern/rna_userdef.c b/source/blender/makesrna/intern/rna_userdef.c
+index e9a9ddc..a120857 100644
+--- a/source/blender/makesrna/intern/rna_userdef.c
++++ b/source/blender/makesrna/intern/rna_userdef.c
+@@ -99,9 +99,12 @@ static void rna_userdef_show_manipulator_update(Main *bmain, Scene *scene, Point
+
+ static void rna_userdef_script_autoexec_update(Main *bmain, Scene *scene, PointerRNA *ptr)
+ {
+- UserDef *userdef = (UserDef*)ptr->data;
+- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
+- else G.f |= G_SCRIPT_AUTOEXEC;
++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
++ /* Blender run with --enable-autoexec */
++ UserDef *userdef = (UserDef*)ptr->data;
++ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
++ else G.f |= G_SCRIPT_AUTOEXEC;
++ }
+ }
+
+ static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr)
+diff --git a/source/blender/windowmanager/intern/wm_files.c b/source/blender/windowmanager/intern/wm_files.c
+index f4f7af0..c1bacc6 100644
+--- a/source/blender/windowmanager/intern/wm_files.c
++++ b/source/blender/windowmanager/intern/wm_files.c
+@@ -270,7 +270,8 @@ static void wm_init_userdef(bContext *C)
+
+ /* set the python auto-execute setting from user prefs */
+ /* enabled by default, unless explicitly enabled in the command line which overrides */
+- if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
++ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {
++ /* Blender run with --enable-autoexec */
+ if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC;
+ else G.f &= ~G_SCRIPT_AUTOEXEC;
+ }
+diff --git a/source/creator/creator.c b/source/creator/creator.c
+index c687cc2..1da282f 100644
+--- a/source/creator/creator.c
++++ b/source/creator/creator.c
+@@ -278,6 +278,7 @@ static int print_help(int UNUSED(argc), const char **UNUSED(argv), void *data)
+
+ printf("\n");
+
++ BLI_argsPrintArgDoc(ba, "-666");
+ BLI_argsPrintArgDoc(ba, "--enable-autoexec");
+ BLI_argsPrintArgDoc(ba, "--disable-autoexec");
+
+@@ -359,14 +360,14 @@ static int end_arguments(int UNUSED(argc), const char **UNUSED(argv), void *UNUS
+ static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
+ {
+ G.f |= G_SCRIPT_AUTOEXEC;
+- G.f |= G_SCRIPT_OVERRIDE_PREF;
++ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */
+ return 0;
+ }
+
+ static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
+ {
+ G.f &= ~G_SCRIPT_AUTOEXEC;
+- G.f |= G_SCRIPT_OVERRIDE_PREF;
++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
+ return 0;
+ }
+
+@@ -1075,8 +1076,9 @@ static void setupArguments(bContext *C, bArgs *ba, SYS_SystemHandle *syshandle)
+
+ BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version and exit", print_version, NULL);
+
+- BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution (default)", enable_python, NULL);
+- BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)", disable_python, NULL);
++ BLI_argsAdd(ba, 1, NULL, "-666", "\n\tEnable automatic python script execution (port from CVE-2009-3850 patch to Blender 2.49b)", enable_python, NULL);
++ BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution", enable_python, NULL);
++ BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes) (default)", disable_python, NULL);
+
+ BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in background (often used for UI-less rendering)", background_mode, NULL);
+
+--
+1.7.5.rc1
+