rpms/perl-Tk/devel perl-Tk-gif.patch, NONE, 1.1 perl-Tk.spec, 1.12, 1.13

Andreas Bierfert (awjb) fedora-extras-commits at redhat.com
Tue Feb 5 10:56:58 UTC 2008 

Author: awjb

Update of /cvs/pkgs/rpms/perl-Tk/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23457/devel

Modified Files:
	perl-Tk.spec 
Added Files:
	perl-Tk-gif.patch 
Log Message:
- fix #431529 gif overflow in tk (see also #431518)


perl-Tk-gif.patch:

--- NEW FILE perl-Tk-gif.patch ---
--- pTk/mTk/generic/tkImgGIF.c.orig	2008-02-05 11:38:58.000000000 +0100
+++ pTk/mTk/generic/tkImgGIF.c	2008-02-05 11:42:46.000000000 +0100
@@ -831,6 +831,12 @@
 		Tcl_PosixError(interp), (char *) NULL);
 	return TCL_ERROR;
     }
+
+    if (initialCodeSize > MAX_LWZ_BITS) {
+	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+	return TCL_ERROR;
+    }
+
     if (transparent != -1) {
 	cmap[transparent][CM_RED] = 0;
 	cmap[transparent][CM_GREEN] = 0;


Index: perl-Tk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl-Tk/devel/perl-Tk.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- perl-Tk.spec	4 Jan 2008 23:24:38 -0000	1.12
+++ perl-Tk.spec	5 Feb 2008 10:56:23 -0000	1.13
@@ -3,7 +3,7 @@
 
 Name:           perl-Tk
 Version:        804.028
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Perl Graphical User Interface ToolKit
 
 Group:          Development/Libraries
@@ -15,6 +15,11 @@
 Patch1:         perl-Tk-debian.patch.gz
 # fix segfaults as in #235666 because of broken cashing code
 Patch2:         perl-Tk-seg.patch
+
+# fix gif overflow in tk see CVE-2006-4484 and CVE-2007-6697 or #431518 and
+# #431529
+Patch100:       perl-Tk-gif.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 # Versions before this have Unicode issues
@@ -52,6 +57,7 @@
 %patch1 -p1
 # patch to fix #235666 ... seems like caching code is broken
 %patch2
+%patch100
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor X11LIB=%{_libdir} XFT=1
@@ -96,6 +102,10 @@
 %exclude %{perl_vendorarch}/Tk/reindex.pl
 
 %changelog
+* Tue Feb 05 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 804.028-3
+- fix #431529 gif overflow in tk (see also #431518)
+
 * Fri Jan 04 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 - 804.028-2
 - add relevant parts of debian patch

More information about the fedora-extras-commits mailing list