Patch-ID# 105697-02
Keywords: security y2000 libc international bar date
Synopsis: SunOS 4.1.4 (HLE): (Chinese HLE1.1.4) international y2000 mult fixes patch
Date: Aug/09/99

********************************************************************************

	This is the traditional Chinese version of libc and may be given
        to any customer.

        PLEASE read the ENTIRE installation discussion before proceeding with
        the installation of this patch.

********************************************************************************

Solaris Release: 1.1.2 (HLE)

   Note: HLE 1.1.4

SunOS Release:  4.1.4

Unbundled Product: 

Unbundled Release: 

BugId's fixed with this patch: 1070813 1220511 1219835 1182835 1190985 1197137 1222421 1225336 1043741 1264595 4018724 4018723 1086103 4186756

Changes incorporated in this version:

Patches accumulated and obsoleted by this patch: 

Relevant Architecture: sparc
    NOTE: sun4(all)

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch:
/usr/lib/libc.a
/usr/lib/libc_p.a
/usr/lib/libbsdmalloc.a
/usr/lib/libc.sa19
/usr/lib/libc.so19
/usr/lib/libc.sa1019
/usr/lib/libc.so1019
/usr/5lib/libc.a
/usr/5lib/libc_p.a
/usr/5lib/libc.sa29
/usr/5lib/libc.so29
/usr/5lib/libc.sa1029
/usr/5lib/libc.so1029
/usr/lib/debug/malloc.o
/usr/lib/debug/mallocmap.o
/usr/lib/shlib.etc/README
/usr/lib/shlib.etc/Makefile
/usr/lib/shlib.etc/awkfile
/usr/lib/shlib.etc/libc_pic.a
/usr/lib/shlib.etc/libcs5_pic.a
/usr/lib/shlib.etc/lorder-sparc
/usr/lib/shlib.etc/objsort
/usr/compat/5lib/libc.a
/usr/compat/5lib/libc_p.a
/usr/compat/lib/libc.a
/usr/compat/lib/libc_p.a
/usr/bin/date
/usr/bin/bar

NOTE:
/usr/lib/libc.sa19	gets installed as lib/libc.sa.1.9
/usr/lib/libc.so19	gets installed as lib/libc.so.1.9
/usr/lib/libc.sa1019	gets installed as lib/libc.sa.101.9
/usr/lib/libc.so1019 	gets installed as lib/libc.so.101.9
/usr/5lib/libc.sa29	gets installed as 5lib/libc.sa.2.9
/usr/5lib/libc.so29	gets installed as 5lib/libc.so.2.9
/usr/5lib/libc.sa1029	gets installed as 5lib/libc.sa.102.9
/usr/5lib/libc.so1029	gets installed as 5lib/libc.so.102.9

Problem Description: 
 
4186756 --> strptime() %j gives incorrect day of the year

4018724 --> 4.x strptime %y doesn't recognize the year is 2000 or greater

1070813 --> mblen() and mbtowc() return 1 when pointing to null char

1264595 --> strncmp core dumps when used at the end of a page of memory

1043741 --> getpwent goes into infinite loop on malformed NIS passwd entry

1225336 --> T102545-03 breaks rpc programs with clnt_call requests Fail with
            RPC_CANTRECV

1220511 --> mktime() doesn't care leap year.

1222421 --> Patch 102545-02 changed clnt_udp.o but should not.

1190985 --> gethostbyname() can trash an existing open file descriptor.

1197137 --> NFS server crashed w/ "Panic: Bad Trap" when NFS client
	    do a "find" over T1 link.

1182835 --> portmapper silently fails with version mismatch by PC-NFS client.

1219835 --> Syslog(3) can be abused to gain root access on 4.X systems

4018723 --> 4.x bar doesn't work when the system date is 2000 or greater

1086103 --> date command does not set date correctly beyond 1999


Patch Installation instructions:
-------------------------------
The libraries in this patch may be placed in any directory.  But if you
choose to place any libc.* in a location other than /usr/lib or
/usr/5lib, you'll have to use the -L flag with each ld execution to
"point" to the chosen directory that holds these substitutes.  Since
this is likely to be a somewhat awkward requirement, the patch and the
following install sequence assume you wish to substitute your standard
libraries with the patched versions.
 
The installation of ANY of the library parts may be done while the
system is running, EXCEPT for the SHARED libc's.  It is SAFEST to
substitute the shared libraries while SunOS is booted in single-user
mode or from the SunOS Installation miniroot.  Since using SunOS in
single-user mode is easier than booting the miniroot off the SunOS
Installation tapes, the install sequence below will reference
single-user mode.
 
There is one more consideration.  The installation sequence below will
overwrite ALL libc "variants" in /usr/lib and /usr/5lib.  If you have
added/substituted parts to libc.a or libc.s?.X.Y in /usr/lib and/or
/usr/5lib, you will need to 1) preserve these copies, or 2) plan to
resubstitute your material in with these patch versions.
 
It is highly recommended that you "walkthru" the installation sequence
below to become familiar with what is being done prior to actually
doing it.  You can vary and even skip some steps in these instructions
if you're *confident* you understand what is going on.  Bear in mind that
/usr/lib/libc.so.X.Y dynamically binds the *entire* SunOS and any
corruption to this particular library will render a system virtually
useless.
 

Installing the libc patch:  (perform the following steps in this order)
 
        o save patch distribution under some directory, say '/tmp/X'.
          (if in tar format  untar using tar xpf <patch_archive>.tar)
        o cd /tmp/X
        o su
        o (ensure no users are actively using any libc's)
        o mv /usr/lib/libc.a /usr/lib/libc.a.FCS
        o mv /usr/lib/libc_p.a /usr/lib/libc_p.a.FCS    (1)
        o mv /usr/5lib/libc.a /usr/5lib/libc.a.FCS      (2)
        o mv /usr/5lib/libc_p.a /usr/5lib/libc_p.a.FCS  (2)
        o mv /usr/lib/libbsdmalloc.a /usr/lib/libbsdmalloc.a.FCS
 
        (1) if you do not have this file on your system, then the
        "Debugging" part of the OS distribution tape has not been
        loaded.
 
        (2) if you do not have this file on your system, then the
        "SystemV" part of the OS distribution tape has not been
        loaded.
 
You will rename your original shared libc's at a later point in the
installation.
 
        o mv /usr/lib/shlib.etc /usr/lib/shlib.etc.FCS
        o mkdir /usr/lib/shlib.etc
        o chmod 2755 /usr/lib/shlib.etc
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/shlib.etc.  If not, you may skip them.
 
        o mv /usr/lib/debug /usr/lib/debug.FCS
        o mkdir /usr/lib/debug
        o chmod 2755 /usr/lib/debug
 
These above 3 steps may be done if you wish to preserve completely your
original /usr/lib/debug.  If not, you may skip them.
 
	o cp -p -R lib/*  /usr/lib
	o cp -p -R 5lib/* /usr/5lib 
 
You are actually copying all the files in lib and 5lib directories
to /usr/lib and /usr/5lib. If you followed all steps mentioned above you
are still in /tmp/X.
 
        o "quiet" system  (have users log off, announce system going down)
        o sync
        o halt
        o >b[oot] vmunix -s
 
You're now booting SunOS in single-user mode.  We will rename the shared
libc's to make them "active" and this is best done, at minimum, under
single-user.
 
        o cd /usr/lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 
	-rw-r--r--  1 root         7996 Oct 14  1994 libc.sa.1.9
	-rwxr-xr-x  1 root       516096 Oct 14  1994 libc.so.1.9
	-rw-r--r--  1 root        11880 Dec  9  1994 libc.sa.101.9
	-rwxr-xr-x  1 root       532480 Dec  9  1994 libc.so.101.9
	-rw-r--r--  1 root         7996 Nov 28 17:37 libc.sa19
	-rw-r--r--  1 root       524288 Nov 28 17:37 libc.so19
	-rw-r--r--  1 root        11904 Nov 28 10:14 libc.sa1019
	-rw-r--r--  1 root       532480 Nov 28 10:14 libc.so1019

        o sync
        o mv libc.so.1.9 libc.so.1.9.FCS     this saves the original file
 
        o mv libc.so19 libc.so.1.9           this copies the patch to its
                                             new place
 
        o mv libc.sa.1.9 libc.sa.1.9.FCS     this saves the original file
 
        o mv libc.sa19 libc.sa.1.9           this copies the patch to its
                                             new place
 
        o mv libc.so.101.9 libc.so.101.9.FCS this saves the original file
 
        o mv libc.so1019 libc.so.101.9       this copies the patch to its
                                             new place
 
        o mv libc.sa.101.9 libc.sa.101.9.FCS this saves the original file
 
        o mv libc.sa1019 libc.sa.101.9       this copies the patch to its
                                             new place
 
        o date
 
Do this last step CAREFULLY.  IF the 'date' command does *anything*
else but show a proper date, then IMMEDIATELY do:
 
        o mv libc.so.1.9 libc.so19
        o mv libc.so.1.9.FCS libc.so.1.9
        o mv libc.sa.1.9 libc.sa19
        o mv libc.sa.1.9.FCS libc.sa.1.9
        o mv libc.so.101.9 libc.so1019
        o mv libc.so.101.9.FCS libc.so.101.9
        o mv libc.sa.101.9 libc.sa1019
        o mv libc.sa.101.9.FCS libc.sa.101.9
 
If the date command is successful, continue here:
 
        o cd ../5lib
        o ls -l libc.s*
 
                You will get an output similar to the following:
 

	-rw-r--r--  1 root         7996 Oct 14  1994 libc.sa.2.9
	-rw-r--r--  1 root       524288 Oct 14  1994 libc.so.2.9
	-rw-r--r--  1 root         7996 Nov 28 17:34 libc.sa29
	-rw-r--r--  1 root       524288 Nov 28 17:34 libc.so29
	-rw-r--r--  1 root        11880 Dec  9  1994 libc.sa.102.9
	-rw-r--r--  1 root       524288 Dec  9  1994 libc.so.102.9
	-rw-r--r--  1 root        11904 Nov 28 10:14 libc.sa1029
	-rw-r--r--  1 root       532480 Nov 28 10:14 libc.so1029

 
        o mv libc.so.2.9 libc.so.2.9.FCS     this saves the original file
 
        o mv libc.so29 libc.so.2.9           this copies the patch to its
                                             new place
 
        o mv libc.sa.2.9 libc.sa.2.9.FCS     this saves the original file
 
 
        o mv libc.sa29 libc.sa.2.9           this copies the patch to its
                                             new place
 
        o mv libc.so.102.9 libc.so.102.9.FCS this saves the original file
 
        o mv libc.so1029 libc.so.102.9       this copies the patch to its
                                             new place
 
        o mv libc.sa.102.9 libc.sa.102.9.FCS this saves the original file
 
        o mv libc.sa1029 libc.sa.102.9       this copies the patch to its
                                             new place
 
Do this last step CAREFULLY also.
 
        o ranlib -t /usr/lib/libc*
          You will see "not an archive: /usr/lib/libc.so.1.9"
          This is OK.

        o ranlib -t /usr/5lib/libc*
          You will see "not an archive: /usr/5lib/libc.so.2.9"
          This is OK.

        o ^D
 
Do the install for bar and date:

	o cp bin/bar /usr/bin
	o cp bin/date /usr/bin

The install is complete.  The ^D above terminates single-user mode, and
brings your system back up in multi-user mode.
