-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 25 Apr 2008 22:50:31 +0200 Source: blender Binary: blender Architecture: source i386 Version: 2.45-5 Distribution: unstable Urgency: high Maintainer: Cyril Brulebois <kibi@debian.org> Changed-By: Cyril Brulebois <kibi@debian.org> Description: blender - Very fast and versatile 3D modeller/renderer Closes: 441216 463749 477761 477808 Changes: blender (2.45-5) unstable; urgency=high . * debian/control: - Adjust Maintainer and Uploaders according to last years' activity. - Update my mail address. Many thanks to Florian Ernst who sponsored all my uploads. * Switch from python2.4 to python2.5 (Closes: #477761): - Replace python2.4-dev with python2.5-dev in Build-Depends. - Refresh the following patch to set BF_PYTHON_VERSION accordingly: - 50_debian_build_config. * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr function allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.” Add upstream patch as pointed to by Tomas Hoger <thoger@redhat.com> (thanks!), which basically adds a check on sscanf() return code and limits the size of accepted %s parameters (Closes: #477808): - 30_fix_CVE-2008-1102. * Bump urgency to “high” accordingly. * Disable the “-Wdeclaration-after-statement” C_WARN flag (which is only valid for C/ObjC but not for C++) in config/linux2-config.py, by updating the following patch: - 50_debian_build_config. * Use DEB_HOST_ARCH to determine whether the host architecture is big-endian so as to pass an extra “-D__BIG_ENDIAN__” flag to the compiler, thus fixing the buggy endianness detection (upstream lists every platform, but misses at least hppa, mips, and s390). Thanks to Stefan Gartner for the tip (Closes: #441216). * Make scons understand what is wanted from it: - Pass “-g” and “-O” options through CFLAGS. - Pass “-D” options through CPPFLAGS. * Add patch to make blender able to use the compatibility layer that scons is setting up for its Option->Variable transition, initiated in scons 0.98.2-1 (deprecation will follow, but Blender should be updated upstream in the meanwhile), thanks to Mark Brown (see #477912): - 40_workaround_scons_options_deprecation. * Switch from ttf-bitstream-vera to ttf-dejavu (Closes: #463749), thanks to Sven Arvidsson: - debian/control: Update Depends. - debian/rules: Update symlink. Checksums-Sha1: 65c6c63b4fd52e5ba2ad94c3a5f9fc457bac1700 1349 blender_2.45-5.dsc 67d5edcae9bb8dfbd8cbf2fb552ce5d2af930c6a 27898 blender_2.45-5.diff.gz 08807fe398775c61f818b7827188275a06eb6c74 7356186 blender_2.45-5_i386.deb Checksums-Sha256: 6c80c78bdc506bd314648bed06b60d710b02050e46abb3b490e891a47e028886 1349 blender_2.45-5.dsc 1faf4f564eb1a61360e656b09cf9052f1b226295625e464a06ece4c60b169946 27898 blender_2.45-5.diff.gz f3f3cfb26b16064ae563274fe33bab427866b238b0d1fff784432dbf3d62ce94 7356186 blender_2.45-5_i386.deb Files: 11e9908bbf67c791fb493381719df55e 1349 graphics optional blender_2.45-5.dsc 36459ddf53b4c12da5a1c1ba5ef4a2cd 27898 graphics optional blender_2.45-5.diff.gz d8a27300fb559cdbf4c919ace56da31c 7356186 graphics optional blender_2.45-5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIEkx9eGfVPHR5Nd0RAj4xAJ0Q9iyO75e9FzEoRQtCKXSWe7A/7gCeJg6q RY21ywxXt36BtIY37k2xk0g= =w+MP -----END PGP SIGNATURE----- Accepted: blender_2.45-5.diff.gz to pool/main/b/blender/blender_2.45-5.diff.gz blender_2.45-5.dsc to pool/main/b/blender/blender_2.45-5.dsc blender_2.45-5_i386.deb to pool/main/b/blender/blender_2.45-5_i386.deb