Patch-ID# 112920-04
Download this patch from My Oracle Support
|
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
|
For further information on patching best practices and resources, please
see the following links:
|
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security libipp ipqos lp slow-filtering print request cancel lpstat buffer ike rfe ssh inet ikecert footprint ipv6 ipsecconf socket
Synopsis: SunOS 5.9: libipp, lp, IKE Patch
Date: Jan/06/2012
Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.
Solaris Release: 9
SunOS Release: 5.9
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 114423
Topic: SunOS 5.9: libipp, lp, IKE Patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 7055430
Patches accumulated and obsoleted by this patch: 112712-02 113329-30 113451-17 114979-01 115260-01 115882-01 116239-01 120025-01
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/etc/security/exec_attr
/usr/bin/cancel
/usr/bin/lp
/usr/bin/lpget
/usr/bin/lpset
/usr/bin/lpstat
/usr/include/inet/ipp_common.h
/usr/include/ipp/ipp.h
/usr/include/ipp/ipp_config.h
/usr/include/ipp/ipp_impl.h
/usr/include/libipp.h
/usr/lib/abi/abi_libike.so.1
/usr/lib/abi/abi_libikecert.so.1 (deleted)
/usr/lib/abi/abi_libipp.so.1
/usr/lib/abi/sparcv9/abi_libipp.so.1
/usr/lib/inet/certdb
/usr/lib/inet/certlocal
/usr/lib/inet/certrldb
/usr/lib/inet/in.iked
/usr/lib/libike.so.1
/usr/lib/libipp.so.1
/usr/lib/libprint.so.2
/usr/lib/llib-lipp
/usr/lib/llib-lipp.ln
/usr/lib/lp/bin/getmakes
/usr/lib/lp/bin/getmodels
/usr/lib/lp/bin/getppdfile
/usr/lib/lp/bin/getppds
/usr/lib/lp/bin/lp.cat
/usr/lib/lp/bin/lp.tell
/usr/lib/lp/bin/netpr
/usr/lib/lp/bin/ppdfilename2mmp
/usr/lib/lp/local/accept
/usr/lib/lp/local/lp
/usr/lib/lp/local/lpadmin
/usr/lib/lp/local/lpmove
/usr/lib/lp/local/lpstat
/usr/lib/lp/local/lpsystem
/usr/lib/lp/lpsched
/usr/lib/lp/postscript/download
/usr/lib/lp/postscript/dpost
/usr/lib/lp/postscript/picpack
/usr/lib/lp/postscript/postcomm
/usr/lib/lp/postscript/postdaisy
/usr/lib/lp/postscript/postdmd
/usr/lib/lp/postscript/postio
/usr/lib/lp/postscript/postplot
/usr/lib/lp/postscript/postprint
/usr/lib/lp/postscript/postreverse
/usr/lib/lp/postscript/posttek
/usr/lib/mdb/kvm/ipp.so
/usr/lib/mdb/kvm/sparcv9/ipp.so
/usr/lib/print/bsd-adaptor/bsd_cascade.so.1
/usr/lib/print/bsd-adaptor/bsd_lpsched.so.1
/usr/lib/print/conv_fix
/usr/lib/print/in.lpd
/usr/lib/print/psm-lpsched.so
/usr/lib/print/psm-lpsched.so.1
/usr/lib/sparcv9/libipp.so.1
/usr/lib/sparcv9/llib-lipp.ln
/usr/sadm/admin/bin/printmgr
/usr/sadm/admin/printmgr/classes/pmclient.jar
/usr/sadm/admin/printmgr/classes/pmserver.jar
/usr/sadm/admin/printmgr/lib/libpmgr.so
/usr/sadm/admin/printmgr/lib/libpmgr.so.1
/usr/sbin/ikeadm
/usr/sbin/ikecert
/usr/sbin/ipsecconf
/usr/sbin/lpadmin
/usr/sbin/lpfilter
/usr/sbin/lpforms
/usr/sbin/lpmove
/usr/sbin/lpshut
/usr/sbin/lpusers
/usr/ucb/lpc
Problem Description:
7055430 error message output by lpstat is not reasonable after 112920-03
(from 112920-03)
6939364 in.iked misses RTM_NEWADDR messages
6990499 lpstat -o <invalid ID> shows different output between local and remote printers
(from 112920-02)
4712511 cannot setup IPQoS
(from 112920-01)
This revision accumulates S9U1 feature point patch 112712-02.
(from 112712-02)
This revision synchronizes the package version string between S9
and S9U1.
(from 112712-01)
4647361 Solaris needs IPQoS feature
4644731 IPQoS project degrades netbench performance when feature is disabled
(from 113329-30)
6941553 banner title field switched to "standard input" if source file path is longer than 23 characters
(from 113329-29)
6961207 Solaris 9 lpstat cannot handle printer name which has dash number included
6975177 lpstat(1) does not show print queues in priority order on Solaris 9 printer clients
(from 113329-28)
6965943 lp(1) with the -q option does not work as expected if the printer server is running Solaris 9
(from 113329-27)
6922114 lpstat -p shows different timestamp format in ja locale
6922121 after hold, lpstat -p output always shows now printing on the client in case server is Solaris 9
(from 113329-26)
6899643 output from 'lpstat -p' is different in Solaris 9 when connected to a S10U5+ system
(from 113329-25)
6863498 The "standard input" doesn't get printed to "Title:" even if the data is given to lp via its stdin
6872242 lp -d .. -H hold not working if target lp server is S9/S10U4+
(from 113329-24)
6750206 dtlogin core dumps on Solaris 9 with 112960-62 or 112960-63 patches
(from 113329-23)
6688176 in.lpd dumps core
(from 113329-22)
5014338 postreverse crashes processing dpost output
6418328 printjobs blocked in hold state whenever jobid number surpasses 999 and hostname >= 13
6479152 lpadmin form alignment test gets stuck in endless loop
6645820 postreverse(1) may dump core on memory allocation in DocumentPages()
(from 113329-21)
6323244 patch 113329-05 and higher causes remote printing to reprint large jobs
(from 113329-20)
6539516 applications compiled with -lldap on Solaris 8 core dump on Solaris 9-10 releases
(from 113329-19)
6599099 fix for 4383387 should reuse existing memory
6599950 print localhost checking should be shared
(from 113329-18)
6297318 orphan dfA files found on cascading SUN print host
(from 113329-17)
5065608 cascading is broken with latest Solaris printing patch
(from 113329-16)
6314243 lpsched should sanity-check request files
6314245 racy chown/chmod in lpsched
(from 113329-15)
6289134 lp subsystem remote file removal issue
(from 113329-14)
6208058 in.lpd failed to print files when umask is set to 077
(from 113329-13)
4997994 lp cannot read/print file in NFS-mounted directory
5060450 lp/printd: net_send_file() does not munmap() buffer for data file
5064120 ERROR: "/dev/cua/a" is symlink that points to file with different owner
6186040 redundant check in lpadmin for device owner
(from 113329-12)
5043034 large print jobs timeout on network printers and are continually rescheduled
(from 113329-11)
Special patch install instructions replaces the need for a
reconfiguration immediately after patch installation.
(from 113329-10)
4986866 lpmove incorrectly reports usage error for remote print jobs
(from 113329-09)
Uprev'ed patch due to missing package SUNWpsr - see bug 5045047.
(from 113329-08)
Patch respun to create /etc/lp/ppd directory during patchadd via
postpatch script.
(from 113329-07)
4530499 invalid syslog message when printer does not exist
4593031 receive NullPointerExceptions when selecting menu options quickly
4626542 lpshut ignores that it can't get lock on FIFO and just continues to loop
4635978 in.lpd turns into a fork()/exec() bomb
4640976 client: generation of copyright file is dodgy
4652453 incorrect messaging in lp.cat
4687458 lpmove dumps core when malloc call returns NULL
4687483 netpr dumps core when malloc calls fail
4704146 lpforms: potential race condition creating temporary file
4704153 potential buffer overrun in in.lpd
4704157 lpadmin: bad use of gets()
4704303 lpsched: use of cftime() is dangerous
4704376 usr/src/cmd/lp/filter/postscript/common/misc.c error() should be varargs
4704377 usr/src/cmd/lp/filter/postscript/postcomm/postcomm.c error() should be varargs
4704786 lpsched: potential buffer overruns
4704793 lpsched: racy stat()
4704798 lpc: potential buffer overruns
4704921 lp: creates temporary files with fopen()
4704926 lp: potential buffer overruns
4705611 libprint: bsd_addr_create() should check result of malloc()
4705626 libprint: ns_cmn_kvp.c has memory issues
4705635 libprint: ns_printer_create() may not initialize memory
4705663 libprint: nss_ldap.c: unsafe use of strncpy()
4705665 libprint: nss_ldap.c: memory may not be initialized
4705910 libprint: job.c: makes unsafe use of open(O_CREAT)
4705915 libprint: job.c: doesn't check *alloc() results
4705933 libprint: misc.c: unsafe use of cftime()
4705937 libprint: misc.c: unchecked *alloc() result
4705943 cancel: unchecked memory allocation
4705950 usr/src/cmd/lp/model/netpr/misc.c vsprintf to fixed buffer
4705957 lpstat: extraneous chdir, unchecked *alloc()
4705959 lpset: uncheck *alloc() returns
4705977 lp: calls tempnam()
4706351 lpadmin: no warning when creating printer on user-owned symlink
4734301 lp system fails POSIX VSC tests
4751570 lpc generates core dump in Solaris 8 2/02
4761791 default timeout in netpr should be initialized
4775108 lp error when file is NFS-mounted and containing directory is 700
4809082 lpsched: R_INQUIRE_REQUEST_RANK does not include requests submitted to classes
4819203 Solaris printmgr generates warning with compile with javac 1.4.2
4930119 network printer timeout does not reset on fault clearance
4940032 Solaris should support IPP clients (LSARC/2001/259)
4981362 Java 1.5 and printmgr problems
5025203 Solaris printing needs RIP functionality (on)
(from 113329-06)
4809690 submitted print jobs don't seem to disappear after printing
4915855 printmgr cannot admin print queues stored in an LDAP nameservice
(from 113329-05)
4697460 hanging printd should not block all printjobs to remote
(from 113329-04)
4927784 special patch needed for BugId's 4902916 and 4648825
(from 113329-03)
4925015 pullback of bugfix 4648825 took fixes 4761753 4714952 4705911 4705899 4704812 with it
(from 113329-02)
4648825 Printer Management profile in exec_attr file is ineffective
4704812 lpstat: cftime() is deprecated in favor of strftime()
4705899 libprint: nss_write.c uses fopen() to create temp file
4705911 lib/print/job.c: makes unsafe use of access()
4714952 bsd-gw gives "dfAnnnhostname file exists" from a previous job
4761753 filedescriptor "fd" is not closed in job_retrieve()
(from 113329-01)
4640166 lp: when hold a request during slow-filtering, a request could be canceled
(from 114979-01)
4704824 lpstat: potential buffer overrun
(from 115882-01)
4902916 cancel cmd does not work well with RBAC Printer Management
(from 116239-01)
4705948 conv_fix: unsafe use of fopen()
4705947 conv_fix: should use strlcat
(from 113451-17)
6209654 IKE cert payload has problem with certificate chains
(from 113451-16)
6834132 S9 IPsec/in.iked rport only selector fails with 113451-11
(from 113451-15)
6750947 libike needs more rigorous packet checks
(from 113451-14)
4745716 IKE door operations cause in.iked leaks
(from 113451-13)
6435580 isakmp_negotiation structure passed to ike_call_callbacks() should not contain NULL pointers
(from 113451-12)
6469236 libike's RSA signature checking slightly incorrect
(from 113451-11)
6347364 SafeNet plugs ASN.1 leaks
6348585 ISAKMP notification sent to peer contains garbage
6367959 large numbers of certlib entries corrupt active Phase I SA state
6333693 in.iked needs better handling of port-only selectors
6340770 multiple-personality disorder affects inverse_acquire, too
6331159 if the only pre-shared key is deleted, the IKE daemon can not add new keys from a file
6326584 comedy of mismerges puts a quarter-twist into quick mode identities
(from 113451-10)
6316863 in.iked stops responding after 8 hours because cookies have been updated
6265403 short-lived Phase I SAs get bitten by libike's retransmit-driven delayed cleanup
6259973 IKE phase2 exchange fails to occur when phase1 SA nears expiry
6268124 ikeadm won't remove expiring phase1 SA's by address
6317027 libike tries to dereference the wrong negotiation
(from 113451-09)
5016628 ikecert certrldb -e "certspec" does not work
4976759 callers of ssh_x509_crl_decode() should check for SSH_X509_OK/FAILURE
4977335 ssh_x509_crl_decode() can fail but return SSH_X509_OK
4974853 certrldb will dump core if pem_to_ber() returns NULL
(from 113451-08)
4982429 patch 113451-06 adds certlocal entry to exec_attr redundantly
(from 113451-07)
4762219 ikeadm write preshared causes in.iked heartburn
4941232 deleting P1 SAs by address should delete ALL matching P1 SAs
(from 113451-06)
4804299 failed to change the default value of 28800 for Phase 2 SA's via p2_lifetime_sec
4919747 p2_lifetime default value is too high
4919802 Solaris IKE does not negotiate p2_lifetime_secs when creating an SA
4667873 in.iked door protocol handles some key lengths badly
4840090 why is add_new_sa() called before a phase1_t is linked to a Phase 1 pm_info?
4890236 in.iked botches PF_KEY identity extensions
4927429 some deleted Phase lingers slightly too long
(from 113451-05)
4930399 ASN.1 patches from SSH, Inc.
(from 113451-04)
This revision accumulates S9U5 feature point patch 115260-01.
(from 113451-03)
4673333 IKE should support hardware assist for certs and Oakley groups
4666686 patch libike with 4/8/2002 SSH patches
4687237 ssh_fatal() calls abort()
4704460 ikeadm: strcpy() should be replaced by strlcpy()
4739746 single-buffer memory leak in start_ike_servers()
4745493 more patches from SSH Inc.
4745709 SSH IKE code leaks hostent structures
(from 113451-02)
4628774 upgrade SSH IKE library to 4.2 from 2.1
4653051 ikecert certlocal -kc ... fails without an altname (-A option)
4508547 ikeadm errors are vague
4628901 in.iked should be compiled with _REENTRANT defined
4741543 patch 113451-01 doesn't replace abi_libikecert.so.1 properly
(from 113451-01)
4628774 upgrade SSH IKE library to 4.2 from 2.1
4653051 ikecert certlocal -kc ... fails without an altname (-A option)
4508547 ikeadm errors are vague
4628901 in.iked should be compiled with _REENTRANT defined
(from 115260-01)
4671563 RFE: ikecert -lv should list algorithm signature
4673338 IKE should support HW storage of private keys and certificates
4731575 IKE should work with IPv6
4742619 HW-IKE should be more robust when choosing pkcs11 slots
4752466 race in in.iked causes coredump in add_new_sa()
4823665 in.iked becomes confused about sender and receiver
4832562 certdb malformed cert causes core dump
4842368 memory leak for rsa_encryption initiator
(from 120025-01)
6214460 ipsecconf backs out valid rules if it runs into a duplicate rule
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: To get the complete IPQoS feature, please also install the following
patches:
112905-01 (or greater) ippctl
112906-01 (or greater) ipgpc
112902-01 (or greater) ip
112927-01 (or greater) IPQos Header
112233-01 (or ngreatr) KU Patch
NOTE 2: To get the complete fix for BugId 6539516 (applications compiled
with -lldap on Solaris 8 core dump on Solaris 9-10 releases),
please also install the following patch:
112960-62 (or greater) ldap library patch
NOTE 3: To get the complete fix for BugId 6750206 (dtlogin core dumps
on Solaris 9 with 112960-62 or 112960-63 patches), please also
install the following patch:
112960-65 (or greater) ldap library patch
NOTE 4: To get the complete Hardware Acceleration for IKE feature, please
also install the following patch:
114125-01 (or greater) config.sample
NOTE 5: To get the complete Hardware Key Storage for IKE and IKE for IPV6
feature, please also install the following patch:
112904-10 (or greater) ipsecah patch
README -- Last modified date: Friday, November 9, 2012