phpBugTracker

Status: RELEASED
Patch Id: 118919-21
***********************************************************************
+READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
+FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
+AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
+TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
+***********************************************************************
Keywords: security libpkcs11 metaslot mars aes ulmaxrwsessioncount crypto
Summary: SunOS 5.10_x86: Solaris Crypto Framework patch
Date:  Feb/05/2007
Installation Requirements:
Reboot immediately after patch is installed                      
+                      Install in Single User Mode
Solaris Release: 10_x86
Sun OS Release: 5.10_x86
Unbundled Product: 
Unbundled Release: 
Xref: This patch available for SPARC as patch 118918
Topic: 
SunOS 5.10_x86: Solaris Crypto Framework patch
Relevant Architecture: i386
BugId's fixed with this patch:
Changes incorporated in this version:

6474874 6484163

Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch: 
Required Patches:
Obsoleted by:

Files Included in this Patch: 
/etc/crypto/kcf.conf
+/etc/crypto/pkcs11.conf
+/etc/inet/ipsecalgs
+/kernel/crypto/aes
+/kernel/crypto/amd64/aes
+/kernel/crypto/amd64/arcfour
+/kernel/crypto/amd64/blowfish
+/kernel/crypto/amd64/des
+/kernel/crypto/amd64/md5
+/kernel/crypto/amd64/rsa
+/kernel/crypto/amd64/sha1
+/kernel/crypto/amd64/sha2
+/kernel/crypto/amd64/swrand
+/kernel/crypto/arcfour
+/kernel/crypto/blowfish
+/kernel/crypto/des
+/kernel/crypto/md5
+/kernel/crypto/rsa
+/kernel/crypto/sha1
+/kernel/crypto/sha2
+/kernel/crypto/swrand
+/kernel/drv/amd64/crypto
+/kernel/drv/crypto
+/kernel/misc/amd64/des
+/kernel/misc/amd64/kcf
+/kernel/misc/amd64/md5
+/kernel/misc/amd64/sha1
+/kernel/misc/amd64/sha2
+/kernel/misc/des
+/kernel/misc/kcf
+/kernel/misc/md5
+/kernel/misc/sha1
+/kernel/misc/sha2
+/lib/amd64/libmd5.so.1
+/lib/libmd5.so.1
+/usr/bin/digest
+/usr/bin/mac
+/usr/bin/pktool
+/usr/include/security/pkcs11t.h
+/usr/lib/amd64/libcryptoutil.so.1
+/usr/lib/amd64/libpkcs11.so.1
+/usr/lib/libcryptoutil.so.1
+/usr/lib/libpkcs11.so.1
+/usr/lib/security/amd64/pkcs11_kernel.so.1
+/usr/lib/security/amd64/pkcs11_softtoken.so.1
+/usr/lib/security/pkcs11_kernel.so.1
+/usr/lib/security/pkcs11_softtoken.so.1
+/usr/sbin/cryptoadm
Problem Description: 
6474874 cryptoadm(1M) silently re-enables random number operations
+6484163 memory leak in get_dsa_public_key
+ 
+(from 118919-20)
+ 
+6480958 "Keystore version failure" warning message should be moved to LOG_DEBUG
+ 
+(from 118919-19)
+ 
+6271754 pkcs11_softtoken too aggressive in looking for token data files
+ 
+(from 118919-18)
+ 
+6192431 C_GetAttribute value with CKA_KEY_TYPE attribute returns 8 bytes in 32-bit mode
+6439285 kernel des3 fails to return corrected key when all 3 parts of the key are identical
+ 
+(from 118919-17)
+ 
+6399680 logical provider selects busy member
+6363872 AES counter mode increments wrong counter bits on i386
+ 
+(from 118919-16)
+ 
+6401115 118919-13 missing i.kcfconfbase CAS
+6408419 i.ipsecalgsbase CAS missing in 118918-14 & 118919-12
+
+6405871 (rework) patch 118918-15 delivers 'f' objects previously delivered in 119012-03
+6342468 patchrm 118918-03 complains about failed to parse /etc/crypto/pkcs11.conf
+ 
+(from 118919-15)
+ 
+6405871 patch 118918-15 delivers 'f' objects previously delivered in 119012-03
+ 
+(from 118919-14)
+ 
+6338653 integrate ZFS
+ 
+(from 118919-13)
+ 
+6296920 IPsec 3DES can't be used in two-key mode
+ 
+(from 118919-12)
+ 
+        This revision accumulates S10U2 feature point patches
+        121787-01, 121293-01, 121285-02 and 121283-02.
+ 
+(from 118919-11)
+ 
+6276483 libpkcs11 pthread_atfork() code can cause child process to hang
+6345493 fork(2) handling fixes from 6276483 needs further work in pkcs11_softtoken
+6360218 uprev for patches that do not manually preserve the 'e' prototype file attribute
+6359179 i.script (pkgproto cmd) - is not "e" file friendly (synopsis modified)
+ 
+(from 118919-10)
+ 
+6376993 x86 patch T118844-29 is missing an object causing functional failure
+ 
+(from 118919-09)
+ 
+5039273 failure in crypto_verify() when using a bignum with value 0 for CKM_RSA_X_509
+6264344 remove gratuitous bzero() calls from SHA1Final() and MD5Final()
+6286372 kernel SHA1Update uses global variable making it non-reentrant
+6357426 increase rndmag_threshold and rndbuf_len default values
+ 
+(from 118919-08)
+ 
+6274680 Metaslot on Niagara (UltraSPARC T1) suddenly becomes very slow at high load
+ 
+(from 118919-07)
+ 
+6264379 Metaslot caused 20% performance degradation in crypto operations
+6250963 Metaslot doesn't perform well when there are many slots
+6276609 memory leak in meta_GetMechanismInfo
+6280574 pk11keymgmt_test dumps core
+6262344 Metaslot crashes in call to C_UnwrapKey during generation
+6252894 BER routines in LDAP library don't work for 64 bit
+ 
+(from 118919-06)
+ 
+6222467 system calls from C_Initialize() get interrupted
+ 
+(from 118919-05)
+ 
+4926742 CKM_DH_PKCS_DERIVE fails if derived secret is shorter than prime
+6215816 C_FindObjectsInit fails when token isn't present
+6220814 C_DigestKey failure causes C_DestroyObject being hung
+ 
+(from 118919-04)
+ 
+6217866 S1WS sometimes drops SSL connections
+6223866 C_SignInit() sometimes doesn't work using a generated key
+6223869 Metaslot trying to create key with bogus data
+6223863 Metaslot needs to return CK_EFFECTIVELY_INFINITE in token info
+6231978 Apache/mod_ssl fails SSL connections when Metaslot is present with SCA 1000
+ 
+(from 118919-03)
+ 
+        This revision accumulates S10U1 feature point patch 118917-03.
+ 
+(from 118919-02)
+ 
+6228384 cryptoadm gettext for usage too simplistic
+6231739 cryptoadm bugfix lost "metaslot" usage keywords
+ 
+(from 118919-01)
+ 
+4691624 libpkcs11: uCF meta slot management
+6199119 pk11object test program core dumps with metaslot+pkcs11_kernel+Deimos configured
+6215509 fix for 4691624 introduced a lock violation
+ 
+(from 118917-03)
+ 
+        Uprev due to the intersection between Feature and Generic gates.
+ 
+(from 118917-02)
+ 
+6197284 implement C_UnwrapKey(<secret keys>) with decrypt/create_object when needed in pkcs11_kernel
+6197268 pkcs11_kernel shouldn't reject C_GetAttributeValue() for a secret key's CKA_VALUE_LEN attr
+6204887 SEGV in process_found_objects()
+6195934 pkcs11_kernel C_DecryptInit() can return with the object_mutex still held
+ 
+(from 118917-01)
+ 
+4691624 libpkcs11: uCF meta slot management
+6199119 pk11object test program core dumps with metaslot+pkcs11_kernel+Deimos configured
+6215509 fix for 4691624 introduced a lock violation
+ 
+(from 121283-02)
+ 
+4721729 support AES Counter mode for encryption
+6253484 support mechanisms with complex mech_param structures across the EF stack
+6314217 hide underlying providers of logical providers
+ 
+(from 121283-01)
+ 
+4920408 PKCS#11 v2.20 support for the Crypto Framework
+ 
+(from 121285-02)
+ 
+6332630 chassis serial number support for Seattle/Boston
+6342066 add Boston and Seattle support to Solaris
+6372587 pkcs11_softtoken should use getpwuid_r(3C) to avoid overwriting thread-specific data
+6372169 blowfish can read past mblk and panic in cbc mode
+6368332 libpkcs11 should report that it is v2.20 not v2.11
+ 
+(from 121285-01)
+ 
+4920408 PKCS#11 v2.20 support for the Crypto Framework
+6181926 support SHA256, SHA384, SHA512 in kernel
+6336131 CKM_TLS_PRF support
+6287425 residual bzero's in hmac part of sha2
+6331488 OID with NO parameter for RSA sigs using SHA-1 missing from softtoken
+6347073 kcf missing some rsa mechs
+6198116 dprov in amd64 mode fails when interfacing with 32bit pk11objectkernel test
+5067502 dprov no longer generating correct key sizes for some mechanisms
+ 
+(from 121293-01)
+ 
+5059459 provide utility to export-to-PKCS#12-file from softtoken
+5059461 pktool(1) needs subcommands to list and delete objects in softtoken
+6216772 update pktool(1) list/delete subcommands
+6278459 add "tokens" subcommand to pktool(1)
+6288840 pktool(1) alternate token support
+6332420 change pktool CLI to use attr=value format
+ 
+(from 121787-01)
+ 
+4721729 support AES Counter mode for encryption
+6355571 fix for 6352877 broke the export source build
+6355597 fix for 6352877 broke punchin
+6352877 ckpi_004 - CKM_AES_ECB mechanism test failing with lots of Crypto error 29 messages
+ 
+(from 119013-03)
+ 
+5072858 cryptoadm disable does not work as expected when logical provider slot is involved
+6250168 assertion failure when second provider has function group flags in different class
+5100567 add logical provider assertion from crypto_provider_notification()
+ 
+(from 119013-02)
+ 
+6222467 system calls from C_Initialize() get interrupted
+6195428 "Slot Info is NULL for vca0" error when running SUNvts vcatest on E15K
+6211857 driver panics when kcf_free_context() is called
+ 
+(from 119013-01)
+ 
+6200215 ulMaxRwSessionCount says CK_UNAVAILABLE_INFORMATION
Revision History: 
Patch Installation Instructions: 
--------------------------------
+ 
+For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
+the README within the patch for instructions on using the generic
+'installpatch' and 'backoutpatch' scripts provided with each patch.
+ 
+For Solaris 7-10 releases, refer to the man pages for instructions
+on using 'patchadd' and 'patchrm' scripts provided with Solaris.
+Any other special or non-generic installation instructions should be
+described below as special instructions.  The following example
+installs a patch to a standalone machine:
+ 
+       example# patchadd /var/spool/patch/104945-02
+ 
+The following example removes a patch from a standalone system:
+ 
+       example# patchrm 104945-02
+ 
+For additional examples please see the appropriate man pages.
Special Install Instructions: 
-----------------------------
+ 
+NOTE 1:  Reboot system after patch installation is complete.
+ 
+NOTE 2:  If you're planning to set up Zones on this system, please make
+         sure to install the following patch which fixes bugid 6216195
+         (zone installation confused by UPDATE=yes in pkginfo(4) file):
+ 
+         119016-01 (or greater)  Install and Patch Utilities Patch
+ 
+         (Note that 119255 has superseded 119016; installation of the
+          current version is recommended to be preferred, due to its
+          central role in the installation and removal of patches.)
+ 
+NOTE 3:  If you have the SUNWcry package installed, you MUST also install the
+         following patch:
+ 
+         118563-02 (or greater)  Solaris Data Encryption Kit Patch
+ 
+NOTE 4:  To get the complete fix for bug 6222467 (system calls from
+         C_Initialize() get interrupted), please also install the
+         following patch:
+ 
+         118563-03 (or greater)  Solaris Data Encryption Kit Patch
+ 
+NOTE 5:  To get the complete support for algorithm optimization for crypto
+         and kernel modules for restricted and non-restricted key lengths
+         versions, please also install the following patch:
+ 
+         118563-05 (or greater) Solaris Data Encryption Kit Patch
+
+README -- Last modified date:  Monday, February 5, 2007
Status: RELEASED
Patch Id: 119725-06
***********************************************************************
+READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
+FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
+AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
+TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
+***********************************************************************
Keywords: ldap java development kit 4.21 security
Summary: SunOS : Sun Java(TM) System LDAP Java Development Kit patch
Date:  Sep/19/2008
Installation Requirements:
NA
Solaris Release: 8 9 9_x86 10 10_x86
Sun OS Release: 5.8 5.9 5.9_x86 5.10 5.10_x86
Unbundled Product: 
Unbundled Release: 
Xref: 
Topic: 

Relevant Architecture: all
BugId's fixed with this patch:
Changes incorporated in this version:

6731145

Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch: 
Required Patches:
Obsoleted by:

Files Included in this Patch: 
/usr/share/lib/ldapjdk.jar
Problem Description: 
6731145 Failures occurring with ldapjdk 4.20 & persistent searches enabled on AM 7.0 p3
+
+
+### Added FOR CVE
+6466370 security vulnerabilities in OpenSSL may lead to DoS or code execution 
+        (CVE-2006-3738,CVE-2006-4343)
+6467218 fix RSA signature forgery (CVE-2006-4339)
+6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
+6476772 update OpenSSL version string with information about security patches included
+ 
+(from 117123-07)
+ 
+6307652 libwanboot does not handle >2GB files properly
+ 
+(from 117123-06)
+ 
+6231877 WANBoot client hangs if http server is stopped
+ 
+(from 117123-05)
+ 
+6276060 "boot net" fails with "rpc cansend error" starting with nv_14
+ 
+(from 117123-04)
+ 
+6228203 unable to jumpstart client using DHCP boot
+
+#################
+
+
+
+ 
+(from 119725-05)
+ 
+6711620 LDAPJDK returns the stale data to the client, and possibly causes password mismatches in AM
+6538128 memory leak in ldapjdk
+ 
+(from 119725-04)
+ 
+6402167 LDAP JDK 4.18 cause LDAP client/DS stalling, hung, unexpected connection closes
+ 
+(from 119725-03)
+ 
+6268213 Reconnections fail with load balancers.
+A recent executive alert was raised with the University of Nijmegen concerning Communications Express. 
+In situations where the customer was expecting reconnections to occur, java exceptions were thrown instead.
+ 
+6294799 JES4_07: Java exception error happens in stop DS server from console in ja locale
+There was a problem in the ErrorCodes_ja.props file.
+One of the unicode characters was improperly formatted.
Revision History: 
Patch Installation Instructions: 
--------------------------------
+ 
+For Solaris 7-9 releases, refer to the man pages for instructions
+on using 'patchadd' and 'patchrm' scripts provided with Solaris.
+Any other special or non-generic installation instructions should be
+described below as special instructions.  The following example
+installs a patch to a standalone machine:
+ 
+       example# patchadd /var/spool/patch/104945-02
+ 
+The following example removes a patch from a standalone system:
+ 
+       example# patchrm 104945-02
+ 
+For additional examples please see the appropriate man pages.
Special Install Instructions: 
-----------------------------
+ 
+ 
+ 
+README -- Last modified date:  August 07, 2008
+
+README -- Last modified date:  Friday, September 19, 2008

Purpose