# CLUSTER_README

NAME: Solaris 2.6 x86_Recommended Patch Cluster
DATE: Jan/03/06

########################################################################

This patch cluster is intended to provide a selected set of patches for
the designated Solaris release level.  This is a bundled set of patches
conveniently wrapped for one-step installation.  Only install this
cluster on the appropriate Solaris system.  Carefully read all important
notes and install instructions provided in this README file before
installing the cluster.  A cluster grouping does not necessarily imply
that additional compatibility testing has occured since the individual
patches were released.

WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch 
cluster be performed in single-user mode (Run Level S).

########################################################################
 
CLUSTER DESCRIPTION
-------------------

These Solaris Recommended patches are considered the most important and
highly recommended patches that avoid the most critical system, user, or
security related bugs which have been reported and fixed to date.  In
most cases a Solaris security patch will be included in the recommended
patch set.  It is possible, however, that a security patch may not be
included in the recommended set if it is determined to be a more obscure
application specific issue and not generally applicable.

During initial installation of the Solaris product other patches or patch
sets may be provided with the product and required with product installation.
Refer to the Solaris product installation documentation to be sure that all
the patches required at product installation are already installed.  This
patch cluster can then be used to update or augment the system with the
recommended patches included.


PATCHES INCLUDED:
-----------------

112543-01  SunOS 5.6_x86: fgrep fails with "wordlist too large"
111110-02  SunOS 5.6_x86: Patch to /usr/bin/nawk
106362-15  SunOS 5.6_x86: csh/jsh/ksh/rksh/rsh/sh patch
107734-11  SunOS 5.6_x86: linker patch
106293-13  SunOS 5.6_x86: pkgadd/pkginstall & related utilities
106126-16  SunOS 5.6_x86: Patch for patchadd and patchrm
105553-03  SunOS 5.6_x86: /usr/sbin/rpc.nisd_resolv patch
105182-38  SunOS 5.6_x86: kernel update patch
105211-54  SunOS 5.6_x86: libaio, libc & watchmalloc patch
105380-07  SunOS 5.6_x86: /kernel/misc/nfssrv patch
105408-01  SunOS 5.6_x86: /usr/bin/volrmmount patch
105396-09  SunOS 5.6_x86: /usr/lib/sendmail patch
105565-05  SunOS 5.6_x86: /kernel/misc/rpcsec patch
105402-47  SunOS 5.6_x86: libnsl and NIS+ commands patch
105217-05  SunOS 5.6_x86: /usr/sbin/rpcbind patch
105563-03  SunOS 5.6_x86: chkey and keylogin patch
105616-09  SunOS 5.6_x86: /usr/lib/nfs/mountd patch
106258-07  SunOS 5.6_x86: /usr/bin/passwd and /usr/lib/libpam.so.1 patch
105639-02  SunOS 5.6_x86: /platform/i86pc/kernel/misc/pdwa patch
105666-04  SunOS 5.6_x86: /usr/bin/login patch
105668-02  SunOS 5.6_x86: /usr/bin/rdist patch
105756-13  SunOS 5.6_x86: libresolv, in.named, named-xfer, nslookup, nstest patch
105787-13  SunOS 5.6_x86: /kernel/drv/ip dirver patch
106050-05  SunOS 5.6_x86: /usr/sbin/in.telnetd patch
106236-13  SunOS 5.6_x86: lp patch
106302-06  SunOS 5.6_x86: /usr/sbin/in.ftpd patch
106440-14  SunOS 5.6_x86: /usr/sbin/syslogd patch
106449-01  SunOS 5.6_x86: /usr/sbin/ping patch
106041-18  SunOS 5.6_x86: X Input & Output Method patch
105569-26  SunOS 5.6_x86: /usr/lib/libthread.so.1 patch
106194-06  SunOS 5.6_x86: Patch for Taiwan timezone
105801-08  SunOS 5.6_x86: /usr/bin/admintool, y2000 patch
106829-01  SunOS 5.6_x86: /usr/bin/date patch
107435-01  CDE 1.2_x86: dtmail patch
105559-04  CDE 1.2_x86: dtpad patch
105670-10  CDE 1.2_x86: libDtSvc Patch
106243-03  CDE 1.2_x86: libDtHelp.so.1 fixes
105838-02  CDE 1.2_x86: dtappgather Patch
105567-13  CDE 1.2_x86: calendar manager patch
106363-02  OpenWindows 3.6_x86: multiple xterm fixes
106223-01  OpenWindows 3.6_x86: filemgr (ff.core) fixes
105803-21  OpenWindows 3.6_x86: ToolTalk patch
105285-50  Motif 1.2.7_x86: Runtime library patch
106496-03  SunOS 5.6_x86: truss & truss support library patch
105530-16  SunOS 5.6_x86: /kernel/drv/tcp patch
105723-07  SunOS 5.6_x86: /usr/lib/fs/ufs/ufsdump and ufsrestore patch
105781-05  SunOS 5.6_x86: /kernel/fs/fifofs patch
106124-05  SunOS 5.6_x86: sgml patch
106523-05  SunOS 5.6_x86: /usr/bin/ftp patch
106570-01  SunOS 5.6_x86: libauth.a & libauth.so.1 patch
106593-05  SunOS 5.6_x86: /usr/lib/nfs/statd patch
106835-02  SunOS 5.6_x86: cp/ln/mv patch
107566-03  SunOS 5.6_x86: /usr/sbin/in.tftpd patch
107619-04  SunOS 5.6_x86: vold patch
107759-05  SunOS 5.6_x86: /usr/bin/pax patch
107767-01  SunOS 5.6_x86: ASET cklist reports unchanged 6month older files as new
107775-01  SunOS 5.6_x86: inetd denial-of-service attack
107992-02  SunOS 5.6_x86: /usr/sbin/static/rcp patch
106248-49  OpenWindows 3.6_x86: Xsun patch
106416-04  OpenWindows 3.6_x86: xdm patch
106657-01  OpenWindows 3.6_x86: libce suid/sgid security fix
106658-01  OpenWindows 3.6_x86: libdeskset patch
106659-05  OpenWindows 3.6_x86: mailtool attachment security patch
107338-02  OpenWindows 3.6_x86: kcms_server and kcms_configure security fixes
105339-25  CDE 1.2_x86: dtmail patch
105704-29  CDE 1.2_x86: dtlogin patch
106028-12  CDE 1.2_x86: dtsession patch
106113-06  CDE 1.2_x86: dtfile patch
106438-04  CDE 1.2_x86: Print Manager Patch
108200-01  CDE 1.2_x86: dtspcd Patch
108202-01  CDE 1.2_x86: dtaction Patch
106647-03  SNC 3.2: rpc.pcnfsd has security problem, also hangs and dumps core
108493-01  SunOS 5.6_x86: Snoop may be exploited to gain root access
108661-01  SunOS 5.6_x86: Patch for sadmind
105473-08  SunOS 5.6_x86: /usr/lib/autofs/automountd patch
104678-18  SunOS 5.6_x86: Shared library patch for C++
108500-01  SunOS 5.6_x86: ASET sets the gid on /tmp,/var/tmp when set med or high
108469-03  SunOS 5.6_x86: ldterm streams module patch
106469-06  SunOS 5.6_x86: /usr/bin/cu and usr/bin/uustat patch
109267-05  SunOS 5.6_x86: /usr/bin/mail patch
109340-02  SunOS 5.6_x86: nscd fixes
108805-02  SunOS 5.6_x86: /usr/bin/tip patch
109389-01  SunOS 5.6_x86: patch /usr/vmsys/bin/chkperm
108334-02  SunOS 5.6_x86: jserver buffer overflow
108896-01  SunOS 5.6_x86: patch /usr/sbin/rpc.bootparamd
108894-01  SunOS 5.6_x86: patch /usr/lib/netsvc/yp/rpc.ypupdated
108891-02  SunOS 5.6_x86: ypxfrd, ypbind, and ypserv patch
109720-01  SunOS 5.6_x86: arp should lose set-gid bid
106626-14  SunOS 5.6_x86: libsec.a, libsec.so.1 and /kernel/fs/ufs patch
105406-03  SunOS 5.6_x86: libcurses.a & libcurses.so.1 patch
111030-01  SunOS 5.6_x86: /kernel/sys/semsys patch
111031-01  SunOS 5.6_x86: adp patch
110991-02  SunOS 5.6_x86: Patch for ttymon
111241-01  SunOS 5.6_x86: Patch to /usr/bin/finger
107491-01  SunOS 5.6_x86: savecore doesn't work if swap slice is over 2G
111665-01  SunOS 5.6_x86: bzip patch
111573-01  SunOS 5.6_x86: ar_open failure leads to memory corruption
111860-01  SunOS 5.6_x86: Buffer overflow in whodo via $TZ
106304-04  SunOS 5.6_x86: /usr/lib/netsvc/yp/rpc.yppasswdd patch
105694-14  SunOS 5.6_x86: cachefs patch
105991-05  SunOS 5.6_x86: vi/ex/edit/view/vedit patch
111561-01  SunOS 5.6_x86: dmesg security problem
111237-01  SunOS 5.6_x86: Patch for /usr/sbin/in.fingerd
107299-03  SunOS 5.6_x86: ntpdate and xntpd patch
111040-02  SunOS 5.6_x86: /usr/bin/bdiff and /usr/bin/sdiff patch
107327-03  SunOS 5.6_x86: rlmod and telmod patch
112074-03  SunOS 5.6_x86: /usr/bin/mailx patch
105721-20  SunOS 5.6_x86: /kernel/fs/nfs patch
106640-07  SunOS 5.6_x86: rpcmod patch
112815-01  SunOS 5.6_x86: in.talkd has a "user format" security problem
112894-01  SunOS 5.6_x86: rpc.rwalld has format string problem
108130-05  OpenWindows 3.6_x86: Font Server patch
113755-02  SunOS 5.6_x86: utmp_update patch
105505-16  SunOS 5.6_x86: /kernel/drv/st.conf and /kernel/drv/st patch
108308-02  SunOS 5.6_x86: keyserv fixes
106331-05  OpenWindows 3.6: Xview Patch
114890-01  SunOS 5.6_x86: /usr/sbin/wall patch
114942-01  SunOS 5.6_x86: namefs patch
115564-01  SunOS 5.6_x86: ed creates tempfiles in an insecure manner
106353-05  OpenWindows 3.6_x86: Xview Patch


IMPORTANT NOTES AND WARNINGS:
-----------------------------

SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES:
With or without using the save option, the patch installation process
will still require some amount of disk space for installation and
administrative tasks in the /, /usr, /var, or /opt partitions where
patches are typically installed.  The exact amount of space will
depend on the machine's architecture, software packages already
installed, and the difference in the patched objects size.  To be
safe, it is not recommended that a patch cluster be installed on a
system with less than 4 MBytes of available space in each of these
partitions.  Running out of disk space during installation may result
in only partially loaded patches.  Be sure a recent full system backup
is available in case a problem occurs, and check to be sure adequate
disk space is available before installing the patch cluster. 

SAVE AND BACKOUT OPTIONS:
By default, the cluster installation procedure uses the installpatch
save feature to save the base objects being patched.  Prior to installing
the patches the cluster installation script will first determine if
enough system disk space is available in /var/sadm/patch to save the
base objects and will terminate if not.  Patches can only be individually
backed out with the original object restored if the save option was used
when installing this cluster.  Please later refer to the backoutpatch
instructions provided in the individual patch README file which will be
located in the specific patch directory under /var/sadm/patch after
the patch has been installed.  It is possible to override the save
feature by using the [-nosave] option when executing the cluster
installation script.  Using the nosave option, however, means that you
will not be able to backout individual patches if the need arises.

SPECIAL INSTALL INSTRUCTIONS:
As with any patch individually applied, there may be additional special
installation instructions which are documented in the individual patch
readme file.  It is recommended that each individual patch readme is
reviewed before installing this cluster to determine if any additional
installation steps are necessary for a patch.  Otherwise it is possible
that an individual patch may still not be completely installed in all
respects after the cluster has been installed.

DISKLESS OR DATALESS CLIENT SYSTEMS:
On server machines that service diskless and/or dataless clients, a
patch is NOT applied to existing clients or to the client root template
space.  Therefore, all client machines of the server that will need
this cluster will have to individually apply this cluster.  Install
this cluster on the client machines first, then the server.

A PATCH MAY NOT BE APPLIED:
Under certain circumstances listed below, a particular patch provided in
this cluster may not be installed if:
 
- The patch applies to a package that has not originally been installed
- The same or newer revision of the patch has already been installed
- The patch was obsoleted by another patch that has already been installed
- The package database is corrupt or missing

Use the 'showrev -p' command to compare the list of patches already 
installed on the system with the patch list and revision levels provided
in this cluster.  During installation, the install process will indicate
if a patch was not applied and more detailed installation messages will
be logged to the installation log file.  The README file with each patch
also provides documentation regarding install and backout messages.

OLDER VERSIONS OF PATCHES ALREADY INSTALLED:
Backout of older versions of patches provided in the cluster is not
required in order for the newer version to be installed.  However
not backing out an older rev before installing a newer rev will
cause showrev -p to continue to show the older rev along with the
newer rev.  And, if the older rev was previously installed with
the save option, the older rev will continue to occupy disk space
in /var/sadm/patch even though it has been obsoleted by the new rev.
The backoutpatch utility will only allow the most recently saved
objects to be restored, thus there are no serious risks associated
with leaving an older rev on the system.  It just may, however,
avoid confusion and be more economical to first backout an older
patch rev before installing a newer rev.


INSTALL INSTRUCTIONS:
---------------------

First, be sure the patch cluster has been uncompressed and extracted
if the cluster was received as a tar.Z file, then proceed as follows:


1)      Decide on which method you wish to install the cluster:

Recommended Method Using Save Feature:
 
By default, the cluster installation procedure uses the installpatch
save feature to save the original objects being patched.  Prior
to installing the patches the cluster installation script will
first determine if enough system disk space is available in
/var/sadm/patch to save the objects and will terminate if not.
Using the default save feature is recommended. 
 
Method Using No Save Option:
 
It is possible to override the save feature by using the [-nosave]
option when executing the cluster installation script.  Using the
nosave option means that you will not be able to backout individual
patches if the need arises.
 
 
2)      Run the install_cluster script

        cd <patch cluster directory>
        ./install_cluster

By default, a message warning the user to check for minimum disk
space allowance (separate from the save feature) will appear
and allow the user to abort if inadequate space exists.  To
suppress this interactive message the "-q" (quiet) option can
be used when invoking install_cluster.
 
The progress of the script will be displayed on your terminal.
It should look something like:
 
# ./install_cluster
 
Patch cluster install script for <cluster name>
 
Determining if sufficient save space exists...
Sufficient save space exists, continuing...
Installing patches located in <patch cluster directory>
Installing <patch-id>
Installing <patch-id>
.
.
.
Installing <patch-id>
 
For more installation messages refer to the installation logfile:
   /var/sadm/install_data/<cluster name>_log
 
Use '/usr/bin/showrev -p' to verify installed patch-ids.
Refer to individual patch README files for more patch detail.
Rebooting the system is usually necessary after installation.
#
         
 
3)      Check the logfile if more detail is needed.
 
If errors are encountered during the installation of this cluster,
error messages will be displayed during installation.  More details
about the causes of failure can be found in the detail logfile:
 
        more /var/sadm/install_data/<cluster name>_log
 
If this log file previously existed the latest cluster installation
data will be concatenated to the file, so check the end of the file.
 
         
4)      THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!

