rpms/tk/F-7 tk8.5-imgGif.patch,NONE,1.1 tk.spec,1.40,1.41

Mon Jan 28 09:03:43 UTC 2008

Author: mmaslano

Update of /cvs/pkgs/rpms/tk/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8656

Modified Files:
	tk.spec 
Added Files:
	tk8.5-imgGif.patch 
Log Message:
- attached upstream patch
- similar to CVE-2006-4484, problem with GIF again #430100



tk8.5-imgGif.patch:

--- NEW FILE tk8.5-imgGif.patch ---
diff -up tk8.5.0/generic/tkImgGIF.c.old tk8.5.0/generic/tkImgGIF.c
--- tk8.5.0/generic/tkImgGIF.c.old	2008-01-28 08:40:19.000000000 +0100
+++ tk8.5.0/generic/tkImgGIF.c	2008-01-28 08:41:35.000000000 +0100
@@ -880,6 +880,12 @@ ReadImage(
 		Tcl_PosixError(interp), NULL);
 	return TCL_ERROR;
     }
+
+	if (initialCodeSize > MAX_LWZ_BITS) {
+		Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+		return TCL_ERROR;
+	}
+
     if (transparent != -1) {
 	cmap[transparent][CM_RED] = 0;
 	cmap[transparent][CM_GREEN] = 0;
diff -up tk8.5.0/tests/imgPhoto.test.old tk8.5.0/tests/imgPhoto.test
--- tk8.5.0/tests/imgPhoto.test.old	2008-01-28 08:42:12.000000000 +0100
+++ tk8.5.0/tests/imgPhoto.test	2008-01-28 08:43:06.000000000 +0100
@@ -665,6 +665,35 @@ test imgPhoto-14.3 {GIF -index interleav
     image delete $i
 }
 
+test imgPhoto-14.4 {GIF buffer overflow} -setup {
+    set i [image create photo]
+} -body {
+    # This crashes Tk up to 8.4.17 and 8.5.0
+    $i configure -data {
+	R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/
+	AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+	AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm
+	mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/
+	AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
+	mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM
+	ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA
+	mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ
+	AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/
+	mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm
+	AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
+	mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz
+	AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ
+	mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A
+	AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m
+	mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////
+	AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD
+	CBMqXMiwYcKAADs=
+    } 
+} -cleanup {
+    image delete $i
+} -returnCodes error -result {malformed image}
+
 test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
 	{nonPortable} {
     # This is not portable to very large machines with more around


Index: tk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tk/F-7/tk.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- tk.spec	15 Oct 2007 14:31:08 -0000	1.40
+++ tk.spec	28 Jan 2008 09:03:06 -0000	1.41
@@ -3,7 +3,7 @@
 Summary: The graphical toolkit for the Tcl scripting language
 Name: tk
 Version: %{majorver}.13
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch:   1
 License: BSD
 Group: Development/Languages
@@ -23,6 +23,7 @@
 Patch4: tk-8.4.13-autoconf.patch
 Patch5: tk-8.4.13-cflags.patch
 Patch6: tk-gifoverflow.patch
+Patch7: tk8.5-imgGif.patch
 
 %description
 When paired with the Tcl scripting language, Tk provides a fast and powerful
@@ -51,6 +52,7 @@
 %patch4 -p1 -b .4-ac213
 %patch5 -p1 -b .5-cflags
 %patch6 -p1 -b .6-gif
+%patch7 -p1 -b .7-imgGIF
 
 # patch1 touches tcl.m4
 %build
@@ -119,6 +121,10 @@
 %{_mandir}/man3/*
 
 %changelog
+* Mon Jan 28 2008 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.13-7
+- attached upstream patch
+- similar to CVE-2006-4484, problem with GIF again #430100
+
 * Mon Oct 15 2007 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.13-6
 - CVE-2007-5137 gif buffer overflow
 


