/ 
Tk-804.025_beta16
/ Tk::804delta
Security Advisories (6)
CVE-2006-4484 (2008-10-01)

Buffer overflow in the LWZReadByte_ function in the GD extension in allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

CVE-2007-4769 (2008-01-09)

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

CVE-2003-0107 (2003-03-07)

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

CVE-2007-4772 (2008-01-09)

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

CVE-2007-6067 (2008-01-09)

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

CVE-2017-12652 (2019-07-10)

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

NAME

Tk::804delta - what is new for perl/Tk 804

DESCRIPTION

This document describes differences between the Tk800 series and the Tk804 series.

Incompatible Changes

Tk804 will only work with perl 5.8.0 and above. For older perl versions look for Tk800.025.

curselection of Tk::Listbox now returns an array reference in scalar context. This means you have to write

my(@selected) = $listbox->curselection

or

my(@selected) = @{ $listbox->curselection }

now.

The fontActual method now returns the pixel value instead of the point value for -size. Pixel values are expressed as negative numbers.

Some enhancements from the "dash" patches are lost for now (i.e. -tile, -troughtile ...).

The -state option is not available anymore for Tk::Text tags. Use -elide instead.

Enhancements

Tk804 is Unicode-aware.

It is possible to build Tk with Xft support on X11. This is strongly recommened if you are planning to make use of Unicode rendering capabilities of Tk. It also gives anti-aliased fonts for regular text (if you have TrueType or Type1 fonts and they are in your fontconfig config file).

The new method chooseDirectory is available as a standard directory selector.

Tk::PNG and Tk::JPEG are bundled now with the perl/Tk distribution, providing support for the image formats png and jpeg.

Improvements to Tk::Listbox: new option -activestyle, new methods itemconfigure and itemcget, new virtual event <<ListboxSelect>>.

More tests.

New Widgets

Tk::Labelframe

An alternative to Tk::LabFrame.

Tk::Panedwindow

An alternative to Tk::Adjuster.

Tk::Spinbox

An alternative to the CPAN module Tk::NumEntry.

Selected Bug Fixes

Changed Internals

Platform Specific Problems

Future Directions

Reporting Bugs

If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.tk newsgroup.

If you believe you have an unreported bug, please send a mail to <ptk@lists.stanford.edu> and/or <nick@ing-simmons.net>. Be sure to trim your bug down to a tiny but sufficient test case.

SEE ALSO

Tk.