Patch-ID# 100891-13
Keywords: security, libc, international 
Synopsis: SunOS 4.1.3: international libc jumbo patch
Date: Oct/30/95

********************************************************************************

        This is the "international/standard" version of libc and may be given
        to any customer.

********************************************************************************

        PLEASE read the ENTIRE installation discussion before proceeding with
        the installation of this patch.

        The "standard" SunOS combinations of static, dynamic, and profiled
        libc's are contained in this patch.  In addition, a complete
        replacement for /usr/lib/shlib.etc has also been included.
***************************************************************************

Solaris Release: 1.1

SunOS Release:  4.1.3

Unbundled Product:

Unbundled Release:


BugId's fixed with this patch: 1033104 1039485 1040829 1049421 1053431 1054748 1059039 1061071 1061777 1069726 1069731 1070565 1072740 1074633 1077337 1088455 1109666 1074819 1091493 1041424 1118688 1038421 1046855 1136266 1139883 1141781 1041054 1067574 1151444 1151442 1152987 1152725 1158049 1156726 1133744 1151631 1197137 1182835 1190985 1219835 

Changes incorporated in this version: 1182835 1190985 1219835 

Relevant Architecture: sparc
    NOTE: sun4(all)

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch:
lib/libc.a
lib/libc_p.a
lib/libc.sa18
lib/libc.so18
5lib/libc.a
5lib/libc_p.a
5lib/libc.sa28
5lib/libc.so28
lib/shlib.etc/lorder-sparc
lib/shlib.etc/objsort
lib/shlib.etc/Makefile
lib/shlib.etc/READTHIS
lib/shlib.etc/awkfile
lib/shlib.etc/libc_pic.a
lib/shlib.etc/libcs5_pic.a
lib/debug/malloc.o
lib/debug/mallocmap.o
lib/libbsdmalloc.a

NOTE:
lib/libc.sa18 gets installed as lib/libc.sa.1.8
lib/libc.so18 gets installed as lib/libc.so.1.8
5lib/libc.sa28 gets installed as 5lib/libc.sa.2.8
5lib/libc.so28 gets installed as 5lib/libc.so.2.8


Problem Description: 



        The "standard" SunOS combinations of static, dynamic, and profiled
        libc's are contained in this patch.  In addition, a complete
        replacement for /usr/lib/shlib.etc has also been included.



 
(Rev 01)
        1033104  When /etc/hosts.equiv file begins with -@netgroup, any machine
                   gets equiv access
        1039485  ypserv goes into infinite loop and hangs server and clients
        1040829  sparc strcpy/strncpy causes core dump near page boundaries
        1049421  localtime.c writes a null byte 1 byte beyond allocated space
        1053431  innetgr may acknowledge false netgroup membership
        1054748  ftp, ping dump core when connecting to a host with
                   multiple DNS A records
        1059039  memory leak using getpwuid(3) on a host that uses NIS
	1061071  host cannot mount filesystem if it is after the 1024th byte in 
                   the  access list
        1061777  tzset has a memory leak
        1069726  nl_langinfo(D_T_FMT) returns NULL if setlocale defaulted to
                   "C" locale
        1069731  long format strings for sscanf, fscanf, and scanf cause
                   data corruption
        1070565  c compiler stores wrong data for double
        1072740  strcoll() .... strxfrm() dumps core for locale >< C if
                 stdin closed
        1074633  strcmp gets bad result when 0x80 char put in string.
        1077337  xlock crashes when handling many return keypresses leaving
                   system open
 
        1088455  strcoll returns bad results when collating spec exhausts
                 single char matrix
        1109666  pclose() will hang if pipes break in unexpected order
 
 
(Rev 02)
        1074819  strftime %y format doesn't work for years > 2000
        1091493  mbtowc and mbstowcs give different results for same character
        1041424  initgroups fails under SysV - problem with getgroups
 
(Rev 03)
	1118688	When a V 2 yp request fails it  tries V 1 and never tries 
		V 2 again

(Rev 04)
	1038421, 1046855
		the compiler is producing bad code WRT strcmp()

(Rev 05)
	1136266	yp_all does not close tcp socket
	1141781	printf(), scanf() and related functions  %n format
		option fails in 4.1.x libc

(Rev 06)
 	1139883	yp_all call fails causes autoinstall to ask network
                config info

(Rev 07)
 	1141781 printf(), scanf() and related functions  %n format
                option fails in 4.1.x libc (version 2 - complete fix 
		for all %n formats) 

(Rev 08)
	1041054	Slow initgroups(3) when run for users with a uid of 0

(Rev 09)
	1067574	localdtconv always returns the default settings
	1151444	strcoll fails to compare strings equal after longer
		comparison in non C locale
	1151442	libc patch 100891-05 causes Cannot find the locale error
		on setenv LANG
	1152987	strcoll and strxfrm use LANG or LC_COLLATE without
		setlocale being called
	1152725	setlocale returns null with libc patch 100891-08
	1152049	strcoll fails when arg is prefix other arg using 
		localizations built by colldef

(Rev 10)
	1156726 Patch 100891-09 core dumps setlocale call on LC_MONETARY

(Rev 11)
        1133744 clntudp_call sometimes hangs when application gets
                signalled periodically
        1151631 rst tape driver doesn't work with buffered IO

(Rev 12)
	1197137 NFS server crashed w/ "Panic: Bad Trap" when NFS client
                do a "find" over T1 link.
(Rev 13)
	1190985 gethostbyname() can trash an existing open file descriptor.
	1182835 portmapper silently fails with version mismatch by PC-NFS 
		client
	1219835 Syslog(3) can be abused to gain root access on 4.X systems.


Patch Installation instructions:

The libraries in this patch may be placed in any directory.  But if you
choose to place any libc.* in a location other than /usr/lib or
/usr/5lib, you'll have to use the -L flag with each ld execution to
"point" to the chosen directory that holds these substitutes.  Since
this is likely to be a somewhat awkward requirement, the patch and the
following install sequence assume you wish to substitute your standard
libraries with the patched versions.
 
The installation of ANY of the library parts may be done while the
system is running, EXCEPT for the SHARED libc's.  It is SAFEST to
substitute the shared libraries while SunOS is booted in single-user
mode or from the SunOS Installation miniroot.  Since using SunOS in
single-user mode is easier than booting the miniroot off the SunOS
Installation tapes, the install sequence below will reference
single-user mode.
 
There is one more consideration.  The installation sequence below will
overwrite ALL libc "variants" in /usr/lib and /usr/5lib.  If you have
added/substituted parts to libc.a or libc.s?.X.Y in /usr/lib and/or
/usr/5lib, you will need to 1) preserve these copies, or 2) plan to
resubstitute your material in with these patch versions.
 
It is highly recommended that you "walkthru" the installation sequence
below to become familiar with what is being done prior to actually
doing it.  You can vary and even skip some steps in these instructions
if you're *confident* you understand what is going on.  Bear in mind that
/usr/lib/libc.so.X.Y dynamically binds the *entire* SunOS and any
corruption to this particular library will render a system virtually
useless.

 
Installing the libc patch:  (perform the following steps in this order)
 
        o save patch distribution under some directory, say '/tmp/X'.
        o cd /tmp/X
        o su
        o (ensure no users are actively using any libc's)
        o mv /usr/lib/libc.a /usr/lib/libc.a.FCS
        o mv /usr/lib/libc_p.a /usr/lib/libc_p.a.FCS    (1)
        o mv /usr/5lib/libc.a /usr/5lib/libc.a.FCS      (2)
        o mv /usr/5lib/libc_p.a /usr/5lib/libc_p.a.FCS  (2)
        o mv /usr/lib/libbsdmalloc.a /usr/lib/libbsdmalloc.a.FCS
 
        (1) if you do not have this file on your system, then the
        "Debugging" part of the OS distribution tape has not been
        loaded.
 
        (2) if you do not have this file on your system, then the
        "SystemV" part of the OS distribution tape has not been
        loaded.
 
You will rename your original shared libc's at a later point in the
installation.
 
        o mv /usr/lib/shlib.etc /usr/lib/shlib.etc.FCS
        o mkdir /usr/lib/shlib.etc
        o chmod 2755 /usr/lib/shlib.etc
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/shlib.etc.  If not, you may skip them.
 
        o mv /usr/lib/debug /usr/lib/debug.FCS
        o mkdir /usr/lib/debug
        o chmod 2755 /usr/lib/debug
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/debug.  If not, you may skip them.
 
        o cp -p -R lib/*  /usr/lib
	o cp -p -R 5lib/* /usr/5lib
 
You are actually copying all the files in lib and 5lib directories
to /usr/lib and /usr/5lib. If you followed all steps mentioned above
you are still in /tmp/X.
 
        o "quiet" system  (have users log off, announce system going down)
        o sync
        o halt
        o >b[oot] vmunix -s
 
You're now booting SunOS in single-user mode.  We will rename the shared
libc's to make them "active" and this is best done, at minimum, under
single-user.

 
        o cd /usr/lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
                -rw-r--r--  1 root         7996 Feb  8  1990 libc.sa.1.8
                -rwxr-xr-x  1 root       516096 Feb  8  1990 libc.so.1.8
                -rw-r--r--  1 root         7996 Oct  4 05:00 libc.sa18
                -rw-r--r--  1 root       516096 Oct  4 05:13 libc.so18
        
        o sync
        o mv libc.so.1.8 libc.so.1.8.FCS     this saves the original file
 
        o mv libc.so18 libc.so.1.8           this copies the patch to its
                                             new place
 
        o mv libc.sa.1.8 libc.sa.1.8.FCS     this saves the original file
 
        o mv libc.sa18 libc.sa.1.8           this copies the patch to its
                                             new place
 
        o date
 
Do this last step CAREFULLY.  IF the 'date' command does *anything*
else but show a proper date, then IMMEDIATELY do:
 
        o mv libc.so.1.8 libc.so18
        o mv libc.so.1.8.FCS libc.so.1.8
        o mv libc.sa.1.8 libc.sa18
        o mv libc.sa.1.8.FCS libc.sa.1.8
 
If the date command is successful, continue here:
 
        o cd ../5lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
                -rw-r--r--  1 root         7996 Feb  8  1990 libc.sa.2.8
                -rwxr-xr-x  1 root       516096 Feb  8  1990 libc.so.2.8
                -rw-r--r--  1 root         7996 Oct  4 05:00 libc.sa28
                -rw-r--r--  1 root       524288 Oct  4 05:15 libc.so28
 
 
        o mv libc.so.2.8 libc.so.2.8.FCS     this saves the original file
 
        o mv libc.so28 libc.so.2.8           this copies the patch to its
                                             new place
 
        o mv libc.sa.2.8 libc.sa.2.8.FCS     this saves the original file
 
 
        o mv libc.sa28 libc.sa.2.8           this copies the patch to its
                                             new place
 
 
Do this last step CAREFULLY also.
 
        o ranlib -t /usr/lib/libc*
        o ranlib -t /usr/5lib/libc*
        o ^D
 
The install is complete.  The ^D above terminates single-user mode, and
brings your system back up in multi-user mode.
 
<<<<<<<<<<<<<<<<<<   end README  >>>>>>>>>>>>>>>>>>>>>>



