diff options
-rw-r--r-- | media-gfx/blender/Manifest | 2 | ||||
-rw-r--r-- | media-gfx/blender/blender-2.61-r1.ebuild | 425 | ||||
-rw-r--r-- | media-gfx/blender/files/blender-2.61-CVE-2009-3850-v4.patch | 164 |
3 files changed, 591 insertions, 0 deletions
diff --git a/media-gfx/blender/Manifest b/media-gfx/blender/Manifest index 78fc9a0..ef0c967 100644 --- a/media-gfx/blender/Manifest +++ b/media-gfx/blender/Manifest @@ -14,6 +14,7 @@ AUX blender-2.60a-insecure.desktop 594 RMD160 48d7b683f4ae057a1766dabb267e5048e9 AUX blender-2.60a-libav-0.7.patch 1181 RMD160 66dc84d6ca37a97bb43886ed86b72499383636b6 SHA1 be60d7fd39821fb28b3e23a659df8f7eb51d1f60 SHA256 d8e7a08b042ce8311bd71e2edec7457ddf8fe8b64243f30f179d391ea170ab50 AUX blender-2.60a-linux-3.patch 414 RMD160 cb1cfc00e363e00c67a3c6d3567768418be78f39 SHA1 71f4701aa2e88de35843661cf5eecfe411ccd99b SHA256 4f1f8960e1b5706b426e272c17b70682b1eaa5903fa325e4d4db21efd540d732 AUX blender-2.61-CVE-2009-3850-v3.patch 7515 RMD160 0faf4de3a330fd2920bdf2b688d3bc5cb530d86f SHA1 77c637a4e6be816534887dab06614bb3dddad3af SHA256 f9d2eb3e09d30c21a3f51de34bc978d25c598a2fc420e809ea49293c55178139 +AUX blender-2.61-CVE-2009-3850-v4.patch 9194 RMD160 cf5519882821c318f32ac3ff16f0a73998941228 SHA1 91e029b6bcdad6adec3034dc313604cae9f9d4dd SHA256 bcf6155d39ee3a31422ddfd21e729bce542a181ebdcfd9c4a6e40c37e06b9485 AUX blender-2.61-desktop.patch 642 RMD160 5706c6cdcad1655fb9c4f3b5feeb47c5f11f2c7a SHA1 689e9c8bbf2ce001cac08a74d7ed13ac00d7b2b4 SHA256 11dcfa44db29728c518e2b560ce9f3ccbd67af372aa3421e4f5d6512f9298a33 AUX blender-2.61-eigen.patch 27106 RMD160 3042ba69913c98531ad60bd3a7fadf7817c5b062 SHA1 cde414399438b7d9ea7e756ef86aa08b5c9983e2 SHA256 e1e465f158a49287795d0f1a046d59b8d7ff8459c3ea8d57ee4b40518897d903 AUX blender-2.61-enable_site_module.patch 1061 RMD160 60ba42b15c490776200fa0eea38ae7c856a1f567 SHA1 a9e5bf42d9b6ade5fb595009c6fde7412b002a8f SHA256 3d7b7c0814d97ed5db76828e243120782a0fb0a5304b90d978c3a20e1fb37a83 @@ -23,5 +24,6 @@ AUX blender-desktop.patch 641 RMD160 5be612d2836005e51e1bcfed10959e75315f201f SH DIST blender-2.60a.tar.gz 25679123 RMD160 74434c4e748872322386971cf6021255b0bfa1c8 SHA1 f23551e6ed661626c61de4a758d9ff67e0f27529 SHA256 7d788599ab46dac37f630dec026d06f7e3d73508f243eeb4ade8bcdcb661f124 DIST blender-2.61.tar.gz 25087312 RMD160 fb3b368144d31cd850a0602b7b5e746fca17d7fc SHA1 1b0d008e8022cb29efc9b4a337379eeb93bdcbb7 SHA256 58563583c8775fa0f746a7f4899b1619fec3df69accfa536544fdcbf372685f1 EBUILD blender-2.60a.ebuild 13760 RMD160 bc4458ccf226e20c140ed022325c35bda09a1add SHA1 95a5894363e730db0a66a16f9e8fcb775ea6896a SHA256 146e61d01da115d202f5c77b17ae938a4c2e92344b71b5422bcf6165d4d71d29 +EBUILD blender-2.61-r1.ebuild 12982 RMD160 a4c10e2cde47bc97742e3efbbff2fbe0839bf1be SHA1 5492736f268813bf11841ae44cfcc3ba655ba04e SHA256 90d8e092d353ff35d8966ed4e3dc01d6514fc5dc41850ea5cd72c2f0e88bd215 EBUILD blender-2.61.ebuild 13767 RMD160 dfe843c6b2cff607f1215faea2eb805d03d689a7 SHA1 8b43d751d3c2b0d1c0dad0d47c0cdb202674b65b SHA256 0e4929b08a6e1da7c46ff57b12aa27c21c2f7071933d7b2002d26d15407511d8 MISC metadata.xml 2031 RMD160 7cef28cc97256936c8420d9399c5469dc917f7d1 SHA1 734027d18091dc859e24ec436f7ac992521223d7 SHA256 2aec9b99fcd11925094c06634d41af4cd3681cb81b404cc170b230dd4e337d13 diff --git a/media-gfx/blender/blender-2.61-r1.ebuild b/media-gfx/blender/blender-2.61-r1.ebuild new file mode 100644 index 0000000..af89a1e --- /dev/null +++ b/media-gfx/blender/blender-2.61-r1.ebuild @@ -0,0 +1,425 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/blender/blender-2.60a.ebuild,v 1.4 2011/11/13 22:43:48 sping Exp $ + +PYTHON_DEPEND="3:3.2" +EAPI=4 + +if [[ ${PV} == *9999 ]] ; then +SCM="subversion" +ESVN_REPO_URI="https://svn.blender.org/svnroot/bf-blender/trunk/blender" +fi + +inherit scons-utils eutils python versionator flag-o-matic toolchain-funcs ${SCM} + +IUSE="cycles +game-engine player +elbeem +openexr ffmpeg jpeg2k openal openmp \ + +dds debug doc fftw jack apidoc sndfile tweak-mode sdl sse \ + redcode +zlib iconv contrib 3dmouse" + +LANGS="en ar bg ca cs de el es fi fr hr it ja ko nl pl pt_BR ro ru sr sv uk zh_CN" +for X in ${LANGS} ; do + IUSE="${IUSE} linguas_${X}" +done + +DESCRIPTION="3D Creation/Animation/Publishing System" +HOMEPAGE="http://www.blender.org" +if [[ ${PV} == *9999 ]] ; then + SRC_URI="" +elif [[ ${PV%_p*} != ${PV} ]] ; then # Gentoo snapshot + SRC_URI="mirror://gentoo/${P}.tar.xz" +else # Official release + SRC_URI="http://download.blender.org/source/${P}.tar.gz" +fi + +#SLOT="$(get_version_component_range 1-2)" +SLOT="2.60" +LICENSE="|| ( GPL-2 BL )" +KEYWORDS="~amd64 ~x86" + +RDEPEND="virtual/jpeg + media-libs/libpng + x11-libs/libXi + x11-libs/libX11 + media-libs/tiff + media-libs/libsamplerate + virtual/opengl + >=media-libs/freetype-2.0 + virtual/libintl + media-libs/glew + >=sci-physics/bullet-2.76 + dev-cpp/eigen:3 + cycles? ( + media-libs/openimageio + dev-libs/boost + ) + iconv? ( virtual/libiconv ) + zlib? ( sys-libs/zlib ) + sdl? ( media-libs/libsdl[audio,joystick] ) + openexr? ( media-libs/openexr ) + ffmpeg? ( + >=virtual/ffmpeg-0.6.90[x264,mp3,encode,theora] + jpeg2k? ( >=virtual/ffmpeg-0.6.90[x264,mp3,encode,theora,jpeg2k] ) + ) + openal? ( >=media-libs/openal-1.6.372 ) + fftw? ( sci-libs/fftw:3.0 ) + jack? ( media-sound/jack-audio-connection-kit ) + sndfile? ( media-libs/libsndfile ) + 3dmouse? ( media-libs/libspnav )" + +DEPEND="dev-util/scons + apidoc? ( + dev-python/sphinx + app-doc/doxygen[-nodot] + game-engine? ( dev-python/epydoc ) + ) + ${RDEPEND}" + +# configure internationalization only if LINGUAS have more +# languages than 'en', otherwise must be disabled +if [[ ${LINGUAS} != "en" && -n ${LINGUAS} ]]; then + DEPEND="${DEPEND} + sys-devel/gettext" +fi + +blend_with() { + local UWORD="$2" + [ -z "${UWORD}" ] && UWORD="$1" + if use $1; then + echo "WITH_BF_${UWORD}=1" | tr '[:lower:]' '[:upper:]' \ + >> "${S}"/user-config.py + else + echo "WITH_BF_${UWORD}=0" | tr '[:lower:]' '[:upper:]' \ + >> "${S}"/user-config.py + fi +} + +src_unpack() { +if [[ ${PV} == *9999 ]] ; then + subversion_fetch + if use contrib; then + S="${S}"/release/scripts/addons_contrib subversion_fetch \ + "https://svn.blender.org/svnroot/bf-extensions/contrib/py/scripts/addons/" + fi +else + unpack ${A} +fi +} + +pkg_setup() { + enable_openmp=0 + if use openmp; then + if tc-has-openmp; then + enable_openmp=1 + else + ewarn "You are using gcc built without 'openmp' USE." + ewarn "Switch CXX to an OpenMP capable compiler." + die "Need openmp" + fi + fi + python_set_active_version 3 +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-desktop.patch + + # OpenJPEG + einfo "Removing bundled OpenJPEG ..." + rm -r extern/libopenjpeg + epatch "${FILESDIR}"/${PN}-${SLOT}-openjpeg.patch + + # Glew + einfo "Removing bundled Glew ..." + rm -r extern/glew + epatch "${FILESDIR}"/${P}-glew.patch + + # Eigen3 + einfo "Removing bundled Eigen3 ..." + rm -r extern/Eigen3 + epatch "${FILESDIR}"/${P}-eigen.patch + + # Bullet2 + einfo "Removing bundled Bullet2 ..." + rm -r extern/bullet2 + epatch "${FILESDIR}"/${PN}-${SLOT}-bullet.patch + + # Linux 3.x (bug #381099) + epatch "${FILESDIR}"/${PN}-${SLOT}-linux-3.patch + + epatch "${FILESDIR}"/${PN}-${SLOT}-libav-0.7.patch + epatch "${FILESDIR}"/${P}-CVE-2009-3850-v4.patch + epatch "${FILESDIR}"/${P}-enable_site_module.patch +} + +src_configure() { + # add system openjpeg into Scons build options. + cat <<- EOF >> "${S}"/user-config.py + BF_OPENJPEG="/usr" + BF_OPENJPEG_INC="/usr/include" + BF_OPENJPEG_LIB="openjpeg" + EOF + + # add system sci-physic/bullet into Scons build options. + cat <<- EOF >> "${S}"/user-config.py + WITH_BF_BULLET=1 + BF_BULLET="/usr/include" + BF_BULLET_INC="/usr/include/bullet /usr/include/bullet/BulletCollision /usr/include/bullet/BulletDynamics /usr/include/bullet/LinearMath /usr/include/bullet/BulletSoftBody" + BF_BULLET_LIB="BulletSoftBody BulletDynamics BulletCollision LinearMath" + EOF + + #add iconv into Scons build options. + if use !elibc_glibc && use !elibc_uclibc && use iconv; then + cat <<- EOF >> "${S}"/user-config.py + WITH_BF_ICONV=1 + BF_ICONV="/usr" + EOF + fi + + # configure internationalization only if LINGUAS have more + # languages than 'en', otherwise must be disabled + [[ -z ${LINGUAS} ]] || [[ ${LINGUAS} == "en" ]] && echo "WITH_BF_INTERNATIONAL=0" >> "${S}"/user-config.py + + # configure Elbeem fluid system + use elbeem || echo "BF_NO_ELBEEM=1" >> "${S}"/user-config.py + + # configure Tweak Mode + use tweak-mode && echo "BF_TWEAK_MODE=1" >> "${S}"/user-config.py + + # FIX: Game Engine module needs to be active to build the Blender Player + if ! use game-engine && use player; then + elog "Forcing Game Engine [+game-engine] as required by Blender Player [+player]" + echo "WITH_BF_GAMEENGINE=1" >> "${S}"/user-config.py + else + blend_with game-engine gameengine + fi + + # set CFLAGS used in /etc/make.conf correctly + echo "CFLAGS=[`for i in ${CFLAGS[@]}; do printf "%s \'$i"\',; done`] " \ + | sed -e "s:,]: ]:" >> "${S}"/user-config.py + + # set CXXFLAGS used in /etc/make.conf correctly + local FILTERED_CXXFLAGS="`for i in ${CXXFLAGS[@]}; do printf "%s \'$i"\',; done`" + echo "CXXFLAGS=[${FILTERED_CXXFLAGS}]" | sed -e "s:,]: ]:" >> "${S}"/user-config.py + echo "BGE_CXXFLAGS=[${FILTERED_CXXFLAGS}]" | sed -e "s:,]: ]:" >> "${S}"/user-config.py + + # reset general options passed to the C/C++ compilers (useless hardcoded flags) + # FIX: forcing '-funsigned-char' fixes an anti-aliasing issue with menu + # shadows, see bug #276338 for reference + echo "CCFLAGS= ['-funsigned-char', '-D_LARGEFILE_SOURCE', '-D_FILE_OFFSET_BITS=64']" >> "${S}"/user-config.py + + # set LDFLAGS used in /etc/make.conf correctly + local FILTERED_LDFLAGS="`for i in ${LDFLAGS[@]}; do printf "%s \'$i"\',; done`" + echo "LINKFLAGS=[${FILTERED_LDFLAGS}]" | sed -e "s:,]: ]:" >> "${S}"/user-config.py + echo "PLATFORM_LINKFLAGS=[${FILTERED_LDFLAGS}]" | sed -e "s:,]: ]:" >> "${S}"/user-config.py + + # reset REL_* variables (useless hardcoded flags) + cat <<- EOF >> "${S}"/user-config.py + REL_CFLAGS=[] + REL_CXXFLAGS=[] + REL_CCFLAGS=[] + EOF + + # reset warning flags (useless for NON blender developers) + cat <<- EOF >> "${S}"/user-config.py + C_WARN =[ '-w', '-g0' ] + CC_WARN =[ '-w', '-g0' ] + CXX_WARN=[ '-w', '-g0' ] + EOF + + # detecting -j value from MAKEOPTS + local NUMJOBS="$( echo "${MAKEOPTS}" | sed -ne 's,.*-j\([[:digit:]]\+\).*,\1,p' )" + [[ -z "${NUMJOBS}" ]] && NUMJOBS=1 # resetting to -j1 for empty MAKEOPTS + + # generic settings which differ from the defaults from linux2-config.py + cat <<- EOF >> "${S}"/user-config.py + BF_OPENGL_LIB='GL GLU X11 Xi GLEW' + BF_INSTALLDIR="../install" + WITH_PYTHON_SECURITY=1 + WITHOUT_BF_PYTHON_INSTALL=1 + BF_PYTHON="/usr" + BF_PYTHON_VERSION="3.2" + BF_PYTHON_ABI_FLAGS="" + BF_BUILDINFO=0 + BF_QUIET=1 + BF_NUMJOBS=${NUMJOBS} + BF_LINE_OVERWRITE=0 + WITH_BF_FHS=1 + WITH_BF_BINRELOC=0 + WITH_BF_STATICOPENGL=0 + WITH_BF_OPENMP=${enable_openmp} + EOF + + # configure WITH_BF* Scons build options + for arg in \ + 'sdl' \ + 'apidoc docs' \ + 'jack' \ + 'sndfile' \ + 'openexr' \ + 'dds' \ + 'fftw fftw3' \ + 'jpeg2k openjpeg' \ + 'openal'\ + 'ffmpeg' \ + 'ffmpeg ogg' \ + 'player' \ + 'sse rayoptimization' \ + 'redcode' \ + 'zlib' \ + '3dmouse' ; do + blend_with ${arg} + done + + # enable debugging/testing support + use debug && echo "BF_DEBUG=1" >> "${S}"/user-config.py + use test && echo "BF_UNIT_TEST=1" >> "${S}"/user-config.py + + # enables Cycles render engine + if use cycles; then + cat <<- EOF >> "${S}"/user-config.py + WITH_BF_CYCLES=1 + WITH_BF_OIIO=1 + BF_OIIO="/usr" + BF_OIIO_INC="/usr/include" + BF_OIIO_LIB="OpenImageIO" + WITH_BF_BOOST=1 + BF_BOOST="/usr" + BF_BOOST_INC="/usr/include/boost" + EOF + fi + +} + +src_compile() { + escons || die \ + '!!! Please add "${S}/scons.config" when filing bugs reports \ + to bugs.gentoo.org' +} + +src_install() { + # creating binary wrapper + cat <<- EOF >> "${WORKDIR}/install/blender-${PV}" + #!/bin/sh + + # stop this script if the local blender path is a symlink + if [ -L \${HOME}/.blender ]; then + echo "Detected a symbolic link for \${HOME}/.blender" + echo "Sorry, to avoid dangerous situations, the Blender binary can" + echo "not be started until you have removed the symbolic link:" + echo " # rm -i \${HOME}/.blender" + exit 1 + fi + + export BLENDER_SYSTEM_SCRIPTS="/usr/share/blender/${PV}/scripts" + export BLENDER_SYSTEM_DATAFILES="/usr/share/blender/${PV}/datafiles" + export BLENDER_SYSTEM_PLUGINS="/usr/lib/blender/${PV}/plugins" + exec /usr/bin/blender-bin-${PV} \$* + EOF + + # install binaries + exeinto /usr/bin/ + cp "${WORKDIR}/install/blender" "${WORKDIR}/install/blender-bin-${PV}" + doexe "${WORKDIR}/install/blender-bin-${PV}" + doexe "${WORKDIR}/install/blender-${PV}" + if use player; then + cp "${WORKDIR}/install/blenderplayer" \ + "${WORKDIR}/install/blenderplayer-${PV}" + doexe "${WORKDIR}/install/blenderplayer-${PV}" + fi + + # install plugin headers + insinto /usr/include/${PN}/${PV} + doins "${WORKDIR}"/${P}/source/blender/blenpluginapi/*.h + + # install contrib scripts addons + insinto /usr/share/${PN}/${PV}/scripts + use contrib && doins -r "${WORKDIR}"/${P}/release/scripts/addons_contrib + + # install desktop file + insinto /usr/share/pixmaps + cp release/freedesktop/icons/scalable/apps/blender.svg \ + release/freedesktop/icons/scalable/apps/blender-${PV}.svg + doins release/freedesktop/icons/scalable/apps/blender-${PV}.svg + insinto /usr/share/applications + cp release/freedesktop/blender.desktop \ + release/freedesktop/blender-${PV}.desktop + doins release/freedesktop/blender-${PV}.desktop + newins "${FILESDIR}"/${P}-insecure.desktop ${P}-insecure.desktop + + # install docs + doman "${WORKDIR}"/${P}/doc/manpage/blender.1 + use doc && dodoc -r "${WORKDIR}"/${P}/doc/guides/* + if use apidoc; then + + einfo "Generating (BGE) Blender Game Engine API docs ..." + epydoc source/gameengine/PyDoc/*.py -v \ + -o doc/BGE_API \ + --quiet --quiet --quiet \ + --simple-term \ + --url "http://www.blender.org" \ + --top API_intro \ + --name "Blender GameEngine" \ + --no-private --no-sourcecode \ + --inheritance=included \ + --graph=all \ + --dotpath /usr/bin/dot \ + || die "epydoc failed." + docinto "API/gameengine" + dohtml -r "${WORKDIR}"/${P}/doc/BGE_API/* + + #einfo "Generating (BPY) Blender Python API docs ..." + "${D}"/usr/bin/blender-bin-${PV} --background --python doc/python_api/sphinx_doc_gen.py || die "blender failed." + pushd doc/python_api > /dev/null + sphinx-build sphinx-in BPY_API || die "sphinx failed." + popd > /dev/null + docinto "API/python" + dohtml -r doc/python_api/BPY_API/* + + einfo "Generating Blender C/C++ API docs ..." + pushd "${WORKDIR}"/${P}/doc/doxygen > /dev/null + doxygen -u Doxyfile + doxygen || die "doxygen failed to build API docs." + docinto "API/blender" + dohtml -r html/* + popd > /dev/null + fi + + # final cleanup + rm -r "${WORKDIR}"/install/{Python-license.txt,icons,GPL-license.txt,copyright.txt} + + # installing blender + insinto /usr/share/${PN}/${PV} + doins -r "${WORKDIR}"/install/${PV}/* + + # FIX: making all python scripts readable only by group 'users', + # so nobody can modify scripts apart root user, but python + # cache (*.pyc) can be written and shared across the users. +# chown root:users -R "${D}/usr/share/${PN}/${SLOT}/scripts" || die +# chmod 755 -R "${D}/usr/share/${PN}/${SLOT}/scripts" || die +} + +pkg_postinst() { + echo + elog "Blender uses python integration. As such, may have some" + elog "inherit risks with running unknown python scripting." + elog + elog "It is recommended to change your blender temp directory" + elog "from /tmp to /home/user/tmp or another tmp file under your" + elog "home directory. This can be done by starting blender, then" + elog "dragging the main menu down do display all paths." + elog + elog "Blender has its own internal rendering engine but you" + elog "can export to external renderers for image computation" + elog "like: YafRay[1], sunflow[2], PovRay[3] and luxrender[4]" + elog + elog "If you need one of them just emerge it:" + elog " [1] emerge -av media-gfx/yafray" + elog " [2] emerge -av media-gfx/sunflow" + elog " [3] emerge -av media-gfx/povray" + elog " [4] emerge -av media-gfx/luxrender" + elog + elog "When setting the Blender paths with the User Preferences" + elog "dialog box, remember to NOT declare your home's paths as:" + elog "~/.blender, but as: /home/user/.blender; in other words," + elog "DO NOT USE the tilde inside the paths, as Blender is not" + elog "able to handle it, ignoring your customizations." +} diff --git a/media-gfx/blender/files/blender-2.61-CVE-2009-3850-v4.patch b/media-gfx/blender/files/blender-2.61-CVE-2009-3850-v4.patch new file mode 100644 index 0000000..956eb50 --- /dev/null +++ b/media-gfx/blender/files/blender-2.61-CVE-2009-3850-v4.patch @@ -0,0 +1,164 @@ +diff -Npur blender-2.61.orig/SConstruct blender-2.61/SConstruct +--- blender-2.61.orig/SConstruct 2012-01-02 16:57:51.329355164 +0100 ++++ blender-2.61/SConstruct 2012-01-02 17:04:36.232349086 +0100 +@@ -346,6 +346,10 @@ if 'blenderplayer' in B.targets: + if 'blendernogame' in B.targets: + env['WITH_BF_GAMEENGINE'] = False + ++# build without python autoexec security? ++if env['WITH_PYTHON_SECURITY'] == True: ++ env.Append(CPPFLAGS=['-DWITH_PYTHON_SECURITY']) ++ + # build without elbeem (fluidsim)? + if env['WITH_BF_FLUID'] == 1: + env['CPPFLAGS'].append('-DWITH_MOD_FLUID') +diff -Npur blender-2.61.orig/build_files/scons/tools/btools.py blender-2.61/build_files/scons/tools/btools.py +--- blender-2.61.orig/build_files/scons/tools/btools.py 2012-01-02 16:56:21.351357062 +0100 ++++ blender-2.61/build_files/scons/tools/btools.py 2012-01-02 17:01:37.760350726 +0100 +@@ -96,7 +96,7 @@ def print_arguments(args, bc): + + def validate_arguments(args, bc): + opts_list = [ +- 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', ++ 'WITH_BF_PYTHON', 'WITH_BF_PYTHON_SAFETY', 'BF_PYTHON', 'BF_PYTHON_VERSION', 'BF_PYTHON_INC', 'BF_PYTHON_BINARY', 'BF_PYTHON_LIB', 'BF_PYTHON_LIBPATH', 'WITH_BF_STATICPYTHON', 'WITH_OSX_STATICPYTHON', 'BF_PYTHON_LIB_STATIC', 'BF_PYTHON_DLL', 'BF_PYTHON_ABI_FLAGS', 'WITH_PYTHON_SECURITY', + 'WITH_BF_OPENAL', 'BF_OPENAL', 'BF_OPENAL_INC', 'BF_OPENAL_LIB', 'BF_OPENAL_LIBPATH', 'WITH_BF_STATICOPENAL', 'BF_OPENAL_LIB_STATIC', + 'WITH_BF_SDL', 'BF_SDL', 'BF_SDL_INC', 'BF_SDL_LIB', 'BF_SDL_LIBPATH', + 'WITH_BF_JACK', 'BF_JACK', 'BF_JACK_INC', 'BF_JACK_LIB', 'BF_JACK_LIBPATH', +@@ -256,6 +256,7 @@ def read_opts(env, cfg, args): + (BoolVariable('WITH_BF_STATICPYTHON', 'Staticly link to python', False)), + (BoolVariable('WITH_OSX_STATICPYTHON', 'Staticly link to python', True)), + ('BF_PYTHON_ABI_FLAGS', 'Python ABI flags (suffix in library version: m, mu, etc)', ''), ++ (BoolVariable('WITH_PYTHON_SECURITY', 'Disables execution of scripts within blend files by default (recommend to leave off)', False)), + + (BoolVariable('WITH_BF_FLUID', 'Build with Fluid simulation (Elbeem)', True)), + (BoolVariable('WITH_BF_DECIMATE', 'Build with decimate modifier', True)), +diff -Npur blender-2.61.orig/source/blender/blenkernel/intern/blender.c blender-2.61/source/blender/blenkernel/intern/blender.c +--- blender-2.61.orig/source/blender/blenkernel/intern/blender.c 2012-01-02 16:57:51.329355164 +0100 ++++ blender-2.61/source/blender/blenkernel/intern/blender.c 2012-01-02 16:48:10.700365736 +0100 +@@ -144,6 +144,7 @@ void initglobals(void) + G.f |= G_SCRIPT_AUTOEXEC; + #else + G.f &= ~G_SCRIPT_AUTOEXEC; ++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ + #endif + } + +diff -Npur blender-2.61.orig/source/blender/makesrna/intern/rna_userdef.c blender-2.61/source/blender/makesrna/intern/rna_userdef.c +--- blender-2.61.orig/source/blender/makesrna/intern/rna_userdef.c 2012-01-02 16:57:51.330355184 +0100 ++++ blender-2.61/source/blender/makesrna/intern/rna_userdef.c 2012-01-02 16:48:10.701365735 +0100 +@@ -114,9 +114,17 @@ static void rna_userdef_show_manipulator + + static void rna_userdef_script_autoexec_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr) + { +- UserDef *userdef = (UserDef*)ptr->data; +- if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; +- else G.f |= G_SCRIPT_AUTOEXEC; ++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { ++ /* Blender run with --enable-autoexec */ ++ UserDef *userdef = (UserDef*)ptr->data; ++ if (userdef->flag & USER_SCRIPT_AUTOEXEC_DISABLE) G.f &= ~G_SCRIPT_AUTOEXEC; ++ else G.f |= G_SCRIPT_AUTOEXEC; ++ } ++} ++ ++static int rna_userdef_script_autoexec_editable(Main *bmain, Scene *scene, PointerRNA *ptr) { ++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ ++ return !(G.f & G_SCRIPT_OVERRIDE_PREF); + } + + static void rna_userdef_mipmap_update(Main *bmain, Scene *scene, PointerRNA *ptr) +@@ -2729,6 +2737,8 @@ static void rna_def_userdef_system(Blend + "Allow any .blend file to run scripts automatically " + "(unsafe with blend files from an untrusted source)"); + RNA_def_property_update(prop, 0, "rna_userdef_script_autoexec_update"); ++ /* Disable "Auto Run Python Scripts" checkbox unless Blender run with --enable-autoexec */ ++ RNA_def_property_editable_func(prop, "rna_userdef_script_autoexec_editable"); + + prop= RNA_def_property(srna, "use_tabs_as_spaces", PROP_BOOLEAN, PROP_NONE); + RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", USER_TXT_TABSTOSPACES_DISABLE); +diff -Npur blender-2.61.orig/source/blender/windowmanager/intern/wm_files.c blender-2.61/source/blender/windowmanager/intern/wm_files.c +--- blender-2.61.orig/source/blender/windowmanager/intern/wm_files.c 2012-01-02 16:57:51.330355184 +0100 ++++ blender-2.61/source/blender/windowmanager/intern/wm_files.c 2012-01-02 16:48:10.702365735 +0100 +@@ -286,13 +286,18 @@ static void wm_init_userdef(bContext *C) + + /* set the python auto-execute setting from user prefs */ + /* enabled by default, unless explicitly enabled in the command line which overrides */ +- if((G.f & G_SCRIPT_OVERRIDE_PREF) == 0) { ++ if (! G.background && ((G.f & G_SCRIPT_OVERRIDE_PREF) == 0)) { ++ /* Blender run with --enable-autoexec */ + if ((U.flag & USER_SCRIPT_AUTOEXEC_DISABLE) == 0) G.f |= G_SCRIPT_AUTOEXEC; + else G.f &= ~G_SCRIPT_AUTOEXEC; + } + + /* update tempdir from user preferences */ + BLI_init_temporary_dir(U.tempdir); ++ ++ /* Workaround to fix default of "Auto Run Python Scripts" checkbox */ ++ if ((G.f & G_SCRIPT_OVERRIDE_PREF) && !(G.f & G_SCRIPT_AUTOEXEC)) ++ U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; + } + + +diff -Npur blender-2.61.orig/source/blender/windowmanager/intern/wm_operators.c blender-2.61/source/blender/windowmanager/intern/wm_operators.c +--- blender-2.61.orig/source/blender/windowmanager/intern/wm_operators.c 2012-01-02 16:57:51.331355194 +0100 ++++ blender-2.61/source/blender/windowmanager/intern/wm_operators.c 2012-01-02 16:48:10.703365736 +0100 +@@ -1601,12 +1601,13 @@ static int wm_open_mainfile_exec(bContex + G.fileflags &= ~G_FILE_NO_UI; + else + G.fileflags |= G_FILE_NO_UI; +- +- if(RNA_boolean_get(op->ptr, "use_scripts")) ++ ++ /* Restrict "Trusted Source" mode to Blender in --enable-autoexec mode */ ++ if(RNA_boolean_get(op->ptr, "use_scripts") && (!(G.f & G_SCRIPT_OVERRIDE_PREF))) + G.f |= G_SCRIPT_AUTOEXEC; + else + G.f &= ~G_SCRIPT_AUTOEXEC; +- ++ + // XXX wm in context is not set correctly after WM_read_file -> crash + // do it before for now, but is this correct with multiple windows? + WM_event_add_notifier(C, NC_WINDOW, NULL); +@@ -1618,6 +1619,8 @@ static int wm_open_mainfile_exec(bContex + + static void WM_OT_open_mainfile(wmOperatorType *ot) + { ++ PropertyRNA * use_scripts_checkbox = NULL; ++ + ot->name= "Open Blender File"; + ot->idname= "WM_OT_open_mainfile"; + ot->description="Open a Blender file"; +@@ -1629,7 +1632,12 @@ static void WM_OT_open_mainfile(wmOperat + WM_operator_properties_filesel(ot, FOLDERFILE|BLENDERFILE, FILE_BLENDER, FILE_OPENFILE, WM_FILESEL_FILEPATH); + + RNA_def_boolean(ot->srna, "load_ui", 1, "Load UI", "Load user interface setup in the .blend file"); +- RNA_def_boolean(ot->srna, "use_scripts", 1, "Trusted Source", "Allow blend file execute scripts automatically, default available from system preferences"); ++ use_scripts_checkbox = RNA_def_boolean(ot->srna, "use_scripts", ++ !!(G.f & G_SCRIPT_AUTOEXEC), "Trusted Source", ++ "Allow blend file execute scripts automatically, default available from system preferences"); ++ /* Disable "Trusted Source" checkbox unless Blender run with --enable-autoexec */ ++ if (use_scripts_checkbox && (G.f & G_SCRIPT_OVERRIDE_PREF)) ++ RNA_def_property_clear_flag(use_scripts_checkbox, PROP_EDITABLE); + } + + /* **************** link/append *************** */ +diff -Npur blender-2.61.orig/source/creator/creator.c blender-2.61/source/creator/creator.c +--- blender-2.61.orig/source/creator/creator.c 2012-01-02 16:57:51.332355222 +0100 ++++ blender-2.61/source/creator/creator.c 2012-01-02 16:48:10.704365737 +0100 +@@ -330,14 +330,14 @@ static int end_arguments(int UNUSED(argc + static int enable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) + { + G.f |= G_SCRIPT_AUTOEXEC; +- G.f |= G_SCRIPT_OVERRIDE_PREF; ++ G.f &= ~G_SCRIPT_OVERRIDE_PREF; /* Enables turning G_SCRIPT_AUTOEXEC off from user prefs */ + return 0; + } + + static int disable_python(int UNUSED(argc), const char **UNUSED(argv), void *UNUSED(data)) + { + G.f &= ~G_SCRIPT_AUTOEXEC; +- G.f |= G_SCRIPT_OVERRIDE_PREF; ++ G.f |= G_SCRIPT_OVERRIDE_PREF; /* Disables turning G_SCRIPT_AUTOEXEC on from user prefs */ + return 0; + } + |