Patch-ID# 101558-12
Keywords: security y2000 libc international
Synopsis: SunOS 4.1.3_U1: international libc patch
Date: Dec/16/98

********************************************************************************

	This is the "international/standard" version of libc and may be given
        to any customer.

********************************************************************************

        PLEASE read the ENTIRE installation discussion before proceeding with
        the installation of this patch.

        The "standard" SunOS combinations of static, dynamic, and profiled
        libc's are contained in this patch.  In addition, a complete
        replacement for /usr/lib/shlib.etc has also been included.

********************************************************************************

Solaris Release: 1.1.1A

SunOS Release: 4.1.3_U1A

Unbundled Product: 

Unbundled Release: 

BugId's fixed with this patch: 1197137 1198695 1182564 1041781 1044654 1067574 1151444 1152987 1152049 1033104 1039485 1049421 1054748 1061777 1070565 1074633 1077337 1109666 1074819 1041424 1118688 1038421 1046855 1136266 1141781 1139883 1182835 1190985 1219835 1226907 1043741 1264595 4018724 1220511 1070813 4045427 4073294 1169481 4136673 4116670 4186756

Changes incorporated in this version: 4045427 4073294 1169481 4136673 4116670 4186756

Patches accumulated and obsoleted by this patch:

Relevant Architecture: sparc
    NOTE: sun4(all)

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch:
lib/libc.a
lib/libc_p.a
lib/libc.sa19
lib/libc.so19
5lib/libc.a
5lib/libc_p.a
5lib/libc.sa29
5lib/libc.so29
lib/shlib.etc/lorder-sparc
lib/shlib.etc/objsort
lib/shlib.etc/Makefile
lib/shlib.etc/README
lib/shlib.etc/awkfile
lib/shlib.etc/libc_pic.a
lib/shlib.etc/libcs5_pic.a
lib/debug/malloc.o
lib/debug/mallocmap.o
lib/libbsdmalloc.a

NOTE:
lib/libc.sa19 gets installed as lib/libc.sa.1.9
lib/libc.so19 gets installed as lib/libc.so.1.9
5lib/libc.sa29 gets installed as 5lib/libc.sa.2.9
5lib/libc.so29 gets installed as 5lib/libc.so.2.9



Problem Description: 
 
(Rev 01 & 02)
        1033104  When /etc/hosts.equiv file begins with -@netgroup, any machine
                   gets equiv access
        1039485  ypserv goes into infinite loop and hangs server and clients
        1049421  localtime.c writes a null byte 1 byte beyond allocated space
        1054748  ftp, ping dump core when connecting to a host with
                   multiple DNS A records
        1061777  tzset has a memory leak
        1070565  c compiler stores wrong data for double
        1074633  strcmp gets bad result when 0x80 char put in string.
        1077337  xlock crashes when handling many return keypresses leaving
                   system open
        1109666  pclose() will hang if pipes break in unexpected order
 
        1074819  strftime %y format doesn't work for years > 2000
        1041424  initgroups fails under SysV - problem with getgroups
	1118688	When a V 2 yp request fails it  tries V 1 and never tries 
		V 2 again
	1038421, 1046855
		the compiler is producing bad code WRT strcmp()
	1136266	yp_all does not close tcp socket
	1141781	printf(), scanf() and related functions  %n format
		option fails in 4.1.x libc
 	1139883	yp_all call fails causes autoinstall to ask network

(Rev 03)
	1041781 Slow initgroups(3) when run for users with a uid of 0
	1044654 change exportent() to handle line size of 4096 bytes
	1067574 localdtconv always returns the default settings 
	1151444 strcoll fails to compare strings equal after longer	
		comparison in non C locale
	1152987 strcoll and strxfrm use LANG or LC_COLLATE without
	 	setlocale being called
	1152049	strcoll fails when arg is prefix other arg using 
		localizations built by colldef

(Rev 04)
        1182564 CG3270 would core dump with BUS error

(Rev 05)
        1198695 Patch 101558-04 does not install properly.

(Rev 06)
 	1197137 NFS server crashed w/ "Panic: Bad Trap" when NFS client
	        do a "find" over T1 link
(Rev 07)
	1190985 gethostbyname() can trash an existing open file descriptor.
	1182835 portmapper silently fails with version mismatch by PC-NFS 
		client
	1219835 Syslog(3) can be abused to gain root access on 4.X systems.

(Rev 08)
        1226907 getgrent frees memory which was malloced elsewhere because
                pointer not cleared

(Rev 09)
	1264595 strncmp core dumps when used at the end of a page of memory
        1043741 getpwent goes into infinite loop on malformed NIS passwd entry

(Rev 10, Y2000 fixes)
        4018724 strptime %y doesn't work for years > 1999.               
        1220511 mktime() doesn't care leap year
        1074819 strftime %y format doesn't work for years > 1999

(Rev 11)
	1070813 mblen() and mbtowc() return 1 when pointing to null char

(Rev 12)
	4136673  getservbyname() tries to free static variable
	1169481  missing information in shlib.etc files
	4073294  yp binding is lost when SIGHUP sent to inetd
	4045427  getservbyname/getservent via NIS (YP) fails unexpectedly
	4116670 /usr/kvm/ps will die with segmentation fault
	4186756 strptime() : incorrect output with %j format


Patch Installation instructions:
-------------------------------
The libraries in this patch may be placed in any directory.  But if you
choose to place any libc.* in a location other than /usr/lib or
/usr/5lib, you'll have to use the -L flag with each ld execution to
"point" to the chosen directory that holds these substitutes.  Since
this is likely to be a somewhat awkward requirement, the patch and the
following install sequence assume you wish to substitute your standard
libraries with the patched versions.
 
The installation of ANY of the library parts may be done while the
system is running, EXCEPT for the SHARED libc's.  It is SAFEST to
substitute the shared libraries while SunOS is booted in single-user
mode or from the SunOS Installation miniroot.  Since using SunOS in
single-user mode is easier than booting the miniroot off the SunOS
Installation tapes, the install sequence below will reference
single-user mode.
 
There is one more consideration.  The installation sequence below will
overwrite ALL libc "variants" in /usr/lib and /usr/5lib.  If you have
added/substituted parts to libc.a or libc.s?.X.Y in /usr/lib and/or
/usr/5lib, you will need to 1) preserve these copies, or 2) plan to
resubstitute your material in with these patch versions.
 
It is highly recommended that you "walkthru" the installation sequence
below to become familiar with what is being done prior to actually
doing it.  You can vary and even skip some steps in these instructions
if you're *confident* you understand what is going on.  Bear in mind that
/usr/lib/libc.so.X.Y dynamically binds the *entire* SunOS and any
corruption to this particular library will render a system virtually
useless.

 
Installing the libc patch:  (perform the following steps in this order)
 
        o save patch distribution under some directory, say '/tmp/X'.
          (if in tar format  untar using tar xpf <patch_archive>.tar)
        o cd /tmp/X
        o su
        o (ensure no users are actively using any libc's)
        o mv /usr/lib/libc.a /usr/lib/libc.a.FCS
        o mv /usr/lib/libc_p.a /usr/lib/libc_p.a.FCS    (1)
        o mv /usr/5lib/libc.a /usr/5lib/libc.a.FCS      (2)
        o mv /usr/5lib/libc_p.a /usr/5lib/libc_p.a.FCS  (2)
        o mv /usr/lib/libbsdmalloc.a /usr/lib/libbsdmalloc.a.FCS
 
        (1) if you do not have this file on your system, then the
        "Debugging" part of the OS distribution tape has not been
        loaded.
 
        (2) if you do not have this file on your system, then the
        "SystemV" part of the OS distribution tape has not been
        loaded.
 
You will rename your original shared libc's at a later point in the
installation.
 
        o mv /usr/lib/shlib.etc /usr/lib/shlib.etc.FCS
        o mkdir /usr/lib/shlib.etc
        o chmod 2755 /usr/lib/shlib.etc
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/shlib.etc.  If not, you may skip them.
 
        o mv /usr/lib/debug /usr/lib/debug.FCS
        o mkdir /usr/lib/debug
        o chmod 2755 /usr/lib/debug
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/debug.  If not, you may skip them.
 
	o cp -p -R lib/*  /usr/lib
	o cp -p -R 5lib/* /usr/5lib 
 
You are actually copying all the files in lib and 5lib directories
to /usr/lib and /usr/5lib. If you followed all steps mentioned above you
are still in /tmp/X.
 
        o "quiet" system  (have users log off, announce system going down)
        o sync
        o halt
        o >b[oot] vmunix -s
 
You're now booting SunOS in single-user mode.  We will rename the shared
libc's to make them "active" and this is best done, at minimum, under
single-user.

 
        o cd /usr/lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
	-rw-r--r--  1 root         7996 Oct 13 19:02 /usr/lib/libc.sa.1.9
	-rwxr-xr-x  1 root       516096 Oct 13 19:02 /usr/lib/libc.so.1.9
	-rw-r--r--  1 root         7996 Jan 11 08:49 /usr/lib/libc.sa19
	-rwxr-xr-x  1 root       516096 Jan 11 08:24 /usr/lib/libc.so19

        o sync
        o mv libc.so.1.9 libc.so.1.9.FCS     this saves the original file
 
        o mv libc.so19 libc.so.1.9           this copies the patch to its
                                             new place
 
        o mv libc.sa.1.9 libc.sa.1.9.FCS     this saves the original file
 
        o mv libc.sa19 libc.sa.1.9           this copies the patch to its
                                             new place
 
        o date
 
Do this last step CAREFULLY.  IF the 'date' command does *anything*
else but show a proper date, then IMMEDIATELY do:
 
        o mv libc.so.1.9 libc.so19
        o mv libc.so.1.9.FCS libc.so.1.9
        o mv libc.sa.1.9 libc.sa19
        o mv libc.sa.1.9.FCS libc.sa.1.9
 
If the date command is successful, continue here:
 
        o cd ../5lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
	-rw-r--r--  1 root         7996 Oct 13 19:02 /usr/5lib/libc.sa.2.9
	-rw-r--r--  1 root       524288 Oct 13 19:02 /usr/5lib/libc.so.2.9
	-rw-r--r--  1 root         7996 Jan 11 08:49 /usr/5lib/libc.sa29
	-rw-r--r--  1 root       524288 Jan 11 08:24 /usr/5lib/libc.so29

 
        o mv libc.so.2.9 libc.so.2.9.FCS     this saves the original file
 
        o mv libc.so29 libc.so.2.9           this copies the patch to its
                                             new place
 
        o mv libc.sa.2.9 libc.sa.2.9.FCS     this saves the original file
 
 
        o mv libc.sa29 libc.sa.2.9           this copies the patch to its
                                             new place
 
Do this last step CAREFULLY also.
 
        o ranlib -t /usr/lib/libc*a*

        o ranlib -t /usr/5lib/libc*a*

        o ranlib -t /usr/lib/libbsdmalloc.a

        o ^D
 
The install is complete.  The ^D above terminates single-user mode, and
brings your system back up in multi-user mode.
