Non-maintainer commit: Fix CVE-2008-0553, bug 208464.

(Portage version: 2.2_rc33/cvs/Linux x86_64)

3 files changed, 61 insertions, 1 deletions

diff --git a/dev-perl/perl-tk/ChangeLog b/dev-perl/perl-tk/ChangeLog
index 2aa61d2def23..37ecd66a9856 100644
--- a/dev-perl/perl-tk/ChangeLog
+++ b/dev-perl/perl-tk/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-perl/perl-tk
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-perl/perl-tk/ChangeLog,v 1.51 2009/05/08 17:51:19 tove Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-perl/perl-tk/ChangeLog,v 1.52 2009/05/29 17:05:38 a3li Exp $
+
+*perl-tk-804.028-r2 (29 May 2009)
+
+  29 May 2009; Alex Legler <a3li@gentoo.org> +perl-tk-804.028-r2.ebuild,
+  +files/perl-tk-CVE-2008-0553.patch:
+  Non-maintainer commit: Revbump to fix the CVE-2008-0553 security issue,
+  bug 208464.
 
   08 May 2009; Torsten Veller <tove@gentoo.org> -perl-tk-804.027.ebuild,
   -perl-tk-804.028.ebuild:
diff --git a/dev-perl/perl-tk/files/perl-tk-CVE-2008-0553.patch b/dev-perl/perl-tk/files/perl-tk-CVE-2008-0553.patch
new file mode 100644
index 000000000000..e0436b803fec
--- /dev/null
+++ b/dev-perl/perl-tk/files/perl-tk-CVE-2008-0553.patch
@@ -0,0 +1,17 @@
+Patch for bug 208464 as backported by the Pardus people.
+
+--- pTk/mTk/generic/tkImgGIF.c.orig	2008-02-05 11:38:58.000000000 +0100
++++ pTk/mTk/generic/tkImgGIF.c	2008-02-05 11:42:46.000000000 +0100
+@@ -831,6 +831,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;
diff --git a/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild b/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild
new file mode 100644
index 000000000000..95adc41c5e26
--- /dev/null
+++ b/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild,v 1.1 2009/05/29 17:05:38 a3li Exp $
+
+MODULE_AUTHOR="SREZIC"
+MY_PN=Tk
+MY_P=${MY_PN}-${PV}
+inherit eutils multilib perl-module
+
+DESCRIPTION="A Perl Module for Tk"
+
+LICENSE="Artistic"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+DEPEND="x11-libs/libX11
+	x11-libs/libXft
+	media-libs/freetype
+	media-libs/libpng
+	media-libs/jpeg
+	dev-lang/perl"
+
+S=${WORKDIR}/${MY_P}
+
+# No test running here, requires an X server, and fails lots anyway.
+SRC_TEST="skip"
+
+PATCHES=( "${FILESDIR}"/xorg.patch
+	"${FILESDIR}"/${PV}-MouseWheel.patch
+	"${FILESDIR}"/${PV}-FBox.patch
+	"${FILESDIR}"/${PV}-path.patch
+	"${FILESDIR}"/${PN}-CVE-2008-0553.patch )
+
+myconf="X11ROOT=/usr XFT=1 -I/usr/include/ -l/usr/$(get_libdir)"
+mydoc="ToDo VERSIONS"