rpms/tk/F-8 tk8.5-imgGif.patch,NONE,1.1 tk.spec,1.45,1.46
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Mon Jan 28 08:59:21 UTC 2008
Author: mmaslano
Update of /cvs/pkgs/rpms/tk/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1302
Modified Files:
tk.spec
Added Files:
tk8.5-imgGif.patch
Log Message:
- attached upstream patch
- similar to CVE-2006-4484, problem with GIF again #430100
tk8.5-imgGif.patch:
--- NEW FILE tk8.5-imgGif.patch ---
diff -up tk8.5.0/generic/tkImgGIF.c.old tk8.5.0/generic/tkImgGIF.c
--- tk8.5.0/generic/tkImgGIF.c.old 2008-01-28 08:40:19.000000000 +0100
+++ tk8.5.0/generic/tkImgGIF.c 2008-01-28 08:41:35.000000000 +0100
@@ -880,6 +880,12 @@ ReadImage(
Tcl_PosixError(interp), NULL);
return TCL_ERROR;
}
+
+ if (initialCodeSize > MAX_LWZ_BITS) {
+ Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+ return TCL_ERROR;
+ }
+
if (transparent != -1) {
cmap[transparent][CM_RED] = 0;
cmap[transparent][CM_GREEN] = 0;
diff -up tk8.5.0/tests/imgPhoto.test.old tk8.5.0/tests/imgPhoto.test
--- tk8.5.0/tests/imgPhoto.test.old 2008-01-28 08:42:12.000000000 +0100
+++ tk8.5.0/tests/imgPhoto.test 2008-01-28 08:43:06.000000000 +0100
@@ -665,6 +665,35 @@ test imgPhoto-14.3 {GIF -index interleav
image delete $i
}
+test imgPhoto-14.4 {GIF buffer overflow} -setup {
+ set i [image create photo]
+} -body {
+ # This crashes Tk up to 8.4.17 and 8.5.0
+ $i configure -data {
+ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/
+ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm
+ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/
+ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
+ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM
+ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA
+ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ
+ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/
+ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm
+ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
+ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz
+ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ
+ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A
+ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m
+ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////
+ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD
+ CBMqXMiwYcKAADs=
+ }
+} -cleanup {
+ image delete $i
+} -returnCodes error -result {malformed image}
+
test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
{nonPortable} {
# This is not portable to very large machines with more around
Index: tk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tk/F-8/tk.spec,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- tk.spec 23 Jan 2008 15:39:39 -0000 1.45
+++ tk.spec 28 Jan 2008 08:58:26 -0000 1.46
@@ -3,7 +3,7 @@
Summary: The graphical toolkit for the Tcl scripting language
Name: tk
Version: %{majorver}.17
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
License: TCL
Group: Development/Languages
@@ -18,6 +18,7 @@
# panedwindow.n from itcl conflicts
Conflicts: itcl <= 3.2
Patch1: tk-confi.patch
+Patch2: tk8.5-imgGif.patch
%description
When paired with the Tcl scripting language, Tk provides a fast and powerful
@@ -40,6 +41,7 @@
%setup -n %{name}%{version} -q
%patch1 -p1 -b .confi
+%patch2 -p1 -b .GIF
%build
cd unix
@@ -107,6 +109,10 @@
%{_mandir}/man3/*
%changelog
+* Mon Jan 28 2008 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.17-2
+- attached upstream patch
+- similar to CVE-2006-4484, problem with GIF again #430100
+
* Wed Jan 23 2008 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.17-1
- update 8.4.17
More information about the fedora-extras-commits
mailing list