Patch-ID# 120880-03 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: sun ray update patch security Synopsis: Sun Ray Core Services version 3.1 Patch Update Date: Apr/26/2006 Install Requirements: Reboot after installation, an alternative may be in Special Install Instructions Solaris Release: 10_x86 SunOS Release: 5.10_x86 Unbundled Product: Sun Ray Core Services Unbundled Release: 3.1 Xref: This patch available for SUNOS 5.8 5.9 5.10 as 120879-03 and for Linux as 120881-03 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 5060424 6238984 6254552 6311482 6316937 6319180 6325171 6327741 6328992 6330608 6331518 6337859 6342142 6344009 6344241 6346040 6348306 6351087 6354786 6375196 6376242 6380565 6383912 6385918 6393502 6397106 6398942 6399779 Changes incorporated in this version: 6376242 6380565 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/init.d/utacleanup /etc/opt/SUNWut/smartcard/Belgian-eID.cfg /etc/opt/SUNWut/smartcard/Cryptoflex.cfg /etc/opt/SUNWut/smartcard/DatakeyModel330SafeNet.cfg /etc/opt/SUNWut/smartcard/FCU.cfg /etc/opt/SUNWut/smartcard/GEMPLUS-GPK.cfg /etc/opt/SUNWut/smartcard/GemXpresso.cfg /etc/opt/SUNWut/smartcard/JCOP21id.cfg /etc/opt/SUNWut/smartcard/ORGA-Micardo.cfg /etc/opt/SUNWut/smartcard/probe_order.conf /opt/SUNWut/bin/utxconfig /opt/SUNWut/cgi-bin/admincgi /opt/SUNWut/cgi-bin/desktop /opt/SUNWut/cgi-bin/user /opt/SUNWut/etc/template/ldap/utdsd.acl.conf /opt/SUNWut/lib/dhcp/edhcp/utdhcpnet /opt/SUNWut/lib/firmware/CoronaP1 /opt/SUNWut/lib/firmware/CoronaP2 /opt/SUNWut/lib/firmware/CoronaP3 /opt/SUNWut/lib/firmware/CoronaP4 /opt/SUNWut/lib/firmware/CoronaP5 /opt/SUNWut/lib/firmware/CoronaP6 /opt/SUNWut/lib/firmware/CoronaP7 /opt/SUNWut/lib/guloginGUI /opt/SUNWut/lib/libsimpleRun.so /opt/SUNWut/lib/libut.so.1 /opt/SUNWut/lib/libutadmin.so.1 /opt/SUNWut/lib/libutjadmin.so /opt/SUNWut/lib/libutmedia.so.1 /opt/SUNWut/lib/libutoscompat.so.1 /opt/SUNWut/lib/libutsmon.so.1 /opt/SUNWut/lib/nscloginGUI /opt/SUNWut/lib/pam_sunray.so.1 /opt/SUNWut/lib/scloginGUI /opt/SUNWut/lib/utauthd.jar /opt/SUNWut/lib/utcleanlaunch /opt/SUNWut/lib/utdsupdate /opt/SUNWut/lib/utgenpam /opt/SUNWut/lib/utpamcfg /opt/SUNWut/lib/utseriald /opt/SUNWut/sbin/utdesktop /opt/SUNWut/sbin/utlicenseadm /opt/SUNWut/sbin/utmhadm /opt/SUNWut/sbin/utuser /opt/SUNWut/share/man/man1m/utlicenseadm.1m /usr/openwin/server/modules/ddxSUNWsunray.so.1 Problem Description: 6376242 utauthd core dump seen on Solaris 8 system (also duplicate utauthd processes on running systems) 6380565 3rd party license readme distribution update (from 120880-02) 6383912 utxconfig constrains X desktop dimensions to unreasonably low values 6351087 Regression: Xsun spins in Sun Ray DDX 6327741 pam.conf is not updated correctly causing login problems 6393502 Sun Ray firmware needs to report smartcard ATR history length as well. 6385918 SRSS needs to support Belgian eID smartcard 6397106 GemPlus GPK16000 cards and newer JCOP21 cards need to be supported 6331518 Sun Ray Server Software (SRSS) should support GEM+/GEM Expresso (64V2N) smartcards 6398942 TCP connections can fail when initialization sequence is irregular 6348306 Add tool to administer licenses 6399779 sometimes uttsc core dumps while hotdesking 6342142 Sunray NSCM greeter not working with ldap (naming services) password management. 6375196 libutmedia only does 15 fps with Sun Ray 2 (from 120880-01) 6319180 utxconfig is insufficently paranoid 6238984 utseriald dumps core after resetting the DTU connected with serial adapter 6328992 utauthd eats 2 file descriptors when a fork fails 6325171 ndbm database corruption causes utdesktop and authd to core dump. 6316937 DTU hangs and power cycles when trying to send data using loopback cables with SR 170 embedded ports 6311482 Restart of Sun Ray services from Admin GUI using netscape7 is not working as expected 6346040 Update smartcard config files to work with new versions of cards 5060424 DTUs not getting configured MTU from LAN Sunray Server 6254552 ISO 7816-4 Case 1 APDU problem 6330608 2 authd running on the same box, (parent and child) causing authd to hang and all DTU get 26 error 6354786 Restart not working from Admin GUI after patch installation. 6344009 Alt-tab doesn't work after they upgrade Sunray SW from 3.0 to 3.1 6344241 After upgrading from SRSS 3.0 to 3.1 the Num Lock and Shift keys don't work via IOGear KVM 6337859 utadm -A or -a does not always work Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/ The following example removes a patch from a standalone system: example# patchrm For additional examples please see the appropriate man pages. NOTE: For Solaris 10, install latest Recommended Patch Cluster. In particular latest revision of Patch 119255 needs to be installed. patchadd may give some messages while installing on a system with zones. To suppress these messages "-G" option can be used. # patchadd -G /var/spool/patch/ Special Install Instructions: ----------------------------- NOTE: This patch is for the Sun Ray Core Services 3.1 component that is part of Sun Ray Server Software 3.1. NOTE: This SRSS patch does not support Live Upgrade. Please do not install this patch via live upgrade. NOTE: Some third party terms were not included in the original version of Sun Ray Server Software 3.1 in the THIRDPARTYLICENSEREADME.html. This patch includes a new THIRDPARTYLICENSEREADME.html that contains all the terms. NOTE: The DTU firmware delivered in this patch has the following version identification string 3.1_120879-03_2006.04.03.16.51 Required Patches ---------------- Warnings & Errors ----------------- ** WARNING: This patch should only be applied to systems which have Sun Ray Server Software 3.1 fully installed. Do not attempt to add this patch to the UFS image to be applied as part of the install process ** ** WARNING: This patch redelivers the /etc/opt/SUNWut/smartcard/probe_order.conf file. If you have modified this file, the changes will be lost, and you will need to make the same changes to the new copy. ** WARNING: If pam_ldap.so is used along with password management, some messages generated during login will not be localized. ** WARNING: As part of this patch installation, it will automatically update the Sun Ray PAM entries in the /etc/pam.conf file. This means that your existing Sun Ray configuration in the pam.conf file will be overwritten. If you have made some Sun Ray customization for your site, you may want to save a copy of the current /etc/pam.conf file before you install this patch so that you can manually merge your changes back into the pam.conf file. Detailed Steps -------------- 1. Suppress firmware downloads If the server being patched is not a member of a Sun Ray failover group you should skip this step. If the server being patched is a member of a Sun Ray failover group then this step is optional but is strongly recommended. At Patch Installation --------------------- Before adding this patch to servers configured into a Sun Ray failover group we advise that you disable Sun Ray firmware delivery from all unpatched hosts in the failover group. On each host in the group: For each of the dedicated network interconnects: $ /opt/SUNWut/sbin/utfwadm -a -D -n For each of the shared subnetwork interconnects: $ /opt/SUNWut/sbin/utfwadm -a -D -N Do this only one time, before adding this patch to any server in the group. The purpose of this step is to prevent unpatched servers from offering old firmware to Sun Ray appliances. At Patch Removal ---------------- Before removing this patch from servers configured into a Sun Ray failover group we advise that you disable firmware delivery from any hosts in the failover group that have this patch installed. On each already-patched host in the group: For each of the dedicated network interconnects: $ /opt/SUNWut/sbin/utfwadm -a -D -n For each of the shared subnetwork interconnects: $ /opt/SUNWut/sbin/utfwadm -a -D -N Do this only one time, before removing this patch from any of the already-patched servers in the group. The purpose of this step is to prevent already-patched servers from offering new firmware to Sun Ray appliances. If this patch is being removed from a Sun Ray failover group then omitting this step may result in increased restart times for your Sun Ray appliances. (A mixture of patched and unpatched servers advertising conflicting firmware versions may cause the appliance to download new firmware each time it restarts. The appliance automatically restarts itself after downloading fresh firmware so its overall restart cycle is longer in that case. The appliance may restart itself several times before establishing or reconnecting to a session.) The Sun Ray restart time will return to normal once the patch has been removed from all servers in the failover group. 2. Stopping Sun Ray services and login sessions Before the addition or removal of this patch to a Sun Ray server all users should be logged out of their Sun Ray sessions. Stop the Sun Ray services using the following commands: $ /etc/init.d/utstorage stop $ /etc/init.d/utsvc stop These commands will terminate any Sun Ray sessions that were not already logged out. Next, use the instructions outlined above in the section "Patch Installation Instructions" for the addition or removal of this patch. Adding the patch automatically prepares the server to advertise new firmware to your Sun Ray appliances. Removing the patch automatically prepares the server to revert to advertising pre-patch firmware to your Sun Ray appliances. 3. Rebooting the Sun Ray server The Sun Ray server must be rebooted after the addition or removal of the patch. 4. Enable firmware downloads After the addition or removal of this patch on all Sun Ray servers in a failover group, enable firmware downloads using one of the following methods: 1) If all Sun Ray server in the failover group provides firmware downloads run this command on one of the servers: $ /opt/SUNWut/sbin/utfwsync After which the Sun Ray DTU's will reboot themselves and load the new firmware. 2) If only some of the Sun Ray servers in the failover group provide firmware downloads to the DTU's, run the following command on the servers that do provide firmware: For each in dedicated network interconnects: $ /opt/SUNWut/sbin/utfwadm -a -A -n For each in shared subnetwork interconnects: $ /opt/SUNWut/sbin/utfwadm -a -A -N Then restart services on all servers in the failover group by executing the following command on a server in the group: $ /opt/SUNWut/sbin/utfwsync -d README -- Last modified date: Wednesday, April 26, 2006