Patch-ID# 105210-27 Keywords: security y2000 watchmalloc libc readdir SIGCHLD pthread_cancel Synopsis: SunOS 5.6: libaio, libc & watchmalloc patch Date: Feb/07/00 Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 105211 Topic: SunOS 5.6: libaio, libc & watchmalloc patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. BugId's fixed with this patch: 1199039 1256914 4025238 4052568 4055257 4067374 4075686 4079059 4079320 4089406 4089981 4097441 4102420 4104740 4110771 4112035 4118037 4118295 4118653 4127014 4127727 4128660 4132657 4136059 4146098 4155392 4162491 4166495 4175558 4184623 4188005 4190645 4192195 4220394 4227724 4231212 4240566 Changes incorporated in this version: 4052568 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/libaio.so.1 /usr/lib/libc.a /usr/lib/libc.so.1 /usr/lib/libp/libc.a /usr/lib/pics/libc_pic.a /usr/lib/watchmalloc.so.1 Problem Description: 4052568 libthread/libpthread is not fork1-safe (as documented) (from 105210-26) 4162491 localtime() fails for earliest possible time (and possibly others) (from 105210-25) 4231212 SEGV in a signal handler (from 105210-24) 4075686 syslog() leaks file descriptor if openlog not called() (from 105210-23) 4227724 None of atoi, atof, atol and strtol works correctly in multi-byte locales (from 105210-22) 4240566 security: LC_MESSAGES buffer overflow (from 105210-21) 4220394 wait3 library function fails after 248 days (from 105210-20) 4192195 ftime() does not update contents of struct timeb timezone and dstflag members (from 105210-19) 4110771 getusershell(3c) causes memory corruption, causing ftpd to core dump (from 105210-18) 4184623 broken date in GMT timezone, displays as BST with TZ=GB-Eire 4155392 timezone change gives wrong alternate timezone 4136059 utc changes from 2.5.1 to 2.6 cause problems when including OS patches 4188005 mktime() can return wrong time if using multiple TZ's 4175558 TZ=GMT0BST-1,M3.5.0/2:00,M10.5.0/2:00 breaks 6 times from now to 2037 4190645 Y2000 Problem in libc in function posixgetdst - Backport of 4152473 (from 105210-17) 4132657 On solaris 2.5.1 BCP, connect() returns RESTART instead of EINTR 4146098 connect() and accept() can RESTART instead of returning EINTR (from 105210-16) 4079059 fscanf core dumps on Solaris 5.5.1 and 5.6, but not 5.0 (from 105210-15) 4166495 libthread is not fork-safe wrt to system() (from 105210-14) 4127014 putc() seems to call write twice under Solaris 2.6 4025238 infinite loop in printf if file descriptor 1 is closed. (from 105210-13) 4102420 segv's and libthread panics when numerous pthread_cancel()'s are run (from 105210-12) 4067374 localtime(0) error (from 105210-11) 4118653 libc MT synch. Object init. Stubs should not be no-ops (was sdtimage can spin ..) (from 105210-10) 4104740 ftrylockfile symbol missing from libc mapfiles (from 105210-09) 4127727 getgrgid_r() can corrupt stack / buffers if buffer is too small. 4128660 An application using getnam_r core dumps with the latest libc patch 4118037 getgrent_r() hangs if nis is not up and libthread is linked in. (from 105210-08) 1199039 strptime() doesn't work (from 105210-07) 4079320 regex works on 2.4 but not on 2.5+ with complex string. (from 105210-06) 4118295 LC_* can be used to obtain root access from setuid programs (from 105210-05) 4112035 strptime works fine on 2.5.1, but not on 2.6 NOTE: Original fix introduced in rev04 had problems with hotjava. (from 105210-04) 4112035 strptime works fine on 2.5.1, but not on 2.6 (from 105210-03) 1256914 strptime %EY can return incorrect year if 2nd or subsequent era segment used 4089981 ldivide() dumps core when a program is executed in Solaris 2.6 (from 105210-02) 4089406 readdir()/telldir() should accept *all* 32 bit cookies, not just those <= LONG_M 4097441 system() does not establish SIGCHLD handler (from 105210-01) 4055257 realloc failure does not leave original region "intact" Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- NOTE 1: To get the complete fix for 4089406, one also needs install the /usr/sbin/static/tar patch, 105926-01 (or newer). NOTE 2: To get the complete fix for bug 4102420 (segv's and libthread panics when numerous pthread_cancel()'s are run), one also needs to install the libthread patch, 105568-10 or its newer revision. NOTE 3: To get the complete fix for 4240566 (security: LC_MESSAGES buffer overflow), we recommend installing the following patches: 105722-03 (or newer) /usr/lib/fs/ufs/ufsrestore 107991-01 (or newer) /usr/sbin/static/rcp patch NOTE 4: To get the complete fix for bug 4052568 (libthread/ libpthread is not fork1-safe as documented), one also needs to install the libthread patch, 105568-16 or its newer revision.