Patch-ID# 108949-09


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security lsarc cases bad positioning help menus buffer overflow
Synopsis: CDE 1.4: libDtHelp/libDtSvc patch
Date: Apr/06/2005


Install Requirements: NA

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: CDE

Unbundled Release: 1.4

Xref: This patch is available for x86 as 108950

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
119172514889692
429841615009122
430766015012999
434528215028722
438993515044864
440256715048964
447998015071706
452736315087279
478644815135752
491786015175804
493011715179076
509267815224647


Changes incorporated in this version: 4479980 4786448 4917860 5092678

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/dt/lib/libDtSvc.so.1
/usr/dt/lib/sparcv9/libDtHelp.so.1
/usr/dt/lib/sparcv9/libDtSvc.so.1
/usr/dt/lib/libDtHelp.so.1

Problem Description:

4479980 libDtSvc should not follow symlinks to error files
4786448 /usr/dt/bin/dtaction segfaults
4917860 DtSvc:potential buffer overflow hole
5092678 libDtSvc contains a buffer overflow when dealing with DTDATABASESEARCHPATH
 
(from 108949-08)
4930117 Large DTHELPUSERSEARCHPATH can cause CDE programs to seg fault.
 
(from 108949-07)
4527363 Buffer Overflow in CDE Subprocess Control Service (dtspcd)
 
(from 108949-06)
4402567 Bad positioning of headings in help menus
 
(from 108949-05)
4389935 Feature For LSARC Cases : 2000/105, 2000/106, 2000,107 and 2000/108
 
(from 108949-04)
1191725 (CMVC#5306) "Args" should quote each arg, like /bin/sh "$@"
 
(from 108949-03)
4345282 Buffer overflow in dtprintinfo 'Help' in 81
 
(from 108949-02)
4307660 dthelpview does not display all characters
 
(from 108949-01)
4298416 Zephyr looptool "Help" button doesn't work on Sol8 -- Core dump


Patch Installation Instructions:
-------------------------------- 
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Solaris.  Any other special or non-generic
installation instructions should be described below as special
instructions.  The following example installs a patch to a standalone
machine:
 
	example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
	example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
----------------------------- 
 
None.
 
Special Notes:
--------------
 
NOTE 1:
The bugfix for 1191725 introduces support for a new argument reference keyword
Args_all in the CDE dtactionfile(4) syntax. This keyword behaves exactly like
Args, except if surrounded by quotes when each argument is quoted separately.
 
The following action definition shows how "Args_all" can be used to
individually quote each argument in an action:
 
ACTION Compose
{
	LABEL           Compose
	ARG_TYPE        *
	ARG_COUNT       *
	TYPE            COMMAND
	WINDOW_TYPE     NO_STDIO
	EXEC_STRING     dtmail -a "Args_all"
}


README -- Last modified date: Friday, November 9, 2012