OBSOLETE Patch-ID# 142436-08
Download this patch from My Oracle Support
|
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
|
For further information on patching best practices and resources, please
see the following links:
|
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security mail.local memory leak sendmail manifest passwdutil iig idsconfig indexing nss_ldap getbymember _success _dbop_group_bymember core ldap_cachemgr hang password native dsconf passwd nisplus corruption nisd udp
Synopsis: Obsoleted by: 142909-17 SunOS 5.10: mail, sendmail and passwd patch
Date: Jun/07/2010
Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10
SunOS Release: 5.10
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 142437
Topic: SunOS 5.10: mail, sendmail and passwd patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6919554
Patches accumulated and obsoleted by this patch: 122085-01 125808-01 125896-03 127882-03 138046-02 138263-03 138874-05 139504-01 139568-01 139935-01 139948-01 140144-01 140146-01 140165-01 140167-01 140391-03 140917-02 141022-02 141030-10 141542-01 143899-01
Patches which conflict with this patch:
Patches required with this patch: 118833-36 119042-09 120011-14 121901-01 127127-11 137137-09 139555-08 (or greater)
Obsoleted by: 142909-17
Files included with this patch:
/etc/init.d/sendmail
/etc/mail/cf/README
/etc/mail/cf/cf/Makefile
/etc/mail/cf/cf/local.cf (deleted)
/etc/mail/cf/cf/local.mc (deleted)
/etc/mail/cf/cf/sendmail.cf
/etc/mail/cf/cf/sendmail.mc
/etc/mail/cf/cf/submit.cf
/etc/mail/cf/feature/badmx.m4
/etc/mail/cf/feature/block_bad_helo.m4
/etc/mail/cf/feature/dnsbl.m4
/etc/mail/cf/feature/enhdnsbl.m4
/etc/mail/cf/feature/require_rdns.m4
/etc/mail/cf/m4/cfhead.m4
/etc/mail/cf/m4/proto.m4
/etc/mail/cf/m4/version.m4
/etc/mail/cf/ostype/solaris8.m4
/etc/mail/cf/sh/makeinfo.sh
/etc/mail/helpfile
/etc/mail/local.cf (deleted)
/etc/mail/sendmail.cf
/etc/mail/submit.cf
/lib/libnsl.so.1
/lib/llib-lnsl
/lib/llib-lnsl.ln
/lib/nss_dns.so.1
/lib/nss_nisplus.so.1
/lib/sparcv9/libnsl.so.1
/lib/sparcv9/llib-lnsl.ln
/lib/sparcv9/nss_dns.so.1
/lib/sparcv9/nss_nisplus.so.1
/lib/svc/method/sendmail-client
/lib/svc/method/smtp-sendmail
/lib/svc/share/sendmail_include.sh
/usr/bin/aliasadm
/usr/bin/chkey
/usr/bin/mail
/usr/bin/mailcompat
/usr/bin/mailq
/usr/bin/mailstats
/usr/bin/mconnect
/usr/bin/nisaddcred
/usr/bin/passwd
/usr/bin/praliases
/usr/bin/vacation
/usr/include/libmilter/README
/usr/include/libmilter/mfapi.h
/usr/include/libmilter/mfdef.h
/usr/include/rpcsvc/nispasswd.h
/usr/include/rpcsvc/nispasswd.x
/usr/lib/ldap/idsconfig
/usr/lib/ldap/ldap_cachemgr
/usr/lib/libmilter.so.1
/usr/lib/libsldap.so.1
/usr/lib/llib-lmilter.ln
/usr/lib/llib-lpasswdutil.ln
/usr/lib/mail.local
/usr/lib/nss_ldap.so.1
/usr/lib/passwdutil.so.1
/usr/lib/security/pam_authtok_check.so.1
/usr/lib/security/pam_authtok_get.so.1
/usr/lib/security/pam_authtok_store.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/security/pam_ldap.so.1
/usr/lib/security/pam_passwd_auth.so.1
/usr/lib/security/pam_unix_account.so.1
/usr/lib/security/pam_unix_auth.so.1
/usr/lib/security/sparcv9/pam_authtok_check.so.1
/usr/lib/security/sparcv9/pam_authtok_get.so.1
/usr/lib/security/sparcv9/pam_authtok_store.so.1
/usr/lib/security/sparcv9/pam_dhkeys.so.1
/usr/lib/security/sparcv9/pam_ldap.so.1
/usr/lib/security/sparcv9/pam_passwd_auth.so.1
/usr/lib/security/sparcv9/pam_unix_account.so.1
/usr/lib/security/sparcv9/pam_unix_auth.so.1
/usr/lib/sendmail
/usr/lib/smrsh
/usr/lib/sparcv9/libsldap.so.1
/usr/lib/sparcv9/llib-lpasswdutil.ln
/usr/lib/sparcv9/nss_ldap.so.1
/usr/lib/sparcv9/passwdutil.so.1
/usr/sbin/editmap
/usr/sbin/ldapaddent
/usr/sbin/ldapclient
/usr/sbin/makemap
/usr/sbin/newkey
/usr/sbin/nscd
/usr/sbin/rpc.nisd
/usr/sbin/rpc.nispasswdd
/var/svc/manifest/network/sendmail-client.xml
/var/svc/manifest/network/smtp-sendmail.xml
/var/svc/profile/generic_limited_net.xml
/var/svc/profile/generic_open.xml
Problem Description:
6919554 passwd -r nisplus -e fails with permission denied
(from 142436-07)
6196330 copious process.max-file-descriptor syslog complaints due to 4353836 fix
(from 142436-06)
6930785 passwd command crashes on LDAP client using passwd_compat, if the new password is in the pwd-history
(from 142436-05)
6921761 per-user nscd: endless loop in _nsc_trydoorcall_ext() causes main nscd daemon to become unresponsive
6925984 nscd: error in using read-only access lock when generating per-user switch configuration
6938437 CDDL-licensed files backported to Solaris 10
(from 142436-04)
6337505 sendmail is unable to use LDAP mail aliases > 256 bytes
6467484 sun_compat.c no longer needed
6547700 sendmail's ratecontrol limit is off by one
6790772 array overrun in sendmail
6913961 upgrade sendmail to 8.14.4
6922943 nscd failing because FD limit is too low when using files backend with enumeration
(from 142436-03)
6927186 patches created for sendmail fixes should be combined
(from 142436-02)
6920600 the new sendmail restarter forces the use of '-bl' which is not recognized by sendmail 8.13.8
(from 142436-01)
This revision accumulates generic Sustaining patch 127882-03
into Solaris S10U8 update.
(from 127882-03)
6792153 sendmail hang - contains a buggy reimplementation of sleep()
(from 127882-02)
This revision accumulates generic Sustaining patch 125896-03
into Solaris S10U5 update.
(from 127882-01)
This revision accumulates generic Sustaining patch 125896-02
into Solaris S10U5 update.
(from 125896-03)
6258349 RFE: mail.local should support large files
6419990 sendmail fails on a large (> 2TB) file-system
6563321 mail command fails with fifofs attr vattr.va_nodeid hitting max value
(from 125896-02)
6568603 mail.local leaks memory
(from 125896-01)
This revision accumulates generic Sustaining patch 125808-01
into Solaris S10U4 update.
(from 125808-01)
6476317 mail.local -b option needs work
(from 143899-01)
6226132 sendmail's receiving daemon should be restarted upon death
6330693 teach sendmail start method to build config files automatically
6690815 sendmail needs a local daemon mode
6848025 minor clean-up needed in sendmail start method scripts
(from 141030-10)
6619071 when LDAP config'd w/ mult. auth. methods, nscd keeps creating connections if 1st auth. method fails
(from 141030-09)
6895515 nscd aborting in libumem
(from 141030-08)
6810407 schema defined in idsconfig.sh is not strictly compliant with RFC 4512 Syntax
6842419 idsconfig(1M) fails to set up an LDAP server a second time
6890468 idsconfig must support DS 7.x
6901652 nscd could better handle running out of naming enumeration contexts
(from 141030-07)
6863709 nscd dumps core after receiving SIGHUP
(from 141030-06)
6856084 Sparks DNS backend should return canonical name before aliases
6864296 private __res_ndestroy interface may now be removed from dns_common.c
(from 141030-05)
6563443 nisaddcred and chkey have issues in md5 password encryption with passwords > eight characters
6839693 ldapclient init w/profile with more than 16 objectClassMaps core dumped on Solaris 10 x86
(from 141030-04)
This revision accumulates generic Sustaining patch 138874-05
into Solaris S10U8 update.
(from 141030-03)
This revision accumulates generic Sustaining patch 138874-04
into Solaris S10U8 update.
(from 141030-02)
This revision accumulates generic Sustaining patch 138874-03
into Solaris S10U8 update.
(from 141030-01)
This revision accumulates generic Sustaining patch 138874-02
into Solaris S10U8 update.
(from 138874-05)
6805959 per-user nscd doesn't reap child processes after these exited, such child processes remain as zombies
(from 138874-04)
4904603 disable ldaplist to not show userpassword attribute or just user logged in
6615693 nscd only checks the file_dac_read check privilege and not the euid for access to the shadow file
6832170 Compat behavior change on Sol 10u6 10/08, no longer adheres to the use of *LK* in the /etc/shadow
(from 138874-03)
4622166 ldapaddent does not escape some special characters in DN for exec_attr, services and tnrhtp database
6844186 fix for 6715843 incomplete in Solaris 10 patch gate
(from 138874-02)
4796766 idsconfig and ldapaddent should support project database
6329516 unlimited password guesses allowed
6509374 idsconfig doesn't create container for projects
6580192 nss_ldap: __ns_ldap_endEntry() called twice by top_down_search()
6677547 Native LDAP client to disable vlv searches for netgroups
6715171 nss_ldap and passwdutil do not support all shadowAccount attributes
6715843 ldapaddent is not accepting a one character entry for the tnrhtp file
6797378 'ldapaddent -d passwd' does not print 'x' for the password field
(from 138874-01)
6561249 idsconfig prints out incorrect information for VLV indexing when run against DS5.2 & 6.0
(from 139935-01)
This revision accumulates generic Sustaining patch 139568-01
into Solaris S10U7 update.
(from 139568-01)
6585350 nss_nisplus: getbymember() does not follow NSS_DBOP_GROUP_BYMEMBER protocol
6669386 nss_ldap getbymember always returns NSS_SUCCESS
(from 139948-01)
This revision accumulates generic Sustaining patch 139504-01
into Solaris S10U7 update.
(from 139504-01)
6493513 changing password (in files repository) dumps core when libumem is in effect
(from 140165-01)
This revision accumulates generic Sustaining patch 140144-01
into Solaris S10U7 update.
(from 140144-01)
6774895 Solaris 10 ldap_cachemgr hang
(from 140167-01)
This revision accumulates generic Sustaining patch 140146-01
into Solaris S10U7 update.
(from 140146-01)
6740474 confusing 'password too short' message from Native LDAP
(from 140391-03)
6699250 nscd core dumps in NIS do_getent
6741305 nscd core file generated during storage pool reconfig
(from 140391-02)
6633347 nscd (sparks) can give inconsistent name resolution if started without a resolv.conf file
(from 140391-01)
This revision accumulates generic Sustaining patch 138263-03
into Solaris S10U7 update.
(from 138263-03)
6737284 nscd does not return NSS_TRYLOCAL for foreign NSS backends for enumerated searches when using compat
6740382 nscd needs improved permission checking
(from 138263-02)
This revision accumulates generic Sustaining patch 138046-02
into Solaris S10U6 update.
(from 138263-01)
This revision accumulates generic Sustaining patch 138046-01
into Solaris S10U6 update.
(from 138046-02)
6537549 nscd dies with SIGPIPE
(from 138046-01)
6636228 foreign NSS backends, nscd does not return NSS_TRYLOCAL when processing getgroupsbymember
6644077 nscd rejects foreign nsswitch backends
(from 122085-01)
6225117 passwd -r nisplus -e username will corrupt the user's passwd
(from 141022-02)
his revision accumulates generic Sustaining patch 140917-02
into Solaris S10U8 update.
(from 141022-01)
This revision accumulates generic Sustaining patch 140917-01
into Solaris S10U8 update.
(from 140917-02)
6793742 libnsl memory leak with "dail()" function call in strsave
(from 140917-01)
4300326 UDP replies from rpcbind and mountd can be sent with wrong source address
6466160 rpc.nisd can hang for 3-4 minutes attempting NIS+ callback if connection to client silently fails
6626381 rpc.nisd on subdomain-replica deadlocked when trying to access NIS+ admin group in cache
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
NOTE 1: This sendmail patch will modify the config/local_only property to true,
i.e.:
$ svcprop -p config/local_only smtp:sendmail
true
This will allow sendmail to accept requests *only* from the localhost.
If you require sendmail to accept requests from other hosts after adding
this patch, you will need to:
- reset config/local_only property to false
- refresh & restart the sendmail service (smtp:sendmail).
by executing the following commands as privileged user:
# svccfg -s svc:/network/smtp:sendmail setprop config/local_only=false
# svcadm refresh smtp:sendmail
# svcadm restart smtp:sendmail
Any further application of the sendmail patch will not require the above
steps.
NOTE 1: All sendmail processes were formerly managed under a single SMF service
(svc:/network/smtp:sendmail). In order to better track the need for
processes to be restarted, there are now two services;
svc:/network/smtp:sendmail to manage the daemon for in-bound mail and
svc:/network/sendmail-client:default to manage out-bound mail.
The new service svc:/network/sendmail-client:default will be enabled by
default on installation of this patch.
If you have previously disabled the old sendmail service, then you will
probably want to manually disable the new service.
NOTE 2: This patch delivers a new version of the sendmail.cf file. The previous
version of sendmail.cf on the system will be backed up as sendmail.cf.old.
If you have made changes to the default sendmail configuration you must make
these changes again using the supported mechanism (i.e. by making configuration
changes through the 'sendmail.mc' file and NOT directly editing or replacing
sendmail.cf), as outlined in the sendmail(4) man page.
README -- Last modified date: Saturday, November 10, 2012