diff options
Diffstat (limited to 'media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v4.patch')
| -rw-r--r-- | media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v4.patch | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v4.patch b/media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v4.patch deleted file mode 100644 index 93498791..00000000 --- a/media-gfx/blender/files/blender-2.49b-CVE-2009-3850-v4.patch +++ /dev/null @@ -1,139 +0,0 @@ -From f3a8d00d03cc8bdf1739936998a784c9e4e64bb9 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Sun, 24 Apr 2011 00:00:36 +0200 -Subject: [PATCH] Disable execution of embedded Python code unless run with - -666 (CVE-2009-3850) - ---- - source/blender/blenkernel/intern/blender.c | 11 ++++++++++- - source/blender/python/api2_2x/sceneRender.c | 3 ++- - source/blender/src/buttons_script.c | 4 +++- - source/creator/creator.c | 18 ++++++++++++++---- - 4 files changed, 29 insertions(+), 7 deletions(-) - -diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c -index bf208c8..029b7cf 100644 ---- a/source/blender/blenkernel/intern/blender.c -+++ b/source/blender/blenkernel/intern/blender.c -@@ -388,7 +388,16 @@ static void setup_app_data(BlendFileData *bfd, char *filename) - if (G.f & G_DEBUG) bfd->globalf |= G_DEBUG; - else bfd->globalf &= ~G_DEBUG; - -- if ((U.flag & USER_DONT_DOSCRIPTLINKS)) bfd->globalf &= ~G_DOSCRIPTLINKS; -+ if (G.f & G_DOSCRIPTLINKS) { -+ /* Blender running in -666 mode */ -+ /* NOTE: In background mode U.flag has not been initialized from ~/.B.blend */ -+ if (! G.background && (U.flag & USER_DONT_DOSCRIPTLINKS)) -+ /* Prefer disabled "Auto Run Python Scripts" over -666 */ -+ bfd->globalf &= ~G_DOSCRIPTLINKS; -+ } else { -+ /* Blender NOT running in -666 mode, deny pulling G_DOSCRIPTLINKS in */ -+ bfd->globalf &= ~G_DOSCRIPTLINKS; -+ } - - G.f= bfd->globalf; - -diff --git a/source/blender/python/api2_2x/sceneRender.c b/source/blender/python/api2_2x/sceneRender.c -index 1bf2b75..e34a361 100644 ---- a/source/blender/python/api2_2x/sceneRender.c -+++ b/source/blender/python/api2_2x/sceneRender.c -@@ -498,7 +498,8 @@ static PyObject *RenderData_Render( BPy_RenderData * self ) - - RE_BlenderFrame(re, G.scene, G.scene->r.cfra); - -- BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); -+ if (G.f & G_DOSCRIPTLINKS) -+ BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); - - set_scene_bg( oldsce ); - } -diff --git a/source/blender/src/buttons_script.c b/source/blender/src/buttons_script.c -index 647fc66..6166133 100644 ---- a/source/blender/src/buttons_script.c -+++ b/source/blender/src/buttons_script.c -@@ -107,6 +107,8 @@ - #include "blendef.h" - #include "butspace.h" - -+extern int button_enable_script_links_enabled; -+ - /* ************************ function prototypes ********************** */ - void draw_scriptlink(uiBlock *, ScriptLink *, int , int , int ) ; - -@@ -323,7 +325,7 @@ static void script_panel_scriptlink(void) - block= uiNewBlock(&curarea->uiblocks, "script_panel_scriptlink", UI_EMBOSS, UI_HELV, curarea->win); - if(uiNewPanel(curarea, block, "Scriptlinks", "Script", 0, 0, 318, 204)==0) return; - -- uiDefButBitI(block, TOG, G_DOSCRIPTLINKS, REDRAWBUTSSCRIPT, -+ uiDefButBitI(block, button_enable_script_links_enabled ? TOG : BUT, G_DOSCRIPTLINKS, REDRAWBUTSSCRIPT, - "Enable Script Links", xco, 200, 150, 20, &G.f, 0, 0, 0, 0, - "Enable execution of all assigned Script links and Space Handelers"); - /* for proper alignment: */ -diff --git a/source/creator/creator.c b/source/creator/creator.c -index a562fc3..ccea569 100644 ---- a/source/creator/creator.c -+++ b/source/creator/creator.c -@@ -108,6 +108,8 @@ - #include "binreloc.h" - #endif - -+int button_enable_script_links_enabled = 0; -+ - // from buildinfo.c - #ifdef BUILD_DATE - extern char * build_date; -@@ -232,7 +234,8 @@ static void print_help(void) - printf (" -nojoystick\tDisable joystick support\n"); - printf (" -noglsl\tDisable GLSL shading\n"); - printf (" -h\t\tPrint this help text\n"); -- printf (" -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n"); -+ printf (" -666\t\tEnables automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes)\n"); -+ printf (" -y\t\tDisable automatic python script execution (scriptlinks, pydrivers, pyconstraints, pynodes) (default)\n"); - printf (" -P <filename>\tRun the given Python script (filename or Blender Text)\n"); - #ifdef WIN32 - printf (" -R\t\tRegister .blend extension\n"); -@@ -366,7 +369,7 @@ int main(int argc, char **argv) - - /* first test for background */ - -- G.f |= G_DOSCRIPTLINKS; /* script links enabled by default */ -+ G.f &= ~G_DOSCRIPTLINKS; /* script links disabled by default */ - - for(a=1; a<argc; a++) { - -@@ -388,6 +391,11 @@ int main(int argc, char **argv) - exit(0); - } - -+ if (!strcmp(argv[a], "-666")){ -+ G.f |= G_DOSCRIPTLINKS; -+ button_enable_script_links_enabled = 1; -+ } -+ - /* Handle -* switches */ - else if(argv[a][0] == '-') { - switch(argv[a][1]) { -@@ -405,8 +413,9 @@ int main(int argc, char **argv) - a= argc; - break; - -- case 'y': -+ case 'y': /* NOTE: -y works the exact opposite way in version 2.57! */ - G.f &= ~G_DOSCRIPTLINKS; -+ button_enable_script_links_enabled = 0; - break; - - case 'Y': -@@ -680,7 +689,8 @@ int main(int argc, char **argv) - #endif - RE_BlenderAnim(re, G.scene, frame, frame, G.scene->frame_step); - #ifndef DISABLE_PYTHON -- BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); -+ if (G.f & G_DOSCRIPTLINKS) -+ BPY_do_all_scripts(SCRIPT_POSTRENDER, 0); - #endif - } - } else { --- -1.7.5.rc1 - |
