SUSE-FU-2022:0868-1: moderate: Feature update for tcl and tk

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Mar 16 11:21:52 UTC 2022 

   SUSE Feature Update: Feature update for tcl and tk
______________________________________________________________________________

Announcement ID:    SUSE-FU-2022:0868-1
Rating:             moderate
References:         #1138797 #1185662 #1195257 #903017 SLE-21016 
                    SLE-23284 
Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP3
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Manager Proxy 4.2
                    SUSE Manager Server 4.2
______________________________________________________________________________

   An update that solves one vulnerability, contains two
   features and has three fixes is now available.

Description:

   This feature update for tcl and tk fixes the following issues:

   Update tcl and tk to version 8.6.12 (jsc#SLE-21016, jsc#SLE-23284):

   - Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662)
   - Use FAT LTO objects in order to provide proper static library
     (bsc#1138797)
   - Fix a bug in itcl that was affecting iwidgets (bsc#903017)
   - Add [combobox current] support "end" index
   - Add fixes in [text] bindings
   - Add missing "deferred clear code" support to GIF photo images
   - Add new virtual event <<TkWorldChanged>>
   - Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate,
     PreviousCandidate
   - Add new support for POSIX error: EILSEQ
   - Add new command [tcl::unsupported::corotype]
   - Add new command [tcl::unsupported::timerate] for performance testing
   - Add new option -state to [ttk::scale]
   - Add portable keycodes: OE, oe, Ydiaeresis
   - Add support for backrefs in [array names -regexp]
   - Add support for Unicode 14
   - Disfavor Master/Slave terminology
   - Enhance [oo::object] to acquire or lose a class identity dynamically
   - Fix canvas rotated text overlap detection
   - Fix canvas closed polylines yo fully honor -joinstyle
   - Fix display of Long non-wrapped lines in text
   - Fix display treeview focus ring when -selectmode none
   - Fix focus events not to break entry validation
   - Fix [package prefer stable] failing case
   - Fix auto_path initialization by Safe Base interps
   - Fix bad interaction between grab and mouse pointer warp
   - Fix borderwidth calculations on menu items
   - Fix cascade tearoff menu redraw artifacts
   - Fix coords rounding when drawing canvas items
   - Fix corrupt result from [$c postscript] with -file or -channel
   - Fix errno management in socket full close
   - Fix failure when a [proc] argument name is computed, not literal
   - Fix focus on unmapped windows
   - Fix handling of duplicates in spinbox -values list
   - Fix incomplete read of multi-image GIF
   - Fix initialization order of static package in wish
   - Fix issue when trying to display angled text without Xft
   - Fix issue with font initialization when no font is installed
   - Fix problems with Noto Color Emoji font
   - Fix race conditions in [file delete] and [file mkdir]
   - Fix Std channel initialization for multi-thread operations
   - Fix tearoff menu redraw artifacts
   - Fix up arrow key in [text] to correctly move cursor to index 1.0
   - Fix various cursor issues
   - Fix various encoding issues
   - Fix various fontchooser issues
   - Fix various issues causing crashes and hang in
   - Fix various memory issues
   - Fix various scrolling bugs and add improvements
   - Fix 32/64-bit confusion of FS DIR operations reported for AIX
   - Improve appearance of text selection in [*entry] widgets
   - Improve checkbutton handling of -selectcolor
   - Improve handling of resolution changes
   - Improve multi-thread safety when Xft is in use
   - Improve ttk high-contrast-mode support
   - Improve emoji support
   - Improve legacy support for [tk_setPalette]
   - Make combobox -postoffset option work with default style
   - Make spinbox use proper names in query of option database
   - Menu flaws when empty menubar clicked
   - New index argument in [$menubutton post x y index]
   - Preserve canvas tag list order during add/delete
   - Prevent cross-manager loops of geom management
   - Rewrite of zlib inflation for multi-stream and completeness
   - Run fileevents in proper thread after [thread::attach $channel]
   - Stop [unload] corruption of list of loaded packages
   - Stop app switching exposing withdrawn windows as zombies
   - Tk now denied access to PRIMARY selection from safe interps
   - TkpDrawAngledCharsInContext leaked a CGColor
   - Try to restore Tcl's [update] command when Tk is unloaded
   - Changed [info * methods] to include mixins
   - [package require] is now NR-enabled

   The following fixes might show some potential incompatibilities with
   existing software:

   - Revised [binary (en|de)code base64] for RFC compliance and roundtrip
   - Tcl_DStringAppendElement # quoting precision, dstring-2.13, dstring-3.10
   - Extended [clock scan] ISO format and time zone support
   - Allow for select/copy from disabled text widget on all platforms
   - Revised case of [info loaded] module names
   - [info hostname] reports DNS name, not NetBIOS name
   - Force -eofchar \032 when evaluating library scripts
   - Revised error messages: "too few" => "not enough"
   - Performed rewrite of Tk event loop to prevent ring overflow
   - Refactored all MouseWheel bindings
   - Revised precision of ::scale widget tick mark values
   - Prevent transient window cycles (crashed on Aqua)
   - Builds no longer use -lieee
   - Quoting of command line arguments by [exec] on Windows revised. Prior
     quoting rules left holes where some values would not pass through, but
     could trigger substitutions or program execution. See
     https://core.tcl-lang.org/tcl/info/21b0629c81
   - [lreplace] accepts all out-of-range index values


Patch Instructions:

   To install this SUSE Feature Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-868=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-868=1



Package List:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      tk-debuginfo-8.6.12-150300.10.3.1
      tk-debugsource-8.6.12-150300.10.3.1
      tk-devel-8.6.12-150300.10.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      tcl-8.6.12-150300.14.3.1
      tcl-debuginfo-8.6.12-150300.14.3.1
      tcl-debugsource-8.6.12-150300.14.3.1
      tcl-devel-8.6.12-150300.14.3.1
      tk-8.6.12-150300.10.3.1
      tk-debuginfo-8.6.12-150300.10.3.1
      tk-debugsource-8.6.12-150300.10.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      tcl-32bit-8.6.12-150300.14.3.1
      tcl-32bit-debuginfo-8.6.12-150300.14.3.1
      tk-32bit-8.6.12-150300.10.3.1
      tk-32bit-debuginfo-8.6.12-150300.10.3.1


References:

   https://www.suse.com/security/cve/CVE-2021-35331.html
   https://bugzilla.suse.com/1138797
   https://bugzilla.suse.com/1185662
   https://bugzilla.suse.com/1195257
   https://bugzilla.suse.com/903017

More information about the sle-updates mailing list