# CLUSTER_README NAME: Solaris 2.4 x86_Recommended Patch Cluster DATE: Jan/04/02 ######################################################################## This patch cluster is intended to provide a selected set of patches for the designated Solaris release level. This is a bundled set of patches conveniently wrapped for one-step installation. Only install this cluster on the appropriate Solaris system. Carefully read all important notes and install instructions provided in this README file before installing the cluster. A cluster grouping does not necessarily imply that additional compatibility testing has occured since the individual patches were released. ######################################################################## CLUSTER DESCRIPTION ------------------- These Solaris Recommended patches are considered the most important and highly recommended patches that avoid the most critical system, user, or security related bugs which have been reported and fixed to date. In most cases a Solaris security patch will be included in the recommended patch set. It is possible, however, that a security patch may not be included in the recommended set if it is determined to be a more obscure application specific issue and not generally applicable. During initial installation of the Solaris product other patches or patch sets may be provided with the product and required with product installation. Refer to the Solaris product installation documentation to be sure that all the patches required at product installation are already installed. This patch cluster can then be used to update or augment the system with the recommended patches included. PATCHES INCLUDED: ----------------- 103717-09 CDE 1.0.2_x86: dtcm sdtcm_convert rpc.cmsd patch 103718-09 CDE 1.0.1_x86: dtcm sdtcm_convert rpc.cmsd patch 102480-12 SunOS 5.4_x86: libresolv, in.named, named-xfer, nslookup, nstest patch 101908-17 SunOS 5.4_x86: fixes to volume management 101924-07 SunOS 5.4_x86: add_drv, drv_config, pcfs and fdformat fixes 101946-64 SunOS 5.4_x86: Kernel update 101974-41 SunOS 5.4_x86: libnsl, nistbladm & ypbind fixes 101960-22 SunOS 5.4_x86: lp patch 102064-20 SunOS 5.4_x86: /usr/lib/sendmail patch 102071-07 SunOS 5.4_x86: usr/sbin/rpcbind patch 102166-03 SunOS 5.4_x86: nss_dns.so.1 fixes 102219-04 SunOS 5.4_x86: libbsm fixes 102278-03 SunOS 5.4_x86: nss_nisplus.so.1 fixes 102686-03 SunOS 5.4_x86: /usr/lib/nfs/mountd patch 102694-12 SunOS 5.4_x86: /usr/bin/at and /usr/sbin/cron patch 102705-02 SunOS 5.4_x86: jumbo patch for NIS commands 102712-02 SunOS 5.4_x86: usr/bin/ps and usr/ucb/ps patch 102742-01 SunOS 5.4_x86: libm can hit SEGV in multi-threaded mode 102757-01 SunOS 5.4_x86: expreserve still has security problem 102770-08 SunOS 5.4_x86: statd fixes 102774-02 SunOS 5.4_x86: in.tftpd patch 102778-03 SunOS 5.4_x86: linker patch 102789-04 SunOS 5.4_x86: Patch for sccs 102923-05 SunOS 5.4_x86: inetd fixes 102961-01 SunOS 5.4_x86: vipw has a security problem 103082-02 SunOS 5.4_x86: patch usr/bin/tip 103271-01 SunOS 5.4_x86: nissetup default permissions not secure enough 103707-03 SunOS 5.4_x86: rpc.nisd_resolv rebuild for BIND 4.9.3 103814-05 SunOS 5.4_x86: /usr/bin/rdist patch 104702-01 SunOS 5.4_x86: in.talkd security problem fix 104974-01 SunOS 5.4_x86: chkey and newkey patch 105100-01 SunOS 5.4_x86: usr/sbin/sysdef patch 105255-01 SunOS 5.4_x86: usr/bin/rlogin patch 105653-02 SunOS 5.4_x86: /kernel/misc/pdwa patch 106043-01 SunOS 5.4_x86: in.rexecd does not prevent access to expired accounts 106452-01 SunOS 5.4_x86: /usr/sbin/ping fix 101890-15 OpenWindows 3.4_x86: Xview Patch 102031-11 OpenWindows 3.4_x86: Calendar Manager patch 102293-04 OpenWindows 3.4_x86: filemgr (ff.core) fixes 102389-09 OpenWindows 3.4_x86: OLIT Patch 103185-02 OpenWindows 3.4_x86: libX11 patch 105103-01 OpenWindows 3.4_x86: libXt patch 105110-01 OpenWindows 3.4_x86: xlock patch 102496-03 Motif 1.2.3_x86: libXm RunTime Kit Patch 106705-01 SunOS 5.4_x86: /usr/sbin/in.uucpd patch 106962-01 SunOS 5.4_x86: /usr/bin/apropos patch 106991-01 SunOS 5.4_x86: uux has buffer overflow problems 106673-02 OpenWindows 3.4_x86: libce suid/sgid security fix 106674-02 OpenWindows 3.4_x86: libdeskset patch 101892-15 OpenWindows 3.4_x86: Mailtool Patch 106647-03 SNC 3.2: rpc.pcnfsd has security problem, also hangs and dumps core 108491-01 SunOS 5.4_x86: Snoop may be exploited to gain root access 108641-02 OpenWindows 3.4_x86: ToolTalk 1.1.2 108637-02 CDE 1.0.1_x86/1.0.2_x86: ToolTalk patch 108496-01 SunOS 5.4_x86: ASET sets the gid bit on /tmp,/var/tmp during med/high 108770-02 SunOS 5.4_x86: telnet env has extra NULL field between HZ & TZ vars 109447-01 SunOS 5.4_x86: patch /usr/vmsys/bin/chkperm 102043-06 SunOS 5.4_x86: /usr/bin/mail fixes 109724-02 SunOS 5.4_x86: arp should lose set-gid bit 110052-01 SunOS 5.4_x86: Patch for libcurses 109549-01 SunOS 5.4_x86: patch /usr/sbin/keyserv 109551-01 SunOS 5.4_x86: patch /usr/sbin/rpc.bootparamd 102041-05 SunOS 5.4_x86: fixes for package installation utilities 102050-08 SunOS 5.4_x86: ksh patch 111492-01 SunOS 5.4_x86: finger doesn't always correctly match NULL usernames 104951-03 SunOS 5.4_x86: usr/bin/uustat & usr/sbin/cu patch 108364-02 CDE 1.0.2_x86: libDtSvc Patch IMPORTANT NOTES AND WARNINGS: ----------------------------- SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option, the patch installation process will still require some amount of disk space for installation and administrative tasks in the /, /usr, /var, or /opt partitions where patches are typically installed. The exact amount of space will depend on the machine's architecture, software packages already installed, and the difference in the patched objects size. To be safe, it is not recommended that a patch cluster be installed on a system with less than 4 MBytes of available space in each of these partitions. Running out of disk space during installation may result in only partially loaded patches. Be sure a recent full system backup is available in case a problem occurs, and check to be sure adequate disk space is available before installing the patch cluster. SAVE AND BACKOUT OPTIONS: By default, the cluster installation procedure uses the installpatch save feature to save the base objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the base objects and will terminate if not. Patches can only be individually backed out with the original object restored if the save option was used when installing this cluster. Please later refer to the backoutpatch instructions provided in the individual patch README file which will be located in the specific patch directory under /var/sadm/patch after the patch has been installed. It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option, however, means that you will not be able to backout individual patches if the need arises. SPECIAL INSTALL INSTRUCTIONS: As with any patch individually applied, there may be additional special installation instructions which are documented in the individual patch readme file. It is recommended that each individual patch readme is reviewed after installing this cluster to determine if any additional installation steps are necessary for a patch. Otherwise it is possible that an individual patch may still not be completely installed in all respects after the cluster has been installed. DISKLESS OR DATALESS CLIENT SYSTEMS: On server machines that service diskless and/or dataless clients, a patch is NOT applied to existing clients or to the client root template space. Therefore, all client machines of the server that will need this cluster will have to individually apply this cluster. Install this cluster on the client machines first, then the server. A PATCH MAY NOT BE APPLIED: Under certain circumstances listed below, a particular patch provided in this cluster may not be installed if: - The patch applies to a package that has not originally been installed - The same or newer revision of the patch has already been installed - The patch was obsoleted by another patch that has already been installed - The package database is corrupt or missing Use the 'showrev -p' command to compare the list of patches already installed on the system with the patch list and revision levels provided in this cluster. During installation, the install process will indicate if a patch was not applied and more detailed installation messages will be logged to the installation log file. The README file with each patch also provides documentation regarding install and backout messages. OLDER VERSIONS OF PATCHES ALREADY INSTALLED: Backout of older versions of patches provided in the cluster is not required in order for the newer version to be installed. However not backing out an older rev before installing a newer rev will cause showrev -p to continue to show the older rev along with the newer rev. And, if the older rev was previously installed with the save option, the older rev will continue to occupy disk space in /var/sadm/patch even though it has been obsoleted by the new rev. The backoutpatch utility will only allow the most recently saved objects to be restored, thus there are no serious risks associated with leaving an older rev on the system. It just may, however, avoid confusion and be more economical to first backout an older patch rev before installing a newer rev. INSTALL INSTRUCTIONS: --------------------- First, be sure the patch cluster has been uncompressed and extracted if the cluster was received as a tar.Z file, then proceed as follows: 1) Decide on which method you wish to install the cluster: Recommended Method Using Save Feature: By default, the cluster installation procedure uses the installpatch save feature to save the original objects being patched. Prior to installing the patches the cluster installation script will first determine if enough system disk space is available in /var/sadm/patch to save the objects and will terminate if not. Using the default save feature is recommended. Method Using No Save Option: It is possible to override the save feature by using the [-nosave] option when executing the cluster installation script. Using the nosave option means that you will not be able to backout individual patches if the need arises. 2) Run the install_cluster script cd ./install_cluster By default, a message warning the user to check for minimum disk space allowance (separate from the save feature) will appear and allow the user to abort if inadequate space exists. To suppress this interactive message the "-q" (quiet) option can be used when invoking install_cluster. The progress of the script will be displayed on your terminal. It should look something like: # ./install_cluster Patch cluster install script for Determining if sufficient save space exists... Sufficient save space exists, continuing... Installing patches located in Installing Installing . . . Installing For more installation messages refer to the installation logfile: /var/sadm/install_data/_log Use '/usr/bin/showrev -p' to verify installed patch-ids. Refer to individual patch README files for more patch detail. Rebooting the system is usually necessary after installation. # 3) Check the logfile if more detail is needed. If errors are encountered during the installation of this cluster, error messages will be displayed during installation. More details about the causes of failure can be found in the detail logfile: more /var/sadm/install_data/_log If this log file previously existed the latest cluster installation data will be concatenated to the file, so check the end of the file. 4) THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!