Patch-ID# 103641-42 Keywords: security y2000 klmmod threads RPC NFS libc NIS+ ssre ACL kmem_flag Synopsis: SunOS 5.5.1_x86: kernel update patch Date: Dec/20/2002 Install Requirements: None Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103640 Topic: SunOS 5.5.1_x86: kernel update patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 1159865 1168376 1171284 1182705 1189481 1196541 1199624 1202198 1202807 1206421 1208460 1212953 1212974 1213016 1213496 1215792 1219671 1221809 1223323 1223326 1223900 1225324 1225430 1227376 1227580 1227898 1230570 1230710 1232758 1232825 1233049 1233088 1233514 1234450 1234630 1234968 1235867 1237009 1237257 1237898 1238241 1238582 1239385 1240234 1241118 1241816 1242188 1242395 1242408 1243441 1244088 1244872 1244917 1244958 1244971 1245291 1245451 1245602 1246045 1246630 1246864 1247052 1247172 1247572 1248090 1248161 1248930 1249373 1249903 1250351 1250620 1250937 1251000 1251423 1251430 1251879 1253366 1253810 1254449 1254700 1255272 1255623 1256610 1258151 1258191 1258802 1258916 1259200 1259392 1259585 1259984 1260766 1260769 1260873 1260959 1260982 1262082 1262462 1262666 1262694 1262979 1263059 1263251 1263924 1264333 1264646 1264708 1265000 1265170 1265176 1265396 1265447 1265785 1265970 1266278 1266767 1267447 4004147 4004575 4004823 4005483 4005615 4005653 4006674 4007542 4007937 4008764 4009069 4010116 4010565 4010606 4010935 4011495 4011866 4011948 4015176 4015191 4015300 4015367 4015497 4015891 4016316 4016724 4016961 4017705 4017750 4017770 4018801 4018883 4018887 4019380 4022240 4022299 4022354 4022408 4022682 4022849 4024599 4024647 4025548 4025665 4026118 4026339 4026411 4026740 4026789 4026833 4027360 4027442 4027493 4028339 4028676 4029971 4030045 4030151 4030258 4032761 4032974 4034003 4034585 4035012 4035167 4035202 4035403 4035845 4036063 4036589 4037755 4038653 4038854 4039365 4040036 4040423 4041518 4041542 4042372 4042883 4043953 4044653 4044980 4045229 4045268 4050461 4050818 4051082 4051590 4051899 4052565 4052568 4052812 4054308 4054742 4055201 4055257 4055677 4055704 4055715 4055724 4055727 4056222 4057135 4057606 4057738 4058892 4058904 4059736 4060416 4060451 4060465 4060760 4061229 4061967 4062430 4062572 4062999 4063668 4063932 4064495 4065248 4067374 4067569 4067641 4069641 4070968 4072815 4073684 4075462 4077343 4078468 4079241 4079302 4080264 4082436 4083720 4085394 4086905 4087112 4089644 4090929 4091822 4092407 4096789 4097082 4097367 4098943 4099656 4100047 4102420 4105997 4107735 4110026 4110785 4118037 4119745 4120985 4122408 4124715 4125102 4127727 4128660 4129064 4129188 4131439 4132365 4134299 4135388 4136059 4136726 4137387 4139126 4139462 4140617 4141709 4143196 4145354 4146445 4147079 4149227 4149597 4149694 4150947 4152975 4153452 4155392 4157559 4157739 4162491 4162693 4163731 4165597 4166116 4167968 4169614 4170410 4173285 4175558 4179269 4182028 4182861 4184623 4186012 4188005 4189981 4190645 4192195 4193899 4194505 4196986 4205959 4207409 4208677 4209710 4209713 4211236 4215477 4216727 4220295 4220394 4226278 4232413 4233071 4236427 4237092 4240833 4242270 4245169 4261612 4271746 4280145 4285794 4289663 4291844 4294683 4295834 4296198 4300454 4302216 4302592 4305859 4321773 4339366 4340646 4360843 4366956 4375211 4375449 4483514 4492876 4504341 4516876 4523990 4527873 4661997 4691127 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: 103592-09 103601-18 103610-02 103613-51 103616-04 103655-01 103659-02 103697-05 103848-02 103921-05 104318-01 104448-01 104491-07 105078-06 106624-01 107240-01 107468-01 Patches which conflict with this patch: NOTE: conflict with iss_x86-01 (or newer) Patches required with this patch: Obsoleted by: Files included with this patch: /kernel/drv/mm /kernel/drv/sad /kernel/drv/sy /kernel/fs/fifofs /kernel/fs/nfs /kernel/fs/specfs /kernel/fs/ufs /kernel/genunix /kernel/misc/klmmod /kernel/misc/klmops /kernel/misc/krtld /kernel/misc/tlimod /kernel/strmod/rpcmod /kernel/sys/doorfs /kernel/sys/nfs /kernel/sys/shmsys /platform/i86pc/kernel/unix /sbin/mountall /sbin/su /sbin/sulogin /usr/bin/nismkdir /usr/bin/nistest /usr/bin/su /usr/include/nfs/lm.h /usr/include/nfs/nfs_clnt.h /usr/include/nfs/rnode.h /usr/include/nl_types.h /usr/include/rpc/rpc_com.h /usr/include/rpc/svc.h /usr/include/sys/buf.h /usr/include/sys/class.h /usr/include/sys/conf.h /usr/include/sys/disp.h /usr/include/sys/flock_impl.h /usr/include/sys/fs/ufs_acl.h /usr/include/sys/fs/ufs_inode.h /usr/include/sys/fs/ufs_quota.h /usr/include/sys/fs/ufs_trans.h /usr/include/sys/modctl.h /usr/include/sys/proc.h /usr/include/sys/shareIIstubs.h /usr/include/sys/stream.h /usr/include/sys/strsubr.h /usr/include/sys/systm.h /usr/include/sys/vmsystm.h /usr/include/sys/vnode.h /usr/include/thread.h /usr/include/vm/hat.h /usr/include/vm/page.h /usr/include/vm/seg_map.h /usr/kernel/drv/ksyms /usr/lib/adb/mntinfo /usr/lib/adb/rnode /usr/lib/adb/ufsq /usr/lib/fn/fn_ctx_onc_fn_nisplus_root.so.1 /usr/lib/fs/ufs/fsck /usr/lib/fs/ufs/ufsdump /usr/lib/fs/ufs/ufsrestore /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libintl.a /usr/lib/libintl.so.1 /usr/lib/libnsl.a /usr/lib/libnsl.so.1 /usr/lib/libp/libc.a /usr/lib/libpthread.so.1 /usr/lib/libsec.a /usr/lib/libsec.so.1 /usr/lib/libthread.so.1 /usr/lib/libthread_db.so.0 /usr/lib/libthread_db.so.1 /usr/lib/nfs/nfsd /usr/lib/nis/nisclient /usr/lib/nis/nisopaccess /usr/lib/nis/nisping /usr/lib/nis/nisupdkeys /usr/lib/pics/libc_pic.a /usr/sbin/in.telnetd /usr/sbin/mountall /usr/sbin/nis_cachemgr /usr/sbin/nisinit /usr/sbin/rpc.nisd /usr/sbin/static/rcp /usr/ucblib/libucb.a /usr/ucblib/libucb.so.1 Problem Description: NOTE: No New changes - Patch was re-built to correct the output display of unix comment string during boot time. (from 103641-41) 4240833 RPC AUTH_DES credentials stays on stack. 4360843 sd_struiowrq is NULL causing struioget to panic system 4492876 A client program can cause denial of service request 4661997 buffer overflow in dbm_open 4691127 Possible type overflow in xdr_array (from 103641-40) 4289663 streams devices fronted by the console need to be guarded more carefully 4300454 svvs failure caused by 4289663; sy needs to pass CONSOPEN to stropen(). (from 103641-39) 4504341 mount syscall can panic machine as ordinary user. 4516876 in.telnetd should not accept TTYPROMPT from remote 4483514 in.telnetd vulnerable to buffer overflow ?? 4523990 in.telnetd needs some cleanup 4527873 telnetd issues garbage before login prompt if BANNER (from 103641-38) NOTE: No patch was generated for the -38 revision of the INTEL KU This was a build to sync the revision number of this patch with the sparc version. (from 103641-37) 4375211 SUNVTS pmem test fails on solaris 2.5.1 and systems drops to OBP. (from 103641-36) 4340646 filesystem full error message lost, not logged to /var/adm/messages 4302592 TLI library is not fork-safe (from 103641-35) 4236427 Sybase Replication Server crashes on Multi-CPU Ultra Platforms 4057738 temporary filename security exploits 4366956 NLSPATH gettext introduces problems when used printf format specifier 4375449 dtmail crashes when calling catgets with NULL default message (from 103641-34) 4226278 mktime() returns wrong (from 103641-33) 1227898 automountd dumps core in getclnthandle under stress 1230710 l self with libthread doesn't cause immediate signal delivery 4044653 get_free_smp() sits in cv_wait() 4107735 several systems are panicing in xdrmblk_init 4124715 Denial of Service in connection oriented Transports. 4143196 Need support for configurability of allowing setuid progs to dump core 4162693 monster core files deadlock the VM system 4163731 core files created by root should not be readable over the net 4216727 allow_setid_core core files contain wrong credentials 4193899 server panic'ed: kernel memory allocator: buffer freed to wrong cache 4215477 stream/pagefault holding q_lock,tcp blocked on q_lock hmeintr blocked on 4245169 E6000 hangs - on weekly basis 4291844 strftime and strptime are MT-Unsafe due to use of tzname[] 4294683 Strftime() returns invalid date and time within a multi-threaded application. 4295834 NETPATH security problem in libnsl 4296198 NIS_OPTIONS sh vars (libnsl) security problem 4305859 libnsl security bug. 4321773 libpthread.so.1 with LOADFILTER flag set (from 103641-32) 4205959 mountall will sometimes crash the system when doing the fsck portion of fix for 4205959 only fixed /usr/sbin/mountall, not /sbin/mountall 4271746 fix for 4205959 only fixed /usr/sbin/mountall, not /sbin/mountall 4220394 wait3 library function fails after 248 days 4237092 System hang occurs due to the rwlock ( vfs_dqrwlock ) which has no owner. 4261612 profil not disabled on exec*() as indicated in man page 4280145 libthread.so.1 with INITFIRST flag set 4285794 Threads hang waiting for ULOCKFS_SLOCK after upgrading to 106541-07 (from 103641-31) 4162491 localtime() fails for earliest possible time (and possibly others) (from 103641-30) 4055677 TStrans panic in dqupdate (from 103641-29) 4233071 nisd: check_updaters: unable to resync on Solaris 2.5.1. 4220295 System panics and then reboots even with OBP settings=false 4208677 5.5.1 panics when getpgid() is called with PID of a process just being created 4186012 NIS+ replicas may lose synchronization with the NIS+ master 4147079 stubs mechanism for modules is faulty ... 4125102 ufs_itrunc()/top_end_async() deadlock 4097367 fsck fails on large filesystems because it can't allocate enough memory 4061229 NFS server crashes in flk_delete_active_lock 4030258 fork1 sometime hanging on heavily loaded system (from 103641-28) 4242270 2.5.1 -28 patch: ontest causes the system to hang 4205959 mountall will sometimes crash the system when doing the fsck portion of command 4194505 trap type=0x31 in disp_lowpri_cpu running HSM 3.1.1 migsweepihand 4192195 ftime() does not update contents of struct timeb timezone and dstflag members 4157739 Thread suspension/resumption interferes pathologically with mutex acquisition 4169614 Doug Lea's program results in thread library panic 4207409 JTG libthread break dbx 4.0 due to incompatible argument order of signal handler 4189981 thr_getstate returns incorrect pc (_restorefsr) but sp is correct 4209710 libthread panic (SEGV) in _onproc_deq 4209713 debug version of libthread fails assertion 4182028 _sc_list is corrupted by exiting lwp in child of a fork() 4136726 nfs_access_purge_rp: entry not in hash queue panic after installing patch 105720 4120985 panic in free_page on multiprocessor machines with fix bug 4026411 4087112 panic in putq due to null q_last value 4005653 full table scans can overload NIS+ servers 4055704 NIS_CALLBACK not authenticated 4055715 NIS_PING not authenticated 4055724 NIS_CHECKPOINT not authenticated 4055727 NIS_CPTIME not authenticated 1259585 svc_run thread stack size should be tunable (from 103641-27) 4146445 ufs_lockfs_begin_getpage() assumes it's backing segvn 4062430 libthread creates threads before calling _ld_concurrency 4052568 libthread/libpthread is not fork1-safe (as documented) 4054742 libthread use of file desc. causes problems for daemons, _alloc_chunk() 4119745 realitexpire() algorithm is too slow when system time is changed (from 103641-26) 4010116 SVVS write test on S2.6 with DiskSuite 4.0 deadlocks 1171284 user-allocated thread stacks must be zeroed or process hangs 4153452 EOF being reported when comparing a 2gb file on vxfs and ufs 4173285 Sleep(3T) is in error by less than 1 sec. 4182861 deadlock when running quotas on system with heavy I/O activity 1212953 unlink() returns EBUSY when 2 threads unlink hardlinks to same inode 4196986 deadlock caused by fix for bug 4060416 in patch 103640-24 (from 103641-25) 4179269 giant core images cause filesystem corruption 4170410 rename is not atomic over nfs 4152975 nfs services go to "sleep" on large, heavily loaded servers 4134299 ufs_check_lockfs() does not work for error locked filesystems 4131439 deadlock_panic from pi_willto 4070968 A synch object that spans pages can cause deadlock 4065248 UFS Caching can adversely effect application performance 4042372 Directories with SGID bit set and default ACL do not behave as documented 4091822 ACL - with ls -l the mask is shown not the effective group rights 4072815 *ls* doesn't always report a +" for files with ACLs. (from 103641-24) 4141709 libthread deadlock between SIGALRM and SIGLWP 4061967 assertion failure in _disp() for cancellation test. (from 103641-23) 4149227 103612-41 causes ldd to throw out unresolved references in libdl.so.1 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run 4028339 du and quotacheck are not in sync 4060416 write(2) i_contents race can show stale data via mmap()'ed file 1238241 data fault when calling ufs_acl_setattr with ufs_acl 0 in inode 4129188 UFS should do more file type checking for reads, writes, and mounts 4139462 system clock thread went to sleep trying to grab a process lock (from 103641-22) 4145354 Ultra 1 panic in -- segkp_fault: accessing redzone 4137387 entryoffsetinblock in ufs_dirlook is not initialized, can cause alignment panic 4110785 nfs/dnlc problems with nfs3lookup & unlink (from 103641-21) 4122408 Backup performance with Netbackup 3.0 is far below expectations. 4110026 Solaris 2.5.1, sigwait() returns '-1' by SIGLWP when compile/link with '-lthread' 4096789 quota -v gives NOT STARTED output for time left column. 4092407 release of i_contents lock in ufs_si_load can lead to race 4086905 Interrupt flurry can cause a double fault 4063932 orphan lock problem caused by sigalrm/sigintr & large packet loss 4052812 Jumpstart finish script cannot unmount filesystems 4037755 getting portmap RPC for every NLM RPC 4035012 Panic: thread blocked on reader's lock in both nodes of a PDB cluster 1262979 inode cache consumes too much memory; system hangs 4026789 deadlock between i_contents lock and page_lock 4051899 ufs idle queue has no hysteresis control (from 103641-20) 4099656 httpd process hangs and can't be killed 1244958 soft hangs on Ultra2 when running combo test (from 103641-19) 4100047 fork1() never returns in a multithreaded application causing process to hang 4097082 _lwp_sigredirect() if called from a non-mt process panics kernel. 4067569 sol 2.5.1, ODS 4.x, ino_new and ufs_inode_cache grows under logging device 4041542 kRPC/COTS client thinks that it is getting large records 4034003 NFSv3 access() caching can kill performance 4010606 shared memory tests panic on s297_19 on sunfire 1251879 System deadlocks when in.telnetd blocks while holding muxifier mutex. 1237009 users umask modifies ACL's of new files under default ACL's 4073684 "mkdir -p dir" and "mkdir dir" work differently in the presence of default ACLs (from 103641-18) 1251879 System deadlocks when in.telnetd blocks while holding muxifier mutex. 1234968 System Panic, ufs_ifree: freeing free inode, mode= %o, ino = %d, fs = %s (from 103641-17) 4089644 getting "recursive mutex_enter" panic from lwpchan_lock 4083720 Mirrored volumes resync on reboot, even when shut down properly. 4079302 under 2.5.1 sigtimedwait() is not working properly 4070968 A synch object that spans pages can cause deadlock 1263924 fsck can sometimes lose a directory corruption fix 1168376 NIS+ servers should be allowed to be in the domain they serve. (from 103641-16) 4082436 fsck doesn't repair bad magic number cg 4079241 fsck got SIGSEGV trying fix a corrupted ufs filesystem. 4077343 sun4u systems incorrectly report "sync - giving up" while halting 4062572 syncing page gives up during shutdown (from 103641-15) 4070968 A synch object that spans pages can cause deadlock (from 103641-14) 4069641 panic in background(): mutex not owned by thread 4035202 system hangs with sched in an infinite loop 4026740 assert failure in segnf_gettype: seg->s_base == addr 4058892 as_getprot() needs to report real size of ISM segments 4058904 accessing addresses in ISM segments between "real" end and "segment" end loop 4059736 as_memory() does not dump ISM segments 4016961 Panic on cachefs over nfs backfstype on 2.6 beta. 1239385 threaded fp programs compiled with -fnonstd don't have fsr.ns bit set (from 103641-13) 4067641 Changing acl's on a UFS fs mounted readonly causes machine to panic 4044980 software trap #6 (ST_FIX_ALIGN) does not work in a threaded application 4043953 kernel randomly paniced with assertion failure in callout.c, line 345 4042883 setuid application generates core file 4040036 chmod g+w does not work when the object has a non-minimal ACL 4038653 nfs mount fails with fully qualified hostname > 32 char's 4030151 CE_WARN messages get wrapped sooner than 128 characters (from 103641-12) 4064495 data corruption workaround needed for some x86 MP machines 4057135 dumping kernel core can write beyond swap partition, corrupting disk data 4055201 mp: scdk: panic sync and/or dump hangs/succeeds with multi/single cpu 1225324 unknown: x86 hangs after fs sync on init0 and halt command (from 103641-11) 4060451 fix a limitation with resource quotas 4054308 failures in dispinit aren't reported or handled gracefully 4056222 sema_p_sig is broken 1263251 a data race exists in pthread_create 4041518 RFE: fix for sys hard hang during kernel coredumping, either intended or forced (from 103641-10) 4051590 ioctl I_NREAD returns wrong value when patch 103640-08 is applied 4027360 system hangs during shutdown 4026339 /usr/ucb/ps hangs while trying to get anonmap serial_lock in segvn_fault() 4017705 per uid process count not managed correctly w/fork(2) fails 4015367 Solaris 2.5 cannot handle crash dump bigger than 2GB 1233514 savecore does not save unix.0 on large memory (8GB) sunfire machines 4015176 crash dumping on small swap device is broken 4025548 estimate and print the size needed for full crash dump (from 103641-09) 4039365 x86 systems fail to sync file systems. 4038854 ALR Quad SMP P6 systems doesn't boot with 2GB RAM installed. 4036589 mt application hangs if last pthread_create is allowed to exit 4036063 security problem with writing core files 4028676 SS1000 crashes in flk_delete_active_lock 4027493 posix timer elapsed signals are not queued correctly 4022354 kill -9 can not kill application thread in cv_wait called from getandset() 1238582 privileged ifconfig ioctls by normal user succeed on sockets created as root (from 103641-08) 4035167 Need a new, private interface between JVM and libthread to get a thread's TOS 4034585 system fails "boot net" with bus error 4032974 system hangs when lbolt wraps around. 4026411 free_vp_pages() causes recursive mutex problem in 2.5.1. 1262082 2.5.1 sun4d hangs w/kernelmap fragmentation (from 103641-07) 4022849 2.5.1 kadb kernel panics with kernel heap corruption; appl hang; sys unusable 4016316 On 2.5.1 and 2.5.1 SHWP system goes into a state of soft hang. 4015891 user app and driver sharing kmem alloc memory get inconsistent mappings 4015497 Locking bug in I_NREAD ioctl handler. 4011866 panic: recursive mutex enter from thread intense application 4004575 High mutex hits, slow performance when c2auditing enabled 4004147 panics in segkp_load when the file command is run 1245291 Bug in libthread.so(cond_timedwait()) and libposix4.so(sigtimedwait) in 2.4,2.5 1239385 threaded fp programs compiled with -fnonstd don't have fsr.ns bit set 1182705 Signals may orphan locks on clients (from 103641-06) 1265970 2.5.1 server lockd backward compatibility problem with NLM V1lock requests When running locking programs with a 2.5/2.5.1 NFS server over a network, the process doing the lock on the client can hang indefinitely waiting for the lock to be granted on the server. 1265447 SYSTEM HANG, CLOCK THREAD IN MUTEX_ENTER WAITING FOR ANOTHER LOCK Multithreaded application may hang due to race condition during fork(). (from 103641-05) 1265396 Ctrl-C typed to dbx is sent to child debugee (not to dbx) when app uses sigwait 1233088 ioctl(PIOCPSINFO) is 100 times too slow on multi-threaded processes 1259392 System crash due to interrupt thread in cpu structure 4009069 2.5 TCP generates wrong checksum and never recovers from error (from 103641-04) 4007542 fix to the build problem where build generates strsubr.c compiler warning 1266767 F_GETLK returns incorrect value on 2.x if a lock is pending 1227580 cannot support high TCP connection rates: noncaput errors reported by the driver 1223900 alarm(2) doesn't work properly with large arguments (from 103641-03) 1264333 _lwp_suspend()/continue() interrupts blocking system calls 1262694 Solaris hangs due to memory leak in kmem_alloc-8, kmem_alloc_24 and kmem_alloc-40 1260766 Solaris 2.5.1 cannot handle kernel dumps bigger than 2GB 1247572 lkmgr ran into a BAD TRAP while running tpcb workload from 2 nodes 1199624 queuerun indirectly causes fork() call to hang (from 103641-02) 1260982 rwnext & infonext fix (waiting to enter inner perimeter) rwnext returns EGAIN which is causing a big applications to hang. 1260959 Streams information delayed 50-100 ms until dbri driver schedules it 1256610 strwrite fails to call queuerun on error path (a performance hit) (from 103641-01) 1251423 panic - recursive mutex_enter on lwplock 1248161 system crashes while doing oracle database build with use_ism on 1248930 a process that uses shared memory could leave behind stale pde entries (from 103659-02) This patch-rev now includes /kernel/misc/klmops, a module that was inadvertently dropped from the previous rev. (from 103659-01) 1251430 Solaris 2.5 system panicked with message "lm_get_sysid: too many lm_sysid's" (from 103921-05) 1258191 msgrcv was not interrupted by thr_suspend(SIGLWP). (from 103921-04) 1260769 MT application is dropping signal events when run on multi-processor systems (from 103921-03) 1247172 Threads losing signals when preempted (from 103921-02) 1241118 libthread panic in thr_join, handling of zombie threads seems to be broken (from 103921-01) 1255272 MT version of sigsetjmp() on x86 does not preserve %ebx, the GOT pointer 1263059 Child of a fork1() from an MT program may hang in fork1() due to LDT locking 1253366 threads deadlock occurs in delivering SIGIO (from 103592-09) 4051082 Short duration machine hangs after installation of ufs patch 1265170 .../cmd/fs.d/ufs/fsck/utilities.c will not handle 2000AD and beyond YY formats (from 103592-08) 1196541 ufs: root filesystem superblock not flushed on x86 (from 103592-07) 1265000 "panic: kernel heap corruption detected" while running TStrans (high/long) (from 103592-06) 1259984 Sun4d hangs during shutdown or halt (from 103592-05) 4017750 acl(..., SETACL, ...) panics when attempting to set default ACL on directory System panics when a default ACL is set for a directory without regular ACL entries. (from 103592-04) 1267447 deadlock when running quotactl on heavily loaded system (from 103592-03) 1215792 delayed availability of freed diskspace when UFS logging with ODS 4.0/3.0 1245602 Logging UFS is slower than UFS for local writes 1266278 freeing free xxx panic; indirtrunc tries to free the same block twice (from 103592-02) 1233049 System hangs when user stops thread writing to ODS logging device (from 103592-01) 1251000 missing brelse in 'freeing free *' fix-on-panic triggers, leaves bp locked 1250351 fsck mounted fs uses block rather than raw name, so error-lock state isn't fixed 1250620 fix-on-panic hard-locks trans. devices, when only error-lock is necessary 1244088 SS2000 is completely hanging under heavy I/O - Solaris 2.4 + 101945-36 1242188 hang waiting for rwlock with holdcnt of -1 but no owner 1227376 panic "Deadlock condition detected: cycle in blocking chain" (from 103601-18) 4063668 install_mu ld.so.1 error causes broken/incomplete install (from 103601-17) 4032761 nfs errors cause streams_msg_2648 to grow (from 103601-16) 1242408 nfs write error on invoking OW on diskless clients on Sol 2.5 (from 103601-15) 4035845 do_unmount can hang while an NFS server is down 4026118 do_unmount hold vfslist mutex and then hangs on NFS GETATTR call 4007937 Processes hang accessing files over NFS in clnt_tli_kcreate() (from 103601-14) 4024599 NFS problems on /vol with error message: (RPC: Can't encode arguments) (from 103601-13) 4005615 mounting from HP3000 takes too long because of repeated NFS_ACL retransmits (from 103601-12) 4032974 system hangs when lbolt wraps around. (from 103601-11) 4024647 chgrp does not work on NFS mounted filesystems (from 103601-10) 1258802 nfs v3 client gets confused about what cwd is after directory rename 1264646 directory caching incorrect for moving a directory 1246045 NFS/TCP client loops forever trying to bind an in use reserved port 4017770 The fix to bugid 1225408 doesn't work (1225408 sundiag hangs due to dead child process) (from 103601-09) 4027442 Complete the fix for 1234450 2.5 and 2.5.1 (from 103601-08) 4019380 other access to directory hangs while HSM on server restores file (from 103601-07) 4015191 nfs client leaves .nfs files on the server 1250937 NFS server can crash NFS client by sending bogus stat() data (from 103601-06) 1253810 rpcmod's mir_close() routine should not block waiting for flow control (from 103601-05) 1258151 nfs -o noac option does not work properly with novell nfs server (from 103601-04) 1260873 Kernel memory gets corrupted when sharing and unsharing secure NFS. (from 103601-03) 1234450 NFS (VOP_WRITE &c) returns EINTR when "intr" is not specified on the mount. (from 103601-02) 1241816 vi will fail with Stale NFS file handle if option nocto is set (from 103601-01) 1237898 nfs transfer hangs when transferring file > 8k from apollo (from 103610-02) 1240234 NFS server does not accept lock requests from a fujitsu client (from 103610-01) 1232825 RPC: Unable to send/receive (from 104318-01) 1208460 nfsd(1M) should have a way to set a larger listen backlog (from 106624-01) 4149597 *cpio* Cpio -P with ACL give "segmentation core dumped", if user doesn't exist (from 103613-51) 4184623 broken date in GMT timezone, displays as BST with TZ=GB-Eire 4175558 TZ=GMT0BST-1,M3.5.0/2:00,M10.5.0/2:00 breaks 6 times from now to 2037 4190645 Y2000 Problem in libc in function posixgetdst - Backport of 4152473 4155392 timezone change gives wrong alternate timezone 4136059 utc changes from 2.5.1 to 2.6 cause problems when including OS patches 4188005 mktime() can return wrong time if using multiple TZ's (from 103613-50) 4150947 stubs versions of thr_keycreate(), etc., should return meaningful values NOTE: this revision takes out the changes for 4150947. (from 103613-49) 4157559 automountd won't retry the Null call to nfsd in pingnfs() (from 103613-48) 4150947 Stubs versions of thr_keycreate(), etc., should return meaningful values (from 103613-47) 4129064 NIS+ client processes fail with 'xdr_array: out of memory' errors (from 103613-46) 1202807 Expansion of NIS+ name incorrect/inconsistent (from 103613-45) 4165597 getdate should allow dates before 1970 - Backport of 4050856 & 4036732 (from 103613-44) 4149227 103612-41 causes ldd to throw out unresolved references in libdl.so.1 4140617 serving list hosed by nis+ object with non-trailing-dot group owner name 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run (from 103613-43) 4139126 libnsl buffer overflows (from 103613-42) 4067374 localtime(0) error (from 103613-41) 4135388 rpc.nisd buffer overflow 4018801 ypmatch causes console message after patch T103187-16 (from 103613-40) 4127727 getgrgid_r() can corrupt stack / buffers if buffer is too small. 4128660 An application using getnam_r core dumps with the latest libc patch 4118037 getgrent_r() hangs if nis is not up and libthread is linked in. (from 103613-39) 4105997 Y2000 tm_test01 fails with current S2.5.1 strptime() 4098943 'yp_match' function not working in compatibility mode 4085394 TCP connections to rpcbind remain established if client is halted. 4062999 "Error in RPC subsystem" error from nisstat,nisupdkeys with +10 NIS+ sub-domains (from 103613-38) 1243441 abort() function does not work correct in threaded application (from 103613-37) 4045229 strptime and getdate year calculation does not count century; strptime range checks 4050818 getdate %C (century) should use current year offset if year offset not given 1189481 automountd caches old ip address of nfs server and never refreshes (from 103613-36) 4075462 nisd is not closing file descriptors. 1168376 NIS+ servers should be allowed to be in the domain they serve. (from 103613-35) 4080264 ypbind.pid file not created for diskless clients 4052565 x86 fork1() child hang in malloc (from 103613-34) 4022240 Informix processes hang with corrupt TLI endpoint state (from 103613-33) 4055257 realloc failure does not leave original region "intact" (from 103613-32) 1225430 ypbind can get requests before it is ready for them (from 103613-31) 4045268 nis_cachemgr does not verify authenticity of objects 4057606 Out of domain NIS+ lookups don't work after applying fix for 4045268 (from 103613-30) 4060465 setpriority only understands TS and IA 4035403 RPC app breaks in MT mode with "signal fault in critical section" (from 103613-29) 4011948 cuserid() gets incorrect username is due to application running onto CDE (from 103613-28) 4022299 syslogd.pid file deadlock prevents syslogd from starting (from 103613-27) 4045229 strptime and getdate year calculation not count century; strptime range checks 4030045 strxfrm with LC_CTYPE == "de and LC_COLLATE == "de" causes bus error 4022682 nscd dumping core 1262462 create, delete, recreate of user account in NIS+ disruptive to NIS+ server 1206421 NIS+ credential update from client fails due to wrong connection type (from 103613-26) 4040423 ss4000 with hme interface unable to boot with nsswitch setting using dns (from 103613-25) 4011495 'zoneinfo' summertime/wintertime (Southern hemisphere) switchover anomaly Various geographic regions in the Southern hemisphere report a daylight savings time switchover problem in conjunction with the 'zoneinfo' database feeding 'localtime(3)'. (from 103613-24) 4026833 niscat hangs the rpc.nisd in getmsg when adding a third interface in Solaris 2.5.1. 1159865 select small timeouts should round up (from 103613-23) 4025665 nisping -Ca broken by fix to bugid#4005483 This patch is generated to workaround bug 4010430 -- installpatch should ignore a required patch when not applicable to a target system. The workaround is to include an empty root sparse patch package. This will allow patch dependency requirement to be met in a server/client configuration. (from 103613-22) 4029971 getopt security problem The fix for 4029971 requires the static version of rcp to be included in the patch. (from 103613-21) 4029971 getopt security problem (from 103613-20) 4018883 getgrnam_r() & getpwnam_r() can overrun buffers. 4018887 gethostbyname_r() can overrun buffer. 1223323 No bounds checking on NIS_GROUP environment variable (from 103613-19) 1247052 nis_dumplog_r translates all failures into NIS_RPCERROR nis_dumplog_r() frequently fails because it attempts to reuse a connection that had been closed on the server side, but couldn't handle the resulting error. Consequently, the dumplog request gets aborted and the NIS+ replica would remain out of sync with the master until the next update for the NIS+ directory in question. (from 103613-18) 1212974 Bogus bootparam packet makes rpcbind stop working (from 103613-17) 4016724 nis_cptime failure in nisd causes unreliable update propagation (from 103613-16) 4005483 replica doing full resync too frequently (from 103613-15) 4006674 rpc.nisd crash because of simple user program The rpc.nisd can free the same memory twice during modify or add operations. Since part of the cleanup work is to zero out pointers, the second free can stomp on memory that's been re-used, or an administrative information used by the malloc library. The latter scenario leads to a core dump. 1249373 Application file descriptors are being closed without applications knowledge 1232758 finddirectory call fails when there are too many replicas 1223326 possible memory leak in "rpc.nisd" rpc.nisd can leak memory if a nis_list with search criteria is done with callbacks. The leak will be equal to 8*(number of matched entries) bytes. The reason for the leak is that memory is being freed in the child process but not in the parent rpc.nisd. (from 103613-14) 1230570 nisplus strips leading spaces before doing lookup. (from 103613-13) 1259200 no more syslog from rpc.nisd after the fix for 1244917 was integrated The fix for bug 1244917 prevents syslog from working. This fix is to call closelog() so that forking and subsequent closing of all field descriptors does not prevent syslog from working. (from 103613-12) 1248090 getwd very slow over nfs to 4.1.3 server The fix for bug 1220400 ("lofs becomes confused about where the present working directory "." is") introduced a new problem -- where getcwd() would erroneously believe that it was passing a mount point, and start lstat()ing every directory in the current directory. With lots of subdirectories, and especially over NFS, these unnecessary lstat() calls could result in very noticeable delays (on the order of minutes with ten+ thousand subdirectories, and/or a slow network). (from 103613-11) 1249903 rpc.nisd hung in nis_list_svc on getmsg in _rcv_conn_con (from 103613-10) 1221809 absence of user public key caching makes NIS+ inter-domain lookups unreliable (from 103613-09) 1245451 syslogd failing to log messages every 12-48 hours of operation (from 103613-08) 1264708 get segmt fault on malloc with getcwd, chdir and opendir over PATH_MAX (from 103613-07) 1265785 fwrite regression from 2.4 to 2.5, 2.5.1 (from 103613-06) 1262666 nscd client backend, getxby_door, has buffer overflows (from 103613-05) 1244917 syslog(3) does not correctly cache the file descriptor that it writes on (from 103613-04) 1255623 getdate() fails on 1st of month with julian date (from 103613-03) 1246864 Multithreaded C++ program using strptime() causes bus error when 'new' used. (from 103613-02) 1219671 Memory is given free which was never allocated before. (from 103613-01) 1235867 line buffered stdio loses data and/or hangs in 2.5 (from 103616-04) 1258916 nis_cachemgr causing other many processes to hang in semop (from 103616-03) 1213016 User loses access to secondary groups if nisplus root master is not up (from 103616-02) 1234630 Client side RPC handle caching and server side fd leaks needs a general solution (from 103616-01) 1244872 nis_cachemgr can deadlock when servers are unavailable 1242395 NIS+ TTLs for objects not correct on 2.4 slave replicas and 2.3 slave/clients. (from 103655-01) 1246630 nisd can potentially hang if it gets a SIGCHLD/SIGHUP on an established callback (from 104448-01) 4010935 SC2000 hangs waiting for kernel memory (from 107240-01) 4004823 krtld: redzone violation while unloading ecctest driver (from 103697-05) 4167968 su - can create corrupted environment - Backport of 1214794 (from 103697-04) 4078468 su.static and sulogin fail to build because of bug fix 4031930 (from 103697-03) 4010565 su can be interrupted by and not logged in /var/adm/log (from 103697-02) 1237257 su change between 2.4 and 2.5 for user without password (from 103697-01) 1254449 /sbin/su dumps core if c2 security is enabled. 1244971 solaris 2.3, patch 101318-77 has a bug, it can't handle `boot -s` correctly. (from 104491-07) 4339366 Security vulnerability in ufsrestore allows root compromise. 4132365 Security vulnerability on ufsdump and restore in 2.6 and 2.6 x86 (from 104491-06) 4232413 ufsdump -W does function like it should after patch 105722-02 installed (from 104491-05) 1202198 ufsdump -W flags all entries in /etc/dumpdates regardless of when last dumped 4015300 ufsdump results in dev_seek errors (from 104491-04) 1254700 ufsdump/ufsrestore changes ownership of symlinks to root (from 104491-03) 4060760 ufsrestore allows normal user to attain root identity (from 104491-02) 1265176 usfdump: certain source files are not able to deal with 2000AD+ years (from 104491-01) 4022408 ufsrestore can't restore ACLs (from 103848-02) 4008764 dump end of tape detected permission denied cannot connect to tape host. (from 103848-01) 1213496 ufsdump: hangs when dumping a small or null incremental dump (from 105078-06) 4302216 Sleeping in poll when data ready on stream read queue (from 105078-05) 4090929 System panics due to infinite recursion in prrealvp (from 105078-04) 4211236 I_PEEK ioctl on fifo doesn't release fn_lock on error (from 105078-03) 4149694 2.6 machine panic in fifo_connld() when kmem_flags set to 0x3f. (from 105078-02) 4166116 Panic in streams code at strvp2wq+8 (from 105078-01) 4050461 fifofs - read threads could hang in open even though a writer opens (from 107468-01) 4090929 system panics due to infinite recursion in prrealvp Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- If possible, perform patch installation in single user mode. If this can not be done, we recommend having the system in as quiet a state as possible: no users logged on, no user jobs running. Reboot the system after patch installation. The bugfix to 4005653 introduced a new command described in the following manpages: nisopaccess(1) The following note refers to performance benefits relevant to the bugfix in 4005653 and the SUNWnisu package change: NOTE 1: In order to realize the performance benefits of the fix for bug 4005653 in this patch, the NIS+ server(s) must be running either Solaris 2.5.1 with patch 103786-02 (103785-02 for sparc) or later, or must run Solaris 2.6 or later. Also, the new nisopaccess(1) command has been added to the SUNWnisu package. Please consult the man page MANPAGE_NISOPACCESS in this patch for more details. The bugfix to 4042372 introduced some changes in the following manpages: acltomode(3), aclfrommode(3) and setfacl(1) Files named MANPAGE_ACLTMODE, MANPAGE_ACLFROMMODE and MANPAGE_SETFACL shipped with this patch contain the deltas. NOTE 1: TO GET THE COMPLETE FIX FOR 4032974 (system hangs when lbolt wraps around), ONE NEEDS TO INSTALL 104737-01 (or newer) usr/bin/csh patch FAILURE TO INSTALL ALL THIS PATCH WILL CAUSE THE SYSTEM TO HANG AFTER 248 DAYS. NOTE 2: TO GET THE COMPLETE FIX FOR 4027360 (system hangs during shutdown), ONE NEEDS TO INSTALL THE NAMEFS PATCH (103694-02). NOTE 3: THE FOLLOWING PATCHES FIX A LIMITATION WITH RESOURCE QUOTAS: 104737-03 (or newer) usr/bin/csh patch 105045-01 (or newer) usr/bin/renice patch 104260-04 (or newer) kernel/fs/tmpfs patch NOTE 4: TO GET THE COMPLETE FIX FOR 4042883 (setuid application generates core file), ONE NEEDS TO INSTALL THE PROCFS PATCH (104284-02). NOTE 5: TO GET THE COMPLETE FIX FOR 4024599 (NFS problems on /vol with error message: (RPC: Can't encode arguments), ONE NEEDS TO INSTALL 104842-01 (or newer) usr/bin/vold patch NOTE 6: TO GET THE COMPLETE FIX FOR 4035845 (do_unmount can hang while an NFS server is down) and 4026118 (do_unmount hold vfslist mutex and then hangs on NFS GETATTR call), ONE NEEDS TO INSTALL 104056-02 (or newer) kernel/fs/autofs patch 104848-01 (or newer) kernel/fs/cachefs patch NOTE 7: Due to bugfixes 4026740, 4058892, 4058904 and 4059736 in 103641-14, it is recommended that one installs the following patches: 104284-03 (or newer) kernel/fs/procfs patch 105345-01 (or newer) usr/bin/gcore patch 105353-01 (or newer) kernel/exec/elfexec patch NOTE 8: To get the complete fix for 1237009 (users umask modifies ACL's of new files under default ACL's) and 4073684 (mkdir -p dir" and "mkdir dir" work differently in the presence of default ACLs), one should install 106039-01 (/usr/bin/\ mkdir patch) or newer. As a result of this change, the setfacl man page. Please refer to the following paragraph for details. ************************************************************ A directory may contain default ACL entries. If a file is created in a directory that contains default ACL entries, the newly created file will have permissions generated according to the intersection of the default ACL entries, and the permissions requested at creation time. The umask(1) will not be applied if the directory contains default ACL entries. if a default ACL is specified for a specific user (or users), the file will have a regular ACL created; otherwise, only the mode bits will be initialized according to the intersection described above. The default ACL should be thought of as the maximum discretionary access permissions that may be granted. ************************************************************* NOTE 9: TO GET THE COMPLETE FIX FOR BUGID FOR 4149227 (Synopsis: 103612-41 causes ldd to throw out unresolved references in libdl.so.1), ONE ALSO NEEDS TO INSTALL THE FOLLOWING PATCHES: 103664-14 (or newer) libresolv patch 105733-02 (or newer) libxfn patch 103628-05 (or newer) linker patch NOTE 10: TO GET THE COMPLETE FIX FOR BUGID 4040423 (SS4000 WITH HME INTERFACE UNABLE TO BOOT WITH NSSWITCH SETTING USING DNS), ONE NEEDS TO INSTALL PATCH 103631-07 (OR NEWER). NOTE 11: TO GET THE COMPLETE FIX FOR BUGID FOR 1225430 (YPBIND CAN GET REQUESTS BEFORE IT IS READY FOR THEM), ONE ALSO NEEDS TO INSTALL THE YPBIND PATCH (105166-01 or newer). NOTE 12: TO GET THE COMPLETE FIX FOR BUGID FOR 4080264 (YPBIND.PID FILE NOT CREATED FOR DISKLESS CLIENTS), ONE ALSO NEEDS TO INSTALL THE YPBIND PATCH (105166-02 or newer). NOTE 13: If you are installing this patch to fix the "non-root NIS+ server not living in domain it serves" problem, you will also need to install the chkey/keylogin patch (104969-02 or newer). Instructions on how to set up the non-root NIS+ server to live in the domain it serves: Setting up an existing non-root NIS+ server: 1. Install this patch on the non-root NIS+ server. 2. Change the /etc/defaultdomain on the server to the domain it serves. 3. Reboot the server. Setting up a new non-root NIS+ server: 1. Set up the server as described in the NIS+ docs. 2. Install this patch on this new NIS+ server. 3. Change the /etc/defaultdomain on the server to the domain it serves. 4. Reboot the server. NOTE 14: TO GET THE COMPLETE FIX FOR BUGID FOR 4085394 (TCP connections to rpcbind remain established if client is halted), ONE ALSO NEEDS TO INSTALL THE RPCBIND PATCH (104332-07 or newer). NOTE 15: Bug ID 4190246 may result in loss of save data in the /var/sadm/pkg directory. This has no effect on system operation, but may prevent backing out the patch. It is recommended that patch 104579-03 or newer be applied prior to installing this patch. NOTE 16: To get the complete fix for bug 4124715 (Denial of Service in connection oriented Transports) we recommend installation of the following patches (or newer): 103996-02 (/usr/sbin/rpc.nispasswdd) 108929-01 (/usr/sbin/rpc.bootparamd) 103687-03 (/usr/sbin/rpc.nisd_resolv) 104332-08 (/usr/sbin/rpcbind) 105134-02 (/usr/sbin/keyserv) 105166-03 (ypbind) 104167-05 (/usr/lib/nfs/statd) 104221-04 (/usr/lib/nfs/mountd) NOTE 17: If this patch is installed without the pam security patch (104434-05 or newer), the su invalid password sleep time will be doubled. NOTE 18: In order to obtain the complete fix for bugid # 4492876 (A client program can cause denial of service request), Patch 104355-02 or newer must also be installed on your system. README -- Last modified date: Friday, December 20, 2002