# CLUSTER_README NAME: Solaris 7 Recommended Patch Cluster DATE: Apr/07/06 ######################################################################## This patch cluster is intended to provide a selected set of patches for the designated Solaris release level. This is a bundled set of patches conveniently wrapped for one-step installation. Only install this cluster on the appropriate Solaris system. Carefully read all important notes and install instructions provided in this README file before installing the cluster. A cluster grouping does not necessarily imply that additional compatibility testing has occured since the individual patches were released. WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch cluster be performed in single-user mode (Run Level S). ######################################################################## CLUSTER DESCRIPTION ------------------- These Solaris Recommended patches are considered the most important and highly recommended patches that avoid the most critical system, user, or security related bugs which have been reported and fixed to date. In most cases a Solaris security patch will be included in the recommended patch set. It is possible, however, that a security patch may not be included in the recommended set if it is determined to be a more obscure application specific issue and not generally applicable. During initial installation of the Solaris product other patches or patch sets may be provided with the product and required with product installation. Refer to the Solaris product installation documentation to be sure that all the patches required at product installation are already installed. This patch cluster can then be used to update or augment the system with the recommended patches included. PATCHES INCLUDED: ----------------- 112590-01 SunOS 5.7: fgrep Patch 111113-02 SunOS 5.7: nawk Patch 108162-08 SunOS 5.7: jsh, rsh, ksh, rksh, sh Patch 106938-09 SunOS 5.7: libresolv, in.named, libadm, & nslookup patch 107443-24 SunOS 5.7: packaging utilities patch 107171-13 SunOS 5.7: Fixes for patchadd and patchrm 106960-01 SunOS 5.7: Manual Pages for patchadd.1m and patchrm.1m 107038-02 SunOS 5.7: apropos/catman/man/whatis patch 106793-07 SunOS 5.7: ufsdump and ufsrestore patch 106934-04 CDE 1.3: libDtSvc Patch 106725-03 OpenWindows 3.6.1: mailtool vacation security patch 107544-03 SunOS 5.7: /usr/lib/fs/ufs/fsck patch 107587-01 SunOS 5.7: /usr/lib/acct/lastlogin patch 107359-02 SunOS 5.7: Patch for SPARCompiler Binary Compatibility Libraries 107887-10 CDE 1.3: Actions Patch 106952-04 SunOS 5.7: /usr/bin/uux patch 107456-01 SunOS 5.7: /etc/nsswitch.dns patch 106978-12 SunOS 5.7: sysid patch 107259-04 SunOS 5.7: /usr/sbin/vold patch 107454-06 SunOS 5.7: /usr/bin/ftp patch 107684-11 SunOS 5.7: sendmail patch 107792-05 SunOS 5.7: /usr/bin/pax patch 107972-02 SunOS 5.7: /usr/sbin/static/rcp patch 108301-02 SunOS 5.7: /usr/sbin/in.tftpd patch 107337-04 OpenWindows 3.6.1: kcms_server and kcms_configure security fixes 108219-01 CDE 1.3: dtaction Patch 108221-02 CDE 1.3: dtspcd Patch 107885-09 CDE 1.3: dtprintinfo Patch 108482-02 SunOS 5.7: /usr/sbin/snoop patch 108662-01 SunOS 5.7: Patch for sadmind 108484-01 SunOS 5.7: aset patch 108721-05 SunOS 5.7: admintool patch 106950-24 SunOS 5.7: Linker Patch 108327-02 SunOS 5.7: /usr/bin/cu patch 109253-07 SunOS 5.7: /usr/bin/mail Patch 109404-01 SunOS 5.7: /usr/vmsys/bin/chkperm patch 108798-02 SunOS 5.7: /usr/bin/tip patch 108838-03 SunOS 5.7: allocate/mkdevmaps/mkdevalloc Patch 108376-46 OpenWindows 3.6.1: Xsun Patch 107650-08 OpenWindows 3.6.1 X11R6.4 Xprint Extension Patch 109949-01 SunOS 5.7: jserver buffer overflow 107794-01 SunOS 5.7: ASET patch 109744-02 SunOS 5.7: nfsd and lockd Patch 106327-23 SunOS 5.7: 32-Bit Shared library patch for C++ 106300-24 SunOS 5.7: 64-Bit Shared library patch for C++ 108551-03 SunOS 5.7: /usr/sbin/rpc.nispasswdd patch 108748-02 SunOS 5.7: /usr/lib/nfs/statd patch 108750-02 SunOS 5.7: /usr/lib/netsvc/yp/ypbind patch 108756-01 SunOS 5.7: /usr/lib/netsvc/yp/rpc.ypupdated patch 108762-01 SunOS 5.7: /usr/sbin/rpc.nisd_resolv patch 108764-01 SunOS 5.7: /usr/sbin/rpc.bootparamd patch 108758-01 SunOS 5.7: /usr/sbin/keyserv patch 109709-01 SunOS 5.7: /usr/sbin/arp patch 110281-02 SunOS 5.7: patch /usr/bin/find 110070-01 SunOS 5.7: security: libcurses:setupterm has buffer overflow 107180-31 CDE 1.3: dtlogin patch 110869-01 SunOS 5.7: useradd, usermod do not handle some expiration dates 107475-05 SunOS 5.7: /usr/sbin/in.telnetd Patch 106925-09 SunOS 5.7: glm Driver Patch 107148-11 SunOS 5.7: /kernel/fs/cachefs patch 110881-01 SunOS 5.7: semop() hangs due to receipt of a signal 107285-09 SunOS 5.7: passwd & pam Library Patch 111093-01 SunOS 5.7: /etc/security/bsmunconv patch 107654-10 OpenWindows 3.6.1: X11R6.4 LBX & XRX Extensions Patch 107460-14 SunOS 5.7: st driver patch 111242-01 SunOS 5.7: Patch to /usr/bin/finger 110646-06 SunOS 5.7: /usr/sbin/in.ftpd Patch 111666-01 SunOS 5.7: bzip patch 111600-01 SunOS 5.7: /usr/sbin/whodo Patch 111980-02 SunOS 5.7: ipcs Patch 108815-02 OpenWindows 3.6.1: Calendar Manager patch 111590-03 SunOS 5.7: rpc.yppasswdd Patch 109203-03 SunOS 5.7: edit & vi patch 111238-01 SunOS 5.7: Patch to /usr/sbin/in.fingerd 106924-11 SunOS 5.7: isp driver Patch 107841-03 SunOS 5.7: rpcsec patch 111350-02 SunOS 5.7: Patch for ttymon process modules 108451-07 SunOS 5.7: rpcmod patch 107469-09 SunOS 5.7: sf & socal drivers patch 108029-03 SunOS 5.7: S899 u3 prodreg fix for Java 1.1 and Java 1.2 VM 107441-03 SunOS 5.7: /usr/bin/mailx patch 112300-01 SunOS 5.7: usr/bin/login Patch 112106-01 SunOS 5.7: mkfs Patch 110072-01 SunOS 5.7: Sol7 11/99, can't mount udfs cdrom "not a udfs filesystem" 107716-27 SunOS 5.7: PGX32 Graphics Patch 112820-01 SunOS 5.7: in.talkd Patch 112899-01 SunOS 5.7: rwall Patch 107743-14 SunOS 5.7: Sun Quad FastEthernet 2.2 108117-06 OpenWindows 3.6.1: Font Server patch 113752-02 SunOS 5.7: utmp_update patch 108319-03 SunOS 5.7: /usr/bin/at patch 114151-01 SunOS 5.7: Japanese SunOS 4.x Binary Compatibility(BCP) patch 108800-03 SunOS 5.7: /usr/lib/fs/cachefs patch 114891-01 SunOS 5.7: /usr/sbin/wall patch 106949-03 SunOS 5.7: BCP (binary compatibility) patch 112604-03 SunOS 5.7: le patch 114944-01 SunOS 5.7: namefs patch 115565-01 SunOS 5.7: ed creates tempfiles in an insecure manner 107058-02 SunOS 5.7: Patch for assembler 107178-03 CDE 1.3: libDtHelp.so.1 patch 111646-01 SunOS 5.7: BCP libmle buffer overflow 112448-01 SunOS 5.7: pt_chmod Patch 112672-01 SunOS 5.7: vipw Patch 116456-01 SunOS 5.7: sadmind default security level 118313-01 SunOS 5.7: usr/sbin/ping Patch 118239-01 SunOS 5.7: usr/sbin/in.rwhod Patch 107834-04 SunOS 5.7: dkio.h & commands.h patch 107702-12 CDE 1.3: dtsession patch 107656-11 OpenWindows 3.6.1 libXt Patch 106541-42 SunOS 5.7: Kernel Update Patch 107451-08 SunOS 5.7: /usr/sbin/cron Patch 106942-29 SunOS 5.7: libnsl, rpc.nisd and nis_cachemgr Patch 108374-07 CDE 1.3: libDtWidget Patch 108760-02 SunOS 5.7: /usr/sbin/rpcbind patch 106980-26 SunOS 5.7: libthread patch 108343-04 CDE 1.3: sdtperfmeter patch 108263-10 SunOS 5.7: hme driver Patch 109409-04 SunOS 5.7: xntpd and ntpdate Patch 107403-03 SunOS 5.7: rlmod & telmod patch 107589-13 SunOS 5.7: se, zs, kbd and kbio.h Patch 108317-04 SunOS 5.7: idn driver patch 108381-02 SunOS 5.7: ptsl driver patch 108585-04 SunOS 5.7: llc2 driver patch 109372-02 SunOS 5.7: /kernel/strmod/ldterm patch 109797-03 SunOS 5.7: kernel/drv/stc Patch 107081-57 Motif 1.2.7 and 2.1.1: Runtime library patch for Solaris 7 111931-02 SunOS 5.7: /kernel/strmod/timod Patch 107022-11 CDE 1.3: Calendar Manager patch 107636-10 SunOS 5.7: X Input & Output Method patch 107893-21 OpenWindows 3.6.1: Tooltalk patch 107200-16 CDE 1.3: dtmail patch 119519-01 SunOS 5.7: telnet Patch 119423-01 SunOS 5.7: X.500 Directory fn_ctx_x500.so.1 Patch 118737-01 SunOS 5.7: usr/bin/newgrp Patch 107293-02 SunOS 5.7: libgss.so.1 and gsscred patch 118953-02 Openwindow 3.6.1: libtiff patch 107374-03 Openwindows 3.6.1: Xview Patch 108574-05 SunOS 5.7: /usr/bin/csh Patch 106944-04 SunOS 5.7: /kernel/fs/fifofs and /kernel/fs/sparcv9/fifofs patch 107115-20 SunOS 5.7: lp Patch 107477-06 SunOS 5.7: /usr/lib/nfs/mountd Patch 107709-27 SunOS 5.7: libssasnmp/libssagent/snmpdx/snmpXdmid/mibiisa Patches IMPORTANT NOTES AND WARNINGS: ----------------------------- SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option, the patch installation process will still require some amount of disk space for installation and administrative tasks in the /, /usr, /var, or /opt directories where patches are typically installed. The exact amount of space will depend on the machine's architecture, software packages already installed, and the difference in the patched objects size. To be safe, it is not recommended that a patch cluster be installed on a system with less than 10 MBytes of available space in each of these directories. Running out of disk space during installation may result in only partially loaded patches. Be sure a recent full system backup is available in case a problem occurs, and check to be sure adequate disk space is available before installing the patch cluster. SAVE AND BACKOUT OPTIONS: By default, the cluster installation procedure uses the patchadd command save feature to save the base objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the base objects and will terminate if not. Patches can only be individually backed out with the original object restored if the save option was used when installing this cluster. Please later refer to the patchrm command manual page for instructions and more information. It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option, however, means that you will not be able to backout individual patches if the need arises. SPECIAL INSTALL INSTRUCTIONS: As with any patch individually applied, there may be additional special installation instructions which are documented in the individual patch README file. It is recommended that each individual patch readme is reviewed before installing this cluster to determine if any additional installation steps are necessary for a patch. Otherwise it is possible that an individual patch may still not be completely installed in all respects after the cluster has been installed. DISKLESS CLIENT SYSTEMS: On server machines that service diskless clients, a patch is NOT applied to existing clients or to the client root template space. Therefore, all client machines of the server that will need this cluster will have to individually apply this cluster. Install this cluster on the client machines first, then the server. A PATCH MAY NOT BE APPLIED: Under certain circumstances listed below, a particular patch provided in this cluster may not be installed if: - The patch applies to a package that has not originally been installed - The same or newer revision of the patch has already been installed - The patch was obsoleted by another patch that has already been installed - The package database is corrupt or missing Use the 'showrev -p' command to compare the list of patches already installed on the system with the patch list and revision levels provided in this cluster. During installation, the install process will indicate if a patch was not applied and more detailed installation messages will be logged to the installation log file. The README file with each patch also provides documentation regarding install and backout messages. OLDER VERSIONS OF PATCHES ALREADY INSTALLED: Backout of older versions of patches provided in the cluster is not required in order for the newer version to be installed. However not backing out an older rev before installing a newer rev will cause showrev -p to continue to show the older rev along with the newer rev. And, if the older rev was previously installed with the save option, the older rev will continue to occupy disk space in /var/sadm/patch even though it has been obsoleted by the new rev. The patchrm command will only allow the most recently saved objects to be restored, thus there are no serious risks associated with leaving an older rev on the system. It just may, however, avoid confusion and be more economical to first backout an older patch revision before installing a newer revision. INSTALL INSTRUCTIONS: --------------------- First, be sure the patch cluster has been unzipped if the cluster was received as a .zip file, then proceed as follows: 1) Decide on which method you wish to install the cluster: Recommended Method Using Save Feature: By default, the cluster installation procedure uses the patchadd save feature to save the original objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the objects and will terminate if not. Using the default save feature is recommended. Method Using No Save Option: It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option means that you will not be able to backout individual patches if the need arises. 2) Run the install_cluster script cd ./install_cluster By default, a message warning the user to check for minimum disk space allowance (separate from the save feature) will appear and allow the user to abort if inadequate space exists. To suppress this interactive message the "-q" (quiet) option can be used when invoking install_cluster. The progress of the script will be displayed on your terminal. It should look something like: # ./install_cluster Patch cluster install script for Determining if sufficient save space exists... Sufficient save space exists, continuing... Installing patches located in Installing Installing . . . Installing For more installation messages refer to the installation logfile: /var/sadm/install_data/_log Use '/usr/bin/showrev -p' to verify installed patch-ids. Refer to individual patch README files for more patch detail. Rebooting the system is usually necessary after installation. # 3) Check the logfile if more detail is needed. If errors are encountered during the installation of this cluster, error messages will be displayed during installation. More details about the causes of failure can be found in the detail logfile: more /var/sadm/install_data/_log If this log file previously existed the latest cluster installation data will be concatenated to the file, so check the end of the file. 4) THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!