Non-maintainer commit: Fix CVE-2008-0553, bug 208464.

Package-Manager: portage-2.2_rc33/cvs/Linux x86_64

4 files changed, 67 insertions, 5 deletions

diff --git a/dev-perl/perl-tk/ChangeLog b/dev-perl/perl-tk/ChangeLog
index 2aa61d2def23..37ecd66a9856 100644
--- a/dev-perl/perl-tk/ChangeLog
+++ b/dev-perl/perl-tk/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-perl/perl-tk
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-perl/perl-tk/ChangeLog,v 1.51 2009/05/08 17:51:19 tove Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-perl/perl-tk/ChangeLog,v 1.52 2009/05/29 17:05:38 a3li Exp $
+
+*perl-tk-804.028-r2 (29 May 2009)
+
+  29 May 2009; Alex Legler <a3li@gentoo.org> +perl-tk-804.028-r2.ebuild,
+  +files/perl-tk-CVE-2008-0553.patch:
+  Non-maintainer commit: Revbump to fix the CVE-2008-0553 security issue,
+  bug 208464.
 
   08 May 2009; Torsten Veller <tove@gentoo.org> -perl-tk-804.027.ebuild,
   -perl-tk-804.028.ebuild:
diff --git a/dev-perl/perl-tk/Manifest b/dev-perl/perl-tk/Manifest
index b36322fe4dce..3b205cfdce9f 100644
--- a/dev-perl/perl-tk/Manifest
+++ b/dev-perl/perl-tk/Manifest
@@ -5,15 +5,17 @@ AUX 804.028-FBox.patch 383 RMD160 0c3ee7967941cb2172b143e62c02b132b33d33f5 SHA1
 AUX 804.028-MouseWheel.patch 835 RMD160 27c038c282bb5ae78b3e7bc3bc1421522f6f0568 SHA1 4a8ba6e172503105fa0590cbbf0797397a814699 SHA256 3e49281367611c0c8dd28c15d1eefdb442b367dd60076992fcdeec90a64723e4
 AUX 804.028-path.patch 555 RMD160 d9950e90749c3e4ac4505b16f1652b6e29cde5fd SHA1 2366dfff98aa1e2cb80f504ba8962e695c1d462e SHA256 3b5466b95f1549886e25071d4609bba9bc8a2956a920cf727467c13614ee2563
 AUX perl-tk-800.025-dirtarget.patch 518 RMD160 9472df0831571e8780090f368db7909ce5acf266 SHA1 9919708789aaa07f8e2486ae0174920c416ef33d SHA256 c18167f7c4cd31746dc3b3c36bcf50032526b49576a25e25603c6e2404f75226
+AUX perl-tk-CVE-2008-0553.patch 516 RMD160 13b8cb1915b579b7283e5225bde8e7bf6cfd4734 SHA1 70d43c5f0a9e766d3481793f4ab7d83db21cbce7 SHA256 8fe14ac6bebf169d8c439ae64f44b928a4e4f6c366f599a69e9ac1d15df8e126
 AUX xorg.patch 1893 RMD160 17d6a59108c5ab150b5d71f9c3d147062c58d13a SHA1 487e0b4bf9e47e0de8e7a4bf4a3b1aaa88b37000 SHA256 f20d6f8c78b10f05cf02c02396cd699ddc66cd48de584eef6dc0b010894fea07
 DIST Tk-804.028.tar.gz 6927637 RMD160 8db5d3376f2374429ef71c38ddd268a73bac437e SHA1 075c751f1388741aa313e002578d2e802668f2e8 SHA256 4c387eb285b2b0581cdf762c7145ebaec6ba57f67d830e92ac26ea8dbecf6c77
 EBUILD perl-tk-804.028-r1.ebuild 914 RMD160 4a659f747559bee743148081913a8382dfad13b8 SHA1 73964877b2a0d68bb86ea9cd3afa2dbcfcb88118 SHA256 cf6ea6cfb87df92bfebc2eb97fcf5e160403f1634a91ec16219f62eba6c064da
-MISC ChangeLog 5991 RMD160 3cd58ec3e0cef612531d61e586da1f004d5592fa SHA1 ee766345452c5b1127099cfd4a2be116389fa0c6 SHA256 e37958d1a848ed4686766d89053d46a47f7461c08465f1f89c78ccbe64ae2879
+EBUILD perl-tk-804.028-r2.ebuild 962 RMD160 7edde875b2eb71e3647a674f2419eedacfc89098 SHA1 e285a46bbca64356b4a8a6f308698bedf22eaa2f SHA256 4be8958334f20a6b404ba67eb573ee3b992091faf85b9f30a312ab0b977bc2a5
+MISC ChangeLog 6226 RMD160 e7c117f027c427075cbab989c19cb0977789da52 SHA1 b00d4f6ac1f85f6a7050cf2b84187e454e47b504 SHA256 93273f2659ca0d15aa4346ce5424ddff24b30862d64a960ff737efc9dfb81c27
 MISC metadata.xml 305 RMD160 647980838c590f54441a053916ea629e53e551c0 SHA1 99ef1deeae9a934fb6e46cf5fc4a5fcb8379a74a SHA256 f05dbef15061919972882cab07057e102760a542beba17d131194091401cd7ca
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (GNU/Linux)
 
-iEYEARECAAYFAkoEcR0ACgkQV3J2n04Eauxy8gCgo5uO0toLUKQxfQa/iJaJ0nuB
-EQcAoNWxz2abr2eCWKUepPuAdrMjpJN2
-=yx6I
+iEYEARECAAYFAkogFewACgkQKWm7/hYzZY81SwCeOYfC1QRmRcevD/zrtIWXJdvN
+9ZsAniwfrFBULvTgM5tYW66a5yDTt1ZN
+=ghHx
 -----END PGP SIGNATURE-----
diff --git a/dev-perl/perl-tk/files/perl-tk-CVE-2008-0553.patch b/dev-perl/perl-tk/files/perl-tk-CVE-2008-0553.patch
new file mode 100644
index 000000000000..e0436b803fec
--- /dev/null
+++ b/dev-perl/perl-tk/files/perl-tk-CVE-2008-0553.patch
@@ -0,0 +1,17 @@
+Patch for bug 208464 as backported by the Pardus people.
+
+--- pTk/mTk/generic/tkImgGIF.c.orig	2008-02-05 11:38:58.000000000 +0100
++++ pTk/mTk/generic/tkImgGIF.c	2008-02-05 11:42:46.000000000 +0100
+@@ -831,6 +831,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;
diff --git a/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild b/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild
new file mode 100644
index 000000000000..95adc41c5e26
--- /dev/null
+++ b/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-perl/perl-tk/perl-tk-804.028-r2.ebuild,v 1.1 2009/05/29 17:05:38 a3li Exp $
+
+MODULE_AUTHOR="SREZIC"
+MY_PN=Tk
+MY_P=${MY_PN}-${PV}
+inherit eutils multilib perl-module
+
+DESCRIPTION="A Perl Module for Tk"
+
+LICENSE="Artistic"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+DEPEND="x11-libs/libX11
+	x11-libs/libXft
+	media-libs/freetype
+	media-libs/libpng
+	media-libs/jpeg
+	dev-lang/perl"
+
+S=${WORKDIR}/${MY_P}
+
+# No test running here, requires an X server, and fails lots anyway.
+SRC_TEST="skip"
+
+PATCHES=( "${FILESDIR}"/xorg.patch
+	"${FILESDIR}"/${PV}-MouseWheel.patch
+	"${FILESDIR}"/${PV}-FBox.patch
+	"${FILESDIR}"/${PV}-path.patch
+	"${FILESDIR}"/${PN}-CVE-2008-0553.patch )
+
+myconf="X11ROOT=/usr XFT=1 -I/usr/include/ -l/usr/$(get_libdir)"
+mydoc="ToDo VERSIONS"