/ 
Tk-804.033_500
/ Tk::804delta
Security Advisories (6)
CVE-2007-4769 (2008-01-09)

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

CVE-2018-25032 (2022-03-25)

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2011-3045 (2012-03-22)

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

CVE-2016-10087 (2017-01-30)

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

CVE-2007-4772 (2008-01-09)

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

CVE-2007-6067 (2008-01-09)

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

NAME

Tk::804delta - what is new for perl/Tk 804

DESCRIPTION

This document describes differences between the Tk800 series and the Tk804 series.

Incompatible Changes

In Tk804.028, there are some additional incompatible changes:

Return values of some Tk::Wm methods (e.g. aspect, wmGrid, iconposition, resizable ...) were changed from returning tclish lists (e.g. "1 2 3 4") to perlish lists (1,2,3,4).

Tk::Wm::wmTracing needs argument for setting on/off, without argument just return the current value.

All Tk804 releases have the following incompatible changes:

Tk804 will only work with perl 5.8.0 and above. For older perl versions look for Tk800.025.

curselection of Tk::Listbox now returns an array reference in scalar context. This means you have to write

my(@selected) = $listbox->curselection

or

my(@selected) = @{ $listbox->curselection }

now.

The fontActual method now returns the pixel value instead of the point value for -size. Pixel values are expressed as negative numbers.

Some enhancements from the "dash" patches are lost for now (i.e. -tile, -troughtile ...).

The -state option is not available anymore for Tk::Text tags. Use -elide instead.

Enhancements

Tk804 is Unicode-aware.

It is possible to build Tk with Xft support on X11. This is strongly recommened if you are planning to make use of Unicode rendering capabilities of Tk. It also gives anti-aliased fonts for regular text (if you have TrueType or Type1 fonts and they are in your fontconfig config file).

The new method chooseDirectory is available as a standard directory selector.

Tk::PNG and Tk::JPEG are bundled now with the perl/Tk distribution, providing support for the image formats png and jpeg.

Improvements to Tk::Listbox: new option -activestyle, new methods itemconfigure and itemcget, new virtual event <<ListboxSelect>>.

More tests.

New Widgets

Tk::Labelframe

An alternative to Tk::LabFrame.

Tk::Panedwindow

An alternative to Tk::Adjuster.

Tk::Spinbox

An alternative to the CPAN module Tk::NumEntry.

Selected Bug Fixes

Changed Internals

Platform Specific Problems

Future Directions

Reporting Bugs

If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.tk newsgroup.

If you believe you have an unreported bug, please send a mail to <ptk@lists.stanford.edu> and/or <nick@ing-simmons.net>. Be sure to trim your bug down to a tiny but sufficient test case.

SEE ALSO

Tk, Changes file in the Perl/Tk distribution.