# CLUSTER_README NAME: Solaris 9_x86 Sun Alert Patch Cluster DATE: 07/27/2006 ######################################################################## This patch cluster is intended to provide a selected set of patches for the designated Solaris release level. This is a bundled set of patches conveniently wrapped for one-step installation. Only install this cluster on the appropriate Solaris system. Carefully read all important notes and install instructions provided in this README file before installing the cluster. A cluster grouping does not necessarily imply that additional compatibility testing has occurred since the individual patches were released. WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch cluster be performed in single-user mode (Run Level S). ######################################################################## CLUSTER DESCRIPTION ------------------- This cluster contains the minimum set of Sun Alert patches that contribute to the concerned Solaris Release. It also contains all the required dependency patches, which may or may not be Sun Alert patches. These Sun Alert Solaris patches are considered the most important and highly recommended patches that avoid the most critical system, user, or security related bugs which have been reported and fixed to date. In particular, Sun Alert patches are to resolve issues regarding to Data Loss, Availability and Security. This cluster is updated whenever there are new Sun Alert patches or any updates to existing member patches. This cluster may contain obsoleted patches. For more information about corresponding Sun Alert notification, please reference the Sun Alert Patch Report at http://sunsolve.sun.com/pub-cgi/show.pl?target=sunalert_patches PATCHES INCLUDED: ----------------- 114568-20 SunOS 5.9_x86: usr/sadm/install/bin/pkginstall Patch 114194-10 SunOS 5.9_x86: patchadd and patchrm Patch 117481-01 SunOS 5.9_x86: pkgadd Patch 117068-02 Obsoleted by: 117068-03 SunOS 5.9_x86: awk, nawk, oawk patch 121993-01 SunOS 5.9_x86: fgrep Patch 114343-13 SunOS 5.9_x86: ksh patch 116341-04 Obsoleted by: 116341-05 SunOS 5.9_x86: gzip and Freeware info files patch 113996-01 Obsoleted by: 113996-02 SunOS 5.9_x86: utmp_update Patch 113924-02 X11 6.6.1_x86: security font server patch 114136-01 Obsoleted by: 114136-02 SunOS 5.9_x86: at utility Patch 114134-01 Obsoleted by: 114134-02 SunOS 5.9_x86: mail Patch 114137-05 SunOS 5.9_x86: sendmail Patch 114009-01 SunOS 5.9_x86: cachefsd Patch 114421-03 SunOS 5.9_x86: Multiterabyte Disk Support - libadm.so.1 patch 117172-17 SunOS 5.9_x86: Kernel Patch 114432-23 Obsoleted by: 114432-24 SunOS 5.9_x86: libthread.so.1 libc patch 113719-16 Obsoleted by: 113719-17 SunOS 5.9_x86: libnsl rpc.nispasswdd Patch 114354-08 SunOS 5.9_x86: libresolv patch 114714-01 Obsoleted by: 114714-02 SunOS 5.9_x86: newtask Patch 114685-03 SunOS 5.9_x86: samba Patch 114862-01 SunOS 5.9_x86: /usr/sbin/wall Patch 114730-01 SunOS 5.9_x86: /usr/sbin/in.telnetd Patch 114715-01 SunOS 5.9_x86: libdb2.so.1 Patch 114570-01 SunOS 5.9_x86: libdbm.so.1 Patch 113241-05 Obsoleted by: 113241-06 CDE 1.5_x86: dtsession patch 114637-03 SunOS 5.9_x86: KCMS security fix 114858-08 SunOS 5.9_x86: usr/lib/ssh/sshd Patch 115755-02 SunOS 5.9_x86: zlib security Patch 116045-01 SunOS 5.9_x86: krbv5 Patch (krb5kdc) 116044-01 Obsoleted by: 116044-02 SunOS 5.9_x86: krbv5 Patch (kdb5_util) 114496-01 CDE 1.5_x86: dtprintinfo patch 114145-06 SunOS 5.9_x86: Apache Security Patch 116238-01 SunOS 5.9_x86: pfexec Patch 116248-01 SunOS 5.9_x86: audit_warn Patch 116508-01 SunOS 5.9_x86: sulogin Patch 116454-01 Obsoleted by: 116454-02 SunOS 5.9_x86: sadmind default security level vulnerability 117115-02 CDE 1.5_x86: sdtwebclient patch 115880-02 SunOS 5.9_x86: uucp patch 116309-01 CDE 1.5_x86: libDtHelp patch 117072-01 SunOS 5.9_x86: memory leak in llc1_ioctl() 113870-05 CDE 1.5_x86: dtmail patch 114050-12 SunOS 5.9_x86: NSPR 4.1.6 / NSS 3.3.4.5 115684-02 Obsoleted by: 115684-04 SunOS 5.9_x86: WAN-boot header file Patch 116775-03 SunOS 5.9_x86: ping Patch 117456-02 SunOS 5.9_x86: in.rwhod Patch 116539-03 SunOS 5.9_x86: SUNW_disk_link.so Patch 117204-04 Obsoleted by: 117204-05 X11 6.6.1_x86: fontconfig patch 116106-03 Obsoleted by: 116106-04 X11 6.6.1_x86: FreeType patch 117202-09 X11 6.6.1_x86: st patch 113986-21 SunOS 5.9_x86: linker Patch 112786-41 X11 6.6.1_x86: Xsun patch 117470-07 SunOS 5.9_x86: tcp Patch 119443-01 Obsoleted by: 119443-02 SunOS 5.9_x86: kernel/drv/sd Patch 114210-09 Obsoleted by: 114210-10 CDE 1.5_x86: dtlogin patch 119434-01 SunOS 5.9_x86: telnet 114273-03 Obsoleted by: 114273-04 SunOS 5.9_x86: Sun ONE Directory Server 5.1 patch 114263-02 Obsoleted by: 114263-04 SunOS 5.9_x86: libgss.so.1 Patch 117446-01 SunOS 5.9_x86: newgrp patch 116808-02 SunOS 5.9_x86: /usr/sadm/lib/smc/lib/preload/jsdk21.jar patch 114328-06 SunOS 5.9_x86: nss_ldap.so.1 Patch 114342-06 Obsoleted by: 114342-07 SunOS 5.9_x86: usr/lib/netsvc/yp/rpc.yppasswdd patch 114357-05 Obsoleted by: 114357-06 SunOS 5.9_x86: usr/bin/ssh patch 117486-01 SunOS 5.9_x86: fn_ctx_x500.so.1 Patch 119450-01 SunOS 5.9_x86: Perl Patch 114242-12 Obsoleted by: 114242-13 SunOS 5.9_x86: passwdutil.so.1 & pam_authtok Patch 117468-12 SunOS 5.9_x86: NFS patch 114932-01 SunOS 5.9_x86: usr/sbin/syslogd Patch 114220-11 CDE 1.5_x86: sdtimage patch 117482-01 SunOS 5.9_x86: c2audit Patch 114435-10 SunOS 5.9_x86: IKE patch 116046-06 Obsoleted by: 116046-07 SunOS 5.9_x86: krbv5 Patch (libkadm5srv.so.1) 114565-09 SunOS 5.9_x86: /usr/sbin/in.ftpd Patch 114193-20 Obsoleted by: 114193-21 SunOS 5.9_x86: wbem Patch 118559-28 SunOS 5.9_x86: Kernel Patch 114504-08 Obsoleted by: 114504-09 SunOS 5.9_x86: usr/sadm/lib/usermgr/VUserMgr.jar Patch 115159-04 Obsoleted by: 115159-05 X11 6.6.1_x86: xscreensaver patch 114980-17 Obsoleted by: 114980-18 SunOS 5.9_x86: lp Patch 119902-01 Openwindows 3.7.0_x86: Xview Patch 115168-02 Obsoleted by: 115168-04 SunOS 5.9_x86: usr/lib/security/pam_krb5.so.1 Patch 118301-01 Obsoleted by: 118301-02 X11 6.6.1_x86: libXpm patch 120463-01 Obsoleted by: 120463-02 SunOS 5.9_x86: sockfs patch 114243-03 Obsoleted by: 114243-04 SunOS 5.9_x86: st driver Patch IMPORTANT NOTES AND WARNINGS: ----------------------------- SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option, the patch installation process will still require some amount of disk space for installation and administrative tasks in the /, /usr, /var, or /opt directories where patches are typically installed. The exact amount of space will depend on the machine's architecture, software packages already installed, and the difference in the patched objects size. To be safe, it is not recommended that a patch cluster be installed on a system with less than 100 MBytes of available space in each of these directories. Running out of disk space during installation may result in only partially loaded patches. Be sure a recent full system backup is available in case a problem occurs, and check to be sure adequate disk space is available before installing the patch cluster. SAVE AND BACKOUT OPTIONS: By default, the cluster installation procedure uses the patchadd command save feature to save the base objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the base objects and will terminate if not. Patches can only be individually backed out with the original object restored if the save option was used when installing this cluster. Please later refer to the patchrm command manual page for instructions and more information. It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option, however, means that you will not be able to backout individual patches if the need arises. SPECIAL INSTALL INSTRUCTIONS: As with any patch individually applied, there may be additional special installation instructions which are documented in the individual patch README file. It is recommended that each individual patch readme is reviewed before installing this cluster to determine if any additional installation steps are necessary for a patch. Otherwise it is possible that an individual patch may still not be completely installed in all respects after the cluster has been installed. DISKLESS CLIENT SYSTEMS: On server machines that service diskless clients, a patch is NOT applied to existing clients or to the client root template space. Therefore, all client machines of the server that will need this cluster will have to individually apply this cluster. Install this cluster on the client machines first, then the server. A PATCH MAY NOT BE APPLIED: Under certain circumstances listed below, a particular patch provided in this cluster may not be installed if: - The patch applies to a package that has not originally been installed - The same or newer revision of the patch has already been installed - The patch was obsoleted by another patch that has already been installed - The package database is corrupt or missing Use the 'showrev -p' command to compare the list of patches already installed on the system with the patch list and revision levels provided in this cluster. During installation, the install process will indicate if a patch was not applied and more detailed installation messages will be logged to the installation log file. The README file with each patch also provides documentation regarding install and backout messages. OLDER VERSIONS OF PATCHES ALREADY INSTALLED: Backout of older versions of patches provided in the cluster is not required in order for the newer version to be installed. However not backing out an older rev before installing a newer rev will cause showrev -p to continue to show the older rev along with the newer rev. And, if the older rev was previously installed with the save option, the older rev will continue to occupy disk space in /var/sadm/patch even though it has been obsoleted by the new rev. The patchrm command will only allow the most recently saved objects to be restored, thus there are no serious risks associated with leaving an older rev on the system. It just may, however, avoid confusion and be more economical to first backout an older patch revision before installing a newer revision. INSTALL INSTRUCTIONS: --------------------- First, be sure the patch cluster has been unzipped if the cluster was received as a .zip file, then proceed as follows: 1) Decide on which method you wish to install the cluster: Recommended Method Using Save Feature: By default, the cluster installation procedure uses the patchadd save feature to save the original objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the objects and will terminate if not. Using the default save feature is recommended. Method Using No Save Option: It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option means that you will not be able to backout individual patches if the need arises. 2) Run the install_cluster script cd ./install_cluster By default, a message warning the user to check for minimum disk space allowance (separate from the save feature) will appear and allow the user to abort if inadequate space exists. To suppress this interactive message the "-q" (quiet) option can be used when invoking install_cluster. The progress of the script will be displayed on your terminal. It should look something like: # ./install_cluster Patch cluster install script for Determining if sufficient save space exists... Sufficient save space exists, continuing... Installing patches located in Installing Installing . . . Installing For more installation messages refer to the installation logfile: /var/sadm/install_data/_log Use '/usr/bin/showrev -p' to verify installed patch-ids. Refer to individual patch README files for more patch detail. Rebooting the system is usually necessary after installation. # 3) Check the logfile if more detail is needed. If errors are encountered during the installation of this cluster, error messages will be displayed during installation. More details about the causes of failure can be found in the detail logfile: more /var/sadm/install_data/_log If this log file previously existed the latest cluster installation data will be concatenated to the file, so check the end of the file. 4) THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!! RETURN CODES: ------------- The following are the explanation of patchdd script exit codes: 0 No error 1 Usage error 2 Attempt to apply a patch that's already been applied 3 Effective UID is not root 4 Attempt to save original files failed 5 pkgadd failed 6 Patch is obsoleted 7 Invalid package directory 8 Attempting to patch a package that is not installed 9 Cannot access /usr/sbin/pkgadd (client problem) 10 Package validation errors 11 Error adding patch to root template 12 Patch script terminated due to signal 13 Symbolic link included in patch 14 NOT USED 15 The prepatch script had a return code other than 0. 16 The postpatch script had a return code other than 0. 17 Mismatch of the -d option between a previous patch install and the current one. 18 Not enough space in the file systems that are targets of the patch. 19 $SOFTINFO/INST_RELEASE file not found 20 A direct instance patch was required but not found 21 The required patches have not been installed on the manager 22 A progressive instance patch was required but not found 23 A restricted patch is already applied to the package 24 An incompatible patch is applied 25 A required patch is not applied 26 The user specified backout data can't be found 27 The relative directory supplied can't be found 28 A pkginfo file is corrupt or missing 29 Bad patch ID format 30 Dryrun failure(s) 31 Path given for -C option is invalid 32 Must be running Solaris 2.6 or greater 33 Bad formatted patch file or patch file not found 34 Incorrect patch spool directory 35 Later revision already installed 36 Cannot create safe temporary directory 37 Illegal backout directory specified 38 A prepatch, prePatch or a postpatch script could not be executed