Patch-ID# 116300-16 Keywords: security solaris Synopsis: Sun One Application Server 7.0: Java Mail Runtime Patch Date: Oct/08/2004 Install Requirements: None Solaris Release: 8 9 SunOS Release: 5.8 5.9 Unbundled Product: Sun One Application Server Unbundled Release: 7.0 Xref: This patch available for Solaris x86 as patch 116301 and RHEL 2.1as patch 118036 Topic: Sun One Application Server 7.0: Java Mail Runtime Patch Relevant Architectures: sparc BugId's fixed with this patch: 2091973 2091974 2091975 2091976 2091977 2091978 2091979 2092413 2092982 2103825 4724728 4734337 4744128 4761151 4776091 4811431 4818853 4819412 4830338 4840324 4849368 4849513 4851218 4853543 4860400 4861767 4861948 4862994 4869664 4870233 4872948 4876672 4884552 4886253 4886683 4888612 4890613 4892587 4893954 4895814 4902210 4904100 4904764 4907283 4909380 4909796 4910686 4913290 4913458 4914362 4917206 4921551 4922884 4923230 4925548 4926581 4926972 4928341 4930027 4930986 4931379 4933997 4937416 4937667 4938319 4942044 4942341 4942381 4947231 4947756 4949245 4949318 4950035 4954609 4955404 4957162 4958393 4958395 4962225 4962418 4965713 4965815 4969036 4969425 4972432 4972796 4976025 4976401 4976502 4978068 4978369 4978647 4980136 4980660 4982525 4987217 4987274 4991198 4991659 4992275 4994366 4996111 4997113 5003309 5004406 5005643 5005653 5013767 5017630 5017895 5021585 5021712 5022904 5022976 5024804 5029014 5049159 5056917 5063790 6067367 6088593 6092475 6092499 6152742 6155154 6155446 6156869 Changes incorporated in this version: 2092982 2103825 5022976 5049159 5056917 6088593 6092475 6092499 6152742 6155154 6155446 6156869 Patches accumulated and obsoleted by this patch: 116798-04 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/share/lib/mail.jar Problem Description: 2092982 unwanted and conflicting Cache-control headers are generated 2103825 templates of asenv.conf and server.xml have hardcoded location specific to Solar 5022976 Error while creating auth-realm using sun-appserv-admin 5049159 app svr should reconnect to directory svr if directory svr goes down and then co 5056917 Neither the CNCtxFactory or S1ASCtxFactory can be used to programmatically reconn 6088593 cts testsuite : ContainsHeaderTestServlet test FAILED 6092475 DOC: web server crash when running high load and app server reverse proxy plugin 6092499 REG:GAT resulting LDAP Server crash 6152742 JDBC connection pool does not properly release connections 6155154 client authentication not working with IIS 5.0 sun-passthrough plugin 6155446 Corrupted transaction log files hang appserver 6156869 DOC: No documentation on how to use MQ3.5SP1 with AS7 UR4 (from 116300-15) Remove the changes introduced in -14 to address bugid 2092982. 2091975 7 SE : The EJB Classloader doesn't adhere to EJB Spec in terms of loading Java 2091976 JCA will leak physical connections if getMetaData() throws ResourceException 2091977 partial JCA 1.5 functionality requested 2091978 AS7 - cannot deploy .rar without . 6067367 AppServer 7.0 Ur3 rpms fails sun_patchchk during (from 116300-14) 2091973 Able to access the last session of SJAS 7.0/7.1 2091974 HttpServletRequest.getCookies() method returns cookies from a totally different 2091979 Standalone AppServer UR3 Svr4 patch doesn't install properly 2092413 RN: AppServer-WebContainer sends ABSOLUTE redirects causing problems with extern (removed) 2092982 unwanted and conflicting Cache-control headers are generated 5063790 Require a port (and backport) of a web server bug: 4882838 (from 116300-13) 4734337 IWS: Listing of groups/users in ACL UI is broken. 4744128 EJB compiler failed to generate valid java code for inner classes 4761151 Persistency of proxy-to-container connections is not maintained(out of box). 4840324 Security : Cross-site scripting in sample applications 4849368 "Use Existing JDK" text field accepts blank space 4872948 circular path in jar manifest causes 'error received from mbean null' error 4876672 request.getAttribute("javax.servlet.error.request_uri") is not working .. 4921551 JDOQL does not work when contains a non trivial, proper filter with boolean expr 4923230 CMP Oracle boolean field problem in finder 4926581 Appserver asadmin utility always requests a password for SSL startup 4930027 Appserver performance problem with jsp:useBean 4947756 Reg: Not able to setup Log Rotation - A blank page is loaded 4949245 App Server crashes during deployment of a WAR file 4955404 appclient does not honor -mainclass option 4957162 NMTOKEN/NMTOKENS values must be XML name tokens : Failed Message during deployment 4962418 a typo in JMS SessionWrapperWeb.rollback prevent the method from working 4965815 DOC::Logging/simple sample doesn't work 4969425 SNMP doesn't work when the instance is stopped and started (restart). 4972432 not able to create a new domain using asant 4972796 changes in j2ee application role mappings are lost during deployment 4976025 RPP:WebServer crashes when more one instance is defined in obj.conf 4976401 iwsInstanceDeathCount is not being updated 4976502 RN: perfdump for appserver does not work as in documentation 4978068 no information is displayed about the errors while running ejbc. 4982525 Admin Tool works improperly in AS7.0UR1 Japanese version 4987274 S1AS7: Deployment fails if remote interface for the bean is named Util 4991198 S1AS7SE/Appserver logs user passwords in CLEAR TEXT in the log file 4991659 Appserver RPMs for 7.0.0_02 are not compatible with NSPR 4.1.6 in JES2 4992275 need to modify the README file 4994366 RN: S1AS7 - deploy error with ejb-local-ref and ejb-link. 4997113 appservd.exe crashed when application is accessed using passthrough plug-in 5003309 DOCS: URL wrong in AG Deployment chapter under static deployment 5004406 --passwordfile does not work with mix of upper/lowercase characters 5005643 need to modify the README file for CD 5005653 there is a warning message when deploy jdbc/simple sample 5013767 Plugin truncating XML stream 5017630 RN: AS7U3: can not upgrade on XP 5017895 NPE when running NileApp in x86 platform 5021585 REG: Monitoring iiop-listener not working 5021712 REG: Error while running ejbc 5022904 RN: DB2 Server has connection growing after idle timeout with DB2 Type II Drive 5024804 error in 7.0 performance tuning doc 5029014 package-appclient script needs updating to be compatible with new NSS path(s) (from 116300-12) This patch revision was reserved but not used. (from 116300-11) This patch revision was reserved but not used. (from 116300-10) This patch revision created to address patch construction issues. (from 116300-09) This patch revision created to address patch construction issues. (from 116300-08) 4996111 webcore memory growth (from 116300-07) 4978647 Petstore: org.apache.jasper.JasperException: Unable to compile class for JSPNote 4987217 REG in UR3 JSP compiler (from 116300-06) 4724728 redefined finer methods in spr/subclass home intfs duplicated in generated code 4776091 MSTR: CLI -License key with leading and trailing spaces not honored (Problems exists in RMT) 4811431 cannot access a web module if the location attribute in server.xml ends in / 4818853 LocalTransaction association with ManagedConnection not preserved between EJBs 4819412 i18n "is not valid entry" is hardcoded 4830338 Korean characters in cookie not working 4849513 dynamic reloading does not pick up changes to sun-application.xml 4851218 DOC: unable to install self-signed certificate 4853543 MODEL: Should allow for PK class to have inherited fields 4860400 EJB Classloader returns null when calling Class.getPackaged() 4861767 SECURITY BUG FIX:Accept language issue (SB) 4861948 getEJBMetaDATA0 fails with exception after context re-initialized 4862994 Domain Creation fails on RedHat 9 (New Linux version support) 4869664 two byte characters cause problems in the http GET URLs 4870233 JSP with page directive "buffer=none" does not work when using s1as7.0 4884552 SECURITY BUG FIX: auth-method=CLIENT-CERT forces the SSL client auth regardless of uri-pattern 4886253 unable to retrieve X509 Client Certificate behind a passthrough proxy listener 4886683 S1AS7:UR2 installation on Win2003 enterprise throws "Unsupported platform" (New Windows OS Version support) 4888612 failed to start server instance after installing eval build on X86 (New Eval installer for X86) 4890613 UR2 Linux installer not upgrading existing JDK 4892587 SECURITY BUG FIX: S1AS7 does not enforce "grant signed by" policy 4893954 Rotate logs script causes watchdog process to die and all other appserver processes 4895814 request getRequestUR1() returning inconsistent values. 4902210 REG: Incorrect support JDK version provided in java config page 4904100 At S1AS7 SE, rich client always sees an exception 4904764 could not stop the admin-server when running Redhat 8.0 (New Red Hat OS version support) 4907283 code fix as in lWs60SP5 for Bugid 4846815 to S1AS7 4909380 Orion Uninstall of unbundled AS7 pkg-based product removes shared components 4909796 UR2: Upgrade installer fails if JDK used by S1AS is at non-default location 4910686 app-server does lazy auth even if http port is not client auth enabled 4913290 form-based authentication does not provide the same functionality as in iAS6.x 4913458 web container thread names are not unique 4914362 SECURITY BUG FIX: Enabling WebPub or Remote File Manipulation allows any user to obtain a director (SB) 4917206 unable to set ACL for anything but entire server through admin GUI 4922884 Web Service invocation from JAXRPC client throws Internal Server Error 4925548 ExceptionininitializerError with JDK 1.4.2 4926972 S1AS-UR2-Bld3: eval upgrade: error about missing archive file during upgrade 4928341 using chunk data causes endless loop/high CPU in appserver (SB) 4930027 Appserver performance problem with jsp:useBean 4930986 throw appropriate error msg when abrupt termination of upgrade corrupts pkgs 4931379 SECURITY BUG FIX: S1AS 7.0 U1 crashes when AS_NSS points to /usr/lib/mps/secv1 in Orion1_B09 + 4933997 Appserver startup problems after upgrade on Linux (iMQ upgrade) 4937667 Upgrade script to use the same packages that complete install 4937416 SECURITY BUG FIX: User Principle class throws ClassCastException 4938319 RN: Online doc: need to document the workaround for escalation 548517 4942044 migrating NSS/NSPR from 3.3.4 t0 3.3.6 4942341 code generated for differs based on class or beanName attr usage 4942381 could not initialize ORB monitoring 4947231 libpassthrough.so(AS7.0-UR3) causes WS6.1 to crash on x86 Solaris Keywords 4949318 Reg: Petstore sample deployment failed on Windows 2000 advanced server 4950035 Performance Tuning doc refers to both obj.conf and -obj.conf 4954609 -passwordfile doesn't work on Appserver 7.0MU1 create-domain 4958393 ServletContext.getContex(String) does not return other contexts 4958395 Reg: Not able to install mainstream build if an eval build pre-installed on windows 4962225 RN: We should remove Smartticket sample on X86. 4965713 SECURITY BUG FIX: LDAP: user can enter wildcard '*' for UID in basic auth (WEbserver:4957829) 4969036 SECURITY BUG FIX: Regression: After entering username/password appserver changing URI 4978369 SECURITY BUG FIX:flex log buffer overflow 4980136 SolSparc: 7.0.0_03 UR3 B02-Upgrade script fails while adding SUNWpr package 4980660 SOAP server array DoS (from 116300-05) (from 116300-04) (from 116300-03) (from 116300-02) (from 116300-01) Revisions skipped. (from 116798-04) This patch revision created to address patch construction issues. (from 116798-03) 5004406 --password file does not work with mix of upper/lowercase characters (from 116798-02) 4761151 persistency of proxy-to-container connections is not maintained 4969425 SNMP doesn't work when the instance is stopped and started (restart). 4976401 iwsInstanceDeathCount is not being updated. (from 116798-01) Revision skipped. Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris, to install and remove patches. Special Install Instructions: ----------------------------- In the event that a version of the SUNWjmail package is installed on the target system that is incompatible with this patch, the patchadd will terminate with a message. In this case the package must be replaced with a compatible version of the package. A compatible version of the package can be obtained from the Java ES Release 2 media or by contacting Sun Support. To update the target system remove the installed package using: pkgrm SUNWjmail To install the compatible version of the package, change to the directory where the package is located and use: pkgadd -d . SUNWjmail After the compatible package version is installed, this patch should be applied using patchadd. README -- Last modified date: Friday, October 8, 2004