rpms/perl-Tk/devel perl-Tk-gif.patch, NONE, 1.1 perl-Tk.spec, 1.12, 1.13
Andreas Bierfert (awjb)
fedora-extras-commits at redhat.com
Tue Feb 5 10:56:58 UTC 2008
Author: awjb
Update of /cvs/pkgs/rpms/perl-Tk/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23457/devel
Modified Files:
perl-Tk.spec
Added Files:
perl-Tk-gif.patch
Log Message:
- fix #431529 gif overflow in tk (see also #431518)
perl-Tk-gif.patch:
--- NEW FILE perl-Tk-gif.patch ---
--- pTk/mTk/generic/tkImgGIF.c.orig 2008-02-05 11:38:58.000000000 +0100
+++ pTk/mTk/generic/tkImgGIF.c 2008-02-05 11:42:46.000000000 +0100
@@ -831,6 +831,12 @@
Tcl_PosixError(interp), (char *) NULL);
return TCL_ERROR;
}
+
+ if (initialCodeSize > MAX_LWZ_BITS) {
+ Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+ return TCL_ERROR;
+ }
+
if (transparent != -1) {
cmap[transparent][CM_RED] = 0;
cmap[transparent][CM_GREEN] = 0;
Index: perl-Tk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl-Tk/devel/perl-Tk.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- perl-Tk.spec 4 Jan 2008 23:24:38 -0000 1.12
+++ perl-Tk.spec 5 Feb 2008 10:56:23 -0000 1.13
@@ -3,7 +3,7 @@
Name: perl-Tk
Version: 804.028
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Perl Graphical User Interface ToolKit
Group: Development/Libraries
@@ -15,6 +15,11 @@
Patch1: perl-Tk-debian.patch.gz
# fix segfaults as in #235666 because of broken cashing code
Patch2: perl-Tk-seg.patch
+
+# fix gif overflow in tk see CVE-2006-4484 and CVE-2007-6697 or #431518 and
+# #431529
+Patch100: perl-Tk-gif.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# Versions before this have Unicode issues
@@ -52,6 +57,7 @@
%patch1 -p1
# patch to fix #235666 ... seems like caching code is broken
%patch2
+%patch100
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor X11LIB=%{_libdir} XFT=1
@@ -96,6 +102,10 @@
%exclude %{perl_vendorarch}/Tk/reindex.pl
%changelog
+* Tue Feb 05 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 804.028-3
+- fix #431529 gif overflow in tk (see also #431518)
+
* Fri Jan 04 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 804.028-2
- add relevant parts of debian patch
More information about the fedora-extras-commits
mailing list