Hello community, here is the log from the commit of package blender checked in at Mon Apr 28 15:43:05 CEST 2008. -------- --- blender/blender.changes 2008-01-04 17:29:40.000000000 +0100 +++ /mounts/work_src_done/STABLE/blender/blender.changes 2008-04-21 08:57:14.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Apr 18 10:50:02 CEST 2008 - pnemec@suse.cz +- security fix (bnc#380922) + new patch: buffer_overflow_380922-2.45.patch + +------------------------------------------------------------------- New: ---- buffer_overflow_380922-2.45.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ blender-doc.spec ++++++ --- /var/tmp/diff_new_pack.H14776/_old 2008-04-28 15:41:50.000000000 +0200 +++ /var/tmp/diff_new_pack.H14776/_new 2008-04-28 15:41:50.000000000 +0200 @@ -10,13 +10,14 @@ # norootforbuild + Name: blender-doc BuildRequires: find License: GNU Free Documentation License, Version 1.1 (GFDL 1.1) Group: Productivity/Graphics/Visualization/Raytracers AutoReqProv: on Version: 2.3 -Release: 101 +Release: 117 Source: BlenderManualIen.23.html.tar.bz2 BuildArch: noarch Url: http://www.blender.org ++++++ blender.spec ++++++ --- /var/tmp/diff_new_pack.H14776/_old 2008-04-28 15:41:50.000000000 +0200 +++ /var/tmp/diff_new_pack.H14776/_new 2008-04-28 15:41:50.000000000 +0200 @@ -10,6 +10,7 @@ # norootforbuild + Name: blender %define DISTRIBUTABLE 1 # Patched code is built by default. @@ -23,7 +24,7 @@ AutoReqProv: on Requires: yafray Version: 2.45 -Release: 37 +Release: 66 %if %DISTRIBUTABLE <= 0 Source: %{name}-%{version}.tar.bz2 %else @@ -54,6 +55,9 @@ Patch10: blender-strncat.patch # Patch11: blender-2.44-gcc43.patch +# +# will not be needed after 2.45 +Patch12: buffer_overflow_380922-2.45.patch Url: http://www.blender.org/ #Icon: blender.xpm BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -88,6 +92,7 @@ %patch9 %patch10 %patch11 +%patch12 #fix locale naming mv bin/.blender/locale/zh_cn bin/.blender/locale/zh_CN mv bin/.blender/locale/pt_br bin/.blender/locale/pt_BR @@ -219,6 +224,9 @@ /usr/share/pixmaps/blender.xpm %changelog +* Fri Apr 18 2008 pnemec@suse.cz +- security fix (bnc#380922) + new patch: buffer_overflow_380922-2.45.patch * Fri Jan 04 2008 pnemec@suse.cz - do not build againt key_internal.h mt19937int.c [#333796] * Wed Oct 03 2007 coolo@suse.de ++++++ buffer_overflow_380922-2.45.patch ++++++ Index: source/blender/imbuf/intern/radiance_hdr.c =================================================================== --- source/blender/imbuf/intern/radiance_hdr.c.orig +++ source/blender/imbuf/intern/radiance_hdr.c @@ -191,7 +191,8 @@ struct ImBuf *imb_loadhdr(unsigned char } } if (found) { - sscanf((char*)&mem[x+1], "%s %d %s %d", (char*)&oriY, &height, (char*)&oriX, &width); + if (sscanf((char *)&mem[x+1], "%80s %d %80s %d", (char*)&oriY, &height, + (char*)&oriX, &width) != 4) return NULL; /* find end of this line, data right behind it */ ptr = (unsigned char *)strchr((char*)&mem[x+1], '\n'); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org