Version bump and fixed CVE-2006-4484, bug #208464.

(Portage version: 2.1.3.19)
author: Matsuu Takuto <matsuu@gentoo.org> 2008-02-04 16:28:03 +0000
committer: Matsuu Takuto <matsuu@gentoo.org> 2008-02-04 16:28:03 +0000
commit: 2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa (patch)
tree: b12e3ba27f30724234aeda62646a913f9961d475 /dev-lang/tk
parent: Version bumped. (diff)
download: gentoo-2-2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa.tar.gz
gentoo-2-2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa.tar.bz2
gentoo-2-2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa.zip
5 files changed, 114 insertions, 15 deletions
diff --git a/dev-lang/tk/ChangeLog b/dev-lang/tk/ChangeLog
index ad60a8f93ac5..db892e9dcdad 100644
--- a/dev-lang/tk/ChangeLog
+++ b/dev-lang/tk/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for dev-lang/tk
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/ChangeLog,v 1.101 2007/12/30 03:35:09 matsuu Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/ChangeLog,v 1.102 2008/02/04 16:28:02 matsuu Exp $
+
+*tk-8.5.0-r2 (04 Feb 2008)
+*tk-8.4.17 (04 Feb 2008)
+*tk-8.4.15-r2 (04 Feb 2008)
+
+  04 Feb 2008; MATSUU Takuto <matsuu@gentoo.org>
+  +files/tk-CVE-2006-4484.patch, +tk-8.4.15-r2.ebuild, -tk-8.4.16.ebuild,
+  +tk-8.4.17.ebuild, -tk-8.5.0.ebuild, -tk-8.5.0-r1.ebuild,
+  +tk-8.5.0-r2.ebuild:
+  Version bumped.
+  Fixed CVE-2006-4484, bug #208464.
 
 *tk-8.5.0-r1 (30 Dec 2007)
 
diff --git a/dev-lang/tk/files/tk-CVE-2006-4484.patch b/dev-lang/tk/files/tk-CVE-2006-4484.patch
new file mode 100644
index 000000000000..e8a81f384f28
--- /dev/null
+++ b/dev-lang/tk/files/tk-CVE-2006-4484.patch
@@ -0,0 +1,63 @@
+Index: generic/tkImgGIF.c
+===================================================================
+RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v
+retrieving revision 1.24.2.5
+diff -u -r1.24.2.5 tkImgGIF.c
+--- generic/tkImgGIF.c	11 Sep 2007 18:01:45 -0000	1.24.2.5
++++ generic/tkImgGIF.c	25 Jan 2008 19:23:01 -0000
+@@ -826,6 +826,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;
+Index: tests/imgPhoto.test
+===================================================================
+RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v
+retrieving revision 1.15.2.5
+diff -u -r1.15.2.5 imgPhoto.test
+--- tests/imgPhoto.test	11 Sep 2007 18:01:46 -0000	1.15.2.5
++++ tests/imgPhoto.test	25 Jan 2008 19:23:01 -0000
+@@ -681,6 +681,35 @@
+     image delete $i
+ }
+ 
++test imgPhoto-14.4 {GIF buffer overflow} -setup {
++    set i [image create photo]
++} -body {
++    # This crashes Tk up to 8.4.17 and 8.5.0
++    $i configure -data {
++	R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/
++	AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++	AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm
++	mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/
++	AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
++	mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM
++	ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA
++	mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ
++	AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/
++	mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm
++	AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
++	mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz
++	AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ
++	mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A
++	AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m
++	mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////
++	AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD
++	CBMqXMiwYcKAADs=
++    } 
++} -cleanup {
++    image delete $i
++} -returnCodes error -result {malformed image}
++
+ test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
+ 	{nonPortable} {
+     # This is not portable to very large machines with more around
diff --git a/dev-lang/tk/tk-8.5.0.ebuild b/dev-lang/tk/tk-8.4.15-r2.ebuild
index 0cbf6edd2932..7daa07327f1f 100644
--- a/dev-lang/tk/tk-8.5.0.ebuild
+++ b/dev-lang/tk/tk-8.4.15-r2.ebuild
@@ -1,16 +1,15 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/tk-8.5.0.ebuild,v 1.1 2007/12/22 03:58:06 matsuu Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/tk-8.4.15-r2.ebuild,v 1.1 2008/02/04 16:28:02 matsuu Exp $
 
 WANT_AUTOCONF=latest
 WANT_AUTOMAKE=latest
 
 inherit autotools eutils multilib toolchain-funcs
 
-MY_P="${PN}${PV/_beta/b}"
 DESCRIPTION="Tk Widget Set"
-HOMEPAGE="http://www.tcl.tk/"
-SRC_URI="mirror://sourceforge/tcl/${MY_P}-src.tar.gz"
+HOMEPAGE="http://dev.scriptics.com/software/tcltk/"
+SRC_URI="mirror://sourceforge/tcl/${PN}${PV}-src.tar.gz"
 
 LICENSE="BSD"
 SLOT="0"
@@ -23,7 +22,7 @@ DEPEND="${RDEPEND}
 	x11-libs/libXt
 	x11-proto/xproto"
 
-S="${WORKDIR}/${MY_P}"
+S=${WORKDIR}/${PN}${PV}
 
 pkg_setup() {
 	if use threads ; then
@@ -41,10 +40,25 @@ pkg_setup() {
 src_unpack() {
 	unpack ${A}
 	cd "${S}"
+	epatch "${FILESDIR}"/remove-control-v-8.4.9.diff
+	epatch "${FILESDIR}"/${PN}-8.4.9-man.patch
 	epatch "${FILESDIR}"/${PN}-8.4.11-multilib.patch
 
 	# Bug 125971
-	epatch "${FILESDIR}"/${PN}-8.5_alpha6-tclm4-soname.patch
+	epatch "${FILESDIR}"/${P}-tclm4-soname.patch
+
+	# Bug 192539
+	epatch "${FILESDIR}"/${PN}-CVE-2007-4851.patch
+
+	# Bug 208464
+	epatch "${FILESDIR}"/${PN}-CVE-2006-4484.patch
+
+	local d
+	for d in */configure ; do
+		cd "${S}"/${d%%/*}
+		EPATCH_SINGLE_MSG="Patching nls cruft in ${d}" \
+		epatch "${FILESDIR}"/tk-configure-LANG.patch
+	done
 
 	cd "${S}"/unix
 	eautoreconf
@@ -70,7 +84,7 @@ src_install() {
 	v1=${PV%.*}
 
 	cd "${S}"/unix
-	S= emake DESTDIR="${D}" install || die
+	make DESTDIR="${D}" install || die
 
 	# fix the tkConfig.sh to eliminate refs to the build directory
 	local mylibdir=$(get_libdir) ; mylibdir=${mylibdir//\/}
@@ -94,11 +108,16 @@ src_install() {
 
 	# install symlink for libraries
 	#dosym libtk${v1}.a /usr/${mylibdir}/libtk.a
+	if use debug ; then
+		dosym libtk${v1}g.so /usr/${mylibdir}/libtk${v1}.so
+		dosym libtkstub${v1}g.a /usr/${mylibdir}/libtkstub${v1}.a
+		dosym ../tk${v1}g/pkgIndex.tcl /usr/${mylibdir}/tk${v1}/pkgIndex.tcl
+	fi
 	dosym libtk${v1}.so /usr/${mylibdir}/libtk.so
 	dosym libtkstub${v1}.a /usr/${mylibdir}/libtkstub.a
 
 	dosym wish${v1} /usr/bin/wish
 
 	cd "${S}"
-	dodoc ChangeLog* README changes
+	dodoc ChangeLog README changes license.terms
 }
diff --git a/dev-lang/tk/tk-8.4.16.ebuild b/dev-lang/tk/tk-8.4.17.ebuild
index 0052978faa77..3651ec371e19 100644
--- a/dev-lang/tk/tk-8.4.16.ebuild
+++ b/dev-lang/tk/tk-8.4.17.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/tk-8.4.16.ebuild,v 1.1 2007/12/22 03:58:06 matsuu Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/tk-8.4.17.ebuild,v 1.1 2008/02/04 16:28:02 matsuu Exp $
 
 WANT_AUTOCONF=latest
 WANT_AUTOMAKE=latest
@@ -47,6 +47,9 @@ src_unpack() {
 	# Bug 125971
 	epatch "${FILESDIR}"/${PN}-8.4.15-tclm4-soname.patch
 
+	# Bug 208464
+	epatch "${FILESDIR}"/${PN}-CVE-2006-4484.patch
+
 	local d
 	for d in */configure ; do
 		cd "${S}"/${d%%/*}
diff --git a/dev-lang/tk/tk-8.5.0-r1.ebuild b/dev-lang/tk/tk-8.5.0-r2.ebuild
index dca932179c9a..1d490774fcca 100644
--- a/dev-lang/tk/tk-8.5.0-r1.ebuild
+++ b/dev-lang/tk/tk-8.5.0-r2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/tk-8.5.0-r1.ebuild,v 1.1 2007/12/30 03:35:09 matsuu Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/tk/tk-8.5.0-r2.ebuild,v 1.1 2008/02/04 16:28:02 matsuu Exp $
 
 WANT_AUTOCONF=latest
 WANT_AUTOMAKE=latest
@@ -47,6 +47,9 @@ src_unpack() {
 	# Bug 125971
 	epatch "${FILESDIR}"/${PN}-8.5_alpha6-tclm4-soname.patch
 
+	# Bug 208464
+	epatch "${FILESDIR}"/${PN}-CVE-2006-4484.patch
+
 	cd "${S}"/unix
 	eautoreconf
 }
author	Matsuu Takuto <matsuu@gentoo.org>	2008-02-04 16:28:03 +0000
committer	Matsuu Takuto <matsuu@gentoo.org>	2008-02-04 16:28:03 +0000
commit	2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa (patch)
tree	b12e3ba27f30724234aeda62646a913f9961d475 /dev-lang/tk
parent	Version bumped. (diff)
download	gentoo-2-2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa.tar.gz gentoo-2-2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa.tar.bz2 gentoo-2-2cd4a6fb2e3e99ed5cfad7a5a7d4ebc6aae04cfa.zip