- attached upstream patch
- similar to CVE-2006-4484, problem with GIF again #430100
This commit is contained in:
parent
4c32bd54c0
commit
9503cf8eb8
8
tk.spec
8
tk.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: The graphical toolkit for the Tcl scripting language
|
Summary: The graphical toolkit for the Tcl scripting language
|
||||||
Name: tk
|
Name: tk
|
||||||
Version: %{majorver}.0
|
Version: %{majorver}.0
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
License: TCL
|
License: TCL
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
@ -21,6 +21,7 @@ Obsoletes: tile <= 0.8.2
|
|||||||
Provides: tile = 0.8.2
|
Provides: tile = 0.8.2
|
||||||
Patch1: tk8.5-make.patch
|
Patch1: tk8.5-make.patch
|
||||||
Patch2: tk8.5-conf.patch
|
Patch2: tk8.5-conf.patch
|
||||||
|
Patch3: tk8.5-imgGif.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
When paired with the Tcl scripting language, Tk provides a fast and powerful
|
When paired with the Tcl scripting language, Tk provides a fast and powerful
|
||||||
@ -44,6 +45,7 @@ The package contains the development files and man pages for tk.
|
|||||||
|
|
||||||
%patch1 -p1 -b .make
|
%patch1 -p1 -b .make
|
||||||
%patch2 -p1 -b .conf
|
%patch2 -p1 -b .conf
|
||||||
|
%patch3 -p1 -b .imgGIF
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd unix
|
cd unix
|
||||||
@ -111,6 +113,10 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 25 2008 Marcela Maslanova <mmaslano@redhat.com> - 1:8.5.0-4
|
||||||
|
- attached upstream patch
|
||||||
|
- similar to CVE-2006-4484, problem with GIF again #430100
|
||||||
|
|
||||||
* Tue Jan 15 2008 Marcela Maslanova <mmaslano@redhat.com> - 1:8.5.0-3
|
* Tue Jan 15 2008 Marcela Maslanova <mmaslano@redhat.com> - 1:8.5.0-3
|
||||||
- wish8.5 is here again for back compatibility
|
- wish8.5 is here again for back compatibility
|
||||||
|
|
||||||
|
55
tk8.5-imgGif.patch
Normal file
55
tk8.5-imgGif.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
diff -up tk8.5.0/generic/tkImgGIF.c.old tk8.5.0/generic/tkImgGIF.c
|
||||||
|
--- tk8.5.0/generic/tkImgGIF.c.old 2008-01-28 08:40:19.000000000 +0100
|
||||||
|
+++ tk8.5.0/generic/tkImgGIF.c 2008-01-28 08:41:35.000000000 +0100
|
||||||
|
@@ -880,6 +880,12 @@ ReadImage(
|
||||||
|
Tcl_PosixError(interp), NULL);
|
||||||
|
return TCL_ERROR;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ if (initialCodeSize > MAX_LWZ_BITS) {
|
||||||
|
+ Tcl_SetResult(interp, "malformed image", TCL_STATIC);
|
||||||
|
+ return TCL_ERROR;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (transparent != -1) {
|
||||||
|
cmap[transparent][CM_RED] = 0;
|
||||||
|
cmap[transparent][CM_GREEN] = 0;
|
||||||
|
diff -up tk8.5.0/tests/imgPhoto.test.old tk8.5.0/tests/imgPhoto.test
|
||||||
|
--- tk8.5.0/tests/imgPhoto.test.old 2008-01-28 08:42:12.000000000 +0100
|
||||||
|
+++ tk8.5.0/tests/imgPhoto.test 2008-01-28 08:43:06.000000000 +0100
|
||||||
|
@@ -665,6 +665,35 @@ test imgPhoto-14.3 {GIF -index interleav
|
||||||
|
image delete $i
|
||||||
|
}
|
||||||
|
|
||||||
|
+test imgPhoto-14.4 {GIF buffer overflow} -setup {
|
||||||
|
+ set i [image create photo]
|
||||||
|
+} -body {
|
||||||
|
+ # This crashes Tk up to 8.4.17 and 8.5.0
|
||||||
|
+ $i configure -data {
|
||||||
|
+ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/
|
||||||
|
+ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||||
|
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||||
|
+ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm
|
||||||
|
+ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/
|
||||||
|
+ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
|
||||||
|
+ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM
|
||||||
|
+ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA
|
||||||
|
+ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ
|
||||||
|
+ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/
|
||||||
|
+ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm
|
||||||
|
+ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
|
||||||
|
+ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz
|
||||||
|
+ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ
|
||||||
|
+ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A
|
||||||
|
+ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m
|
||||||
|
+ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////
|
||||||
|
+ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD
|
||||||
|
+ CBMqXMiwYcKAADs=
|
||||||
|
+ }
|
||||||
|
+} -cleanup {
|
||||||
|
+ image delete $i
|
||||||
|
+} -returnCodes error -result {malformed image}
|
||||||
|
+
|
||||||
|
test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
|
||||||
|
{nonPortable} {
|
||||||
|
# This is not portable to very large machines with more around
|
Loading…
Reference in New Issue
Block a user