Patch-ID# 107200-16 Keywords: security attachment filename buffer overflow dtmail truncates Synopsis: CDE 1.3: dtmail patch Date: Mar/11/2003 Install Requirements: None Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: CDE Unbundled Release: 1.3 Xref: This patch available for x86 as 107201 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4134913 4162284 4166321 4180102 4190570 4191180 4201459 4202400 4205876 4213057 4213221 4234109 4268889 4302015 4398137 4712584 Changes incorporated in this version: 4712584 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 107887-08 or greater 108374-01 or greater Obsoleted by: Files included with this patch: /usr/dt/share/man/man1/dtmail.1 /usr/dt/bin/dtmailpr /usr/dt/lib/libSDtMail.so.2 /usr/dt/bin/dtmail Problem Description: 4712584 dtmail truncates certain attachments when saving them (from 107200-15) 4166321 cde/dtmail has potential buffer overflow problems - General (from 107200-14) 4398137 REGRESSION?: dtmail not recognizing attachment filename= specified in content-di (rework) (from 107200-13) 4398137 REGRESSION?: dtmail not recognizing attachment filename= specified in content-di (from 107200-12) 4302015 applying dtmail patch 107200-11 causes send/reply to crash dtmail (from 107200-11) 4166321 cde/dtmail has potential buffer overflow problems - General (from 107200-10) 4205876 Dtmail remote IMAP Folder access problem 4268889 dtmail IMAP client cannot access non-mailfile style subfolder hierarchies/files (from 107200-09) 4213057 Add Tooltip functionality (from 107200-08) 4234109 dtmail is incorrectly setting the sender and receiver addresses (from 107200-07) 4162284 dtmail SEGV when opening Options dialog in ja_JP.UTF-8 locale (from 107200-06) 4213221 dtmail 1.2 can't read NFS mounted mailbox from 2.5.1 (from 107200-05) 4134913 dtmail sends messages without mime subtypes (from 107200-04) 4180102 dtmail does not see messages for a period of time (from 107200-03) 4191180 deleting messages creates bogus new IMAP sessions (from 107200-02) 4201459 dtmail attachments don't open, edit, & browse when received from netscape mail 4202400 dtmail copies symlinks when enabling vacation (from 107200-01) 4190570 use mime content-type to find attachment datatype Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7 release, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. Special Notes: -------------- See the README for patch 108374 for instructions on enabling Tooltips. This patch changes the behavior of dtmail only where mailboxes are implemented as local or NFS files. It does not affect dtmail when an IMAP server is used by default. Specifically, if none of sentmailhostname, smtpmailserver and imapinboxserver are specified in the .mailrc file then unqualified mail IDs (those without the "@hostname" part) remain unqualified when the mail is sent. Before, all unqualified mail IDs for recipients and the sender would be qualified (have the "@hostname" part appended) with the sender's host name or the host name of the NFS server where the /var/mail directory resided. This restores the behavior of dtmail when IMAP was not being used to that which it had in Solaris 2.5.1 and before. This change should not affect any users as the default situation is that the Mail Transfer Agent (MTA, the program sendmail) on the sender's host is configured to qualify unqualified mail IDs correctly. If the sendmail configuration has been changed in a manner so that this does not happen then the SMTP server name (the host where the instance of sendmail being used is running) should be configured in dtmail. This can be done by either editing the .mailrc file and setting the variable smtpmailserver or by setting the "Outgoing mail (SMTP) server" field in the Advanced option dialog in CDE 1.3 or the "Host to send mail from" field in CDE 1.2. It is recommended that the SMTP server name be configured in all cases. If a specific name is required for mail ID qualification then the .mailrc variable sentmailhostname can be set. If no qualification is required then sentmailhostname can be set to null (''). The following comments apply to bug 4268889 (dtmail/Cyrus IMAP server interoperability): Even with this patch, moving/copying more than one mail message at a time to a Cyrus mailbox does not work properly if the target mailbox is open. All messages are moved/copied successfully, but dtmail is typically only informed of the first one or two messages with an IMAP untagged EXISTS response. We believe this to be due to a bug in the Cyrus IMAP server, and bug report has been sent to cyrus-bugs@andrew.cmu.edu. README -- Last modified date: Tuesday, March 11, 2003