Dear Caldera Customer, Support Level Supplement (SLS) ptf4001q, the Caldera Network Maintenance Supplement, addresses the following problems.: SLS ptf4001q should be removed prior to installing the osmp package and then reinstalled afterwards. SLS ptf4001q obsoletes all earlier versions of ptf4001. SLS ptf4001q corrects all of the following problems. Problems corrected in SLS ptf4001b: 1. IP alias of name server fails. 2 In some cases, TCP does not return an ACK in response to a received packet. 3. After days of heavy usage nfsd hangs. UDP performance is poor. 4. Various PANICs occur. 5. System can 'hang' on boot up. 6. There are locking problems in rawip and route. 7. Server application can receive a 'protocol error' when executing accept(3N) which stops the server from accepting any new connections. 8. If installing a new NIC driver in IHV format, and the IHV diskette is an S5 filesystem, the installation process will hang. 9. Data loss occurs on a socket when shutdown(3N) is called. 10. Missing SIGPOLL on close if using Unix Domain Sockets in async mode. 11. There is a memory leak in libnsl. 12. A system hang can occur if all ports are in use. 13. lockd performs timeout requests too slowly; it was hardcoded to 15 seconds. (A new environment variable, CLIENT_DG_CREATE_TIMEOUT, was created to do this.) 14. SO_KEEPALIVE is not set by default on specific listening ports. 15. The system can hang after hours/days of heavy network usage on MP systems. Problems corrected in SLS ptf4001h: 1. Semaphores can be consumed by a server application. 2. If UW2compat is installed, a threaded server application can receive spurious errors from socketpair(3N). 3. A Netscape client can receive 'connection reset by peer' when downloading files from a Netscape server. 4. arp hangs during boot on multiprocessor UnixWare 2.1.3. 5. Configuring system as NIS client can cause a memory leak. 6. An application trying to make a connection to a non-existent service can cause the application to receive an unexpected SIGPIPE signal. 7. There is vulnerability to TCP SYN Flooding Attack CERT* Advisory CA-96.21. 8. There is vulnerability to LAND Attack CERT* Advisory CA-97.28. 9. If the DISPLAY variable is set to a remote machine, an X binary will fail with "Error: Can't open display:". Problems corrected in SLS ptf4001i: 1. A PANIC occurs in the function si_bcmp() under heavy use of UNIX domain sockets. 2. A TLI application can hang trying to do a strgetmsg(). 3. The system can potentially PANIC or hang due to incorrect locking code in udpclose(), icmpclose() and ripclose(). 4. Telnetting into a system takes longer after UnixWare 2.1.3 is installed. 5. A new /etc/conf/pack.d/tcp/space.c tunable was introduced: int tcp_out_size = 64; 6. SLS ptf4001i is now aware of UW2compat 7.1.0, and can be installed on systems which have that package installed. Problem corrected in SLS ptf4001j: 1. getsockopt(3N) TCP_NODELAY returns the opposite value compared to UnixWare 7. Problems corrected in SLS ptf4001k: 1. PANIC in getq_l() called from sockmodrsrv() under extreme circumstances. 2. PANIC seen when TCP_NDEBUG is set in the etcp space.c file. 3. In a multithreaded server application that executes the setsockopt(3) function, some of the threads can hang. 4. SLS ptf4001k is now aware of UW2compat 7.1.1, and can be installed on systems which have that package installed. 5. Client processes can hang in getmsg() when trying to connect to a server process running on the same machine. 6. Various system PANICs that were due to memory being reused. With the KMA PARANOID driver installed these were seen as PANICs from tcp_freespc(), due to the same TCP control block being freed twice. 7. A 'denial of service' PANIC when the KMA PARANOID driver is installed, which was caused by an incorrect call of getsockopt(). Problems corrected in SLS ptf4001l: 1. rpc function core dumps. 2. t_snd() can return unexpected TSYSERR/EPROTO errors. 3. If you execute two remote commands in sequence to an SCO UnixWare 2.1.3 system, with ptf4001k installed, it can hang, for example: rsh ls rsh ls or: rcp /tmp/foo foo rcp /tmp/foo foo 4. PANIC in do_ERROR(). 5. Make writing greater than the MTU to a broadcast address configurable. 6. inetd loops on accept and reports accept: No such device or address. Problems corrected in SLS ptf4001m: 1. Applications can experience memory loss if they continually call connect(3). 2. Executing rsh continuously in a loop can result in the error: "UX:rsh: ERROR: socket: protocol failure in circuit setup". Problem corrected in SLS ptf4001n: 1. /var/adm/pmd.log grows exponentially with the following message: APMT: Error during GetNextEvent. > (PM_THREAD_GETNEXT_FAILED) (856) Problem corrected in SLS ptf4001o: 1. t_listen fails with t_error TBADQLEN. In a TLI/XTI application using t_sync, the qlen value for the specified transport endpoint can be incorrectly set to zero locally within the transport library. Problems corrected in SLS ptf4001p: 1. nfsd can appear to hang but consumes a large amount of CPU time. 2. PANIC seen at putq_l+116 on SMP systems. Additional problems corrected in SLS ptf4001q: 1. A vulnerability to the buffer overflow attacks in the networking commands. Contents -------- /etc/conf/pack.d/app/Driver_atup.o /etc/conf/pack.d/app/Driver_mp.o /etc/conf/pack.d/arp/Driver_atup.o /etc/conf/pack.d/arp/Driver_mp.o /etc/conf/pack.d/dosfs/Driver_atup.o /etc/conf/pack.d/dosfs/Driver_mp.o /etc/conf/pack.d/icmp/Driver_atup.o /etc/conf/pack.d/icmp/Driver_mp.o /etc/conf/pack.d/inet/Driver_atup.o /etc/conf/pack.d/inet/Driver_mp.o /etc/conf/pack.d/ip/Driver_atup.o /etc/conf/pack.d/ip/Driver_mp.o /etc/conf/pack.d/ipc/Driver_atup.o /etc/conf/pack.d/ipc/Driver_mp.o /etc/conf/pack.d/ipc/Modstub.o /etc/conf/pack.d/ipc/stubs.c /etc/conf/pack.d/krpc/Driver_atup.o /etc/conf/pack.d/krpc/Driver_mp.o /etc/conf/pack.d/krpc/space.c /etc/conf/pack.d/net/Driver_atup.o /etc/conf/pack.d/net/Driver_mp.o /etc/conf/pack.d/nfs/Driver_atup.o /etc/conf/pack.d/nfs/Driver_mp.o /etc/conf/pack.d/rawip/Driver_atup.o /etc/conf/pack.d/rawip/Driver_mp.o /etc/conf/pack.d/route/Driver_atup.o /etc/conf/pack.d/route/Driver_mp.o /etc/conf/pack.d/sockmod/Driver_atup.o /etc/conf/pack.d/sockmod/Driver_mp.o /etc/conf/pack.d/sockmod/space.c /etc/conf/pack.d/tcp/Driver_atup.o /etc/conf/pack.d/tcp/Driver_mp.o /etc/conf/pack.d/tcp/space.c /etc/conf/pack.d/ticots/Driver_atup.o /etc/conf/pack.d/ticots/Driver_mp.o /etc/conf/pack.d/ticotsor/Driver_atup.o /etc/conf/pack.d/ticotsor/Driver_mp.o /etc/conf/pack.d/timod/Driver_atup.o /etc/conf/pack.d/timod/Driver_mp.o /etc/conf/pack.d/udp/Driver_atup.o /etc/conf/pack.d/udp/Driver_mp.o /usr/include/netinet/tcp_kern.h /usr/include/rpc/types.h /usr/include/sys/socket.h /usr/include/sys/sockmod.h /usr/lib/libnsl_i.so.UW2 /usr/lib/libnsl_i.so.UW7 /usr/lib/libnsl_i.so.UW710 /usr/lib/libnsl_i.so.UW711 /usr/lib/libresolv.so.UW2 /usr/lib/libsocket.so.UW2 /usr/lib/libsocket.so.UW7 /usr/lib/libsocket.so.UW710 /usr/lib/tcpip.so.UW2 /usr/lib/tcpip_nis.so.UW2 /usr/sbin/in.named Software Notes and Recommendations ---------------------------------- ptf4001q should only be installed on: UnixWare 2.1.3 Installation Instructions ------------------------- 1. Download the ptf4001q.Z file to the /tmp directory on your machine. 2. As root, uncompress the file and add the package to your system using these commands: $ su Password: # uncompress /tmp/ptf4001q.Z # pkgadd -d /tmp/ptf4001q # rm /tmp/ptf4001q Alternatively, this SLS package may be installed in quiet mode, that is, without displaying the release notes and asking for confirmation. To do this, use these commands: $ su Password: # uncompress /tmp/ptf4001q.Z # pkgadd -qd /tmp/ptf4001q all # rm /tmp/ptf4001q 3. Reboot the system after installing this package. The release notes displayed prior to installation can be found in: /var/sadm/pkg/ptf4001/install/ptf4001.txt Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su Password: # pkgrm ptf4001 2. Reboot the system after removing this package. If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier.