1 |
matsuu 08/02/04 16:28:04 |
2 |
|
3 |
Added: tk-CVE-2006-4484.patch |
4 |
Log: |
5 |
Version bump and fixed CVE-2006-4484, bug #208464. |
6 |
(Portage version: 2.1.3.19) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 dev-lang/tk/files/tk-CVE-2006-4484.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/tk/files/tk-CVE-2006-4484.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/tk/files/tk-CVE-2006-4484.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: tk-CVE-2006-4484.patch |
15 |
=================================================================== |
16 |
Index: generic/tkImgGIF.c |
17 |
=================================================================== |
18 |
RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v |
19 |
retrieving revision 1.24.2.5 |
20 |
diff -u -r1.24.2.5 tkImgGIF.c |
21 |
--- generic/tkImgGIF.c 11 Sep 2007 18:01:45 -0000 1.24.2.5 |
22 |
+++ generic/tkImgGIF.c 25 Jan 2008 19:23:01 -0000 |
23 |
@@ -826,6 +826,12 @@ |
24 |
Tcl_PosixError(interp), (char *) NULL); |
25 |
return TCL_ERROR; |
26 |
} |
27 |
+ |
28 |
+ if (initialCodeSize > MAX_LWZ_BITS) { |
29 |
+ Tcl_SetResult(interp, "malformed image", TCL_STATIC); |
30 |
+ return TCL_ERROR; |
31 |
+ } |
32 |
+ |
33 |
if (transparent != -1) { |
34 |
cmap[transparent][CM_RED] = 0; |
35 |
cmap[transparent][CM_GREEN] = 0; |
36 |
Index: tests/imgPhoto.test |
37 |
=================================================================== |
38 |
RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v |
39 |
retrieving revision 1.15.2.5 |
40 |
diff -u -r1.15.2.5 imgPhoto.test |
41 |
--- tests/imgPhoto.test 11 Sep 2007 18:01:46 -0000 1.15.2.5 |
42 |
+++ tests/imgPhoto.test 25 Jan 2008 19:23:01 -0000 |
43 |
@@ -681,6 +681,35 @@ |
44 |
image delete $i |
45 |
} |
46 |
|
47 |
+test imgPhoto-14.4 {GIF buffer overflow} -setup { |
48 |
+ set i [image create photo] |
49 |
+} -body { |
50 |
+ # This crashes Tk up to 8.4.17 and 8.5.0 |
51 |
+ $i configure -data { |
52 |
+ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/ |
53 |
+ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
54 |
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
55 |
+ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm |
56 |
+ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/ |
57 |
+ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz |
58 |
+ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM |
59 |
+ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA |
60 |
+ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ |
61 |
+ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/ |
62 |
+ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm |
63 |
+ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM |
64 |
+ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz |
65 |
+ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ |
66 |
+ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A |
67 |
+ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m |
68 |
+ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M//// |
69 |
+ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD |
70 |
+ CBMqXMiwYcKAADs= |
71 |
+ } |
72 |
+} -cleanup { |
73 |
+ image delete $i |
74 |
+} -returnCodes error -result {malformed image} |
75 |
+ |
76 |
test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ |
77 |
{nonPortable} { |
78 |
# This is not portable to very large machines with more around |
79 |
|
80 |
|
81 |
|
82 |
-- |
83 |
gentoo-commits@l.g.o mailing list |