# CLUSTER_README

NAME: Solaris 2.5.1 Recommended Patch Cluster
DATE: Sep/15/04

########################################################################

This patch cluster is intended to provide a selected set of patches for
the designated Solaris release level.  This is a bundled set of patches
conveniently wrapped for one-step installation.  Only install this
cluster on the appropriate Solaris system.  Carefully read all important
notes and install instructions provided in this README file before
installing the cluster.  A cluster grouping does not necessarily imply
that additional compatibility testing has occured since the individual
patches were released.

WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch 
cluster be performed in single-user mode (Run Level S).

########################################################################
 
CLUSTER DESCRIPTION
-------------------

These Solaris Recommended patches are considered the most important and
highly recommended patches that avoid the most critical system, user, or
security related bugs which have been reported and fixed to date.  In
most cases a Solaris security patch will be included in the recommended
patch set.  It is possible, however, that a security patch may not be
included in the recommended set if it is determined to be a more obscure
application specific issue and not generally applicable.

During initial installation of the Solaris product other patches or patch
sets may be provided with the product and required with product installation.
Refer to the Solaris product installation documentation to be sure that all
the patches required at product installation are already installed.  This
patch cluster can then be used to update or augment the system with the
recommended patches included.

************************ CAUTION: ****************************************

  Before installing the cluster, read 103594's SPECIAL_INSTRUCTIONS file.

**************************************************************************

**************************************************************************
**	NOTE	NOTE	NOTE	NOTE	NOTE	NOTE	NOTE	NOTE	**
**************************************************************************

The Installation and Backout scripts, installpatch and backoutpatch, 
included in the individual patches have been upgraded to the most current
levels. This was done to shorten the installation time of this cluster.  

************************************************************************** 
**      NOTE    NOTE    NOTE    NOTE    NOTE    NOTE    NOTE    NOTE    ** 
************************************************************************** 

PATCHES INCLUDED:
-----------------

104578-05  SunOS 5.5.1: pkgadd/pkginstall & related utilities
103670-10  CDE 1.0.2: dtcm sdtcm_convert rpc.cmsd patch
103630-15  SunOS 5.5.1: ip ifconfig arp udp icmp patch
103663-19  SunOS 5.5.1: libresolv, in.named, named-xfer, nslookup & nstest patch
103558-16  SunOS 5.5.1: admintool/launcher fixes + swmtool fixes & y2000
103582-24  SunOS 5.5.1: /kernel/drv/tcp and /usr/bin/netstat patch
103594-19  SunOS 5.5.1: sendmail fixes
103597-04  SunOS 5.5.1: /kernel/strmod/sockmod patch
103622-16  SunOS 5.5.1: /kernel/drv/sd driver patch
103640-42  SunOS 5.5.1: kernel update patch
103627-15  SunOS 5.5.1: Linker patch
103680-04  SunOS 5.5.1: nscd/nscd_nischeck/nss_files.so.1 patch
103686-03  SunOS 5.5.1: rpc.nisd_resolv patch
103690-13  SunOS 5.5.1: cron/crontab/at/atq/atrm patch
103699-02  SunOS 5.5.1: /usr/sbin/ping patch
103743-01  SunOS 5.5.1: XFN source modifications for BIND 4.9.3
103801-07  SunOS 5.5.1: Patch for make, sccs, as
103817-04  SunOS 5.5.1: /usr/bin/rdist patch
103866-05  SunOS 5.5.1: BCP (binary compatibility) patch
103934-19  SunOS 5.5.1: /kernel/drv/isp patch
103959-13  SunOS 5.5.1: lp patch
104010-02  SunOS 5.5.1: VolMgt Patch
104212-15  SunOS 5.5.1: /kernel/drv/hme patch
104220-04  SunOS 5.5.1: /usr/lib/nfs/mountd patch
104246-08  SunOS 5.5.1: /kernel/drv/fas patch
104266-02  SunOS 5.5.1: inetd patch
104283-04  SunOS 5.5.1: /kernel/fs/procfs patch
104331-08  SunOS 5.5.1: /usr/sbin/rpcbind patch
104334-02  SunOS 5.5.1: lockd patch
104516-03  SunOS 5.5.1: aspppd patch
104560-05  SunOS 5.5.1: /kernel/fs/hsfs patch
104605-12  SunOS 5.5.1: ecpp driver patch
104613-01  SunOS 5.5.1: /usr/lib/newsyslog patch
104650-03  SunOS 5.5.1: /usr/bin/rlogin patch
104654-05  SunOS 5.5.1: automount/automountd patch
104166-05  SunOS 5.5.1: /usr/lib/nfs/statd patch
104692-02  SunOS 5.5.1: usr/sbin/in.talkd patch
104708-21  SunOS 5.5.1: ssd, pln, soc, ssaadm and ssafirmware patch
104735-02  SunOS 5.5.1: platform/sun4m/kernel/drv/sx patch
104736-06  SunOS 5.5.1: /usr/bin/csh patch
104776-02  SunOS 5.5.1: libvolmgt patch
104795-02  SunOS 5.5.1: eeprom patch
104841-06  SunOS 5.5.1: /usr/sbin/vold patch
104893-02  SunOS 5.5.1: /kernel/sys/c2audit patch
104935-01  SunOS 5.5.1: usr/sbin/in.rlogind patch
103738-14  SunOS 5.5.1: /usr/sbin/syslogd patch
104956-04  SunOS 5.5.1: usr/sbin/in.rarpd patch
104958-01  SunOS 5.5.1: usr/sbin/in.rdisc patch
104960-02  SunOS 5.5.1: usr/sbin/snoop patch
104968-02  SunOS 5.5.1: chkey and newkey patch
105004-12  SunOS 5.5.1: pci_pci, ebus, pci and rootnex driver patch
105050-01  SunOS 5.5.1: usr/bin/ps and usr/ucb/ps patch
105092-01  SunOS 5.5.1: usr/sbin/sysdef patch
105299-02  SunOS 5.5.1: kernel/misc/nfssrv patch
105784-05  SunOS 5.5.1: libbsm patch
106382-01  SunOS 5.5.1: /usr/sbin/rmmount patch
105310-14  SunOS 5.5.1: Patch for socal, sf driver, and luxadm
105324-04  SunOS 5.5.1: ses driver patch
105344-01  SunOS 5.5.1: usr/bin/gcore patch
105352-01  SunOS 5.5.1: kernel/exec/elfexec patch
103981-18  SunOS 5.5.1: glm driver patch
104595-10  SunOS 5.5.1: prtdiag patch
104628-05  SunOS 5.5.1: driver_aliases, driver_classes and name_to_major patch
105789-08  VIS/XIL 2.5.1: Graphics Patch
105790-23  Creator 2.5.1: FFB Graphics Patch
103879-05  OpenWindows 3.5.1: KCMS tools have security vulnerability
103566-57  OpenWindows 3.5.1: Xsun patch
103900-01  OpenWindows 3.5.1: XView Binary Compatibility Patch
103901-13  OpenWindows 3.5.1: Xview Patch
104338-03  OpenWindows 3.5.1: libXt patch
104533-05  OpenWindows 3.5.1: OLIT Patch
104976-08  OpenWindows 3.5.1: Calendar Manager patch
105251-01  OpenWindows 3.5.1: libXt Binary Compatibility Patch
106224-01  OpenWindows 3.5.1: filemgr (ff.core) fixes
106663-01  OpenWindows 3.5.1: libdeskset patch
106662-01  OpenWindows 3.5.1: libce suid/sgid security fix
103461-35  Motif 1.2.3: Runtime library patch
107756-01  SunOS 5.5.1: /usr/bin/pax patch
104873-08  SunOS 5.5.1: /usr/bin/uustat and other uucp fixes
106689-01  SunOS 5.5.1: /usr/sbin/in.uucpd patch
106905-01  SunOS 5.5.1: apropos/catman/man/whatis patch
104093-08  OpenWindows 3.5.1: mailtool patch
106411-06  OpenWindows 3.5.1: xdm patch
108658-02  SunOS 5.5.1: Patch for sadmind
104489-15  OpenWindows 3.5.1: ToolTalk patch
106529-08  SunOS 5.5.1: Shared library patch for C++
108497-01  SunOS 5.5.1: ASET sets gid on /tmp,/var/tmp when med/high security
108470-01  SunOS 5.5.1: Possible denial of service bug
109275-04  SunOS 5.5.1: /usr/bin/mail patch
109392-01  SunOS 5.5.1: /usr/vmsys/bin/chkperm patch
108802-02  SunOS 5.5.1: /usr/bin/tip patch
110109-02  SunOS 5.5.1: jserver buffer overflow
110110-02  SunOS 5.5.1 HW 497: jserver buffer overflow
110111-02  SunOS 5.5.1 HW897,HW1197: jserver buffer overflow
109721-01  SunOS 5.5.1: arp should lose set-gid bit
104637-04  SunOS 5.5.1: /usr/ccs/lib/libcurses.a patch
111279-01  SunOS 5.5.1: in.fingerd can store a NULL after end of an array
103891-08  SunOS 5.5.1: ksh and rksh patch
111281-01  SunOS 5.5.1: finger doesn't always correctly match NULL usernames
108083-01  SunOS 5.5.1: Dump patch
105165-04  SunOS 5.5.1: /usr/lib/netsvc/yp/ypbind patch
111576-01  SunOS 5.5.1: catman makes dangerous use of tmpfiles.
111842-01  SunOS 5.5.1: nawk line length limit corrupts patch dependency
103867-04  SunOS 5.5.1: jsh, sh and rsh patch
111840-01  SunOS 5.5.1: Buffer overflow in whodo via $TZ
105962-05  SunOS 5.5.1: vi/ex/edit/view/vedit patch
111025-02  SunOS 5.5.1: sdiff patch
105998-03  SunOS 5.5.1: /usr/bin/bdiff patch
111916-01  SunOS 5.5.1: telmod could panic the system
112086-03  SunOS 5.5.1: /usr/bin/mailx security problem
104818-02  SunOS 5.5.1: /usr/bin/passwd and pam patch
106160-02  SunOS 5.5.1: /usr/bin/login patch
108363-02  CDE 1.0.2: libDtSvc Patch
104178-04  CDE 1.0.2: dtmail fixes
112891-01  SunOS 5.5.1: rpc.rwalld has format string problem
104849-09  SunOS 5.5.1: /kernel/fs/cachefs patch
106396-02  SunOS 5.5.1: /usr/lib/saf/ttymon patch
105097-03  SunOS 5.5.1: usr/lib/libsocket.a and usr/lib/libsocket.so.1 patch
103603-16  SunOS 5.5.1: ftp, in.ftpd, in.rexecd and in.rshd patch


IMPORTANT NOTES AND WARNINGS:
-----------------------------

SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES:
With or without using the save option, the patch installation process
will still require some amount of disk space for installation and
administrative tasks in the /, /usr, /var, or /opt partitions where
patches are typically installed.  The exact amount of space will
depend on the machine's architecture, software packages already
installed, and the difference in the patched objects size.  To be
safe, it is not recommended that a patch cluster be installed on a
system with less than 4 MBytes of available space in each of these
partitions.  Running out of disk space during installation may result
in only partially loaded patches.  Be sure a recent full system backup
is available in case a problem occurs, and check to be sure adequate
disk space is available before installing the patch cluster. 

SAVE AND BACKOUT OPTIONS:
By default, the cluster installation procedure uses the installpatch
save feature to save the base objects being patched.  Prior to installing
the patches the cluster installation script will first determine if
enough system disk space is available in /var/sadm/patch to save the
base objects and will terminate if not.  Patches can only be individually
backed out with the original object restored if the save option was used
when installing this cluster.  Please later refer to the backoutpatch
instructions provided in the individual patch README file which will be
located in the specific patch directory under /var/sadm/patch after
the patch has been installed.  It is possible to override the save
feature by using the [-nosave] option when executing the cluster
installation script.  Using the nosave option, however, means that you
will not be able to backout individual patches if the need arises.

SPECIAL INSTALL INSTRUCTIONS:
As with any patch individually applied, there may be additional special
installation instructions which are documented in the individual patch
readme file.  It is recommended that each individual patch readme is
reviewed before installing this cluster to determine if any additional
installation steps are necessary for a patch.  Otherwise it is possible
that an individual patch may still not be completely installed in all
respects after the cluster has been installed.

DISKLESS OR DATALESS CLIENT SYSTEMS:
On server machines that service diskless and/or dataless clients, a
patch is NOT applied to existing clients or to the client root template
space.  Therefore, all client machines of the server that will need
this cluster will have to individually apply this cluster.  Install
this cluster on the client machines first, then the server.

A PATCH MAY NOT BE APPLIED:
Under certain circumstances listed below, a particular patch provided in
this cluster may not be installed if:
 
- The patch applies to a package that has not originally been installed
- The same or newer revision of the patch has already been installed
- The patch was obsoleted by another patch that has already been installed
- The package database is corrupt or missing

Use the 'showrev -p' command to compare the list of patches already 
installed on the system with the patch list and revision levels provided
in this cluster.  During installation, the install process will indicate
if a patch was not applied and more detailed installation messages will
be logged to the installation log file.  The README file with each patch
also provides documentation regarding install and backout messages.

OLDER VERSIONS OF PATCHES ALREADY INSTALLED:
Backout of older versions of patches provided in the cluster is not
required in order for the newer version to be installed.  However
not backing out an older rev before installing a newer rev will
cause showrev -p to continue to show the older rev along with the
newer rev.  And, if the older rev was previously installed with
the save option, the older rev will continue to occupy disk space
in /var/sadm/patch even though it has been obsoleted by the new rev.
The backoutpatch utility will only allow the most recently saved
objects to be restored, thus there are no serious risks associated
with leaving an older rev on the system.  It just may, however,
avoid confusion and be more economical to first backout an older
patch rev before installing a newer rev.


INSTALL INSTRUCTIONS:
---------------------

First, be sure the patch cluster has been uncompressed and extracted
if the cluster was received as a tar.Z file, then proceed as follows:


1)      Decide on which method you wish to install the cluster:

Recommended Method Using Save Feature:
 
By default, the cluster installation procedure uses the installpatch
save feature to save the original objects being patched.  Prior
to installing the patches the cluster installation script will
first determine if enough system disk space is available in
/var/sadm/patch to save the objects and will terminate if not.
Using the default save feature is recommended. 
 
Method Using No Save Option:
 
It is possible to override the save feature by using the [-nosave]
option when executing the cluster installation script.  Using the
nosave option means that you will not be able to backout individual
patches if the need arises.
 
 
2)      Run the install_cluster script

        cd <patch cluster directory>
        ./install_cluster

By default, a message warning the user to check for minimum disk
space allowance (separate from the save feature) will appear
and allow the user to abort if inadequate space exists.  To
suppress this interactive message the "-q" (quiet) option can
be used when invoking install_cluster.
 
The progress of the script will be displayed on your terminal.
It should look something like:
 
# ./install_cluster
 
Patch cluster install script for <cluster name>
 
Determining if sufficient save space exists...
Sufficient save space exists, continuing...
Installing patches located in <patch cluster directory>
Installing <patch-id>
Installing <patch-id>
.
.
.
Installing <patch-id>
 
For more installation messages refer to the installation logfile:
   /var/sadm/install_data/<cluster name>_log
 
Use '/usr/bin/showrev -p' to verify installed patch-ids.
Refer to individual patch README files for more patch detail.
Rebooting the system is usually necessary after installation.
#
         
 
3)      Check the logfile if more detail is needed.
 
If errors are encountered during the installation of this cluster,
error messages will be displayed during installation.  More details
about the causes of failure can be found in the detail logfile:
 
        more /var/sadm/install_data/<cluster name>_log
 
If this log file previously existed the latest cluster installation
data will be concatenated to the file, so check the end of the file.
 
         
4)      THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!