Patch-ID# 108950-08 Keywords: security lsarc cases bad positioning help menus buffer overflow Synopsis: CDE 1.4_x86: litDtHelp/libDtSvc patch Date: Feb/03/2004 Install Requirements: None Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: CDE Unbundled Release: 1.4_x86 Xref: This patch is available for SPARC as 108949 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 1191725 4298416 4307660 4345282 4389935 4402567 4527363 4930117 Changes incorporated in this version: 4930117 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/lib/libDtSvc.so.1 /usr/dt/lib/libDtHelp.so.1 Problem Description: 4930117 Large DTHELPUSERSEARCHPATH can cause CDE programs to seg fault. (from 108950-07) 4527363 Buffer Overflow in CDE Subprocess Control Service (dtspcd) (from 108950-06) 4402567 Bad positioning of headings in help menus (from 108950-05) 4389935 Feature For LSARC Cases : 2000/105, 2000/106, 2000,107 and 2000/108 (from 108950-04) 1191725 (CMVC#5306) "Args" should quote each arg, like /bin/sh "$@" (from 108950-03) 4345282 Buffer overflow in dtprintinfo 'Help' in 81 (from 108950-02) 4307660 dthelpview does not display all characters (from 108950-01) 4298416 Zephyr looptool "Help" button doesn't work on Sol8 -- Core dump Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. Special Notes: -------------- NOTE 1: The bugfix for 1191725 introduces support for a new argument reference keyword Args_all in the CDE dtactionfile(4) syntax. This keyword behaves exactly like Args, except if surrounded by quotes when each argument is quoted separately. The following action definition shows how "Args_all" can be used to individually quote each argument in an action: ACTION Compose { LABEL Compose ARG_TYPE * ARG_COUNT * TYPE COMMAND WINDOW_TYPE NO_STDIO EXEC_STRING dtmail -a "Args_all" } README -- Last modified date: Tuesday, February 3, 2004