OBSOLETE Patch-ID# 142437-08


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security -b mail.local memory leak sendmail manifest passwdutil iig idsconfig indexing nss_ldap getbymember _success _dbop_group_bymember core ldap_cachemgr hang password native dsconf passwd nisplus corruption nisd udp
Synopsis: Obsoleted by: 142910-17 SunOS 5.10_x86: mail, sendmail and passwd patch
Date: Jun/07/2010


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 142436

Topic: SunOS 5.10_x86: mail, sendmail and passwd patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
430032615009963
462216615092882
479676615139071
490460315172125
619633015236915
622511715247587
622613215248024
625834915261298
632951615289166
633069315289552
633750515292343
641999015327960
646616015348463
646748415349085
647631715353046
649351315361194
650937415369712
653754915385840
654770015391388
656124915399234
656332115400415
656344315400475
656860315403217
658019215409663
658535015412503
661569315430011
661907115432127
662638115436456
663334715440652
663622815442403
664407715447183
666938615461585
667754715466241
669081515474140
669925015479049
671517115487762
671584315488224
673728415501488
674038215503472
674047415503522
674130515504041
677489515524694
679077215533394
679215315534322
679374215535321
679737815537409
680595915542352
681040715544894
683969315562104
684241915563716
684418615564844
684802515567340
684976715568563
685608415572943
686370915577833
686429615578101
689046815595828
689551515599442
690165215603848
691396115613093
691955415617355
692060015618134
692176115619051
692294315619991
692598415622383
692718615623307
693078515626289
693843715632344


Changes incorporated in this version: 6919554

Patches accumulated and obsoleted by this patch: 122086-01 125809-01 125897-03 127883-03 138047-02 138264-03 138875-05 139505-01 139569-01 140108-01 140127-01 140145-01 140147-01 140166-01 140168-01 140392-03 140918-02 141023-02 141031-11 141543-01 143900-01

Patches which conflict with this patch:

Patches required with this patch: 118855-36 119043-09 120012-14 121902-01 127128-11 137138-09 139556-08 (or greater)

Obsoleted by: 142910-17

Files included with this patch:

/etc/init.d/sendmail
/etc/mail/cf/README
/etc/mail/cf/cf/Makefile
/etc/mail/cf/cf/local.cf (deleted)
/etc/mail/cf/cf/local.mc (deleted)
/etc/mail/cf/cf/sendmail.cf
/etc/mail/cf/cf/sendmail.mc
/etc/mail/cf/cf/submit.cf
/etc/mail/cf/feature/badmx.m4
/etc/mail/cf/feature/block_bad_helo.m4
/etc/mail/cf/feature/dnsbl.m4
/etc/mail/cf/feature/enhdnsbl.m4
/etc/mail/cf/feature/require_rdns.m4
/etc/mail/cf/m4/cfhead.m4
/etc/mail/cf/m4/proto.m4
/etc/mail/cf/m4/version.m4
/etc/mail/cf/ostype/solaris8.m4
/etc/mail/cf/sh/makeinfo.sh
/etc/mail/helpfile
/etc/mail/local.cf (deleted)
/etc/mail/sendmail.cf
/etc/mail/submit.cf
/lib/amd64/libnsl.so.1
/lib/amd64/llib-lnsl.ln
/lib/amd64/nss_dns.so.1
/lib/amd64/nss_nisplus.so.1
/lib/libnsl.so.1
/lib/llib-lnsl
/lib/llib-lnsl.ln
/lib/nss_dns.so.1
/lib/nss_nisplus.so.1
/lib/svc/method/sendmail-client
/lib/svc/method/smtp-sendmail
/lib/svc/share/sendmail_include.sh
/usr/bin/aliasadm
/usr/bin/chkey
/usr/bin/mail
/usr/bin/mailcompat
/usr/bin/mailq
/usr/bin/mailstats
/usr/bin/mconnect
/usr/bin/nisaddcred
/usr/bin/passwd
/usr/bin/praliases
/usr/bin/vacation
/usr/include/libmilter/README
/usr/include/libmilter/mfapi.h
/usr/include/libmilter/mfdef.h
/usr/include/rpcsvc/nispasswd.h
/usr/include/rpcsvc/nispasswd.x
/usr/lib/amd64/libsldap.so.1
/usr/lib/amd64/llib-lpasswdutil.ln
/usr/lib/amd64/nss_ldap.so.1
/usr/lib/amd64/passwdutil.so.1
/usr/lib/ldap/idsconfig
/usr/lib/ldap/ldap_cachemgr
/usr/lib/libmilter.so.1
/usr/lib/libsldap.so.1
/usr/lib/llib-lmilter.ln
/usr/lib/llib-lpasswdutil.ln
/usr/lib/mail.local
/usr/lib/nss_ldap.so.1
/usr/lib/passwdutil.so.1
/usr/lib/security/amd64/pam_dhkeys.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/sendmail
/usr/lib/smrsh
/usr/sbin/editmap
/usr/sbin/ldapaddent
/usr/sbin/ldapclient
/usr/sbin/makemap
/usr/sbin/newkey
/usr/sbin/nscd
/usr/sbin/rpc.nisd
/usr/sbin/rpc.nispasswdd
/var/svc/manifest/network/sendmail-client.xml
/var/svc/manifest/network/smtp-sendmail.xml
/var/svc/profile/generic_limited_net.xml
/var/svc/profile/generic_open.xml

Problem Description:

6919554 passwd -r nisplus -e fails with permission denied
 
(from 142437-07)
 
6196330 copious process.max-file-descriptor syslog complaints due to 4353836 fix
 
(from 142437-06)
 
6930785 passwd command crashes on LDAP client using passwd_compat, if the new password is in the pwd-history
 
(from 142437-05)
 
6921761 per-user nscd: endless loop in _nsc_trydoorcall_ext() causes main nscd daemon to become unresponsive
6925984 nscd: error in using read-only access lock when generating per-user switch configuration
6938437 CDDL-licensed files backported to Solaris 10
 
(from 142437-04)
 
6337505 sendmail is unable to use LDAP mail aliases > 256 bytes
6467484 sun_compat.c no longer needed
6547700 sendmail's ratecontrol limit is off by one
6790772 array overrun in sendmail
6913961 upgrade sendmail to 8.14.4
6922943 nscd failing because FD limit is too low when using files backend with enumeration
 
(from 142437-03)
 
6927186 patches created for sendmail fixes should be combined
 
(from 142437-02)
 
6920600 the new sendmail restarter forces the use of '-bl' which is not recognized by sendmail 8.13.8
 
(from 142437-01)
 
	This revision accumulates generic Sustaining patch 127883-03
	into Solaris S10U8 update.
 
(from 127883-03)
 
6792153 sendmail hang - contains a buggy reimplementation of sleep()
 
(from 127883-02)
 
        This revision accumulates generic Sustaining patch 125897-03
        into Solaris S10U5 update.
 
(from 127883-01)
 
        This revision accumulates generic Sustaining patch 125897-02
        into Solaris S10U5 update.
 
(from 125897-03)
 
6258349 RFE: mail.local should support large files
6419990 sendmail fails on a large (> 2TB) file-system
6563321 mail command fails with fifofs attr vattr.va_nodeid hitting max value
 
(from 125897-02)
 
6568603 mail.local leaks memory
 
(from 125897-01)
 
        This revision accumulates generic Sustaining patch 125809-01
        into Solaris S10U4 update.
 
(from 125809-01)
 
6476317 mail.local -b option needs work
 
(from 143900-01)
 
6226132 sendmail's receiving daemon should be restarted upon death
6330693 teach sendmail start method to build config files automatically
6690815 sendmail needs a local daemon mode
6848025 minor clean-up needed in sendmail start method scripts
 
(from 141031-11)
 
6619071 when LDAP config'd w/ mult. auth. methods, nscd keeps creating connections if 1st auth. method fails
 
(from 141031-10)
 
6895515 nscd aborting in libumem
 
(from 141031-09)
 
6810407 schema defined in idsconfig.sh is not strictly compliant with RFC 4512 Syntax
6842419 idsconfig(1M) fails to set up an LDAP server a second time
6890468 idsconfig must support DS 7.x
6901652 nscd could better handle running out of naming enumeration contexts
 
(from 141031-08)
 
6863709 nscd dumps core after receiving SIGHUP
 
(from 141031-07)
 
6856084 Sparks DNS backend should return canonical name before aliases
6864296 private __res_ndestroy interface may now be removed from dns_common.c
 
(from 141031-06)
 
6563443 nisaddcred and chkey have issues in md5 password encryption with passwords > eight characters
6839693 ldapclient init w/profile with more than 16 objectClassMaps core dumped on Solaris 10 x86
 
(from 141031-05)
 
	This revision accumulates generic Sustaining patch 138875-05
	into Solaris S10U8 update.
 
(from 141031-04)
 
	This revision accumulates generic Sustaining patch 138875-04
	into Solaris S10U8 update.
 
(from 141031-03)
 
6849767 wrong SUNWcsu postinstall script in patch 141031-02
 
(from 141031-02)
 
	This revision accumulates generic Sustaining patch 138875-03
	into Solaris S10U8 update.
 
(from 141031-01)
 
	This revision accumulates generic Sustaining patch 138875-02
	into Solaris S10U8 update.
 
(from 138875-05)
 
6805959 per-user nscd doesn't reap child processes after these exited, such child processes remain as zombies
 
(from 138875-04)
 
4904603 disable ldaplist to not show userpassword attribute or just user logged in
6615693 nscd only checks the file_dac_read check privilege and not the euid for access to the shadow file
 
(from 138875-03)
 
4622166 ldapaddent does not escape some special characters in DN for exec_attr, services and tnrhtp database
6844186 fix for 6715843 incomplete in Solaris 10 patch gate
 
(from 138875-02)
 
4796766 idsconfig and ldapaddent should support project database
6329516 unlimited password guesses allowed
6509374 idsconfig doesn't create container for projects
6580192 nss_ldap: __ns_ldap_endEntry() called twice by top_down_search()
6677547 Native LDAP client to disable vlv searches for netgroups
6715171 nss_ldap and passwdutil do not support all shadowAccount attributes
6715843 ldapaddent is not accepting a one character entry for the tnrhtp file
6797378 'ldapaddent -d passwd' does not print 'x' for the password field
 
(from 138875-01)
 
6561249 idsconfig prints out incorrect information for VLV indexing when run against DS5.2 & 6.0
 
(from 140108-01)
 
        This revision accumulates generic Sustaining patch 139569-01
        into Solaris S10U7 update.
 
(from 139569-01)
 
6585350 nss_nisplus: getbymember() does not follow NSS_DBOP_GROUP_BYMEMBER protocol
6669386 nss_ldap getbymember always returns NSS_SUCCESS
 
(from 140127-01)
 
        This revision accumulates generic Sustaining patch 139505-01
        into Solaris S10U7 update.
 
(from 139505-01)
 
6493513 changing password (in files repository) dumps core when libumem is in effect
 
(from 140166-01)
 
        This revision accumulates generic Sustaining patch 140145-01
        into Solaris S10U7 update.
 
(from 140145-01)
 
6774895 Solaris 10 ldap_cachemgr hang
 
(from 140168-01)
 
        This revision accumulates generic Sustaining patch 140147-01
        into Solaris S10U7 update.
 
(from 140147-01)
 
6740474 confusing 'password too short' message from Native LDAP
 
(from 140392-03)
 
6699250 nscd core dumps in NIS do_getent
6741305 nscd core file generated during storage pool reconfig
 
(from 140392-02)
 
6633347 nscd (sparks) can give inconsistent name resolution if started without a resolv.conf file
 
(from 140392-01)
 
        This revision accumulates generic Sustaining patch 138264-03
        into Solaris S10U7 update.
 
(from 138264-03)
 
6737284 nscd does not return NSS_TRYLOCAL for foreign NSS backends for enumerated searches when using compat
6740382 nscd needs improved permission checking
 
(from 138264-02)
 
        This revision accumulates generic Sustaining patch 138047-02
        into Solaris S10U6 update.
 
(from 138264-01)
 
        This revision accumulates generic Sustaining patch 138047-01
        into Solaris S10U6 update.
 
(from 138047-02)
 
6537549 nscd dies with SIGPIPE
 
(from 138047-01)
 
6636228 foreign NSS backends, nscd does not return NSS_TRYLOCAL when processing getgroupsbymember
6644077 nscd rejects foreign nsswitch backends
 
(from 122086-01)
 
6225117 passwd -r nisplus -e username will corrupt the user's passwd
 
(from 141023-02)
 
	This revision accumulates generic Sustaining patch 140918-02
	into Solaris S10U8 update.
 
(from 141023-01)
 
	This revision accumulates generic Sustaining patch 140918-01
	into Solaris S10U8 update.
 
(from 140918-02)
 
6793742 libnsl memory leak with "dail()" function call in strsave
 
(from 140918-01)
 
4300326 UDP replies from rpcbind and mountd can be sent with wrong source address
6466160 rpc.nisd can hang for 3-4 minutes attempting NIS+ callback if connection to client silently fails
6626381 rpc.nisd on subdomain-replica deadlocked when trying to access NIS+ admin group in cache


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------

NOTE 1:  This sendmail patch will modify the config/local_only property to true,
      i.e.:
         $ svcprop -p config/local_only smtp:sendmail
         true

      This will allow sendmail to accept requests *only* from the localhost.
      If you require sendmail to accept requests from other hosts after adding
      this patch, you will need to:
      - reset config/local_only property to false
      - refresh & restart the sendmail service (smtp:sendmail).
      by executing the following commands as privileged user:
         # svccfg -s svc:/network/smtp:sendmail setprop config/local_only=false
         # svcadm refresh smtp:sendmail
         # svcadm restart smtp:sendmail

      Any further application of the sendmail patch will not require the above
      steps. 
 

NOTE 1: All sendmail processes were formerly managed under a single SMF service
      (svc:/network/smtp:sendmail).  In order to better track the need for
      processes to be restarted, there are now two services; 
      svc:/network/smtp:sendmail to manage the daemon for in-bound mail and 
      svc:/network/sendmail-client:default to manage out-bound mail.
      The new service svc:/network/sendmail-client:default will be enabled by
      default on installation of this patch.
      If you have previously disabled the old sendmail service, then you will 
      probably want to manually disable the new service.

NOTE 2: This patch delivers a new version of the sendmail.cf file. The previous
      version of sendmail.cf on the system will be backed up as sendmail.cf.old.
      If you have made changes to the default sendmail configuration you must make
      these changes again using the supported mechanism (i.e. by making configuration
      changes through the 'sendmail.mc' file and NOT directly editing or replacing
      sendmail.cf), as outlined in the sendmail(4) man page.


README -- Last modified date: Saturday, November 10, 2012