Patch-ID# 120879-08
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: sun ray update patch security
Synopsis: Sun Ray Core Services version 3.1 Patch Update
Date: Nov/26/2008
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 8 9 10
SunOS Release: 5.8 5.9 5.10
Unbundled Product: Sun Ray Core Services
Unbundled Release: 3.1
Xref: This patch available for Solaris 10 x86 as 120880-08 This patch available for Linux as 120881-08
Topic:
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6659871 6616994 6542450 6587900 6641754 6583348 6636671 6655178 6667384 6694424 6730748 6737449 6645932
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/etc/init.d/utacleanup
/etc/opt/SUNWut/register.start
/etc/opt/SUNWut/smartcard/Belgian-eID.cfg
/etc/opt/SUNWut/smartcard/Cryptoflex.cfg
/etc/opt/SUNWut/smartcard/DatakeyModel330SafeNet.cfg
/etc/opt/SUNWut/smartcard/FCU.cfg
/etc/opt/SUNWut/smartcard/GD-STARCOS.cfg
/etc/opt/SUNWut/smartcard/GEMPLUS-GPK.cfg
/etc/opt/SUNWut/smartcard/GemXpresso.cfg
/etc/opt/SUNWut/smartcard/InCard.cfg
/etc/opt/SUNWut/smartcard/JCOP21id.cfg
/etc/opt/SUNWut/smartcard/MondexMM2.cfg
/etc/opt/SUNWut/smartcard/ORGA-Micardo.cfg
/etc/opt/SUNWut/smartcard/probe_order.conf
/etc/opt/SUNWut/waitforprimary.start
/etc/rc0.d/K51utacleanup
/etc/rc1.d/K51utacleanup
/etc/rc2.d/S51utacleanup
/etc/rcS.d/K51utacleanup
/opt/SUNWut/bin/utaudio
/opt/SUNWut/bin/utdiskadm
/opt/SUNWut/bin/utxconfig
/opt/SUNWut/bin/utxlock
/opt/SUNWut/cgi-bin/admincgi
/opt/SUNWut/cgi-bin/desktop
/opt/SUNWut/cgi-bin/user
/opt/SUNWut/etc/template/ldap/utdsd.acl.conf
/opt/SUNWut/kiosk/prototypes/dtsession/.dt/sessions/home.old/dt.resources
/opt/SUNWut/kiosk/prototypes/dtsession/.dt/sessions/home/dt.resources
/opt/SUNWut/lib/dhcp/edhcp/utdhcpnet
/opt/SUNWut/lib/firmware/CoronaP1
/opt/SUNWut/lib/firmware/CoronaP2
/opt/SUNWut/lib/firmware/CoronaP3
/opt/SUNWut/lib/firmware/CoronaP4
/opt/SUNWut/lib/firmware/CoronaP5
/opt/SUNWut/lib/firmware/CoronaP6
/opt/SUNWut/lib/firmware/CoronaP7
/opt/SUNWut/lib/firmware/CoronaP8
/opt/SUNWut/lib/guloginGUI
/opt/SUNWut/lib/libsimpleRun.so
/opt/SUNWut/lib/libut.so.1
/opt/SUNWut/lib/libutadmin.so.1
/opt/SUNWut/lib/libutcrypto.so
/opt/SUNWut/lib/libutgrpmgr.so
/opt/SUNWut/lib/libutinfo.so.1
/opt/SUNWut/lib/libutjadmin.so
/opt/SUNWut/lib/libutmedia.so.1
/opt/SUNWut/lib/libutoscompat.so.1
/opt/SUNWut/lib/libutsession.so.1
/opt/SUNWut/lib/libutsmon.so.1
/opt/SUNWut/lib/nscloginGUI
/opt/SUNWut/lib/pam_sunray.so.1
/opt/SUNWut/lib/pam_sunray_amgh.so.1
/opt/SUNWut/lib/register.jar
/opt/SUNWut/lib/scloginGUI
/opt/SUNWut/lib/settings.jar
/opt/SUNWut/lib/sunray_get_user.so.1
/opt/SUNWut/lib/utauthd
/opt/SUNWut/lib/utauthd.jar
/opt/SUNWut/lib/utcleanlaunch
/opt/SUNWut/lib/utdevctl
/opt/SUNWut/lib/utdevmgrd
/opt/SUNWut/lib/utdsupdate
/opt/SUNWut/lib/utgenpam
/opt/SUNWut/lib/utgenpolicy
/opt/SUNWut/lib/utglpolicy
/opt/SUNWut/lib/utguiauth
/opt/SUNWut/lib/utguiauth.jar
/opt/SUNWut/lib/utils.jar
/opt/SUNWut/lib/utpamcfg
/opt/SUNWut/lib/utseriald
/opt/SUNWut/lib/yuvfile
/opt/SUNWut/sbin/utconfig
/opt/SUNWut/sbin/utdesktop
/opt/SUNWut/sbin/utlicenseadm
/opt/SUNWut/sbin/utmhadm
/opt/SUNWut/sbin/utquery
/opt/SUNWut/sbin/utreader
/opt/SUNWut/sbin/utreplica
/opt/SUNWut/sbin/utresdef
/opt/SUNWut/sbin/utuser
/opt/SUNWut/share/man/man1m/utlicenseadm.1m
/opt/SUNWut/share/man/man1m/utreader.1m
/usr/openwin/server/modules/ddxSUNWsunray.so.1
Problem Description:
6659871 access restrictions need improvements
6616994 LDAP password exposed during configuration using utconfig
6542450 Sun Ray DTU responds to ping even if IP address is incorrect
6587900 Oberthur (SIEBEL) cards not recognised by Sun Ray P8 units when smartcards added to SRDS
6641754 Sun Ray 2/2FS/270 smart card readers sometimes drop bytes at bauds greater than 9600
6583348 Sun Ray: Apple Mighty Mouse vertical scroll not functioning properly
6636671 if Sun Ray terminal gets TFTPsrvN (option 66) it should try sunray-config-servers if this fails
6655178 Smartcard Philips SmartMX doesn't work anymore in SRSS4.0
6667384 2FS doesn't receive second monitor utresadm override if DDC failed on second monitor
6694424 Unitech barcode reader fails to work with Sun Ray
6730748 Sun Ray DTU can't resolve hostnames
6737449 SYN|ACK retry during TCP passive open is broken
6645932 CDE kiosk sessions gives CDE pop-up message with CDE patch 11928{0|1}-14
(from 120879-07)
6512434 DTU hangs/choppiness seen when using PCSC and SRWC 1.1_15 with smartcard
PKI certs and ActivCard
6356963 utseriald sometimes denies access to device
6531336 utseriald crashes in ut_svc_cmd_detach - dprintf_level
6321047 reset of YUV sessions after 30 seconds can result in GNC/26D
6522301 unable to set multicast address for Sun Ray utauthd on x86
6476242 Group Manager should ignore interfaces that are not running
6532811 utdevmgrd logs warning message for every minute in /var/adm/messages
file in one scenario
6568443 Oberthur 5.2 cards do not work on Sun Rays
6571384 Device Manager can be spoofed
6573728 sometimes xlock screen comes when smartcard session hotdesked
6605645 SRSS 4.0 network bandwidth is much higher than 3.1.1
6610233 Sun Ray firmware problem with 2048-bit key
6592372 channels switch when playing audio on SR2FS and SR2 DTUs
6596045 audio record not working on 4.0 b48 on Sun Ray 2 family
6573093 1400x1050 res doesn't work if native panel resolution
(from 120879-06)
6482250 MTU received through DHCPINFORM request is not taking effect
6502096 need support for Starcos SPK2.4 family of cards
6489577 null pointer dereference in UpdateArpTable
6455350 /tmp/SUNWut/units/ term fails to propagate throughout FOG
6519512 Type 7 keyboard/hub freezes/stops working with Sun Ray DTUs
6500512 SR2 (P8) DTU fails RDP PIN login when using Starcos SPK 2.3 and 2.4 smart cards
6480801 encrypted connections fail with SRSS 3.1 on Nevada build = 38
6454344 utresdef fails with "res=*: Undefined error code" after local timing defined
6499940 Firmware should not do Get Response processing for scbus APDUs
6451202 hardware flow control broken in Edgeport adapters with TI chip
6464686 Quatech serial driver flushes pending output on close()
4826729 unable to self-register using PAM
6483721 waitforprimary.start immediately respawns yuvfile in a hard loop
6483716 utbind is inefficient (utsession socket)
6290476 utdiskadm can be confused by disabling utmp
6437813 Edgeport/22c device is not recognized by SRSS
(from 120879-05)
6382740 Sun Ray 170 can get stuck sending exchangeAPDU to certain OpenPlatform-like
SmartCards, causing 26D
6459224 utreader allows only eight token readers, customer wants more
5025790 utreader output with options -c, -d is not giving meaning as said in usage
6457072 support on Sun Ray for smartcard operations with 2048 bit keys
6443568 some USB 2.0 hubs don't appear to work when attached to Sun Ray
6306412 KDE display is corrupt under numerous and quick graphic changes
6422934 utquery can fail to collect and report responses
6437329 utauthd crash in GroupManager.whichServer
6355343 utuser -r causes all DTUs in FOG to alternate between the "X" and "100F ...
6465742 need support for Starcos SPK23 family of cards
6468437 support for Incrypto smart cards
6457990 sometimes SR270, Sun Ray 2 and Sun Ray 2FS hang when Authenticated Smart Cards used
6446288 Mouse pointer "floats" and/or doesn't reach title bar when in full screen mode
on MS windows
6471000 sessions with very long tokens are not redirected correctly
6446769 balance adjustments affect mono speaker volume on 270
6428572 provide firmware support for new Sun Ray 2, Sun Ray 2fs, Sun Ray 270 units
6482453 Firmware panics on NULL value for redirectProps key
(from 120879-04)
6418906 sunray_get_user:isValidUsername logs too much information to syslog - security
6424125 AMGH is inefficient when SunRay is already in local FOG
6427681 AMGH can cause "rolling redirects" within a FOG
6413607 utdevctl fails on new firmware
6412036 utsettings can fail when run against some Sun Ray 2 firmware builds
6338019 Sun Ray needs to distinguish between Sun Type 6 Japanese keyboard and other
Japanese keyboards
6421484 SunRay smartcard driver masks odd INS bytes
6438243 Mondex MM2 cards are not recognized
6430465 Admin Password cannot be changed from Admin GUI
6426377 utgenpolicy SPOF - attempts to update primary DS, which can block authd startup
(from 120879-03)
6376242 utauthd core dumps on Solaris 8 (also duplicate utauthd processes on running systems)
6380565 3rd party license readme distribution update
(from 120879-02)
6383912 utxconfig constrains X desktop dimensions to unreasonably low values
6351087 Regression: Xsun spins in Sun Ray DDX
6327741 pam.conf not updated correctly causing login problems
6393502 Sun Ray firmware needs to report smartcard ATR history length as well
6385918 SRSS needs to support Belgian eID smartcard
6397106 GemPlus GPK16000 cards and newer JCOP21 cards need to be supported
6331518 Sun Ray Server Software (SRSS) should support GEM+/GEM Expresso (64V2N) smartcards
6398942 TCP connections can fail when initialization sequence is irregular
6348306 add tool to administer licenses
6399779 sometimes uttsc core dumps while hotdesking
6342142 SunRay NSCM greeter not working with LDAP (naming services) password management
6375196 libutmedia only does 15 fps with SunRay 2
(from 120879-01)
6319180 utxconfig is insufficently paranoid
6238984 utseriald dumps core after resetting DTU connected with serial adapter
6328992 utauthd eats 2 file descriptors when a fork fails
6325171 ndbm database corruption causes utdesktop and authd to core dump
6316937 DTU hangs and power cycles when trying to send data using loopback cables with
SR 170 embedded ports
6311482 restart of Sun Ray services from Admin GUI using netscape7 not working as expected
6346040 update smartcard config files to work with new versions of cards
5060424 DTUs not getting configured MTU from LAN Sunray Server
6254552 ISO 7816-4 Case 1 APDU problem
6330608 2 authd's running on same box, (parent and child) causing authd to hang
and all DTUs get 26 error
6354786 restart not working from Admin GUI after patch installation
6344009 Alt-tab doesn't work after upgrade Sunray SW from 3.0 to 3.1
6344241 after upgrading from SRSS 3.0 to 3.1, Num Lock and Shift keys don't work via IOGear KVM
6330414 admin has no permission to create new branch at top level in Datastore
6337859 utadm -A or -a does not always work
Detailed Installation Steps
---------------------------
1. Suppress firmware downloads
If the server being patched is not a member of a Sun Ray
failover group you should skip this step.
If the server being patched is a member of a Sun Ray failover
group then this step is optional but is strongly recommended.
At Patch Installation
---------------------
Before adding this patch to servers configured into a Sun
Ray failover group we advise that you disable Sun Ray
firmware delivery from all unpatched hosts in the failover
group. On each host in the group:
For dedicated network interconnects:
$ /opt/SUNWut/sbin/utfwadm -D -a -n all
For shared subnetwork interconnects:
$ /opt/SUNWut/sbin/utfwadm -D -a -N all
Do this only one time, before adding this patch to any
server in the group.
The purpose of this step is to prevent unpatched servers
from offering old firmware to Sun Ray appliances.
At Patch Removal
----------------
Before removing this patch from servers configured into a
Sun Ray failover group we advise that you disable firmware
delivery from any hosts in the failover group that have
this patch installed. On each already-patched host in the
group:
For dedicated network interconnects:
$ /opt/SUNWut/sbin/utfwadm -D -a -n all
For shared subnetwork interconnects:
$ /opt/SUNWut/sbin/utfwadm -D -a -N all
Do this only one time, before removing this patch from any
of the already-patched servers in the group.
The purpose of this step is to prevent already-patched
servers from offering new firmware to Sun Ray appliances.
If this patch is being removed from a Sun Ray failover group
then omitting this step may result in increased restart
times for your Sun Ray appliances. (A mixture of patched
and unpatched servers advertising conflicting firmware
versions may cause the appliance to download new firmware
each time it restarts. The appliance automatically
restarts itself after downloading fresh firmware so its
overall restart cycle is longer in that case. The
appliance may restart itself several times before
establishing or reconnecting to a session.) The Sun Ray
restart time will return to normal once the patch has been
removed from all servers in the failover group.
2. Stopping Sun Ray services and login sessions
Before the addition or removal of this patch to a Sun Ray server
all users should be logged out of their Sun Ray sessions.
Stop the Sun Ray services using the following commands:
$ /etc/init.d/utstorage stop
$ /etc/init.d/utsvc stop
These commands will terminate any Sun Ray sessions that were not
already logged out.
Next, use the instructions outlined below in the section
"Patch Installation Instructions" for the addition or removal
of this patch.
3. Rebooting the Sun Ray server
The Sun Ray server must be rebooted after the addition or removal
of the patch.
4. Enable firmware downloads via DHCP
After the addition or removal of this patch on all Sun Ray
servers in a failover group, enable firmware downloads
using one of the following methods:
1) If all Sun Ray servers in the failover group provide
firmware downloads run this command on one of the servers:
$ /opt/SUNWut/sbin/utfwsync
After which the Sun Ray DTU's will reboot themselves and load
the new firmware.
2) If only some of the Sun Ray servers in the failover group provide
firmware downloads to the DTU's, run the following command
on the servers that do provide firmware:
For dedicated network interconnects:
$ /opt/SUNWut/sbin/utfwadm -A -a -n all
For shared subnetwork interconnects:
$ /opt/SUNWut/sbin/utfwadm -A -a -N all
Then restart services on all servers in the failover group by
executing the following command on a server in the group:
$ /opt/SUNWut/sbin/utfwsync -d
3) Upgrading firmware via the config parameter (.parms) file
Before the patch is applied use
$ /opt/SUNWut/sbin/utfwadm -D -a -V
After the patch is applied use
$ /opt/SUNWut/sbin/utfwadm -A -a -V
Note: After utfwsync is run on Trusted Solaris 8 Sun Ray servers
DHCP will need to be restarted if the Sun Ray servers are also
providing DHCP services as follows:
$ /etc/init.d/dhcp stop
$ /etc/init.d/dhcp start
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/<patchid-rev>
The following example removes a patch from a standalone system:
example# patchrm <patchid-rev>
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: For Solaris 10, install latest Recommended Patch Cluster.
In particular latest revision of Patch 119254 needs to be installed.
NOTE 2: patchadd may give some messages while installing on a system
with zones. To suppress these messages "-G" option can be used.
example# patchadd -G /var/spool/patch/<patchid-rev>
NOTE 3: Details on the new OSD icons can be found in the Administration Guide.
http://docs.sun.com/source/820-0411/t-s.html#50429990_81747
NOTE 4: Details on the new firmware short cut keys can be found in the
Administration guide.
Available options are: Stop/Ctrl-Pause A, N, V, Left Arrow,
Right Arrow, Down Arrow.
http://docs.sun.com/source/820-0411/new_nw_config.html#50429978_23638
NOTE 5: This patch is for the Sun Ray Core Services 3.1 component
that is part of Sun Ray Server Software 3.1.
NOTE 6: This SRSS patch does not support Live Upgrade. Please do not
install this patch via Live Upgrade.
NOTE 7: Some third party terms were not included in the original
version of Sun Ray Server Software 3.1 THIRDPARTYLICENSEREADME.html.
This patch includes a new THIRDPARTYLICENSEREADME.html that
contains all the terms.
NOTE 8: If you use Control Access Mode (CAM) please install latest
revision of patch 121171
NOTE 9: The DTU firmware delivered in this patch has the following version
identification string
4.0_127553-04_2008.08.26.14.53
NOTE 10: Some new strings have been added to the Self-Registration GUI,
but localized strings are not delivered in this patch.
NOTE 11: A new PAM service 'utselfreg' has been introduced in this patch
for use with the Self-Registration GUI. You may add or edit this
service configuration to configure the authentication behavior of
the GUI using standard PAM service modules supplied with Solaris.
See the the pam.conf man page for further details.
NOTE 12: The DTU firmware delivered in this patch has an increased
downgrade "barrier" of '321' to prevent accidental downgrades to
firmware from earlier releases. If you wish to revert a unit
back to an earlier release of firmware after upgrading to this
version of firmware, please see the Admin Guide for information
on overriding the barrier/barrierLevel mechanism.
Required Patches
----------------
Warnings & Errors
-----------------
** WARNING: This patch should only be applied to systems which have
Sun Ray Server Software 3.1 fully installed.
Do not attempt to add this patch to the UFS image to be
applied as part of the install process.
** WARNING: This patch redelivers the
/etc/opt/SUNWut/smartcard/probe_order.conf file.
If you have modified this file, the changes will be lost, and
you will need to make the same changes to the new copy.
** WARNING: After the patch is uninstalled on a SRSS configured system,
the following command needs to be run:
chgrp utadmin /etc/opt/SUNWut/smartcard/probe_order.conf
** WARNING: If pam_ldap.so is used along with password management,
some messages generated during login will not be localized.
** WARNING: After installation of this patch in Trusted Solaris,
for users to login using NSCM after reboot, a user with
Enable Logins authorization should first login to the
system to enable logins.
** WARNING: As part of this patch installation, it will update
the Sun Ray PAM entries in the pam.conf file. This means
that your existing Sun Ray configuration in the pam.conf file
will be overwritten. If you have made some Sun Ray customization
for your site, you may want to save a copy of the current
pam.conf file before you install this patch so that you can
manually merge your changes back into the pam.conf file.
README -- Last modified date: Saturday, November 10, 2012