Patch-ID# 106027-12 Keywords: security dtsession multi threaded vfork MT unsafe LANG buffer color Synopsis: CDE 1.2 / SDE 1.0: dtsession patch Date: Apr/10/2003 Install Requirements: None Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: CDE SDE Unbundled Release: 1.2 NOTE: SDE 1.0 Xref: This patch available for x86 as patch 106028 Topic: CDE 1.2 / SDE 1.0: dtsession patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 4101879 4101879 4104035 4104035 4115685 4115685 4175298 4175298 4197661 4197661 4283121 4283121 4284715 4284715 4299998 4299998 4316439 4316439 4349846 4349846 4448598 4448598 4743546 4743546 4788212 4788212 Changes incorporated in this version: 4788212 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 106125-08 or greater Obsoleted by: Files included with this patch: /usr/dt/share/man/man1/dtsession.1 /usr/dt/share/man/man1/dtsession.1 /usr/dt/bin/dtsession /usr/dt/bin/dtsession Problem Description: 4788212 /usr/dt/bin/dtsession $HOME env overflow (from 106027-11) 4743546 With 105634-08 (or newer), DIALOG_SYSTEM_MODAL can be cleared by screen (from 106027-10) 4448598 LANG buffer overflow in sessionmgr 4349846 CDE color management does not work well with HP motif library (from 106027-09) 4316439 dtsession is multi-threaded but calls vfork, which is MT-unsafe (from 106027-08) 4299998 Users with duplicate UID's sometimes need root password to unlock Incorporated from previous revisions: (from 106027-07) 4104035 dtsesion doesn't allow user passwds greater than 8 chars (refix) 4115685 CDE screen lock not working properly for nis+ users (refix) 4197661 X server or dtsession crashes when home session is set and SunPCi is running (refix) 4284715 dtsession still has problems with SIGCLD when PAM is used 4283121 message popping up over locked screen (from 106027-06) 4101879 User gets logged out without warning randomly (from 106027-05) BAD PATCH (from 106027-04) 4197661 X server or dtsession crashes when home session is set and SunPCi is running (from 106027-03) 4115685 CDE screen lock not working properly for nis+ users (from 106027-02) 4175298 unlock screen causes hang when Dtsession*keys specified (from 106027-01) 4104035 dtsession doesn't allow user passwds greater than 8 chars 4101879 User gets logged out without warning randomly Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- Note 1: For a complete fix for bug: 4283121 message popping up over locked screen Please install patch: 106661-06 (or newer) SDE 1.0: Solaris Desktop Extensions patch 105634-08 (or newer) CDE 1.2: dtwm patch Note 2: The patch 106027 will have to be reapplied if, 1. CDE 1.2 is installed on the system. This patch is installed. Then later SDE 1.0 is installed on the system. 2. CDE 1.2 and SDE 1.0 is installed on the system. This patch is installed. Then later SDE 1.0 is removed from the system. NOTE 3: In order to get full functionality of fix 4743546, install the following patch in addition to this patch: 105634-12 (or newer) CDE 1.2: dtwm patch new resource ============ A new resource, dtsession*cacheColors, is introduced in this patch. When this resource is set to True dtsession caches frequently used colors for sharing between applications, improving desktop performance. If this resource is set to False, bug 4349846 is fixed which allows remote machines running non-Solaris versions of Unix to remote display Motif applications on multiheaded Solaris machines. The resource is set to True by default. It can be set to False by adding the following line to the Dtsession resource file: dtsession*cacheColors: False Please see the dtsession(1X) man page for instructions on how to edit resources for dtsession. README -- Last modified date: Thursday, April 10, 2003