OBSOLETE Patch-ID# 112920-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security libipp ipqos lp slow-filtering print request cancel lpstat buffer ike rfe ssh inet ikecert footprint ipv6 ipsecconf socket
Synopsis: Obsoleted by: 112920-04 SunOS 5.9: libipp, lp, IKE Patch
Date: Apr/08/2011


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 114423

Topic: SunOS 5.9: libipp, lp, IKE Patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
450854715081137
453049915088185
459303115090465
462654215094086
462877415094668
462890115094700
463597815096472
464016615097521
464097615097696
464473115098542
464736115099088
464882515099432
465245315100222
465305115100367
466668615103959
466787315104213
467156315105006
467333315105354
467333815105358
468723715108081
468745815108113
468748315108119
469746015110503
470414615112179
470415315112181
470415715112182
470430315112209
470437615112223
470437715112224
470446015112258
470478615112363
470479315112366
470479815112368
470481215112371
470482415112380
470492115112417
470492615112420
470561115112618
470562615112620
470563515112621
470566315112628
470566515112629
470589915112691
470591015112694
470591115112697
470591515112698
470593315112699
470593715112701
470594315112705
470594715112708
470594815112710
470595015112711
470595715112712
470595915112713
470597715112729
470635115112813
471251115114364
471495215114957
473157515119149
473430115119946
473974615121545
474154315122065
474261915122369
474549315123242
474570915123304
474571615123308
475157015125060
475246615125336
476175315128004
476179115128017
476221915128187
477510815132338
480429915141792
480908215143338
480969015143547
481920315146618
482366515148035
483256215150747
484009015153229
484236815154035
489023615167628
490291615171629
491585515175201
491974715176273
491980215176293
492501515177684
492742915178343
492778415178461
493011915179079
493039915179188
494003215181729
494123215182010
497485315191215
497675915191716
497733515191850
498136215192947
498242915193291
498686615194599
499799415197630
501433815201663
501662815202334
502520315204428
504303415210028
506045015214605
506412015215657
506560815216056
618604015234175
620805815240973
620965415241479
621446015243174
625997315261765
626540315263790
626812415264946
628913415273130
629731815276382
631424315283119
631424515283120
631686315284238
631702715284311
632324415286787
632658415288050
633115915289702
633369315290725
634077015293656
634736415296558
634858515297092
636795915304793
641832815327297
643558015334312
646923615349877
647915215354325
653951615386877
659909915420264
659995015420702
664582015447968
668817615472600
675020615509469
675094715509907
683413215558805
686349815577705
687224215582861
689964315602363
692211415619304
692212115619310
693936415633110
694155315634792
696120715649847
696594315653541
697517715661130
699049915673645


Changes incorporated in this version: 6939364 6990499

Patches accumulated and obsoleted by this patch: 112712-02 113329-30 113451-17 114979-01 115260-01 115882-01 116239-01 120025-01

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/etc/security/exec_attr
/usr/bin/cancel
/usr/bin/lp
/usr/bin/lpget
/usr/bin/lpset
/usr/bin/lpstat
/usr/include/inet/ipp_common.h
/usr/include/ipp/ipp.h
/usr/include/ipp/ipp_config.h
/usr/include/ipp/ipp_impl.h
/usr/include/libipp.h
/usr/lib/abi/abi_libike.so.1
/usr/lib/abi/abi_libikecert.so.1 (deleted)
/usr/lib/abi/abi_libipp.so.1
/usr/lib/abi/sparcv9/abi_libipp.so.1
/usr/lib/inet/certdb
/usr/lib/inet/certlocal
/usr/lib/inet/certrldb
/usr/lib/inet/in.iked
/usr/lib/libike.so.1
/usr/lib/libipp.so.1
/usr/lib/libprint.so.2
/usr/lib/llib-lipp
/usr/lib/llib-lipp.ln
/usr/lib/lp/bin/getmakes
/usr/lib/lp/bin/getmodels
/usr/lib/lp/bin/getppdfile
/usr/lib/lp/bin/getppds
/usr/lib/lp/bin/lp.cat
/usr/lib/lp/bin/lp.tell
/usr/lib/lp/bin/netpr
/usr/lib/lp/bin/ppdfilename2mmp
/usr/lib/lp/local/accept
/usr/lib/lp/local/lp
/usr/lib/lp/local/lpadmin
/usr/lib/lp/local/lpmove
/usr/lib/lp/local/lpstat
/usr/lib/lp/local/lpsystem
/usr/lib/lp/lpsched
/usr/lib/lp/postscript/download
/usr/lib/lp/postscript/dpost
/usr/lib/lp/postscript/picpack
/usr/lib/lp/postscript/postcomm
/usr/lib/lp/postscript/postdaisy
/usr/lib/lp/postscript/postdmd
/usr/lib/lp/postscript/postio
/usr/lib/lp/postscript/postplot
/usr/lib/lp/postscript/postprint
/usr/lib/lp/postscript/postreverse
/usr/lib/lp/postscript/posttek
/usr/lib/mdb/kvm/ipp.so
/usr/lib/mdb/kvm/sparcv9/ipp.so
/usr/lib/print/bsd-adaptor/bsd_cascade.so.1
/usr/lib/print/bsd-adaptor/bsd_lpsched.so.1
/usr/lib/print/conv_fix
/usr/lib/print/in.lpd
/usr/lib/print/psm-lpsched.so
/usr/lib/print/psm-lpsched.so.1
/usr/lib/sparcv9/libipp.so.1
/usr/lib/sparcv9/llib-lipp.ln
/usr/sadm/admin/bin/printmgr
/usr/sadm/admin/printmgr/classes/pmclient.jar
/usr/sadm/admin/printmgr/classes/pmserver.jar
/usr/sadm/admin/printmgr/lib/libpmgr.so
/usr/sadm/admin/printmgr/lib/libpmgr.so.1
/usr/sbin/ikeadm
/usr/sbin/ikecert
/usr/sbin/ipsecconf
/usr/sbin/lpadmin
/usr/sbin/lpfilter
/usr/sbin/lpforms
/usr/sbin/lpmove
/usr/sbin/lpshut
/usr/sbin/lpusers
/usr/ucb/lpc

Problem Description:

6939364 in.iked misses RTM_NEWADDR messages
6990499 lpstat -o <invalid ID> shows different output between local and remote printers
 
(from 112920-02)
 
4712511 cannot setup IPQoS
 
(from 112920-01)
 
        This revision accumulates S9U1 feature point patch 112712-02.
 
(from 112712-02)
 
        This revision synchronizes the package version string between S9
        and S9U1.
 
(from 112712-01)
 
4647361 Solaris needs IPQoS feature
4644731 IPQoS project degrades netbench performance when feature is disabled
 
(from 113329-30)
 
6941553 banner title field switched to "standard input" if source file path is longer than 23 characters
 
(from 113329-29)
 
6961207 Solaris 9 lpstat cannot handle printer name which has dash number included
6975177 lpstat(1) does not show print queues in priority order on Solaris 9 printer clients
 
(from 113329-28)
 
6965943 lp(1) with the -q option does not work as expected if the printer server is running Solaris 9
 
(from 113329-27)
 
6922114 lpstat -p shows different timestamp format in ja locale
6922121 after hold, lpstat -p output always shows now printing on the client in case server is Solaris 9
 
(from 113329-26)
 
6899643 output from 'lpstat -p' is different in Solaris 9 when connected to a S10U5+ system
 
(from 113329-25)
 
6863498 The "standard input" doesn't get printed to "Title:" even if the data is given to lp via its stdin
6872242 lp -d .. -H hold not working if target lp server is S9/S10U4+
 
(from 113329-24)
 
6750206 dtlogin core dumps on Solaris 9 with 112960-62 or 112960-63 patches
 
(from 113329-23)
 
6688176 in.lpd dumps core
 
(from 113329-22)
 
5014338 postreverse crashes processing dpost output
6418328 printjobs blocked in hold state whenever jobid number surpasses 999 and hostname >= 13
6479152 lpadmin form alignment test gets stuck in endless loop
6645820 postreverse(1) may dump core on memory allocation in DocumentPages()
 
(from 113329-21)
 
6323244 patch 113329-05 and higher causes remote printing to reprint large jobs
 
(from 113329-20)
 
6539516 applications compiled with -lldap on Solaris 8 core dump on Solaris 9-10 releases
 
(from 113329-19)
 
6599099 fix for 4383387 should reuse existing memory
6599950 print localhost checking should be shared
 
(from 113329-18)
 
6297318 orphan dfA files found on cascading SUN print host
 
(from 113329-17)
 
5065608 cascading is broken with latest Solaris printing patch
 
(from 113329-16)
 
6314243 lpsched should sanity-check request files
6314245 racy chown/chmod in lpsched
 
(from 113329-15)
 
6289134 lp subsystem remote file removal issue
 
(from 113329-14)
 
6208058 in.lpd failed to print files when umask is set to 077
 
(from 113329-13)
 
4997994 lp cannot read/print file in NFS-mounted directory
5060450 lp/printd: net_send_file() does not munmap() buffer for data file
5064120 ERROR: "/dev/cua/a" is symlink that points to file with different owner
6186040 redundant check in lpadmin for device owner
 
(from 113329-12)
 
5043034 large print jobs timeout on network printers and are continually rescheduled
 
(from 113329-11)
 
        Special patch install instructions replaces the need for a
        reconfiguration immediately after patch installation.
 
(from 113329-10)
 
4986866 lpmove incorrectly reports usage error for remote print jobs
 
(from 113329-09)
 
        Uprev'ed patch due to missing package SUNWpsr - see bug 5045047.
 
(from 113329-08)
 
        Patch respun to create /etc/lp/ppd directory during patchadd via
        postpatch script.
 
(from 113329-07)
 
4530499 invalid syslog message when printer does not exist
4593031 receive NullPointerExceptions when selecting menu options quickly
4626542 lpshut ignores that it can't get lock on FIFO and just continues to loop
4635978 in.lpd turns into a fork()/exec() bomb
4640976 client: generation of copyright file is dodgy
4652453 incorrect messaging in lp.cat
4687458 lpmove dumps core when malloc call returns NULL
4687483 netpr dumps core when malloc calls fail
4704146 lpforms: potential race condition creating temporary file
4704153 potential buffer overrun in in.lpd
4704157 lpadmin: bad use of gets()
4704303 lpsched: use of cftime() is dangerous
4704376 usr/src/cmd/lp/filter/postscript/common/misc.c error() should be varargs
4704377 usr/src/cmd/lp/filter/postscript/postcomm/postcomm.c error() should be varargs
4704786 lpsched: potential buffer overruns
4704793 lpsched: racy stat()
4704798 lpc: potential buffer overruns
4704921 lp: creates temporary files with fopen()
4704926 lp: potential buffer overruns
4705611 libprint: bsd_addr_create() should check result of malloc()
4705626 libprint: ns_cmn_kvp.c has memory issues
4705635 libprint: ns_printer_create() may not initialize memory
4705663 libprint: nss_ldap.c: unsafe use of strncpy()
4705665 libprint: nss_ldap.c: memory may not be initialized
4705910 libprint: job.c: makes unsafe use of open(O_CREAT)
4705915 libprint: job.c: doesn't check *alloc() results
4705933 libprint: misc.c: unsafe use of cftime()
4705937 libprint: misc.c: unchecked *alloc() result
4705943 cancel: unchecked memory allocation
4705950 usr/src/cmd/lp/model/netpr/misc.c vsprintf to fixed buffer
4705957 lpstat: extraneous chdir, unchecked *alloc()
4705959 lpset: uncheck *alloc() returns
4705977 lp: calls tempnam()
4706351 lpadmin: no warning when creating printer on user-owned symlink
4734301 lp system fails POSIX VSC tests
4751570 lpc generates core dump in Solaris 8 2/02
4761791 default timeout in netpr should be initialized
4775108 lp error when file is NFS-mounted and containing directory is 700
4809082 lpsched: R_INQUIRE_REQUEST_RANK does not include requests submitted to classes
4819203 Solaris printmgr generates warning with compile with javac 1.4.2
4930119 network printer timeout does not reset on fault clearance
4940032 Solaris should support IPP clients (LSARC/2001/259)
4981362 Java 1.5 and printmgr problems
5025203 Solaris printing needs RIP functionality (on)
 
(from 113329-06)
 
4809690 submitted print jobs don't seem to disappear after printing
4915855 printmgr cannot admin print queues stored in an LDAP nameservice
 
(from 113329-05)
 
4697460 hanging printd should not block all printjobs to remote
 
(from 113329-04)
 
4927784 special patch needed for BugId's 4902916 and 4648825
 
(from 113329-03)
 
4925015 pullback of bugfix 4648825 took fixes 4761753 4714952 4705911 4705899 4704812 with it
 
(from 113329-02)
 
4648825 Printer Management profile in exec_attr file is ineffective
4704812 lpstat: cftime() is deprecated in favor of strftime()
4705899 libprint: nss_write.c uses fopen() to create temp file
4705911 lib/print/job.c: makes unsafe use of access()
4714952 bsd-gw gives "dfAnnnhostname file exists" from a previous job
4761753 filedescriptor "fd" is not closed in job_retrieve()
 
(from 113329-01)
 
4640166 lp: when hold a request during slow-filtering, a request could be canceled
 
(from 114979-01)
 
4704824 lpstat: potential buffer overrun
 
(from 115882-01)
 
4902916 cancel cmd does not work well with RBAC Printer Management
 
(from 116239-01)
 
4705948 conv_fix: unsafe use of fopen()
4705947 conv_fix: should use strlcat
 
(from 113451-17)
 
6209654 IKE cert payload has problem with certificate chains
 
(from 113451-16)
 
6834132 S9 IPsec/in.iked rport only selector fails with 113451-11
 
(from 113451-15)
 
6750947 libike needs more rigorous packet checks
 
(from 113451-14)
 
4745716 IKE door operations cause in.iked leaks
 
(from 113451-13)
 
6435580 isakmp_negotiation structure passed to ike_call_callbacks() should not contain NULL pointers
 
(from 113451-12)
 
6469236 libike's RSA signature checking slightly incorrect
 
(from 113451-11)
 
6347364 SafeNet plugs ASN.1 leaks
6348585 ISAKMP notification sent to peer contains garbage
6367959 large numbers of certlib entries corrupt active Phase I SA state
6333693 in.iked needs better handling of port-only selectors
6340770 multiple-personality disorder affects inverse_acquire, too
6331159 if the only pre-shared key is deleted, the IKE daemon can not add new keys from a file
6326584 comedy of mismerges puts a quarter-twist into quick mode identities
 
(from 113451-10)
 
6316863 in.iked stops responding after 8 hours because cookies have been updated
6265403 short-lived Phase I SAs get bitten by libike's retransmit-driven delayed cleanup
6259973 IKE phase2 exchange fails to occur when phase1 SA nears expiry
6268124 ikeadm won't remove expiring phase1 SA's by address
6317027 libike tries to dereference the wrong negotiation
 
(from 113451-09)
 
5016628 ikecert certrldb -e "certspec" does not work
4976759 callers of ssh_x509_crl_decode() should check for SSH_X509_OK/FAILURE
4977335 ssh_x509_crl_decode() can fail but return SSH_X509_OK
4974853 certrldb will dump core if pem_to_ber() returns NULL
 
(from 113451-08)
 
4982429 patch 113451-06 adds certlocal entry to exec_attr redundantly
 
(from 113451-07)
 
4762219 ikeadm write preshared causes in.iked heartburn
4941232 deleting P1 SAs by address should delete ALL matching P1 SAs
 
(from 113451-06)
 
4804299 failed to change the default value of 28800 for Phase 2 SA's via p2_lifetime_sec
4919747 p2_lifetime default value is too high
4919802 Solaris IKE does not negotiate p2_lifetime_secs when creating an SA
4667873 in.iked door protocol handles some key lengths badly
4840090 why is add_new_sa() called before a phase1_t is linked to a Phase 1 pm_info?
4890236 in.iked botches PF_KEY identity extensions
4927429 some deleted Phase lingers slightly too long
 
(from 113451-05)
 
4930399 ASN.1 patches from SSH, Inc.
 
(from 113451-04)
 
        This revision accumulates S9U5 feature point patch 115260-01.
 
(from 113451-03)
 
4673333 IKE should support hardware assist for certs and Oakley groups
4666686 patch libike with 4/8/2002 SSH patches
4687237 ssh_fatal() calls abort()
4704460 ikeadm:  strcpy() should be replaced by strlcpy()
4739746 single-buffer memory leak in start_ike_servers()
4745493 more patches from SSH Inc.
4745709 SSH IKE code leaks hostent structures
 
(from 113451-02)
 
4628774 upgrade SSH IKE library to 4.2 from 2.1
4653051 ikecert certlocal -kc ... fails without an altname (-A option)
4508547 ikeadm errors are vague
4628901 in.iked should be compiled with _REENTRANT defined
4741543 patch 113451-01 doesn't replace abi_libikecert.so.1 properly
 
(from 113451-01)
 
4628774 upgrade SSH IKE library to 4.2 from 2.1
4653051 ikecert certlocal -kc ... fails without an altname (-A option)
4508547 ikeadm errors are vague
4628901 in.iked should be compiled with _REENTRANT defined
 
(from 115260-01)
 
4671563 RFE: ikecert -lv should list algorithm signature
4673338 IKE should support HW storage of private keys and certificates
4731575 IKE should work with IPv6
4742619 HW-IKE should be more robust when choosing pkcs11 slots
4752466 race in in.iked causes coredump in add_new_sa()
4823665 in.iked becomes confused about sender and receiver
4832562 certdb malformed cert causes core dump
4842368 memory leak for rsa_encryption initiator
 
(from 120025-01)
 
6214460 ipsecconf backs out valid rules if it runs into a duplicate rule


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get the complete IPQoS feature, please also install the following
         patches:
 
         112905-01 (or greater)  ippctl
         112906-01 (or greater)  ipgpc
         112902-01 (or greater)  ip
         112927-01 (or greater)  IPQos Header
         112233-01 (or ngreatr)  KU Patch
 
NOTE 2:  To get the complete fix for BugId 6539516 (applications compiled
         with -lldap on Solaris 8 core dump on Solaris 9-10 releases),
         please also install the following patch:
 
         112960-62 (or greater)  ldap library patch
 
NOTE 3:  To get the complete fix for BugId 6750206 (dtlogin core dumps
         on Solaris 9 with 112960-62 or 112960-63 patches), please also
         install the following patch:
 
         112960-65 (or greater)  ldap library patch
 
NOTE 4:  To get the complete Hardware Acceleration for IKE feature, please
         also install the following patch:
 
         114125-01 (or greater)  config.sample
 
NOTE 5:  To get the complete Hardware Key Storage for IKE and IKE for IPV6
         feature, please also install the following patch:
 
         112904-10 (or greater)  ipsecah patch


README -- Last modified date: Friday, November 9, 2012