Patch-ID# 112874-29 Keywords: security buffer overflow umem lgroup crypt plugin password hashing Synopsis: SunOS 5.9: lgroup API libc Patch Date: Aug/13/2004 Install Requirements: Install in Single User Mode Reboot immediately after patch is installed Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 113988 Topic: SunOS 5.9: lgroup API libc Patch Relevant Architectures: sparc BugId's fixed with this patch: 1258570 4152876 4165723 4192824 4221365 4223846 4248430 4254013 4271957 4318178 4353836 4390053 4444569 4489885 4503048 4510326 4518988 4530367 4533712 4635556 4656492 4661997 4669963 4683320 4686454 4694626 4700602 4704190 4705942 4709984 4715561 4749274 4756113 4756148 4756192 4764855 4767215 4770160 4772200 4772960 4782294 4795713 4797219 4810810 4812362 4818401 4828746 4831309 4839080 4844583 4845974 4863473 4871054 4877492 4878257 4881606 4888508 4894760 4904877 4915053 4950403 4961173 4980686 4981484 5043013 5044097 5059751 5061718 5061770 Changes incorporated in this version: 5044097 5061718 5061770 Patches accumulated and obsoleted by this patch: 113165-01 113475-03 115480-01 Patches which conflict with this patch: Patches required with this patch: 112233-11 or greater Obsoleted by: Files included with this patch: /etc/name_to_sysnum /etc/security/crypt.conf /etc/security/policy.conf /usr/include/ucontext.h /usr/lib/abi/abi_libc.so.1 /usr/lib/abi/sparcv9/abi_libc.so.1 /usr/lib/libc.a /usr/lib/libc.so /usr/lib/libc.so.1 /usr/lib/libp/libc.a /usr/lib/libp/sparcv9/libc.so.1 /usr/lib/llib-lc /usr/lib/llib-lc.ln /usr/lib/pics/libc_pic.a /usr/lib/pics/sparcv9/libc_pic.a /usr/lib/security/crypt_bsdbf.so.1 /usr/lib/security/crypt_bsdmd5.so.1 /usr/lib/security/crypt_sunmd5.so.1 /usr/lib/security/sparcv9/crypt_bsdbf.so.1 /usr/lib/security/sparcv9/crypt_bsdmd5.so.1 /usr/lib/security/sparcv9/crypt_sunmd5.so.1 /usr/lib/sparcv9/libc.so.1 /usr/lib/sparcv9/llib-lc.ln Problem Description: 5044097 Netra Performance localtime() degradation with patches 5061718 localtime() may fail to reset daylight variable if multiple timezones 5061770 localtime() transitions off with non-standard POSIX timezones rules (from 112874-28) 4980686 C++ inline functions not properly handled in Solaris archive libraries (from 112874-27) 5059751 need patch 112874 to accumulate patch 113475 to prevent core dump (from 112874-26) 5043013 getlogin_r returns bad data in MT context (from 112874-25) 4915053 nss_setent() always fails for setpwent() (from 112874-24) 4981484 vsprintf does not perform as well as sprintf (from 112874-23) 4756148 crypt(3c) processing of policy.conf doesn't follow case conventions 4818401 K2 uncovers sunmd5 bug 4877492 crypt() is unpredictable with unknown encryption algorithms 4878257 sunmd5:crypt_gensalt_impl() issues with undocumented rounds= param 4881606 crypt(3c) abuses the heap in many ways 4894760 Can't use crypt() after using strdtod() in same thread 4950403 crypt_alg_magic symbol not required 4961173 crypt modules are not actually lint-clean (from 112874-22) 4844583 _wdbindf may cause deadlock (from 112874-21) 4686454 getrusage is much slower on solaris than competitive boxes (from 112874-20) 4489885 qsort performance is not competitive 4656492 mktime() is inefficient, 6X slower than Linux 7.0 4795713 strftime is slow on Solaris when compared to Linux 4782294 localtime_r is slow on Solaris when compared to Linux 4828746 POSIX timezones broken if std. offset & alt offset difference not 1 hour 4165723 localtime() is extremely inefficient, 15X slower than on NT4.0 4831309 POSIX 'pst8pdt' Timezone Pulls April Fool's Stunt Every 400 years 4223846 localtime() problem on non-leap centuries 4839080 Improperly specified TZ results in inconsistent behavior 4772200 fcntl(2) is slow on Solaris when compared to Linux 4764855 dup is slow on Solaris when compared to Linux 4812362 getenv is slower than it could be 4871054 regex APIs have segv/performance problems (from 112874-19) 4810810 getcontext(2) could be faster 4888508 fix for bug 4705942 is incomplete in S9 (breaks utmp_update) (from 112874-18) 4797219 pstack is amazingly inefficient for MT targets 4756192 pstack goes into loop, different location than bugid 4524527 4271957 ucontext_t.uc_link points to garbage 4904877 strcmp doesn't work for non-ascii characters on s9u5_05 (from 112874-17) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update s9u5 feature point patch 115480-01 (from 112874-16) 4353836 if more than 255 file descriptors are already open then gethostbyname fails 4152876 getspnam_r() fails due to use of fopen() in libnsl.so in applications under load (from 112874-15) 4705942 invoke_utmp_update(): buffer-overflow bug and pad field written to utmpx wrong (from 112874-14) 4530367 After retry timeout - nss_search() no longer retries lookups 4749274 MT-Safe functions such as syslog(3C) and wordexp(3C) cannot use fork() (from 112874-13) 4254013 need a better mechanism to detect multi-threaded user stack overflow 4533712 makecontext breaks in 64-bit mode 4518988 We should ship libumem 4709984 findleaks warns about partial read failure 4694626 putenv calls realloc with locks held (from 112874-12) 4767215 Incorrect output with kP format, losing significant digits (from 112874-11) 4221365 readdir_r() is not POSIX compliant (from 112874-10) 4772960 Several patches have pkginfo and patchinfo files that fail consistency checking (from 112874-09) 4770160 compile fails with unknown file type message (from 112874-08) 4669963 Strong security checks in catgets(3C) break setuid application (from 112874-07) 4510326 strfmon may cause a stack buffer overflow 4756113 libc version number is incorrect in s9u2 (from 112874-06) 4390053 crypt(3c) needs to interoperate with *BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user password 4192824 newkey/chkey should use a configurable crypt() to encrypt the users password 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 (from 112874-05) 1258570 qsort performs poorly with multiple identical keys 4635556 *atexit* atexit() does not scale. Can cause very slow startup of C++ programs (from 112874-04) 4683320 S9 gettext(3c) does not recognize mo files built on 2.6 as a valid message 4704190 Remove clientusr/clientroot from SUNW_PATCH_PROPERTIES for 112837 & 112874-02 (from 112874-03) 4503048 getutxent_frec sends init looping (from 112874-02) 4318178 wordexp puts automatic string into environment 4444569 Purify reports memory leaks in wordexp(3C) (from 112874-01) 4661997 buffer overflow in dbm_open This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update S9U3 feature point patch : 113343-01 (from 115480-01) 4845974 lgroup APIs needed for observability and performance optimization 4863473 lgrp_home() should be able to take process or thread ID (from 113475-03) 4756148 crypt(3c) processing of policy.conf doesn't follow case conventions 4818401 K2 uncovers sunmd5 bug 4877492 crypt() is unpredictable with unknown encryption algorithms 4878257 sunmd5:crypt_gensalt_impl() issues with undocumented rounds= param 4881606 crypt(3c) abuses the heap in many ways 4894760 Can't use crypt() after using strdtod() in same thread 4950403 crypt_alg_magic symbol not required 4961173 crypt modules are not actually lint-clean (from 113475-02) 4715561 crypt_sunmd5 could have a better coin toss algorithm (from 113475-01) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update: s9u2 feature point patches: 113165-01 (from 113165-01) 4390053 crypt(3c) needs to interoperate with *BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user password 4192824 newkey/chkey should use a configurable crypt() to encrypt the users password 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- In order for this patch to take effect, your system must be rebooted immediately after the patch has been installed. NOTE 1: To get the complete fix for bugid 4503048, please also install the following patch: 113032-01 (or newer) /usr/sbin/init patch NOTE 2: To get the complete Flexible Crypt feature, please also install the following patches: 113476-01 (or newer) passwdutil.so.1 113480-01 (or newer) pam_unix Patch 113481-01 (or newer) nispasswdd 113482-01 (or newer) sbin/sulogin 113483-01 (or newer) rpc.ypasswdd NOTE 3: To get the complete "umem: A Userland Slab Allocator" feature, please install the following additional patches: 114370-01 (or newer) libumem.so.1 114371-01 (or newer) libumem; mdb components patch 114372-01 (or newer) llib-lumem patch 114373-01 (or newer) abi_libumem.so.1 patch NOTE 4: To get the complete Stack Update feature, please also install the following patches: 112839-03 (or newer) libthread.so.1 patch 113471-02 (or newer) truss patch 113275-02 (or newer) procfs patch NOTE 5: To get the complete fix for the bugid 4353836, please also install the following patches, in addition to this patch: 113319-12 (or newer) libnsl patch 112970-05 (or newer) libresolv patch 115545-01 (or newer) nss_files patch 115542-01 (or newer) nss_user patch 115544-01 (or newer) nss_compat patch NOTE 6: To get the complete Lgroup APIs feature, please also install the following patches: 115675-01 (or newer) liblgrp patch 113471-03 (or newer) truss patch NOTE 7: To get the complete fix for the bug 4797219, please also install the following patches, in addition to this patch: 113493-02 (or newer) libproc patch NOTE 8: To get the complete fix for Atlas support: bugs 4810810, 4865731, 4860183, 4860789, 4785321, 4785304, and 4808811 please also install the following patches (or newer): 116049-01 fdfs bug 4865731 116047-01 hsfs bug 4865731 114718-02 pcfs bug 4865731 113454-13 ufs bug 4865731 and 4860789 113334-03 udfs bug 4865731 113328-02 tmpfs bug 4865731 and 4860183 113318-09 nfs bug 4865731 112971-05 cachefs bug 4865731 112955-02 autofs bug 4865731 NOTE 9: To get the complete fix for bug 4686454, please install the following patch, in addition to this patch: 113471-05 (or newer) truss patch NOTE 10: To get the complete fix for bug 4915053 please also install the following patch: 113319-18 (or newer) libnsl Patch README -- Last modified date: Friday, August 13, 2004