Security Advisories (6)

CVE-2007-4769 (2008-01-09)

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

CVE-2018-25032 (2022-03-25)

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2011-3045 (2012-03-22)

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

CVE-2016-10087 (2017-01-30)

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

CVE-2007-4772 (2008-01-09)

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

CVE-2007-6067 (2008-01-09)

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

NAME

Tcl vs perl - very old suspect documentation on porting.

DESCRIPTION

This isn't really a .pod yet, nor is it Tcl vs perl it is a copy of John's comparison of Malcolm's original perl/Tk port with the current one. It is also out-of-date in places.

From: john@WPI.EDU (John Stoffel )

Here are some thoughts on the new Tk extension and how I think the
organization of the commands looks.  Mostly, I'm happy with it, it
makes some things more organized and more consistent with tcl/tk, but
since the overlying language is so different, I don't think we need to
follow exactly the tcl/tk model for how to call the language.

The basic structure of the Tk program is:

    require Tk;

    $top = MainWindow->new();

    #
    # create widgets
    #

    Tk::MainLoop;

    sub method1 {
    }

    sub methodN {
    }

This is pretty much the same as tkperl5a5, with some cosmetic naming
changes, and some more useful command name and usage changes.  A quick
comparison in no particular order follows:

tkperl5a5				Tk
-------------------------------	-----------------------------------
$top=tkinit(name,display,sync);	$top=MainWindow->new();

tkpack $w, ... ;		$w->pack(...)

$w = Class::new($top, ...);	$w = $top->Class(...);

tkmainloop;			Tk::MainLoop;

tkbind($w,"<key>",sub);		$w->bind("<key>",sub);

tkdelete($w, ...);		$w->delete(...);

$w->scanmark(...);		$w->scan("mark", ...);

$w->scandragto(...);		$w->scan("dragto", ...);

$w->tkselect();			$w->Select();

$w->selectadjust(...);		$w->selection("adjust", ...);

$w->selectto(...);		$w->selection("to", ...);

$w->selectfrom(...);		$w->selection("from", ...);

$w->tkindex(...);		$w->index(...);

tclcmd("xxx",...);              &Tk::xxx(...)    # all Tk commands, but no Tcl at all

tclcmd("winfo", xxx, $w, ...);  $w->xxx(...);

				$w->mark(...);

				$w->tag(...);

$w->grabstatus();		$w->grab("status");

$w->grabrelease(...);		$w->grab("release", ...);

focus($w);			$w->focus;

update();			Tk->update();

idletasks();			Tk->update("idletasks");

wm("cmd",$w, ...);		$w->cmd(...);

destroy($w);			$w->destroy();

				Tk::option(...);
                                $w->OptionGet(name,Class)

				$w->place(...)

				Tk::property(...);

$w = Entry::new($parent,...)

is now

$w = $parent->Entry(...)

As this allows new to be inherited from a Window class.

  -method=>x,-slave=>y

 is now

  -command => [x,y]

1st element of list is treated as "method" if y is an object reference.
(You can have -command => [a,b,c,d,e] too; b..e get passed as args).

Object references are now hashes rather than scalars and there
is only ever one such per window.  The Tcl_CmdInfo and PathName
are entries in the hash.

(This allows derived classes to
re-bless the hash and keep their on stuff in it too.)

Tk's "Tcl_Interp" is in fact a ref to "." window.
You can find all the Tk windows descended from it as their object
references get added (by PathName) into this hash.
$w->MainWindow returns this hash from any window.

I think that it should extend to multiple tkinits / Tk->news
with different Display's - if Tk code does.

Finally "bind" passes window as "extra" (or only)
argument. Thus

Tk::Button->bind(<Any-Enter>,"Enter");

Binds Enter events to Tk::Button::Enter by default
but gets called as $w->Enter so derived class of Button can just
define its own Enter method. &EvWref and associated globals and race
conditions are no longer needed.

One thing to beware of : commands bound to events with $widget->bind
follow same pattern, but get passed extra args :

$widget->bind(<Any-1>,[sub {print shift}, $one, $two ]);

When sub gets called it has :

   $widget $one $two

passed.

1st extra arg is reference to the per-widget hash that serves as the
perl object for the widget.

Every time an XEvent a reference to a special class is placed
in the widget hash. It can be retrieved by $w->XEvent method.

The methods of the XEvent class are the
Tcl/Tk % special characters.

Thus:

$widget->bind(<Any-KeyPress>,
              sub {
               my $w = shift;
               my $e = $w->XEvent;
               print $w->PathName," ",$e->A," pressed ,$e->xy,"\n");
              });

XEvent->xy is a special case which returns "@" . $e->x . "," . $e->y
which is common in Text package.

Because of passing a blessed widget hash to "bound" subs they can be
bound to (possibly inherited) methods of the widget's class:

Class->bind(<Any-Down>,Down);

sub Class::Down
{
 my $w = shift;
 # handle down arrow
}

Also:

-command and friends can take a list the 1st element can be a ref to
as sub or a method name. Remaining elements are passed as args to the
sub at "invoke" time. Thus :

$b= $w->Button(blah blah, '-command' => [sub{print shift} , $fred ]);

Should do the trick, provided $fred is defined at time of button creation.

Thus 1st element of list is equivalent to Malcolm's -method and second
would be his -slave.  Any further elements are a bonus and avoid
having to pass ref to an array/hash as a slave.

To install Tk, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Tk

CPAN shell

perl -MCPAN -e shell
install Tk

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

Module Install Instructions

Keyboard Shortcuts