Patch-ID# 102545-13
Keywords: security y2000 libc international
Synopsis: SunOS 4.1.4: International libc patch
Date: May/24/99

********************************************************************************

	This is the "international/standard" version of libc and may be given
        to any customer.

********************************************************************************

        PLEASE read the ENTIRE installation discussion before proceeding with
        the installation of this patch.

        The "standard" SunOS combinations of static, dynamic, and profiled
        libc's are contained in this patch.  In addition, a complete
        replacement for /usr/lib/shlib.etc has also been included.

********************************************************************************

Solaris Release: 1.1.2

SunOS Release:  4.1.4  

Unbundled Product: 

Unbundled Release: 

BugId's fixed with this patch: 1070813 1220511 1219835 1182835 1190985 1197137 1222421 1225336 1043741 1264595 4018724 4045427 4073294 1169481 4136673 4116670 4186756 4205272

Changes incorporated in this version: 4205272

Patches accumulated and obsoleted by this patch: 

Relevant Architecture: sparc
    NOTE: sun4(all)

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch:
lib/libc.a
lib/libc_p.a
lib/libc.sa19
lib/libc.so19
5lib/libc.a
5lib/libc_p.a
5lib/libc.sa29
5lib/libc.so29
lib/shlib.etc/lorder-sparc
lib/shlib.etc/objsort
lib/shlib.etc/Makefile
lib/shlib.etc/README
lib/shlib.etc/awkfile
lib/shlib.etc/libc_pic.a
lib/shlib.etc/libcs5_pic.a
lib/debug/malloc.o
lib/debug/mallocmap.o
lib/libbsdmalloc.a

NOTE:
lib/libc.sa19 gets installed as lib/libc.sa.1.9
lib/libc.so19 gets installed as lib/libc.so.1.9
5lib/libc.sa29 gets installed as 5lib/libc.sa.2.9
5lib/libc.so29 gets installed as 5lib/libc.so.2.9

Problem Description: 

4205272 --> fix for 4045427 prevents NIS fallback to files

4116670 --> /usr/kvm/ps will die with segmentation fault

4186756 --> strptime() : incorrect output with %j format

4136673 --> getservbyname() tries to free static variable

1169481 --> missing information in shlib.etc files

4073294 --> yp binding is lost when SIGHUP sent to inetd

4045427 --> getservbyname/getservent via NIS (YP) fails unexpectedly 

4018724 --> 4.x strptime %y doesn't recognize the year 2000 or greater

1070813 --> mblen() and mbtowc() return 1 when pointing to null char

1264595 --> strncmp core dumps when used at the end of a page of memory

1043741 --> getpwent goes into infinite loop on malformed NIS passwd entry

1225336 --> T102545-03 breaks rpc programs with clnt_call requests Fail with
            RPC_CANTRECV

1220511 --> mktime() doesn't care leap year.

1222421 --> Patch 102545-02 changed clnt_udp.o but should not.

1190985 --> gethostbyname() can trash an existing open file descriptor.

1197137 --> NFS server crashed w/ "Panic: Bad Trap" when NFS client
	    do a "find" over T1 link.

1182835 --> portmapper silently fails with version mismatch by PC-NFS client.

1219835 --> Syslog(3) can be abused to gain root access on 4.X systems


Patch Installation instructions:
-------------------------------
The libraries in this patch may be placed in any directory.  But if you
choose to place any libc.* in a location other than /usr/lib or
/usr/5lib, you'll have to use the -L flag with each ld execution to
"point" to the chosen directory that holds these substitutes.  Since
this is likely to be a somewhat awkward requirement, the patch and the
following install sequence assume you wish to substitute your standard
libraries with the patched versions.
 
The installation of ANY of the library parts may be done while the
system is running, EXCEPT for the SHARED libc's.  It is SAFEST to
substitute the shared libraries while SunOS is booted in single-user
mode or from the SunOS Installation miniroot.  Since using SunOS in
single-user mode is easier than booting the miniroot off the SunOS
Installation CD, the install sequence below will reference
single-user mode.
 
There is one more consideration.  The installation sequence below will
overwrite ALL libc "variants" in /usr/lib and /usr/5lib.  If you have
added/substituted parts to libc.a or libc.s?.X.Y in /usr/lib and/or
/usr/5lib, you will need to 1) preserve these copies, or 2) plan to
resubstitute your material in with these patch versions.
 
It is highly recommended that you "walkthrough" the installation sequence
below to become familiar with what is being done prior to actually
doing it.  You can vary and even skip some steps in these instructions
if you're *confident* you understand what is going on.  Bear in mind that
/usr/lib/libc.so.X.Y dynamically binds the *entire* SunOS and any
corruption to this particular library will render a system virtually
useless.

 
Installing the libc patch:  (perform the following steps in this order)
 
        o save patch distribution under some directory, say '/tmp/X'.
          (if in tar format, untar using tar xpf <patch_archive>.tar)
        o cd /tmp/X
        o su
        o (ensure no users are actively using any libc's)
        o mv /usr/lib/libc.a /usr/lib/libc.a.FCS
        o mv /usr/lib/libc_p.a /usr/lib/libc_p.a.FCS    (1)
        o mv /usr/5lib/libc.a /usr/5lib/libc.a.FCS      (2)
        o mv /usr/5lib/libc_p.a /usr/5lib/libc_p.a.FCS  (2)
        o mv /usr/lib/libbsdmalloc.a /usr/lib/libbsdmalloc.a.FCS
 
        (1) if you do not have this file on your system, then the
        "Debugging" part of the OS distribution has not been loaded.
 
        (2) if you do not have this file on your system, then the
        "SystemV" part of the OS distribution has not been loaded.
 
You will rename your original shared libc's at a later point in the
installation.
 
        o mv /usr/lib/shlib.etc /usr/lib/shlib.etc.FCS
        o mkdir /usr/lib/shlib.etc
        o chmod 2755 /usr/lib/shlib.etc
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/shlib.etc.  If not, you may skip them.
 
        o mv /usr/lib/debug /usr/lib/debug.FCS
        o mkdir /usr/lib/debug
        o chmod 2755 /usr/lib/debug
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/debug.  If not, you may skip them.
 
	o cp -p -R lib/*  /usr/lib
	o cp -p -R 5lib/* /usr/5lib 
 
You are actually copying all the files in lib and 5lib directories
to /usr/lib and /usr/5lib. If you followed all steps mentioned above you
are still in /tmp/X.
 
        o "quiet" system  (have users log off, announce system going down)
        o sync
        o halt
        o >b[oot] vmunix -s
 
You're now booting SunOS in single-user mode.  We will rename the shared
libc's to make them "active" and this is best done, at minimum, under
single-user.

        o cd /usr/lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
	-rw-r--r--  1 root         7996 Oct 13 19:02 /usr/lib/libc.sa.1.9
	-rwxr-xr-x  1 root       516096 Oct 13 19:02 /usr/lib/libc.so.1.9
	-rw-r--r--  1 root         7996 Jan 11 08:49 /usr/lib/libc.sa19
	-rwxr-xr-x  1 root       516096 Jan 11 08:24 /usr/lib/libc.so19

        o sync
        o mv libc.so.1.9 libc.so.1.9.FCS     this saves the original file
 
        o mv libc.so19 libc.so.1.9           this copies the patch to its
                                             new place
 
        o mv libc.sa.1.9 libc.sa.1.9.FCS     this saves the original file
 
        o mv libc.sa19 libc.sa.1.9           this copies the patch to its
                                             new place
        o date
 
Do this last step CAREFULLY.  IF the 'date' command does *anything*
else but show a proper date, then IMMEDIATELY do:
 
        o mv libc.so.1.9 libc.so19
        o mv libc.so.1.9.FCS libc.so.1.9
        o mv libc.sa.1.9 libc.sa19
        o mv libc.sa.1.9.FCS libc.sa.1.9
 
If the date command is successful, continue here:
 
        o cd ../5lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
	-rw-r--r--  1 root         7996 Oct 13 19:02 /usr/5lib/libc.sa.2.9
	-rw-r--r--  1 root       524288 Oct 13 19:02 /usr/5lib/libc.so.2.9
	-rw-r--r--  1 root         7996 Jan 11 08:49 /usr/5lib/libc.sa29
	-rw-r--r--  1 root       524288 Jan 11 08:24 /usr/5lib/libc.so29

 
        o mv libc.so.2.9 libc.so.2.9.FCS     this saves the original file
 
        o mv libc.so29 libc.so.2.9           this copies the patch to its
                                             new place
 
        o mv libc.sa.2.9 libc.sa.2.9.FCS     this saves the original file
 
 
        o mv libc.sa29 libc.sa.2.9           this copies the patch to its
                                             new place
 
Do this last step CAREFULLY also.
 
        o ranlib -t /usr/lib/libc*a*
 
        o ranlib -t /usr/5lib/libc*a*
 
        o ranlib -t /usr/lib/libbsdmalloc.a

        o ^D
 
The install is complete.  The ^D above terminates single-user mode, and
brings your system back up in multi-user mode.
