blender bundles minilzo, which is affected by the CVE-2014-4607 issue from the LZO library. Patched packages uploaded for Mageia 3 and Mageia 4. The package currently doesn't build in Cauldron and will be addressed later. Advisory: ======================== Updated blender package fixes security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). The blender package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607 http://advisories.mageia.org/MGASA-2014-0290.html ======================== Updated packages in core/updates_testing: ======================== blender-2.65a-5.1.mga3 blender-2.69-1.1.mga4 from SRPMS: blender-2.65a-5.1.mga3.src.rpm blender-2.69-1.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 13943Whiteboard: (none) => MGA3TOO
In VirtualBox, M3, KDE, 32-bit Package(s) under test: blender As much as I have used OpenShot I've never really used the Blender ( New Animated Title ) feature. Blender is installed along with OpenShot. [root@localhost wilcal]# urpmi blender Package blender-2.65a-5.mga3.i586 is already installed [root@localhost wilcal]# urpmi openshot Package openshot-1.4.3-2.mga3.noarch is already installed Test a simple animated title per: http://www.openshotvideo.com/2010/06/new-feature-3d-animated-titles.html OpenShot -> Title -> New Animated Title select any Template and a popup error window appears as follows: Blender, the free open source 3D content creation suite is required for this action (http://www.blender.org). Please check the preferences in OpenShot and be sure the Blender executable is correct. This setting should be the path of the 'blender' executable on your computer. Also, please be sure that it is pointing to Blender version 2.62 or greater. Blender Path: blender end error window. Kinda no matter what you do the error window appears. Executing "blender" from a terminal results in: [wilcal@localhost ~]$ blender libGL error: failed to load driver: vboxvideo libGL error: Try again with LIBGL_DEBUG=verbose for more details. /usr/bin/blender: line 9: 5075 Segmentation fault /usr/bin/blender.sse "$@" so maybe there's an error here? Anybody use the blender feature of OpenShot?
CC: (none) => wilcal.int
Bill I will try playing with Blender - at the crudest possible level. It is not easy to drive, but there is a lot of documentation for it on-line; & I have its manual (1,876 pages!). I do not see why OpenShot should be involved.
CC: (none) => lewyssmith
Openshot is not strictly relevant to this update. Openshot is able to make use of blender to create a 3D title sequence when editing video. As such it could be used to verify blender backend is working OK. It may be a better test to perform some basic tasks in blender itself to verify the frontend. One of each test would be better still. Up to you.
(In reply to claire robinson from comment #3) > Openshot is not strictly relevant to this update...... Blender is an incredibly complex application and used universally in lots of Video editing platforms. It's really not meant to be used as a standalone app. As I said in comment #1 even though I've used Openshot a lot I've never used the Blender feature. That's a 3D title creation feature. For some reason when Openshot attempts to use Blender it seg faults and that ain't good. What I'm probably gonna do is write a Bug against Cauldron on this. Should be fixed before M5 is released. FWIW the 3D title creation process in Openshot is quite easy to use, when it used to work.
Hi, I tested blender blender-2.69-1.1.mga4.x86_64.rpm and didn't find any regression
CC: (none) => lebarhonWhiteboard: MGA3TOO => MGA3TOO MGA4-64-OK
(In reply to André DESMOTTES from comment #5) > I tested blender blender-2.69-1.1.mga4.x86_64.rpm and didn't find any > regression Thank you André. Could you share with us how you tested blender. That so we can duplicate that on the other versions of Mageia. Thanks.
There are lots of beginners tutorials on youtube Bill which is a good place to start. Don't go into too much depth, just ensure it basically works ok and can save/load files etc.
First, I am not a skilled blender user M4 64 bits I downloaded some blender files (2) from Internet and opened them in Blender, but couldn't modify them because there was a lock I didn't find. Then I played for more than an hour with the boolean modifier, save the files and re-open them. M4 32 bits, in a virtual box. I am just stopping. I downloaded a blender file from Internet with no protection, I could modify it and save it. I also played with some volumes, saved the files and re-open them. that's all
Whiteboard: MGA3TOO MGA4-64-OK => MGA3TOO MGA4-64-OK MGA4-32-OK
Confirming Comment 9 for MGA4 x64 I started a simple model with the release Blender, saved it, update Blender from Updates Testing to: blender-2.69-1.1.mga4 then re-loaded it with the previous model. Fiddled a bit with that, then from Render -> Render Image menu, F3, saved the rendered model as JPEG, PNG, TIF image files - all involving compression. The 3 images displayed correctly & identically. So I second MGA4-64-OK .
Testing complete mga3 32, just basic use of blender on real hw.
Whiteboard: MGA3TOO MGA4-64-OK MGA4-32-OK => MGA3TOO has_procedure mga3-32-ok MGA4-64-OK MGA4-32-OK
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok MGA4-64-OK MGA4-32-OK => MGA3TOO has_procedure advisory mga3-32-ok MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0363.html
Status: NEW => RESOLVEDResolution: (none) => FIXED