Patch-ID# 112874-34 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security buffer overflow umem lgroup crypt plugin password hashing Synopsis: SunOS 5.9: libc patch Date: Apr/06/2006 Install Requirements: Reboot immediately after patch is installed Install in Single User Mode Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114432 Topic: SunOS 5.9: libc patch Relevant Architectures: sparc BugId's fixed with this patch: 1258570 4152876 4165723 4192824 4221365 4223846 4248430 4254013 4271957 4318178 4353836 4390053 4444569 4489885 4503048 4510326 4518988 4530367 4533712 4635556 4656492 4661997 4669963 4683320 4686454 4694626 4700602 4704190 4705942 4709984 4715561 4749274 4751182 4756113 4756148 4756192 4764855 4767215 4770160 4772200 4772960 4782294 4795713 4797219 4810810 4812362 4818401 4828746 4831309 4839080 4844583 4845974 4863473 4871054 4877492 4878257 4881606 4888508 4894760 4904877 4915053 4932869 4950403 4961173 4980686 4981484 5043013 5044097 5059751 5061718 5061770 5081268 6176463 6182350 6270398 6348147 Changes incorporated in this version: 4751182 4932869 Patches accumulated and obsoleted by this patch: 113165-01 113475-03 115480-01 Patches which conflict with this patch: Patches required with this patch: 112233-11 (or greater) Obsoleted by: Files included with this patch: /etc/name_to_sysnum /etc/security/crypt.conf /etc/security/policy.conf /usr/include/ucontext.h /usr/lib/abi/abi_libc.so.1 /usr/lib/abi/sparcv9/abi_libc.so.1 /usr/lib/libc.a /usr/lib/libc.so /usr/lib/libc.so.1 /usr/lib/libp/libc.a /usr/lib/libp/sparcv9/libc.so.1 /usr/lib/llib-lc /usr/lib/llib-lc.ln /usr/lib/pics/libc_pic.a /usr/lib/pics/sparcv9/libc_pic.a /usr/lib/security/crypt_bsdbf.so.1 /usr/lib/security/crypt_bsdmd5.so.1 /usr/lib/security/crypt_sunmd5.so.1 /usr/lib/security/sparcv9/crypt_bsdbf.so.1 /usr/lib/security/sparcv9/crypt_bsdmd5.so.1 /usr/lib/security/sparcv9/crypt_sunmd5.so.1 /usr/lib/sparcv9/libc.so.1 /usr/lib/sparcv9/llib-lc.ln Problem Description: 4751182 strtod() with inf or infinity input sets endptr incorrectly 4932869 _nsw_getoneconfig[_v1]() need to check each return from strdup() isn't NULL (from 112874-33) 6348147 POSIX timezones 2007 transition dates - U.S. Energy Policy Act of 2005 (from 112874-32) 6270398 _nss_XbyY_fgets() does not set errno correctly when the group entry has >= 2047 characters (from 112874-31) 6176463 Sol_8 : Core dump in printf() functions after patch 108993-35 and ker. patch 6182350 printf() behavior is changed after fixing 4981484 (from 112874-30) 5081268 getcwd returns null for lofs dir whose parent dir is another lofs mount point (from 112874-29) 5044097 Netra Performance localtime() degradation with patches 5061718 localtime() may fail to reset daylight variable if multiple timezones 5061770 localtime() transitions off with non-standard POSIX timezones rules (from 112874-28) 4980686 C++ inline functions not properly handled in Solaris archive libraries (from 112874-27) 5059751 need patch 112874 to accumulate patch 113475 to prevent core dump (from 112874-26) 5043013 getlogin_r returns bad data in MT context (from 112874-25) 4915053 nss_setent() always fails for setpwent() (from 112874-24) 4981484 vsprintf does not perform as well as sprintf (from 112874-23) 4756148 crypt(3c) processing of policy.conf doesn't follow case conventions 4818401 K2 uncovers sunmd5 bug 4877492 crypt() is unpredictable with unknown encryption algorithms 4878257 sunmd5:crypt_gensalt_impl() issues with undocumented rounds= param 4881606 crypt(3c) abuses the heap in many ways 4894760 Can't use crypt() after using strdtod() in same thread 4950403 crypt_alg_magic symbol not required 4961173 crypt modules are not actually lint-clean (from 112874-22) 4844583 _wdbindf may cause deadlock (from 112874-21) 4686454 getrusage is much slower on solaris than competitive boxes (from 112874-20) 4489885 qsort performance is not competitive 4656492 mktime() is inefficient, 6X slower than Linux 7.0 4795713 strftime is slow on Solaris when compared to Linux 4782294 localtime_r is slow on Solaris when compared to Linux 4828746 POSIX timezones broken if std. offset & alt offset difference not 1 hour 4165723 localtime() is extremely inefficient, 15X slower than on NT4.0 4831309 POSIX 'pst8pdt' Timezone Pulls April Fool's Stunt Every 400 years 4223846 localtime() problem on non-leap centuries 4839080 Improperly specified TZ results in inconsistent behavior 4772200 fcntl(2) is slow on Solaris when compared to Linux 4764855 dup is slow on Solaris when compared to Linux 4812362 getenv is slower than it could be 4871054 regex APIs have segv/performance problems (from 112874-19) 4810810 getcontext(2) could be faster 4888508 fix for bug 4705942 is incomplete in S9 (breaks utmp_update) (from 112874-18) 4797219 pstack is amazingly inefficient for MT targets 4756192 pstack goes into loop, different location than bugid 4524527 4271957 ucontext_t.uc_link points to garbage 4904877 strcmp doesn't work for non-ascii characters on s9u5_05 (from 112874-17) This revision accumulates s9u5 feature point patch 115480-01. (from 112874-16) 4353836 if more than 255 file descriptors are already open then gethostbyname fails 4152876 getspnam_r() fails due to use of fopen() in libnsl.so in applications under load (from 112874-15) 4705942 invoke_utmp_update(): buffer-overflow bug and pad field written to utmpx wrong (from 112874-14) 4530367 After retry timeout - nss_search() no longer retries lookups 4749274 MT-Safe functions such as syslog(3C) and wordexp(3C) cannot use fork() (from 112874-13) 4254013 need a better mechanism to detect multi-threaded user stack overflow 4533712 makecontext breaks in 64-bit mode 4518988 We should ship libumem 4709984 findleaks warns about partial read failure 4694626 putenv calls realloc with locks held (from 112874-12) 4767215 Incorrect output with kP format, losing significant digits (from 112874-11) 4221365 readdir_r() is not POSIX compliant (from 112874-10) 4772960 Several patches have pkginfo and patchinfo files that fail consistency checking (from 112874-09) 4770160 compile fails with unknown file type message (from 112874-08) 4669963 Strong security checks in catgets(3C) break setuid application (from 112874-07) 4510326 strfmon may cause a stack buffer overflow 4756113 libc version number is incorrect in s9u2 (from 112874-06) 4390053 crypt(3c) needs to interoperate with *BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user password 4192824 newkey/chkey should use a configurable crypt() to encrypt the users password 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 (from 112874-05) 1258570 qsort performs poorly with multiple identical keys 4635556 *atexit* atexit() does not scale. Can cause very slow startup of C++ programs (from 112874-04) 4683320 S9 gettext(3c) does not recognize mo files built on 2.6 as a valid message 4704190 Remove clientusr/clientroot from SUNW_PATCH_PROPERTIES for 112837 & 112874-02 (from 112874-03) 4503048 getutxent_frec sends init looping (from 112874-02) 4318178 wordexp puts automatic string into environment 4444569 Purify reports memory leaks in wordexp(3C) (from 112874-01) 4661997 buffer overflow in dbm_open (from 115480-01) 4845974 lgroup APIs needed for observability and performance optimization 4863473 lgrp_home() should be able to take process or thread ID (from 113475-03) 4756148 crypt(3c) processing of policy.conf doesn't follow case conventions 4818401 K2 uncovers sunmd5 bug 4877492 crypt() is unpredictable with unknown encryption algorithms 4878257 sunmd5:crypt_gensalt_impl() issues with undocumented rounds= param 4881606 crypt(3c) abuses the heap in many ways 4894760 Can't use crypt() after using strdtod() in same thread 4950403 crypt_alg_magic symbol not required 4961173 crypt modules are not actually lint-clean (from 113475-02) 4715561 crypt_sunmd5 could have a better coin toss algorithm (from 113475-01) This revision accumulates s9u2 feature point patch 113165-01. (from 113165-01) 4390053 crypt(3c) needs to interoperate with *BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user password 4192824 newkey/chkey should use a configurable crypt() to encrypt the users password 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Perform patch installation in single user mode. Reboot the system immediately after patch installation. NOTE 1: To get the complete fix for bugid 4503048 (getutxent_frec sends init looping), please also install the following patch: 113032-01 (or greater) /usr/sbin/init patch NOTE 2: To get the complete Flexible Crypt feature, please also install the following patches: 113476-01 (or greater) passwdutil.so.1 113480-01 (or greater) pam_unix Patch 113481-01 (or greater) nispasswdd 113482-01 (or greater) sbin/sulogin 113483-01 (or greater) rpc.ypasswdd NOTE 3: To get the complete "umem: A Userland Slab Allocator" feature, please also install the following patches: 114370-01 (or greater) libumem.so.1 114371-01 (or greater) libumem; mdb components patch 114372-01 (or greater) llib-lumem patch 114373-01 (or greater) abi_libumem.so.1 patch NOTE 4: To get the complete Stack Update feature, please also install the following patches: 112839-03 (or greater) libthread.so.1 patch 113471-02 (or greater) truss patch 113275-02 (or greater) procfs patch NOTE 5: To get the complete fix for the bugid 4353836 (if more than 255 file descriptors are already open then gethostbyname fails), please also install the following patches: 113319-12 (or greater) libnsl patch 112970-05 (or greater) libresolv patch 115545-01 (or greater) nss_files patch 115542-01 (or greater) nss_user patch 115544-01 (or greater) nss_compat patch NOTE 6: To get the complete Lgroup APIs feature, please also install the following patches: 115675-01 (or greater) liblgrp patch 113471-03 (or greater) truss patch NOTE 7: To get the complete fix for the bug 4797219 (pstack is amazingly inefficient for MT targets), please also install the following patch: 113493-02 (or greater) libproc patch NOTE 8: To get the complete fix for Atlas support: bugs 4810810, 4865731, 4860183, 4860789, 4785321, 4785304, and 4808811 please also install the following patches (or greater): 116049-01 fdfs bug 4865731 116047-01 hsfs bug 4865731 114718-02 pcfs bug 4865731 113454-13 ufs bug 4865731 and 4860789 113334-03 udfs bug 4865731 113328-02 tmpfs bug 4865731 and 4860183 113318-09 nfs bug 4865731 112971-05 cachefs bug 4865731 112955-02 autofs bug 4865731 NOTE 9: To get the complete fix for bug 4686454 (getrusage is much slower on solaris than competitive boxes), please also install the following patch: 113471-05 (or greater) truss patch NOTE 10: To get the complete fix for bug 4915053 (nss_setent() always fails for setpwent()), please also install the following patch: 113319-18 (or greater) libnsl Patch NOTE 11: To get the complete fix for "U.S. Energy Policy Act of 2005" which will change daylight saving time transition dates of United States timezones, beginning in 2007, please also install the following patch: 113225-03 (or greater) Timezone commands and zoneinfo database update Patch Solaris supports two types of timezones: POSIX timezones and zoneinfo timezones. This patch incorporates the fix for "U.S. Energy Policy Act of 2005" for POSIX timezones, whereas Patch 113225-03 incorporates the fix for "U.S. Energy Policy Act of 2005" for zoneinfo timezones. In Solaris, the default transition dates for POSIX timezones (when the transition date is not specified) use U.S. rules. Note this patch does not include the fix for DST changes in 2006 for Australia. Those fixes are in aforementioned Patch 113225-03, where the zoneinfo timezones for Australia are fixed. README -- Last modified date: Thursday, April 6, 2006