Patch-ID# 113319-27 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security udp rpc crypt plugin hash nispasswdd segv nis ldap libnisdb Synopsis: SunOS 5.9: libnsl, nispasswdd patch Date: Jan/08/2007 Install Requirements: Reboot immediately after patch is installed Install in Single User Mode Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 113719 Topic: SunOS 5.9: libnsl, nispasswdd patch Relevant Architectures: sparc BugId's fixed with this patch: 1226166 4152876 4156580 4192824 4248430 4353836 4390053 4419428 4503714 4517003 4644308 4648085 4655472 4660084 4668699 4674036 4680691 4684558 4686960 4687778 4688447 4690775 4691127 4700602 4710928 4724357 4727726 4738852 4745909 4753610 4756113 4757387 4765506 4767276 4772960 4806914 4817833 4823553 4825334 4828271 4915053 4937207 4941669 4966526 4973536 4977978 4990222 4996337 4997108 5016629 5071759 5106725 5109439 6225117 6254605 6261290 6301766 6316946 Changes incorporated in this version: 4937207 Patches accumulated and obsoleted by this patch: 113481-03 115165-05 115492-01 Patches which conflict with this patch: Patches required with this patch: 112874-16 (or greater) Obsoleted by: Files included with this patch: /usr/include/rpcsvc/nis.x /usr/include/rpcsvc/nislib.h /usr/lib/abi/abi_libnsl.so.1 /usr/lib/abi/sparcv9/abi_libnsl.so.1 /usr/lib/libnisdb.a /usr/lib/libnisdb.so.2 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/llib-lnsl /usr/lib/llib-lnsl.ln /usr/lib/nis/nisping /usr/lib/sparcv9/libnsl.so.1 /usr/lib/sparcv9/llib-lnsl.ln /usr/sbin/nis_cachemgr /usr/sbin/rpc.nisd /usr/sbin/rpc.nispasswdd Problem Description: 4937207 libnsl core dumps in __inet_taddr2uaddr() (from 113319-26) 6316946 N2L: ypserv sporadically doesn't refresh NIS maps from LDAP after their TTL has expired (from 113319-25) 4660084 gethostbyaddr_r leaks if type is not AF_INET (from 113319-24) 6301766 deadlock in nis_cachemgr when addressing request to itself (from 113319-23) 4419428 libnsl caches stale YP password data 6225117 passwd -r nisplus -e username will corrupt the user's passwd 6254605 rpc.nisd cores due to broken memory management in ypproc_all_svc() 6261290 __nis_init_hash_table() should log errors to syslog in case pthread_xxx_init() fails (from 113319-22) 4503714 rpc.nisd memory leaks and SEGVs 4686960 NIS+ replica/domain hangs if master is gone and TTL expires on replica 4757387 several daemons die with same stack trace strlen/xdr_nis_name/xdr_directory_obj 4941669 getpwent() calls core dump 4996337 replica stuck sleeping in replica_update following nismkdir/nisrmdir 4997108 spurious nis_db_sync_log errors in syslog (info level) 5071759 minor memory bugs prevent effective use of libumem with rpc.nisd 5109439 rpc.nisd stuck looping in __nis_path() (from 113319-21) 5106725 netname to user resolution won't work for ldap (from 113319-20) 4644308 when public network is down, switching to a user using "su" hangs (from 113319-19) 4966526 problem using RPC_SVC_CONNMAXREC_SET when using the rpc mode RPC_SVC_MT_USER (from 113319-18) 4817833 mountd randomly dumps core 4745909 _get_hostserv_inetnetdir_byname/NETDIR_BY may return success on failure 4915053 nss_setent() always fails for setpwent() 4973536 libnsl - t_getprotaddr memory leak 4977978 application deadlock in t_snd (libnsl) library call (from 113319-17) 4738852 NIS: ypserv dev udp opened failed (from 113319-16) 4757387 several daemons die with same stack trace strlen/xdr_nis_name/xdr_directory_obj (from 113319-15) 4684558 NIS server doesn't answer ypbind broadcast request on IPMP failed over interface (from 113319-14) 4765506 NIS+ password problems with Solaris 9 (from 113319-13) 4828271 clnt_create()/clnt_create_timed() don't timeout with unexpected UDP (from 113319-12) 4353836 if more than 255 file descriptors are already open then gethostbyname fails 4152876 getspnam_r() fails due to use of fopen() in libnsl.so in applications under load 4156580 getnetlist uses fopen, limiting RPC to 256 descriptors (from 113319-11) 4767276 rpcbind can be killed remotely (from 113319-10) 4668699 buffer overflow in dbm_open and dbminit (except the one in libc) (from 113319-09) 4825334 113319-06+ needs a dependency on 112874-07+ (from 113319-08) The bug fix for this revision was excluded due to the bug 4825334. (from 113319-07) 4710928 rpcbind exits with segv on both cluster nodes (from 113319-06) 4727726 NIS+ user unable to change his/her passwd (from 113319-05) 4772960 several patches have pkginfo and patchinfo files that fail consistency checking (from 113319-04) 4680691 doctored rpc calls over UDP can bring down machines through rpcbind (from 113319-03) 1226166 rpcbind does not bind with the correct network interface 4690775 nisplus_ldap_udt: rpcbind got killed and core dump during nisplus server setup (from 113319-02) 4517003 ypserv spinning after client disconnects 4648085 automountd dumps core freeing an illegal address in __svc_dupcache_victim() (from 113319-01) 4691127 possible type overflow in xdr_array (from 113481-03) 4753610 rpc.nispasswdd::nis_object2passwd() makes rpc.nispasswdd dump core (from 113481-02) 4756113 libc version number is incorrect in S9U2 (from 113481-01) 4390053 crypt(3c) needs to interoperate with BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user password 4192824 newkey/chkey should use a configurable crypt() to encrypt the users password 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 (from 115165-05) 5016629 NIS+2LDAP: rpc.nisd does not re-BIND to DS after DS was restarted (from 115165-04) 4990222 ypxfrd does not consistently create netgroup maps (from 115165-03) 4724357 NIS+LDAPmapping: searches for creduser in ou=Hosts are causing high overload (from 115165-02) This revision accumulates S9U5 feature point patch 115492-01. (from 115165-01) 4655472 segv in rpc.nisd on x86 stc tests (from 115492-01) 4823553 NIS to LDAP transition project (N2L) 2001/282 4806914 use of multiple domains corrupts data in the mapping elements while parsing 4687778 parser cannot process blank lines with tab spaces 4688447 parser cannot parse lines with unescaped '#' 4674036 get_lhs_match frees __nis_mapping_element_t even though it contains useful data Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Not all patches listed in this section as needed for the completion of a fix or feature, may be available at the same time as this patch. This allows the remaining fixes/features to be made available sooner. Perform patch installation in single user mode. Reboot the system immediately after the patch installation. NOTE 1: To get the complete Flexible Crypt feature, please also install the following patches: 113475-01 (or greater) libsecurity crypt patch 113476-01 (or greater) passwdutil.so.1 patch 113480-01 (or greater) pam_unix patch 113482-01 (or greater) sbin/sulogin patch 113483-01 (or greater) rpc.ypasswdd patch NOTE 2: The fix for bug# 4680691 (doctored rpc calls over UDP can bring down machines through rpcbind) uncovered a bug (4775198) in the SUNWjbcp package. A patch for this bug has been released as 114153-01. This patch or a later revision of it has to be installed if you use the SUNWjbcp package. NOTE 3: To get the complete fix for bugids 1226166 (rpcbind does not bind with the correct network interface) and 4690775 (nisplus_ldap_udt: rpcbind got killed and core dump during nisplus server setup), please also install the following patch: 113330-01 (or greater) rpcbind patch NOTE 4: To get the complete fix for BugID 4353836 (if more than 255 file descriptors are already open then gethostbyname fails), please also install the following patches (after this patch): 112970-05 (or greater) libresolv patch 115545-01 (or greater) nss_files patch 115542-01 (or greater) nss_user patch 115544-01 (or greater) nss_compat patch NOTE 5: To get the complete fix for BugID 4765506 (NIS+ password problems with Solaris 9), please also install the following patch: 113476-08 (or greater) passwdutil.so.1 patch NOTE 6: To get the complete fix for BugID 4915053 (nss_setent() always fails for setpwent()), please also install the following patch: 112874-25 (or greater) libc patch NOTE 7: To get the complete fix for BugID 4644308 (when public network is down, switching to a user using "su" hangs), please also install the following patch: 117431-01 (or greater) nss_nis patch NOTE 8: To get the complete NIS to LDAP Transition Project, please also install the following patches: 113579-02 (or greater) YP components patch 115677-01 (or greater) idsconfig patch NOTE 9: To get the complete fix for 6316946 (N2L: ypserv sporadically doesn't refresh NIS maps from LDAP after their TTL has expired), please also install the following patch: 113579-10 (or greater) YP components patch README -- Last modified date: Monday, January 8, 2007