Patch-ID# 101331-08 Keywords: security pkgmk pkgtrans pkginstall pkgremove pkgadd pkgrm pkgchk y2000 Synopsis: SunOS 5.3: fixes for package utilities Date: Sep/03/97 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: fixes for package utilities NOTE 1: It is recommended that this patch be installed if other patches will also be applied since installpatch and backoutpatch use package utilities for installing or removing patch packages. NOTE 2: We recommend installing all the following bundled Solaris 2.3 OS/Networking patches which contain the Y2000 fixes: 101317-22 (or higher revs) lp jumbo patch 101318-88 (or higher revs) kernel jumbo patch 101331-08 (or higher revs) fixes for package utilities 101343-03 (or higher revs) troff macro patch 101572-07 (or higher revs) cron and at fixes 101767-02 (or higher revs) usr/bin/passwd patch 103941-02 (or higher revs) accounting patch 104797-02 (or higher revs) eeprom patch 104877-01 (or higher revs) usr/sbin/sar patch 104878-01 (or higher revs) usr/bin/date patch 104880-01 (or higher revs) usr/bin/uustat patch 104882-01 (or higher revs) usr/lib/saf/listen patch 104883-01 (or higher revs) ufsdump and ufsrestore patch 104884-01 (or higher revs) usr/vmsys/bin/initial patch 105013-01 (or higher revs) usr/lib/libkrb.a and BugId's fixed with this patch: 1101558 1116592 1129208 1134722 1136883 1138068 1144029 1145306 1146697 1149451 1150701 1151306 1152008 1166085 1169128 1172439 1172831 1172879 1174333 1177624 1179996 1182189 1182544 1184481 1185933 1186930 1189160 1193403 1194482 1195386 1197715 1198797 1203747 1204901 1205280 1266030 4041549 Changes incorporated in this version: 1266030 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/pkgparam /usr/bin/pkgproto /usr/bin/pkgtrans /usr/bin/pkginfo /usr/bin/pkgmk /usr/lib/libadm.a /usr/lib/libadm.so.1 /usr/lib/libpkg.a /usr/sadm/install/bin/pkginstall /usr/sadm/install/bin/pkgremove /usr/sadm/install/scripts/i.CompCpio /usr/sbin/installf /usr/sbin/pkgadd /usr/sbin/pkgchk /usr/sbin/pkgrm /usr/sbin/removef Problem Description: 1266030 ckdate() - .../lib/libadm/ckdate.c has inorrect validation for the 2000+ year YY (from 101331-07) 4041549 buffer overflow security hole for /bin/eject in 2.4 and 2.3 (from 101331-06) 1101558 pkgadd should display package name when prompting user 1116592 pkgmk does not accept /dev/null as source file 1146697 When we set ULIMIT in pkginfo , the package source is not installed correctly. 1150701 admin file(conflict=nochange) => pkgadd overwrites existing file 1152008 Pkgadd fails to modify file permissions if cpio fails. 1166085 support a pre-required patch field in pkginfo and via installpatch 1172439 pkgrm does not use the correct install_root / PKGSAV directory 1172879 DOS Merge install uses pkgadd -d , postinstall script not being run 1174333 packaging keeps overwritten instances in /var/sadm/pkg 1177624 pkgmk: core dump, test purposes pkgmk.27.4/pkgmk.36.4 1179996 pkgproto fails to recognize block and character devices 1182544 pkgadd allows multiple installation of the same package at different location 1184481 pkginfo gives incorrect date 1185933 pkgadd fails setuid process test pkgadd.15.3 1186930 pkgadd can drop core if NIS+ returns faulty passwd structure 1189160 pkgadd fails test purpose pkgadd.21.5 1193403 installf creates duplicate entries in contents file installf creates duplicate entries in contents file 1194482 pkgparam is broken under Solaris 2.3 1195386 superfluous message conflict message in pkgadd 1197715 package save directory is transitory! 1198797 pkgadd has serious problem with class-action scripts 1204901 pkgadd cannot install SUNWcsu of different architecture 1203747 pkgadd doesn't recognize a COC console 1205280 pkgadd fails to assign BASEDIR for a sparse package (from 101331-05) 1182189 pkgchk core dumps during pkgrm of software package (from 101331-04) 1169128 pkginstall may core dump when group entry has no password field set 1144029 If there is no BASEDIR field in pkginfo file,the "pkginfo -r" is core dumped. 1151306 pkgproto creates incorrect prototype entries for hard links. 1172831 pkgadd stops where the file include "%S" in its name If the NIS+ unix group table has a blank password field, pkgproto and pkgadd may drop core. This also resolves an error in pkgproto which caused it to generate incorrect entries for hard links and in pkgadd which was unable to install files which contained a "" in the name. (from 101331-03) 1149451 pkgadd may drop core while installing executable files If patch number 101331-01 has been installed on this system then the following command must be run prior to installing this patch (101331-03). /var/sadm/patch/101331-01/backoutpatch 101331-01 (from 101331-02) 1149451 pkgadd may drop core while installing executable files There was a typographical error in pkginstall/cppath.c which comments out a crucial part of the code. (from 101331-01) 1136883 Patch 100999: WARNING: unable to rename 1134722 pkgmk truncates CATEGORY list 1138068 pkgtrans gets error when trying to transfer more than 14 pkgs on cmd line 1129208 pkgtrans on 493 incompatible with mars 1145306 /et filesystem causes pkgadd to get confused The facilities for dealing with updating executables or files in use at the time of update, did not properly rename files in the root directory, leading o warnings regarding files in that file system such as /kadb. When attempting to build a package, if the CATEGORY or ARCH entries in the pkginfo file involved more than one entry, only the first would be incorporated into the resulting package. This is inconsistent with the requirements of the ABI. The packaging utility 'pkgtrans' limited command lines as well as numerous internal buffers for command construction to 512 bytes. If pkgtrans was called upon to transfer a large number of packages by providing a list of packages on the command line or by use of the keyword 'all', these buffers would overflow leading to failure of the transfer and a core dump. No meaningful message is supplied the user to explain this behavior. If the utility were used with an Exabyte tape drive and the list of packages as longer than about 14, the data written to the tape would have a blocking factor incompatible with the facility used to read the tape. The facilities for determining file system space requirements used a faulty algorithm to scan available mounted file systems. This resulted in incorrect messages regarding space availability for file systems if file system names start with the same sequence of letters. For example ``/et'' was mistaken for ``/etc''. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- If patch number 101331-01 has been installed on this system then the following command must be run prior to installing this patch (101331-03). /var/sadm/patch/101331-01/backoutpatch 101331-01 NOTE: We recommend installing all the following bundled Solaris 2.3 OS/Networking patches which contain the Y2000 fixes: 101317-22 (or higher revs) lp jumbo patch 101318-88 (or higher revs) kernel jumbo patch 101331-08 (or higher revs) fixes for package utilities 101343-03 (or higher revs) troff macro patch 101572-07 (or higher revs) cron and at fixes 101767-02 (or higher revs) usr/bin/passwd patch 103941-02 (or higher revs) accounting patch 104797-02 (or higher revs) eeprom patch 104877-01 (or higher revs) usr/sbin/sar patch 104878-01 (or higher revs) usr/bin/date patch 104880-01 (or higher revs) usr/bin/uustat patch 104882-01 (or higher revs) usr/lib/saf/listen patch 104883-01 (or higher revs) ufsdump and ufsrestore patch 104884-01 (or higher revs) usr/vmsys/bin/initial patch 105013-01 (or higher revs) usr/lib/libkrb.a and usr/lib/libkrb.so.1 patch