Obsoleted by: 120011-14 SunOS 5.10: libc nss ldap PAM zfs patch |
Disclaimer:
Please note:
Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.
Status: OBSOLETE
Patch Id: 120473-12
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************Summary: Obsoleted by: 120011-14 SunOS 5.10: libc nss ldap PAM zfs patch
Date: Jul/11/2007
Installation Requirements:
Reconfigure immediately after patch is installed, an alternative may be in Special Install Instructions
Install in Single User Mode, an alternative may be in Special Install InstructionsSolaris Release: 10
Sun OS Release: 5.10
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 120037
Topic:
SunOS 5.10: libc nss ldap PAM zfs patch
***********************************************************
NOTE: This patch may contain one or more OEM-specific platform ports.
See the appropriate OEM_NOTES file within the patch for
information specific to these platforms.
DO NOT INSTALL this patch on an OEM system if a corresponding
OEM_NOTES file is not present (or is present, but instructs not
to install the patch), unless the OEM vendor directs otherwise.
***********************************************************
Relevant Architecture: sparc sparc.sun4u
BugId's fixed with this patch:
1085341 4034947 4667251 4954703 4974005 4996426 5004247 5007891 5049028 5080012 5096736 5097644 6203833 6208638 6211662 6215066 6227969 6233613 6237411 6241740 6247126 6253934 6261685 6265737 6276916 6278018 6284864 6285539 6287497 6288488 6295037 6311010 6320871 6353492 6355084 6366301 6368763 6369408 6373978 6376848 6385436 6386770 6394554 6395124 6397148 6401400 6403267 6405966 6409302 6415739 6416482 6416759 6416794 6417483 6417978 6418491 6420204 6424554 6425111 6425740 6429516 6429769 6430121 6430941 6433208 6433264 6433406 6433408 6433679 6433680 6433717 6434595 6435779 6436514 6436524 6436526 6436800 6439102 6439370 6440499 6443585 6444346 6446569 6447377 6447381 6447452 6447838 6448371 6448999 6449033 6450292 6451124 6451412 6451860 6452372 6452420 6452923 6453304 6458781 6471359 6471429 6474547 6478028 6479553 6496178 6497698 6499804 6505933 6512868 6514446 6515653 6518780 6521689 6527403 6538001 6538049 6543658 6544832 6562672
Changes incorporated in this version:
6562672
Patches accumulated and obsoleted by this patch:
117463-05 118890-03 119985-02 120469-07 121006-02 121278-01 121294-01 122535-01 123330-01 123350-01 123356-02 123911-01 124204-04 124280-01 125795-01
Patches which conflict with this patch:
Required Patches:
118833-36 122640-05 123839-01 (or greater)
Obsoleted by:
Files Included in this Patch:
/etc/nsswitch.dns
/etc/nsswitch.files
/etc/nsswitch.ldap
/kernel/drv/sparcv9/zfs
/kernel/fs/sparcv9/zfs
/kernel/kmdb/sparcv9/zfs
/lib/libc.so.1
/lib/libdevinfo.so.1
/lib/libnsl.so.1
/lib/libsecdb.so.1
/lib/libzfs.so
/lib/libzfs.so.1
/lib/libzfs.so.2
/lib/llib-ladm.ln
/lib/llib-laio.ln
/lib/llib-lbsm.ln
/lib/llib-lc
/lib/llib-lc.ln
/lib/llib-lcmd.ln
/lib/llib-lcontract.ln
/lib/llib-lcurses.ln
/lib/llib-lgen.ln
/lib/llib-lkstat.ln
/lib/llib-lnsl.ln
/lib/llib-lnvpair.ln
/lib/llib-lpam.ln
/lib/llib-lresolv.ln
/lib/llib-lsec.ln
/lib/llib-lsysevent.ln
/lib/llib-ltsnet.ln
/lib/llib-lzfs
/lib/llib-lzfs.ln
/lib/nss_compat.so.1
/lib/nss_files.so.1
/lib/sparcv9/libc.so.1
/lib/sparcv9/libdevinfo.so.1
/lib/sparcv9/libnsl.so.1
/lib/sparcv9/libsecdb.so.1
/lib/sparcv9/libzfs.so
/lib/sparcv9/libzfs.so.1
/lib/sparcv9/libzfs.so.2
/lib/sparcv9/llib-lc.ln
/lib/sparcv9/llib-lzfs.ln
/lib/sparcv9/nss_compat.so.1
/lib/sparcv9/nss_files.so.1
/sbin/zfs
/sbin/zpool
/usr/include/nss_dbdefs.h
/usr/include/stdio_ext.h
/usr/include/stdio_impl.h
/usr/lib/extendedFILE.so.1
/usr/lib/fm/fmd/plugins/zfs-retire.conf
/usr/lib/fm/fmd/plugins/zfs-retire.so
/usr/lib/fm/fmd/schemes/sparcv9/zfs.so
/usr/lib/fm/fmd/schemes/zfs.so
/usr/lib/fs/zfs/fstyp
/usr/lib/gss/mech_krb5.so.1
/usr/lib/krb5/kadmind
/usr/lib/krb5/krb5kdc
/usr/lib/krb5/libkadm5clnt.so.1
/usr/lib/krb5/libkadm5srv.so.1
/usr/lib/krb5/libkadmin.so.1
/usr/lib/krb5/libkdb.so.1
/usr/lib/krb5/sparcv9/libkadm5clnt.so.1
/usr/lib/libproject.so.1
/usr/lib/libzfs.so
/usr/lib/libzfs.so.2
/usr/lib/libzfs_jni.so.1
/usr/lib/llib-l300.ln
/usr/lib/llib-l300s.ln
/usr/lib/llib-l450.ln
/usr/lib/llib-ladt_jni.ln
/usr/lib/llib-lc2stubs.ln
/usr/lib/llib-lcrypt.ln
/usr/lib/llib-ldiskmgt.ln
/usr/lib/llib-ldtrace.ln
/usr/lib/llib-lfsmgt.ln
/usr/lib/llib-lipp.ln
/usr/lib/llib-lkvm.ln
/usr/lib/llib-lldap.ln
/usr/lib/llib-lmail.ln
/usr/lib/llib-lmilter.ln
/usr/lib/llib-lmtmalloc.ln
/usr/lib/llib-lpasswdutil.ln
/usr/lib/llib-lplot.ln
/usr/lib/llib-lproject.ln
/usr/lib/llib-lrac.ln
/usr/lib/llib-lrcm.ln
/usr/lib/llib-lsldap.ln
/usr/lib/llib-lsmedia.ln
/usr/lib/llib-ltecla.ln
/usr/lib/llib-lvolmgt.ln
/usr/lib/llib-lvt0.ln
/usr/lib/mdb/kvm/sparcv9/zfs.so
/usr/lib/mdb/proc/libzpool.so
/usr/lib/mdb/proc/sparcv9/libzpool.so
/usr/lib/nss_ldap.so.1
/usr/lib/passwdutil.so.1
/usr/lib/security/pam_authtok_get.so.1
/usr/lib/security/pam_dhkeys.so.1
/usr/lib/security/pam_dial_auth.so.1
/usr/lib/security/pam_krb5.so.1
/usr/lib/security/pam_krb5_migrate.so.1
/usr/lib/security/pam_passwd_auth.so.1
/usr/lib/security/pam_roles.so.1
/usr/lib/security/sparcv9/pam_authtok_get.so.1
/usr/lib/security/sparcv9/pam_dhkeys.so.1
/usr/lib/security/sparcv9/pam_dial_auth.so.1
/usr/lib/security/sparcv9/pam_krb5.so.1
/usr/lib/security/sparcv9/pam_krb5_migrate.so.1
/usr/lib/security/sparcv9/pam_passwd_auth.so.1
/usr/lib/security/sparcv9/pam_roles.so.1
/usr/lib/sparcv9/gss/mech_krb5.so.1
/usr/lib/sparcv9/libproject.so.1
/usr/lib/sparcv9/libzfs.so
/usr/lib/sparcv9/libzfs.so.2
/usr/lib/sparcv9/libzfs_jni.so.1
/usr/lib/sparcv9/libzpool.so.1
/usr/lib/sparcv9/llib-lkvm.ln
/usr/lib/sparcv9/llib-lpasswdutil.ln
/usr/lib/sparcv9/nss_ldap.so.1
/usr/lib/sparcv9/passwdutil.so.1
/usr/lib/zfs/availdevs
/usr/perl5/5.6.1/lib/sun4-solaris-64int/CORE/libperl.so.1
/usr/perl5/5.6.1/lib/sun4-solaris-64int/auto/DynaLoader/DynaLoader.a
/usr/perl5/5.8.4/bin/perlbug
/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/libperl.so.1
/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/opcode.h
/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/patchlevel.h
/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE/perl.h
/usr/perl5/5.8.4/lib/sun4-solaris-64int/auto/DynaLoader/DynaLoader.a
/usr/perl5/5.8.4/lib/sun4-solaris-64int/auto/MIME/Base64/Base64.so
/usr/perl5/5.8.4/lib/sun4-solaris-64int/auto/Storable/Storable.so
/usr/platform/SUNW,Sun-Fire-V240/lib/llib-lrsc.ln
/usr/sbin/sparcv9/zdb
/usr/sfw/lib/llib-lcrypto
/usr/sfw/lib/llib-lcrypto.ln
/usr/sfw/lib/llib-lssl.ln
/usr/sfw/lib/sparcv9/llib-lcrypto.ln
/usr/ucblib/libucb.so.1
/usr/ucblib/llib-lucb.ln
/usr/ucblib/sparcv9/libucb.so.1
/usr/xpg4/lib/llib-lcurses.ln
Problem Description:
6562672 kadmind vulnerable to buffer overflow [ MITKRB5-SA-2007-005 ]
(from 120473-11)
6505933 bsearch breaks if the table size is larger than 2GB
(from 120473-10)
6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
6543658 krb5_set_default_tgs_enctypes: referenced symbol not found
(from 120473-09)
6253934 passwd and pwconv are crashing with wrong entry in /etc/shadow
6355084 Posix compliant open() of a character device is not MT-safe
6497698 krb5kdc(1) should also provide password expiration information
6514446 pam_dhkeys prompts for secure RPC password when neither LOCAL or DES credentials exist
6515653 __getpass function outputs to stderr rather than tty
6518780 deadlock due to fork and suspend thread
6544832 setproject(3PROJECT): recover gracefully if inserting an existing rctl value (lite fix for 6194864)
(from 120473-08)
6418491 solaris 10 runtime prevents sigbus signal to correctly get passed to the handler
(from 120473-07)
6538049 libdevinfo doesn't convert prom alias to prom device
(from 120473-06)
6521689 closefrom() does not close all file descriptors
(from 120473-05)
1085341 32-bit stdio routines should support file descriptors >255
6369408 fflush(NULL); will corrupt data written on files in multithreaded apps
6376848 fileno unexpectedly needs a lock
6417483 LD_DEBUG fails after putback for 1085341
6512868 message from 1085341 fix does not need to be I18N
(from 120473-04)
6418491 solaris 10 runtime prevents sigbus signal to correctly get passed to the handler
6442921 /etc/lib/lu/lubootdev -b cannot determine boot-device for SVM encapsulated fibre boot disks
(from 120473-03)
6447838 libc needs to reset __threaded in executables
(from 120473-02)
4667251 groups command returns number, not name for large group
5080012 ldap: Roles returns NULL if size of roles exceeeds 1022 characters
(from 120473-01)
5097644 Compat syntax generates duplicate lookups and degrades performance.
(from 123911-01)
6394554 integrate Solaris Trusted Extensions
6429516 tx10: mkdevmaps should not be a link to mkdevalloc
6241740 Implement PSARC/2005/162 remote roles
6403267 address remaining issues raised during TX code reviews
6429769 After upgrading to SNV_40, nsswitch.conf is modified incorrectly with tnrhdb and tnrhtp entries.
(from 117463-05)
4974005 Purify/dbx reports Memory Leaks in PAM [ Solaris 8/9/10 ]
6434595 Memory leak in passwdutil.so.1 using Payflex cards
(from 117463-04)
6295037 passwdutil.so.1 init function has race in MT app when used with dlopen
6386770 pam_authenticate can fail if open files are >= 255 and the soft fd limit is greater than 256
(from 117463-03)
4996426 passwd -x still misbehaves
(from 117463-02)
Patch respun to include complete functionality
(from 117463-01)
5007891 s8 passwd(1) command may SEGV on NIS+ master servers.
5096736 pwd change in NIS+ fails with "Permission denied" if new pwd is longer than 11 b
(from 123330-01)
6311010 pam_passwd_auth can't deal with old SunOS aging
(from 118890-03)
This revision accumulates/obsoletes Solaris Update S10U3
feature point patch 123350-01
5049028 Makefiles that hacked around libpool errors now need cleanup
6394554 integrate Solaris Trusted Extensions
6403267 address remaining issues raised during TX code reviews
6429516 tx10: mkdevmaps should not be a link to mkdevalloc
(from 118890-02)
This revision accumulates/obsoletes Solaris Update S10u2
feature point patch 121278-01
(from 118890-01)
4954703 userland atomic.h port should include cas primitives
(from 121278-01)
5004247 Sun's JVM would benefit from access to per-LWP schedctl fields.
(from 123350-01)
6394554 integrate Solaris Trusted Extensions
5049028 Makefiles that hacked around libpool errors now need cleanup
6429516 tx10: mkdevmaps should not be a link to mkdevalloc
6403267 address remaining issues raised during TX code reviews
(from 119985-02)
6368763 Perl format string integer wrap vulnerability
(from 119985-01)
6233613 ON support for sun4v solaris and source code reorg
6237411 ontario platform support in solaris
(from 122535-01)
This revision accumulates s10u2 feature point patch 121294-01.
(from 121294-01)
6285539 E_NAME_USED_NOT_DEF2 lint error for ENGINE_load_builtin_engines
6287497 openssl cpp flags needs to be adjusted for export builds
(from 124204-04)
6471359 zfs_fillpage() when faulting aligns on the range size within the file, getting the wrong large page
(from 124204-03)
6479553 124204-02 is missing dependency on ZFS genesis patch
(from 124204-02)
6354408 libdiskmgt needs to handle sysevent failures in miniroot or failsafe environments better
6405330 swap on zvol isn't added during boot
6420204 root filesystem's delete queue is not running
6433208 should not be able to offline/online a spare
6436514 zfs share on /var/mail needs to be run explicitly after system boots
PIT nightly fails due to the fix for 6436514
6443585 zpool create of poolname > 250 and < 256 characters panics in debug printout
6448999 panic: used == ds->ds_phys->ds_unique_bytes
6449033 PIT nightly fails due to the fix for 6436514
6458781 random spurious ENOSPC failures
6439953 Identical Slot names in different segments can cause a breakage in ApId scheme
6451146 OPL L1D$ error injection doesn't work
(from 124204-01)
6405966 Hot Spare support in ZFS
s10u3_03 integration for 6405966 breaks on10-patch B3 feature build
6276916 support for "clone swap"
6288488 du reports misleading size on RAID-Z
6366301 CREATE with owner_group attribute is not set correctly with NFSv4/ZFS
6373978 want to take lots of snapshots quickly ('zfs snapshot -r')
6385436 zfs set <property> returns an error, but still sets property value
6397148 fbufs debug code should be removed from buf_hash_insert()
6401400 zfs(1) usage output is excessively long
4034947 anon_swap_adjust(), anon_resvmem() should call kmem_reap() if availrmem is low.
6409302 passing a non-root vdev via zpool_create() panics system
6415739 assertion failed: !(zio->io_flags & 0x00040)
6416482 filebench oltp workload hangs in zfs
6416759 ::dbufs does not find bonus buffers anymore
6416794 zfs panics in dnode_reallocate during incremental zfs restore
6417978 double parity RAID-Z a.k.a. RAID6
6424554 full block re-writes need not read data in
6425111 detaching an offline device can result in import confusion
6425740 assertion failed: new_state != old_state
6430121 3-way deadlock involving tc_lock within zfs
6433264 crash when adding spare: nvlist_lookup_string(cnv, "path", &path) == 0
6433406 zfs_open() can leak memory on failure
6433408 namespace_reload() can leak memory on allocation failure
6433679 zpool_refresh_stats() has poor error semantics
6433679 broke zpool import
6433680 changelist_gather() ignores libuutil errors
6433717 offline devices should not be marked persistently unavailble
6435779 6433679 broke zpool import
6436524 importing a bogus pool config can panic system
6436800 ztest failure: spa_vdev_attach() returns EBUSY instead of ENOTSUP
6439102 assertion failed: dmu_buf_refcount(dd->dd_dbuf) == 2 in dsl_dir_destroy_check()
6439370 assertion failures possible in dsl_dataset_destroy_sync()
6440499 zil should avoid txg_wait_synced() and use dmu_sync() to issue parallel IOs when fsyncing
6447377 ZFS prefetch is inconsistant
6436526 delete_queue thread reporting drained when it may not be true
6446569 deferred list is hooked on flintstone vitamins
6447452 re-creating zfs files can lead to failure to unmount
6444346 zfs promote fails in zone
6448371 'zfs promote' of a volume clone fails with EBUSY
6450292 unmount original file system, 'zfs promote' cause system panic.
6451124 assertion failed: rc->rc_count >= number
6451412 renaming snapshot with 'mv' makes unmounting snapshot impossible
6447381 dnode_free_range() does not handle non-power-of-two blocksizes correctly
6451860 'zfs rename' a filesystem|clone to its direct child will cause internal error
6452372 assertion failed: dnp->dn_nlevels == 1
6452420 zfs_get_data() of page data panics when blocksize is less than pagesize
6452923 really out of space panic even though ms_map.sm_space > 0
6453304 s10u3_03 integration for 6405966 breaks on10-patch B3 feature build
(from 120469-07)
6496178 krb5 mech resends AS-REQ to the same KDC (master) after user enters a bad password
(from 120469-06)
6353492 Regression of 4786126: Kerberos Delegation Credentials not working on S10 and Nevada
(from 120469-05)
6320871 kinit fails if default_tkt_enctypes = des-cbc-crc but princ has des-cbc-md5 and preauth required
(from 120469-04)
6247126 krb5_verify_init_creds returns ERR if def keytab is missing, even though
verify_ap_req_nofail=false
(from 120469-03)
6203833 GSSAPI needs method to acquire initial creds with a password
6208638 krb5_gss_release_cred() can leak
(from 120469-02)
6284864 krb5_recvauth() may free memory twice under certain conditions
(from 120469-01)
6261685 Security: buffer overflow, heap corruption in KDC
(from 121006-02)
6471429 clients using SET_CHANGE do not log the change to kadmin.log
6474547 After setting SET_CHANGE kpasswd returns false positives
(from 121006-01)
6265737 Decrypt integrity failure with kpasswd and AD
6227969 smf(5) introduces race condition between connection tear down and port bind, on
kadmin svc restart
6278018 Setting kpasswd_protocol affects more than change password
6215066 kadm apps can not bind to kadmind if admin_server specifies port #
(from 124280-01)
6211662 kpropd can core if it receives an update created by kadmin's -keepold argument
(from 125795-01)
6395124 pam_krb5 tries to validate twice when given a bad password
6430941 pam_krb5 pam_sm_setcred can cause /tmp/krb5cc_<PAM_USER> to be owned by euid rather than PAM_USER
6478028 pam_krb5's password management should not be prompting for old or for new passwords
6499804 pam_krb5 account management should not return success if user is not defined in kerberos realm
6527403 pam_krb5 acct mgmt does not respect the account authority in certain configurationsRevision History:
120473-05 119985-02 117463-05 124280-01 120473-11 123911-01 120473-06 120473-09 125795-01 120473-03 124204-04 120473-10 123330-01 122535-01 120473-02 120473-08 118890-03 120469-07 121006-02 120473-01
Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
example# patchrm 104945-02
For additional examples please see the appropriate man pages.Special Install Instructions:
NOTE 1: Install the patch at single user mode. Reboot system after
patch installation is complete.
NOTE 2: If you're planning to set up Zones on this system, please make
sure to install the following patch which fixes bugid 6216195
(zone installation confused by UPDATE=yes in pkginfo(4) file.)
119015-01 (or greater) Install and Patch Utilities Patch
However, for a more current revision and to get the benefit of
additional bug fixes, we recommend installing the following
patch:
119254-06 (or greater) Install and Patch Utilities Patch
NOTE 3: To obtain the complete Solaris Trusted Extensions functionality
support, please install the following patches:
123912-01 (or greater) ppriv patch
122662-03 (or greater) libzonecfg patch
122660-04 (or greater) zoneadmd patch
122658-04 (or greater) zonecfg patch
122539-06 (or greater) bsmconv patch
120845-02 (or greater) audit patch
118833-25 (or greater) Kernel patch
NOTE 4: For a complete fix for CR 4996426 and 6193468,
please install
120052-03 pam unix cred library patch
NOTE 5: To get the complete fix for bugid 4954703 (userland atomic.h port should
include CAS primitives), please also install the following patches:
118822-12 (or greater) kernel patch
118884-01 (or greater) atomic.h patch
119689-03 (or greater) libc.so patch
NOTE 6: To get the complete fix of bug 6203833 "GSSAPI needs method to
acquire initial creds with a password" please install the following
patch:
121239-01 (or greater) libgss patch
README -- Last modified date: Wednesday, September 12, 2007
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
