hollalinux
/
slackbuilds
mirror of https://github.com/SlackBuildsOrg/slackbuilds.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
slackbuilds/development/tkman/patches/0002-tkman-CVE-2008-5137.patch

314 lines
12 KiB
Diff
Raw Permalink Blame History

From a374e80b808a1cd4f37b8252aa2d49a8aa925ec5 Mon Sep 17 00:00:00 2001
From: Zhu Qun-Ying <zhu.qunying@gmail.com>
Date: Fri, 7 Mar 2025 23:02:27 -0800
Subject: [PATCH 2/4] tkman CVE-2008-5137
---
Makefile | 5 +++--
contrib/outline.tcl | 2 +-
contrib/remote.tcl | 1 +
contrib/tkmanclient | 2 +-
database.tcl | 1 +
gui.tcl | 8 ++++----
manpath.tcl | 1 +
prefs.tcl | 4 ++--
taputils.tcl | 2 +-
tkman.tcl | 21 ++++++++++++++-------
tkmandesc.tcl | 1 +
version.tcl | 2 +-
12 files changed, 31 insertions(+), 19 deletions(-)
diff --git a/Makefile b/Makefile
index 46030e8..6eca9eb 100644
--- a/Makefile
+++ b/Makefile
@@ -97,7 +97,7 @@ printers = ""
# at the closest DPI in this list
dpis = "75 100"
-
+manxlongtmp = [exec mktemp -p /tmp tkman.XXXXXXXXXX]
# # # MACHINE DEPENDENCIES # # #
#manformat = {tbl | neqn | nroff -man }
@@ -113,7 +113,7 @@ dpis = "75 100"
# Lines are cached in .../man/cat<n>@<line-length>;
# that is, the line length is appended to the usual cache directory names
#manformat = {groff -te -Tascii -man /tmp/ll -}
-manformat = {groff -te -Tlatin1 -man /tmp/ll -}
+manformat = "groff -te -Tlatin1 -mandoc $$manx(longtmp) -"
# Ultrix users should uncomment the following line (you don't have eqn)
#manformat = {tbl | nroff -man }
# HP-UX uses a number of macros that groff doesn't define, so use the builtin nroff
@@ -362,6 +362,7 @@ tkman: $(srcs) $(libs) Makefile
echo 'set man(texinfodir) $(texinfodir)' >> tkman
echo 'set man(gzgrep) $(gzgrep)' >> tkman
echo 'set man(rfcdir) $(rfcdir)' >> tkman
+ echo 'set manx(longtmp) $(manxlongtmp)' >> tkman
echo 'set man(format) $(manformat)' >> tkman
echo 'set man(printers) $(printers)' >> tkman
echo 'set manx(dpis) $(dpis)' >> tkman
diff --git a/contrib/outline.tcl b/contrib/outline.tcl
index ba78a66..47dcdee 100755
--- a/contrib/outline.tcl
+++ b/contrib/outline.tcl
@@ -71,7 +71,7 @@ proc setup {} {
text [set t .inv] -font {Times 12 {}} -wrap word -borderwidth 3 -padx 5 -pady 5 -yscrollcommand "[set v .v] set"
set finv [expr 1-[catch {$t tag configure invis -elide 1}]]
- if !$finv { puts "you must apply the elided text patches first"; exit 0 }
+ if !$finv { puts "you must apply the elided text patches first"; CLEANUP; exit 0 }
scrollbar $v -orient vertical -command "$t yview"
diff --git a/contrib/remote.tcl b/contrib/remote.tcl
index ee11f9c..43f627c 100644
--- a/contrib/remote.tcl
+++ b/contrib/remote.tcl
@@ -26,6 +26,7 @@ proc TkMan {man} {
if {$res=="1"} {set ready 1}
} elseif {[string match "*insecure*" info]} {
puts stderr "can't talk to an insecure server -- see send(n)"
+ CLEANUP
exit 1
}
}
diff --git a/contrib/tkmanclient b/contrib/tkmanclient
index 9dec9ea..d8661cf 100755
--- a/contrib/tkmanclient
+++ b/contrib/tkmanclient
@@ -60,7 +60,7 @@ proc instNewView {tkman} {
}
set tkman [ check_for_tkman ]
-if { $tkman == 0 } { puts stderr "couldnt start tkman!"; exit 1; }
+if { $tkman == 0 } { puts stderr "couldnt start tkman!"; CLEANUP; exit 1; }
set apropos 0
set instNew 0
diff --git a/database.tcl b/database.tcl
index aa6a072..e7cf7b2 100644
--- a/database.tcl
+++ b/database.tcl
@@ -41,6 +41,7 @@ proc manReadSects {{w .man} {force 0} {msg "Building database ..."}} {
if {![llength $manx(manList)]} {
puts stderr "Can't find any man pages!"
puts stderr "MANPATH = $env(MANPATH)"
+ CLEANUP
exit 1
}
diff --git a/gui.tcl b/gui.tcl
index 4883aa8..525f437 100644
--- a/gui.tcl
+++ b/gui.tcl
@@ -66,7 +66,7 @@ proc TkMan {} {
wm protocol $w WM_SAVE_YOURSELF "manSave"
wm command $w [concat $argv0 $argv]
# aborts without saving .tkman
- wm protocol $w WM_DELETE_WINDOW {exit 0}
+ wm protocol $w WM_DELETE_WINDOW {CLEANUP; exit 0}
# some braindead window managers ignore iconposition requests after window is iconified, so special setting here
if {[regexp $manx(posnregexp) $manx(iconposition) all x y]} {wm iconposition $w $x $y}
@@ -221,7 +221,7 @@ if 0 {
-command "incr stat(checkpoint); manSave; manWinstdout \$curwin {[bolg $manx(startup) ~] updated}"
# if {!$dup} { ... but menu shared!
$m add separator
- $m add command -label "Quit, don't update $manx(startup-short)" -command "exit 0"
+ $m add command -label "Quit, don't update $manx(startup-short)" -command "CLEANUP; exit 0"
# }
}
@@ -537,8 +537,8 @@ if 0 {
"
### quit
- button $w.quit -text "Quit" -command "manSave; exit 0" -padx 4
- if {!$manx(quit)} {$w.quit configure -command "exit 0"}
+ button $w.quit -text "Quit" -command "manSave; CLEANUP; exit 0" -padx 4
+ if {!$manx(quit)} {$w.quit configure -command "CLEANUP; exit 0"}
if {$dup} {
$w.quit configure -text "Close" -command "
destroy $w; incr manx(outcnt) -1; manOutput
diff --git a/manpath.tcl b/manpath.tcl
index a89951b..5c70d35 100644
--- a/manpath.tcl
+++ b/manpath.tcl
@@ -138,6 +138,7 @@ proc manManpathCheck {} {
if {![llength $manx(paths)]} {
if {$manx(manpath-warnings) ne ""} {puts stderr $manx(manpath-warnings)}
puts stderr "NO VALID DIRECTORIES IN MANPATH!\a"
+ CLEANUP
exit 1
}
}
diff --git a/prefs.tcl b/prefs.tcl
index 6d980d6..ab6b04c 100644
--- a/prefs.tcl
+++ b/prefs.tcl
@@ -365,7 +365,7 @@ proc manPreferencesMake {{w0 ""}} {
pack $g.nroffsave $g.columns $g.fsstnd-always $g.texinfodir $g.recentdays $g.preferTexinfo $g.tryfuzzy $g.preferGNU \
$g.maxglimpse $g.maxglimpseexcerpt $g.indexglimpse $g.glimpsestrays $g.indexalso \
-fill x -pady 3 -padx 4
- if {![string match "*groff*/tmp/ll -*" $man(format)]} {pack forget $g.columns}
+ if {![string match "*groff*$manx(longtmp) -*" $man(format)]} {pack forget $g.columns}
@@ -791,7 +791,7 @@ proc spec2font {{family "times"} {style "normal"} {points "medium"} {size "m"}}
bold {set weight "bold"}
italics {set slant "italic"}
bold-italics {set weight "bold"; set slant "italic"}
- default {puts stderr "nonexistent style: $style"; exit 1}
+ default {puts stderr "nonexistent style: $style"; CLEANUP; exit 1}
}
# specify s,m,l within small,medium,large; or set absolute point size
diff --git a/taputils.tcl b/taputils.tcl
index 586ce89..82be528 100644
--- a/taputils.tcl
+++ b/taputils.tcl
@@ -98,7 +98,7 @@ proc pipeexp {p} {
proc assert {bool msg {boom 0}} {
if {!$bool} {
puts stderr $msg
- if {$boom} {exit 1}
+ if {$boom} {CLEANUP; exit 1}
}
}
diff --git a/tkman.tcl b/tkman.tcl
index 1f2ccd4..e2cd0ad 100644
--- a/tkman.tcl
+++ b/tkman.tcl
@@ -539,7 +539,7 @@ proc manSetSect {w n} {
proc manMenuFit {m} {
global man manx
- if {[winfo class $m]!="Menu"} {puts stderr "$m not of Menu class"; exit 1}
+ if {[winfo class $m]!="Menu"} {puts stderr "$m not of Menu class"; CLEANUP; exit 1}
if {[$m index last] eq "none"} return
set sh [winfo screenheight $m]
@@ -1827,7 +1827,7 @@ DEBUG { puts "$bin => $fullpath" }
if {$inx<[llength $manx(binvars)]} {
after 1000 manBinCheck $inx $err
} else {
- if {$err} {exit 1}
+ if {$err} {CLEANUP; exit 1}
.occ entryconfigure "Statistics*" -state normal
}
@@ -1850,6 +1850,7 @@ proc manParseCommandline {} {
}
puts -nonewline "tkman"
foreach line [split [textmanip::linebreak $helptxt 70] "\n"] { puts "\t$line" }
+ CLEANUP
exit 0
}
-M {set env(MANPATH) $val; incr i}
@@ -1868,11 +1869,11 @@ proc manParseCommandline {} {
-start* {set manx(startup) $val; incr i}
-data* {puts stderr "-database option obsolete: database kept in memory"; incr i}
--v* -
- -v* {puts stdout "TkMan v$manx(version) of $manx(date)"; exit 0}
+ -v* {puts stdout "TkMan v$manx(version) of $manx(date)"; CLEANUP; exit 0}
-t* {set manx(title) $val; incr i}
-d* {set manx(debug) 1; set manx(quit) 0; set manx(iconify) 0}
-nod* {set manx(debug) 0}
- -* {puts stdout "[file tail $argv0]: unrecognized option: $arg"; exit 1}
+ -* {puts stdout "[file tail $argv0]: unrecognized option: $arg"; CLEANUP; exit 1}
default {
after 2000 manShowMan $arg {{}} .man
# permit several??? add extras to History?
@@ -1888,6 +1889,7 @@ proc manParseCommandline {} {
proc ASSERT {args} {
if {![uplevel 1 eval $args]} {
puts "ASSERTION VIOLATED: $args"
+ CLEANUP
exit 1
}
}
@@ -1906,7 +1908,10 @@ proc PROFILE {msg} {
set manx(lastclick) $clicknow
}
-
+proc CLEANUP {} {
+ global manx
+ if { [file exists $manx(longtmp)] == 1 } { file delete $manx(longtmp) }
+}
##################################################
@@ -1919,6 +1924,7 @@ proc PROFILE {msg} {
if {[package vcompare [info tclversion] $manx(mintcl)]==-1 || [package vcompare $tk_version $manx(mintk)]==-1} {
puts -nonewline stderr "Tcl $manx(mintcl)/Tk $manx(mintk) minimum versions required. "
puts stderr "You have Tcl [info tclversion]/Tk $tk_version"
+ CLEANUP
exit 1
} elseif {int([info tclversion])-int($manx(mintcl))>=1 || int($tk_version)-int($manx(mintk))>=1} {
puts stderr "New major versions of Tcl and/or Tk may have introduced\nincompatibilies in TkMan.\nCheck the TkMan home site for a possible new version.\n"
@@ -2111,7 +2117,6 @@ set man(lengthchunk) "line"; set manx(lengthchunk-v) {line screen page ""}; set
set manx(line-scale) 1; set manx(screen-scale) 45; set manx(page-scale) [expr int(60*1.5)]
set man(error-effect) "bell & flash"; set manx(error-effect-v) [set manx(error-effect-t) {"bell & flash" "bell" "flash" "none"}]
set man(columns) 65; set manx(columns-v) {65 90 130 5000}; set manx(columns-t) {"65 (most compatible)" 90 130 "wrap to screen width"}; # no one would want shorter lines
-set manx(longtmp) /tmp/ll
set man(volcol) 4.0c; set manx(volcol-v) {0 1.5c 2.0c 2.5c 3.0c 3.5c 4.0c 4.5c 5.0c 7.5c 10.0c}; set manx(volcol-t) {"no columns" "1.5 cm" "2 cm" "2.5 cm/~1 inch" "3 cm" "3.5 cm" "4 cm" "4.5 cm" "5.0 cm/~2 inches" "7.5 cm" "10 cm"}
set man(apropostab) "4.5c"; set manx(apropostab-v) {0 3.0c 4.0c 4.5c 5.0c 5.5c 6.0c 7.5c 10.0c}; set manx(apropostab-t) {"none" "3 cm" "4 cm" "4.5 cm" "5 cm" "5.5 cm" "6 cm" "7.5 cm" "10 cm"}
#set man(showoutsub) ""
@@ -2258,7 +2263,7 @@ set manx(title) "TkMan"
regexp {(\d\d\d\d)/(\d\d)/(\d\d)} {$Date: 2003/04/01 23:02:52 $} manx(date) y m d
set manx(mtime) [clock scan "$m/$d/$y"]
set manx(stray-warnings) ""
-if {[catch {set default(manList) 0}]} {puts "\aBLT conflicts with TkMan."; exit 1}
+if {[catch {set default(manList) 0}]} {puts "\aBLT conflicts with TkMan."; CLEANUP; exit 1}
set manx(manList) $man(manList)
set manx(manTitleList) $man(manTitleList)
set manx(userconfig) "### your additions go below"
@@ -2385,6 +2390,7 @@ if {$manx(startup)!="" && [file readable $manx(startup)]} {
if {[string match "#!*" [gets $fid line]]} {
puts stderr "$manx(startup) looks like an executable."
puts stderr "You should delete it, probably."
+ CLEANUP
exit 1
}
@@ -2613,6 +2619,7 @@ after 1500 manBinCheck
if {[llength $man(manList)]!=[llength $man(manTitleList)]} {
puts stderr "Length of section abbreviations differs from length of section titles:\n\nlength [llength $man(manList)]:\t$man(manList)\n\nlength [llength $man(manTitleList)]:\t$man(manTitleList)"
+ CLEANUP
exit 1
}
diff --git a/tkmandesc.tcl b/tkmandesc.tcl
index 72275b5..603a14a 100644
--- a/tkmandesc.tcl
+++ b/tkmandesc.tcl
@@ -152,6 +152,7 @@ proc manDesc {cmd from to dirs} {
foreach n [concat $from $to] {
if {[lsearch $mani(manList) $n]==-1} {
puts stderr "$cmd: Section letter `$n' doesn't exist."
+ CLEANUP
exit 1
}
}
diff --git a/version.tcl b/version.tcl
index 7e3f841..c71af50 100644
--- a/version.tcl
+++ b/version.tcl
@@ -80,7 +80,7 @@ proc manVersionDiff {f w} {
### collect diffs
# diff needs at least one of them to be a real file. want text of previous version around anyhow
- set tmpf /tmp/tkman[pid]
+ set tmpf [exec mktemp -p /tmp tkman.XXXXXXXXXX]
# $man(changeleft) $man(zaphy) -- obsolete options
set format "$man(format) | $manx(rman) -f ASCII -N"
#puts "creating $tmpf (old)"
--
2.46.3
Reference in New Issue View Git Blame Copy Permalink