Patch-ID# 103210-31 Keywords: security y2000 Xsun SUNWxwplt setuid setgid 103210-26 ilogview Synopsis: OpenWindows 3.5: Server (Xsun, libX11, xterm) Patch Date: Nov/01/2001 Solaris Release: 2.5 SunOS Release: 5.5 Unbundled Product: OpenWindows Unbundled Release: 3.5 Xref: This patch available for x86 as patch 104242 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 1197532 1229238 1230511 1232440 1232824 1232904 1235117 1236588 1236764 1239081 1239872 1243445 1245095 1248661 1249057 1249475 1251340 1251860 1254709 1256655 1260016 1261221 1261277 1266793 4006666 4010744 4012465 4017413 4019277 4026015 4036289 4038922 4039053 4042030 4043113 4048352 4058716 4066985 4083323 4102279 4120484 4149801 4184297 4332966 4333070 4337749 4356377 4483090 Changes incorporated in this version: 4356377 Patches accumulated and obsoleted by this patch: 103246-04 103381-02 103507-02 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/openwin/bin/Xsun /usr/openwin/bin/xterm /usr/openwin/bin/xwd /usr/openwin/lib/X11/DPSF3Bitmaps.upr /usr/openwin/lib/X11/PostScript.VM /usr/openwin/lib/libX11.a /usr/openwin/lib/libX11.so.4 /usr/openwin/lib/libdga.so.1 /usr/openwin/lib/libp/libX11.a /usr/openwin/lib/libpsres.a /usr/openwin/server/lib/libfont.so.1 /usr/openwin/server/lib/libmhc.so.1 /usr/openwin/server/lib/libmi.so.1 /usr/openwin/server/lib/libmpg.so.1 /usr/openwin/server/lib/libserverdps.so.1 /usr/openwin/server/modules/ddxSUNWcg6.so.1 /usr/openwin/server/modules/ddxSUNWdials.so.1 /usr/openwin/server/modules/ddxSUNWdialsCompat.so.1 /usr/openwin/server/modules/ddxSUNWkbd.so.1 /usr/openwin/bin/xlock Problem Description: 4356377 keyboard ddx does not check bounds correctly 4483090 xlock buffer overflow (from 103210-30) 4337749 the patch 103210-26 truncate ilogview label in 5.5 (from 103210-29) 4332966 security: Xsun has a buffer overflow 4333070 X setuid/setgid binary permissions need to be changed (from 103210-28) 4149801 libfont has a possible buffer overflow issue Incorporated from previous version: 4102279 Xsun crashes after fix of bug 4058716 has been integrated 4184297 CDE not sending the correct signals when CDE is killed (XTERM) 4120484 Problems in filling with stippled in XFillPolygon 4066985 Unable to display monochrome EPS file correctly in dpsexec when expand double 1197532 xterm pty may disagree with actual window size 4083323 Patch 103566-23 doesn't include RPATH in xterm 4048352 xterm y2000 - incorrect timestamp in Tek COPY 1266793 Solaris 2.x libX11 security vulnerability 4038922 Unable to display monochrome EPS file correctly in dpsexec 4042030 Ansys53 won't run under Solaris 2.5 if patch 103210-08 or above installed 4058716 WinTach demo crashes Xsun 4039053 application crashes with BadDrawable error on FFB under CDE1.2 4043113 User defined cursor's image does not properly refresh large cursor. 4019277 Pro/E crashes X server with ZX graphics 4036289 xlock has a security problem. 1236764 Xsun dumps core in FreeCell 4017413 Double buffer program does not refresh correctly on Solaris 2.5. 4026015 Xsun crashes with geode 3.0 on Solaris 2.5 with GX. 4010744 Xpr doesn't work properly with multivisual 4012465 Stippled fillpolygon doesn't render when the window is resized. 1261277 Xsun will crash if you are using sundial and Sunbutton 4006666 recursive mutex locks in quark routines can cause hang 1261221 Proprietary fonts don't render correctly in Solaris2.5 1256655 pfa fonts min/max bounds different between 2.4 and S2.5 1232440 S24 crashes if you run netscape 2.0beta3 and resize netscape 1239872 Cannot use iso8859-9 Type 1 and pcf bitmap fonts together 1229238 DPS fonts occasionally render incorrectly 1245095 Main window not redrawn correctly after unmapping 1248661 DGA overlay windows leak file descriptors 1239081 Program dies in dga init on FFB with overlay 1260016 Keyboard is in strange state when the X server crashes. 1251860 On TGX+ motifanim can't draw correctly. 1254709 XPutImage to a GC tile pixmap does not work correctly on GX+/TGX+. 1251340 starting and leaving xgl applications crashes the X server on ZX 1249475 Xserver sometimes hung up when run with 24 depth and TrueColor 1249057 Xsun banner incorrectly shows FCS 1243445 XPutImage from a bitmap image to a pixmap is wrong in a GX+. 1236588 XDrawString() doesn't draw correctly with TGX if window is clipped 1232904 X events lost with transparent (input only) window on main window 1230511 Stripes appear running xlib app that uses 2x2 tile on GX+ and TGX+ 1232824 Xsun dumps core on GX+ when dxlib is enabled in running x11perf. 1235117 Application "Builder Xcessory" works on 2.4 but crashes on 2.5 Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- The dt.session files in every user's : + $HOME/.dt/sessions/current + $HOME/.dt/sessions/home directories must be re-generated after applying this patch. Otherwise, the fix for bug 1197532 is not complete due to previous, erroneous information placed in the dt.session files. NOTE: Patch 103210 fixes bug 1245095 for all current MPG devices except ffb. The ffb patch for the fix is 103506. For ffb, install this patch AND 103506. README -- Last modified date: Thursday, November 1, 2001