OBSOLETE Patch-ID# 127112-11

6621380 issue in ip_rput_local_options
 
(from 127112-10)
 
6539184 aio_cleanup thread can spin forever when as_unmap called, and there is no outstanding aio
6548176 "CPUx failed to start" messages were displayed during system startup
6554813 possible deadlock when enabling/disabling soft rings
6615584 system panics in soft_ring_unbind() when unplumbing an interface
6619911 ha-nfs RG switch over failed: nfssys(NFS4_SVC_REQUEST_QUIESCE) failed: No such file or directory
6634002 possible memory leak in soft ring during unplumb operation
6636513 SIGFPE incorrectly delivered to process with masked Floating Point exceptions
6642234 msg_fnd_neg_snd() has infinite loop
 
(from 127112-09)
 
6331128 disp_getwork causing performance issues on lightly loaded systems
6493689 Jvm crash: curthread set by kernel incorrect
6565168 need support for disk LEDs on Sun Fire X4540 platform
6599537 xt_sync timeout panics when running SunVTS on Batoka
6611211 nxge driver changes needed for NEM10G
6613514 IP Instances removed SPD hash-size tuning from /etc/system
6616749 stronger IPsec algorithm existence checks needed
6621520 Batoka TLB/TSB page fault resolution takes large amount of time
6635774 death by hment_remove()
6638601 driver_aliases WARNING displayed after patchrm 127111-04 or 127111-05
6644829 change for 6611211 causes Huron to panic
 
(from 127112-08)
 
6339235 DISM may interact poorly with anon when failing to use large pages
6398097 panic in kcpc_unbind()
6398111 circular dependency between sys/thread.h and sys/kcpc.h
6400119 ifconfig unplumb hangs in certain scenarios
6492246 x64 cpu/mem topology/diagnosis should include FRU labels
6498936 TCP RST ignores IP_NEXTHOP for unexpected TCP data packets
6525121 rem_drv of nexus driver should not revert /devices permissions below
6526408 udp application hangs forever when using SO_SNDBUF with value 0 due to 
        QFULL flag never cleared
6542909 race condition between kcpc_restore() and kcpc_unbind()
6551509 modunload while port(nxge) is running, causes system panic
6572623 nxge_1.10: Many "nxge_syserr_intr: device error - ZCP" WARNINGS reported 
        when testing with MAXQ
6602323 new topo enumerator and map needed for T5440
6602575 process stuck in close() when closing TCP socket
6602806 need coherency diagnosis engine (DE) for T5440
6603165 copyright year needs updating to 2008 for S10u5
6610046 memory leak for branded processes in elfexec()
6611921 ifconfig hangs after "init s" when CGTP enabled
6612334 T5440 enhancements to CPU/Mem diagnosis
6612914 fix CVE-2007-5135 in OpenSSL
6623776 should not display maximum IPP ECC error message for port2 due to harmless HW defect
6623870 incorrect fault for mrau
6624293 should not call ddi_fm_service_impact if nxge not DDI_FM_EREPORT_CAPable
6624361 minor mem leak in libdevinfo:devfs_parse_binding_file
6625536 should not send SERVICE_UNAFFECTED ereport unless indicates possible loss of service later
6636324 kmdb should not use generic siron() after putback of bug 6540436
6648091 old mismerge in tcp_mss_set() s10 is latent bug, causes CR 6648090 to stall tcp transmit
 
(from 127112-07)
 
6388708 usba should add more strict check on device descriptors when parsing device's 
        configure desciptors
6410385 sctp exchanges with cipso headers in ipv6 packets fail
6479848 enhancements to linker support interface needed
6480294 panic in scsi_vhci while offlining LUN
6486273 bad mutex panic within find_tpc()
6494228 pclose() error when audit library calls popen() and main target being run under ldd
6521608 assertion failure in runtime linker related to auditing
6535669 TX ip forwarding does not account for label size when sending need to fragment
6541786 snoop -v does not convert mtu in icmpv6 packet too large to host endian
6541848 TX: ipv6 forwarding will attempt to send corrupted packets when removing cipso option
6554681 SCTP accept(3SOCKET) do not always set remote IP address when returning > 0
6562625 usba breaks device recognition procedure for faulty devices during dev descriptor 
        parsing - 6388708
6568745 segfault when using LD_DEBUG with bit_audit library when instrumenting mozilla
6573600 nxge reports ereport.io.device.intern_uncorr errors
6579256 nxge needs to support 1G Serdes and RGMII modes
6599061 jumbo frame enabled in nxge, incoming packet count not right for large pkts
6599105 jumbo does not work for packets larger than 8144 bytes when bcopy forced
6602294 ps_pbrandname breaks apps linked directly against librtld_db
6612821 npi_ipp_get_cs_err_count reads wrong IPP register
 
(from 127112-06)
 
4822287 Sun Ray servers, dotoprocs holds pidlock for inordinate amount of time
6428658 dotoprocs missing sanity checks leading to system panic
6455727 lighttpd cannot be killed upon hanging in sendfilev()
 
(from 127112-05)
 
6292092 callout should not be blocked by interrupts from executing realtime timeouts
6483747 clock-tick processing should re-include threads waiting for I/O
6492317 sometimes time stamps from gethrvtime are back in time
6540436 kpreempt() needs more reliable way to generate level1 intr
6556134 race between unlink() calls on a namefs node
6562292 race between drv_getparm and setpgrp leads to panic
6583303 segvn_fault_anonpages(F_SOFTLOCK) doesn't always properly softlock all faulted in page_t's
6584200 segvn_fault_anonpages() missing anon_array_exit() call in the error case
6617448 circular dependency exists between feature stream patch 127127-01 & KU 120011-14
6627976 127111-04/127112-04 unhealthy relationships with 125369-12/125370-05 causing patchadd fails
 
(from 127112-04)
 
6311428 exacct doesn't account for process's microstate data when it moves between tasks
6339802 support keygen operations by acceleration only providers
6371252 adding mac_start()'d link to an aggregation can end in panic
6394527 mdb unix module doesn't compile with NCPU > 64
6396445 enhance htraptrace to only allocate per-CPU buffers when needed
6409418 mdb -k ::httrace occasionally dumps core, runs forever, is incomplete
6410536 ::cpuset broken when NCPU <= bits-per-word
6437543 sun4v NCPU update to 256
6445808 increased sun4v NCPU slows Ontario vmstress runs
6455548 exacct can double-count an exiting process
6462780 softtoken keystore needs to store keys ECC objects
6462782 metaslot needs to generate token object from session object
6479998 CPU DR should not panic system on memory allocation failure
6489144 mi_rx_lock shouldn't be held across callbacks
6491129 psrinfo -pv doesn't report correct chip info on sun4v
6500850 nca causes system panic with specweb2005 workloads and sws
6501667 ncp/n2cp drivers should not assume static number of crypto units
6501793 GOTOP relocation transition (optimization) fails with offsets > 2^32
6502578 sun4v block store commit VIS emulation does not implement commit semantics
6513610 mstate_aggr_state() can double-count process's mstate if child is in fork()
6517033 ncalogd causes panic due to null pointer to logd
6517335 implement workaround for PLX 8548 Cut-Thru Cancellation with RO Errata
6519970 Niagara crypto providers should recognize T5140/T5240 specific device compatibility properties
6530592 Topo maps for T5140/T5240
6531673 ON support for UltraSPARC T2+ processor
6532872 incorrect fault name reported for store buffer
6532924 AMD64: Solaris 5.11 55b: SEGV after whocatches
6536478 anchored page retire for T5140/T5240
6536482 diagnose FBR and FBU errors to branch
6539545 support new UltraSPARC T2+ PIU errors
6539930 MPO for sun4v platforms
6545057 on T5140/T5240, diagnose mem UE as L2 cache data UE if C2C bit is set
6545604 enhance CPU/Mem DE to support T2plus
6545632 add US-T2plus support to CPU/Mem error injector
6551627 OGL: SIGSEGV when trying to use OpenGL pipeline with splash screen, Solaris/Nvidia only
6551884 add nxge driver support for T5140/T5240 platforms
6556056 DE should consume ereport.io.n2.pec.lwc
6558981 allow Errata 175 workaround to be fully enabled/disabled
6560113 nxge driver should send message to console & /var/adm/messages when onboard port0
        or 1 is disabled
6565934 dprov needs to support spi changes for non-keystore hardware generation and deriviation
6568476 IPsec Tx performance bottlenecked by only one nxge HW ring being used
6569931 enhance sun4v trapstat to support at least 256 CPUs
6574102 add extended family/model/stepping info to cpuid_pass1() for Intel processors
6576808 R_malloc can fail and result is not checked, possibly panicking
6577279 nl7c_logd_init causes kernel heap corruption when KMF_BUFTAG enabled
6583268 tmpfs tries too hard to reserve memory
6584901 nxge driver needs to use 8 MSI for 10GbE on SPARC by default for OOB performance
6590340 brand_sys_int80() could do more sanity checks
 
(from 127112-03)
 
4868863 recv() with MSG_PEEK does not return length of all data
6469395 page_retire blocks page_lock_es() and leads to system hang
6472192 panic in cv_wait when exiting a process
6479968 TCP connections over loopback misorder user data on squeue reentry
6507659 tsc differences between CPUs give dtrace_gethrtime() serious problems
6512188 IPMP creates broadcast routes with Maximum Fragment Size of 1536
6522339 performance enhancement with enhanced esballoc design
6592959 MSI-X interrupt limit override
 
(from 127112-02)
 
6208921 stack overflow under heavy load of IP loopback
6289186 _nfssys(NFS_SVC_REQUEST_QUIESCE) failed: No such file or directory
6294710 rctladm incorrectly claims and reports it can log to syslog for project.cpu-shares
6296903 invalid memory accesses clear other DTrace error bits
6309250 ipqosconf breaks bge interfaces on V210 (Solaris 10)
6348308 S10 AMD Opteron panic in lm_get_sysid_locked
6401917 panic while opening sctp connection
6415231 Galaxy 1 system panics with BAD TRAP (page fault) in "ohci" due to NULL pointer
6449436 msgsnd and msgrcv causing performance issues
6470189 data packets sent to lingering socket not discarded
6482459 add options to set IGMP and MLD version to be used on Join requests
6491350 auto mpss and kpr combo can make system crawl in case of fragmented memory
6505607 udp_connect is not zone-aware
6523456 DF (Do not Fragment) bit set on multicast packet
6525123 Solaris 10u3 panics/fails to boot (via SAN boot device) when mpxio disabled
6525871 sotpi_accept() does not set local address correctly in sonode when SS_DIRECT is off
6533773 tcp checksum 0xFFFF (-0) used instead of 0x0000 (+0) since Solaris 10
6535028 S10 lpsched can crash when printing to printer class
6542435 fix for CR 6505607 didn't take into account SO_ALLZONES
6546036 igmp and mld membership reports takes longer than Max Response Time
6554738 pollsys not woken up even after connection indication delivered to stream head
        on AF_UNIX socket
6559294 TCP slow path accept does not initialize all fields of sin6_t
6569424 is_opteron() needs to be updated to recognize AMD family 0x10 processors
6572760 rctladm -d all project.cpu-shares is broken
6577516 getsockname() on AF_UNIX returns all zeros in socket address structure
6577595 IP_BOUND_IF + broadcast traffic dereferences an uninitialized pointer
 
(from 127112-01)
 
4766208 alarm(2) does not work with arguments larger than 2^31/100 on Solaris 2.6 thru Nevada
6351793 sfmmu_mlist_enter recursive mutex_enter
6358047 sfmmu_mlist_enter() and hrm_init() deadlock
6386365 mdb hangs on single stepping instruction that causes bus error
6388077 audit_{start,finish} call zone_getspecific() every time which is expensive
6433438 truss -u doesn't deal properly with dlclose()
6466149 long ph_mutex[] holdtimes in page_hashout() mediated by vph_mutex holds in vpn_vplist_dirty
6500134 v_path construction can consume boundless amounts of memory
6510640 ISM pagefaults are very slow
6533743 deadlock involving file_t f_tlock and P_PR_LOCK in case of fork failure
6536058 alarm(2) passes negative delta to realtime_timeout
6538758 sporadic I/O error will cause data corruption in Veritas CFS with VMODSORT mode on
6539802 time as reported by gettimeofday(3C) goes backwards on Galaxy kit
6539878 sparc brandz syscall wrappers don't collect trapstat data
6539890 sparc brandz syscall wrappers don't support sun4v
6540634 sparc sn1 brand fail on platforms where NCPU > 31
6545740 sparc brandz syscall wrappers only exist on DEBUG kernels
6557021 snv_64: panic on booting an lx branded zone
6558487 zlogin should not call getpwnam() after zone_enter() during non-interactive zlogin -l
6561300 zlogin error messages not locale-specific for non-native zones
6561880 restore certain variants of syslwp_park to accommodate old version of alt libthread
6561987 data vac_conflict faults on lipthread libthread libs in s10
6562537 brandz elfexec support code assumes 32-bit elf binaries
6572719 ld.so on sparc and amd64 should be brand-aware
6573175 panic in au_getsonode
6574267 zlogin error msgs for non-native zones could be under .SUNWnative
6577995 brandz should provide brand aux vector to point to brand specific linker
6583738 offsets.in on sparc should provide define for p_agenttp
6586414 KU rejuvenation post S10 Update4
 
(from 127717-01)
 
6459412 ip_strict_dst_multihoming does not handle multiple i/f with same IP address
6468753 connections stuck in CLOSE_WAIT
6502485 init s to init 3 sequence with cgtp trashes broadcast ire ordering
6568417 ip:ip_squeue_soft_ring_affinity() panics when using network cards just after CPU DR
6582448 ip_find_unused_squeue() calls cpu_get() without holding cpu_lock
6596850 processing malformed INIT chunk causes panic
 
(from 125197-06)
 
6452822 C_GenerateKeyPair failed to support CKM_RSA_PKCS_KEY_PAIR_GEN mechanism in dprov mode
6473274 pkcs11_kernel should support multipart ops even for hardware that has only single part
6494834 support check for threshold when using hardware providers even for multi-part requests
6534615 for extra credit, dprov could make HMAC mechanisms work for PKCS #11 clients
6542759 HMAC mechanisms broken in sha2 kernel module
6578997 KSSL should use hardware acceleration for ssl3 macs when available
 
(from 125197-05)
 
6458639 kernel aes always advertises CRYPTO_UNLIMITED
 
(from 125197-04)
 
6466370 security vulnerabilities in OpenSSL may lead to DoS or code execution
        (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
6483054 OpenSSL lacks Thread Support
 
(from 125197-03)
 
6188861 provide libmd - message digest library
 
(from 125197-02)
 
6286167 SSLException thrown when using Solaris PKCS provider
 
(from 125197-01)
 
6242993 crypto operations on zero byte input data should set output len correctly
6292874 memory leak in asn1_to_*_pri()
6464106 contexts and key schedules might not be cleared all the time
 
(from 121291-03)
 
6372587 pkcs11_softtoken should use getpwuid_r(3C) to avoid overwriting thread-specific data
6372169 blowfish can read past mblk and panic in cbc mode
6368332 libpkcs11 should report that it is v2.20 not v2.11
 
(from 121291-02)
 
4721729 Support AES Counter mode for encryption
 
(from 121291-01)
 
4920408 PKCS#11 v2.20 support for the Crypto Framework
 
(from 118563-14)
 
6458639 kernel aes always advertises CRYPTO_UNLIMITED
 
(from 118563-13)
 
6466370 Security vulnerabilities in OpenSSL may lead to DoS or code execution
        (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
6483054 OpenSSL lacks Thread Support
 
(from 118563-12)
 
6286167 SSLException thrown when using Solaris PKCS provider
 
(from 118563-11)
 
6271754 pkcs11_softtoken too aggresive in looking for token data files
 
(from 118563-10)
 
6458258 patch 118563 should contain bug fix for 6363872
6363872 AES counter mode increments wrong counter bits on i386
 
(from 118563-09)
 
        Respun to remove extra files.
 
(from 118563-08)
 
        Added files that were not needed for this patch.
 
(from 118563-07)
 
        This revision accumulates s10u2 feature point patch 121291-03.
 
(from 118563-06)
 
6276483 libpkcs11 pthread_atfork() code can cause child process to hang
6345493 fork(2) handling fixes from 6276483 needs further work in pkcs11_softtoken
 
(from 118563-05)
 
6264344 remove gratuitous bzero() calls from SHA1Final() and MD5Final()
 
(from 118563-04)
 
6262344 Metaslot crashes in call to C_UnwrapKey during generation
6252894 BER routines in LDAP library don't work for 64 bit
 
(from 118563-03)
 
6222467 system calls from C_Initialize() get interrupted
6195428 "Slot Info is NULL for vca0" error when running SUNvts vcatest on E15K
6211857 driver panics when kcf_free_context() is called
 
(from 118563-02)
 
4926742 CKM_DH_PKCS_DERIVE fails if derived secret is shorter than prime
6215816 C_FindObjectsInit fails when token isn't present
6220814 C_DigestKey failure causes C_DestroyObject being hung
 
(from 118563-01)
 
4691624 libpkcs11: uCF meta slot management
6199119 pk11object test program core dumps with metaslot+pkcs11_kernel+Deimos configured
6215509 fix for 4691624 introduced a lock violation
 
(from 127746-01)
 
6568352 IPsec performance does not scale using hardware crypto providers
6594889 hardware provider flow control broken by CR 6568352
 
(from 127742-01)
 
6533634 panic on getting nxge stats
6546188 system panics in nxge:crc32c_tab+b149c98 during hotplug/DR testing with Atlas cards
6551356 system panics with "PCI Expansion ROM is not accessible" during hotplug testing on Atlas cards
6559504 nxge_ipp_eccue_valid_check causes FMA errors
6564934 nxge driver fails to resume I/O traffic after suspend/resume operation
6571370 Atlas: data corruption with TCP_Corrupt while runing I/O stress tests
 
(from 125252-02)
 
6605707 /dev* automap causes root console logins to hang until NFS mount times out
 
(from 125252-01)
 
6556410 libdevinfo - setdevaccess() - should not complain when acl() can't be set on some file systems
 
(from 126254-02)
 
6555870 openssl core dumps in smime subcommand with -encrypt option
 
(from 126254-01)
 
6466370 Security vulnerabilities in OpenSSL may lead to DoS or code execution 
        (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
6483054 OpenSSL lacks Thread Support
 
(from 121230-02)
 
6466370 Security vulnerabilities in OpenSSL may lead to DoS or code execution 
        (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
6483054 OpenSSL lacks Thread Support
 
(from 121230-01)
 
6332476 CAN-2005-2969 upgrade OpenSSL to 0.9.7h or 0.9.8a
 
(from 123014-01)
 
4852369 x86 panic due to redzone violation

--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

-----------------------------
 
NOTE 1:  Before installing this patch, please install the latest patch
         utilities patches for your OS. This list of patches is defined
         at - http://sunsolve.sun.com
 
         Please use the pull down list which appears after the text:
         "Latest Patch Update: To ensure the correct functioning of the
         patching utilities on your system, stay up to date on the
         following patches"
 
NOTE 2:  If your Intel system model name is one of the following:
 
         S5000PSLSATA
         S5000PAL
         SC5400RA
 
         and if your system has one of the following CPU types, please follow
         the installation procedure detailed below.
 
         - Quad-core Intel(r) Xeon(r) processor X5482
         - Quad-core Intel(r) Xeon(r) processor E5472
         - Quad-core Intel(r) Xeon(r) processor X5472
         - Quad-core Intel(r) Xeon(r) processor E5462
         - Quad-core Intel(r) Xeon(r) processor X5460
         - Quad-core Intel(r) Xeon(r) processor E5450
         - Quad-core Intel(r) Xeon(r) processor X5450
         - Quad-core Intel(r) Xeon(r) processor E5440
         - Quad-core Intel(r) Xeon(r) processor E5430
         - Quad-core Intel(r) Xeon(r) processor E5420
         - Quad-core Intel(r) Xeon(r) processor E5410
         - Quad-core Intel(r) Xeon(r) processor E5405
         - Dual-core Intel(r) Xeon(r) processor X5272
         - Dual-core Intel(r) Xeon(r) processor X5260
         - Dual-core Intel(r) Xeon(r) processor E5205
 
         Install Notes:
 
         The system must be booted to 32 bit mode to apply the patch.
 
         To boot the Solaris system in 32 bit mode, edit the boot-line by
         pressing 'e' at grub boot menu as follows:
 
         kernel /platform/i86pc/multiboot kernel/unix
 
         Press 'b' to continue booting.
 
         Then install the patch using patchadd and reboot the system.

NOTE 3:  To avoid a potential problem with the boot archive creation process upon
rebooting after installing this patch. (reported on systems installed with
"Core System Support" or "End User System Support" options) Please make sure
the devinfo module is loaded and the module's unloading is disabled prior to
applying this patch.

This can be accomplished by running the following shell script:

  ISA_INFO=`/usr/bin/isainfo -b`
  if [ -x /usr/bin/mdb ]; then
    if [ $ISA_INFO = 64 ]; then
       SAVED_ADDR=`echo '_kobj_printf/J' | mdb -k | cut -f2 -d ':'`
       echo '_kobj_printf/Z systrace_stub' | mdb -kw > /dev/null 2>&1
       modload /kernel/drv/amd64/devinfo
    else
       SAVED_ADDR=`echo '_kobj_printf/X' | mdb -k | cut -f2 -d ':'`
       echo '_kobj_printf/W systrace_stub' | mdb -kw > /dev/null 2>&1
       modload /kernel/drv/devinfo
    fi
       echo "moddebug/W20000" | adb -kw /dev/ksyms /dev/mem | grep moddebug >
/dev/null 2>&1
  else
    echo "mdb not found: patchadd not safe."
  fi

Or use the descendant patch 127128-11 (or greater) instead.