Patch-ID# 118979-04

6616994 LDAP password exposed during configuration using utconfig
6542450 Sun Ray DTU responds to ping even if IP address is incorrect
6587900 Oberthur (SIEBEL) cards not recognized by Sun Ray P8 units when smartcards are added to SRDS
6641754 Sun Ray 2/2FS/270 smart card readers sometimes drop bytes at bauds greater than 9600
6583348 Sun Ray: Apple Mighty Mouse vertical scroll not functioning properly
6636671 if Sun Ray terminal gets TFTPsrvN (option 66) it should try sunray-config-servers if this fails
6655178 Smartcard Philips SmartMX doesn't work anymore in SRSS4.0
6677259 Finnish ID card not recognized on Sun Ray 2 on SRSS 4.0 (but is on Sun Ray 270)
6667384 2FS doesn't receive second monitor utresadm override if DDC failed on second monitor
6694424 Unitech barcode reader fails to work with Sun Ray
6730748 Sun Ray DTU can't resolve hostnames
6737449 SYN|ACK retry during TCP passive open is broken
 
(from 118979-03)
 
6457990 sometimes SR270, Sun Ray 2 and Sun Ray 2FS hang when Authenticated Smart Cards used
6512434 DTU hang/choppiness seen when using PCSC and SRWC 1.1_15 with smartcard PKI certs and ActivCard
6500512 SR2 (P8) DTU fails RDP PIN login when using Starcos SPK 2.3 and 2.4 smart cards
6316937 DTU hangs and power cycles when trying to send data using loopback cables 
        with SR 170 embedded ports
5060424 DTUs not getting configured MTU from LAN Sunray Server
6393502 Sun Ray firmware needs to report smartcard ATR history length as well
6398942 TCP connections can fail when initialization sequence is irregular
6382740 Sun Ray 170 can get stuck sending exchangeAPDU to certain OpenPlatform-like smartcards, causing 26D
6446288 mouse pointer "floats" and/or doesn't reach title bar when in full screen mode on MS windows
6446769 balance adjustments affect mono speaker volume on 270
6428572 provide firmware support for new Sun Ray 2, Sun Ray 2fs, Sun Ray 270 units
6482453 firmware panics on NULL value for redirectProps key
6443568 some USB 2.0 hubs don't appear to work when attached to Sun Ray
6457072 support on Sun Ray for smartcard operations with 2048-bit keys
6421484 Sun Ray smartcard driver masks odd INS bytes
6519512 Type 7 keyboard/hub freezes/stops working with Sun Ray DTUs
6482250 MTU received through DHCPINFORM request not taking effect
6489577 null pointer dereference in UpdateArpTable
6499940 firmware should not do Get Response processing for scbus APDUs
6418906 sunray_get_user:isValidUsername logs too much information to syslog - security
6412036 utsettings can fail when run against some Sun Ray 2 firmware builds
6306412 KDE display is corrupt under numerous and quick graphic changes
6571384 Device Manager can be spoofed
6592372 channels switch when playing audio on SR2FS and SR2 DTUs
6596045 audio record not working on 4.0 b48 on Sun Ray 2 family
6573093 1400x1050 res doesn't work if native panel resolution
6610233 Sun Ray firmware problem with 2048bit key
6568443 Oberthur 5.2 cards do not work on Sun Rays
6623818 firmware load prevented by barrier on new SR270 DTUs
6438243 Mondex MM2 cards are not recognized
6373741 changing probe order after applying SRSS3.1_Patch generates Internal error
6342142 Sun Ray NSCM greeter not working with LDAP (naming services) password management
6648109 SRSS 3.0_patch build 14 doesn't update all utacleanup links
 
(from 118979-02)
 
6319180 utxconfig is insufficently paranoid
6238984 utseriald dumps core after resetting DTU connected with serial adapter
6263842 session is stuck at grey screen sometimes
6266420 SRSS 3.0 USB printing don't work on Solaris 9 (9/04) and JavaDS 2 (utparalleld problem?)
6278092 Sun Ray doesn't print with HP Laserjet 1320 attached via USB to the Sun Ray
6275880 utfwadm fails on non-English locales with "Error: Improper firmware file"
6259230 new Quatech SSU-100 devices (P/N 990-0044-01D) don't work on Sun Rays
6296978 horizontal dotted lines displayed as solid lines on FrameMaker 7.1 with SRSS 3.0
6325171 ndbm database corruption causes utdesktop and authd to core dump
6346040 update smartcard config files to work with new versions of cards
4950642 Sun Ray web GUI should reduce volume of logfile output
6300477 unlocalized messages for "Add user" in AdminGUI
6309587 error message page observed during add user of Admin GUI using token reader
6309589 blank page is observed when deleting/updating user from Admin GUI
6309580 trying to restart services from Admin GUI gives error
6310241 viewing added smartcards through "view" link of Admin GUI gives error page
6310253 error page displayed when tried to view multihead group from Admin GUI
6310254 View by server gives error page from Admin GUI in a HA group
6311482 restart of Sun Ray services from Admin GUI using netscape7 not working as expected
4818663 utxlock should not be enabled for CAM sessions
6296051 some filesystems on Sun Ray disks are mounted with setuid enabled
 
(from 118979-01)
 
6218260 Scroll wheel on Genius NetScroll and PowerScroll mice is not recognized
6213562 Scroll wheel on Logitech M-BJ58 mouse is not recognized
6226501 Scroll wheel on Logitech M-BT85 Click! optical wheel mice is not recognized
6228580 Scroll wheel on Fujitsu PID==0x1001 mouse is not recognized
6199882 DTU rx buffer management deadlocks if input queue grows too large
6203630 USB printing fails with some USB printers
6212211 SunRay position of mouse pointer is random on Xinerama displays
6190711 mouse cursor lost in Xinerama when video played in enlarged realplayer
5092486 mouse pointer tracking not stable under stress in multihead
6223797 setting router equal to Sun Ray's IP address should invoke proxy ARP
6203451 utwho/utfwload fail in en_US.ISO8859-1 locale because final join doesn't work
6240497 SRSS 3.0 firmware ignores DHCP option 49 when DHCP_INFORM is not received
6230062 Sun Ray 170 should support multiple resolutions
6225835 yuv transformation underflows on black pixels
6242160 Xsun's footprint quickly soars to over 2GB when Cadence on sunray used, then it crashes
6253785 T=1 smartcard works on first insertion but not again unless DTU is power cycled or Ctrl+Moon
6211438 utselecting with SRSS 3.0, target system loses control of keyboard and sometimes mouse
6245587 utcard for not being able to remove partially configured card
6189847 with "pam_sunray.so" in PAM stack kerberos credential generation fails
6205407 system panics when utdisk module unloaded after utdiskctl module is unloaded
6207996 mass storage kernel drivers incorrectly assume that attach(9E) occurs before open(9E)
6230157 utstorage message queue handling is broken

-------------------------------- 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
        example# patchadd /var/spool/patch/<patchid-rev>
 
The following example removes a patch from a standalone system:
 
        example# patchrm <patchid-rev>
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.

----------------------------- 
 
NOTE 1:  This patch is for the Sun Ray Core Services 3.0 component that is
         part of Sun Ray Server Software 3.0.
 
NOTE 2:  This SRSS patch does not support Live Upgrade.  Please do not
         install this patch via live upgrade.
 
NOTE 3:  The DTU firmware delivered in this patch has the following version
         identification string
 
         4.0_127553-04_2008.08.26.14.53
 
NOTE 4:  Details on new OSD icons can be found in the Administration Guide.
         http://docs.sun.com/source/820-0411/t-s.html#50429990_81747
 
NOTE 5:  Details on the new firmware short cut keys can be found in the
         Administration guide.
 
         Available options are: Stop/Ctrl-Pause A, N, V, Left Arrow, 
         Right Arrow, Down Arrow.
 
         http://docs.sun.com/source/820-0411/new_nw_config.html#50450458_40017
 
NOTE 6:  The DTU firmware delivered in this patch has an increased downgrade
         "barrier" of '321' to prevent accidental downgrades to firmware from
         earlier releases.  If you wish to revert a unit back to an earlier
         release of firmware after upgrading to this version of firmware,
         please see the Admin Guide for information on overriding the
         barrier/barrierLevel mechanism.
 
NOTE 7:  If you use Control Access Mode (CAM) please install latest revision 
         of patch 121366.
 
NOTE 8:  A new step has been added to "Detailed Steps" below for
         pam_ldap.so users.
 
 
Warnings & Errors
-----------------
** WARNING: This patch should only be applied to systems which have
	    Sun Ray Server Software 3.0 fully installed.  Do not attempt
	    to add this patch to the UFS image to be applied as part of
	    the install process.
 
** WARNING: If pam_ldap.so is used along with password management,
	    some messages generated during login may not be localized.
 
** WARNING: This patch redelivers the
	    /etc/opt/SUNWut/smartcard/probe_order.conf file.
	    If you have modified this file, the changes will be lost, and
	    you will need to make the same changes to the new copy.
 
** WARNING: After the patch is uninstalled on a SRSS configured system, the
	    following command needs to be run:
	    chgrp utadmin /etc/opt/SUNWut/smartcard/probe_order.conf
 
** WARNING: After installation of this patch in Trusted Solaris,
	    for users to login using NSCM after reboot, a user with
	    Enable Logins authorization should first login to the
	    system to enable logins.
 
Detailed Steps
--------------
 
1. Suppress firmware downloads
 
	If the server being patched is not a member of a Sun Ray
	failover group you should skip this step.
 
	If the server being patched is a member of a Sun Ray failover
	group then this step is optional but is strongly recommended.
 
	At Patch Installation
	---------------------
 
	    Before adding this patch to servers configured into a Sun
	    Ray failover group we advise that you disable Sun Ray
	    firmware delivery from all unpatched hosts in the failover
	    group.  On each host in the group:
 
		For each of the dedicated network interconnects:
 
		    $ /opt/SUNWut/sbin/utfwadm -a -D -n all
 
		For each of the shared subnetwork interconnects:
 
		    $ /opt/SUNWut/sbin/utfwadm -a -D -N all
 
	    Do this only one time, before adding this patch to any
	    server in the group.
 
	    The purpose of this step is to prevent unpatched servers
	    from offering old firmware to Sun Ray appliances.
 
	At Patch Removal
	----------------
 
	    Before removing this patch from servers configured into a
	    Sun Ray failover group we advise that you disable firmware
	    delivery from any hosts in the failover group that have
	    this patch installed.  On each already-patched host in the
	    group:
 
		For each of the dedicated network interconnects:
 
		    $ /opt/SUNWut/sbin/utfwadm -a -D -n all
 
		For each of the shared subnetwork interconnects:
 
		    $ /opt/SUNWut/sbin/utfwadm -a -D -N all
 
	    Do this only one time, before removing this patch from any
	    of the already-patched servers in the group.
 
	    The purpose of this step is to prevent already-patched
	    servers from offering new firmware to Sun Ray appliances.
 
	    If this patch is being removed from a Sun Ray failover group
	    then omitting this step may result in increased restart
	    times for your Sun Ray appliances.  (A mixture of patched
	    and unpatched servers advertising conflicting firmware
	    versions may cause the appliance to download new firmware
	    each time it restarts.  The appliance automatically
	    restarts itself after downloading fresh firmware so its
	    overall restart cycle is longer in that case.  The
	    appliance may restart itself several times before
	    establishing or reconnecting to a session.)  The Sun Ray
	    restart time will return to normal once the patch has been
	    removed from all servers in the failover group.
 
	    NOTE: On Patch Removal the SunRayP8 f/w needs to be removed 
	    manually from /tftpboot directory else the Sun Ray 2 units will 
	    continuously loop since the SunRayP8 f/w is not delivered in 
	    previous patches.
 
2. Stopping Sun Ray services and login sessions
 
	Before the addition or removal of this patch to a Sun Ray server
	all users should be logged out of their Sun Ray sessions.
 
	Stop the Sun Ray services using the following commands:
 
                $ /etc/init.d/utstorage stop
                $ /etc/init.d/utsvc stop
 
	These commands will terminate any Sun Ray sessions that were not
	already logged out.
 
	Next, use the instructions outlined above in the section
	"Patch Installation Instructions" for the addition or removal
	of this patch.
 
	If pam_ldap.so is used, then the following line should be
	added to /etc/pam.conf immediately before the first line
	beginning with "dtlogin-SunRay account":
 
	dtlogin-SunRay account sufficient /opt/SUNWut/lib/pam_sunray.so
 
3. Rebooting the Sun Ray server
 
	The Sun Ray server must be rebooted after the addition or removal
	of the patch.
 
4. Enable firmware downloads
 
	After the addition or removal of this patch on all Sun Ray
	servers in a failover group, enable firmware downloads
	using one of the following methods:
 
	1) If all Sun Ray server in the failover group provides firmware
	   downloads run this command on one of the servers:
 
		$ /opt/SUNWut/sbin/utfwsync
 
	   After which the Sun Ray DTU's will reboot themselves and load
	   the new firmware.
 
	2) If only some of the Sun Ray servers in the failover group provide
	   firmware downloads to the DTU's, run the following command
	   on the servers that do provide firmware:
 
	   For each in dedicated network interconnects:
 
		$ /opt/SUNWut/sbin/utfwadm -a -A -n all
 
	   For each in shared subnetwork interconnects:
 
		$ /opt/SUNWut/sbin/utfwadm -a -A -N all
 
	   Then restart services on all servers in the failover group by
	   executing the following command on a server in the group:
 
		$ /opt/SUNWut/sbin/utfwsync -d