diff options
Diffstat (limited to 'development/tkman/patches/0002-tkman-CVE-2008-5137.patch')
| -rw-r--r-- | development/tkman/patches/0002-tkman-CVE-2008-5137.patch | 313 |
1 files changed, 313 insertions, 0 deletions
diff --git a/development/tkman/patches/0002-tkman-CVE-2008-5137.patch b/development/tkman/patches/0002-tkman-CVE-2008-5137.patch new file mode 100644 index 0000000000..78a040d598 --- /dev/null +++ b/development/tkman/patches/0002-tkman-CVE-2008-5137.patch @@ -0,0 +1,313 @@ +From a374e80b808a1cd4f37b8252aa2d49a8aa925ec5 Mon Sep 17 00:00:00 2001 +From: Zhu Qun-Ying <zhu.qunying@gmail.com> +Date: Fri, 7 Mar 2025 23:02:27 -0800 +Subject: [PATCH 2/4] tkman CVE-2008-5137 + +--- + Makefile | 5 +++-- + contrib/outline.tcl | 2 +- + contrib/remote.tcl | 1 + + contrib/tkmanclient | 2 +- + database.tcl | 1 + + gui.tcl | 8 ++++---- + manpath.tcl | 1 + + prefs.tcl | 4 ++-- + taputils.tcl | 2 +- + tkman.tcl | 21 ++++++++++++++------- + tkmandesc.tcl | 1 + + version.tcl | 2 +- + 12 files changed, 31 insertions(+), 19 deletions(-) + +diff --git a/Makefile b/Makefile +index 46030e8..6eca9eb 100644 +--- a/Makefile ++++ b/Makefile +@@ -97,7 +97,7 @@ printers = "" + # at the closest DPI in this list + dpis = "75 100" + +- ++manxlongtmp = [exec mktemp -p /tmp tkman.XXXXXXXXXX] + # # # MACHINE DEPENDENCIES # # # + + #manformat = {tbl | neqn | nroff -man } +@@ -113,7 +113,7 @@ dpis = "75 100" + # Lines are cached in .../man/cat<n>@<line-length>; + # that is, the line length is appended to the usual cache directory names + #manformat = {groff -te -Tascii -man /tmp/ll -} +-manformat = {groff -te -Tlatin1 -man /tmp/ll -} ++manformat = "groff -te -Tlatin1 -mandoc $$manx(longtmp) -" + # Ultrix users should uncomment the following line (you don't have eqn) + #manformat = {tbl | nroff -man } + # HP-UX uses a number of macros that groff doesn't define, so use the builtin nroff +@@ -362,6 +362,7 @@ tkman: $(srcs) $(libs) Makefile + echo 'set man(texinfodir) $(texinfodir)' >> tkman + echo 'set man(gzgrep) $(gzgrep)' >> tkman + echo 'set man(rfcdir) $(rfcdir)' >> tkman ++ echo 'set manx(longtmp) $(manxlongtmp)' >> tkman + echo 'set man(format) $(manformat)' >> tkman + echo 'set man(printers) $(printers)' >> tkman + echo 'set manx(dpis) $(dpis)' >> tkman +diff --git a/contrib/outline.tcl b/contrib/outline.tcl +index ba78a66..47dcdee 100755 +--- a/contrib/outline.tcl ++++ b/contrib/outline.tcl +@@ -71,7 +71,7 @@ proc setup {} { + + text [set t .inv] -font {Times 12 {}} -wrap word -borderwidth 3 -padx 5 -pady 5 -yscrollcommand "[set v .v] set" + set finv [expr 1-[catch {$t tag configure invis -elide 1}]] +- if !$finv { puts "you must apply the elided text patches first"; exit 0 } ++ if !$finv { puts "you must apply the elided text patches first"; CLEANUP; exit 0 } + + scrollbar $v -orient vertical -command "$t yview" + +diff --git a/contrib/remote.tcl b/contrib/remote.tcl +index ee11f9c..43f627c 100644 +--- a/contrib/remote.tcl ++++ b/contrib/remote.tcl +@@ -26,6 +26,7 @@ proc TkMan {man} { + if {$res=="1"} {set ready 1} + } elseif {[string match "*insecure*" info]} { + puts stderr "can't talk to an insecure server -- see send(n)" ++ CLEANUP + exit 1 + } + } +diff --git a/contrib/tkmanclient b/contrib/tkmanclient +index 9dec9ea..d8661cf 100755 +--- a/contrib/tkmanclient ++++ b/contrib/tkmanclient +@@ -60,7 +60,7 @@ proc instNewView {tkman} { + } + + set tkman [ check_for_tkman ] +-if { $tkman == 0 } { puts stderr "couldnt start tkman!"; exit 1; } ++if { $tkman == 0 } { puts stderr "couldnt start tkman!"; CLEANUP; exit 1; } + + set apropos 0 + set instNew 0 +diff --git a/database.tcl b/database.tcl +index aa6a072..e7cf7b2 100644 +--- a/database.tcl ++++ b/database.tcl +@@ -41,6 +41,7 @@ proc manReadSects {{w .man} {force 0} {msg "Building database ..."}} { + if {![llength $manx(manList)]} { + puts stderr "Can't find any man pages!" + puts stderr "MANPATH = $env(MANPATH)" ++ CLEANUP + exit 1 + } + +diff --git a/gui.tcl b/gui.tcl +index 4883aa8..525f437 100644 +--- a/gui.tcl ++++ b/gui.tcl +@@ -66,7 +66,7 @@ proc TkMan {} { + wm protocol $w WM_SAVE_YOURSELF "manSave" + wm command $w [concat $argv0 $argv] + # aborts without saving .tkman +- wm protocol $w WM_DELETE_WINDOW {exit 0} ++ wm protocol $w WM_DELETE_WINDOW {CLEANUP; exit 0} + + # some braindead window managers ignore iconposition requests after window is iconified, so special setting here + if {[regexp $manx(posnregexp) $manx(iconposition) all x y]} {wm iconposition $w $x $y} +@@ -221,7 +221,7 @@ if 0 { + -command "incr stat(checkpoint); manSave; manWinstdout \$curwin {[bolg $manx(startup) ~] updated}" + # if {!$dup} { ... but menu shared! + $m add separator +- $m add command -label "Quit, don't update $manx(startup-short)" -command "exit 0" ++ $m add command -label "Quit, don't update $manx(startup-short)" -command "CLEANUP; exit 0" + # } + } + +@@ -537,8 +537,8 @@ if 0 { + " + + ### quit +- button $w.quit -text "Quit" -command "manSave; exit 0" -padx 4 +- if {!$manx(quit)} {$w.quit configure -command "exit 0"} ++ button $w.quit -text "Quit" -command "manSave; CLEANUP; exit 0" -padx 4 ++ if {!$manx(quit)} {$w.quit configure -command "CLEANUP; exit 0"} + if {$dup} { + $w.quit configure -text "Close" -command " + destroy $w; incr manx(outcnt) -1; manOutput +diff --git a/manpath.tcl b/manpath.tcl +index a89951b..5c70d35 100644 +--- a/manpath.tcl ++++ b/manpath.tcl +@@ -138,6 +138,7 @@ proc manManpathCheck {} { + if {![llength $manx(paths)]} { + if {$manx(manpath-warnings) ne ""} {puts stderr $manx(manpath-warnings)} + puts stderr "NO VALID DIRECTORIES IN MANPATH!\a" ++ CLEANUP + exit 1 + } + } +diff --git a/prefs.tcl b/prefs.tcl +index 6d980d6..ab6b04c 100644 +--- a/prefs.tcl ++++ b/prefs.tcl +@@ -365,7 +365,7 @@ proc manPreferencesMake {{w0 ""}} { + pack $g.nroffsave $g.columns $g.fsstnd-always $g.texinfodir $g.recentdays $g.preferTexinfo $g.tryfuzzy $g.preferGNU \ + $g.maxglimpse $g.maxglimpseexcerpt $g.indexglimpse $g.glimpsestrays $g.indexalso \ + -fill x -pady 3 -padx 4 +- if {![string match "*groff*/tmp/ll -*" $man(format)]} {pack forget $g.columns} ++ if {![string match "*groff*$manx(longtmp) -*" $man(format)]} {pack forget $g.columns} + + + +@@ -791,7 +791,7 @@ proc spec2font {{family "times"} {style "normal"} {points "medium"} {size "m"}} + bold {set weight "bold"} + italics {set slant "italic"} + bold-italics {set weight "bold"; set slant "italic"} +- default {puts stderr "nonexistent style: $style"; exit 1} ++ default {puts stderr "nonexistent style: $style"; CLEANUP; exit 1} + } + + # specify s,m,l within small,medium,large; or set absolute point size +diff --git a/taputils.tcl b/taputils.tcl +index 586ce89..82be528 100644 +--- a/taputils.tcl ++++ b/taputils.tcl +@@ -98,7 +98,7 @@ proc pipeexp {p} { + proc assert {bool msg {boom 0}} { + if {!$bool} { + puts stderr $msg +- if {$boom} {exit 1} ++ if {$boom} {CLEANUP; exit 1} + } + } + +diff --git a/tkman.tcl b/tkman.tcl +index 1f2ccd4..e2cd0ad 100644 +--- a/tkman.tcl ++++ b/tkman.tcl +@@ -539,7 +539,7 @@ proc manSetSect {w n} { + proc manMenuFit {m} { + global man manx + +- if {[winfo class $m]!="Menu"} {puts stderr "$m not of Menu class"; exit 1} ++ if {[winfo class $m]!="Menu"} {puts stderr "$m not of Menu class"; CLEANUP; exit 1} + if {[$m index last] eq "none"} return + + set sh [winfo screenheight $m] +@@ -1827,7 +1827,7 @@ DEBUG { puts "$bin => $fullpath" } + if {$inx<[llength $manx(binvars)]} { + after 1000 manBinCheck $inx $err + } else { +- if {$err} {exit 1} ++ if {$err} {CLEANUP; exit 1} + .occ entryconfigure "Statistics*" -state normal + } + +@@ -1850,6 +1850,7 @@ proc manParseCommandline {} { + } + puts -nonewline "tkman" + foreach line [split [textmanip::linebreak $helptxt 70] "\n"] { puts "\t$line" } ++ CLEANUP + exit 0 + } + -M {set env(MANPATH) $val; incr i} +@@ -1868,11 +1869,11 @@ proc manParseCommandline {} { + -start* {set manx(startup) $val; incr i} + -data* {puts stderr "-database option obsolete: database kept in memory"; incr i} + --v* - +- -v* {puts stdout "TkMan v$manx(version) of $manx(date)"; exit 0} ++ -v* {puts stdout "TkMan v$manx(version) of $manx(date)"; CLEANUP; exit 0} + -t* {set manx(title) $val; incr i} + -d* {set manx(debug) 1; set manx(quit) 0; set manx(iconify) 0} + -nod* {set manx(debug) 0} +- -* {puts stdout "[file tail $argv0]: unrecognized option: $arg"; exit 1} ++ -* {puts stdout "[file tail $argv0]: unrecognized option: $arg"; CLEANUP; exit 1} + default { + after 2000 manShowMan $arg {{}} .man + # permit several??? add extras to History? +@@ -1888,6 +1889,7 @@ proc manParseCommandline {} { + proc ASSERT {args} { + if {![uplevel 1 eval $args]} { + puts "ASSERTION VIOLATED: $args" ++ CLEANUP + exit 1 + } + } +@@ -1906,7 +1908,10 @@ proc PROFILE {msg} { + set manx(lastclick) $clicknow + } + +- ++proc CLEANUP {} { ++ global manx ++ if { [file exists $manx(longtmp)] == 1 } { file delete $manx(longtmp) } ++} + + + ################################################## +@@ -1919,6 +1924,7 @@ proc PROFILE {msg} { + if {[package vcompare [info tclversion] $manx(mintcl)]==-1 || [package vcompare $tk_version $manx(mintk)]==-1} { + puts -nonewline stderr "Tcl $manx(mintcl)/Tk $manx(mintk) minimum versions required. " + puts stderr "You have Tcl [info tclversion]/Tk $tk_version" ++ CLEANUP + exit 1 + } elseif {int([info tclversion])-int($manx(mintcl))>=1 || int($tk_version)-int($manx(mintk))>=1} { + puts stderr "New major versions of Tcl and/or Tk may have introduced\nincompatibilies in TkMan.\nCheck the TkMan home site for a possible new version.\n" +@@ -2111,7 +2117,6 @@ set man(lengthchunk) "line"; set manx(lengthchunk-v) {line screen page ""}; set + set manx(line-scale) 1; set manx(screen-scale) 45; set manx(page-scale) [expr int(60*1.5)] + set man(error-effect) "bell & flash"; set manx(error-effect-v) [set manx(error-effect-t) {"bell & flash" "bell" "flash" "none"}] + set man(columns) 65; set manx(columns-v) {65 90 130 5000}; set manx(columns-t) {"65 (most compatible)" 90 130 "wrap to screen width"}; # no one would want shorter lines +-set manx(longtmp) /tmp/ll + set man(volcol) 4.0c; set manx(volcol-v) {0 1.5c 2.0c 2.5c 3.0c 3.5c 4.0c 4.5c 5.0c 7.5c 10.0c}; set manx(volcol-t) {"no columns" "1.5 cm" "2 cm" "2.5 cm/~1 inch" "3 cm" "3.5 cm" "4 cm" "4.5 cm" "5.0 cm/~2 inches" "7.5 cm" "10 cm"} + set man(apropostab) "4.5c"; set manx(apropostab-v) {0 3.0c 4.0c 4.5c 5.0c 5.5c 6.0c 7.5c 10.0c}; set manx(apropostab-t) {"none" "3 cm" "4 cm" "4.5 cm" "5 cm" "5.5 cm" "6 cm" "7.5 cm" "10 cm"} + #set man(showoutsub) "" +@@ -2258,7 +2263,7 @@ set manx(title) "TkMan" + regexp {(\d\d\d\d)/(\d\d)/(\d\d)} {$Date: 2003/04/01 23:02:52 $} manx(date) y m d + set manx(mtime) [clock scan "$m/$d/$y"] + set manx(stray-warnings) "" +-if {[catch {set default(manList) 0}]} {puts "\aBLT conflicts with TkMan."; exit 1} ++if {[catch {set default(manList) 0}]} {puts "\aBLT conflicts with TkMan."; CLEANUP; exit 1} + set manx(manList) $man(manList) + set manx(manTitleList) $man(manTitleList) + set manx(userconfig) "### your additions go below" +@@ -2385,6 +2390,7 @@ if {$manx(startup)!="" && [file readable $manx(startup)]} { + if {[string match "#!*" [gets $fid line]]} { + puts stderr "$manx(startup) looks like an executable." + puts stderr "You should delete it, probably." ++ CLEANUP + exit 1 + } + +@@ -2613,6 +2619,7 @@ after 1500 manBinCheck + + if {[llength $man(manList)]!=[llength $man(manTitleList)]} { + puts stderr "Length of section abbreviations differs from length of section titles:\n\nlength [llength $man(manList)]:\t$man(manList)\n\nlength [llength $man(manTitleList)]:\t$man(manTitleList)" ++ CLEANUP + exit 1 + } + +diff --git a/tkmandesc.tcl b/tkmandesc.tcl +index 72275b5..603a14a 100644 +--- a/tkmandesc.tcl ++++ b/tkmandesc.tcl +@@ -152,6 +152,7 @@ proc manDesc {cmd from to dirs} { + foreach n [concat $from $to] { + if {[lsearch $mani(manList) $n]==-1} { + puts stderr "$cmd: Section letter `$n' doesn't exist." ++ CLEANUP + exit 1 + } + } +diff --git a/version.tcl b/version.tcl +index 7e3f841..c71af50 100644 +--- a/version.tcl ++++ b/version.tcl +@@ -80,7 +80,7 @@ proc manVersionDiff {f w} { + + ### collect diffs + # diff needs at least one of them to be a real file. want text of previous version around anyhow +- set tmpf /tmp/tkman[pid] ++ set tmpf [exec mktemp -p /tmp tkman.XXXXXXXXXX] + # $man(changeleft) $man(zaphy) -- obsolete options + set format "$man(format) | $manx(rman) -f ASCII -N" + #puts "creating $tmpf (old)" +-- +2.46.3 + |