--------------------------------------------------------------------------- SCO OpenServer Release 5.0.7 Maintenance Pack 1 Release and Installation Notes --------------------------------------------------------------------------- The SCO OpenServer(TM) Release 5.0.7 Maintenance Pack 1 contains important fixes for your SCO OpenServer Release 5.0.7 system and should be applied at your next maintenance period. Specifically, the Maintenance Pack provides: + SCO OpenServer Release 5.0.7 Release Supplement (RS507A) + SCO OpenServer Release 5.0.7 Additional Drivers + updates to the Supplemental Graphics, Web, and X11 Libraries + updates to Perl + updates to the Apache Web Server These Release and Installation Notes contain critical information that you need to know before and after installing SCO OpenServer Release 5.0.7 Maintenance Pack 1. Familiarize yourself with the information that is relevant to your system, then install the Maintenance Pack according to the instructions in this document. _________________________________________________________________________ NOTE Unless otherwise noted, this document supplements the SCO OpenServer Release 5.0.7 Late News, which are still relevant. As information becomes available after the publication of these Release and Installation Notes, it is added to the SCO OpenServer Release 5.0.7 Late News document, available from the SCO web site at: http://www.sco.com/support/docs/openserver _________________________________________________________________________ These Release and Installation Notes cover the following topics: + Before installing the Maintenance Pack + Installing the Maintenance Pack + Removing the Maintenance Pack + Highlights of the Maintenance Pack - SCO Update support added to the Software Manager - New hardware support - Updates to the Supplemental Graphics, Web, and X11 Libraries - Updates to Perl - Updates to the Apache Web Server - List of problems fixed + Maintenance Pack notes and limitations Before installing the Maintenance Pack -------------------------------------- Before installing SCO OpenServer Release 5.0.7 Maintenance Pack 1, note the following: + Maintenance Pack 1 must be installed in its entirety. The RS507A Release Supplement is a critical requirement for the other components in the Maintenance Pack to function correctly. + Maintenance Pack 1 can only be installed on SCO OpenServer Release 5.0.7 systems. + Maintenance Pack 1 supersedes the following Supplements: - SLS OSS631 -- Supplemental Graphics, Web, and X11 Libraries - SLS OSS646 -- Execution Environment Supplement - SLS OSS656 -- Licensing Update _________________________________________________________________________ NOTE Do not install any of these supplements on your system after you have installed this Maintenance Pack. _________________________________________________________________________ Before installing the Maintenance Pack, you should remove OSS646A/OSS646B and OSS656A/OSS656B. It is not necessary to first remove any of the OSS631 supplements. When you remove the recommended supplements, you do not need to reboot the system after the kernel is re-linked. The Maintenance Pack installation also re-links the kernel -- you can reboot at that point. + Back up the data on your system and verify the integrity of the backup. Installing the Maintenance Pack ------------------------------- To install the SCO OpenServer Release 5.0.7 Maintenance Pack 1: 1. Log in as root. 2. Download the Maintenance Pack from either the SCO web site or using FTP: + to use the SCO web site, go to the SCO Update Service and Supplemental Downloads web page for SCO OpenServer Release 5.0.7: http://www.sco.com/support/update/download/osr507list.html + to use FTP, go to the SCO Support Download Area: ftp://ftp.sco.com/pub/openserver5/osr507mp Maintenance Pack 1 consists of a number of media image files with names of the form VOL.000.000, VOL.000.001, and so forth. Be sure to download all of the Maintenance Pack 1 media image files. 3. Start the Software Manager by double-clicking on its icon on the desktop, or by entering the following at the command-line prompt: scoadmin software 4. From the Software menu, select Install New. 5. When prompted for the host (machine), select the current host and then click on Continue. 6. Select Media Images as the Media Device, then click on Continue. (You may need to scroll down before you see the Media Images option.) 7. Enter the absolute pathname for the directory that contains the Maintenance Pack 1 media images. For example: /tmp/507mp1 Click on OK. 8. In the Install Selection window, make sure that the Maintenance Pack is highlighted then click on Install. ________________________________________________________________________ NOTE All components of the Maintenance Pack must be installed. The Apache Web Server, Perl, and the Supplemental Graphics, Web, and X11 Libraries components will not work correctly without the RS507A Release Supplement. ________________________________________________________________________ 9. If you previously installed any of the components that are modified by the Maintenance Pack, you are notified that these components will be upgraded. Click on Continue. Additionally, you are warned if certain packages in the Maintenance Pack will not be installed because the software they modify is not installed on your system. Click on Continue. 10. When the installation is complete, click on OK. The Software Manager lists Maintenance Pack 1 among the installed software. ________________________________________________________________________ NOTE If some of the Maintenance Pack packages were not installed because the corresponding software does not exist on your system, the Software Manager will show the Maintenance Pack as only partially installed. This is okay. The Maintenance Pack installation is complete for your current system configuration. ________________________________________________________________________ 11. Exit the Software Manager by selecting the Host menu, then Exit. 12. Reboot the machine, if required. If the Software Manager relinks the kernel during the installation, you must reboot before the new kernel takes effect. Installing the Maintenance Pack across the network You can install SCO OpenServer Release 5.0.7 Maintenance Pack 1 from one SCO OpenServer Release 5.0.7 system onto another across a TCP/IP network. To do so, you need a software server, which you can create as described in ``Installing and managing software over the network'' in the SCO OpenServer Networking Guide. This server has a user account called swadmin. Install or load Maintenance Pack 1 on the software server, as described in ``Installing the Maintenance Pack''. Also see ``Installing and managing software components'' in the SCO OpenServer Handbook for more information on loading software. To install Maintenance Pack 1 onto a local machine once the Maintenance Pack is available from the software server, start the Software Manager and select Install New. In the Begin Installation window, you are prompted for the source location of the Maintenance Pack. Select From Another Host. You need to provide the name of the software server, as well as the password of the swadmin user on the software server. Removing the Maintenance Pack ----------------------------- _________________________________________________________________________ NOTE Because of interdependencies between the components that are included in Maintenance Pack 1, partial removal of the Maintenance Pack is not supported. _________________________________________________________________________ _________________________________________________________________________ WARNING Removing Maintenance Pack 1 de-installs the Apache Web Server, Perl, and Supplemental Graphics, Web, and X11 Libraries components. When these components are removed, many system functions will cease to work, including web services, DocView and the man command, Squid, Samba, and the GNU Development Tools (if installed). After removing the Maintenance Pack, it is imperative that you reinstall the Apache Web Server, Perl, and Supplemental Graphics, Web, and X11 Libraries components from your SCO OpenServer Release 5.0.7 System CD-ROM. This section explains how to do this. _________________________________________________________________________ To remove the Maintenance Pack and reinstall your Release 5.0.7 versions of the Apache Web Server, Perl, and Supplemental Graphics, Web, and X11 Libraries components: 1. Log in as root. 2. Start the Software Manager by double-clicking its icon on the desktop, or by entering the following at the command-line prompt: scoadmin software 3. Select the Maintenance Pack in the list of installed software. 4. From the Software menu, select Remove Software. In the confirmation window, verify that you selected the correct software, then click on Remove. 5. A window displays, showing you a list of software that will stop functioning after the Maintenance Pack is removed. Click on Continue. 6. When the Removal complete window appears, click on OK. 7. Because the SCO Update feature was removed from the Software Manager, you need to restart the Software Manager before continuing. From the Host menu, select Exit. 8. Insert the SCO OpenServer Release 5.0.7 System CD-ROM into the drive. 9. Restart the Software Manager, as you did in Step 2. 10. From the Software menu, select Install New. 11. When prompted for the host (machine), select the current host and then click on Continue. 12. Select the appropriate CD-ROM drive as the Media Device, then click on Continue. 13. In the Install selection window, locate the operating system edition (i.e., Enterprise, Desktop, or Host) that you installed and double- click to expand it. 14. Double-click on the UNIX component. This is always the first entry in the list. 15. Double-click on the Core OS component. 16. Holding down the key, click on the following components to select them for installation: Perl 5.8.0 Perl 5.8.0 Extensions Supplemental Graphics, Web, and X11 Libraries Apache Web Server mod_perl for Apache mod_ssl for Apache php4 for Apache Apache XML Toolkit (AxKit) Perl ASP Support for Apache When all of these components are highlighted, click on Install. 17. When the installation is complete, click on OK. 18. Exit the Software Manager by selecting the Host menu, then Exit. 19. Reboot the machine. Because the Software Manager relinks the kernel, you must reboot before the new kernel takes effect. Highlights of the Maintenance Pack ---------------------------------- Changes and additions provided by the SCO OpenServer Release 5.0.7 Maintenance Pack 1 include: + SCO Update support added to the Software Manager + new hardware support + updates to the Supplemental Graphics, Web, and X11 Libraries + updates to Perl + updates to the Apache Web Server + list of problems fixed SCO Update support added to the Software Manager This Maintenance Pack modifies the Software Manager to add support for SCO Update, a mechanism that gives you instant access to all SCO OpenServer Release 5.0.7 enhancements, updates, bug fixes, and security fixes and allows you to install the software you need directly over the Internet. As long as you have an SCO OpenServer Release 5.0.7 system with Internet access, you can take advantage of SCO Update whether you are using the SCO Update Service's free Basic Maintenance plan or you purchased the Upgrade option: + SCO OpenServer maintenance packs, hardware drivers, and supplements are available to all customers. + SCO OpenServer update packs are available if a registered SCO Update Service (SUS) Enabler license is installed on your system. To review Release Notes and Readme files for software that you want to install via the SCO Update feature, go to the SCO Update Service and Supplemental Downloads web page for SCO Release 5.0.7: http://www.sco.com/support/update/download/osr507list.html To use SCO Update: 1. Log in as root. ________________________________________________________________________ NOTE You should have rebooted your system after installing Maintenance Pack 1. At the very least, you need to restart the Software Manager to be able to use the new SCO Update functionality. ________________________________________________________________________ 2. Start the Software Manager by double-clicking on its icon on the desktop, or by entering the following at the command-line prompt: scoadmin software 3. From the Software menu, select SCO Update. The system connects to the SCO Update server. The Install Selection window displays all of the SCO OpenServer Release 5.0.7 update packs, maintenance packs, drivers, and so forth that are currently available. 4. Highlight the desired software and click on Install. The selected software is automatically downloaded and installed on your system. 5. When the installation is complete, click on OK. 6. Exit the Software Manager by selecting the Host menu, then Exit. 7. Reboot the machine, if required. If the Software Manager relinks the kernel during the installation, you must reboot before the new kernel takes effect. We recommend that you use SCO Update periodically to check if new updates, fixes, or drivers for SCO OpenServer Release 5.0.7 are available. New hardware support SCO OpenServer Release 5.0.7 Maintenance Pack 1 provides new support for the following hardware: + Intel(r) PRO/1000 PCI gigabit ethernet adapters + NVIDIA(r) RIVA TNT2, Vanta, and GeForce2 chipset-based video adapters Intel PRO/1000 PCI gigabit ethernet adapters This Maintenance Pack includes version 1.0.8 of the eeG driver, which provides support for the following Intel PRO/1000 PCI gigabit ethernet adapters: Intel PRO/1000 XT Server Adapter (PWLA8490XT) Intel PRO/1000 XT Server Adapter (PWLA8490XTL) Intel PRO/1000 XT Lo Profile PCI Server Adapter (PWLA8490XTL) Intel PRO/1000 XF Server Adapter (PWLA8490XF) Intel PRO/1000 MT Desktop Adapter (PWLA8390MT) Intel PRO/1000 MT Server Adapter (PWLA8490MT) Intel PRO/1000 MT Dual Port Server Adapter (PWLA8492MT) Intel PRO/1000 MF Server Adapter (PWLA8490MF) Intel PRO/1000 MF Server Adapter (LX) (PWLA8490LX) Intel PRO/1000 MF Dual Port Server Adapter (PWLA8492MF) _________________________________________________________________________ NOTE This driver uses a dedicated streams pool. When the driver is installed, the NSTRPAGES kernel parameter is automatically increased to 2000 buffers if the current setting is less than this value. _________________________________________________________________________ Version 1.0.8 of the eeG driver may drop network connections occasionally while under heavy FTP loads that last for extended periods of time. If you experience this problem, restart the FTP connection. NVIDIA RIVA TNT2, Vanta, and GeForce2 chipset-based video adapters This Maintenance Pack includes the nvidia driver, which provides support for the following NVIDIA RIVA TNT2, Vanta, and GeForce2 chipset-based video adapters: NVIDIA RIVA TNT2/TNT2 Pro NVIDIA RIVA TNT2 Ultra NVIDIA Vanta/Vanta LT NVIDIA RIVA TNT2 Model 64/Model 64 Pro NVIDIA Aladdin TNT2 NVIDIA GeForce2 MX/MX 400 NVIDIA GeForce2 MX 100/200 NVIDIA Quadro2 MXR/EX Jaton 3DForce2 MX-64 SIIG Inc. Aurora AGP 32MB-TNT2 M64 HP GeForce2 MX 32MB Graphics Card Updates to the Supplemental Graphics, Web, and X11 Libraries The following changes are included in the Supplemental Graphics, Web, and X11 Libraries (previously SLS OSS631B): + added Xerces-C version 2.2.0 + added Xalan-C version 1.5.0 + added Sablotron version 0.98 + added JavaScript version 1.5rc4 (Mozilla SpiderMonkey) + added ICU (International Components for UniCode) version 2.4 + added cURL version 7.10.5 + GNU gettext updated to version 0.11.5 + OpenSSL updated to version 0.9.6j + Berkeley DB updated to version 4.1.25 + patch 1 + JASper updated to version 1.700.2 + libMNG updated to version 1.0.5 + NetPBM updated to version 10.17 + GTK+ 2 updated to version 2.2.2 + Pango updated to version 1.2.3 + ATK updated to version 1.2.4 + GLIB 2 updated to version 2.2.2 + SLang updated to version 1.4.9 + libmm updated to version 1.3.0 + libxml2 updated to version 2.5.8 + libxslt updated to version 1.0.31 + xmlsec updated to the official 1.0.3 version + OpenSLP updated to version 1.0.11 + SASL updated to version 2.1.14 + lcms updated to version 1.10 + pkg-config updated to version 0.15 + OpenLDAP updated to version 2.1.22 + FreeType2 updated to version 2.1.4 + PCRE updated to version 4.3 + TIFF updated to version 3.5.7 + GDOME updated to version 0.7.4 + GD updated to version 2.0.15 (version 1.8.4 provided as well) + dependency errors in several configuration scripts have been fixed + several missing include files now included + all gwxlibs libraries are compiled with -D_REENTRANT for better interoperation with software threads libraries + several missing aclocal M4 packages now included + the library files for the SLang shell (slsh) now included + fixed the zlib gzprintf() CERT vulnerability + fixed a GDK compile error that was preventing shared memory from being used + fixed a compilation error in libmm that was causing multiple shared memory mechanisms to be defined + all libraries compiled with FD_SETSIZE set to the maximum value so that these libraries can work with systems that allow a large number of open file descriptors Updates to Perl The following changes are included in the Perl 5.8.0 component: + added several XML-related CPAN modules + updated several core modules such as Digest::MD5 + fixed re-entrancy problems so Perl interacts better with user-level threads programs + entire suite compiled with FD_SETSIZE set to the maximum value, to work with systems that allow a large number of open file descriptors + now configured to support 64-bit integers and the ``long double'' type for greater numeric precision Updates to the Apache Web Server The following changes are included in the Apache Web Server component: + Apache Web Server updated to version 1.3.28 + PHP updated to version 4.3.2 + mod_ssl updated to version 2.8.15 + AxKit updated to version 1.61 + entire suite compiled with FD_SETSIZE set to the maximum value, to work with systems that allow a large number of open file descriptors. Allows more than 256 Apache servers to run simultaneously. List of problems fixed The SCO OpenServer Release 5.0.7 Maintenance Pack 1 contains the following bug fixes: + A problem that prevented kernel builds from succeeding if $ROOT was longer than 60 characters has been fixed. + The licensing system has been corrected so that the brand(ADM) command now recognizes pre-Release 5.0.7 User and CPU licenses. In addition, the Licensing Policy Manager Daemon (sco_pmd) has been fixed so that system restores now correctly restore the SCO System ID. This fix makes the OSS646 supplement obsolete and unnecessary. fz527794 + A panic was corrected in the HTFS filesystem driver. This panic sometimes occurred when mounting an AFS, EAFS, or HTFS filesystem with less than 42Kbytes of free space. fz527790 + A problem on USB keyboards where typed characters sometimes repeated has been fixed. This problem tended to occur on IBM(r) Blade servers with a built-in AT-to-USB keyboard adapter. fz527743 + Fixed a null dereferencing problem in MMDF. fz527660 + Changed MMDF format specs so that the date registered in email headers is padded with a leading zero if the message is sent in a single-digit hour (i.e., between 1 and 9 o'clock). This addresses the problem of some anti-spam applications assigning high spam scores to messages simply because the format of the hour in the date header does not match the applications' good-date-header test, which expects hours to be represented in double-digits. + Fixed a security vulnerability in the sendmail binary that could be exploited by remote users to gain root access. fz527482/erg712245/CSAA-2003-SCO.6 + The chmod(C) command was modified so it does not apply changes to files if permissions are already correct. This modification may significantly improve performance, especially over an NFS mount, of commands like: chmod -R +r /data + The crontab(C) command has been corrected to always exit with an error status if it fails, or zero (no error) status if it succeeds. fz300043 + Fixed the ps(C) command so the -o pcpu option reports an accurate value. fz527713 + A problem was corrected which caused uudecode(C) to dump core when decoding from standard input. fz527731 + Two options have been added to the mount(ADM) command: -l With no other options or arguments, only displays local (not network-mounted) filesystems. -w Mount the filesystem for read/write access. Overrides settings specified in the /etc/default/filesys file. The mount(ADM) manual page has not yet been updated with information about these new options. + A buffer overflow in the wordwrap() function in releases of PHP previous to version 4.3.0 and later than version 4.1.2 has been fixed. Under certain circumstances, this buffer overflow created a security vulnerability. fz527514/erg712258 + Fixed a security vulnerability where a TCP/IP socket could become permanently stuck in a SYN_SENT state, thereby making the system vulnerable to a denial-of-service attack. fz526775/erg712173/erg711405 + The problem of data transfers not always working if the FTP daemon was configured in /etc/services to run on a non-standard port or if the daemon was invoked with the -P argument has been fixed. fz527753 + The telnetd(ADMN) command now has an option to specify which pseudo- terminals (ptys) to use: -r pty where the pseudo-terminal (pty) can be specified in one of the following ways: -r ptynum use only the specified pty number, ptynum -r low- use ptys starting at pty number low -r -high use ptys from 0 through pty number high -r low-high use ptys in the specified range The -r option is generally useful in the following situations: + Restrict telnetd to using ptys in a given range, so that other ptys can be dedicated to other functions. + Assign a telnetd that is bound to a particular non-standard port a specific pty so that a login on that port will always get the same pty name (as required by some older applications created when hard-wired serial terminals were the norm). The telnetd(ADMN) manual page has not yet been updated with information about the -r option. fz527717/erg712178 + Integer overflow vulnerabilities were corrected in SUNRPC adr_array(), xdrmem_getbytes(), and related functions. Theoretically, these vulnerabilities could be exploited to gain a privilege escalation. fz525724/fz526830/erg501641/erg712178/CA-2002-25/CAN-2002-0391/ CAN-2003-0020/VU#192995/VU#516825 + A buffer overflow in BIND that could lead to security vulnerabilities has been fixed. fz526617/erg712158 + Fixed some minor problems in the PPP Connection Wizard interface. + Fixed an SMP problem where PCI interrupt sharing was broken when one or more of the drivers sharing an interrupt was able to handle the interrupt on any processor. Symptoms of this problem included spurious and lost interrupts. fz526928 + Fixed a panic that occurred when booting a system with SMP installed. The panic occurred most commonly in kmem_alloc() while the /etc/sysdump -qi /dev/swap -o /dev/swap command was running in a different process. Typically, this problem was encountered on systems with large swap areas (around 2.5GB) and the usb_ohci driver enabled. fz527402 + Fixed a problem that caused the Mylex/BusLogic blc SCSI HBA driver to fail when booting with SMP installed. The error message produced in this situation was: WARNING: apic - no BIOS information found for irq + Fixed a number of bugs in SCO OpenServer Development System header files and tools. fz527564/fz527644/fz527678 + The C Compilation Subsystem (CCS) has been updated to be more strictly gABI compliant. This includes changes to the assemblers, link editors, and startup files to support the special .init_array and .fini_array sections in ELF programs that certain third-party C++ compilers use. fz527038/fz527718 Maintenance Pack notes and limitations -------------------------------------- The following notes and limitations apply to the SCO OpenServer Release 5.0.7 Maintenance Pack 1: + You will not be able to use the SCO Update feature in the Software Manager if you are behind a firewall that prevents incoming FTP connections (i.e., the use of passive FTP is required). If you try to connect to the SCO Update server in this situation, the Software Manager displays the following timeout message after a few minutes: Unable to initialize device A fix for this problem will be made available in the near future. + If you completed a backup of your system prior to installing Maintenance Pack 1 or the SCO OpenServer Release 5.0.7 Licensing Update (SLS OSS656B), you should refresh the backup after you complete the installation of Maintenance Pack 1. If you need to restore a system using a backup that was created prior to the installation of Maintenance Pack 1 or OSS656B, the Licensing Policy Manager Daemon (sco_pmd) may not start. If you experience this, log in as root, put the system in single-user mode, and run the following: brand -B oyrarg Afterwards, reboot your system; the sco_pmd daemon will now be able to start. + If you encounter a situation where you need to stop the Licensing Policy Manager Daemon (sco_pmd) -- for example, you are migrating a system on the network to new hardware and you start receiving duplicate license violations -- be sure to use the following command for an orderly shutdown: sco_pmd -s For more information on sco_pmd, including how to start and stop the daemon, see the sco_pmd(ADM) manual page. + Due to the new version of libmm provided in Maintenance Pack 1, many SCO OpenServer daemons now consume more System V IPC semaphores than in previous releases. The default allocation of unique semaphore sets that can be active at any given time is now too low. Consequently, the Apache Web Server, DocView Help System, and any other application that makes use of in-kernel semaphores will not run after Maintenance Pack 1 is installed. To increase the semaphore allocation, set the SEMMNI tunable parameter to a minimum of "25". We recommend setting a value between "100" and "256". See ``Kernel parameters that you can change using configure'' in the Performance Guide and the configure(ADM) manual page for more information. + A typographical error in the /usr/lib/pkgconfig/freetype2.pc file should be corrected. Because of this error, some Open Source applications may be unable to determine that FreeType2 exists and is functioning correctly. Edit this file and locate the last line. Correct the listed directory name so it reads: freetype2 instead of the current entry of: freetype ____________________ Copyright (c) 2003 The SCO Group, Inc. All rights reserved. Date: 15 August 2003