Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch')
-rw-r--r--media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch172
1 files changed, 0 insertions, 172 deletions
diff --git a/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch b/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch
deleted file mode 100644
index 526e0f7f98ae..000000000000
--- a/media-gfx/blender/files/blender-2.57-CVE-2009-3850-v2.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From c4181c5639da5c6a6df31b434498a44d0d680487 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Tue, 17 May 2011 17:37:11 +0200
-Subject: [PATCH] Disable execution of embedded Python code unless run with
- --enable-autoexec|-y|-666 (CVE-2009-3850)
-
----
- source/blender/blenkernel/intern/blender.c | 3 ++-
- source/blender/makesrna/intern/rna_userdef.c | 16 +++++++++++++---
- source/blender/windowmanager/intern/wm_files.c | 7 ++++++-
- source/blender/windowmanager/intern/wm_operators.c | 16 ++++++++++++----
- source/creator/creator.c | 10 ++++++----
- 5 files changed, 39 insertions(+), 13 deletions(-)
-
-diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c
-index 5f08505..9c27ac7 100644
---- a/source/blender/blenkernel/intern/blender.c
-+++ b/source/blender/blenkernel/intern/blender.c
-@@ -141,7 +141,8 @@ void initglobals(void)
- G.charmin = 0x0000;
- G.charmax = 0xffff;
-
-- G.f |= G_SCRIPT_AUTOEXEC;
-+ G.f &= ~G_SCRIPT_AUTOEXEC;
-+ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
- }
-
- /***/
-diff --git a/source/blender/makesrna/intern/rna_userdef.c b/source/blender/makesrna/intern/rna_userdef.c
-index e9a9ddc..218b50a 100644
---- a/source/blender/makesrna/intern/rna_userdef.c
-+++ b/source/blender/makesrna/intern/rna_userdef.c
-@@ -99,9 +99,17 @@ static void rna_userdef_show_manipulator_update(Main *bmain, Scene *scene, Point
-
- static void rna_userdef_script_autoexec_update(Main *bmain, Scene *scene, PointerRNA *ptr)
- {
-- UserDef *userdef = (UserDef*)ptr->data;
-- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
-- else G.f |= G_SCRIPT_AUTOEXEC;
-+ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
-+ /* Blender run with --enable-autoexec */
-+ UserDef *userdef = (UserDef*)ptr->data;
-+ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC;
-+ else G.f |= G_SCRIPT_AUTOEXEC;
-+ }
-+}
-+
-+static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) {
-+ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
-+ return !(G.f & G_SCRIPT_OVERRIDE_PREF);
- }
-
- static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr)
-@@ -2505,6 +2513,8 @@ static void rna_def_userdef_system(BlenderRNA *brna)
- RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_SCRIPT_AUTOEXEC_DISABLE);
- RNA_def_property_ui_text(prop, "Auto Run Python Scripts", "Allow any .blend file to run scripts automatically (unsafe with blend files from an untrusted source)");
- RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update");
-+ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */
-+ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable");
-
- prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE);
- RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE);
-diff --git a/source/blender/windowmanager/intern/wm_files.c b/source/blender/windowmanager/intern/wm_files.c
-index f4f7af0..37a9664 100644
---- a/source/blender/windowmanager/intern/wm_files.c
-+++ b/source/blender/windowmanager/intern/wm_files.c
-@@ -270,11 +270,16 @@ static void wm_init_userdef(bContext *C)
-
- /* set the python auto-execute setting from user prefs */
- /* enabled by default, unless explicitly enabled in the command line which overrides */
-- if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) {
-+ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) {
-+ /* Blender run with --enable-autoexec */
- if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC;
- else G.f &= ~G_SCRIPT_AUTOEXEC;
- }
- if(U.tempdir[0]) BLI_where_is_temp(btempdir, FILE_MAX, 1);
-+
-+ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */
-+ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC))
-+ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE;
- }
-
- void WM_read_file(bContext *C, const char *name, ReportList *reports)
-diff --git a/source/blender/windowmanager/intern/wm_operators.c b/source/blender/windowmanager/intern/wm_operators.c
-index 28df023..a2142a5 100644
---- a/source/blender/windowmanager/intern/wm_operators.c
-+++ b/source/blender/windowmanager/intern/wm_operators.c
-@@ -1471,12 +1471,13 @@ static int wm_open_mainfile_exec(bContext *C, wmOperator *op)
- G.fileflags &= ~G_FILE_NO_UI;
- else
- G.fileflags |= G_FILE_NO_UI;
--
-- if(RNA_boolean_get(op->ptr, "use_scripts"))
-+
-+ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */
-+ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF)))
- G.f |= G_SCRIPT_AUTOEXEC;
- else
- G.f &= ~G_SCRIPT_AUTOEXEC;
--
-+
- // XXX wm in context is not set correctly after WM_read_file -> crash
- // do it before for now, but is this correct with multiple windows?
- WM_event_add_notifier(C, NC_WINDOW, NULL);
-@@ -1488,6 +1489,8 @@ static int wm_open_mainfile_exec(bContext *C, wmOperator *op)
-
- static void WM_OT_open_mainfile(wmOperatorType *ot)
- {
-+ PropertyRNA * use_scripts_checkbox = NULL;
-+
- ot->name= "Open Blender File";
- ot->idname= "WM_OT_open_mainfile";
- ot->description="Open a Blender file";
-@@ -1499,7 +1502,12 @@ static void WM_OT_open_mainfile(wmOperatorType *ot)
- WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH);
-
- RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file");
-- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences");
-+ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts",
-+ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source",
-+ "Allow blend file execute scripts automatically, default available from system preferences");
-+ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */
-+ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF))
-+ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE);
- }
-
- /* **************** link/append *************** */
-diff --git a/source/creator/creator.c b/source/creator/creator.c
-index c687cc2..1da282f 100644
---- a/source/creator/creator.c
-+++ b/source/creator/creator.c
-@@ -278,6 +278,7 @@ static int print_help(int UNUSED(argc), const char **UNUSED(argv), void *data)
-
- printf("\n");
-
-+ BLI_argsPrintArgDoc(ba, "-666");
- BLI_argsPrintArgDoc(ba, "--enable-autoexec");
- BLI_argsPrintArgDoc(ba, "--disable-autoexec");
-
-@@ -359,14 +360,14 @@ static int end_arguments(int UNUSED(argc), const char **UNUSED(argv), void *UNUS
- static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
- {
- G.f |= G_SCRIPT_AUTOEXEC;
-- G.f |= G_SCRIPT_OVERRIDE_PREF;
-+ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */
- return 0;
- }
-
- static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data))
- {
- G.f &= ~G_SCRIPT_AUTOEXEC;
-- G.f |= G_SCRIPT_OVERRIDE_PREF;
-+ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */
- return 0;
- }
-
-@@ -1075,8 +1076,9 @@ static void setupArguments(bContext *C, bArgs *ba, SYS_SystemHandle *syshandle)
-
- BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version and exit", print_version, NULL);
-
-- BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution (default)", enable_python, NULL);
-- BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)", disable_python, NULL);
-+ BLI_argsAdd(ba, 1, NULL, "-666", "\n\tEnable automatic python script execution (port from CVE-2009-3850 patch to Blender 2.49b)", enable_python, NULL);
-+ BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution", enable_python, NULL);
-+ BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes) (default)", disable_python, NULL);
-
- BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in background (often used for UI-less rendering)", background_mode, NULL);
-
---
-1.7.5.rc3
-