Patch-ID# 105210-52 Keywords: security y2000 watchmalloc libc sigchld nisplus getgrent_r leak Synopsis: SunOS 5.6: libaio, libc & watchmalloc patch Date: Feb/01/2005 Install Requirements: Reboot after installation Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 105211 Topic: SunOS 5.6: libaio, libc & watchmalloc patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 1199039 1256914 1257084 4014149 4025238 4042527 4052568 4053258 4055257 4067374 4069573 4075686 4079059 4079320 4089406 4089981 4097441 4100561 4101392 4102420 4104740 4110771 4112035 4118037 4118295 4118653 4127014 4127727 4128660 4132657 4135013 4136059 4146098 4148058 4155392 4159074 4162491 4166495 4175558 4184623 4185433 4188005 4190645 4192195 4193683 4220394 4225913 4227724 4231212 4240566 4244731 4253437 4291844 4301477 4302592 4303962 4311360 4314913 4314993 4357778 4366956 4374039 4375449 4375529 4386274 4396628 4408502 4419882 4428257 4452064 4457358 4459797 4506569 4661997 4669963 4749274 4767215 4785625 Changes incorporated in this version: 4785625 Patches accumulated and obsoleted by this patch: 106044-03 Patches which conflict with this patch: Patches required with this patch: 105181-22 (or greater) Obsoleted by: Files included with this patch: /etc/default/nss /usr/include/nl_types.h /usr/lib/libaio.so.1 /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libp/libc.a /usr/lib/nss_nis.so.1 /usr/lib/nss_nisplus.so.1 /usr/lib/pics/libc_pic.a /usr/lib/watchmalloc.so.1 Problem Description: 4785625 Oracle LGWR crashes with EINVAL (from 105210-51) 4749274 MT-Safe functions such as syslog(3C) and wordexp(3C) cannot use fork() (from 105210-50) 4767215 Incorrect output with kP format, losing significant digits. (from 105210-49) 4669963 Strong security checks in catgets(3C) break setuid application (from 105210-48) 4311360 updwtmp(3c) creates files with unspecified permissions (from 105210-47) 4661997 buffer overflow in dbm_open (from 105210-46) 4375529 realpath modifies filename when ENOENT is returned (from 105210-45) 4135013 Cannot enter into single user mode. (from 105210-44) 4506569 catgets() function call doesn't return, hang in extract_format() (from 105210-43) 4408502 lfmt(3C) calls ctime() which is MT_Unsafe. (from 105210-42) 4419882 large select(3c) timeout (from 105210-41) Re-spin of rev -40 to correct a Class Action Script problem associated with patchadd. (from 105210-40) 4457358 __aiosendsig() alters signal mask(SIGIO) but *does not* restore back (from 105210-39) 4396628 UNIX98: catopen() does not set errno when it receives a null or empty string 4386274 check_nlspath_env should avoid using strncmp() 4452064 errno handling of catgets is not correct 4428257 Kernel patch 106541-15 makes application dysfunctional 4459797 catgets sets errno to EBADF for the special message catalog for C locale (from 105210-38) 1257084 login times out, due to excessive time in group lookup 4357778 PSARC 2000/038 create /etc/default/nss (from 105210-37) 4069573 _ltzset has a memory leak solaris 5.5.1 4148058 _ltzset_u may cause a core dump if calloc() failed in _tzload(). (from 105210-36) 4314993 libc .init race causes .div to overwrite return address in MT application 4366956 NLSPATH gettext introduces problems when used printf format specifier 4375449 dtmail crashes when calling catgets with NULL default message (from 105210-35) 4374039 libc/realpath can still write past end of buffer (from 105210-34) 4302592 TLI library is not fork-safe (from 105210-33) 4303962 multi-threaded fork1/execvp can fail because __environ_lock is held in parent (from 105210-32) 4253437 Ansync I/O problem. (from 105210-31) 4159074 mktemp(3C) is unsafe at any speed (from 105210-30) 4291844 strftime and strptime are MT-Unsafe due to use of tzname[] (from 105210-29) 4185433 strftime() causes ar tv with TZ=MET-1METDST,M3.5.0,M10.5.0 show wrong date (from 105210-28) 4225913 malloc does not set errno to ENOMEM when not enough memory 4193683 malloc() with very big requested array size works incorrectly 4314913 fix for Bug 4042527 leaves part of heap unusable, so frees can not combine. 4053258 calloc does not set errno to ENOMEM when not enough memory 4042527 fix for Bug 4042527 leaves part of heap unusable, so frees can not combine. malloc does not comply with standard 4100561 watchmalloc.so.1 malfunctions when applied to a process using valloc() (from 105210-27) 4052568 libthread/libpthread is not fork1-safe (as documented) (from 105210-26) 4162491 localtime() fails for earliest possible time (and possibly others) (from 105210-25) 4231212 SEGV in a signal handler (from 105210-24) 4075686 syslog() leaks file descriptor if openlog not called() (from 105210-23) 4227724 None of atoi, atof, atol and strtol works correctly in multi-byte locales (from 105210-22) 4240566 security: LC_MESSAGES buffer overflow (from 105210-21) 4220394 wait3 library function fails after 248 days (from 105210-20) 4192195 ftime() does not update contents of struct timeb timezone and dstflag members (from 105210-19) 4110771 getusershell(3c) causes memory corruption, causing ftpd to core dump (from 105210-18) 4184623 broken date in GMT timezone, displays as BST with TZ=GB-Eire 4155392 timezone change gives wrong alternate timezone 4136059 utc changes from 2.5.1 to 2.6 cause problems when including OS patches 4188005 mktime() can return wrong time if using multiple TZ's 4175558 TZ=GMT0BST-1,M3.5.0/2:00,M10.5.0/2:00 breaks 6 times from now to 2037 4190645 Y2000 Problem in libc in function posixgetdst - Backport of 4152473 (from 105210-17) 4132657 On solaris 2.5.1 BCP, connect() returns RESTART instead of EINTR 4146098 connect() and accept() can RESTART instead of returning EINTR (from 105210-16) 4079059 fscanf core dumps on Solaris 5.5.1 and 5.6, but not 5.0 (from 105210-15) 4166495 libthread is not fork-safe wrt to system() (from 105210-14) 4127014 putc() seems to call write twice under Solaris 2.6 4025238 infinite loop in printf if file descriptor 1 is closed. (from 105210-13) 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run (from 105210-12) 4067374 localtime(0) error (from 105210-11) 4118653 libc MT synch. Object init. Stubs should not be no-ops (was sdtimage can spin ..) (from 105210-10) 4104740 ftrylockfile symbol missing from libc mapfiles (from 105210-09) 4127727 getgrgid_r() can corrupt stack / buffers if buffer is too small. 4128660 An application using getnam_r core dumps with the latest libc patch 4118037 getgrent_r() hangs if nis is not up and libthread is linked in. (from 105210-08) 1199039 strptime() doesn't work (from 105210-07) 4079320 regex works on 2.4 but not on 2.5+ with complex string. (from 105210-06) 4118295 LC_* can be used to obtain root access from setuid programs (from 105210-05) 4112035 strptime works fine on 2.5.1, but not on 2.6 NOTE: Original fix introduced in rev04 had problems with hotjava. (from 105210-04) 4112035 strptime works fine on 2.5.1, but not on 2.6 (from 105210-03) 1256914 strptime %EY can return incorrect year if 2nd or subsequent era segment used 4089981 ldivide() dumps core when a program is executed in Solaris 2.6 (from 105210-02) 4089406 readdir()/telldir() should accept *all* 32 bit cookies, not just those <= LONG_M 4097441 system() does not establish SIGCHLD handler (from 105210-01) 4055257 realloc failure does not leave original region "intact" (from 106044-03) 4244731 initgroups() doesn't return all groups when RFE 4005653 is on NIS+ server 4301477 Unable to authenticate user when linked with libthread and using NIS+ (from 106044-02) 4014149 getpwent under NIS has a memory problem using +@netgroup (from 106044-01) 4101392 when getgrent_r returns NULL, memory leak happens. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- Reboot the system after patch installation. NOTE 1: To get the complete fix for 4089406, one also needs install the /usr/sbin/static/tar patch, 105926-01 (or newer). NOTE 2: To get the complete fix for bug 4102420 (segv's and libthread panics when numerous pthread_cancel()'s are run), one also needs to install the libthread patch, 105568-10 or its newer revision. NOTE 3: To get the complete fix for 4240566 (security: LC_MESSAGES buffer overflow), we recommend installing the following patches: 105722-03 (or newer) /usr/lib/fs/ufs/ufsrestore 107991-01 (or newer) /usr/sbin/static/rcp patch NOTE 4: To get the complete fix for bug 4052568 (libthread/ libpthread is not fork1-safe as documented), one also needs to install the libthread patch, 105568-16 or its newer revision. NOTE 5: To get the complete fix for bug 4303962 (multi-threaded fork1/execvp can fail because __environ_lock is held in parent), one also needs to install the libthread patch, 105568-20 or its newer revision. NOTE 6: To get the complete fix for bug 4302592 (TLI library is not fork-safe), one also needs to install the libnsl patch, 105401-33 or its newer revision. NOTE 7: To get the complete fix for 4366956 (NLSPATH gettext introduces problems when used printf format specifier), we recommend installing the following patches: 107991-02 (or newer) /usr/sbin/static/rcp patch 106049-02 (or newer) /usr/sbin/in.telnetd 105722-07 (or newer) /usr/sbin/ufsrestore README -- Last modified date: Tuesday, February 1, 2005