Patch-ID# 148071-19


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security libcrypto crypto openssl commands
Synopsis: SunOS 5.10: openssl patch
Date: Dec/16/2015


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 148072

Topic: SunOS 5.10: openssl patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
621474315243249
16211866
16368404
16694535
18889686
19385643
19385708
19823193
19823202
19823212
20325582
20325594
20325600
20325603
20688058
20735495
20735520
20735531
20735537
20735541
20735563
21240446
21240457
21240488
21815734
22229510
619239215235669
688199615589689
701700515695178
710191615748842
713305315768442
713305415768443
715125915777027
715554815780416
715555515780421
716279015786638
716443715787978
716619615789534
716898315791815
716934015792104
716987515792559
717297015795043
718225715802320


Changes incorporated in this version: 21815734 22229510

Patches accumulated and obsoleted by this patch: 147707-10 148320-01

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 139555-08 141444-09 144500-19 147147-26 (or greater)

Obsoleted by:

Files included with this patch:

/usr/lib/pkgconfig/openssl.pc (deleted)
/usr/lib/sparcv9/pkgconfig/openssl.pc (deleted)
/usr/sfw/bin/openssl
/usr/sfw/bin/sparcv9/openssl
/usr/sfw/include/openssl/asn1.h
/usr/sfw/include/openssl/buffer.h
/usr/sfw/include/openssl/crypto.h
/usr/sfw/include/openssl/opensslv.h
/usr/sfw/include/openssl/pkcs7.h
/usr/sfw/include/openssl/ssl.h
/usr/sfw/include/openssl/ssl3.h
/usr/sfw/include/openssl/tls1.h
/usr/sfw/include/openssl/x509.h
/usr/sfw/lib/libcrypto.so.0.9.7
/usr/sfw/lib/libcrypto_extra.so.0.9.7
/usr/sfw/lib/libssl.so.0.9.7
/usr/sfw/lib/libssl_extra.so.0.9.7
/usr/sfw/lib/llib-lcrypto.ln
/usr/sfw/lib/llib-lssl.ln
/usr/sfw/lib/pkgconfig/openssl.pc
/usr/sfw/lib/sparcv9/libcrypto.so.0.9.7
/usr/sfw/lib/sparcv9/libcrypto_extra.so.0.9.7
/usr/sfw/lib/sparcv9/libssl.so.0.9.7
/usr/sfw/lib/sparcv9/libssl_extra.so.0.9.7
/usr/sfw/lib/sparcv9/llib-lcrypto.ln
/usr/sfw/lib/sparcv9/llib-lssl.ln
/usr/sfw/lib/sparcv9/pkgconfig/openssl.pc

Problem Description:

21815734 move pkgconfig files for old OpenSSL 0.9.7 to /usr/sfw/lib
22229510 mismatched GID for OpenSSL deliverables under /usr/sfw
 
(from 148071-18)
 
21240446 problem with OpenSSL
21240457 problem with OpenSSL
21240488 problem with OpenSSL
 
(from 148071-17)
 
20688058 problem with OpenSSL
20735495 problem with OpenSSL
20735520 problem with OpenSSL
20735531 problem with OpenSSL
20735537 problem with OpenSSL
20735541 problem with OpenSSL
20735563 problem with OpenSSL
 
(from 148071-16)
 
20325582 problem with OpenSSL
20325594 problem with OpenSSL
20325600 problem with OpenSSL
20325603 problem with OpenSSL
 
(from 148071-15)
 
16368404 SPARC standalone wanboot client upgrade SSLv3->TLSv1
19823193 problem with OpenSSL
19823202 problem with OpenSSL
19823212 problem with OpenSSL
 
(from 148071-14)
 
19385643 problem with OpenSSL
19385708 problem with OpenSSL
 
(from 148071-13)
 
18889686 problem with OpenSSL
 
(from 148071-12)
 
16694535 problem with OpenSSL
 
(from 148071-11)
 
16211866 problem with OpenSSL
 
(from 148071-10)
 
15243249 ssh / OPENSSL_cleanse accesses memory beyond malloc'ed buffer
 
(from 148071-09)
 
        This revision accumulates generic Sustaining patch 147707-10
        into Solaris S10U11 update.
 
(from 148071-08)
 
        This revision accumulates generic Sustaining patch 147707-09
        into Solaris S10U11 update.
 
(from 148071-07)
 
        This revision accumulates generic Sustaining patch 147707-08
        into Solaris S10U11 update.
 
(from 148071-06)
 
        This revision accumulates generic Sustaining patch 147707-07
        into Solaris S10U11 update.
 
(from 148071-05)
 
        This revision accumulates generic Sustaining patch 147707-06
        into Solaris S10U11 update.
 
(from 148071-04)
 
        This revision accumulates generic Sustaining patch 147707-05
        into Solaris S10U11 update.
 
(from 148071-03)
 
        This revision accumulates generic Sustaining patch 147707-04
        into Solaris S10U11 update.
 
(from 148071-02)
 
        This revision accumulates generic Sustaining patch 147707-03
        into Solaris S10U11 update.
 
(from 148071-01)
 
        This revision accumulates generic Sustaining patch 147707-02
        into Solaris S10U11 update.
 
(from 147707-10)
 
7168983 PKCS11 engine does not check mechanism key size range
7182257 pk11_get_symmetric_cipher and pk11_get_digest should have better interface
 
(from 147707-09)
 
7169875 problem with crypto: OpenSSL
 
(from 147707-08)
 
7101916 blowfish-cbc/hmac_sha1 in the SSH test suite failed on T4
 
(from 147707-07)
 
7169340 make it possible to set SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag in SSL context
7172970 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is not defined
 
(from 147707-06)
 
7162790 problem with crypto: OpenSSL
7164437 problem with crypto: OpenSSL
7166196 BUF_MEM_grow_clean returns incorrect error string
 
(from 147707-05)
 
7155548 problem with crypto: OpenSSL
7155555 problem with crypto: OpenSSL
 
(from 147707-04)
 
7151259 problem with crypto: OpenSSL
 
(from 147707-03)
 
7133053 problem with crypto: OpenSSL
7133054 problem with crypto: OpenSSL
 
(from 147707-02)
 
6881996 problem with crypto: OpenSSL
 
(from 147707-01)
 
7017005 OpenSSL PKCS#11 engine not picking up all hardware crypto implementations
 
(from 148320-01)
 
6192392 build and ship 64-bit openssl command


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  This patch forces the use of strong encryption, which breaks
         applications that use crypto on systems without SUNWcry* packages
         installed.  Solaris 10 11/06 (Update 3) and earlier do not include
         SUNWcry* packages.  It is strongly advised that affected systems
         upgrade to the later Solaris 10 Update S10 1/13 (Update 11).
 
         For more details, please see Service Alert Doc ID 2013494.1:
 
         https://support.oracle.com/rs?type=doc&id=2013494.1


README -- Last modified date: Wednesday, December 16, 2015