Patch-ID# 101558-12 Keywords: security y2000 libc international Synopsis: SunOS 4.1.3_U1: international libc patch Date: Dec/16/98 NOTE: ******************************************************************************** This is the "international/standard" version of libc and may be given to any customer. ******************************************************************************** PLEASE read the ENTIRE installation discussion before proceeding with the installation of this patch. The "standard" SunOS combinations of static, dynamic, and profiled libc's are contained in this patch. In addition, a complete replacement for /usr/lib/shlib.etc has also been included. ******************************************************************************** Solaris Release: 1.1.1A SunOS Release: 4.1.3_U1A Unbundled Product: Unbundled Release: BugId's fixed with this patch: 1197137 1198695 1182564 1041781 1044654 1067574 1151444 1152987 1152049 1033104 1039485 1049421 1054748 1061777 1070565 1074633 1077337 1109666 1074819 1041424 1118688 1038421 1046855 1136266 1141781 1139883 1182835 1190985 1219835 1226907 1043741 1264595 4018724 1220511 1070813 4045427 4073294 1169481 4136673 4116670 4186756 Changes incorporated in this version: 4045427 4073294 1169481 4136673 4116670 4186756 Patches accumulated and obsoleted by this patch: Relevant Architecture: sparc NOTE: sun4(all) Patches which may conflict with this patch: Obsoleted by: Files included with this patch: lib/libc.a lib/libc_p.a lib/libc.sa19 lib/libc.so19 5lib/libc.a 5lib/libc_p.a 5lib/libc.sa29 5lib/libc.so29 lib/shlib.etc/lorder-sparc lib/shlib.etc/objsort lib/shlib.etc/Makefile lib/shlib.etc/README lib/shlib.etc/awkfile lib/shlib.etc/libc_pic.a lib/shlib.etc/libcs5_pic.a lib/debug/malloc.o lib/debug/mallocmap.o lib/libbsdmalloc.a NOTE: lib/libc.sa19 gets installed as lib/libc.sa.1.9 lib/libc.so19 gets installed as lib/libc.so.1.9 5lib/libc.sa29 gets installed as 5lib/libc.sa.2.9 5lib/libc.so29 gets installed as 5lib/libc.so.2.9 Problem Description: (Rev 01 & 02) 1033104 When /etc/hosts.equiv file begins with -@netgroup, any machine gets equiv access 1039485 ypserv goes into infinite loop and hangs server and clients 1049421 localtime.c writes a null byte 1 byte beyond allocated space 1054748 ftp, ping dump core when connecting to a host with multiple DNS A records 1061777 tzset has a memory leak 1070565 c compiler stores wrong data for double 1074633 strcmp gets bad result when 0x80 char put in string. 1077337 xlock crashes when handling many return keypresses leaving system open 1109666 pclose() will hang if pipes break in unexpected order 1074819 strftime %y format doesn't work for years > 2000 1041424 initgroups fails under SysV - problem with getgroups 1118688 When a V 2 yp request fails it tries V 1 and never tries V 2 again 1038421, 1046855 the compiler is producing bad code WRT strcmp() 1136266 yp_all does not close tcp socket 1141781 printf(), scanf() and related functions %n format option fails in 4.1.x libc 1139883 yp_all call fails causes autoinstall to ask network (Rev 03) 1041781 Slow initgroups(3) when run for users with a uid of 0 1044654 change exportent() to handle line size of 4096 bytes 1067574 localdtconv always returns the default settings 1151444 strcoll fails to compare strings equal after longer comparison in non C locale 1152987 strcoll and strxfrm use LANG or LC_COLLATE without setlocale being called 1152049 strcoll fails when arg is prefix other arg using localizations built by colldef (Rev 04) 1182564 CG3270 would core dump with BUS error (Rev 05) 1198695 Patch 101558-04 does not install properly. (Rev 06) 1197137 NFS server crashed w/ "Panic: Bad Trap" when NFS client do a "find" over T1 link (Rev 07) 1190985 gethostbyname() can trash an existing open file descriptor. 1182835 portmapper silently fails with version mismatch by PC-NFS client 1219835 Syslog(3) can be abused to gain root access on 4.X systems. (Rev 08) 1226907 getgrent frees memory which was malloced elsewhere because pointer not cleared (Rev 09) 1264595 strncmp core dumps when used at the end of a page of memory 1043741 getpwent goes into infinite loop on malformed NIS passwd entry (Rev 10, Y2000 fixes) 4018724 strptime %y doesn't work for years > 1999. 1220511 mktime() doesn't care leap year 1074819 strftime %y format doesn't work for years > 1999 (Rev 11) 1070813 mblen() and mbtowc() return 1 when pointing to null char (Rev 12) 4136673 getservbyname() tries to free static variable 1169481 missing information in shlib.etc files 4073294 yp binding is lost when SIGHUP sent to inetd 4045427 getservbyname/getservent via NIS (YP) fails unexpectedly 4116670 /usr/kvm/ps will die with segmentation fault 4186756 strptime() : incorrect output with %j format Patch Installation instructions: ------------------------------- The libraries in this patch may be placed in any directory. But if you choose to place any libc.* in a location other than /usr/lib or /usr/5lib, you'll have to use the -L flag with each ld execution to "point" to the chosen directory that holds these substitutes. Since this is likely to be a somewhat awkward requirement, the patch and the following install sequence assume you wish to substitute your standard libraries with the patched versions. The installation of ANY of the library parts may be done while the system is running, EXCEPT for the SHARED libc's. It is SAFEST to substitute the shared libraries while SunOS is booted in single-user mode or from the SunOS Installation miniroot. Since using SunOS in single-user mode is easier than booting the miniroot off the SunOS Installation tapes, the install sequence below will reference single-user mode. There is one more consideration. The installation sequence below will overwrite ALL libc "variants" in /usr/lib and /usr/5lib. If you have added/substituted parts to libc.a or libc.s?.X.Y in /usr/lib and/or /usr/5lib, you will need to 1) preserve these copies, or 2) plan to resubstitute your material in with these patch versions. It is highly recommended that you "walkthru" the installation sequence below to become familiar with what is being done prior to actually doing it. You can vary and even skip some steps in these instructions if you're *confident* you understand what is going on. Bear in mind that /usr/lib/libc.so.X.Y dynamically binds the *entire* SunOS and any corruption to this particular library will render a system virtually useless. Installing the libc patch: (perform the following steps in this order) o save patch distribution under some directory, say '/tmp/X'. (if in tar format untar using tar xpf .tar) o cd /tmp/X o su o (ensure no users are actively using any libc's) o mv /usr/lib/libc.a /usr/lib/libc.a.FCS o mv /usr/lib/libc_p.a /usr/lib/libc_p.a.FCS (1) o mv /usr/5lib/libc.a /usr/5lib/libc.a.FCS (2) o mv /usr/5lib/libc_p.a /usr/5lib/libc_p.a.FCS (2) o mv /usr/lib/libbsdmalloc.a /usr/lib/libbsdmalloc.a.FCS (1) if you do not have this file on your system, then the "Debugging" part of the OS distribution tape has not been loaded. (2) if you do not have this file on your system, then the "SystemV" part of the OS distribution tape has not been loaded. You will rename your original shared libc's at a later point in the installation. o mv /usr/lib/shlib.etc /usr/lib/shlib.etc.FCS o mkdir /usr/lib/shlib.etc o chmod 2755 /usr/lib/shlib.etc These above 3 steps may be done if you wish to preserve completely your original /usr/lib/shlib.etc. If not, you may skip them. o mv /usr/lib/debug /usr/lib/debug.FCS o mkdir /usr/lib/debug o chmod 2755 /usr/lib/debug These above 3 steps may be done if you wish to preserve completely your original /usr/lib/debug. If not, you may skip them. o cp -p -R lib/* /usr/lib o cp -p -R 5lib/* /usr/5lib You are actually copying all the files in lib and 5lib directories to /usr/lib and /usr/5lib. If you followed all steps mentioned above you are still in /tmp/X. o "quiet" system (have users log off, announce system going down) o sync o halt o >b[oot] vmunix -s You're now booting SunOS in single-user mode. We will rename the shared libc's to make them "active" and this is best done, at minimum, under single-user. o cd /usr/lib o ls -l libc.s* You will get an output similar to the following: -rw-r--r-- 1 root 7996 Oct 13 19:02 /usr/lib/libc.sa.1.9 -rwxr-xr-x 1 root 516096 Oct 13 19:02 /usr/lib/libc.so.1.9 -rw-r--r-- 1 root 7996 Jan 11 08:49 /usr/lib/libc.sa19 -rwxr-xr-x 1 root 516096 Jan 11 08:24 /usr/lib/libc.so19 o sync o mv libc.so.1.9 libc.so.1.9.FCS this saves the original file o mv libc.so19 libc.so.1.9 this copies the patch to its new place o mv libc.sa.1.9 libc.sa.1.9.FCS this saves the original file o mv libc.sa19 libc.sa.1.9 this copies the patch to its new place o date Do this last step CAREFULLY. IF the 'date' command does *anything* else but show a proper date, then IMMEDIATELY do: o mv libc.so.1.9 libc.so19 o mv libc.so.1.9.FCS libc.so.1.9 o mv libc.sa.1.9 libc.sa19 o mv libc.sa.1.9.FCS libc.sa.1.9 If the date command is successful, continue here: o cd ../5lib o ls -l libc.s* You will get an output similar to the following: -rw-r--r-- 1 root 7996 Oct 13 19:02 /usr/5lib/libc.sa.2.9 -rw-r--r-- 1 root 524288 Oct 13 19:02 /usr/5lib/libc.so.2.9 -rw-r--r-- 1 root 7996 Jan 11 08:49 /usr/5lib/libc.sa29 -rw-r--r-- 1 root 524288 Jan 11 08:24 /usr/5lib/libc.so29 o mv libc.so.2.9 libc.so.2.9.FCS this saves the original file o mv libc.so29 libc.so.2.9 this copies the patch to its new place o mv libc.sa.2.9 libc.sa.2.9.FCS this saves the original file o mv libc.sa29 libc.sa.2.9 this copies the patch to its new place Do this last step CAREFULLY also. o ranlib -t /usr/lib/libc*a* o ranlib -t /usr/5lib/libc*a* o ranlib -t /usr/lib/libbsdmalloc.a o ^D The install is complete. The ^D above terminates single-user mode, and brings your system back up in multi-user mode.