Patch-ID# 118372-04 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: elfsign libike keystore memory libpkcs11 Synopsis: SunOS 5.10_x86: elfsign Patch Date: Sep/16/2005 Install Requirements: Reconfigure immediately after patch is installed Install in Single User Mode Solaris Release: 10_x86 SunOS Release: 5.10_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 118371 Topic: SunOS 5.10_x86: elfsign Patch Relevant Architectures: i386 BugId's fixed with this patch: 4987141 5019131 5057756 6196062 6214106 6214824 6216464 6218014 6218030 6220136 6221396 6222046 6222935 6238177 6238962 6239551 6258976 6283570 Changes incorporated in this version: 6258976 6283570 Patches accumulated and obsoleted by this patch: 119266-02 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/elfsign /usr/lib/crypto/kcfd /usr/lib/inet/certdb /usr/lib/inet/certlocal /usr/lib/inet/certrldb /usr/lib/inet/in.iked /usr/lib/libelfsign.so.1 /usr/lib/libike.so.1 Problem Description: 6258976 kcfd dies under a barrage of verification requests 6283570 misaligned ELF64 section heads (from 118372-03) 6238177 ikecert certlocal -a dumps core 6238962 ike cert cache has artificially small maximum value 6239551 in.iked doesn't parse config.sample as expected (from 118372-02) This patch revision accumulates/obsoletes Solaris Update S9U5 feature point patch 119266-02. (from 118372-01) 5057756 elfsign should put OU in subject name in its own AttributeTypeAndValue 6214106 elfsign damages some executables (from 119266-02) Uprev due to the intersection between Feature and Generic gates (from 119266-01) 4987141 Misleading comments in do_p1getdel() function. 5019131 IKE should use uCF's libpkcs11 by default for performance improvement 6196062 Drop SafeNet QuickSec 2.1 into libike 6214824 Update NAT-T Support to full RFC 3947 compliance. 6216464 Memory leak if ssh_ike_connect_ipsec() fails immediately 6218014 qs21 putback broke tools/version of elfsign 6218030 Fix for 6218014 needs a more elegant solution 6220136 elfsign request fails 6221396 libike PKCS#11 D-H native glue needs to guard against trimmed leading-zeroes. 6222046 usr/src/lib/libike needed in its entirety to build usr/src/tools 6222935 Keystore generation is broken post-qs21 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: If you're planning to set up Zones on this system, please make sure to install the following patch which fixes bugid 6216195 (zone installation confused by UPDATE=yes in pkginfo(4) file.) 119016-01 (or greater) packaging commands patch NOTE 2: If the patch is being applied to the live system, please do the following: svcadm disable -t cryptosvc Apply the patch to elfsign, libelfsign and kcfd svcadm enable -t cryptosvc README -- Last modified date: Friday, September 16, 2005