Patch-ID# 100626-10
Keywords: security tooltalk patch
Synopsis: OpenWindows 3.0: Tooltalk patch
Date: Dec/24/99

Solaris Release: 1.0 1.0.1 1.1 1.1.1A 1.1.2
 
SunOS Release: 4.1.1 4.1.2 4.1.3 4.1.3_U1A 4.1.4

Unbundled Product: OpenWindows

Unbundled Release: 3.0

Topic: ToolTalk patch

BugId's fixed with this patch: 1085317 1074150 1074612 1066949 1071723 1070440 1068765 1071035 1072772 1081742 1077513 1082628 1084299 1093746 1095103 1094598 1129057 1140652 1138827 1146783 4164808 4260867 

Changes incorporated in this version: 4260867 

Relevant Architectures: sparc

Patches which conflict with this patch:

Obsoleted by:

Files included with this patch: 

	27975     3 ./sun4/bin/install_tt
	13106   240 ./sun4/bin/tt_type_comp
	23107    32 ./sun4/bin/ttcp
	52831   304 ./sun4/bin/ttdbck
	25928    32 ./sun4/bin/ttmv
	25451    32 ./sun4/bin/ttrm
	25451    32 ./sun4/bin/ttrmdir
	05784   192 ./sun4/bin/ttsession
	12291    72 ./sun4/bin/tttar
	43661   488 ./sun4/bin/rpc.ttdbserverd
	52544     1 ./sun4/man/man1/install_tt.1
	23011     3 ./sun4/man/man1/tt_type_comp.1
	48976     2 ./sun4/man/man1/ttcp.1
	20523     2 ./sun4/man/man1/ttmv.1
	26392     2 ./sun4/man/man1/ttrm.1
	37358     1 ./sun4/man/man1/ttrmdir.1
	60096     4 ./sun4/man/man1/ttsession.1
	64955     6 ./sun4/man/man1/tttar.1
	16719    11 ./sun4/man/man3/ttapi.3
	10119     2 ./sun4/man/man8/rpc.ttdbserverd.8
	63807     5 ./sun4/man/man8/ttdbck.8
	10119     2 ./sun4/man/man8/ttdbserverd.8
	12337     6 ./sun4/lib/locale/C/LC_MESSAGES/Sun_ToolTalk.mo
	49606   786 ./sun4/lib/libtt.a
	52793   544 ./sun4/lib/libtt.so.1.1
	28364    32 ./sun4/lib/libttstub.so.1.1
	35048    19 ./sun4/include/desktop/tt_c.h
	39212     2 ./sun4/include/desktop/ttdnd.h
	
Problem Description: See bugid list

4260867 tooltalk apps vulnerable to attack through TT_SESSION env. variab

4164808 rpc.ttdbserver has buffer overflow problems
1129057 patch 100626-04 core dumps
1085317 session-scoped patterns with no op fail
1074150 ttdbck doesn't open existing DB files and/or dumps core
1074612 crash in tt_message_send on file-scoped queued msg.
1066949 ttdbck -k <objid key> -x -F <file> <database> dumps core
1071723 Crash in tt_file_join("/usr/include/stdio.h") on victoria
1070440 core dump in tt_file_join during otype test
1068765 dbserver incorrectly resolves pathnames when exported symlinks are used
1071035 ToolTalk clients should not have to link with libX
1072772 File scope messages should not require X authority
1081742 auto-started clients that exit after handling cause problems
1077513 If a request is observed by its own sender, he won't be told when it fails.
1082628 Can't add ptype to classing engine DB when messages are start and queue
1084299 auto-starting caused by notices fails
1093746 File scoped messages do not work across multiple ttsessions.
1095103 TT_BOTH patterns never match any message
1094598 Attempting to open multiple session in ToolTalk returns TT_ERR_SESSION.
1138827 tt_open() attempts to do a host lookup on an invalid IP address.
1140652 TT_FILE-scoped request can fail if >2 sessions join the file.
1146783 ttsession leaks file descriptors using file scope and transient sessions.


Patch Installation Instructions:
--------------------------------
INSTALL: as root

        1 - Exit OpenWindows
        2 - su to root
        3 - cd to $OPENWINHOME/lib
        4 - get patch from current libtt.so.1.1 by typing
                nm libtt.so.1.1 | grep -i patch_id
        5 - if patch id exists
                mv libtt.so.1.1 libtt.so.1.1.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
            else
                mv libtt.so.1.1 libtt.so.1.1.fcs
        6 - cp <patch_dir>/sun4/lib/libtt.so.1.1 libtt.so.1.1
                where <patch_dir> is the directory containing the new patch.
	7 - repeat steps 5 and 6 for
		libtt.a
		libttstub.so.1.1
	8 - update the static library using ranlib
		ranlib -t libtt.a
	9 - cd to $OPENWINHOME/include/dsktop
	10 - if patch id exists
		mv tt_c.h tt_c.h.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
             else
                mv tt_c.h tt_c.h.fcs
        11 - cp <patch_dir>/sun4/include/desktop/tt_c.h tt_c.h
        12 - repeat steps 10 and 11 for ttdnd.h
	13 - cd to $OPENWINHOME/bin
	14 - if patch id exists
		mv  rpc.ttdbserverd rpc.ttdbserverd.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
             else
                mv rpc.ttdbserverd.fsc rpc.ttdbserverd
        15 - cp <patch_dir>/sun4/bin/rpc.ttdbserverd rpc.ttdbserverd
        16 - repeat steps 14 and 15 for
        	ttcp 
        	tt_type_comp 
        	ttdbck 
        	ttmv 
        	ttrm 
        	ttrmdir 
        	ttsession 
        	tttar 
        	install_tt 
	17 - cd to $OPENWINHOME/man/man1
	18 - if patch id exists
		mv ttcp.1 ttcp.1.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
             else
                mv ttcp.1 ttcp.1.fcs
        19 - cp <patch_dir>/sun4/man/man1/ttcp.1 ttcp.1
        20 - repeat steps 18 and 19 for
        	man1/tt_type_comp.1 
        	man1/ttmv.1 
        	man1/ttrm.1 
        	man1/ttrmdir.1 
        	man1/ttsession.1 
        	man1/tttar.1 
        	man1/install_tt.1
        21 - cd to $OPENWINHOME/man/man3
        22 - if patch id exists
		mv ttapi.3 ttapi.3.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
             else
                mv ttapi.3 ttapi.3.fcs
        23 - cp <patch_dir>/sun4/man/man3/ttapi.3 ttapi.3
        24 - cd to $OPENWINHOME/man/man8
	25 - if patch id exists
		mv ttdbserverd.8 ttdbserverd.8.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
             else
                mv ttdbserverd.8 ttdbserverd.8.fcs
        26 - cp <patch_dir>/sun4/man/man8/ttdbserverd.8 ttdbserverd.8
        27 - repeat steps 25 and 26 for
        	man8/rpc.ttdbserverd.8 
        	man8/ttdbck.8 
	28 - cd $OPENWINHOME/lib/locale/C/LC_MESSAGES/
	29 - if patch id exists
		mv Sun_ToolTalk.mo Sun_ToolTalk.mo.patch_id_123456_89
                where patch_id_123456_89 is recorded from step #4
             else
                mv Sun_ToolTalk.mo Sun_ToolTalk.mo.fcs
        30 - cp <patch_dir>/sun4/lib/locale/C/LC_MESSAGES/Sun_ToolTalk.mo Sun_ToolTalk.mo


Special Install Instructions: 
-----------------------------
None.
