OBSOLETE Patch-ID# 114423-09
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security multiterabyte disk support format dioctl_rwcmd vtoc disk efi hardware key storage ike ipv6 ipsecconf socket lpstat buffer overrun exec_attr cftime cancel rbac conv_fix
Synopsis: Obsoleted by: 114423-10 SunOS 5.9_x86: format, lp, IKE patch
Date: Mar/18/2011
Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.
Solaris Release: 9_x86
SunOS Release: 5.9_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patches 112920 and 113072
Topic: SunOS 5.9_x86: format, lp, IKE patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6939364 6990499
Patches accumulated and obsoleted by this patch: 114435-16 114980-31 115261-01 115883-01 116240-01 120026-01
Patches which conflict with this patch:
Patches required with this patch: 114419-02 (or greater)
Obsoleted by:
Files included with this patch:
/etc/security/exec_attr
/usr/bin/cancel
/usr/bin/lp
/usr/bin/lpget
/usr/bin/lpset
/usr/bin/lpstat
/usr/lib/abi/abi_libike.so.1
/usr/lib/inet/certdb
/usr/lib/inet/certlocal
/usr/lib/inet/certrldb
/usr/lib/inet/in.iked
/usr/lib/libike.so.1
/usr/lib/libprint.so.2
/usr/lib/lp/bin/getmakes
/usr/lib/lp/bin/getmodels
/usr/lib/lp/bin/getppdfile
/usr/lib/lp/bin/getppds
/usr/lib/lp/bin/lp.cat
/usr/lib/lp/bin/lp.tell
/usr/lib/lp/bin/netpr
/usr/lib/lp/bin/ppdfilename2mmp
/usr/lib/lp/local/accept
/usr/lib/lp/local/lp
/usr/lib/lp/local/lpadmin
/usr/lib/lp/local/lpmove
/usr/lib/lp/local/lpstat
/usr/lib/lp/local/lpsystem
/usr/lib/lp/lpsched
/usr/lib/lp/postscript/download
/usr/lib/lp/postscript/dpost
/usr/lib/lp/postscript/picpack
/usr/lib/lp/postscript/postcomm
/usr/lib/lp/postscript/postdaisy
/usr/lib/lp/postscript/postdmd
/usr/lib/lp/postscript/postio
/usr/lib/lp/postscript/postplot
/usr/lib/lp/postscript/postprint
/usr/lib/lp/postscript/postreverse
/usr/lib/lp/postscript/posttek
/usr/lib/print/bsd-adaptor/bsd_cascade.so.1
/usr/lib/print/bsd-adaptor/bsd_lpsched.so.1
/usr/lib/print/conv_fix
/usr/lib/print/in.lpd
/usr/lib/print/psm-lpsched.so
/usr/lib/print/psm-lpsched.so.1
/usr/sadm/admin/bin/printmgr
/usr/sadm/admin/printmgr/classes/pmclient.jar
/usr/sadm/admin/printmgr/classes/pmserver.jar
/usr/sadm/admin/printmgr/lib/libpmgr.so
/usr/sadm/admin/printmgr/lib/libpmgr.so.1
/usr/sbin/format
/usr/sbin/ikeadm
/usr/sbin/ikecert
/usr/sbin/ipsecconf
/usr/sbin/lpadmin
/usr/sbin/lpfilter
/usr/sbin/lpforms
/usr/sbin/lpmove
/usr/sbin/lpshut
/usr/sbin/lpusers
/usr/ucb/lpc
Problem Description:
6939364 in.iked misses RTM_NEWADDR messages
6990499 lpstat -o <invalid ID> shows different output between local and remote printers
(from 114423-08)
6776708 unable to write EFI label with mounted partitions
(from 114423-07)
6296988 format: segfault due to buffer overflow in shell escape code
4742992 format shell escape is a security hole under RBAC
(from 114423-06)
4820859 format -e' dumps core trying to create an EFI label
(from 114423-05)
4777332 format seems really broken for EFI labels
4826988 partitioning slice using GB units rounds off to next lower number
(from 114423-04)
4814438 kernel/drv/md patch for both SPARC and x86 do not list dependent patch in README
(from 114423-03)
4781880 VTOC error: write a block that is out of range - Fix in format
4785642 format -f <file> results in segmentation fault
4791416 format utility shows cylinder information wrong on S9U3
(from 114423-02)
4766161 formatting EFI labels fails for some partitionings
(from 114423-01)
4716238 PSARC 2001/570 multi-terabyte disk support
4334693 format command fails when configuring A3x00 RAID 5, 19+1 w/ Seagate 72GB drives
4622990 Solaris should provide a complete UUID mechanism
4726667 format fails w/ DIOCTL_RWCMD: Bad address
(from 114435-16)
6209654 IKE cert payload has problem with certificate chains
(from 114435-15)
6834132 S9 IPsec/in.iked rport only selector fails with 113451-11
(from 114435-14)
6750947 libike needs more rigorous packet checks
(from 114435-13)
4745716 IKE door operations cause in.iked leaks
(from 114435-12)
6435580 isakmp_negotiation structure passed to ike_call_callbacks() should not contain NULL pointers
(from 114435-11)
6469236 libike's RSA signature checking slightly incorrect
(from 114435-10)
6347364 SafeNet plugs ASN.1 leaks
6348585 ISAKMP notification sent to peer contains garbage
6367959 large numbers of certlib entries corrupt active Phase I SA state
6333693 in.iked needs better handling of port-only selectors
6340770 multiple-personality disorder affects inverse_acquire, too
6331159 if the only pre-shared key is deleted, the IKE daemon can not add new keys from a file
6326584 comedy of mismerges puts a quarter-twist into quick mode identities
(from 114435-09)
6316863 in.iked stops responding after 8 hours because cookies have been updated
6265403 short-lived Phase I SAs get bitten by libike's retransmit-driven delayed cleanup
6259973 IKE phase2 exchange fails to occur when phase1 SA nears expiry
6268124 ikeadm won't remove expiring phase1 SA's by address
6317027 libike tries to dereference the wrong negotiation
(from 114435-08)
4963817 IKE p2 negotiation failures on x86 with per-socket policies
(from 114435-07)
5016628 ikecert certrldb -e "certspec" does not work
4976759 callers of ssh_x509_crl_decode() should check for SSH_X509_OK/FAILURE
4977335 ssh_x509_crl_decode() can fail but return SSH_X509_OK
4974853 certrldb will dump core if pem_to_ber() returns NULL
(from 114435-06)
4982429 patch 113451-06 adds certlocal entry to exec_attr redundantly
(from 114435-05)
4762219 ikeadm write preshared causes in.iked heartburn
4941232 deleting P1 SAs by address should delete ALL matching P1 SAs
(from 114435-04)
4804299 failed to change the default value of 28800 for Phase 2 SA's via p2_lifetime_sec
4919747 p2_lifetime default value is too high
4919802 Solaris IKE does not negotiate p2_lifetime_secs when creating an SA
4667873 in.iked door protocol handles some key lengths badly
4840090 why is add_new_sa() called before a phase1_t is linked to a Phase 1 pm_info?
4890236 in.iked botches PF_KEY identity extensions
4927429 some deleted Phase lingers slightly too long
(from 114435-03)
4930399 ASN.1 patches from SSH, Inc.
(from 114435-02)
This revision accumulates S9U5 feature point patch 115261-01.
(from 114435-01)
4673333 IKE should support hardware assist for certs and Oakley groups
4666686 patch libike with 4/8/2002 SSH patches
4687237 ssh_fatal() calls abort()
4704460 ikeadm: strcpy() should be replaced by strlcpy()
4739746 single-buffer memory leak in start_ike_servers()
4745493 more patches from SSH Inc.
4745709 SSH IKE code leaks hostent structures
(from 115261-01)
4671563 RFE: ikecert -lv should list algorithm signature
4673338 IKE should support HW storage of private keys and certificates
4731575 IKE should work with IPv6
4742619 HW-IKE should be more robust when choosing pkcs11 slots
4752466 race in in.iked causes coredump in add_new_sa()
4823665 in.iked becomes confused about sender and receiver
4832562 certdb malformed cert causes core dump
4842368 memory leak for rsa_encryption initiator
(from 120026-01)
6214460 ipsecconf backs out valid rules if it runs into a duplicate rule
(from 114980-31)
6941553 banner title field switched to "standard input" if source file path is longer than 23 characters
(from 114980-30)
6961207 Solaris 9 lpstat cannot handle printer name which has dash number included
6975177 lpstat(1) does not show print queues in priority order on Solaris 9 printer clients
(from 114980-29)
6965943 lp(1) with the -q option does not work as expected if the printer server is running Solaris 9
(from 114980-28)
6922114 lpstat -p shows different timestamp format in ja locale
6922121 after hold, lpstat -p output always shows now printing on the client in case server is Solaris 9
(from 114980-27)
6899643 output from 'lpstat -p' is different in Solaris 9 when connected to a S10U5+ system
(from 114980-26)
6863498 The "standard input" doesn't get printed to "Title:" even if the data is given to lp via its stdin
6872242 lp -d .. -H hold not working if target lp server is S9/S10U4+
(from 114980-25)
6750206 dtlogin core dumps on Solaris 9 with 112960-62 or 112960-63 patches
(from 114980-24)
6688176 in.lpd dumps core
(from 114980-23)
5014338 postreverse crashes processing dpost output
6418328 printjobs blocked in hold state whenever jobid number surpasses 999 and hostname >= 13
6479152 lpadmin form alignment test gets stuck in endless loop
6645820 postreverse(1) may dump core on memory allocation in DocumentPages()
(from 114980-22)
6323244 patch 113329-05 and higher causes remote printing to reprint large jobs
(from 114980-21)
6539516 applications compiled with -lldap on Solaris 8 core dump on Solaris 9-10 releases
(from 114980-20)
6599099 fix for 4383387 should reuse existing memory
6599950 print localhost checking should be shared
(from 114980-19)
6297318 orphan dfA files found on cascading SUN print host
(from 114980-18)
5065608 cascading is broken with latest Solaris printing patch
(from 114980-17)
6314243 lpsched should sanity-check request files
6314245 racy chown/chmod in lpsched
(from 114980-16)
6289134 lp subsystem remote file removal issue
(from 114980-15)
6208058 in.lpd failed to print files when umask is set to 077
(from 114980-14)
4997994 lp cannot read/print file in NFS-mounted directory
5060450 lp/printd: net_send_file() does not munmap() buffer for data file
5064120 ERROR: "/dev/cua/a" is symlink that points to file with different owner
6186040 redundant check in lpadmin for device owner
(from 114980-13)
5043034 large print jobs timeout on network printers and are continually rescheduled
(from 114980-12)
Special patch install instructions replaces the need for a
reconfiguration immediately after patch installation.
(from 114980-11)
4986866 lpmove incorrectly reports usage error for remote print jobs
(from 114980-10)
Uprev'ed patch due to missing package SUNWpsr - see bug 5045047.
(from 114980-09)
4530499 invalid syslog message when printer does not exist
4593031 receive NullPointerExceptions when selecting menu options quickly
4626542 lpshut ignores that it can't get lock on FIFO and just continues to loop
4635978 in.lpd turns into a fork()/exec() bomb
4640976 client: generation of copyright file is dodgy
4652453 incorrect messaging in lp.cat
4687458 lpmove dumps core when malloc call returns NULL
4687483 netpr dumps core when malloc calls fail
4704146 lpforms: potential race condition creating temporary file
4704153 potential buffer overrun in in.lpd
4704157 lpadmin: bad use of gets()
4704303 lpsched: use of cftime() is dangerous
4704376 usr/src/cmd/lp/filter/postscript/common/misc.c error() should be varargs
4704377 usr/src/cmd/lp/filter/postscript/postcomm/postcomm.c error() should be varargs
4704786 lpsched: potential buffer overruns
4704793 lpsched: racy stat()
4704798 lpc: potential buffer overruns
4704921 lp: creates temporary files with fopen()
4704926 lp: potential buffer overruns
4705611 libprint: bsd_addr_create() should check result of malloc()
4705626 libprint: ns_cmn_kvp.c has memory issues
4705635 libprint: ns_printer_create() may not initialize memory
4705663 libprint: nss_ldap.c: unsafe use of strncpy()
4705665 libprint: nss_ldap.c: memory may not be initialized
4705910 libprint: job.c: makes unsafe use of open(O_CREAT)
4705915 libprint: job.c: doesn't check *alloc() results
4705933 libprint: misc.c: unsafe use of cftime()
4705937 libprint: misc.c: unchecked *alloc() result
4705943 cancel: unchecked memory allocation
4705950 usr/src/cmd/lp/model/netpr/misc.c vsprintf to fixed buffer
4705957 lpstat: extraneous chdir, unchecked *alloc()
4705959 lpset: uncheck *alloc() returns
4705977 lp: calls tempnam()
4706351 lpadmin: no warning when creating printer on user-owned symlink
4734301 lp system fails POSIX VSC tests
4751570 lpc generates core dump in Solaris 8 2/02
4761791 default timeout in netpr should be initialized
4775108 lp error when file is NFS-mounted and containing directory is 700
4809082 lpsched: R_INQUIRE_REQUEST_RANK does not include requests submitted to classes
4819203 Solaris printmgr generates warning with compile with javac 1.4.2
4930119 network printer timeout does not reset on fault clearance
4940032 Solaris should support IPP clients (LSARC/2001/259)
4981362 Java 1.5 and printmgr problems
5025203 Solaris printing needs RIP functionality (on)
(from 114980-08)
Respin due to missing binary.
(from 114980-07)
4915855 printmgr cannot admin print queues stored in an LDAP nameservice
(from 114980-06)
4809690 submitted print jobs don't seem to disappear after printing
(from 114980-05)
4697460 hanging printd should not block all printjobs to remote
(from 114980-04)
4927784 special patch needed for BugId's 4902916 and 4648825
(from 114980-03)
4925015 pullback of bugfix 4648825 took fixes 4761753 4714952 4705911 4705899 4704812 with it
(from 114980-02)
4648825 Printer Management profile in exec_attr file is ineffective
4704812 lpstat: cftime() is deprecated in favor of strftime()
4705899 libprint: nss_write.c uses fopen() to create temp file
4705911 lib/print/job.c: makes unsafe use of access()
4714952 bsd-gw gives "dfAnnnhostname file exists" from a previous job
4761753 filedescriptor "fd" is not closed in job_retrieve()
(from 114980-01)
4704824 lpstat: potential buffer overrun
(from 115883-01)
4902916 cancel cmd does not work well with RBAC Printer Management
(from 116240-01)
4705948 conv_fix: unsafe use of fopen()
4705947 conv_fix: should use strlcat
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: To get the complete Hardware Acceleration for IKE feature, please
also install the following patch:
114436-01 (or greater) config.sample
NOTE 2: To get the complete Hardware Key Storage for IKE and IKE for IPV6
feature, please also install the following patches:
114337-08 (or greater) ip patch
114978-01 (or greater) ipsecah Patch
NOTE 3: To get the complete fix for BugId 6539516 (applications compiled
with -lldap on Solaris 8 core dump on Solaris 9-10 releases),
please also install the following patch:
114242-47 (or greater) ldap library patch
NOTE 4: To get the complete fix for BugId 6750206 (dtlogin core dumps
on Solaris 9 with 112960-62 or 112960-63 patches), please also
install the following patch:
114242-50 (or greater) ldap library patch
NOTE 5: To get the complete multi-terabyte feature, please also install the
following patches:
114431-01 (or greater) sd & ssd patch
114420-01 (or greater) libuuid patch
114421-01 (or greater) libadm.so.1 patch
113999-01 (or greater) devfsadm patch
114422-01 (or greater) fmthard patch
114424-01 (or greater) prtvtoc patch
README -- Last modified date: Saturday, November 10, 2012