Patch-ID# 119214-07

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: nspr nss jss security
Synopsis: NSS_NSPR_JSS 3.11_x86: NSPR 4.6.1 / NSS 3.11 / JSS 4.2
Date: Feb/13/2006


Install Requirements: NA                      
                      
Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product: NSS/NSPR/JSS

Unbundled Release: 3.11

Xref: This patch available for sparc as patch 119213

Topic: 

Relevant Architectures: i386

BugId's fixed with this patch: 2122026 5045171 6210080 6237228 6237231 6242112 6243892 6243894 6243895 6243896 6243900 6243905 6243907 6243909 6243913 6243915 6243916 6243918 6250799 6250801 6250802 6250803 6250807 6250808 6250812 6250814 6250816 6251104 6253118 6258052 6258053 6258055 6258056 6258057 6258061 6258062 6258064 6258066 6260111 6260658 6264996 6302177 6315463 6326988 6326994 6326998 6327000 6327002 6327004 6327009 6327013 6327014 6327018 6327020 6327021 6330310 6333604 6341685 6341687 6350173 6359866 6362932

Changes incorporated in this version: 6326988 6326994 6326998 6327000 6327002 6242112 6327004 6327009 6327013 6253118 6327014 6327018 2122026 6327020 6327021 6315463 6341685 6341687 6264996 6330310 6350173 6359866 6362932 6210080

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

/usr/include/mps/base64.h
/usr/include/mps/blapit.h
/usr/include/mps/cert.h
/usr/include/mps/certdb.h
/usr/include/mps/certt.h
/usr/include/mps/ciferfam.h
/usr/include/mps/cmmf.h
/usr/include/mps/cmmft.h
/usr/include/mps/cms.h
/usr/include/mps/cmsreclist.h
/usr/include/mps/cmst.h
/usr/include/mps/crmf.h
/usr/include/mps/crmft.h
/usr/include/mps/cryptohi.h
/usr/include/mps/cryptoht.h
/usr/include/mps/ecl-exp.h
/usr/include/mps/hasht.h
/usr/include/mps/jar-ds.h
/usr/include/mps/jar.h
/usr/include/mps/jarfile.h
/usr/include/mps/key.h
/usr/include/mps/keyhi.h
/usr/include/mps/keyt.h
/usr/include/mps/keythi.h
/usr/include/mps/nspr.h
/usr/include/mps/nss.h
/usr/include/mps/nssb64.h
/usr/include/mps/nssb64t.h
/usr/include/mps/nssbase.h
/usr/include/mps/nssbaset.h
/usr/include/mps/nssckbi.h
/usr/include/mps/nssckepv.h
/usr/include/mps/nssckft.h
/usr/include/mps/nssckfw.h
/usr/include/mps/nssckfwc.h
/usr/include/mps/nssckfwt.h
/usr/include/mps/nssckg.h
/usr/include/mps/nssckmdt.h
/usr/include/mps/nssckt.h
/usr/include/mps/nssilckt.h
/usr/include/mps/nssilock.h
/usr/include/mps/nsslocks.h
/usr/include/mps/nssrwlk.h
/usr/include/mps/nssrwlkt.h
/usr/include/mps/obsolete/protypes.h
/usr/include/mps/ocsp.h
/usr/include/mps/ocspt.h
/usr/include/mps/p12.h
/usr/include/mps/p12plcy.h
/usr/include/mps/p12t.h
/usr/include/mps/pk11func.h
/usr/include/mps/pk11pqg.h
/usr/include/mps/pk11priv.h
/usr/include/mps/pk11pub.h
/usr/include/mps/pk11sdr.h
/usr/include/mps/pkcs11.h
/usr/include/mps/pkcs11f.h
/usr/include/mps/pkcs11n.h
/usr/include/mps/pkcs11p.h
/usr/include/mps/pkcs11t.h
/usr/include/mps/pkcs11u.h
/usr/include/mps/pkcs12.h
/usr/include/mps/pkcs12t.h
/usr/include/mps/pkcs7t.h
/usr/include/mps/plarena.h
/usr/include/mps/plarenas.h
/usr/include/mps/plbase64.h
/usr/include/mps/plerror.h
/usr/include/mps/plgetopt.h
/usr/include/mps/plhash.h
/usr/include/mps/plresolv.h
/usr/include/mps/plstr.h
/usr/include/mps/portreg.h
/usr/include/mps/pratom.h
/usr/include/mps/prbit.h
/usr/include/mps/prclist.h
/usr/include/mps/prcmon.h
/usr/include/mps/prcountr.h
/usr/include/mps/prcpucfg.h
/usr/include/mps/prcvar.h
/usr/include/mps/prdtoa.h
/usr/include/mps/preenc.h
/usr/include/mps/prenv.h
/usr/include/mps/prerr.h
/usr/include/mps/prerror.h
/usr/include/mps/prinet.h
/usr/include/mps/prinit.h
/usr/include/mps/prinrval.h
/usr/include/mps/prio.h
/usr/include/mps/pripcsem.h
/usr/include/mps/prlink.h
/usr/include/mps/prlock.h
/usr/include/mps/prlog.h
/usr/include/mps/prlong.h
/usr/include/mps/prmem.h
/usr/include/mps/prmon.h
/usr/include/mps/prmwait.h
/usr/include/mps/prnetdb.h
/usr/include/mps/prolock.h
/usr/include/mps/prpdce.h
/usr/include/mps/prprf.h
/usr/include/mps/prproces.h
/usr/include/mps/prrng.h
/usr/include/mps/prrwlock.h
/usr/include/mps/prshm.h
/usr/include/mps/prshma.h
/usr/include/mps/prsystem.h
/usr/include/mps/prthread.h
/usr/include/mps/prtime.h
/usr/include/mps/prtpool.h
/usr/include/mps/prtrace.h
/usr/include/mps/prtypes.h
/usr/include/mps/prvrsion.h
/usr/include/mps/prwin16.h
/usr/include/mps/secasn1.h
/usr/include/mps/secasn1t.h
/usr/include/mps/seccomon.h
/usr/include/mps/secder.h
/usr/include/mps/secdert.h
/usr/include/mps/secdig.h
/usr/include/mps/secdigt.h
/usr/include/mps/secerr.h
/usr/include/mps/sechash.h
/usr/include/mps/secitem.h
/usr/include/mps/secmime.h
/usr/include/mps/secmod.h
/usr/include/mps/secmodt.h
/usr/include/mps/secoid.h
/usr/include/mps/secoidt.h
/usr/include/mps/secpkcs5.h
/usr/include/mps/secpkcs7.h
/usr/include/mps/secport.h
/usr/include/mps/shsign.h
/usr/include/mps/smime.h
/usr/include/mps/ssl.h
/usr/include/mps/sslerr.h
/usr/include/mps/sslproto.h
/usr/include/mps/sslt.h
/usr/include/mps/watcomfx.h
/usr/lib/mps/amd64/libfreebl3.chk
/usr/lib/mps/amd64/libfreebl3.so
/usr/lib/mps/amd64/libnspr4.so
/usr/lib/mps/amd64/libnss3.so
/usr/lib/mps/amd64/libnssckbi.so
/usr/lib/mps/amd64/libplc4.so
/usr/lib/mps/amd64/libplds4.so
/usr/lib/mps/amd64/libsmime3.so
/usr/lib/mps/amd64/libsoftokn3.chk
/usr/lib/mps/amd64/libsoftokn3.so
/usr/lib/mps/amd64/libssl3.so
/usr/lib/mps/libfreebl3.chk
/usr/lib/mps/libfreebl3.so
/usr/lib/mps/libjss4.so
/usr/lib/mps/libnspr4.so
/usr/lib/mps/libnss3.so
/usr/lib/mps/libnssckbi.so
/usr/lib/mps/libplc4.so
/usr/lib/mps/libplds4.so
/usr/lib/mps/libsmime3.so
/usr/lib/mps/libsoftokn3.chk
/usr/lib/mps/libsoftokn3.so
/usr/lib/mps/libssl3.so
/usr/sfw/bin/addbuiltin
/usr/sfw/bin/amd64/addbuiltin
/usr/sfw/bin/amd64/certutil
/usr/sfw/bin/amd64/cmsutil
/usr/sfw/bin/amd64/crlutil
/usr/sfw/bin/amd64/modutil
/usr/sfw/bin/amd64/pk12util
/usr/sfw/bin/amd64/signtool
/usr/sfw/bin/amd64/signver
/usr/sfw/bin/amd64/ssltap
/usr/sfw/bin/certutil
/usr/sfw/bin/cmsutil
/usr/sfw/bin/crlutil
/usr/sfw/bin/modutil
/usr/sfw/bin/pk12util
/usr/sfw/bin/signtool
/usr/sfw/bin/signver
/usr/sfw/bin/ssltap
/usr/share/lib/mps/jss4.jar

Problem Description:

6326988 MSVC debug runtime library assertion failures in crlutil
6326994 PK11_ListCertsInSlot crashes in subject_list_sort on a cert with unsupported critical extension
6326998 softoken PKCS#11 version is incorrect
6327000 RSA key size limits are not applied to key pair generation in freebl
6327002 Multipart CKM_DSA_SHA1 signing broken if given large buffer
6242112 certutil crashes when -P is empty
6327004 Some NSS mechanism numbers don't match the PKCS11 
6327009 S/MIME message verification fails if cert is signing-only
6327013 PK11_TokenKeyGen should add CKA_UNWRAP and CKA_WRAP attributes to object template3
6253118 Installing a CRL on WS 6.1SP4 (Windows) adds it to the CKLs section in the GUI
6327014 Need CKA_EXTRACTABLE for PK11_GenerateKeyPair
6327018 NSS 3.9.3 not support SHA-512
2122026 libsoftokn3 fails to load libfreebl in setuid programs
6327020 SSL/TLS Client Authentication with 3rd party PKCS#11 module fails with unrecognized token
6327021 NSS tries to call C_WaitForSlotEvent on PKCS#11 2.0 modules
6315463 toString() call in SSLSocket.java does not check for exceptions
6341685 PKCS#11 CKF_PROTECTED_AUTHENTICATION_PATH token flag not supported
6341687 ASN.1 encoder outputs trash for optional may-stream subtemplate
6264996 SSLSocket.GetIPAddress needs to return null, if socket is not connected
6330310 JSS accumulates CLOSE_WAIT sockets due to not closing the SSLSocket when SSLInputStream is closed
6350173 Expose new key generation functions in JSS for key export
6359866 Thread protection needed for getPeerAddress
6362932 JSS 4.1.2 needs to work with NSS 3.9.x
6210080 libsoftokn3 fails to load libfreebl in setuid programs
 
(from 119214-06)
 
6333604 Wrong obsolete patch ID for patches 119213-05 and 119214-05
 
(from 119214-05)
 
6302177 Zlib vulnerability in NSS tools
 
(from 119214-04)
 
6258052 NSS doesn't fetch CRLs during the first minute of program execution on AIX
6258053 Compile source files with absolute pathnames on AIX
6258055 Add Sonera CA certs (2) to builtin trusted CA list
6258056 Add Go Daddy root certs to NSS
6258057 Add CRL generation to crlutil
6258061 certutil -A reports extension not found if file has extra data
6258062 ssltap creates cert files containing garbage
6258064 Can not encode CRL using classic ASN.1 encoder
6258066 NSC_CopyObject crashes when trying to copy token object
6260111 certutil core dump during installation of Sun Cluster
6260658 certutil crash reading key data base.
 
(from 119214-03)
 
6250799 SSL_ConfigSecureServer always generates a step-down key for RSA
6250801 NSC_Encrypt with RSA mechanism crashes if len is greater than modulus len
6250802 nss3.10 certutil sees 3.9.x root certs as government issued
6250803 C_Finalize status not checked in SECMOD_CancelWait
6250807 pk11_AnyUnwrapKey does not process error condition correctly
6250808 Make rsaperf use PKCS#11
6250812 Remove PKCS11_USE_THREADS and PK11_USE_THREADS
6250814 Add option for rsaperf to run for a fixed duration, and display ops/s
6250816 PK11Token.c:GenerateCertRequest leaks 'arena'
6251104 Socket.close needs to interrupt threads blocked in I/O
 
(from 119214-02)
 
6243892 Add Camerfirma CA certificate to NSS
6243894 Add NetLock CA certificates to NSS
6243895 crash in NSS server if server SID cache uninitialized
5045171 Specify 'Subject Alt Name' during CSR creation
6243896 RPATH not set on AMD64 platform for libnss3.so and tools
6243900 certutil -C78 creates invalid cert with two subjAltName extensions
6243905 PK11_HashBuf buffer overflow
6243907 NSS improperly handles sessions for SSL derived keys.
6243909 Remove the PKCS11_STATIC_ATTRIBUTES macro
6243913 pk11_getKeyFromList can call PORT_Alloc instead of PORT_ZAlloc
6243915 Optimize frequently called function pk11_SessionFromHandle
6243916 Make PK11_CreateSymKey static
6243918 certutil has infinite loop in interactive mode for cert extensions
 
(from 119214-01)
 
6237228 Upgrade to Security 3.10
6237231 Move SVRCORE functionality into NSS

Patch Installation Instructions:
-------------------------------- 
Refer to the man pages for instructions on using 'patchadd' and
'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
None.

README -- Last modified date:  Monday, February 13, 2006