We’ve just released the Oracle Solaris 11.4 SRU42. It is available via ‘pkg update’ from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.

This SRU adds the following new features or modified interfaces:

  • Ansible 2.10
    • The basic Ansible command set was delivered and the basic configuration allowing customers to use it straight away but also pull in Ansible community resources. The package name is pkg:/system/management/ansible.
  • OpenSSL 3.0 is available in this release
    • OpenSSL 3.0 is available in this release, via pkg:/library/security/openssl-3, but is not yet installed by default. Oracle Solaris 11.4 delivered consumers will migrate from OpenSSL 1.0.2 or 1.1.1 in future SRUs. Note that in OpenSSL 3.0 some older/weak cryptographic algorithms are no longer available by default, they can be made available in Oracle Solaris by installing the legacy provider package: pkg:/library/security/openssl-3/legacy-provider and changing the activate property in /etc/openssl/3/conf.d/legacymodule.cnf For OpenSSL 3.0 with FIPS 140-2 mode of operation install the additional pkg:/library/security/openssl-3/fips-140-provider.
  • New ldm console CLI option: -e (specify escape char)
  • New ldm unbind CLI option: -a (all domains)
    • The enhanced unbind subcommand now accepts a list of domain names, as well as a ‘-a’ option which requests all bound domains to be unbound.
  • LDoms support for new migration-class2, covering M7/T7/S7/M8/T8 platforms.
    • A new migration class was defined in order to support live migration of LDoms guests between M7/S7/M8 processors with support for the DAX Coprocessor. migration-class2 is a  cross-CPU  migration  family  for SPARC  T7,  SPARC  M7,  SPARC  S7, SPARC T8 and SPARC M8 series servers. These platforms support  16GB  pagesizes and  the  DAX  co-processor,  which this migration class preserves. See ldm(8) for more information. 
  • Option for mdb(1) leaving forked and spawned processes stopped
    • When the target process being debugged with mdb makes a fork or spawn system call, up until now mdb offered the user a choice, via a prompt or via an option, to follow the parent  process or the child process.  Once the decision was taken the other process was then released to run.
    • mdb now supports a way for the user to be also offered the option to leave the other process in a stopped state as it exits the system call. This will allow the user to then attach  another instance of the debugger, or a different debugger to the other process so they can debug both processes.
  • freezero(3c) and freezeroall(3c) functions added to libc
    • The freezero() and freezeroall() functions overwrite the contents of the memory buffer with zeros before passing it to free(), if ptr is not NULL. freezero() writes zeros up to the provided size or the size returned by malloc_usable_size(), whichever is smaller.  freezeroall() writes zeros for the entire size returned by malloc_usable_size(). freezero() first appeared in OpenBSD 6.2, freezeroall() is a Solaris addition.
  • Execute bits removed from most shared objects
  • “split -b” enhanced to support more scaled suffixes and fractional values.
    • split now accepts a wider range of scale suffixes beyond the previous support for kilobyte and megabyte, to allow the suffixes to be case insensitive (e.g. ‘g’ or ‘G’), and to support fractional values (e.g. ‘.5t’).
  • Sphinx & Alabaster integrated
  • Docutils integrated
  • coreadm default locations for global and kernel zone cores updated to use /var/cores/
    • This project updated the default locations to be under /var/cores but will not enable them by default
  • C.UTF-8 locale added. See Readme Note 35 for more information.
  • zfs get -I state
    • As there was no zfs command that provided detailed property info for hidden datasets, we extended displaying hidden datasets and their property values and sources using ‘zfs get’ command.
  • Improved handling of scaled sizes in pfiles(1) and plimit(1)
  • Added -h and –scale options to plimit(1), pmadvise(1), and pmap(1)
  • Support of KMIP 1.4 protocol in libkmip
  • Annotations for displaying objects in mdb
    • The ::print dcmd will now automatically annotate some types to ease debugging.
  • Python zipp integrated
    • Zipp is a pathlib-compatible Zipfile object wrapper; official backport of the standard library zipfile.Path object.
  • Python typing-extensions integrated
    • The typing-extensions module contains both backports of the standard typing module as well as experimental types that will eventually be added to the typing module.
  • importlib-metadata integrated
    • Importlib-metadata is a rolling backport library of standard metadata to access the metadata for a Python package.
  • Python packaging integrated
    • Python packaging implements reusable core utilities for various Python Packaging interoperability specifications. The packaging project includes the following: version handling, specifiers, markers, requirements, tags, utilities.
  • zpool status/import -s to display allocated and allocatable vdev space
  • sysadm(8) evacuate detailed progress messages
  • Deprecated getpw(3c)
  • Changed cache directory for PEAR from /tmp/pear to /var/share/pear

The following components have been updated to address security issues:

  • Apache Web Server to 2.4.52
  • Java 7 to jdk7u331
  • Java 8 to jdk8u321
  • ModSecurity to version 2.9.5
  • MySQL 5.7 to 5.7.36
  • NSS to 3.70
  • Samba to 4.13.14
  • Upgrade Django 2.2 to version 2.2.25
  • Upgrade Django 3.2 to version 3.2.10
  • fetchmail to 6.4.22
  • libexif to 0.6.24
  • ncurses to 6.3
  • webkitgtk to 2.34.1
  • g11n/im-ibus kernel/streams library/gd2 library/polkit utility/imagemagick utility/junit utility/mailman utility/php utility/pip utility/vim x11/xorg-server

The following components have also been updated:

  • HPLIP to 3.21.8
  • Jinja2 to 3.0.1
  • MarkupSafe to 2.0.1
  • PAPS to 0.20211014
  • Perl Tk module to 804.036
  • Update gnome-desktop to 41.0
  • Update gnome-keyring to 40.0
  • Valgrind to 3.18.1
  • at-spi2-core to 2.40.3
  • atkmm to 2.28.2
  • bash to latest patch bash51-012
  • beautifulsoup4 to 4.9.3
  • buildbot-worker to 3.4.0
  • dateutil to 2.8.2
  • debtcollector to 2.3.0
  • devhelp to 41.1
  • diffstat to 1.64
  • gedit and gedit-plugins to 3.34.0
  • glibmm to 2.66.2
  • gnome-autoar to 0.4.1
  • gnome-backgrounds to 41.0
  • gnome-calculator to 3.34.0
  • gnome-devel-docs to 40.3
  • gnome-system-monitor to 41.0
  • gnome-user-docs to 41.0
  • grilo-plugins to 0.3.13
  • gsettings-desktop-schemas to 41.0
  • gsound to 1.0.3
  • gtk-vnc to 1.2.0
  • gtk3 to 3.24.30
  • hexedit to 1.5
  • hg-python mediator vendor-priority to 3.7
  • libgd to 2.3.3
  • libgee to 0.20.4
  • libgxps to 0.3.2
  • libhandy to 1.4.0
  • libmediaart to 1.9.5
  • libssh2 to 1.10.0
  • meld to 3.21.0
  • meson to 0.59.2
  • minor update to gnome-shell 3.38.6
  • msgpack to 1.0.2
  • mutt to 2.1.3
  • nano to 5.9
  • netifaces to 0.11.0
  • orca to 41.0
  • oslo.config to 8.7.1
  • oslo.context to 3.3.1
  • oslo.i18n to 5.1.0
  • oslo.log to 4.6.0
  • oslo.serialization to 4.2.0
  • oslo.utils to 4.10.0
  • pango to 1.48.10
  • pbr to 5.6.0
  • poppler to 21.10.0
  • puppetlabs-apache to 5.10.0
  • pygobject3 to 3.42.0
  • pyparsing to 2.4.7
  • pytz to 2021.1
  • rfc3986 to 1.5.0
  • sg3_utils to 1.46
  • simplejson to 3.17.5
  • six to 1.16.0
  • stevedore to 3.4.0
  • sushi to 41.0
  • totem to 3.38.2
  • totem-pl-parser to 3.26.6
  • vte to 0.66.0

Full details of this SRU can be found in My Oracle Support Doc 2848201.1. For the list of Service Alerts affecting each Oracle Solaris 11.4 SRU, see Important Oracle Solaris 11.4 SRU Issues (Doc ID 2445150.1).