Patch-ID# 121510-01 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: java_es hpux security Synopsis: Sun ONE Web Server 6.1 HPUX B.11.11.i : JES3 to JES4 upgrade patch Date: Feb/13/2006 Install Requirements: Additional instructions may be listed below Solaris Release: Note: HPUX SunOS Release: Note: HPUX11.i Unbundled Product: Sun ONE Web Server Unbundled Release: 6.1 Xref: This patch is available for Solaris sparc as 116648, Solaris x86 as 116649, Linux as 118202 Topic: Sun ONE Web Server 6.1 HPUX B.11.11.i : JES3 to JES4 upgrade patch Relevant Architectures: hpux NOTE: pa_risc BugId's fixed with this patch: 4879994 4896881 4905412 4939260 4978243 4996219 5004542 5012107 5015181 5016494 5024330 5026607 5039633 5042600 5048543 5048940 5063134 5088267 6066228 6067407 6170938 6171132 6171311 6171389 6171400 6172953 6173039 6173293 6175828 6176231 6176264 6177544 6180991 6185904 6192797 6193318 6193967 6195007 6195820 6197890 6203247 6219618 6222728 6225900 6229472 6232465 6234284 6234758 6239342 6239388 6240704 6244615 6247263 6247997 6253118 6253489 6254121 6259257 6261200 6262885 6269749 6273472 6275413 6285848 6285879 6330478 Changes incorporated in this version: 4879994 4896881 4905412 4939260 4978243 4996219 5004542 5012107 5015181 5016494 5024330 5026607 5039633 5042600 5048543 5048940 5063134 5088267 6066228 6067407 6170938 6171132 6171311 6171389 6171400 6172953 6173039 6173293 6175828 6176231 6176264 6177544 6180991 6185904 6192797 6193318 6193967 6195007 6195820 6197890 6203247 6219618 6222728 6225900 6229472 6232465 6234284 6234758 6239342 6239388 6240704 6244615 6247263 6247997 6253118 6253489 6254121 6259257 6261200 6262885 6269749 6273472 6275413 6285848 6285879 6330478 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: Note: sun-webserver Problem Description: 6330478 During uninstallation, directories like https-*,httpacl,plugins,ns-icons are not removed 6253489 ClassCastException thrown when nested includes are present in jsps 6285848 Requests with Double 'Content-Length' header should get rejected ( HRS Vulnerability ) 6285879 Web Server JES4 bld7 patches for Solaris SPARC/x86 check for Java in /usr/j2se and terminate on fail 6185904 New NSS error codes not being handled properly "(unknown error -8048)" 6222728 WS 6.1sp2/sp3 on Win2K: SNMP failing on iwsListenAddress.1.1.1 Oid 6247997 Presence of residual files after successful uninstallation of Web Server 6253118 Installing a CRL on WS 6.1SP4 (Windows) adds it to the CKLs section in the GUI 6254121 .htaccess silently fails to protect resources without a backing file 6259257 A particular PDF file fails to be indexed by the search engine 6262885 Switching from HTTPS to HTTP causes generation of new JSESSIONID session 6269749 Java to Native IO subsystem is too much suboptimal 6273472 Web 6.1 SP4 uninstall script will produce "No such file or directory" message at that end 6275413 Incorrectly configured home-page SAF crashes server 6261200 Configuration of Web Server failed in Configure-Later mode. 5042600 cannot migrate 6.0 SP7 web server instance to 6.1 SP2 6171389 WS6.1sp2: filter is only called for the first request on persistent connections 6175828 JES3: Incorrect information in the install log; Web Server Install 6219618 JES WebServer 6.1sp2 failed to index PDF version 1.5(Acrobat 6.x) doc for Search Collection Creation 6225900 webserv-rt.jar ships with META-INF/javamail.default.providers which doesnot contain imaps 6234758 Migration cgis do not check for scripts tags 6244615 WS migration needs to update RootCerts correctly 6247263 After upgrading JES3 Webserver through patchadd, it is not updating the pkginfo contents 4879994 SSL: data larger than 8K is lost when the request triggers new ssl handshake 5048543 6.0sp8: web server does not start with LD_PRELOAD of libCld.so on Solaris 5.6 6066228 admin app is allowing duplicate ports in the add server screen 6170938 Acceptlanguage does not work for User Document Directories 6180991 Internal-Daemon Log Rotation does not work for files greater than 2GB 6195820 Global resources are not available to load-on-startup servlets 6197890 Applying Patch 116648-11,116649-11 of Webserver on JES1/2 causes server startup failure. 6229472 Regression: .htaccess Require directive broken 6232465 RFE: build options for HPUX web server versions 6234284 JES 3 webserver installation fails while giving shell meta-characters ($&^*()) etc in admin password 6239342 cross-site scripting vulnerability in a default error page 6239388 Displaying wrong version number on the comand line while starting the websever and on the UI 6240704 Modify Linux RPM script to update the RPM release/ version number and shared components for JES4 6195007 Javascrtip validation does not allow resizequantity < steadypoolsize 6203247 Certificate based Authentication ACL Test Cases are failing in GAT 6192797 sjsws6.1sp4 linux rpm fails to upgrade properly if the instance name contains "-" e.g.https-iws-test 6193318 No software was installed in build8 nightly Linux (dated on 10/11/2004) 6193967 Web svr patches 116648-10 have incorrect use of CLIENT_BASEDIR 4905412 UI doesn't seem to permit manage users in keyfile db. 5048940 Superuser Access Control page in Admin UI not accessible after upgrade from SP1 6067407 Problems using ACL_LDAPSessionFree() 6171132 61sp2 webservd crashes in JES2 ComExpress load tests 6172953 JES3: Web Server RPM patches can't have a new Version string 6173039 Web Server has private copy of libnssckbi.so and NSPR libraries 6173293 web server always sets content type to text/html when servlet filter is set 6176231 SJSWS6.1SP4 admin delete certificate(bin/https/admin/security) core dumps with NSS 3.9.3.beta. 6176264 SJSWS6.1SP4 Solx86 unable to start the SSL instance through Admin GUI 6177544 libpassthrough.so not present after RPM installation of plugin 5088267 WS 6.1 sp4 admin console is dependent on JDK 1.4.2 6171311 jsp invoking command line execution failed on 6.1sp4 using jdk1.5 6171400 With webserver running JDK1.5 the applets fail to start of in portal 5039633 Update NSS to 3.9 series 5063134 does not use Java ES symlink for J2SE location 4939260 Crash in JVM during GAT on Linux 4978243 JES2: SUNWwbsvr RPM differs in behaviour from the SVR4 pkg in pre-install 4996219 Webservd leaks memory on RedHat Linux Advance Server 3.0 5016494 NSS: Crash in DER_UTCTimeToTime with corrupt certificate 5024330 Typo throughout the Install Guide ("Web Sever") 5026607 Server restarts with error "failed to wait on signals" on solaris 9 x86 4896881 While untaring the webserver bits the ownership and group is not coming right. 5004542 ASN.1 parsing bugs / brute forcer program can cause iws crash 5012107 POST request body consumed twice when using bad plugin 5015181 Bundle JDK 1.4.2_04 Patch Installation Instructions: To install patch : 1) Upgrade the following shared components to JES4 in the below mentioned sequence. NSPR NSS SASL ICU LDAP JSDK 2) Apply WS patch swinstall -s -x patch_match_target=true To rollback patch: swremove Note : Remove the shared component patches also, if not needed Special Install Instructions: o Ensure that Java 1.5.0.01 is installed on the system o Refer corresponding shared component's README file for installing and removing the above mentioned shared components. o Refer Upgrade Document for more details. o Stop all running instances of Webserver and AdministrationServer before patch installation or removal README -- Last modified date: Monday, February 13, 2006