# CLUSTER_README

NAME: Solaris 2.6 Recommended Patch Cluster
DATE: Sep/15/04

########################################################################

This patch cluster is intended to provide a selected set of patches for
the designated Solaris release level.  This is a bundled set of patches
conveniently wrapped for one-step installation.  Only install this
cluster on the appropriate Solaris system.  Carefully read all important
notes and install instructions provided in this README file before
installing the cluster.  A cluster grouping does not necessarily imply
that additional compatibility testing has occured since the individual
patches were released.

WARNING!! IT IS HIGHLY RECOMMENDED that the installation of this patch 
cluster be performed in single-user mode (Run Level S).

########################################################################

CLUSTER DESCRIPTION
-------------------

These Solaris Recommended patches are considered the most important and
highly recommended patches that avoid the most critical system, user, or
security related bugs which have been reported and fixed to date.  In
most cases a Solaris security patch will be included in the recommended
patch set.  It is possible, however, that a security patch may not be
included in the recommended set if it is determined to be a more obscure
application specific issue and not generally applicable.

During initial installation of the Solaris product other patches or patch
sets may be provided with the product and required with product installation.
Refer to the Solaris product installation documentation to be sure that all
the patches required at product installation are already installed.  This
patch cluster can then be used to update or augment the system with the
recommended patches included.


PATCHES INCLUDED:
-----------------

106828-01  SunOS 5.6: /usr/bin/date patch
105181-39  SunOS 5.6: Kernel update patch
105562-03  SunOS 5.6: chkey and keylogin patch
105210-51  SunOS 5.6: libaio, libc & watchmalloc patch
105568-26  SunOS 5.6: /usr/lib/libthread.so.1 patch
105356-23  SunOS 5.6: /kernel/drv/ssd and /kernel/drv/sd patch
105357-04  SunOS 5.6: /kernel/drv/ses patch
105375-29  SunOS 5.6: sf & socal driver patch
105379-07  SunOS 5.6: /kernel/misc/nfssrv patch
105395-09  SunOS 5.6: /usr/lib/sendmail patch
105407-01  SunOS 5.6: /usr/bin/volrmmount patch
105552-03  SunOS 5.6: /usr/sbin/rpc.nisd_resolv patch
105615-09  SunOS 5.6: /usr/lib/nfs/mountd patch
105665-04  SunOS 5.6: /usr/bin/login patch
105786-15  SunOS 5.6: /kernel/drv/ip patch
105741-09  SunOS 5.6: /kernel/drv/ecpp patch
105720-23  SunOS 5.6: /kernel/fs/nfs patch
106049-05  SunOS 5.6: /usr/sbin/in.telnetd patch
106235-14  SunOS 5.6: lp patch
106257-07  SunOS 5.6: /usr/bin/passwd and /usr/lib/libpam.so.1 patch
105755-13  SunOS 5.6: libresolv, in.named, named-xfer, nslookup, nstest patch
106301-06  SunOS 5.6: /usr/sbin/in.ftpd patch
106439-13  SunOS 5.6: /usr/sbin/syslogd patch
106448-01  SunOS 5.6: /usr/sbin/ping patch
105580-19  SunOS 5.6: /kernel/drv/glm patch
106226-03  SunOS 5.6: /usr/sbin/format patch
105642-10  SunOS 5.6: prtdiag patch
106040-18  SunOS 5.6: X Input & Output Method patch
106193-06  SunOS 5.6: Patch for Taiwan timezone
107434-01  CDE 1.2: Spell checking occasionally kills mail
105558-04  CDE 1.2: dtpad patch
105669-11  CDE 1.2: libDtSvc Patch
105837-03  CDE 1.2: dtappgather Patch, including SDE 1.0 installations
106242-03  CDE 1.2: libDtHelp.so.1 fixes
105703-28  CDE 1.2: dtlogin patch
105464-02  OpenWindows 3.6: Multiple xterm fixes
106222-01  OpenWindows 3.6: filemgr (ff.core) fixes
105284-50  Motif 1.2.7: Runtime library patch
106495-03  SunOS 5.6: truss & truss support library patch
105529-16  SunOS 5.6: /kernel/drv/tcp patch
105667-03  SunOS 5.6: /usr/bin/rdist patch
105722-07  SunOS 5.6: /usr/lib/fs/ufs/ufsdump and ufsrestore patch
105780-05  SunOS 5.6: /kernel/fs/fifofs patch
106123-05  SunOS 5.6: sgml patch
106522-05  SunOS 5.6: /usr/bin/ftp patch
106569-01  SunOS 5.6: libauth.a & libauth.so.1 patch
106592-05  SunOS 5.6: /usr/lib/nfs/statd patch
106625-14  SunOS 5.6: libsec.a, libsec.so.1 and /kernel/fs/ufs patch
106834-02  SunOS 5.6: cp/ln/mv patch
107618-04  SunOS 5.6: vold patch
107758-05  SunOS 5.6: /usr/bin/pax patch
107766-01  SunOS 5.6: ASET cklist reports unchanged 6month older files as new
107774-01  SunOS 5.6: inetd denial-of-service attack
107991-02  SunOS 5.6: /usr/sbin/static/rcp patch
105338-27  CDE 1.2: dtmail patch
106112-06  CDE 1.2: dtfile patch
106437-04  CDE 1.2: Print Manager Patch
105633-64  OpenWindows 3.6: Xsun patch
106415-04  OpenWindows 3.6: xdm patch
106648-01  OpenWindows 3.6: libce suid/sgid security fix
106649-01  OpenWindows 3.6: libdeskset patch
106650-05  OpenWindows 3.6: mailtool attachment security patch
107336-02  SunOS 5.6: kcms_server and kcms_configure security fixes
108199-01  CDE 1.2: dtspcd Patch
108201-01  CDE 1.2: dtaction Patch
107565-03  SunOS 5.6: /usr/sbin/in.tftpd patch
108492-01  SunOS 5.6: Snoop may be exploited to gain root access
108660-01  SunOS 5.6: Patch for sadmind
105472-08  SunOS 5.6: /usr/lib/autofs/automountd patch
108895-01  SunOS 5.6: patch /usr/sbin/rpc.bootparamd
108893-01  SunOS 5.6: patch /usr/lib/netsvc/yp/rpc.ypupdated
108890-02  SunOS 5.6: ypxfrd, ypbind, and ypserv patch
108499-01  SunOS 5.6: ASET sets the gid on /tmp, /var/tmp when setting med high
108468-03  SunOS 5.6: ldterm streams module fixes
108346-03  SunOS 5.6: patch usr/sbin/rpc.nispasswdd
108307-02  SunOS 5.6: keyserv fixes
107733-11  SunOS 5.6: linker patch
106639-08  SunOS 5.6: rpcmod patch
106468-06  SunOS 5.6: /usr/bin/cu and usr/bin/uustat patch
109266-05  SunOS 5.6: /usr/bin/mail patch
109339-02  SunOS 5.6: nscd's size grows - TTL values not implemented
109388-01  SunOS 5.6: patch /usr/vmsys/bin/chkperm
108804-02  SunOS 5.6: /usr/bin/tip patch
108333-02  SunOS 5.6: jserver buffer overflow
106292-14  SunOS 5.6: pkgadd/pkginstall & related utilities
106285-03  SunOS 5.6: /kernel/sys/msgsys patch
109719-01  SunOS 5.6: arp should lose set-gid bid
105847-14  SunOS 5.6: /kernel/drv/st.conf and /kernel/drv/st patch
105405-03  SunOS 5.6: libcurses.a & libcurses.so.1 patch
105792-10  SunOS 5.6: tar patch
105693-14  SunOS 5.6: cachefs patch
111029-01  SunOS 5.6: /kernel/sys/semsys patch
105486-07  SunOS 5.6: /kernel/fs/hsfs patch
111109-02  SunOS 5.6: Patch to /usr/bin/nawk
106361-15  SunOS 5.6: csh/jsh/ksh/rksh/rsh/sh patch
110990-02  SunOS 5.6: Patch for ttymon
111240-01  SunOS 5.6: Patch to /usr/bin/finger
107490-01  SunOS 5.6: savecore doesn't work if swap slice is over 2G
111664-01  SunOS 5.6: bzip patch
111560-01  SunOS 5.6: dmesg security problem
111572-01  SunOS 5.6: ar_open failure can lead to stale queue & memory corruption
111859-01  SunOS 5.6: Buffer overflow in whodo via $TZ
106303-04  SunOS 5.6: /usr/lib/netsvc/yp/rpc.yppasswdd patch
105990-05  SunOS 5.6: vi/ex/edit/view/vedit patch
111236-01  SunOS 5.6: Patch for /usr/sbin/in.fingerd
107298-03  SunOS 5.6: ntpdate and xntpd patch
111039-02  SunOS 5.6: /usr/bin/bdiff and /usr/bin/sdiff patch
107326-03  SunOS 5.6: rlmod and telmod patch
112073-03  SunOS 5.6: /usr/bin/mailx patch
112542-01  SunOS 5.6: fgrep fails with "wordlist too large"
112814-01  SunOS 5.6: in.talkd has a "user format" security problem
112893-01  SunOS 5.6: rpc.rwalld has format string problem
105798-04  SunOS 5.6: cprboot patch
106407-08  SunOS 5.6: Jumbo patch for ide and atapi fixes
105924-19  SunOS 5.6: kbd, se and zs drivers patch
106331-05  OpenWindows 3.6: Xview Patch
108129-05  OpenWindows 3.6: Font Server patch
113754-02  SunOS 5.6: utmp_update patch
114150-01  SunOS 5.6: Japanese SunOS 4.x Binary Compatibility(BCP) patch
114889-01  SunOS 5.6: /usr/sbin/wall patch
105377-06  SunOS 5.6: BCP patch
114941-01  SunOS 5.6: namefs patch
115563-01  SunOS 5.6: ed creates tempfiles in an insecure manner
105564-05  SunOS 5.6: /kernel/misc/rpcsec patch
106125-16  SunOS 5.6: Patch for patchadd and patchrm
105401-47  SunOS 5.6: libnsl and NIS+ commands patch
105216-05  SunOS 5.6: /usr/sbin/rpcbind patch
105800-08  SunOS 5.6: /usr/bin/admintool, y2000 patch
105566-12  CDE 1.2: calendar manager patch
105802-19  OpenWindows 3.6: ToolTalk patch
106027-12  CDE 1.2 / SDE 1.0: dtsession patch
105591-20  SunOS 5.6: Shared library patch for C++


IMPORTANT NOTES AND WARNINGS:
-----------------------------

SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES:  With or
without using the save option, the patch installation process will
still require some amount of disk space for installation and
administrative tasks in the /, /usr, /var, or /opt directories where
patches are typically installed.  The exact amount of space will depend
on the machine's architecture, software packages already installed, and
the difference in the patched objects size.  To be safe, it is not
recommended that a patch cluster be installed on a system with less
than 10 MBytes of available space in each of these directories. Running
out of disk space during installation may result in only partially
loaded patches.  Be sure a recent full system backup is available in
case a problem occurs, and check to be sure adequate disk space is
available before installing the patch cluster.

SAVE AND BACKOUT OPTIONS:
By default, the cluster installation procedure uses the patchadd
command save feature to save the base objects being patched.  Prior to
installing the patches the cluster installation script will first
determine if enough system disk space is available in /var/sadm/patch
to save the base objects and will terminate if not.  Patches can only
be individually backed out with the original object restored if the
save option was used when installing this cluster.  Please later refer
to the patchrm command manual page for instructions and more
information.  It is possible to override the save feature by using the
[-nosave] option when executing the cluster installation script.  Using
the nosave option, however, means that you will not be able to backout
individual patches if the need arises.

SPECIAL INSTALL INSTRUCTIONS:
As with any patch individually applied, there may be additional special
installation instructions which are documented in the individual patch
README file.  It is recommended that each individual patch readme is
reviewed before installing this cluster to determine if any additional
installation steps are necessary for a patch.  Otherwise it is possible
that an individual patch may still not be completely installed in all
respects after the cluster has been installed.

DISKLESS CLIENT SYSTEMS:
On server machines that service diskless clients, a
patch is NOT applied to existing clients or to the client root template
space.  Therefore, all client machines of the server that will need
this cluster will have to individually apply this cluster.  Install
this cluster on the client machines first, then the server.

A PATCH MAY NOT BE APPLIED:
Under certain circumstances listed below, a particular patch provided in
this cluster may not be installed if:
 
- The patch applies to a package that has not originally been installed
- The same or newer revision of the patch has already been installed
- The patch was obsoleted by another patch that has already been installed
- The package database is corrupt or missing

Use the 'showrev -p' command to compare the list of patches already 
installed on the system with the patch list and revision levels provided
in this cluster.  During installation, the install process will indicate
if a patch was not applied and more detailed installation messages will
be logged to the installation log file.  The README file with each patch
also provides documentation regarding install and backout messages.

OLDER VERSIONS OF PATCHES ALREADY INSTALLED:
Backout of older versions of patches provided in the cluster is not
required in order for the newer version to be installed.  However
not backing out an older rev before installing a newer rev will
cause showrev -p to continue to show the older rev along with the
newer rev.  And, if the older rev was previously installed with
the save option, the older rev will continue to occupy disk space
in /var/sadm/patch even though it has been obsoleted by the new rev.
The patchrm command will only allow the most recently saved
objects to be restored, thus there are no serious risks associated
with leaving an older rev on the system.  It just may, however,
avoid confusion and be more economical to first backout an older
patch revision before installing a newer revision.




************************ CAUTION: ****************************************

  Before installing the cluster, read 105395's SPECIAL_INSTRUCTIONS file.

**************************************************************************

INSTALL INSTRUCTIONS:
---------------------

First, be sure the patch cluster has been uncompressed and extracted
if the cluster was received as a tar.Z file, then proceed as follows:


1)      Decide on which method you wish to install the cluster:

Recommended Method Using Save Feature:
 
By default, the cluster installation procedure uses the patchadd
save feature to save the original objects being patched.  Prior
to installing the patches the cluster installation script will
first determine if enough system disk space is available in
/var/sadm/patch to save the objects and will terminate if not.
Using the default save feature is recommended. 
 
Method Using No Save Option:
 
It is possible to override the save feature by using the [-nosave]
option when executing the cluster installation script.  Using the
nosave option means that you will not be able to backout individual
patches if the need arises.
 
 
2)      Run the install_cluster script

        cd <patch cluster directory>
        ./install_cluster

By default, a message warning the user to check for minimum disk
space allowance (separate from the save feature) will appear
and allow the user to abort if inadequate space exists.  To
suppress this interactive message the "-q" (quiet) option can
be used when invoking install_cluster.
 
The progress of the script will be displayed on your terminal.
It should look something like:
 
# ./install_cluster
 
Patch cluster install script for <cluster name>
 
Determining if sufficient save space exists...
Sufficient save space exists, continuing...
Installing patches located in <patch cluster directory>
Installing <patch-id>
Installing <patch-id>
.
.
.
Installing <patch-id>
 
For more installation messages refer to the installation logfile:
   /var/sadm/install_data/<cluster name>_log
 
Use '/usr/bin/showrev -p' to verify installed patch-ids.
Refer to individual patch README files for more patch detail.
Rebooting the system is usually necessary after installation.
#
         
 
3)      Check the logfile if more detail is needed.
 
If errors are encountered during the installation of this cluster,
error messages will be displayed during installation.  More details
about the causes of failure can be found in the detail logfile:
 
        more /var/sadm/install_data/<cluster name>_log
 
If this log file previously existed the latest cluster installation
data will be concatenated to the file, so check the end of the file.
 
         
4)      THE MACHINE SHOULD BE REBOOTED FOR ALL PATCHES TO TAKE EFFECT!!


