- fix #431529 gif overflow in tk (see also #431518)

perl-Tk-gif.patch

@@ -0,0 +1,15 @@
+--- pTk/mTk/generic/tkImgGIF.c.orig	2008-02-05 11:38:58.000000000 +0100
++++ pTk/mTk/generic/tkImgGIF.c	2008-02-05 11:42:46.000000000 +0100
+@@ -831,6 +831,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;

perl-Tk.spec

@@ -3,7 +3,7 @@
 
 Name:           perl-Tk
 Version:        804.028
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Perl Graphical User Interface ToolKit
 
 Group:          Development/Libraries
@@ -15,6 +15,11 @@ Patch0:         perl-Tk-widget.patch
 Patch1:         perl-Tk-debian.patch.gz
 # fix segfaults as in #235666 because of broken cashing code
 Patch2:         perl-Tk-seg.patch
+
+# fix gif overflow in tk see CVE-2006-4484 and CVE-2007-6697 or #431518 and
+# #431529
+Patch100:       perl-Tk-gif.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 # Versions before this have Unicode issues
@@ -52,6 +57,7 @@ chmod -x pod/Popup.pod Tixish/lib/Tk/balArrow.xbm
 %patch1 -p1
 # patch to fix #235666 ... seems like caching code is broken
 %patch2
+%patch100
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor X11LIB=%{_libdir} XFT=1
@@ -96,6 +102,10 @@ rm -rf $RPM_BUILD_ROOT
 %exclude %{perl_vendorarch}/Tk/reindex.pl
 
 %changelog
+* Tue Feb 05 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 804.028-3
+- fix #431529 gif overflow in tk (see also #431518)
+
 * Fri Jan 04 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 - 804.028-2
 - add relevant parts of debian patch