Patch-ID# 108950-09
Keywords: security lsarc cases bad positioning help menus buffer overflow
Synopsis: CDE 1.4_x86: litDtHelp/libDtSvc patch
Date: Apr/06/2005


Install Requirements: NA                      
                      
Solaris Release: 8_x86

SunOS Release: 5.8_x86

Unbundled Product: CDE

Unbundled Release: 1.4_x86

Xref: This patch is available for SPARC as 108949

Topic: 

Relevant Architectures: i386

BugId's fixed with this patch: 1191725 4298416 4307660 4345282 4389935 4402567 4479980 4527363 4786448 4917860 4930117 5092678

Changes incorporated in this version: 4479980 4786448 4917860 5092678

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

	/usr/dt/lib/libDtSvc.so.1
/usr/dt/lib/libDtHelp.so.1

Problem Description:

4479980 libDtSvc should not follow symlinks to error files
4786448 /usr/dt/bin/dtaction segfaults
4917860 DtSvc:potential buffer overflow hole
5092678 libDtSvc contains a buffer overflow when dealing with DTDATABASESEARCHPATH
 
(from 108950-08)
4930117 Large DTHELPUSERSEARCHPATH can cause CDE programs to seg fault.
 
(from 108950-07)
4527363 Buffer Overflow in CDE Subprocess Control Service (dtspcd)
 
(from 108950-06)
4402567 Bad positioning of headings in help menus
 
(from 108950-05)
4389935 Feature For LSARC Cases : 2000/105, 2000/106, 2000,107 and 2000/108
 
(from 108950-04)
1191725 (CMVC#5306) "Args" should quote each arg, like /bin/sh "$@"
 
(from 108950-03)
4345282 Buffer overflow in dtprintinfo 'Help' in 81
 
(from 108950-02)
4307660 dthelpview does not display all characters
 
(from 108950-01)
4298416 Zephyr looptool "Help" button doesn't work on Sol8 -- Core dump

Patch Installation Instructions:
-------------------------------- 
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Solaris.  Any other special or non-generic
installation instructions should be described below as special
instructions.  The following example installs a patch to a standalone
machine:
 
	example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
	example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
----------------------------- 
 
None.
 
Special Notes:
--------------
 
NOTE 1:
The bugfix for 1191725 introduces support for a new argument reference keyword
Args_all in the CDE dtactionfile(4) syntax. This keyword behaves exactly like
Args, except if surrounded by quotes when each argument is quoted separately.
 
The following action definition shows how "Args_all" can be used to
individually quote each argument in an action:
 
ACTION Compose
{
	LABEL           Compose
	ARG_TYPE        *
	ARG_COUNT       *
	TYPE            COMMAND
	WINDOW_TYPE     NO_STDIO
	EXEC_STRING     dtmail -a "Args_all"
}

README -- Last modified date:  Wednesday, April 6, 2005