Patch-ID# 106028-12 Keywords: security dtsession multi threaded vfork MT unsafe color LANG buffer Synopsis: CDE 1.2_x86: dtsession patch Date: Apr/14/2003 Install Requirements: None Solaris Release: 2.6_x86 SunOS Release: 5.6_x86 Unbundled Product: CDE Unbundled Release: 1.2_x86 Xref: This patch available for sparc as patch 106027 Topic: CDE 1.2_x86: dtsession patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 4101879 4101879 4104035 4104035 4115685 4115685 4175298 4175298 4197661 4197661 4283121 4283121 4284715 4284715 4299998 4299998 4316439 4316439 4349846 4349846 4448598 4448598 4743546 4743546 4788212 4788212 Changes incorporated in this version: 4788212 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/share/man/man1/dtsession.1 /usr/dt/share/man/man1/dtsession.1 /usr/dt/bin/dtsession /usr/dt/bin/dtsession Problem Description: 4788212 /usr/dt/bin/dtsession $HOME env overflow (from 106028-11) 4743546 With 105634-08 (or newer), DIALOG_SYSTEM_MODAL can be cleared by screen (from 106028-10) 4349846 CDE color management does not work well with HP motif library 4448598 LANG buffer overflow in sessionmgr (from 106028-09) 4316439 dtsession is multi-threaded but calls vfork, which is MT-unsafe (from 106028-08) 4299998 Users with duplicate UIDs sometimes need root password to unlock (from 106028-07) This rev was skipped. (from 106028-06) This rev was skipped. (from 106028-05) 4284715 dtsession still has problems with SIGCLD when PAM is used 4283121 message popping up over locked screen (from 106028-04) 4197661 X server or dtsession crashes when home session is set and SunPCi is running (from 106028-03) 4115685 CDE screen lock not working properly for nis+ users (from 106028-02) 4175298 unlock screen causes hang when Dtsession*keys specified (from 106028-01) 4104035 dtsession doesn't allows user passwds greater than 8 chars 4101879 User gets logged out without warning randomly Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- Note: For a complete fix for bug: 4283121 message popping up over locked screen Please install patch: 105635-08 (or newer) CDE 1.2_x86: dtwm patch Special Notes: ------------- NOTE 1: In order to get full functionality of fix 4743546, install the following patch in addition to this patch: 105635-12 (or newer) CDE 1.2_x86: dtwm patch new resource ============ A new resource, dtsession*cacheColors, is introduced in this patch. When this resource is set to True dtsession caches frequently used colors for sharing between applications, improving desktop performance. If this resource is set to False, bug 4349846 is fixed which allows remote machines running non-Solaris versions of Unix to remote display Motif applications on multiheaded Solaris machines. The resource is set to True by default. It can be set to False by adding the following line to the Dtsession resource file: dtsession*cacheColors: False Please see the dtsession(1X) man page for instructions on how to edit resources for dtsession. README -- Last modified date: Monday, April 14, 2003