diff --git a/tk.spec b/tk.spec index 0829c90..b669ecd 100644 --- a/tk.spec +++ b/tk.spec @@ -3,7 +3,7 @@ Summary: The graphical toolkit for the Tcl scripting language Name: tk Version: %{majorver}.0 -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 1 License: TCL Group: Development/Languages @@ -21,6 +21,7 @@ Obsoletes: tile <= 0.8.2 Provides: tile = 0.8.2 Patch1: tk8.5-make.patch Patch2: tk8.5-conf.patch +Patch3: tk8.5-imgGif.patch %description When paired with the Tcl scripting language, Tk provides a fast and powerful @@ -44,6 +45,7 @@ The package contains the development files and man pages for tk. %patch1 -p1 -b .make %patch2 -p1 -b .conf +%patch3 -p1 -b .imgGIF %build cd unix @@ -111,6 +113,10 @@ rm -rf %{buildroot} %{_mandir}/man3/* %changelog +* Fri Jan 25 2008 Marcela Maslanova - 1:8.5.0-4 +- attached upstream patch +- similar to CVE-2006-4484, problem with GIF again #430100 + * Tue Jan 15 2008 Marcela Maslanova - 1:8.5.0-3 - wish8.5 is here again for back compatibility diff --git a/tk8.5-imgGif.patch b/tk8.5-imgGif.patch new file mode 100644 index 0000000..f64daee --- /dev/null +++ b/tk8.5-imgGif.patch @@ -0,0 +1,55 @@ +diff -up tk8.5.0/generic/tkImgGIF.c.old tk8.5.0/generic/tkImgGIF.c +--- tk8.5.0/generic/tkImgGIF.c.old 2008-01-28 08:40:19.000000000 +0100 ++++ tk8.5.0/generic/tkImgGIF.c 2008-01-28 08:41:35.000000000 +0100 +@@ -880,6 +880,12 @@ ReadImage( + Tcl_PosixError(interp), NULL); + return TCL_ERROR; + } ++ ++ if (initialCodeSize > MAX_LWZ_BITS) { ++ Tcl_SetResult(interp, "malformed image", TCL_STATIC); ++ return TCL_ERROR; ++ } ++ + if (transparent != -1) { + cmap[transparent][CM_RED] = 0; + cmap[transparent][CM_GREEN] = 0; +diff -up tk8.5.0/tests/imgPhoto.test.old tk8.5.0/tests/imgPhoto.test +--- tk8.5.0/tests/imgPhoto.test.old 2008-01-28 08:42:12.000000000 +0100 ++++ tk8.5.0/tests/imgPhoto.test 2008-01-28 08:43:06.000000000 +0100 +@@ -665,6 +665,35 @@ test imgPhoto-14.3 {GIF -index interleav + image delete $i + } + ++test imgPhoto-14.4 {GIF buffer overflow} -setup { ++ set i [image create photo] ++} -body { ++ # This crashes Tk up to 8.4.17 and 8.5.0 ++ $i configure -data { ++ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/ ++ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm ++ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/ ++ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz ++ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM ++ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA ++ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ ++ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/ ++ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm ++ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM ++ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz ++ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ ++ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A ++ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m ++ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M//// ++ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD ++ CBMqXMiwYcKAADs= ++ } ++} -cleanup { ++ image delete $i ++} -returnCodes error -result {malformed image} ++ + test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ + {nonPortable} { + # This is not portable to very large machines with more around