#112960-17: Obsoleted by: 112960-18 SunOS 5.9: patch libsldap ldap

Obsoleted by: 112960-18 SunOS 5.9: patch libsldap ldap_cachemgr libldap

Disclaimer:

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE

Patch Id: 112960-17

Summary: Obsoleted by: 112960-18 SunOS 5.9: patch libsldap ldap_cachemgr libldap

Date:  Aug/17/2004

Installation Requirements:

Install in Single User Mode                      
                      Reboot immediately after patch is installed

Solaris Release: 9

Sun OS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 114241

Topic:

SunOS 5.9: patch libsldap ldap_cachemgr libldap

Relevant Architecture: sparc

BugId's fixed with this patch:

4192824 4248430 4357827 4390053 4523936 4614945 4624458 4630226 4643366 4645604 4648140 4648146 4658569 4658625 4660019 4670947 4677591 4682120 4683522 4700602 4709300 4720818 4723361 4743707 4746114 4747441 4751386 4751394 4754634 4756113 4757282 4765506 4768140 4774607 4776571 4779333 4780109 4787488 4793719 4802414 4805635 4830406 4830525 4873939 4874749 4877796 4887906 4890233 4890303 4913437 4920444 4966423 4977110 4980441 4988859 5003953 5006801 5012514

Changes incorporated in this version:


4966423 4988859 5003953

Patches accumulated and obsoleted by this patch:

113152-01 113166-01 113476-13

Patches which conflict with this patch:

Required Patches:

112874-06 or greater

Obsoleted by:

Files Included in this Patch:

/usr/include/ldap.h
/usr/lib/abi/abi_libldap.so.5
/usr/lib/abi/abi_libsldap.so.1
/usr/lib/abi/sparcv9/abi_libsldap.so.1
/usr/lib/ldap/ldap_cachemgr
/usr/lib/libldap.so.4
/usr/lib/libldap.so.5
/usr/lib/libpam.so.1
/usr/lib/libsldap.so.1
/usr/lib/llib-lldap
/usr/lib/llib-lldap.ln
/usr/lib/llib-lpasswdutil
/usr/lib/llib-lpasswdutil.ln
/usr/lib/llib-lsldap
/usr/lib/llib-lsldap.ln
/usr/lib/nss_ldap.so.1
/usr/lib/passwdutil.so.1
/usr/lib/security/pam_authtok_check.so.1
/usr/lib/security/pam_authtok_get.so.1
/usr/lib/security/pam_authtok_store.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/security/pam_ldap.so.1
/usr/lib/security/pam_passwd_auth.so.1
/usr/lib/security/pam_unix_account.so.1
/usr/lib/security/pam_unix_auth.so.1
/usr/lib/security/sparcv9/pam_authtok_check.so.1
/usr/lib/security/sparcv9/pam_authtok_get.so.1
/usr/lib/security/sparcv9/pam_authtok_store.so.1
/usr/lib/security/sparcv9/pam_dhkeys.so.1
/usr/lib/security/sparcv9/pam_ldap.so.1
/usr/lib/security/sparcv9/pam_passwd_auth.so.1
/usr/lib/security/sparcv9/pam_unix_account.so.1
/usr/lib/security/sparcv9/pam_unix_auth.so.1
/usr/lib/sparcv9/libldap.so.4
/usr/lib/sparcv9/libldap.so.5
/usr/lib/sparcv9/libpam.so.1
/usr/lib/sparcv9/libsldap.so.1
/usr/lib/sparcv9/llib-lldap.ln
/usr/lib/sparcv9/llib-lpasswdutil.ln
/usr/lib/sparcv9/llib-lsldap.ln
/usr/lib/sparcv9/nss_ldap.so.1
/usr/lib/sparcv9/passwdutil.so.1

Problem Description:

4966423 RBAC exec_attr search in LDAP: everything's wild
4988859 passwd -g, -e, -h cause segfault
5003953 Logins to Solaris 9 NIS+ clients always talk to master even when it is down
 
(from 112960-16)
 
4913437 Changing password in NIS+ fails on S9 clients with "Permission denied"
5012514 'passwd <nis+_user>' fails as root on NIS+ systems
4980441 PAM module pam_dhkeys fails to retrieve changed credentials
 
(from 112960-15)
 
5006801 getprojent(3project) dumps core with LDAP project(4) database
 
(from 112960-14)
 
4977110 passwd doesn't work with compat entries in /etc/nsswitch.conf
 
(from 112960-13)
 
4890303 pam_ldap should return PAM_AUTH_ERROR instead of PAM_PERM_DENIED
 
(from 112960-12)
 
4920444 libldap.so.4 ber encoding memory corruption
 
(from 112960-11)
 
4523936 mountd memory leak when using Native LDAP
 
(from 112960-10)
 
4787488 ldapaddent can only add ethers or bootparams for the same hosts, not both.
 
(from 112960-09)
 
4643366 Groups with no members broken
4779333 ldap get*ent requests may free already freed memory
4780109 __ns_ldap_firstEntry may return a cookie that is freed
4830525 Buffer overflow in nss_ldap.so.1
 
(from 112960-08)
 
4802414 Client does not follow referral without hostname.
4658569 Following referrals does not work in all cases
 
(from 112960-07)
 
4757282 ldapclient init fails with SIGBUS if SSD's are > 15 in profile
 
(from 112960-06)
 
4624458 if hostname is used in NS_LDAP_SERVERS, ldap goes into loop
4723361 log messages when resolving hostname for ldap_server
4776571 Applications running on SSL enabled native ldap clients may crash at termination
 
(from 112960-05)
 
4751386 ether_ntohost() fails with rc 1 when resolving data from LDAP
 
(from 112960-04)
 
4720818 LDAP naming services fails when domainname is greater than 23 characters
 
(from 112960-03)
 
4357827 pam_ldap should fully support password aging
4677591 implement PSARC/2002/241 - PAM binding control flag
4660019 nss_ldap.so may return non '-1' values for getspnam()
4682120 get/set_item conversation function tracing needs improvement.
4658625 pam_framework doesn't trace pam_chauthtok PAM_TRY_AGAIN return.
4683522 pam_get_data tracing could improve.
 
(from 112960-02)
 
4614945 Memleak in getgrent() when using against Native Ldap.
 
(from 112960-01)
 
4645604 A race condition in ldap_cachemgr cause ldapclient to fail
4630226 __s_api_requestServer fails when ldap_cachemgr is updating the profile
4648140 libsldap fails when NS_LDAP_CACHETTL = 0
4648146 __ns_ldap_getParam returned incorrect value for the NS_LDAP_EXP parameter
 
(from 113476-13)
 
4887906 pam_sm_chauthtok() returns 13 (PAM_USER_UNKNOWN) if lastchg=0 for local users
 
(from 113476-12)
 
4890233 using 'use_first_pass' for pam_ldap does not work
 
(from 113476-11)
 
4746114 libpam internationalized messages are off by 1 for locale != C
4793719 pam_authtok_check.so.1::circ() too space-conservative
4805635 root may change enduser password in NIS+ without entering its own password
4877796 passwd (passwdutil) inadvertently resets aging information
 
(from 113476-10)
 
4873939 pam and compat does not work after applying patch 108993-18
 
(from 113476-09)
 
4874749 passwd -x modifies the lastchg field also in /etc/shadow file
 
(from 113476-08)
 
4765506 NIS+ password problems with Solaris 9
4768140 passwd core dumps when changing shell
 
(from 113476-07)
 
4774607 pam_ldap gets confused when root tries to change user's password
 
(from 113476-06)
 
4830406 passwdutil is too dumb to handle NIS+ subdomains correctly
 
(from 113476-05)
 
4743707 non-default nsswitch backends confuse passwdutil.so.1
4747441 pam_authtok_store does not map all the PWU errors to PAM errors
4751394 non decisive modules should not return PAM_SUCCESS
4754634 passwd command seg faults when updating user can't be authenticated to LDAP
 
(from 113476-04)
 
4756113 libc version number is incorrect in s9u2
 
(from 113476-03)
 
4709300 passwd fails if the pam_authtok_store service was specified with server_policy
 
(from 113476-02)
 
4670947 logins failing when NIS is backend for authentication
 
(from 113476-01)
 
        This patch revision was generated to accumulate and obsolete
        the changes introduced in Solaris Update: s9u2
        feature point patches: 113152-01 113166-01
 
(from 113152-01)
 
4357827 pam_ldap should fully support password aging
4677591 implement PSARC/2002/241 - PAM binding control flag
4660019 nss_ldap.so may return non '-1' values for getspnam()
4682120 get/set_item conversation function tracing needs improvement.
4658625 pam_framework doesn't trace pam_chauthtok PAM_TRY_AGAIN return.
4683522 pam_get_data tracing could improve.
 
(from 113166-01)
 
4390053 crypt(3c) needs to interoperate with *BSD and Linux
4248430 RFE: NIS+ should support alternate encryption algorithms for the user password
4192824 newkey/chkey should use a configurable crypt() to encrypt the users password
4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21

Revision History:

112960-03 112960-11 112960-09 112960-02 112960-10 112960-01 112960-14 113476-13 112960-06 112960-08 112960-16 112960-07 112960-12

Patch Installation Instructions:

--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:

-----------------------------
 
NOTE 1: To get the complete Flexible Crypt feature, please also install the
        following patches:
 
        113475-01       (or newer)      libsecurity crypt
        113480-01       (or newer)      pam_unix Patch
        113481-01       (or newer)      nispasswdd
        113482-01       (or newer)      sbin/sulogin
        113483-01       (or newer)      rpc.ypasswdd
 
NOTE 2:  To get the complete fix for the bug 4765506, please install
        the following patch in addition to this patch:
 
        113319-14       (or newer)      rpc.nispasswdd

README -- Last modified date:  Friday, September 3, 2004

Login Required

Login Required