rpms/perl-Tk/EL-5 perl-Tk-gif.patch,NONE,1.1 perl-Tk.spec,1.8,1.9

Tue Feb 5 10:56:57 UTC 2008

Author: awjb

Update of /cvs/pkgs/rpms/perl-Tk/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23457/EL-5

Modified Files:
	perl-Tk.spec 
Added Files:
	perl-Tk-gif.patch 
Log Message:
- fix #431529 gif overflow in tk (see also #431518)


perl-Tk-gif.patch:

--- NEW FILE perl-Tk-gif.patch ---
--- pTk/mTk/generic/tkImgGIF.c.orig	2008-02-05 11:38:58.000000000 +0100
+++ pTk/mTk/generic/tkImgGIF.c	2008-02-05 11:42:46.000000000 +0100
@@ -831,6 +831,12 @@
 		Tcl_PosixError(interp), (char *) NULL);
 	return TCL_ERROR;
     }
+
+    if (initialCodeSize > MAX_LWZ_BITS) {
+	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+	return TCL_ERROR;
+    }
+
     if (transparent != -1) {
 	cmap[transparent][CM_RED] = 0;
 	cmap[transparent][CM_GREEN] = 0;


Index: perl-Tk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl-Tk/EL-5/perl-Tk.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- perl-Tk.spec	2 Jan 2008 13:04:24 -0000	1.8
+++ perl-Tk.spec	5 Feb 2008 10:55:52 -0000	1.9
@@ -3,7 +3,7 @@
 
 Name:           perl-Tk
 Version:        804.028
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Perl Graphical User Interface ToolKit
 
 Group:          Development/Libraries
@@ -11,6 +11,10 @@
 URL:            http://search.cpan.org/dist/Tk/
 Source0:        http://cpan.org/modules/by-module/Tk/Tk-804.028.tar.gz
 Patch0:         perl-Tk-widget.patch
+# fix gif overflow in tk see CVE-2006-4484 and CVE-2007-6697 or #431518 and
+# #431529
+Patch100:       perl-Tk-gif.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 # Versions before this have Unicode issues
@@ -45,6 +49,8 @@
 's,\@demopath\@,%{_datadir}/doc/%{name}-%{version}/demos,g' \
 %{_builddir}/Tk-%{version}/demos/widget
 
+%patch100
+
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor X11LIB=/usr/X11R6/%{_lib} XFT=1
 find . -name Makefile | xargs %{__perl} -pi -e 's/^\tLD_RUN_PATH=[^\s]+\s*/\t/'
@@ -85,6 +91,10 @@
 %exclude %{perl_vendorarch}/Tk/reindex.pl
 
 %changelog
+* Tue Feb 05 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 804.028-2
+- fix #431529 gif overflow in tk (see also #431518)
+
 * Wed Jan 02 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 - 804.028-1
 - version upgrade


