Fix CVE-2008-4863 using the Debian patch by James Vega. Bump PKGREVISION. Mark MAKE_JOBS_SAFE=no since installation fails with -j16.diff -r1.74 -r1.75 pkgsrc/graphics/blender/Makefile
(wiz)
@@ -1,32 +1,34 @@ | @@ -1,32 +1,34 @@ | |||
1 | # $NetBSD: Makefile,v 1.74 2011/04/01 10:59:56 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.75 2011/04/01 11:31:56 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= blender-2.49b | 3 | DISTNAME= blender-2.49b | |
4 | PKGREVISION= 5 | 4 | PKGREVISION= 6 | |
5 | CATEGORIES= graphics | 5 | CATEGORIES= graphics | |
6 | MASTER_SITES= http://download.blender.org/source/ | 6 | MASTER_SITES= http://download.blender.org/source/ | |
7 | 7 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.blender.org/ | 9 | HOMEPAGE= http://www.blender.org/ | |
10 | COMMENT= Fully integrated 3D graphics creation suite | 10 | COMMENT= Fully integrated 3D graphics creation suite | |
11 | LICENSE= gnu-gpl-v2 | 11 | LICENSE= gnu-gpl-v2 | |
12 | 12 | |||
13 | USE_TOOLS+= gmake | 13 | USE_TOOLS+= gmake | |
14 | USE_LANGUAGES= c c++ | 14 | USE_LANGUAGES= c c++ | |
15 | USE_CMAKE= yes | 15 | USE_CMAKE= yes | |
16 | CMAKE_ARG_PATH= .. | 16 | CMAKE_ARG_PATH= .. | |
17 | CONFIGURE_DIRS= _build | 17 | CONFIGURE_DIRS= _build | |
18 | PKG_DESTDIR_SUPPORT= user-destdir | 18 | PKG_DESTDIR_SUPPORT= user-destdir | |
19 | 19 | |||
20 | MAKE_JOBS_SAFE= no | |||
21 | ||||
20 | LDFLAGS+= -lcrypto | 22 | LDFLAGS+= -lcrypto | |
21 | 23 | |||
22 | .include "options.mk" | 24 | .include "options.mk" | |
23 | 25 | |||
24 | INSTALLATION_DIRS= bin | 26 | INSTALLATION_DIRS= bin | |
25 | 27 | |||
26 | CMAKE_ARGS+= -DFREETYPE_INC:PATH=${BUILDLINK_PREFIX.freetype2}/include/freetype2 | 28 | CMAKE_ARGS+= -DFREETYPE_INC:PATH=${BUILDLINK_PREFIX.freetype2}/include/freetype2 | |
27 | CMAKE_ARGS+= -DSDL_INCLUDE_DIR:PATH=${BUILDLINK_PREFIX.SDL}/include/SDL | 29 | CMAKE_ARGS+= -DSDL_INCLUDE_DIR:PATH=${BUILDLINK_PREFIX.SDL}/include/SDL | |
28 | 30 | |||
29 | CHECK_INTERPRETER_SKIP= share/blender/scripts/*.py share/blender/scripts/*/*.py | 31 | CHECK_INTERPRETER_SKIP= share/blender/scripts/*.py share/blender/scripts/*/*.py | |
30 | 32 | |||
31 | pre-configure: | 33 | pre-configure: | |
32 | ${MKDIR} ${WRKSRC}/_build | 34 | ${MKDIR} ${WRKSRC}/_build |
@@ -1,14 +1,15 @@ | @@ -1,14 +1,15 @@ | |||
1 | $NetBSD: distinfo,v 1.29 2009/11/03 19:06:51 markd Exp $ | 1 | $NetBSD: distinfo,v 1.30 2011/04/01 11:31:56 wiz Exp $ | |
2 | 2 | |||
3 | SHA1 (blender-2.49b.tar.gz) = 43f71e7de4efe79c518d45f4b5a04e03c28d5fc5 | 3 | SHA1 (blender-2.49b.tar.gz) = 43f71e7de4efe79c518d45f4b5a04e03c28d5fc5 | |
4 | RMD160 (blender-2.49b.tar.gz) = 5b641de7b41af5e4186c9721b66eddc6870f9fbc | 4 | RMD160 (blender-2.49b.tar.gz) = 5b641de7b41af5e4186c9721b66eddc6870f9fbc | |
5 | Size (blender-2.49b.tar.gz) = 22918377 bytes | 5 | Size (blender-2.49b.tar.gz) = 22918377 bytes | |
6 | SHA1 (patch-ab) = 6779022a78e895154e6e95cecf16e5465ffab637 | 6 | SHA1 (patch-ab) = 6779022a78e895154e6e95cecf16e5465ffab637 | |
7 | SHA1 (patch-ac) = dcfa14519404915a69bd626c8a5a6029d2535ca2 | 7 | SHA1 (patch-ac) = dcfa14519404915a69bd626c8a5a6029d2535ca2 | |
8 | SHA1 (patch-ad) = ee070c6e61585c5ee657f8aa0cd210c15f73bcc9 | 8 | SHA1 (patch-ad) = ee070c6e61585c5ee657f8aa0cd210c15f73bcc9 | |
9 | SHA1 (patch-ah) = b45f534b4c5850da13e9b421f73e33c8d079696f | 9 | SHA1 (patch-ah) = b45f534b4c5850da13e9b421f73e33c8d079696f | |
10 | SHA1 (patch-ai) = 31f94e8dcdabbe043d94a7fd53bfbdaa9d35fc99 | 10 | SHA1 (patch-ai) = 31f94e8dcdabbe043d94a7fd53bfbdaa9d35fc99 | |
11 | SHA1 (patch-aj) = 59c935bc84101e3a57af5231d6f1153897bbbb03 | 11 | SHA1 (patch-aj) = 59c935bc84101e3a57af5231d6f1153897bbbb03 | |
12 | SHA1 (patch-ak) = 98c93b7ee12e60aff0d8890cd1cdc7213515d270 | 12 | SHA1 (patch-ak) = 98c93b7ee12e60aff0d8890cd1cdc7213515d270 | |
13 | SHA1 (patch-al) = 8589d359484351766bfb99e58debf075bebbfd66 | 13 | SHA1 (patch-al) = 8589d359484351766bfb99e58debf075bebbfd66 | |
14 | SHA1 (patch-am) = 6da69ace1e9da706124621f6721fd4d4f804cc6f | 14 | SHA1 (patch-am) = 6da69ace1e9da706124621f6721fd4d4f804cc6f | |
15 | SHA1 (patch-source_blender_python_BPY__interface.c) = 9cc72c2fea93e9bfdf9b2f9cc147be90c044d53d |
$NetBSD: patch-source_blender_python_BPY__interface.c,v 1.1 2011/04/01 11:31:56 wiz Exp $
Fix http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4863
using patch from James Vega via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
--- source/blender/python/BPY_interface.c.orig 2009-09-01 15:21:12.000000000 +0000
+++ source/blender/python/BPY_interface.c
@@ -236,6 +236,12 @@ void BPY_start_python( int argc, char **
Py_Initialize( );
PySys_SetArgv( argc_copy, argv_copy );
+
+ /* Sanitize sys.path to prevent relative imports loading modules in
+ * the current working directory
+ */
+ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+
/* Initialize thread support (also acquires lock) */
PyEval_InitThreads();