Patch-ID# 103566-27 Keywords: security Xsun libX11 libdga libmhc libmi libmpg cg6 sundials DPS y2000 Synopsis: OpenWindows 3.5.1: Xsun patch Date: Feb/20/98 Solaris Release: 2.5.1 SunOS Release: 5.5.1 Unbundled Product: OpenWindows Unbundled Release: 3.5.1 Relevant Architectures: sparc BugId's fixed with this patch: 4019277 1236764 4017413 4026015 4010744 4012465 1248661 1232029 4006666 1261277 1260016 1251860 1254709 1251340 1245095 1243445 1249475 1197532 4036289 1256655 4043113 4039053 4038922 4042030 4058716 4016426 1266793 4048352 4062802 4084821 4077223 4060009 4067299 4076297 4099505 4066985 Changes incorporated in this version: 4067299 4076297 4099505 4066985 Patches accumulated and obsoleted by this patch: 103508-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/openwin/bin/xlock /usr/openwin/bin/xterm /usr/openwin/bin/xwd /usr/openwin/bin/Xsun /usr/openwin/lib/libX11.so.4 /usr/openwin/lib/libX11.a /usr/openwin/lib/libp/libX11.a /usr/openwin/lib/libdga.so.1 /usr/openwin/server/lib/libmhc.so.1 /usr/openwin/server/lib/libmi.so.1 /usr/openwin/server/lib/libmpg.so.1 /usr/openwin/server/lib/libserverdps.so.1 /usr/openwin/server/lib/libserverX11.so.1 /usr/openwin/server/modules/ddxSUNWcg6.so.1 /usr/openwin/server/modules/ddxSUNWdials.so.1 Problem Description: 4067299 Xsun security issue with /tmp/.X11-[pipe|unix]. 4076297 glXChooseVisual hangs if XInitThreads is called. 4099505 XCreateColormap hangs after calling XInitThreads. 4066985 Unable to display monochrome EPS file correctly in dpsexec when expand double. Incorporated from previous version: 4077223 Permissions on Xsun from patch 103566-xx differs from FCS. 4060009 DPS text coordinate origin move when when move TGX+ under 2.5.1. 1197532 xterm pty may disagree with actual window size. 4084821 xterm in 103566-23 was not built properly and does not execute. 4048352 xterm y2000 - Incorrect timestamp on Tek COPY. 1266793 Solaris 2.x libX11 security vulnerability. 4016426 Xsun dumps core is due to repeat calling XSetWindowColormap under leo. 4038922 Unable to display monochrome EPS file correctly in dpsexec. 4042030 Ansys53 won't run under Solaris 2.5 if patch 103210-08 or above installed. 4058716 WinTach demo crashes Xsun. 4039053 application crashes with BadDrawable error on FFB under CDE1.2. 4043113 User defined cursor's image does not properly refresh large cursor. 1256655 PFA fonts min & max bounds are different between Solaris 2.4 and 2.5. 4036289 xlock has a security problem. 4019277 Pro/E crashes X server with ZX graphics. 1236764 Xsun dumps core in FreeCell. 4017413 Double buffer program does not refresh correctly on Solaris 2.5.1. 4026015 Xsun crashes with geode 3.0 on Solaris 2.5.1 with GX. 4010744 Xpr doesn't work properly with multivisual. 4012465 Stippled fillpolygon doesn't render when the window is resized. 1248661 XGL resources not freed when raster is destroyed. 1232029 X server core dump on frame buffers without DGA support. 4006666 Recursive mutex lock in quark routine causes hang. 1261277 Xsun will crash if you are using sundial and Sunbutton. 1260016 Keyboard is in strange state when the X server crashes. 1251860 On TGX+ motifanim can't draw correctly. 1254709 XPutImage to a GC tile pixmap does not work correctly on GX+ or TGX+. 1251340 starting and leaving xgl applications crashes the X server on ZX. 1245095 Pro/CDRS main window not redrawn correctly. 1243445 XPutImage from a bitmap image to a pixmap is wrong in a GX+. 1249475 Xserver sometimes hung up when run with 24 depth and TrueColor. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- 1. Due to the security issue, previous directories /tmp/.X11-[pipe|unix] have been relocated to /var/X. All existing applications which are statically linked with the X11 library will have to be relinked with the new library. Or to workaround the problem by setting the DISPLAY environment variable to "hostname:0.0" or "localhost:0.0". If CDE is running prior to patch installation, user might fail to login to CDE. To workaround this problem, dtlogin has to be restarted or reboot the machine. 2. The dt.session files in every user's : + $HOME/.dt/sessions/current + $HOME/.dt/sessions/home directories must be re-generated after applying this patch. Otherwise, the fix for bug 1197532 is not complete due to previous, erroneous information placed in the dt.session files.