Patch Name: PHSS_12103 Patch Description: s700_800 10.24 (VVOS) CDE Runtime Jul97 Patch Creation Date: 97/08/12 Post Date: 97/10/07 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: CDE.CDE-MIN CDE.CDE-RUN CDE.CDE-HELP-RUN CDE.CDE-PAM CDE.CDE-SHLIBS CDE.CDE-TT CDE.CDE-DTTERM Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHSS_12103 Symptoms: PHSS_12103: Repackaged HP-UX patch PHSS_11147 for VVOS in order to pick up the latest patches for CDE. Based on HP-UX patch PHSS_12449: 1) Non-C locales have problems integrating multiple dtwm.fp's (frontpanels) Based on HP-UX patch PHSS_11147: 1) CDE appmanager, "The folder specification .. does not exist" 2) CDE; dtksh; cannot trap SIGHUP, SIGINT signals when using XtMainLoop. 3) Dtgreet hangs trying to display to xterminal without CDE fonts. 4) CDE screen locker doesn't use DCE authentication to unlock the screen 5) dtsearchpath:10.20: intermittent core dumps 6) CDE:trusted system:screen lock:display hangs after 3 unsucc.tries2unlock 7) CDE:Trusted system:root can't unlock screen lock 8) cde:trusted system:screenlock: unlock by root seen as unsuccessful try 9) Possibility of disabling user accounts on trusted system by screen lock 10) dtmail die when a mail message with an attachment is dropped to dtpad 11) dtmail receipt of certain elm messages can corrupt mailbox 12) CDE Helpviewer hangs on help volumeter patch Based on HP-UX patch PHSS_10995: 1) With large $PATH configurations, dtsearchpath may hang and/or dump core. Based on HP-UX patch PHSS_10876: 1) Dtgreet hangs trying to display to xterminal without CDE fonts. 2) cde:trusted system:screenlock: unlock by root seen as unsuccessful try 3) CDE:Trusted system:root can't unlock screen lock 4) Possibility of disableing user accounts on trusted system by screen lock 5) CDE screen locker doesn't use DCE authentication to unlock the screen 6) CDE builtin screen lock may fail to display the password prompt. Based on HP-UX patch PHSS_10875: 1) CDE builtin screen lock may fail to display the password prompt Based on HP-UX patch PHSS_9803: 1) Duplicate symbol names in libDtSvc cause conflicts. 2) CDE Screen Lock problem with PAM enabled. 3) The Abbrev shows up in an xref. 4) dthelp parser checkdefault routine has logic flaws. 5) dthelptag errors in sdl file when no source errors exist. 6) doesn't allow splitting across line ending in indented text. 7) dthelptag puts empty in index list. 8) link for xref in ex put in incorrect location.. 9) Index does not redisplay topic after choosing a second different topic. 10) dthelpview can't view a help volume index when one is empty. 11) dthelpview -man doesn't manage the text widget correctly if resiz. ViewW. 12) Dthelpprint uses obsolete option. 13) When -subTopics used, dthelpprint does not print the sub topics. 14) Audit trail in CDE on trusted systems doesn't work correctly. 15) dtpad hangs with large cad binary file. 16) Account with large uid cannot perform drag and drop, actions. 17) dtfile hangs in ja_JP.SJIS locale when attempting to edit filenames. 18) CDE/dtmail cannot paste into the To, From, Subject, Bcc, Cc lines. Based on HP-UX patch PHSS_9627: 1) It is possible to bypass proper authentication 2) Screen lock with integrated login fails at 10.20 on second unlock 3) CDE Screen Lock problem with PAM Based on HP-UX patch PHSS_8667: 1) dthelpprint quits with memory fault in fr_FR.sio88591 locale. 2) dtwm aborts when using lrom under certain conditions 3) dtwm aborts when deleting action from subpanel that is also on front panel. 4) dtmail doesn't read MPower attachments correctly. Dragging multiple messages from one mailbox to another doesn't work. 5) dtmail will randomly abort when performing drag and drop. 6) Document saved w/ all mime encoding intact in dtmail if saved as text. 7) Dtmail locks the mail file - this can hang dtmail. 8) dtmail needs transition link: /usr/lib/sendmail -> /usr/sbin/sendmail. 9) ttsession -p can fail to print data returned from child. 10) ttsession hangs on pmap_getport() call. 11) libDtHelp uses the Default Visual and Default Root window to set up GC's and the visual information. Based on HP-UX patch PHSS_7726: 1) Resources appKeypadDefault & appCursorDefault have no affect on dtterm. 2) In EUC-2byte codesets, it takes 2 backpaces to erase 1 multi-byte character. 3) Missing or duplicate mnemonics in French & German locales. Based on HP-UX patch PHSS_7724: 1) Missing multiple group info in id(1) command. 2) xdmMode does not work for CDE. 3) Default 2-user license desn't count logins as it did in Vue. 4) CDE is vulnerable to denial of service attacks. Defect Description: PHSS_12103: Repackaged HP-UX patch PHSS_11147 for VVOS. Based on HP-UX patch PHSS_12449: 1) Non-C locales have problems integrating multiple dtwm.fp's (frontpanels) Based on HP-UX patch PHSS_11147: 1) CDE appmanager, "The folder specification .. does not exist" 2) CDE; dtksh; cannot trap SIGHUP, SIGINT signals when using XtMainLoop. 3) Dtgreet hangs trying to display to xterminal without CDE fonts. 4) CDE screen locker doesn't use DCE authentication to unlock the screen 5) dtsearchpath:10.20: intermittent core dumps 6) CDE:trusted system:screen lock:display hangs after 3 unsucc.tries2unlock 7) CDE:Trusted system:root can't unlock screen lock 8) cde:trusted system:screenlock: unlock by root seen as unsuccessful try 9) Possibility of disabling user accounts on trusted system by screen lock 10) dtmail die when a mail message with an attachment is dropped to dtpad 11) dtmail receipt of certain elm messages can corrupt mailbox 12) CDE Helpviewer hangs on help volume for C++. 13) dtfile doesn't handle well directories with suid bit set 14) dtstyle does not know how to correctly handle merged input devices 15) core dump as soon as help/contents asked to xsnapadmin, or start 16) HP CDE/VUE (newer version) adding 'newline' after !!emphasized!! text. 17) dthelpprint: Cannot print "Current and Subtopics." 18) CDE /usr/dt/config/Xsession.d/0030.dttmpdir causes error after patch Based on HP-UX patch PHSS_10995: 1) With large $PATH configurations, dtsearchpath may hang and/or dump core. Based on HP-UX patch PHSS_10876: 1) Dtgreet hangs trying to display to xterminal without CDE fonts. 2) cde:trusted system:screenlock: unlock by root seen as unsuccessful try 3) CDE:Trusted system:root can't unlock screen lock 4) Possibility of disableing user accounts on trusted system by screen lock 5) CDE screen locker doesn't use DCE authentication to unlock the screen 6) CDE builtin screen lock may fail to display the password prompt. Based on HP-UX patch PHSS_10875: 1) CDE builtin screen lock may fail to display the password prompt Based on HP-UX patch PHSS_9803: 1) Duplicate symbol names in libDtSvc cause conflicts. 2) CDE Screen Lock problem with PAM enabled. 3) The Abbrev shows up in an xref. 4) dthelp parser checkdefault routine has logic flaws. 5) dthelptag errors in sdl file when no source errors exist. 6) doesn't allow splitting across line ending in indented text. 7) dthelptag puts empty in index list. 8) link for xref in ex put in incorrect location.. 9) Index does not redisplay topic after choosing a second different topic. 10) dthelpview can't view a help volume index when one is empty. 11) dthelpview -man doesn't manage the text widget correctly if resiz. ViewW. 12) Dthelpprint uses obsolete option. 13) When -subTopics used, dthelpprint does not print the sub topics. 14) Audit trail in CDE on trusted systems doesn't work correctly. 15) dtpad hangs with large cad binary file. 16) Account with large uid cannot perform drag and drop, actions. 17) dtfile hangs in ja_JP.SJIS locale when attempting to edit filenames. 18) CDE/dtmail cannot paste into the To, From, Subject, Bcc, Cc lines. Based on HP-UX patch PHSS_9627: 1) It is possible to bypass proper authentication 2) Screen lock with integrated login fails at 10.20 on second unlock 3) CDE Screen Lock problem with PAM Based on HP-UX patch PHSS_8667: 1) dthelpprint quits with memory fault in fr_FR.sio88591 locale. 2) dtwm aborts when using lrom under certain conditions 3) dtwm aborts when deleting action from subpanel that is also on front panel. 4) dtmail doesn't read MPower attachments correctly. Dragging multiple messages from one mailbox to another doesn't work. 5) dtmail will randomly abort when performing drag and drop. 6) Document saved w/ all mime encoding intact in dtmail if saved as text. 7) Dtmail locks the mail file - this can hang dtmail. 8) dtmail needs transition link: /usr/lib/sendmail -> /usr/sbin/sendmail. 9) ttsession -p can fail to print data returned from child. 10) ttsession hangs on pmap_getport() call. 11) libDtHelp uses the Default Visual and Default Root window to set up GC's and the visual information. Based on HP-UX patch PHSS_7726: 1) Resources appKeypadDefault & appCursorDefault have no affect on dtterm. 2) In EUC-2byte codesets, it takes 2 backpaces to erase 1 multi-byte character. 3) Missing or duplicate mnemonics in French & German locales. Based on HP-UX patch PHSS_7724: 1) Missing multiple group info in id(1) command. 2) xdmMode does not work for CDE. 3) Default 2-user license desn't count logins as it did in Vue. 4) CDE is vulnerable to denial of service attacks. SR: 5003312785 1653169334 5003314740 4701327726 5003323287 5003307769 5003321679 5003321943 1653181099 5003334722 5003341420 5003342196 1653192187 5003342246 5003352997 5003354209 5003345124 1653161489 4701338103 4701343012 1653199927 1653205468 4701350314 5003349738 5003352930 5003354811 5003356279 5003356287 5003356295 5003356303 5003357632 5003358358 5003362095 5003364083 5003369694 5003345140 5003339812 5003352989 5003384859 Patch Files: /usr/dt/bin/Xsession /usr/dt/bin/dtaction /usr/dt/bin/dtappgather /usr/dt/bin/dtcalc /usr/dt/bin/dtfile /usr/dt/bin/dtfile_copy /usr/dt/bin/dtfplist /usr/dt/bin/dtgreet /usr/dt/bin/dthelp_ctag1 /usr/dt/bin/dthelp_htag1 /usr/dt/bin/dthelp_htag2 /usr/dt/bin/dthelpprint /usr/dt/bin/dthelptag /usr/dt/bin/dticon /usr/dt/bin/dtksh /usr/dt/bin/dtlogin /usr/dt/bin/dtmail /usr/dt/bin/dtpad /usr/dt/bin/dtsearchpath /usr/dt/bin/dtsession /usr/dt/bin/dtspcd /usr/dt/bin/dtstyle /usr/dt/bin/dtterm /usr/dt/bin/dtwm /usr/dt/bin/rpc.ttdbserver /usr/dt/bin/ttsession /usr/dt/config/Xsession.d/0030.dttmpdir /usr/dt/lib/libDtHelp.1 /usr/dt/lib/libDtSvc.1 /usr/dt/lib/libDtTerm.1 /usr/dt/lib/libDtWidget.1 /usr/dt/lib/nls/msg/de_DE.iso88591/dtterm.cat /usr/dt/lib/nls/msg/fr_FR.iso88591/dtterm.cat /usr/lib/security/libpam_unix.1 what(1) Output: /usr/dt/bin/Xsession: None /usr/dt/bin/dtaction: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Wed Feb 26 14:49:00 PST 1997) dtaction: $Revision: 1.1 $ /usr/dt/bin/dtappgather: Common Desktop Environment (build date: Thu Jul 11 23:39:44 PDT 1996) dtappgather: $Revision: 1.1 $ /usr/dt/bin/dtcalc: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Wed Feb 26 14:58:45 PST 1997) dtcalc: $Revision: 2.0 $ /usr/dt/bin/dtfile: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Wed May 21 14:16:48 PDT 1997) dtfile: $Revision: 2.1 $ /usr/dt/bin/dtfile_copy: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Wed Feb 26 15:09:30 PST 1997) dtfile_copy: $Revision: 1.2 $ /usr/dt/bin/dtfplist: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Point Patch Release (build date: Mon Sep 8 12:44:26 PDT 1997) dtfplist: $Revision: 1.1 $ /usr/dt/bin/dtgreet: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Wed May 21 14:32:51 PDT 1997) dtgreet: $Revision: 1.5 $ /usr/dt/bin/dthelp_ctag1: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Tue Feb 25 18:23:00 PST 1997) dthelp_ctag1: $Revision: 1.1 $ /usr/dt/bin/dthelp_htag1: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Tue Feb 25 18:02:10 PST 1997) dthelp_htag1: $Revision: 1.1 $ /usr/dt/bin/dthelp_htag2: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Tue Feb 25 18:44:28 PST 1997) dthelp_htag2: $Revision: 1.1 $ /usr/dt/bin/dthelpprint: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Fri May 23 10:17:56 PDT 1997) dthelpprint: $Revision: 1.3 $ /usr/dt/bin/dthelptag: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release dthelptag: $Revision: 1.24 $ /usr/dt/bin/dticon: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Wed Feb 26 15:26:49 PST 1997) dticon: $Revision: 1.7 $ /usr/dt/bin/dtksh: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Fri May 30 10:24:32 PDT 1997) Version 12/28/93 Version M-12/28/93 Version M-12/28/93d dtksh: $Revision: 1.3 $ basename (AT&T Bell Laboratories) 03/01/94 cat (AT&T Bell Laboratories) 05/09/95 chmod (AT&T Bell Laboratories) 05/09/95 cmp (AT&T Bell Laboratories) 07/17/94 cut (AT&T Bell Laboratories) 04/01/93 dirname (AT&T Bell Laboratories) 07/17/92 getconf (AT&T Bell Laboratories) 05/09/95 head (AT&T Bell Laboratories) 04/01/92 logname (AT&T Bell Laboratories) 04/01/92 mkdir (AT&T Bell Laboratories) 02/14/95 uname (AT&T Bell Laboratories) 05/09/95 wc (AT&T Bell Laboratories) 08/11/94 ast (AT&T Bell Laboratories) 07/17/95 hash (AT&T Bell Laboratories) 05/09/95 getconf (AT&T Bell Laboratories) 07/17/95 sfio (AT&T Bell Laboratories) 05/09/95 /usr/dt/bin/dtlogin: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Wed May 21 14:30:48 PDT 1997) dtlogin: $Revision: 1.16 $ /usr/dt/bin/dtmail: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Fri May 30 11:01:39 PDT 1997) dtmail: $Revision: 1.3 $ /usr/dt/bin/dtpad: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Wed Feb 26 15:34:36 PST 1997) dtpad: $Revision: 3.0 $ /usr/dt/bin/dtsearchpath: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Wed May 21 15:48:08 PDT 1997) dtsearchpath: $Revision: 1.1 $ /usr/dt/bin/dtsession: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Fri May 30 08:52:46 PDT 1997) dtsession: $Revision: 2.0 $ /usr/dt/bin/dtspcd: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Wed Feb 26 15:35:23 PST 1997) dtspcd: $Revision: 1.2 $ /usr/dt/bin/dtstyle: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Mon Jun 2 09:51:57 PDT 1997) dtstyle: $Revision: 1.4 $ /usr/dt/bin/dtterm: X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Thu Feb 27 14:40:05 PST 1997) dtterm: $Revision: 1.3 $ /usr/dt/bin/dtwm: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Point Patch Release (build date: Mon Sep 8 12:43:39 PDT 1997) dtwm: $Revision: 1.11 $ /usr/dt/bin/rpc.ttdbserver: X Window System, Version 11 R6+ HP-UX B.10.20.00 Nov 1996 Patch Release (build date: Sat Oct 5 14:04:21 PDT 1996) rpc.ttdbserver: $Revision: 1.1 $ /usr/dt/bin/ttsession: X Window System, Version 11 R6+ HP-UX B.10.20.00 Nov 1996 Patch Release (build date: Sat Oct 5 14:04:58 PDT 1996) ttsession: $Revision: 1.1 $ /usr/dt/config/Xsession.d/0030.dttmpdir: X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release 0030.dttmpdir $Revision: 1.11 $ /usr/dt/lib/libDtHelp.1: libDtHelp: $Revision: 2.12 $ X Window System, Version 11 R6+ HP-UX B.10.20.00 Jul y 1997 Patch Release (build date: Wed May 21 08:44:34 PDT 1997) /usr/dt/lib/libDtSvc.1: libDtSvc: $Revision: 1.5 $ X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Tue Feb 18 15:57:56 PST 1997) /usr/dt/lib/libDtTerm.1: DtTermPrimitiveWidget: $Revision: 1.195 $ libDtTerm: $Revision: 1.172 $ X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Thu Feb 27 14:38:07 PST 1997) /usr/dt/lib/libDtWidget.1: libDtWidget: $Revision: 1.4 $ X Window System, Version 11 R6+ HP-UX B.10.20.00 Mar 1997 Patch Release (build date: Mon Feb 24 09:52:20 PST 1997) /usr/dt/lib/nls/msg/de_DE.iso88591/dtterm.cat: None /usr/dt/lib/nls/msg/fr_FR.iso88591/dtterm.cat: None /usr/lib/security/libpam_unix.1: X Window System, Version 11 R6+ HP-UX B.10.20.970423 +O2 (build date: Wed Apr 23 15:48:42 PDT 1997) cksum(1) Output: 106749788 13586 /usr/dt/bin/Xsession 2580804683 45056 /usr/dt/bin/dtaction 2876845275 94208 /usr/dt/bin/dtappgather 1677225506 245760 /usr/dt/bin/dtcalc 3214793940 724992 /usr/dt/bin/dtfile 2062020036 77824 /usr/dt/bin/dtfile_copy 3038274570 65536 /usr/dt/bin/dtfplist 2806604027 86016 /usr/dt/bin/dtgreet 2727084749 352256 /usr/dt/bin/dthelp_ctag1 226056671 389120 /usr/dt/bin/dthelp_htag1 2032235937 286720 /usr/dt/bin/dthelp_htag2 946444124 57344 /usr/dt/bin/dthelpprint 3029111936 12335 /usr/dt/bin/dthelptag 2698400293 188416 /usr/dt/bin/dticon 1596220324 815104 /usr/dt/bin/dtksh 4074151054 180224 /usr/dt/bin/dtlogin 1726729363 987136 /usr/dt/bin/dtmail 3109205079 114688 /usr/dt/bin/dtpad 778226023 143360 /usr/dt/bin/dtsearchpath 2255562950 172032 /usr/dt/bin/dtsession 3849396247 163840 /usr/dt/bin/dtspcd 420375331 217088 /usr/dt/bin/dtstyle 3419072820 53248 /usr/dt/bin/dtterm 3787660281 569344 /usr/dt/bin/dtwm 2608938135 307200 /usr/dt/bin/rpc.ttdbserver 3590829941 253952 /usr/dt/bin/ttsession 475597394 3043 /usr/dt/config/Xsession.d/0030.dttmpdir 270256480 798720 /usr/dt/lib/libDtHelp.1 3496076813 593920 /usr/dt/lib/libDtSvc.1 3522418615 417792 /usr/dt/lib/libDtTerm.1 2374816964 352256 /usr/dt/lib/libDtWidget.1 1767106441 6309 /usr/dt/lib/nls/msg/de_DE.iso88591/ dtterm.cat 1929978030 6149 /usr/dt/lib/nls/msg/fr_FR.iso88591/ dtterm.cat 123989032 90298 /usr/lib/security/libpam_unix.1 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 8770 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_12103 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHSS_12103.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHSS_12103.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHSS_12103. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHSS_12103.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_12103.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Please note: The CDE environment must not be running when this patch is installed. If it is, you will receive warnings that text files are busy. SD will move these aside and place the new files in the appropriate location, but it is recomended that CDE first be shutdown prior to patch instalation.