UnixWare 7.1.3 Update Pack 4 New Features and Notes May 2004 This document provides installation instructions, new feature descriptions, and release notes for Unixware 7.1.3 Update Pack 4. Update Pack 4 is the final Update Pack for UnixWare 7.1.3 and is a non-removable upgrade to UnixWare 7.1.4. In order to receive Update Packs for UnixWare 7.1.4, you will need a new SCO Update License for this new release. To obtain a new license, please contact your software supplier. Complete UnixWare documentation is available on the Documentation and Support Web Sites. Your UnixWare system serves the online documentation set, including manual pages, on http://hostname:8458 (where hostname is the network name or IP address of the UnixWare system, or localhost when using a browser on the system running DocView). Contents Installation Notes Installation Procedures Complete New Feature List Update Pack 4 New Features Update Pack 3 New Features Update Pack 2 New Features Update Pack 1 New Features Problems Fixed Known Problems and Workarounds ------------------------------------------------------------------------ Installation Notes About Maintenance Packs and Update Packs Update Pack System Requirements Obtaining Update Packs Licensing Update Packs Update Pack Contents About Maintenance Packs and Update Packs There are two support "tracks" for UnixWare: Maintenance Packs A Maintenance Pack (MP) is a collection of fixes for reported problems distributed as a single installable package. Maintenance Packs are made available periodically when such fixes are available, and can be downloaded and installed free of charge. Maintenance Packs are cumulative, so only the latest one needs to be installed. If installed individually, they must be installed in the order they are issued (i.e., MP1, MP2, etc.). A Maintenance Pack typically is accompanied by a single text file with installation instructions and release notes. It is important to note that a Maintenance Pack cannot be installed onto a system that already has an Update Pack installed. This restriction ensures the integrity of the software installed on your system. Update Packs An Update Pack (UP) is a collection of features, enhancements, and problem fixes distributed as a single package or set, plus additional packages, in a CD ISO image. Update Packs are made available quarterly (for a licensing fee) to registered customers of the SCO Update Service. Update Packs are cumulative; you only need to install the current Update Pack to pick up all the features, enhancements, and fixes issued in all previously issued Update Packs and Maintenance Packs. If installed individually, they must be installed in the order they are issued (i.e., UP1, UP2, etc.). The current UP can be installed on top of any previously issued Maintenance Pack (MP). Each Update Pack comes with full documentation, including installation and release notes (like the document you are reading now), that explain the target system requirements. No MP can be installed on a system that has one or more UPs already installed. Switching Tracks If you already have one or more Maintenance Packs installed, you can switch over to the UP track by installing the Update Pack that includes all the Maintenance Packs you have currently installed. For example, if you have Maintenance Pack 2 installed, you can switch over to the UP track by installing Update Pack 2 or later. If you are an Update Pack customer and want to switch over to the MP track, you must first remove all Update Packs installed on your system (in the reverse order they were installed), and then install the latest Maintenance Pack. For example, if you loaded UP1 and then UP2 onto your system, and want to switch over to the MP track, remove UP2 and then UP1 from the system. Once all the Update Packs are removed, install the currently available Maintenance Pack. NOTE: Update Pack 4, because it implements changing the system from a 7.1.3 system to a 7.1.4 system, cannot be removed. It is therefore critical that you back up your system before installing Update Pack 4 should you for any reason want to go restore the previously running configuration. See: Before Beginning: Backup Your System. UnixWare Maintenance Packs and Update Packs are available from the UnixWare Supplements Web Page. Update Pack System Requirements Update Pack 4 can be installed only on a Release 7.1.3 system. The system may have any combination of previously issued Maintenance Packs and Update Packs installed. If you have any Maintenance Pack later than MP3 installed, you must remove it using pkgrm(1M) before installing Update Pack 4. Use the pkginfo(1) command or the scoadmin application installer to check your current software configuration. Please Note: If you install an Update Pack on a system with one or more Maintenance Packs already installed, do not attempt to remove any of the Maintenance Packs from the system after installing the Update Pack. This will lead to unexpected system behavior. Most individual packages distributed with Update Packs require the installation of the Update Pack Set in order for the software to work correctly. Obtaining Update Packs Update Packs (and Maintenance Packs) are available for download from the UnixWare Supplements Web Page. A registered SCO Update Service license is required to install the Update Pack Set and other licensed packages distributed with the Update Pack CD. Once registered, you can install the Update Pack from the CD ISO image. The ISO image can be written to a CD-ROM using any Windows or Unix CD recording software, such as cdrtools on UnixWare. The ISO image file can also be mounted directly without being written to a CD, as shown in the procedures below. Customers can also receive Update Packs on CD-ROM directly from SCO. For more information, please see your software supplier or go to the SCO Update Ordering Web Page. Licensing Update Packs A registered SCO Update Service (SUS) Enabling license is required to install the Update Pack Set and other packages indicated in the section Update Pack Contents. If you attempt to install any of these packages on a system that does not have a registered SUS license, the installation will fail. To check your current licenses, launch SCOadmin from the graphical desktop and select License Manager, or launch the License Manager from the command line (as root): scoadmin license The License Manager's main screen displays the currently installed licenses. One of these should mention the SCO Update Service. If you do have a SCO Update Service license installed, it must also be registered in order to allow you to install the Update Pack Set. If the Registered column for your SCO Update Service license or bundled license does not have a "Yes" or "N/A", you need to register that license before attempting to install the Update Pack Set. An SUS Enabling license can be purchased as part of your License Edition (e.g., Base, Departmental, Enterprise, etc.), or purchased separately. Contact your software supplier if you do not have an SUS license or go to the SCO Update Ordering Web Page. For registration information, please see the SCO Update Service Registration web site. The entire process of installing licenses on your system and registering your SCO Update Service license is described in the online documentation under Installation and Licensing>Getting Started Guide>CD Contents, Licensing, Installation Profiles, and Support. The Getting Started Guide is also available in a number of file formats from the UnixWare Doc Web Page. Update Pack Contents Update Pack 4 consists of a single Update Pack Set named uw713up4, as well as a number of additional updated packages. The table below lists the package and set names as they are found on the Update Pack CD ISO image and optional Update Pack CD. Packages on the CD are in datastream format (files ending in .image) and in file system format (a directory with the same name as the package). The Installation Procedures section show you how to install both types of package formats. The Update Pack Set requires a license; most other packages and sets do not. Those packages and sets that do require a license are indicated in the table below by an asterisk (*) before the package or set name. Update Pack Contents Package/Set Description The Update Pack 4 Set installs these packages: *uw713up4.image Set * *libc - Updated Runtime C Library * *libthread - Updated Runtime Thread Library * *update714 - Updates that did not require a package recut adpu320 package New Adaptec Ultra320 Family PCI SCSI HBA d3.0 adst70 package Updated Adaptec Ultra160 Family PCI SCSI HBA d3.14 apache package Updated Apache Web Server 1.3.29 basex package Updated X11R6 Base X Runtime System *cups/image package New Common UNIX Print System (CUPS) Client and Server 1.1.19-01 *cupsdev.image package New CUPS Development Libraries 1.1.19 cupsdoc package New CUPS Online Guides and Manual Pages 1.1.19 db package New Berkeley DB v4.1 library for open source OpenLDAP software suite foomatic package New Foomatic V3.0.0-01 -- Printer Filters and PPDs for CUPS gimpprint package New Printer Drivers and PPD files for CUPS and foomatic 4.2.5 *glib.image package New Library of utility functions for Gimp ToolKit 1.2.10 gs package ESP Ghostscript 7.05.6 PostScript/PDF Interpreter with GNU Ghostscript 6.0 fonts *gtk.image package New Gimp ToolKit 1.2.10 - runtime library for graphical user interfaces to X hpijs package New HP Inkjet Printer Driver (hpijs) and PPD Files 1.5 ide package Updated Generic IDE/ATAPI Driver iir package New Intel Integrated Raid (IIR) HBA Driver Package 2.33 j2jre131 package Updated Java 2 SE 1.3.1_10 Runtime Environment j2sdk131 package Updated Java 2 SE 1.3.1_10 Software Development Kit j2plg131 package Updated Java 2 SE 1.3.1_10 Java Plug-in (Netscape and Mozilla) j2pls131 package Updated Java 2 SE 1.3.1_10 Demos and Debug *j2jre142.image package Updated Java 2 SE 1.4.2_03 Runtime Environment *j2sdk142.image package Updated Java 2 SE 1.4.2_03 Software Development Kit New Java support for RS-232 serial I/O and IEEE javaxcomm package 1284 parallel I/O based on Sun COMM 2.0 and RXTX 1.4-8 jpeg package New JPEG Image File Compression Library and Utilities libIDL.image package New Library for creating CORBA Interface Definition Language (IDL) files 0.6.8 libpng package New PNG (Portable Network Graphic) File Library 1.2.5 *mozilla.image package New Mozilla Internet Browser 1.2.1b mpt package New LSI Logic Fibre Channel HBA Driver 1.3.26 nd package Updated Network Drivers nics package Updated Netdriver Infrastructure and Configuration Subsystem *openldap package New Open Source OpenLDAP software suite 2.1.22 openssh package Updated Secure Shell remote access utility 3.7.1p2 (OpenSSH) openssl package Updated Secure Sockets Layer / TLS cryptography toolkit 0.9.7c (OpenSSL) openssld package Updated OpenSSL Documentation *perl.image package New Perl Programming Language 5.8.0 pgsql package New PostgreSQL Database Management System 7.4.2 ppp.image package Updated Point-to-Point Protocol (PPP) qlc2200 package Updated QLogic PCI Fibre Channel HBA Driver 3.12 qlc2300 package Updated QLogic PCI Fibre Channel HBA Driver 3.04 samba package New Samba 3.0 - A Windows SMB/CIFS fileserver for UNIX tiff package New TIFF Image File Libraries and Utilities 3.5.7 *udienv.image package Updated Uniform Driver Interface (UDI) 1.01 Runtime Environment uli package Upgrade Wizard for Update Packs urwfonts package Updated (URW)++ Free X11 Fonts 2.0 for Java *usb.image package Updated Universal Serial Bus (USB) 2.0 Drivers uw7updoc package Updated online topics uw7upman package Updated manual pages xdrivers package Updated X11R6 Graphics Drivers, Grafinfo Files and Configuration Scripts xfonts package Updated X11R6 100dpi, 75dpi, Speedo, Type1, and Miscellaneous Fonts xserver package Updated X11R6 X Server, Utilties, Font Server zlib package Updated zlib - General Purpose Data Compression Library 1.2.1 ------------------------------------------------------------------------ Installation Procedures Before Beginning: Backup Your System Installing the Update Pack from CD Installing Additional Packages after the Update Pack Set Checking Update Pack Installation Reinstalling the Update Pack Recovering Files Overwritten by the Update Pack Removing the Update Pack Please see the section Known Problems and Workarounds before beginning installation of the Update Pack. Before Beginning: Backup Your System Before you install any software or documentation from the Update Pack, it is important that you back up your system. A current system backup makes it easy to recover any files overwritten during the installation of the Update Pack. While the Update Pack Set does make copies of all the files it updates, not all supplemental packages do so. See Recovering Files Overwritten by the Update Pack (below) and Backup and Restore (in the online documentation) for more information. NOTE: Update Pack 4, because it implements changing the system from a 7.1.3 system to a 7.1.4 system, cannot be removed. It is therefore critical that you back up your system before installing Update Pack 4 should you for any reason want to go restore the previously running configuration. Installing Update Packs from CD The procedure below shows you how to install the Update Pack using the Upgrade Wizard, from either a mounted ISO CD image, or from a CD to which the ISO image has been written. The instructions below assume you are using the Upgrade Wizard in graphical mode. If uli is executed on the console without X Window or another process running on vt01, the default back-end package installer is the morepkgs interface, where packages are presented in a single vertical list and selected and de-selected via the spacebar rather than Add and Remove buttons. To disable use of the morepkgs interface, the following environment variable can be set before uli is executed: # ULI_USE_MOREPKGS=NO # export ULI_USE_MOREPKGS NOTE: You must install the Update Set before installing most of the other packages available with the Update Pack. This is done automatically by the Upgrade Wizard. If you are applying the Update Pack to a newly installed or upgraded UnixWare system, be sure to reboot the system after the installation or upgrade is complete and before you apply the Update Pack. 1. Log into the system as root. 2. Do one of the following: a. If you have a CD with the Update Pack image on it, insert the CD into the primary CD drive and go to the next step. b. If you have the CD ISO image, copy the image into any directory that has enough file system space to hold the CD image; we use /var/spool/pkg in these procedures. Then, use the marry(1M) and mount(1M) commands, as in this example, to mount the CD ISO image as a device: # marry -a /var/spool/pkg/uw713up4CDimage.iso /dev/marry/var/spool/pkg/uw713up4CDimage.iso # mount /dev/marry/var/spool/pkg/uw713up4CDimage.iso /install Note that the return value of the marry command is used as the first argument of the mount command. You can also use the series of commands shown in the example below to reduce the amount of retyping required: # device=`marry -a /var/spool/pkg/uw713up4CDimage.iso` # echo $device /dev/marry/var/spool/pkg/uw713up4CDimage.iso # mount $device /install The first command assigns the return value of the marry command to the environment variable $device. Note that the marry command is enclosed by backquote characters (`) -- not single quotes. (On many keyboards, the backquote character is found on the upper-left side of the keyboard.) The return value can be checked for errors using the echo command as shown. 3. Install the uli (Upgrade Wizard) package from the CD. Use either the SCOadmin Application Installer from the graphical desktop, or the following command line: # pkgadd -d device uli where device is cdrom1 if you followed Step 2a; or, /install if you followed Step 2b. 4. Once the uli package is installed, launch the Upgrade Wizard. Do one of the following: a. If you are using a CD in the CD drive (Step 2a), start the Upgrade Wizard by launching SCOadmin from the graphical desktop and selecting Software Management > Upgrade Wizard; or, enter the following at a shell prompt: # uli b. If you are using a mounted CD ISO image (Step 2b), start the Upgrade Wizard from the command line by entering the following command: # uli -f device where device is the name of the directory where you mounted the ISO image in Step 2b (/install in the example). 5. When the Upgrade Wizard starts, a screen displays a message that the Upgrade Wizard will install the Update Pack software. Select Next to continue. 6. The Upgrade Wizard displays the Software License Agreement. Select Accept to continue. 7. If you followed Step 4a and used the uli command with no options, skip to the next step. Otherwise, if you followed Step 4b and used uli -f, a screen is displayed that lists the primary CD drive and the directory you specified, with the directory selected as the default installation device. Select Next to continue and install from the directory. 8. The Wizard checks the contents of the installation device for the Update Pack. Select Next to continue and begin installing the Update Pack. 9. The Upgrade Wizard automatically installs the Update Pack Set (see the Update Pack Contents), displaying installation messages in a new window. 10. When the Upgrade Wizard finishes installing the Update Pack Set, it displays the Package Selection List, a list of the additional packages on the CD that are not installed automatically by the Update Pack Set. If the Wizard detects previous versions of any of the Update Pack CD packages on your system, the updated version on the CD appears in the Chosen Packages list on the right. Use the Remove button to move packages that you don't want to install from the Chosen Packages list to the Available Packages list. Any packages that remain in the Available Packages list will not be installed. NOTE: Some packages on the CD may not be presented in the Package Selection List. This happens when the Upgrade Wizard does not find a previous version of the package on your system. In order to install such a package using the Upgrade Wizard, you need to first install the package from the original UnixWare media used to install the system (along with any prerequisite packages). Or, use pkgadd(1M) to install the package instead. After you are done installing software with the Upgrade Wizard, see the section Installing Additional Packages after the Update Pack Set and use pkgadd(1M) instead of the Upgrade Wizard to install the Update Pack version of any package not listed for selection by the Upgrade Wizard. If a package installation fails because a prerequisite package was not found, you will first need to install the prerequisite package from the Update Pack or the original installation media. When you are finished choosing packages, select Next to continue. 11. A summary of your package selections and the space they require on your hard disk is displayed. Select Next to confirm your selections and continue. Select Previous to go back to the previous step and change the Package Selection List. 12. After you confirm your package selections, the Upgrade Wizard installs the packages you selected. It displays a progress bar as each package is installed. When the Wizard is done, select Finish to exit. 13. If you followed Step 1a, go to the next step. Otherwise, if you followed Step 1b, unmount the CD image and delete the marry device: # umount /install # marry -d /dev/marry/var/spool/pkg/uw713up4CDimage.iso 14. Reboot your system to rebuild the kernel. From the Desktop, use the SCOadmin Shutdown Manager. From the command line, enter the following: # shutdown -i6 -g0 -y 15. When the system comes back up, you can log in and check the installation as shown in the section Checking Update Pack Installation. If you decide that you want to add additional packages from the Update Pack CD, see the section Installing Additional Packages after the Update Pack Set. Installing Additional Packages after the Update Pack Set After you have installed the Update Pack Set and rebooted your system, you can use either the Upgrade Wizard or the pkgadd(1M) command to install any packages that you did not select when you installed the Set. If any desired package cannot be installed because a prerequisite package was not found, install the prerequisite package (either from the Update Pack or the original UnixWare installation media), and then attempt to install the desired package again. Using the Upgrade Wizard will re-install the Update Set automatically before installing additional packages. Use the pkgadd command if you want to: * load additional packages without re-installing the Update Set * install .image files (package datastreams) from the download site or the Update Pack CD * add any packages from the CD or CD ISO image not offered for installation by the Upgrade Wizard To use the Upgrade Wizard, follow the Installation Procedure, omitting Step 3. To use the pkgadd command: 1. Log into the system as root. 2. Do one of the following: a. If you have a CD with the Update Pack image on it, insert the CD into the primary CD drive and enter: # mount /dev/cdrom/cdrom1 /install Go to the next step. b. If you have the CD ISO image, copy the image into any directory that has enough file system space to hold the CD image; we use /var/spool/pkg in these procedures. Then, use the marry(1M) and mount(1M) commands, as in this example, to mount the CD ISO image as a device: # marry -a /var/spool/pkg/uw713up4CDimage.iso /dev/marry/var/spool/pkg/uw713up4CDimage.iso # mount /dev/marry/var/spool/pkg/uw713up4CDimage.iso /install Note that the return value of the marry command is used as the first argument of the mount command. You can also use the series of commands shown in the example below to reduce the amount of retyping required: # device=`marry -a /var/spool/pkg/uw713up4CDimage.iso` # echo $device /dev/marry/var/spool/pkg/uw713up4CDimage.iso # mount $device /install The first command assigns the return value of the marry command to the environment variable $device. Note that the marry command is enclosed by backquote characters (`) -- not single quotes. (On many keyboards, the backquote character is found on the upper-left side of the keyboard.) The return value can be checked for errors using the echo command as shown. 3. List the contents of the CD: # ls -l /install 4. Install the desired packages using one of these methods: a. If the package is in a single file whose name ends in .image, enter: pkgadd -d /install/name.image where name.image is the name of the file on the CD. For example, the following command installs the Update Pack Set from the mounted CD image: pkgadd -d /install/uw713up4.image Each package image must be installed individually. b. If the package is contained in a directory on the CD, enter: # pkgadd -d /install package... Replace package with the names of one or more filesystem format packages on the CD. This example installs the nd and nics packages from a mounted ISO image file: # pkgadd -d /install nd nics 5. Shut down the system to rebuild the kernel. From the Desktop, use the SCOadmin Shutdown Manager. From the command line, enter the following: # shutdown -i6 -g0 -y 6. When the system comes back up, you can log in and check the installation as shown in the section Checking Update Pack Installation. Checking Update Pack Installation Once installed, use the pkginfo(1) command to confirm that the Update Set has completely installed. The system should respond with output similar to that shown in the example below: # pkginfo -lc set uw713up4 PKGINST: uw713up4 NAME: UnixWare 7 Release 7.1.3 Update Pack 4 ... STATUS: completely installed If the STATUS field indicates anything other than completely installed, there was some problem during installation of the set. Re-install the set and record any error messages displayed. Then, check the Late News and Support web sites to check for additional installation notes. To check the installation of other packages, use a command like the following: pkginfo -l xdrivers j2re142 In addition, if you installed one or more of the Java packages, you can check which version is the default version of Java by entering this command: java -version The command will return with the appropriate release, depending on whether /usr/java is linked to /opt/java2-1.3.1 or /opt/java2-1.4.2. For example, to change the default Java from release 1.3.1 to release 1.4.2, enter the following commands, logged in as root: # rm /usr/java # ln -s /opt/java2-1.4.2 /usr/java # rm /usr/java2 # ln -s /opt/java2-1.4.2 /usr/java2 If you update the links as in the example above to switch the active Java release, you should also remove and re-install the javaxcomm package, if it is on your system, so that it runs on the default Java version: # pkgrm -n javaxcomm # pkgadd -q -d pathname javaxcomm Where pathname is the full path to the javaxcomm package. Reinstalling the Update Pack You will need to reinstall the Update Pack Set if any of the following situations arise: * You are instructed to do so when installing a package or set. This happens, for example, when one or more files that was updated by the Update Pack is changed in any way by the installation of the new software. Reinstalling the Update Pack is required to ensure the integrity of the software already installed on your system. * One or more files installed by the Update Pack needs to be refreshed for any number of reasons; for example, data corruption caused by faulty hardware or user error. Reinstalling the entire Update Pack Set may be necessary, and can be done using the Upgrade Wizard (if you have the Update Pack CD or CD ISO image) or pkgadd (using either the CD ISO image or the Update Pack Set image). To reinstall the entire Update Pack Set, see the section Installing Additional Packages after the Update Pack Set, using the Update Pack CD ISO. If you want or need to install only a subset of the packages in the Update Pack Set, you can use a pkgadd command line like the following to reduce required installation time: pkgadd -d /var/spool/pkg/uw713up4.image update714 The example above installs only the update714 package from the Update Pack 4 Set, which resides in this example in the file uw713up4.image under /var/spool/pkg. Recovering Files Overwritten by the Update Pack After installation, you may want to recover files that have been overwritten by the Update Pack Set or one of the supplemental packages. For example, if you have a custom version of sendmail(1M) on your system, this will be overwritten by the Update Set. To recover any file overwritten by the Update Set, enter the following command, as root: # cd / # zcat /var/sadm/bkup/update714/bkup0/update.cpio.Z | cpio -icdumv pathname where pathname is the full pathname of the file you want to recover, without the leading slash (/). For example, to recover the /usr/lib/sendmail binary, enter: # cd / # zcat /var/sadm/bkup/update714/bkup0/update.cpio.Z | cpio -icdumv usr/lib/sendmail See the file /var/sadm/bkup/uw713up4/filelist for the contents of the Update Pack Set backup archive (update.cpio.Z). The supplemental packages provided with the Update Pack generally do not back up the file they install. Check for backup files under /var/sadm/bkup/packagename and /var/sadm/pkg/packagename/save, where packagename is the name of the package. If a package has overwritten a file and not made a backup copy, recover the file from your regular system backup media. To find out what packages have installed or updated a particular file, enter the following: # pkgchk -lp pathname where pathname is the full pathname of the file, as in: # pkgchk -lp /usr/lib/sendmail Removing the Update Pack NOTE: Update Pack 4, because it implements changing the system from a 7.1.3 system to a 7.1.4 system, cannot be removed. It is therefore critical that you back up your system before installing Update Pack 4 should you for any reason want to restore the previously running configuration. See: Before Beginning: Backup Your System. ------------------------------------------------------------------------ UnixWare 7.1.4 New Features Features in the Update Set: Compatibility: New Tunable Parameters for 16-bit IPC Desktop Login: Default Desktop DocView Enhancements Emergency Recovery CD Support Emergency Recovery Master Boot Record Option Filesystems: SCOAdmin Filesystem Manager Moved Graphics: VESA BIOS Initialization of Newer Video Cards Hardware: ACPI Boot Support Hardware: Uniprocessor Hyperthreading Support Hardware: PCI Serial Support Hardware: Enhanced Hyperthreading Support Internationalization: India Time Zone Listed Licensing: Enhancements and Fixes Licensing: Memory and CPU Limits Mail and Messaging: Updated Sendmail Message Catalog Format Networking: dlpid Performance Enhancements Networking: DNS Manager Enhancements Networking: Additional DNS Manager Enhancements Networking: Network Time Protocol (NTP) v4 Networking: IPsec (VPN Support) PPP Enhancements Performance: Swap Space Limit Extended to 4GB Printing PostScript Files on PCL Printers Printing: Increased Number of Print Jobs Security: Core Dump for setuid Processes Security: Name Service Switch (NSS) Shells: Updated ksh Storage Management: Disk, Partition, and Slice Managers System Management: Upgrade to Unixware 7.1.4 UNIX95 Conformance Features in Other Packages: Audio: Support for Intel On-Board Sound Chips Compatibility: OpenServer Kernel Personality (OKP) Database: Berkeley DB Toolkit 4.1.25 for OpenLDAP Database: PostgreSQL 7.4.2 Hardware: Host Bus Adapter (HBA) Drivers Hardware: Host Bus Adapter (HBA) Drivers Hardware: Host Bus Adapter (HBA) Drivers Hardware: Network Interface Card (NIC) Drivers Hardware: Network Interface Card (NIC) Drivers Hardware: Network Interface Card (NIC) Drivers Hardware: Video Card Drivers Hardware: Video Card Drivers Hardware: Updated Drivers Internet and Intranet: Java Communications API for Java Serial I/O Support (javax.comm) Internet and Intranet: Java 2 Standard Edition 1.3.1_10 Internet and Intranet: Java 2 Standard Edition 1.4.2_03 Internet and Intranet: Mozilla 1.2.1b Networking: OpenLDAP 2.2.4 Networking: tcpdump Enhancements Networking and Security: OpenSSH and OpenSSL Online Documentation: Updated Topics and Manual Pages Online Documentation: Updated Topics and Manual Pages Printing: CUPS (Common UNIX Print System) Printing: Foomatic Filter and PPD Files Printing: gimpprint Driver v4.2.5 Printing: Hewlett-Packard InkJet Driver hpijs v1.5 Printing: USB Support Printing: USB Printing Enhancements Programming: JPEG (image compression) Library Programming: PNG Library Programming: TIFF Image Library and Utilities SCOx: Client API and Web Services Support Security: Padding of Short Ethernet Frames Security: zlib 1.2.1 Data Compression Library Upgrade: Upgrade Wizard Enhancements Windows Interoperability: Samba 3 ------------------------------------------------------------------------ Update Pack 4 New Features Update Pack 4 contains all the new features from Update Pack 1, Update Pack 2, and Update Pack 3,as well as the additional new features listed in this section. See the UnixWare 7.1.4 Feature List for a complete list of new features since UnixWare 7.1.3. Also see the sections Problems Fixed for a complete list of maintenance fixes, and Known Problems for limitations and workarounds. Features in the Update Set: Hardware: ACPI Boot Support Hardware: Uniprocessor Hyperthreading Support Networking: Network Time Protocol (NTP) v4 Networking: IPsec (VPN Support) Security: Name Service Switch (NSS) System Management: Upgrade to UnixWare 7.1.4 Features in Other Packages: Audio: Support for Intel On-Board Sound Chips Database: Berkeley DB Toolkit 4.1.25 for OpenLDAP Database: PostgreSQL 7.4.2 Hardware: Host Bus Adapter Drivers Hardware: Network Card Drivers Hardware: Video Card Drivers Internet and Intranet: Java Communications API for Java Serial I/O Support (javax.comm) Internet and Intranet: Java 2 Standard Edition 1.3.1_10 Internet and Intranet: Java 2 Standard Edition 1.4.2_03 Internet and Intranet: Mozilla 1.2.1b Networking: OpenLDAP 2.2.4 Networking: Updated Point-to-Point Protocol (PPP) Networking and Security: OpenSSH and OpenSSL Online Documentation Printing: CUPS (Common UNIX Print System) Printing: Foomatic Filter and PPD Files Printing: gimpprint Driver v4.2.5 Printing: Hewlett-Packard InkJet Driver hpijs v1.5 Printing: USB Printing Enhancements Security: zlib 1.2.1 Data Compression Library Security: zlib 1.2.1 Data Compression Library Windows Interoperability: Samba 3 ------------------------------------------------------------------------ Features in the Update Pack Set: The features listed in this section are installed with the Update Pack Set. See the Installation Procedures section for how to install the Update Pack Set. Hardware: ACPI Boot Support Support for booting UnixWare systems using the Advanced Configuration and Power Interface (ACPI) BIOS tables is provided. This allows UnixWare to run on multiprocessor (MP) systems that do not have Intel Multi-Processor Specification (MPS) BIOS tables. Previously, UnixWare would not boot on a system that did not have MPS tables. Booting from ACPI tables is disabled by default. To enable booting from ACPI: 1. Make sure the osmp (multi-processing support) package is installed (even if you have a UP system). Enter: pkginfo osmp To see if osmp is installed. If not, install it from the UnixWare 7 Installation CD#1, by inserting the CD into the primary CD drive and entering: pkgadd -d cdrom1 osmp 2. Add the following line to the file /stand/boot: ACPI=Y Note: Booting from ACPI and hyperthreading may be used together by adding both ACPI=Y and ENABLE_JT=Y entries to the /stand/boot file and rebooting the system. See the boot(4) manual page. 3. Reboot the system to rebuild the kernel: shutdown -i6 -g0 -y 4. If your hardware supports hyperthreading, enter the system BIOS utility as the system reboots to enable hyperthreading in your system BIOS. (See the hardware manufacturer's documentation for details.) Note: on systems that support hyperthreading, the hyperthreading feature should be enabled in the system BIOS when booting from the ACPI tables, even if hyperthreading is not enabled under UnixWare. Otherwise, if you boot from the ACPI tables on a system that supports hyperthreading but does not have hyperthreading enabled in the BIOS, UnixWare utilities like psrinfo may report fewer processors available than the actual number of processors installed. Save the BIOS configuration and boot UnixWare. 5. After the system boots, use the psrinfo(1M) command to check processor status. Hardware: Uniprocessor Hyperthreading Support Hyperthreading (Jackson Technology) support for UnixWare on Intel processors has been enhanced to work on uniprocessor (UP) systems. Previously, this technology worked only on multiprocessor (MP) systems. By default, hyperthreading is disabled. To enable hyperthreading: 1. Make sure the osmp (Multiprocessing Support) package is installed (even if you have a UP system). Enter: pkginfo osmp To see if osmp is installed. If not, install it from UnixWare 7 Installation CD#1, by inserting the CD into the primary CD drive and entering: pkgadd -d cdrom1 osmp 2. Add the following line to the file /stand/boot: ENABLE_JT=Y Note: Hyperthreading and ACPI may be used together by adding both ENABLE_JT=Y and ACPI=Y entries to the /stand/boot file and rebooting the system. See the boot(4) manual page. 3. Reboot the system to rebuild the kernel: shutdown -i6 -g0 -y 4. As the system reboots, enter the system BIOS utility to enable hyperthreading in your system BIOS. (See the hardware manufacturer's documentation for details.) Save the BIOS configuration and boot UnixWare. 5. After the system boots, use the psrinfo(1M) command to check processor status. Networking: Network Time Protocol (NTP) 4.1.1 The Network Time Protocol (NTP) has been updated to Version 4.1.1 from http://www.ntp.org. NTP is used to synchronize the time of a computer client or server to another server or reference time source. This release maintains compatibility with NTP 2.x and 3.x, while support for NTP 1.x has been removed. See the NTP documentation provided with version 4, under Networking > Administering TCP/IP and Internet Services, in the online documentation. In particular, see the NTP Version 4 Release Notes and the Quick Start. Networking: IPsec (VPN Support) The IPsec (secure IP) protocol suite and associated tools provides the ability to encrypt and authenticate IP packets transmitted between cooperating hosts or subnets. When IPsec is configured for a given communication path between hosts or subnets, most of the IP header and the entire data portion of each packet sent over the network is encrypted by the sending host, and decrypted by the receiving host. This is in contrast to non-IPsec packets, which are not encrypted. In addition to encrypting IP packets, IPsec can authenticate each packet using the information in the expanded header supported by this protocol. Authentication can also be provided using private keys and signed certificates. In this way, each host can not only be assured that each packet has been encrypted for delivery, but also validate that the packet received has originated with the expected host and that no third party has tampered with or had access to the data in the packets during transmission. One of the uses of IPsec is to implement a Virtual Private Network (VPN). In a VPN, a non-secure communication path (such as an internet connection) is used for the transmission of encrypted and authenticated packets between hosts that have been set up to use that path and only provide IPsec packets over the path. A VPN is really a set of security associations established on each host that requires secure IP communications, along with a security policy established for each "subnet" in the VPN. Thus, a corporate VPN might be defined by a gateway router that allows a number of remote systems (or other gateways) to connect over public transmission facilities (phone lines, cable modem, wireless), and access the corporate network. A properly configured IPsec facility on the gateways and the various remote systems prevents the kind of security threats inherent in public transmission systems, such as spoofing, masquerading, denial of service, and others. IPsec is disabled by default; this is because running IPsec without first configuring it properly for your site reduces overall network performance with no benefit. To configure and enable IPsec, see Networking > Administering TCP/IP and Internet services > Secure IP (IPsec) in the online documentation. The documentation includes procedures and configuration examples. Security: Name Service Switch (NSS) The Name Service Switch (NSS) provides a single point of control for lookup operations on system databases (such as /etc/passwd, /etc/group, etc.). This gives a system administrator the ability to configure these operations while the system is running, including the ability to extend the implementation through plug-in runtime modules. For more information see the NSS Overview in the online documentation. System Management: Upgrade to UnixWare 7.1.4 The version identifier returned by the uname(1) command, the uname(2) system call, and associated utilities after installation is updated from 7.1.3 to 7.1.4. For example: # uname -v Returns the following: 7.1.4 ------------------------------------------------------------------------ Features in Other Packages: The features listed in this section are contained in separate packages from the Update Pack Set. To install them, either select them from the Upgrade Wizard when you install the Update Pack Set, or follow the instructions in the section Installing Additional Packages after the Update Pack Set. Audio: Support for Intel On-Board Sound Chips A new sound driver (ich) that supports on-board PCI sound cards on Intel 845 chipsets has been added to the audio package. The chipsets supported are ICH1, ICH2, ICH3, and ICH4. The driver also provides support for the AC97 mixer. The AC97 codec on the soundcard must support VRA (variable rate) for any application to play audio files at variable rates. If the codec doesn't support VRA, then most applications will fail to play any audio files. For example, using mpg123 with a soundcard that does not support VRA returns the following message: No supported rate found !! If your hardware supports the relevant chipsets, the ich driver is loaded and configured automatically when the audio package is added. You can also manually load the driver using: modadmin -l ich To test whether the driver is working properly, mpg123 player for native UnixWare can be intalled and be used for playing audio files. You can find mpg123 on the web at http://www.sco.com/skunkware. If you have installed the Linux Kernal Personality (LKP) on your system, you can also download the Linux version of Realplayer from the web (http://www.realplayer.com to play audio files. Both mpg123 and Realplayer running on LKP have been tested with the new driver. Note that the ich driver does not provide audio support for the SCO Merge product at this time. Database: Berkeley DB Toolkit 4.1.25 for OpenLDAP The db package contains version 4.1.25 of the Berkeley DB software, an embedded programmatic database toolkit. This package is provided primarily for, and is required by, the OpenLDAP software. It can be used in any application where a programmable embedded database is required. See the DB Documentation installed under /usr/docs by the db package. Database: PostgreSQL 7.4.2 PostgreSQL (pgsql) is a widely-used open source database system that offers the features and reliability usually associated with more costly proprietary database systems. PostgreSQL documentation is installed with the pgsql package and is available under Software Development in the online documentation. For a review of the advantages of deploying PostgreSQL, please see http://advocacy.postgresql.org/advantages/. General information and news about PostgreSQL is available from the PostgreSQL Web Site at http://www.postgresql.org. Hardware: Host Bus Adapter Drivers The QLogic PCI FibreChannel (qlc2300) and the Adaptec Ultra320 Family PCI SCSI HBA (adpu320) Host Bus Adapter (HBA) drivers have been updated, as follows: QLogic PCI FibreChannel (qlc2300) Fixes problems with board ID return value on some IBM systems with PCI-X slots. Adaptec Ultra320 Family PCI SCSI HBA (adpu320) Fixes problems experienced when disks are connected to both channels. The qlc2300 and adpu320 drivers are available as separate package images in the Update Pack, as well as a floppy disk image suitable for use during a fresh install of UnixWare. The floppy image is available at: ftp://ftp.sco.com/pub/unixware7/drivers/storage. Hardware: Network Interface Card Drivers The Network Drivers (nd) package has been updated with new versions of the following existing Network Interface Card (NIC) drivers: 3Com EtherLink (e3bc) 1.1.1 Fixed problems seen in development environment only. AMD PCnet (pnt) 3.0.1 Fixed some incorrect function return values and a system panic in bcopy(3C) caused by the driver. Intel PRO/100 (eeE8) 2.6.8 Fixed minor problems and added new card support. The complete list of network adapters supported by the new version of eeE8 follows: 645477-xxx PRO/10+ PCI PILA8500 649439-xxx PRO/10+ PCI PILA8520 701738-xxx Pro/100+ PCI Management Adapter PILA8461 668081-xxx Pro/100+ PCI PILA8460 689661-xxx 722762-xxx 721383-xxx Pro/100+ PCI Management Adapter PILA8460B 741462-xxx Pro/100+ PCI PILA8460BN 748566-xxx PRO/100 S Management PILA8460BUS 748564-xxx PRO/100 S Management PILA8464B 742252-xxx InBusiness(tm) 10/100 adapter SA101TX 351361-xxx PRO/100 PCI PILA8465 352509-xxx EtherExpress(tm) PRO/100B PCI adapter PILA8465B 661949-xxx 667280-xxx 678400-xxx 352433-xxx PRO/100B PCI T4 PILA8475B 691334-xxx PRO/100+ PCI Management Adapter PILA8900 A80897-xxx PRO/100 M Desktop PILA8460M 751767-xxx PRO/100 S Desktop PILA8460C3 ================== Server Adapters ============ 714303-xxx PRO/100+ Dual Port Server Adapter PILA8472 711269-xxx 748565-xxx PRO/100 S Server PILA8474B 748568-xxx Intel(c)PRO/100 S Server PILA8474BUS 710550-xxx PRO/100+ PCI Server Adapter PILA8470 729757-xxx PRO/100+ Server Adapter PILA8470B A56831-xxx PRO/100 S Dual Port Server Adapter PILA8472C3 752438-xxx PRO/100 S Server PILA8470C3 New NIC support in eeE8 2.6.8: ------------------------------ 82559 Fast Ethernet LOM with Alert on LAN PRO/100 S Mobile LAN on Motherboard PRO/100 VM Network Connection PRO/100 VE Network Connection HP NC3133 Fast Ethernet NIC HP NC3163 Fast Ethernet NIC HP NC3162 Fast Ethernet NIC HP NC3123 Fast Ethernet NIC HP NC3134 Fast Ethernet NIC HP NC3135 Fast Ethernet Upgrade Module HP NC3120 Fast Ethernet NIC HP NC3122 Fast Ethernet NIC HP NC1120 Ethernet NIC HP 10/100 TX PCI Intel WOL UTP Controller HP NC3160 Fast Ethernet NIC HP NC3121 Fast Ethernet NIC HP NC3131 Fast Ethernet NIC HP NC3132 Fast Ethernet NIC Broadcom Gigabit (bcme) 7.0.7 Fixed minor problems and added new NIC support. The complete list of network adapters supported by the new version of bcme follows: 3Com 3C996/3C1000/3C94X Gigabit Ethernet 3Com 3C996-SX Gigabit Ethernet Broadcom BCM5700 NetXtreme Gigabit Ethernet Broadcom BCM5700S NetXtreme Gigabit Ethernet Broadcom BCM5701 NetXtreme Gigabit Ethernet Broadcom BCM5701S NetXtreme Gigabit Ethernet Broadcom BCM5702 NetXtreme Gigabit Ethernet Broadcom BCM5703 NetXtreme Gigabit Ethernet Broadcom BCM5703S NetXtreme Gigabit Ethernet Broadcom BCM5704 NetXtreme Gigabit Ethernet Broadcom BCM5704S NetXtreme Gigabit Ethernet Broadcom BCM5705 NetXtreme Gigabit Ethernet Broadcom BCM5782 NetXtreme Gigabit Ethernet for hp HP NC6770 Gigabit Ethernet HP NC7722 Gigabit Server Adapter HP NC7760 Gigabit Ethernet HP NC7761 Gigabit Server Ethernet HP NC7770 Gigabit Ethernet HP NC7771 Gigabit Ethernet HP NC7772 Gigabit Server Ethernet HP NC7780 Gigabit Ethernet HP NC7781 Gigabit Ethernet HP NC7782 Gigabit Ethernet HP NC7783 Gigabit Ethernet Hardware: Graphics Adapter Drivers The xdrivers package has been updated to include a new ATI Radeon Graphics Adapter Driver. This driver supports the following video cards: ATI RADEON 7000 Graphics Adapter ATI RADEON 7200 Graphics Adapter ATI RADEON 7500 Graphics Adapter Internet and Intranet: Java Communications API for Java Serial I/O Support (javax.comm) The javaxcomm package contains version 2.0 of the Java Communications API for Java Serial I/O. This package enables Java applications to communicate over serial ports. See the Release Notes for javax.comm, and the RXTX open source web site at http://www.rxtx.org, for more information. Please note that this release of javax.comm does not support communication over parallel I/O ports. Internet and Intranet: Java 2 Standard Edition 1.3.1_10 The following Java 2 SE 1.3.1 packages have been updated to the indicated versions in response to Sun Microsystems, Inc., security alerts: j2jre131 Java 2 SE 1.3.1_10 Runtime Environment 1.3.1 j2sdk131 Java 2 SE 1.3.1_10 Software Development Kit j2plg131 Java 2 SE 1.3.1_10 Java Plug-in (Netscape and Mozilla) j2pls131 Java 2 SE 1.3.1_10 Demos and Debug The alerts are: Sun Alert ID Description 57436 Verisign Class 3 and Class 2 PCA Root Certificate Expiration 57221 A Vulnerability in JRE May Allow an Untrusted Applet to Escalate Privileges Internet and Intranet: Java 2 Standard Edition 1.4.2_03 The Java 2 Standard Edition 1.4.2 consists of the following packages: j2jre142 Java 2 SE 1.4.2_03 Runtime Environment 1.4.2 j2sdk142 Java 2 SE 1.4.2_03 Software Development Kit This is the first Java release for UnixWare to incorporate the Sun HotSpot Java virtual machine. It has greatly improved performance and scalability over the previous Java 1.3.1 release. The j2jre142 package requires the urwfonts package, and must be installed before installing j2sdk142. On upgrade, Release 1.4.2 is installed by default and /usr/java is updated to point to the 1.4.2 version (/opt/java2-1.4.2). See the section Checking Update Pack Installation for how to check and change the active Java version. Note that there is currently no Release 1.4.2 Mozilla Java plugin support; this is provided by the j2plg131 package. A JDK 1.4.2 debugging package (formerly j2pls131) is not being released. The debugging information for the Sun "hotspot" VM's (now mostly in C++) is too large to be of any practical use (debugging size exceeds 400MB for each VM-client server). The Java demos formerly in j2pls131 have been moved into the j2sdk142 package. This release of the Java 2SE corresponds to Sun's J2SE 1.4.2_03 patch level and includes the following Sun security fixes: Sun Alert ID Description 57436 Verisign Class 3 and Class 2 PCA Root Certificate Expiration unknown Potential Denial of Service - SXun API for XML 1.0 Processing Additional information on the Java 2SE can be found at the following links: Java features and enhancements SCO Java 2 Standard Edition v. 1.4.2_03 Release Notes and http://java.sun.com/j2se/1.4.2/docs/relnotes/features.html Sun J2SE 1.4.2 Release Notes New Features and Notes > Update Pack 4 new features (local) or http://java.sun.com/j2se/1.4.2/relnotes.html (web) Potential problems with prior Java releases http://java.sun.com/j2se/1.4.2/compatibility.html http://java.sun.com/j2se/1.4.1/compatibility.html http://java.sun.com/j2se/1.4/compatibility.html Information on Sun HotSpot Java VM http://java.sun.com/products/hotspot Documentation http://java.sun.com/j2se/1.4.2/docs/index.html http://java.sun.com/j2se/1.4/ja/docs/ja/index.html Known (Sun) Problems http://developer.java.sun.com Internet and Intranet: Mozilla 1.2.1b The Mozilla web browser has been updated to version 1.2.1a to fix the following known security vulnerabilities in previous versions: Mozilla Bug ID Description 221526 Script.prototype.freeze/thaw could allow an attacker to run arbitrary code on your computer. By requesting a cookie with a path containing the escape 213012 sequence "%2E%2E", a malicious web site would be able to read cookies from different paths. 158049 Detecting variables in another domain is possible. 220122 A malicious website could gain access to a user's authentication credentials to a proxy server. 92773 It is possible to get and set variables in another domain. For more information please go to http://www.mozilla.org/projects/security/known-vulnerabilities.html. Networking: OpenLDAP 2.2.4 The Lightweight Directory Access Protocol (LDAP) provides a set of commands and routines to create and manage a Directory Services database. This version of OpenLDAP (2.2.4) implements LDAPv3 as defined in RFC2251. The openldap package depends on the db package (Berkeley DB) for the database back-end. See the LDAP 2.2 Administrator's Guide and LDAP Manual Pages under Networking in the online documentation. Networking: Updated Point-to-Point Protocol (PPP) The ppp package has been updated to improve the reliability and scalability of the PPP server, pppd(1M). Networking and Security: Updated OpenSSH and OpenSSL The openssl package has been updated to 0.9.7c. OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library. A user level command, openssl(1), is provided that performs a variety of cryptographic functions. Documentation for OpenSSL is packaged separately in openssld. The following manual pages are installed under /usr/man, and can be viewed via man(1) or the DocView Man Pages button (http://hostname:8458): asn1parse.1 pkcs12.1 bio.3 md5.3 ca.1 pkcs7.1 blowfish.3 mdc2.3 CA.pl.1 pkcs8.1 bn.3 OPENSSL_VERSION_NUMBER.3 ciphers.1 rand.1 bn_internal.3 OpenSSL_add_all_algorithms.3 crl.1 req.1 buffer.3 rand.3 crl2pkcs7.1 rsa.1 crypto.3 rc4.3 dgst.1 rsautl.1 d2i_DHparams.3 ripemd.3 dhparam.1 s_client.1 d2i_RSAPublicKey.3 rsa.3 dsa.1 s_server.1 des.3 sha.3 dsaparam.1 sess_id.1 dh.3 ssl.3 enc.1 smime.1 dsa.3 threads.3 gendsa.1 speed.1 err.3 genrsa.1 spkac.1 evp.3 config.5 nseq.1 verify.1 hmac.3 openssl.1 version.1 lh_stats.3 des_modes.7 passwd.1 x509.1 lhash.3 For more information on OpenSSL see the OpenSSL Web Site. The openssh package has been updated to version 3.7.1.p2 of OpenSSH. OpenSSH is a suite of network connectivity tools that encrypts all traffic to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. OpenSSH provides a variety of secure tunneling capabilities and authentication methods. SSH protocol versions 1.3, 1.5, and 2.0 are supported. The OpenSSH suite includes: * ssh(1) (slogin), alternative to rlogin and telnet * scp(1) (alternative to rcp) * sftp(1) (alternative to ftp) * sshd(8), the SSH server daemon (alternative to rshd) * sftp-server(8), the SFTP server daemon (alterative to ftpd) * ssh-agent(1), the authentication agent, and associated tools: ssh-add, ssh-keygen, ssh-keyscan Manual pages are provided for all of the above commands, as well as pages for the ssh_config(5) and sshd_config(5) SSH client and server configuration files. To display them, use the man(1) command or DocView on http://hostname:8458. For more information on OpenSSH, please go to the OpenSSH Web Site http://www.openssh.org/manual.html. NOTE: You should install OpenSSL from the Update Pack before installing OpenSSH, even if you have a previous version of OpenSSL already installed. Online Documentation Updated manual pages and online guides are provided by the uw7upman and uw7updoc packages, as well as some of the other packages included with the Update Pack. Both guides and manual pages can be viewed using any browser via the DocView Documentation Server. By default, DocView can be reached at http://hostname:8458, where hostname is the network node name of the UnixWare system, or localhost when using a browser on your UnixWare 7 system. The browser can be running on native UnixWare, on the Linux Kernel Personality (LKP), or on the OpenServer Kernel Personality (OKP). The manual pages can also be viewed using the man(1) command; this must be done from a UnixWare shell. (The man commands under LKP and OKP display the manual pages installed in those environments, not the UnixWare 7 pages.) Newly added documentation will not be searchable using DocView's Search button until indexing is run. This is done, by default, at 3:10AM local time by a root crontab(1) entry. If this time is not appropriate for your site, you can edit the crontab entry to change the time indexing is run. In general, it is a good idea to run indexing when the system load is low, since indexing can consume considerable time and system resources, depending on the amount of text being indexed. You can also run indexing manually using the /usr/lib/docview/conf/rundig command after you finish installing documentation from the Update Pack. Current UnixWare Documentation can also be viewed on the Internet at http://www.sco.com/support/docs/unixware. Printing: CUPS (Common UNIX Print System) CUPS has been updated to version 1.1.19_01 to correct problems displaying the names of USB printers in the graphical administrative interface. See CUPS and the Printing topic in the online documentation. Printing: Foomatic Filter and PPD Files The foomatic package contains a generic filter and PPD files for various printer models. The filter and PPD files are integrated with the cups package (see CUPS), and cannot be used with the System V LP print system. Note that the CUPS package also provides its own PPD files. This updated version of foomatic (3.0.0-01) includes the following: * An updated foomatic-rip perl script that fixes a bug that caused PostScript printing to fail. * Updated filters and PPD files from the December 2003 snapshot on http://www.linuxprinting.org. There are PPD files for new printers and updates to many existing PPD files. * Previously, Hewlett-Packard printer PPD files were listed in the CUPS administrative web interface under both HP and HEWLETT-PACKARD; this release of foomatic lists all Hewlett-Packard PPD files under HP. For more information, see the Printing topic in the online documentation after you install cups and foomatic. Printing: gimpprint Driver v4.2.5 (CUPS) The gimpprint package contains a suite of high-quality printer drivers for use with the cups and foomatic packages; see the notes for CUPS. The gimpprint package includes: * The core driver (libgimpprint.so). * A CUPS driver primarily for Canon and Epson printers (along with some Lexmark and Hewlett-Packard models), and the corresponding PostScript Printer Definition (PPD) files. These PPD files appear as follows in the CUPS administrative web interface: EPSON model CUPS+Gimp-print v4.2.5 Try these PPD files before trying the IJS-based drivers (below). * An IJS-based GhostScript driver (for use with foomatic) and corresponding PPD files. These PPD files appear as follows in the CUPS administrative web interface: Epson model Foomatic/gimp-print-ijs * A utility to administer Epson printers, escputil. Documentation for this driver is installed with the gimpprint package under Printing in the online documentation. Printing: Hewlett-Packard InkJet Driver hpijs v1.5 (CUPS) The Hewlett-Packard InkJet Driver (hpijs) is a printer driver for for more than 200 printer models, including, DeskJet, OfficeJet, Photosmart, Business InkJet and some LaserJet models. The hpijs package also contains PostScript Printer Definition (PPD) files for these printers, for use with the cups and foomatic packages. (See the notes for CUPS.) These PPDs appears as follows in the CUPS administrative web interface. HP model Foomatic/hpijs (recommended) (en) It is recommended that you use these PPD files even if there are other Foomatic PPDs for your printer model, for example: HP model Foomatic/pcl3 (en) The hpijs driver also provides PPD files for some non-HP printers. The list of these printers can be found at: http://www.linuxprinting.org/show_driver.cgi?driver=hpijs. Documentation for this driver is installed with the hpijs package under Printing in the online documentation. Printing: USB Printing Enhancements Prior to this release, only one Universal Serial Bus (USB) printer connected to the system at one time was supported. In addition to supporting multiple USB printers, this release also provides fixes to some known problems. See Printing: USB Support for an overview of USB printer support. These updates are in the udienv and usb packages. SCO Web Services Support SCO Web Services is a set of application programming interfaces that use standard web technologies such as WSDL, SOAP, XML, and XML Schemas to enable your applications to interface with Web Services. The web services supported by SCOx enable applications to exchange data directly over the internet, without human intervention. Such applications can be anything from simple requests to complex business processes. The web services and libraries are available on a separate CD image. Release notes and installation instructions can be found at the top level of the CD image, and on the UnixWare Supplements Web Page. Also see the SCO Web Services Web Site. Please Note: You must install the Update Pack Set before you install the Web Services CD. Please read the Release Notes from the CD or Supplements Page before installing the Web Services CD. Also note that there are some known issues with using the web services support for Java when Java 1.4.2 has been installed. Please see the SCO Java 2 Standard Edition v. 1.4.2_03 Release Notes for more details. Also note that when using web services support for C or C++, you should compile with the UDK C or C++ compiler, and not with the Open Source Tools gcc or g++ compilers. Security: zlib 1.2.1 Data Compression Library The zlib package contains version 1.2.1 of the data compression library (/usr/lib/libz.so). The zlib Manual from http://www.zlib.net is available as a manual page; enter man zlib or use the Man Pages button in the online documentation. Note that the version 1.1.4 manual is still the current manual for zlib. Windows Interoperability: Samba 3 Samba provides filesharing capabilities using native Microsoft SMB and CIFS protocols for interoperability with Microsoft operating systems. Samba 3.0 is provided in a single-byte version for Western locales (samba); a multibyte version suitable for Asian locales will be made available in a future release. Note the following when installing Samba: * If you are upgrading from a previous release of Samba on UnixWare, save a copy of your existing /usr/lib/samba/lib/smb.conf file before you begin installation, so you can restore any settings that might be affected by the upgrade. * By default, /tmp is automatically shared. This can be a security concern, since various system utilities keep temporary data in /tmp. To remove the /tmp share, log into SWAT (see above) and select the Shares icon. On the next screen, highlight the tmp share in the list box and select the Delete Share button. * Samba cannot run together with Advanced File and Print Sharing (AFPS; found on the Optional Services CD #3), nor with the NetBIOS protocol running. If Samba will not start, do the following to determine if AFPS or NetBIOS are running, and disable them if necessary: 1. Enter: # cd /etc/rc2.d 2. Determine if either of the following files exist in this directory: S74netbios S99ms_srv If these one or both of these files exist, enter the appropriate command or commands shown below: # mv S74netbios s74netbios # mv S99ms_srv s99ms_srv 3. Reboot the system: # shutdown -i6 -g0 -y 4. Start Samba: # /etc/init.d/samba start * Samba documentation and manual pages are available under the DOS and Windows topic in the online documentation. * Samba is configured with the SWAT (Samba Web Administration Tool) utility using a web browser on http://hostname:901. To start SWAT: 1. As root, enter: # /usr/lib/samba/sbin/swat 2. Point a web browser at http://localhost:901. 3. Log in to SWAT as root. 4. The main SWAT screen provides links to all the Samba documentation. Select the Status icon to start the Samba daemons. * To start, stop, and restart Samba from the command line, use the /etc/init.d/samba command, as in this example: # /etc/init.d/samba start To enable Samba at system startup, enter the following: # /etc/init.d/samba enable Samba will now start up automatically whenever the system boots. The disable parameter returns Samba to manual startup. * Localization settings are accessed from the SWAT Home Page by clicking on the Globals tab, and then selecting Advanced View. Set appropriate values for your locale for the client code page, the character encoding system, and the other options (each option has context-sensitive help). Please refer to the documentation for smb.conf for further details. More Samba documentation and other resources are provided on the Samba Home Page. ------------------------------------------------------------------------ Update Pack 3 New Features Update Pack 3 contains all the new features from Update Pack 1 and Update Pack 2, as well as the additional new features listed in this section. See the Update Pack Feature List for a complete list. Also see the sections Problems Fixed for the maintenance fixes included in the Update Pack, and Known Problems for limitations and workarounds. Features in the Update Set: Graphics: VESA BIOS Initialization of Newer Video Cards Internationalization: India Time Zone Listed Licensing: Enhancements and Fixes Mail and Messaging: Updated Sendmail Message Catalog Format Networking: DNS Manager Enhancements Performance: Swap Space Limit Extended to 4GB Printing: USB Support Shells: Updated ksh Features in Other Packages: Desktop: GhostScript PostScript and PDF Interpreter Hardware: Updated Drivers Online Documentation: Updated Topics and Manual Pages Printing: CUPS (Common UNIX Print System) Printing: Foomatic Filter and PPD Files Programming: JPEG (image compression) Library Programming: Perl Programming Language Version 5.8.0 Programming: PNG Library Programming: TIFF Image Library and Utilities SCOx Support ------------------------------------------------------------------------ Features in the Update Pack Set: The features listed in this section are installed with the Update Pack Set. See the Installation Procedures section for how to install the Update Pack Set. Graphics: VESA BIOS Initialization of Newer Video Cards A new boot(4) parameter has been added that allows newer video cards and chips (such as the nVidia GeForce onboard chip) to work with UnixWare. In these newer cards and chips, EGA environment tables are no longer provided and the video modes must be initialized by the kernel using VESA BIOS calls instead. If the USE_VESA_BIOS boot parameter is set on boot, then the kernel will initialize the video modes using VESA BIOS calls; if it is not set or set to "NO" (the default), then the EGA environment table is used. If you are installing UnixWare 7.1.3 for the first time, this parameter is not yet available at installation time. Install the system using another supported graphics card; then, after the system is installed, you can then edit boot(4) as described above to enable VESA BIOS initialization. See the Compatible Hardware Web Page at http://www.sco.com/chwp for graphics cards that work during a fresh install of UnixWare. Internationalization: India Time Zone Now Listed An entry has been added for India Standard Time (IST) to the list of time zones presented in both the SCOadmin International Settings Manager (scoadmin international) and the SCOadmin Time Manager (scoadmin system time). After setting the new time zone, reboot the system and set the current system date and time, if necessary, to the current local date and time using the Time Manager or the date(1) command. Licensing: Enhancements and Fixes A number of enhancements and fixes have been made to the Licensing subsystem. Most of these are listed in the Problems Fixed section. The following changes in the Licensing subsystem are significant to administrators and users: * The maximum number of simultaneous users, as determined by your current licenses, is now strictly enforced. Each connection (for example, via telnet, rlogin, ssh) counts as a "user", even if the same login is using multiple connections. If the number of allowable users (determined by the installed licenses) is exceeded, additional logins are denied until a current user logs off the system. * The new sco_pmd license policy manager daemon replaces the ifor_pmd, ifor_sld, and sco_cpd daemons from previous releases. See the sco_pmd(1M) manual page for details. See the Installation and Licensing topic in the online documentation for more information about licensing. Mail and Messaging: Updated Sendmail The sendmail(1M) Mail Transfer Agent (MTA) has been updated to version 8.12.9, along with security fixes from version 8.12.10. As a result, the following message will be displayed when sendmail starts: Warning: .cf file is out of date: sendmail 8.12.9 supports version 10, .cf file is version 9 Mail will still continue to work as before; however, none of the new versions added to sendmail after version 8.9 (including anti-spam filters) will not be implemented in the configuration file, /etc/sendmail/sendmail.cf. For a review of what has changed in sendmail since version 8.10, see . For more information on using sendmail, see Mail and Messaging in the online documentation, and the Sendmail Web Site at http://www.sendmail.org. Multi-line Message Catalog Format The mkmsgs(1) command has been enhanced to accept message strings that span more than one line in the input file, and to accept message string input longer than 4095 characters. There is now no limit on the size of message string input. Multi-line messages are encapsulated in the input file with "%<" and "%>" delimiters on a line by themselves, as in the following example: %< first line of message second line of message ... %> Only space, tab, and linefeed characters are allowed on the lines with the delimiters. Networking: DNS Manager Enhancements The security and reliability of the rndc(1M) program and the handling of secret keys used between rndc and DNS/BIND control channels has been improved. Performance: Swap Space Limit Extended to 4GB The upper limit on the amount of swap space that can be allocated has been increased from 2GB (2 gigabytes) to 4GB. Use the swap command to increase the current swap space size. See the swap(1M) manual page and the sections Configuring systems for large physical memory and Adding swap space for more information. Printing: USB Support USB 2.0 support has been enhanced to include limited support for a single USB printer connected to the system. Rather than delay the release of this important feature in order to undertake the task of certifying a large sample of the wide range of printers currently available, SCO has chosen to speed the availability of this much-requested feature to our customers by certifying a small number of printers for this first release of USB Printing. These printers are listed in the SCO Certified Hardware Web Page (CHWP) at http://www.sco.com/chwp. As we certify new examples we will add them to the CHWP. As of the publication of this document, the certified list includes: * Hewlett Packard PSC 1210 PhotoSmart * Hewlett Packard PSC 2210 PhotoSmart * Hewlett Packard PhotoSmart 7350 * Hewlett Packard DeskJet 560C attached via a Dlink Parallel to USB converter There is also a set of printers that we know are problematic. This list includes: * Epson Stylus C82 * Hewlett DeskJet 895C * Hewlett Packard LaserJet 1300 * Hewlett Packard officejet v40 * Lexmark Z20 In addition, we have some generic guidelines which will enhance your experience if you attempt to attach a printer that is not yet certified. USB printer support in UnixWare is not designed to replace parallel printer support for existing installations. In fact, we strongly suggest that if you currently have a printer connected to your UnixWare system via the parallel interface you should not move it to a USB interface. It is likely that to do so would result in different printer behavior than you currently experience. If you want to attach a new printer to your UnixWare system and the printer provides both a parallel interface and a USB interface, we suggest that you use the parallel interface. Our testing suggests that many printers that support both interfaces provide a less than spec-compliant USB interface. Thus, using the parallel interface on these printers usually results in a better experience. The Common UNIX Print System (see CUPS) is also being released along with USB Printing. We strongly suggest that you use CUPS as the print system when connecting USB printers. One side effect of this suggestion is that CUPS and System V LP cannot both be running at the same time on your UnixWare system. Although installing CUPS does not automatically replace LP as the default print spooler on your system, once you activate the CUPS print spooler the LP print spoller is disabled. In order for printers currently working under LP to work under CUPS, the printers must be manually added to the CUPS configuration. There is no provision to automatically transfer your System V LP printer configuration to your CUPS configuration. Further documentation on CUPS is available in the UnixWare online documentation under Printing (after you install the cupsdoc package) and at http://www.cups.org/documentation.php CUPS provides a small set of printer drivers (also called PostScript Printer Definition files, or PPD files). If the printer descriptions supplied with CUPS do not meet your needs, we also provide the foomatic package of printer descriptions. Foomatic requires the ESP GhostScript printer drivers provided in the gs package, and supports dozens of printers. We have included all drivers except gimp-print and hpijs. If your printer model is only supported through these drivers (for example, the HP OfficeJet v40), it will not work with CUPS. These drivers will be made available in a future release. Further documentation on the printers supported by foomatic is available at http://www.linuxprinting.org/printer_list.cgi. You can search this site for the proper driver name for your printer, and then look for the driver in the Make/Model selection list displayed by the CUPS graphical interface. You can also search for a driver and display the printers it supports. This site rates the quality as well as availability of printer drivers. The support provided by foomatic for a given printer model also depends upon the cooperation which the Open Source community gets from various printer vendors. Vendors are ranked at http://www.linuxprinting.org/vendors.html. If the vendor for your printer is listed here in the "Useless" category, for example, it may not be possible to obtain an acceptable driver for your printer. Please note that any fax and scanner capabilities provided by printers are not currently supported, even if the driver supports them. To configure a USB printer using the active print subsystem from the command line, use the lpadmin(1M) command. Use the scoadmin printer graphical interface to add a USB printer to System V LP, or CUPS. If CUPS is the current print system, scoadmin printer launches the CUPS graphical interface on http://localhost:631. In the online documentation, see the CUPS Quick Start Guide and Adding a USB Printer to LP. When defining the printer, use the USB device name. When a USB printer is connected to the system and turned on, two device nodes are created automatically for the printer. They can be listed by entering: ls -tr /dev/usb_prnt* /dev/usblp* The device node names are defined as follows: /dev/usb_prnt# The # appearing in the device name is the order the printer was recognized as attached. If you have only one printer, it will always be at /dev/usb_prnt0 regardless of how it is physically connected. If you have multiple USB printers connected (which is not currently supported), the digits at the end should not be regarded as stable: they will change as, for example, device timing varies and configuration changes are made. Please Note: Only device names of the form /dev/usb_prnt# should be used in the scoadmin printer LP manager. See the procedures referenced above for how to add printers to LP and CUPS. /dev/usblp-#####-[###.###.###.###.###.]### The first five digit number is the location of the host controller interface (HCI) to which the printer is connected. It's five digits represent the PCI bus number (two digits), the PCI device number (two digits), and the PCI function number (the final digit). For example: /dev/usblp-00072-1.4.2 The above device name indicates that the HCI is located at PCI bus number 00, PCI device 07, PCI function 2. Note that this number is completely determined by the hardware vendor's PCI configuration. The remainder of the device name after the second dash is a sequence of from one to six decimal numbers, each of which can be from one to three digits. The final number, which is required, indicates the port number on the device to which the printer is physically connected. Up to five hubs can be connected between the printer and the PC USB port, and the ports to which these devices are connected are indicated by the five optional three digit numbers in the device name, separated by periods. For example, if a USB printer were connected directly to the first USB port on the system, the device name might look like this: /dev/usblp-00072-1 A device name like /dev/usblp-00072-1.4.2 indicates the following device configuration: PC USB Port 1 --- | Hub#1 Port 1 PC USB Port 2 | Hub#1 Port 2 | Hub#1 Port 3 | Hub#1 Port 4 --- | Hub#2 Port 1 ... | Hub#2 Port 2 --- USB Printer ... where Hub#1 is connected into the system's first USB port, a second hub is plugged into Hub#1 Port 4, and the USB Printer is plugged into Hub#2 Port 2. This device name is completely unique and will not change as long as the physical configuration of the USB devices is not changed. See the documentation for LP and CUPS (if installed) under the Printing topic in DocView for more information on printer management. Shells: Updated ksh The UNIX95 version of the Korn shell, /u95/bin/ksh, has been updated to fix a number of problems: * Fixed the pwd builtin so it no longer returns a double leading slash (//) for pathnames under some conditions. * Fixed the shell so that it no longer resets the user's idle time every 10 minutes, as reported by commands such as w(1). . * Fixed the autoload function so that it works when invoked from within a command substitution. ------------------------------------------------------------------------ Features in Other Packages: The features listed in this section are contained in separate packages from the Update Pack Set. To install them, either select them from the Upgrade Wizard when you install the Update Pack Set, or follow the instructions in the section Installing Additional Packages after the Update Pack Set. Desktop: GhostScript PostScript and PDF Interpreter The gs package includes version 7.05.6 of the GhostScript PostScript and PDF file interpreter, used to display, convert, and print PostScript and PDF (Portable Document Format) files. The documentation accompanying GhostScript is installed with the gs package. See the gs(1) manual page and the Desktops topic in the online documentation. Hardware: Updated Drivers The ide host bus adapter (HBA) driver has been updated to include a number of bug fixes, as well as the following new features: * Compliance with the ATA/ATAPI-6 standard (see http://www.t13.org). * Supported IDE hard disk capacity has increased from 128GB (gigabytes) to just below 1TB (terabyte), a total of 1,099,510,579,200 bytes (1 terabyte minus 1 megabyte). Full 48-bit addressing in the driver allows support for IDE hard disks up to 1PB (1 petabyte; 1,125,899,906,842,624 or 2^50 bytes) in size; however, the 32-bit addressing used by the kernel limits IDE hard disk support on UnixWare to just below 1TB (a terabyte is 2^40 bytes). The ide driver is available as a separate package image in the Update Pack, as well as a floppy disk image suitable for use during a fresh install of UnixWare. The floppy image is available at: ftp://ftp.sco.com/pub/unixware7/drivers/storage. The Broadcom bcme network card driver has been updated to version 6.0.16. This version fixes known kernel panics in the previous driver, which occurred when calling bcopy to copy a transmit buffer. The driver code has also been improved for better transmit performance. The updated driver is included in the nd package. For a list of network cards supported by the bcme driver, please see the Update Pack 2 Notes. The Intel e1008g PRO/1000 networking card driver has been updated to version 7.2.15. This version includes new adapter support, fixes a panic when transmitted packets are excessively fragmented, fixes PHY initialization problems, and fixes problems that caused the driver to return inaccurate speed information. The updated e1008g driver is included in the nd package, and now supports the following Intel network cards: 700262-xxx PRO/1000 Gigabit Server Adapter PWLA8490 717037-xxx PRO/1000 Gigabit Server Adapter PWLA8490 713783-xxx PRO/1000 Gigabit Server Adapter PWLA8490G1 A38888-xxx PRO/1000 F Server Adapter PWLA8490SX 738640-xxx, PRO/1000 F Server Adapter PWLA8490-SX A06512-xxx PRO/1000 Gigabit Adapter PWLA8490SXG1P20 A19845-xxx PRO/1000 T Server Adapter PWLA8490T A33948-xxx PRO/1000 T Server Adapter PWLA8490TG1P20 A51580-014 PRO/1000 XT Server Adapter PWLA8490XT A73668-001 PRO/1000 XT Server Adapter PWLA8490XTL A68178-xxx PRO/1000 XT Lo Profile PCI Server Adapter PWLA8490XTL A50484-xxx PRO/1000 XF Server Adapter PWLA8490XF 739456-xxx IBM Netfinity Gigabit Ethernet SX Adapter 09N3599 721352-xxx IBM Netfinity Gigabit Ethernet SX Adapter 30L7076 A34085-xxx IBM Gigabit Ethernet SX Server Adapter 06P3718 A36407-xxx IBM Gigabit Ethernet Server Adapter 22P4618 A78408-xxx PRO/1000 MT Desktop Adapter PWLA8390MT PRO/1000 MT Low Profile Desktop PWLA8390MTBK20 A92165-xxx PRO/1000 MT Server Adapter PWLA8490MT A92111-xxx PRO/1000 MT Dual Port Server Adapter PWLA8492MT A91622-xxx PRO/1000 MF Server Adapter PWLA8490MF A91624-xxx PRO/1000 MF Server Adapter (LX) PWLA8490LX A91620-xxx PRO/1000 MF Dual Port Server Adapter PWLA8492MF PRO/1000 MT Mobile Connection A81081-xxx PRO/1000 MT Server Adapter PWLA8490MT A65396-xxx PRO/1000 MT Dual Port Server Adapter PWLA8492MT PRO/1000 MT Quad Port Server Adapter PWLA8494MT A81983-xxx PRO/1000 MF Server Adapter PWLA8490MF A78709-xxx PRO/1000 MF Dual Port Server Adapter PWLA8492MF PRO/1000 CT Network Connection PRO/1000 CT Mobile Connection PRO/1000 MB Server Connection PRO/1000 MB Dual Port Network Connection 82544GC Based Network Connection HP NC6132 Gigabit Module HP NC6133 Gigabit Module HP NC6134 Gigabit NIC HP NC6136 Gigabit Server Adapter HP NC6170 Dual PCI-X 1000-SX Server Adapter HP NC7131 Gigabit Server Adapter HP NC7132 Gigabit Upgrade Module HP NC7170 Dual PCI-X 1000-T Server Adapter Online Documentation: Updated Topics and Manual Pages Updated manual pages and online guides are provided by the baseman and basedoc packages, as well as some of the other packages included with the Update Pack (e.g., cupsdoc, openssld, jpeg, tiff, libpng). Both guides and manual pages can be viewed using any browser via the DocView Documentation Server. By default, DocView can be reached at http://hostname:8458, where hostname is the network node name of the UnixWare system, or localhost when using a browser on your UnixWare 7 system. The browser can be running on native UnixWare, on the Linux Kernel Personality (LKP), or on the OpenServer Kernel Personality (OKP). The manual pages can also be viewed using the man(1) command; this must be done from a UnixWare shell. (The man commands under LKP and OKP display the manual pages installed in those environments, not the UnixWare 7 pages.) Note that none of the Update Pack documentation packages rebuild DocView's Search index, so any documentation added will not be searchable using DocView's Search button until indexing is run. This is done, by default, at 3:10AM local time by a root crontab(1) entry. If this time is not appropriate for your site, you can edit the crontab entry to change the time indexing is run. In general, it is a good idea to run indexing when the system load is low, since indexing can consume considerable time and system resources, depending on the amount of text being indexed. Alternately, you can run indexing manually using the /usr/lib/docview/conf/rundig command after you finish installing documentation from the Update Pack. Printing: CUPS (Common UNIX Print System) Version 1.1.19 of the Common UNIX Printing System (CUPS) is available in three separate packages: cups Client and Server Software for CUPS cupsdevCUPS Development Libraries cupsdocCUPS Online Guides and Manual Pages The current CUPS implementation supports all the documented features of CUPS, with the following exceptions: * libpaper * PAM * PHP scripts * python scripts CUPS also supports USB printing (see Printing: USB Support). We strongly suggest that you use CUPS as the print system when connecting USB printers. One side effect of this suggestion is that CUPS and System V LP cannot both be running at the same time on your UnixWare system. Although installing CUPS does not automatically replace LP as the default print spoller on your system, once you activate the CUPS print spooler the LP print spoller is disabled. In order for printers currently working under LP to work under CUPS, the printers must be manually added to the CUPS configuration. There is no provision to automatically transfer your System V LP printer configuration to your CUPS configuration. Further documentation on CUPS is available in the UnixWare online documentation under Printing (after you install the cupsdoc package) and at http://www.cups.org/documentation.php If the printer descriptions supplied with CUPS do not meet your needs, we are also providing the foomatic package of printer descriptions. Foomatic requires the ESP GhostScript printer drivers provided in the gs package, and supports dozens of printers. Further documentation on the printers supported by foomatic is available at http://www.linuxprinting.org/printer_list.cgi. You can search this site for the proper driver name for your printer, and then look for the driver in the Make/Model selection list displayed by the CUPS graphical interface. You can also search for a driver and display the printers it supports. This site rates the quality as well as availability of printer drivers. The support provided by foomatic for a given printer model also depends upon the cooperation which the Open Source community gets from various printer vendors. Vendors are ranked at http://www.linuxprinting.org/vendors.html. If the vendor for your printer is listed here in the "Useless" category, for example, it may not be possible to obtain an acceptable driver for your printer. You must install the Update Pack Set before you install cups, or CUPS will not work properly. The following packages are required by CUPS to provide the indicated functionality; they can be installed either before or after cups: foomaticprinter filters and PPD files libpng printing PNG image files jpeg printing JPEG image Files gs printing PostScript files openslp remote printer management openssl remote printer management perl support for Perl scripts used by CUPS tiff printing TIFF image files zlib decompressing image files After you install cups, the System V LP System is still the default printing subsystem. Use the chprnsys(1M) command to switch between the System V LP and CUPS printing Systems, as in this example: # chprnsys cups The chprnsys command, among other things, reconfigures the system manual pages so that the pages appropriate to the currently active print subsystem are displayed by the man command and by DocView. The online CUPS guides can be viewed under the Printing topic in DocView, when CUPS is the active print subsystem. (Note that you must install cupsdoc to get all the CUPS manual pages and guides.) CUPS can be administered using command line tools (see Printing for a list), or using the CUPS graphical interface on http://localhost:631. The scoadmin printer graphics interface will launch the administrative interface for the currently active print system. To get started, see the CUPS Quick Start Guide in the on line documentation. Please Note: If you have a USB printer, connect it to your system and turn it on before you enable CUPS. If you connect a USB printer after you enable CUPS, restart CUPS by entering: /etc/init.d/cups restart Once you install cups, the Update Pack installation is locked, until you remove the cups package. This is necessary to preserve the integrity of system software. See the section Known Problems. Printing: Foomatic Filter and PPD Files The foomatic package contains a generic printer filter and PPD (PostScript Printer Definition) files for printers that understand printer languages other than PostScript (such as PCL). This enables printing of PostScript files to these printers, by translating the PostScript file to the language understood by the printer. The filter and PPD files are integrated with the cups package (see CUPS), and cannot be used with the System V LP print system. Note that the CUPS package also provides its own PPD files. For more information, see the Printing topic in the online documentation. Programming: JPEG Image Compression) Library and Utilities The jpeg package installs libjpeg and associated utilities from Version 6b of the Independent JPEG Group's open source JPEG image compression software. The libjpeg library allows applications to compress images and store them in JFIF format files, and decompress JFIF format files containing JPEG compressed images. For JPEG release notes, see the jpeg(7) manual page. The following utilities are also provided; see the associated manual pages listed below: cjpeg(1) sample application for converting PPM, PGM, BMP, Targa image formats to JPEG djpeg(1) sample application for converting JPEG files to PPM, PGM, BMP, GIF, Targa image formats jpegtran(1)utility for lossless transcoding between different JPEG processes rdjpgcom(1)extracts textual comments from JFIF files wrjpgcom(1)inserts textual comments in JFIF files See the JPEG Archive Site at ftp://ftp.uu.net/graphics/jpeg for more documentation on the JPEG software. Programming: Perl Programming Language Version 5.8.0 A new multithreaded version of the Perl Programming Language, version 5.8.0, is supplied and installed automatically when the cups package is selected for installation using the Upgrade Wizard. The perl package does not replace the version of Perl (perl5) installed from the UnixWare 7.1.3 media. Instead, it is installed separately under /opt. The file /usr/bin/perl is, however, made a link to the new 5.8.0 version of the perl interpreter. The perl package can also be installed separately from cups. Most perl users will also want to install the perlmods package from the SCOx CD. This package fixes a CGI.pm security vulnerability (see Known Problems), and provides other updated and useful modules as well. The perlmods package can only be installed and used with the new perl package. Programming: PNG (Portable Network Graphics) Image Library The libpng package installs Version 1.2.5 of libpng, an open source library that applications can use to manipulate PNG (Portable Network Graphics) raster image files. See libpng(3) for release notes, a usage overview, and further references. See libpng(3) and libpngpf(3) for function definitions. Further documentation and archives are available at http://www.libpng.org, or ftp://ftp.uu.net/graphics/png. This package requires that the zlib package is already installed. Programming: TIFF Image Library and Utilities The libtiff package contains a library for manipulating Tag Image File Format (TIFF) image files, along with TIFF-related utilities. This version of libtiff supports TIFF version 4.0, 5.0, and 6.0 files. The package installs its own manual pages: * See Section 3t. See the libtiff(3t) manual page for an introduction. * Also see the following command manual pages: fax2ps (1) - convert a TIFF facsimile to compressed fax2tiff (1) - create a TIFF Class F fax file from raw fax data gif2tiff (1) - create a TIFF file from a GIF87 format image file pal2rgb (1) - convert a palette color TIFF image to a full color image ppm2tiff (1) - create a TIFF file from a PPM image file ras2tiff (1) - create a TIFF file from a Sun rasterfile rgb2ycbcr (1) - convert non-YCbCr TIFF images to a YCbCr TIFF image sgi2tiff (1) - create a TIFF file from an SGI image file thumbnail (1) - create a TIFF file with thumbnail images tiff2bw (1) - convert a color TIFF image to greyscale tiff2ps (1) - convert a TIFF image to PS tiff2rgba (1) - convert a TIFF image to RGBA color space tiffcmp (1) - compare two TIFF files tiffcp (1) - copy (and possibly convert) a TIFF file tiffdither (1) - convert a greyscale image to bilevel using dithering tiffdump (1) - print verbatim information about TIFF files tiffgt (1) - display an image stored in a TIFF file (Silicon Graphics version) tiffinfo (1) - print information about TIFF files tiffmedian (1) - apply the median cut algorithm to data in a TIFF file tiffsplit (1) - split a multi-image TIFF into single-image TIFF files tiffsv (1) - save an image from the framebuffer in a TIFF file (Silicon Graphics version) SCOx Client API and Web Services Support The SCOx Client API is a set of application programming interfaces that use standard web technologies such as WSDL, SOAP, XML, and XML Schemas to enable your applications to interface with SCObiz. SCObiz is a comprehensive web site development, deployment, and hosting service through which SCO's partners can provide web site hosting solutions to their customers. SCObiz provides an infrastructure that enables solution providers to quickly and easily create e-Commerce or information-oriented web sites. The web services supported by SCOx and SCObiz enable applications to exchange data directly over the internet, without human intervention. Such applications can be anything from simple requests to complex business processes. The SCOx client libraries and web services are available on a separate CD image. Release notes and installation instructions can be found at the top level of the SCOx CD image, and on the UnixWare Supplements Web Page. Also see the SCOx and SCObiz Web Sites. Please Note: You must install the Update Pack Set before you install the SCOx CD. Please read the SCOx Release Notes from the CD or Supplements Page before installing SCOx. ------------------------------------------------------------------------ Update Pack 2 New Features Update Pack 2 contained all the new features listed below, as well as the new features from Update Pack 1. See the section Problems Fixed for the maintenance fixes included in the current Update Pack, and the section Known Problems for limitations and workarounds. Features in the Update Set: Compatibility: New Tunable Parameters for 16-bit IPC Desktop Login: Default Desktop Filesystems: SCOAdmin Filesystem Manager Moved Hardware: PCI Serial Support Networking: DNS Manager Enhancements Printing: Increased Number of Print Jobs Security: Core Dump for root Processes Storage Management: Disk, Partition, and Slice Managers Features in Other Packages: Hardware: Host Bus Adapter (HBA) Drivers Hardware: Network Interface Card (NIC) Drivers Hardware: Video Drivers Internet Browser: Mozilla 1.2.1 Networking and Security: Updated OpenSSH and OpenSSL Online Documentation: Updated Guides and Manual Pages Security: Padding of Short Ethernet Frames Security: Updated zlib Data Compression Library Windows Interoperability: Samba 2.2.8a Features in the Update Set: The features listed in this section are installed with the Update Pack Set. See the Installation Procedures section for how to install the Update Pack Set. Compatibility: New Tunable Parameters for 16-bit IPC Previously, the system calls shmget(2), msgget(2), and semget(2) returned 32-bit InterProcess Communication (IPC) IDs for shared resources under UnixWare. OpenServer and Xenix applications, however, expect IPC IDs that are positive, signed 16-bit numbers. A new flag, IPC_SMALLID, may be passed in to the IPC routines listed above. If this flag is passed in, then, on success, the invoked function returns a 16-bit IPC ID. Otherwise, a 32-bit IPC ID is returned. The IPC_SMALLID flag is introduced for use in cases in which a native UnixWare application requires a small IPC ID in order to share the ID and associated object with OpenServer or Xenix applications. For example, the Xenix emulator included with the OpenServer Kernel Personality (OKP) product uses IPC_SMALLID for every IPC ID it requests, so Xenix applications can use IPC as expected. In addition to the IPC_SMALLID flag, three new tunables are also available for cases where the entire system must be tuned to return 16-bit IPC IDs to support OpenServer and Xenix applications. These tunables are SHMSMALLID, MSGSMALLID, and SEMSMALLID, and they affect the return values of shmget(2), msgget(2), and semget(2), respectively. Each has a default value of 0, and a range of values of 0 to 1. Each tunable controls whether the corresponding IPC system call returns a 16-bit ID by default. If the tunable is set to 0 (the default), then the corresponding routine always returns a 32-bit ID; if the tunable is set to 1, then the corresponding routine always returns a 16-bit ID. The kernel has been modified to always return 16-bit IPC IDs to a running application that it recognizes as an OpenServer or Xenix executable, regardless of the setting of the above tuneables. Desktop Login: Default Desktop The dtlogin(X1) daemon has been enhanced to save the desktop chosen when a user logs in. The next time the same user logs in, the previously used desktop will be launched, unless the user chooses another from the Desktop menu on the Graphical Login screen. Two new keywords that control this feature can be specified in the file /etc/default/login: SAVEUSERGUI which can be YES or NO. This is a system wide default which controls whether dtlogin remembers what window manager the user used last. The default value is YES. DEFAULTWINDOWMANAGER which can be cde, kde, or pmwm. This is a system wide default. If a user hasn't logged into the system before and doesn't select a window manager from the dtlogin Options > Session menu, then the DEFAULTWINDOWMANAGER is used. Once a user has logged into a graphical desktop, the dtlogin menu Options > Session will display the following choices: [Last Desktop Session Selected] Common Desktop Environment (CDE) and UNIX Personality Panorama Session and UNIX Personality KDE2 and Linux Personality (LKP) Failsafe Session (If you do not have LKP installed, the entry "KDE2 and Linux Personality (LKP)" will not be displayed.) Your default window manager is either the system default window manager (DEFAULTWINDOWMANAGER) as specified in /etc/default/login or the window manager you previously selected from the Options > Session menu. You can change your personal default window manager by selecting a new window manager from the Options > Session menu. Your personal default window manager overrides the system default window manager unless SAVEUSERGUI is set to NO. Filesystems: SCOAdmin Filesystem Manager Moved The SCOadmin Filesystems Manager has been moved from the main SCOadmin screen (started from the CDE or Panorama Desktop menus, or from the command line with the scoadmin command), to a new Storage folder. The Storage folder also contains the new Disk, Partition, and Slice Managers, described below. Hardware: PCI Serial Support The asy and asyc drivers (see the asyc(7) manual page) are now configured by default to support up to ten total serial ports. The ports are named following the conventions described in the section Hardware > Configuring Serial Ports > Serial device node naming conventions in the online documentation. The drivers now support 16654 UARTS on the motherboard, as well as Digi Classicboard and Connecttech Blue Heat PCI cards. PCI devices honor the resmgr entries created or modified by dcu(1M). Note that only scanned (i.e. not PCI) devices may be used for kdb(1M) or console devices. For more information on the ConnecTech and Digi boards mentioned above, see the respective companies' web sites: http://www.dgii.com/products/multiport%20serial%20cards/classicboard.jsp http://www.connecttech.com/sub/Products/ProductList.asp Networking: DNS Manager Enhancements The DNS Manager (scoadmin dns) has been updated with the following fixes and enhancements: * The DNS Manager will launch only one server deamon. In previous releases, the DNS Manager would invoke another DNS server when the Manager was started or terminated. * Enhanced the Manager so that it does not remove configuration and zone data file information entered by other mechanisms (e.g., vi(1) or h2n(1M)). This was a problem in earlier releases. * Enhanced h2n(1M) so that it will work properly with files created or edited by the DNS Manager (e.g., uses the same conventions, such as zone data file names). In previous releases, you could not use both tools on the same set of files. * The Server pull down menu now adds options reliably to the current configuration. The DNS configuration file it produces is validated with the named-checkconf utility. It also cleans up appropriately when configuration options and statements are removed. * Add and Modify Zones commands for the Primary server type have been improved: o The Modify command now performs more reliably. o Fixed issues of generating corrupted Zone Data Files via the Manager. o Greatly improved the allowed character set and format of MAILBOX type entries for the SOA and RP Resource Records (improved RFC2822 support). o Improved the allowed character set and format of the HINFO Resource Record. o Greatly improved the allowed character set and format of the TXT Resource Record. Printing: Increased Number of Print Jobs The System V LP printing subsystem has been enhanced to allow a maximum of 999 print jobs per printer, or class of printers. In previous releases, only 999 print jobs for the entire system were permitted. Security: Core Dump for root Processes By default, privileged processes (i.e., processes running as root) do not dump core files, to prevent unprivileged access to sensitive data that may be contained in the core file. (See the core(4) manual page for a description of core files.) A new tunable parameter (COREFILE_SECURE) has been introduced that, if set in the current environment of a privileged process, allows the process to dump a core file when a program exception occurs. Such core files should be protected from unprivileged access by ensuring the file permissions allow only owner access, and that the file is owned by root. You can do this using the following commands: chmod 400 corefile chown root corefile COREFILE_SECURE can also be set for the entire system using the System Tuner. Enter scoadmin system tuner at a shell prompt, or launch SCOadmin from the desktop and select System > System Tuner. Storage Management: Disk, Partition, and Slice Managers Three new SCOadmin managers provide a graphical mass storage management interface: Disk Manager Manages the logical and physical disk configuration, as well as I/O paths (including Multi-Path I/O). The other two managers can be launched from this interface to define disk partitions and partition slices. Partition Manager Add and remove disk partitions. The Slice Manager can be launched from the Partition Manager to display the slices in a partition. Slice Manager Displays slices defined within a disk partition. These managers are grouped under a new Storage folder in the SCOadmin main window. Start SCOadmin from the CDE or Panorama desktop menus, or by entering scoadmin at a UNIX shell prompt. Managers can also be started from the command line using their names; for example, scoadmin disk starts the Disk Manager. Use the Help button on the main window of any Storage manager to display the online documentation, or look under the Mass Storage Devices Overview topic at the top level of DocView on http://hostname:8458. Features in Other Packages: The features listed in this section are contained in separate packages from the Update Pack Set. To install them, either select them from the Upgrade Wizard when you install the Update Pack Set, or follow the instructions in the section Installing Additional Packages after the Update Pack Set. See Update Pack Contents for the list of additional packages available. Hardware: Host Bus Adapter (HBA) Drivers The following HBA drivers are new or updated: Adaptec Ultra160 Family PCI SCSI HBA d3.14 (adst70) This updated version of the adst70 driver fixes a panic that occurred previously on transition to init(1M) state 1. Adaptec Ultra320 Family PCI SCSI HBA d2.0 (adpu320) This new driver supports the following Adaptec Host Bus Adapters: Adapter Chip Type AHA29320x, AHA39320x AIC-7901A, AIC-7902A4 Ultra320 SCSI Intel Integrated Raid (IIR) HBA Driver Package 2.33 (iir) This new driver supports the following Intel® Host Bus Adapters: Adapter Type SRCFC22C Dual Channel 2 Gb/s Fibre Channel RAID w/Ultra160 SCSI SRCS14L Four Port S-ATA RAID SRCMR Modular RAID on Motherboard Ultra160 SCSI SRCU-31 Single Channel Ultra160 SCSI RAID SRCU-31L Single Channel Ultra160 SCSI RAID SRCU-32 Dual Channel Ultra160 SCSI RAID Diskette images of these drivers suitable for use during a new installation of UnixWare are available at ftp://ftp.sco.com/pub/unixware7/drivers/storage. Also see the Compatible Hardware Page for the latest supported hardware and drivers. Hardware: Network Interface Card (NIC) Drivers The nd package contains the following updated NIC drivers. The bcme Broadcom Server Adapter driver v6.0.15 supports these models: 3Com 3C996/3C1000/3C94X Gigabit Ethernet Broadcom BCM5700 NetXtreme Gigabit Ethernet Broadcom BCM5701 NetXtreme Gigabit Ethernet Broadcom BCM5702 NetXtreme Gigabit Ethernet Broadcom BCM5703 NetXtreme Gigabit Ethernet Broadcom BCM5704 NetXtreme Gigabit Ethernet Broadcom BCM5704S NetXtreme Gigabit Ethernet Broadcom BCM5705 NetXtreme Gigabit Ethernet Broadcom BCM5782 NetXtreme Gigabit Ethernet for hp HP NC6770 Gigabit Ethernet HP NC7760 Gigabit Ethernet HP NC7761 Gigabit Server Ethernet HP NC7770 Gigabit Ethernet HP NC7771 Gigabit Ethernet HP NC7772 Gigabit Server Ethernet HP NC7780 Gigabit Ethernet HP NC7781 Gigabit Ethernet HP NC7782 Gigabit Ethernet HP NC7783 Gigabit Ethernet The e1008g Intel PRO/1000 Server Adapter driver v7.0.11 supports these models: PRO/1000 Gigabit Server Adapter PWLA8490 PRO/1000 Gigabit Server Adapter PWLA8490G1 PRO/1000 F Server Adapter PWLA8490SX PRO/1000 Gigabit Adapter PWLA8490SXG1P20 PRO/1000 T Server Adapter PWLA8490T PRO/1000 T Server Adapter PWLA8490TG1P20 PRO/1000 XT Server Adapter PWLA8490XT PRO/1000 XT Server Adapter PWLA8490XTL PRO/1000 XT Lo Profile Server Adapter PWLA8490XTL PRO/1000 XF Server Adapter PWLA8490XF IBM Netfinity Gigabit Ethernet SX Adapter 09N3599 IBM Netfinity Gigabit Ethernet SX Adapter 30L7076 IBM Gigabit Ethernet SX Server Adapter 06P3718 IBM Gigabit Ethernet Server Adapter 22P4618 PRO/1000 MT Desktop Adapter PWLA8390MT PRO/1000 MT Server Adapter PWLA8490MT PRO/1000 MT Dual Port Server Adapter PWLA8492MT PRO/1000 MF Server Adapter PWLA8490MF PRO/1000 MF Dual Port Server Adapter PWLA8492MF The eeE8 Intel Pro100 PCI Adapter driver v2.5.4 supports these models: PRO/100+ Management Adapter (PILA8900) PRO/100 Server (PILA8480) Pro/100B T4 (PILA8475B) PRO/100 S Server (PILA8474B) PRO/100 S Server (PILA8474BUS) PRO/100+ Dual Port Server Adapter (PILA8472) PRO/100+ Server Adapter (PILA8470) PRO/100+ Server Adapter (PILA8470B) PRO/100+ Dual Port Server Adapter (61PMCA00) PRO/100 (PILA8465) PRO/100B Adapter (PILA8465B) InBusiness 10/100 Adapter (SA101TX) PRO/100 S Management (PILA8464B) Pro/100+ Management Adapter (PILA8461) Pro/100+ (PILA8460) Pro/100+ Management Adapter (PILA8460B) Pro/100+ (PILA8460BN) PRO/100 S Management (PILA8460BUS) Pro/10+ (PILA8500) Pro/10+ (PILA8520) See the Compatible Hardware Page for the latest supported hardware and drivers. Hardware: Video Drivers The xdrivers package provides a new nvidia graphics driver that supports the following graphics cards from NVIDIA Corporation: NVIDIA RIVA TNT2/TNT2 Pro NVIDIA RIVA TNT2 Ultra NVIDIA Vanta/Vanta LT NVIDIA RIVA TNT2 Model 64/Model 64 Pro NVIDIA Aladdin TNT2 NVIDIA GeForce2 MX/MX 400 NVIDIA GeForce2 MX 100/200 NVIDIA Quadro2 MXR/EX Also see the Compatible Hardware Page for the latest supported hardware and drivers. Internet Browser: Mozilla 1.2.1 The Mozilla internet browser, version 1.2.1, is included in a separate package as an alternative to Netscape Communicator 4.61 (delivered in the base Release 7.1.3 system). If you install Mozilla using the Upgrade Wizard when you install the Update Set, all prerequisite packages will be installed as well. If you install Mozilla using pkgadd(1M), you will need to install them in the order shown (after installing the Update Set) to enable Mozilla on UnixWare 7.1.3: * basex * xserver * glib * gtk * libIDL * mozilla * j2jre131 * j2plg131 The j2re131 and j2plg131 packages are required for Java plug-in support only. For example, if you download all the .image files from the download site to /var/spool/pkg, use the following commands to install these packages: pkgadd -d /var/spool/pkg/basex.image all pkgadd -d /var/spool/pkg/xserver.image all pkgadd -d /var/spool/pkg/glib.image all pkgadd -d /var/spool/pkg/gtk.image all pkgadd -d /var/spool/pkg/libIDL.image all pkgadd -d /var/spool/pkg/mozilla.image all pkgadd -d /var/spool/pkg/j2jre131.image all pkgadd -d /var/spool/pkg/j2plg131.image all If you are using a mounted CD or CD ISO image (see Step 1 and 2 of Installing the Update Pack from CD), mounted under /install, enter the following: pkgadd -d /install basex pkgadd -d /install xserver pkgadd -d /install/glib.image all pkgadd -d /install/gtk.image all pkgadd -d /install/libIDL.image all pkgadd -d /install/mozilla.image all pkgadd -d /install j2jre131 pkgadd -d /install j2plg131 A mozilla(1) manual page is installed with the browser, and can be viewed with the man(1) command or with DocView on http://hostname:8458. Using Mozilla in non-English Locales The following notes apply to using the Update Pack 2 version of Mozilla in locales other than en_US. 1. The mozilla released in the Update Pack 2 has been built for the US English locales. All menus and help material are in English. 2. Localization of the user interfaces are provided by individual contributors to the Mozilla Localization Project. These typically: o provide localized chrome files and profile defaults. o are provided in the form of Language Packs for specific locales that will will install and register the new chrome files into the mozilla release. 3. Language Packs currently available for Mozilla 1.2.1 are: Asturian, Belarusian, Breton, Catalan, Simplified Chinese (China), Traditional Chinese (Hong Kong), Traditional Chinese (Taiwan), Czech, Danish, Dutch, English (United Kingdom), Esperanto, Estonian, French, Galician, German, Greek, Hungarian, Italian, Korean, Lithuanian, Mongolian, Norwegian Nynorsk, Telugu, Turkish, Romanian, Russian, Slovak, Slovenian, Sorbian, Spanish (Latin America), Spanish (Argentina), Spanish (Spain), Polish, Portuguese (Brazil) and Ukrainian. 4. To install individual Language Packs, do the following as root in Mozilla: a. Select Edit > Preferences > Appearance > Language/Contents. b. Under Installed Language Packs, select Download More. This will download the MLP Status web page. c. Select the Language Pack desired under the Mozilla 1.2.1 heading. The language pack will be downloaded and installed and the chrome registry will be updated. d. Repeat for each additional language pack desired on the system. NOTE: Do not attempt to download Mozilla "Content Packs". These contain binaries and libraries compiled for locales on specific operating systems. There are currently no Content Packs for Mozilla running on UnixWare 7, and loading one of them may result in unexpected behavior. 5. Once a Language Pack is installed, it must be enabled in Mozilla. Select Edit > Preferences > Appearance > Language/Contents, and choose the Installed Language Pack desired. Then restart Mozilla for the new language pack to take effect. 6. When using Mozilla in a Japanese locale, Japanese characters may not be displayed as they are typed using the X input method (invoked by typing Shift+Space). The Japanese characters are instead displayed when Enter is pressed. This behavior is the default setting of the xim.input_style attribute in the Mozilla browser. To have characters displayed as they are typed in Japanese locales, add the following line to each user's java script preferences file (typically $HOME/.mozilla/default/*/prefs.js): user_pref("xim.input_style", "over-the-spot"); Online Documentation: Updated Guides and Manual Pages The basedoc and baseman packages contain guide material and manual pages for the new features, enhancements, and fixes delivered with Update Pack 2. They assume that the packages of the same name from Release 7.1.3 are already installed. Online documentation is viewed using the DocView documentation server (docview), at http://hostname:8458, where hostname is the network node name of the UnixWare system (e.g., system1, system1.yourdomain.com, etc.) or localhost. The document you are reading now is found under New Features and Notes. Networking and Security: Updated OpenSSH and OpenSSL The OpenSSL package has been updated to 0.9.7 with a security fix that prevents a timing-based attack on cipher suites used in SSL and TLS. OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library. A user level command, openssl(1), is provided that performs a variety of cryptographic functions. Documentation for OpenSSL is packaged separately in openssld on the UnixWare 7.1.3 Updates and Upgrades CD #2. The following manual pages are installed under /usr/man, and can be viewed via man(1) or the DocView Man Pages button (http://hostname:8458): asn1parse.1 pkcs12.1 bio.3 md5.3 ca.1 pkcs7.1 blowfish.3 mdc2.3 CA.pl.1 pkcs8.1 bn.3 OPENSSL_VERSION_NUMBER.3 ciphers.1 rand.1 bn_internal.3 OpenSSL_add_all_algorithms.3 crl.1 req.1 buffer.3 rand.3 crl2pkcs7.1 rsa.1 crypto.3 rc4.3 dgst.1 rsautl.1 d2i_DHparams.3 ripemd.3 dhparam.1 s_client.1 d2i_RSAPublicKey.3 rsa.3 dsa.1 s_server.1 des.3 sha.3 dsaparam.1 sess_id.1 dh.3 ssl.3 enc.1 smime.1 dsa.3 threads.3 gendsa.1 speed.1 err.3 genrsa.1 spkac.1 evp.3 config.5 nseq.1 verify.1 hmac.3 openssl.1 version.1 lh_stats.3 des_modes.7 passwd.1 x509.1 lhash.3 For more information on OpenSSL see the OpenSSL Web Site. The openssh 3.4p1 package has been updated to fix several minor problems with the location and file permissions of /etc/sshd.pid, and the location of /usr/X11R6.1/bin/xauth. OpenSSH is a suite of network connectivity tools that encrypts all traffic to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. OpenSSH provides a variety of secure tunneling capabilities and authentication methods. This version fixes a major security vulnerability present in versions 2.3.1 to 3.3, and is built with privilege separation and compression turned on. SSH protocol versions 1.3, 1.5, and 2.0 are supported. The OpenSSH suite includes: * ssh(1) (slogin), alternative to rlogin and telnet * scp(1) (alternative to rcp) * sftp(1) (alternative to ftp) * sshd(8), the SSH server daemon (alternative to rshd) * sftp-server(8), the SFTP server daemon (alterative to ftpd) * ssh-agent(1), the authentication agent, and associated tools: ssh-add, ssh-keygen, ssh-keyscan Manual pages are provided for all of the above commands, as well as pages for the ssh_config(5) and sshd_config(5) SSH client and server configuration files. To display them, use the man(1) command or DocView on http://hostname:8458. For more information on OpenSSH, please go to the OpenSSH Web Site http://www.openssh.org/manual.html. NOTE: You should install OpenSSL from the Update Pack before installing OpenSSH, even if you have a previous version of OpenSSL already installed. Security: Padding of Short Ethernet Frames Ethernet packets are required by RFC894 and RFC1042 to be a minimum of 46 bytes. Smaller packets are required to be padded with zeros to the 46 byte minimum, but the standards do not specify what part of the system (e.g., the kernel, the driver, etc.) should do the padding. As a result of this ambiguity in the standard, some drivers will pad Ethernet packets themselves (sometimes called "auto-padding") with random data obtained from a buffer. The information contained in the buffer is used as padding in the Ethernet frame, and therefore is available to any program that is monitoring network packets. UnixWare closes this vulnerability by padding the Ethernet buffer with zeros at the DLPI level, before the driver (or any other entity) has an opportunity to pad the buffer with non-zero data. The system is updated with this enhancement by the nics package. Security: Updated zlib Data Compression Library The zlib data compression library package (/usr/lib/libz.so) has been updated to eliminate a security vulnerability due to a buffer overflow condition in the gzprintf function. The zlib Manual from the zlib Home Page is available as a manual page; enter man zlib or use the Man Pages button in DocView on http://hostname:8458. Windows Interoperability: Samba 2.2.8a Samba provides filesharing capabilities using native Microsoft SMB and CIFS protocols for interoperability with Microsoft operating systems. Samba 2.2.8a is provided in two versions: a single-byte version for Western locales (samba) and a multibyte version suitable for Asian locales (sambamb). The important difference between the two versions is the sorting algorithm used for file ordering which determines whether the file sorting is compatible with wide-character or ascii character code environments. Note the following when installing Samba: * If you are upgrading from a previous release of Samba on UnixWare, save a copy of your existing /usr/lib/samba/lib/smb.conf file before you begin installation, so you can restore any settings that might be affected by the upgrade. * If Samba fails to start, make sure the directory /usr/lib/samba/private exists, that it has 755 permission, and is owned by user root and group bin; then, start Samba, as shown: # cd /usr/lib/samba # mkdir private # chgrp bin private # chown root private # /etc/init.d/samba start * By default, /tmp is automatically shared. This can be a security concern, since various system utilities keep temporary data in /tmp. To remove the /tmp share, log into SWAT (see above) and select the Shares icon. On the next screen, highlight the tmp share in the list box and select the Delete Share button. * Samba cannot run together with Advanced File and Print Sharing (AFPS; found on the Optional Services CD #3), nor with the NetBIOS protocol running. If Samba will not start, do the following to determine if AFPS or NetBIOS are running, and disable them if necessary: 1. Enter: # cd /etc/rc2.d 2. Determine if either of the following files exist in this directory: S74netbios S99ms_srv If these one or both of these files exist, enter the appropriate command or commands shown below: # mv S74netbios s74netbios # mv S99ms_srv s99ms_srv 3. Reboot the system: # shutdown -i6 -g0 -y 4. Start Samba: # /etc/init.d/samba start * Samba is configured with the SWAT (Samba Web Administration Tool) utility using a web browser on http://hostname:901; links to all the Samba documentation are provided from there. To start SWAT: 1. As root, enter: # /usr/lib/samba/sbin/swat 2. Point a web browser at http://localhost:901. 3. Log in to SWAT as root. 4. The main SWAT screen provides links to all the Samba documentation. Select the Status icon to start the Samba daemons. * To start, stop, and restart Samba from the command line, use the /etc/init.d/samba command, as in this example: # /etc/init.d/samba start To enable Samba at system startup, enter the following: # /etc/init.d/samba enable Samba will now start up automatically whenever the system boots. The disable parameter returns Samba to manual startup. * Localization settings in both the single-byte and multibyte versions are accessed from the SWAT Home Page by clicking on the Globals tab, and then selecting Advanced View. Set appropriate values for your locale for the client code page, the character encoding system, and the other options (each option has context-sensitive help). Please refer to the documentation for smb.conf for futher details. * Note: the smbfs file system and associated commands (smbmnt, smbmount, smbumount) are not supported on Release 7.1.3. Other client tools, such as smbspool, are supported. More Samba documentation and other resources are provided on the Samba Home Page. ------------------------------------------------------------------------ UnixWare 7.1.3 Update Pack 1 New Features Update Pack 1 was delivered with the following features. See the section Problems Fixed for the maintenance fixes included in the current Update Pack, and the section Known Problems for limitations and workarounds. DocView Enhancements Emergency Recovery CD Support Emergency Recovery Master Boot Record Option Host Bus Adapter Drivers Network Card Drivers Networking: dlpid Performance Enhancements PPP Enhancements Printing PostScript Files on PCL Printers tcpdump Enhancements UNIX95 Conformance DocView Enhancements The DocView documentation server displays the UnixWare documentation set on port 8458, and is enabled by default for network access. Point any browser on your network at http://hostname:8458, where hostname is the network node name of the UnixWare system, or localhost if you are logged into the system running DocView. Two enhancements have been made to DocView: Automatic Indexing A crontab file entry that generates the DocView index automatically when changes are made to the installed documentation has been added to the root crontab file. The crontab entry runs indexing every day at 0310 hours (3:10 AM local time), and is enabled by default. This process can take a significant amount of time depending on the amount of documentation being indexed and available system resources. The crontab entry is enabled and disabled using the following commands: # /usr/lib/docview/conf/set.rundig.cron --add # /usr/lib/docview/conf/set.rundig.cron --remove To change the time that the script is run, log in as root and enter: # EDITOR=/bin/vi crontab -e The command above edits the root crontab file using the vi(1) editor. The crontab entry that starts DocView indexing looks like this: 10 3 * * * /usr/lib/docview/conf/rundig.crontab > /dev/null 2>&1 Change the time as needed, following the file format shown on the crontab(1) manual page. Save your changes to the file, and exit the editor. DocView Print Service A new printing interface has been added that allows you to pick a group of topics to be printed as a book. Selecting the Print Book button at the top of the DocView screen opens a copy of the DocView Site Map, from which you can select topics by turning on the check boxes next to the listed topics. At the top of the Print Service screen, select whether you want to generate a PostScript or PDF file. Specify a title for the book, and the heading level to be used in the table of contents. Select the Submit button to collect the selected topics and format them for printing. The cover and custom table of contents are generated and added to the beginning of the document, and the results are paginated appropriately. When DocView is finished preparing the file, it displays a screen telling you the size of the file and the number of pages in the document. Select the Proceed with download button to start downloading the file to your browser (this requires appropriate plug-in support in the browser), or save it to a file on your local system. The resulting files can be viewed with any PostScript or PDF viewer; this includes xpdf and gs (GhostScript) under UnixWare or the Linux Kernel Personality (LKP), and Adobe Acrobat on Windows) or any PDF-enabled browser. PostScript files can be printed to any UnixWare PostSript printer via lp, as in this example: $ lp -T PS -d printer file Note that the assembled PDF or PostScript file is limited to about 1.5MB of HTML text, or about 600 pages. If your selections exceed this limit, an error message is displayed. Select your browser's Back button to go back to the Print Service screen and turn off some of your selections. Also note that the Print Book interface works only with non-multibyte text; multibyte text, such as that found in Asian-language files, can be printed using the browser's Print interface (if the proper language support is installed on your system and in your the browser). Display the document either by navigating to it through the DocView menus, or using the DocView Site Map button (which is organized the same as the Print Book interface). Then, print the document using the browser's Print command (File > Print in Netscape and Mozilla). Emergency Recovery CD Support The emergency_disk(1M) command supports creating an emergency recovery boot CD, as an alternative to using boot floppies. In previous releases, a set of emergency recovery floppy disks was required to boot the system. This meant that your system had to have a 3.5-inch floppy disk drive in order to be restored from emergency recovery media. This is a problem for newer systems that do not support IDE floppy drives. Now, emergency_disk can create a boot CD using CD-R or CD-RW media on an IDE, SCSI, or USB recordable CD drive, so that boot floppies are no longer required. See the emergency_disk(1M) manual page for more information. Note that the cdrtools package (found on the UnixWare 7.1.3 Optional Services CD #3) is required to create an emergency recovery boot CD, and that only CD-R, CD-RW, and DVD+RW drives that work with cdrtools are supported for emergency recovery. To test a particular drive to see if it will work with emergency_disk, enter the cdrecord commands shown below. The first command returns the arguments you need in the second command. The second invocation of cdrecord should return the string shown as part of its output: # /bin/cdrecord -scanbus # /bin/cdrecord -inq dev=scsibus,target,lun ... Device seems to be: Generic mmc CD-RW. ... The following CD drives are known to work with emergency recovery: CenDyne/AOpen 48X12X50 USB HP DVD+RW 200i ATAPI KHypermedia/BenQ 48X24X48 ATAPI LITE-ON LTR-52246S IDE Plextor CD-RW 16/10/40A ATAPI Plextor CD-RW 24/10/24U PX-W2410A USB Yamaha CD-RW CRW8824S SCSI Problems have been observed with the IOMEGA ZIPCD USB drive and the OPTORITE CD-RW CW4802 IDE drive. To prevent a timeout problem when burning a CD using an IDE CD-RW drive, the following value in /etc/conf/pack.d/ide/space.c is changed by the installation of the Update Pack from: int atapi_timeout=10; to: int atapi_timeout=1000; If you use cdrtools to burn CDs on an IDE hard drive but do not install the Update Pack, you can edit /etc/conf/pack.d/ide/space.c to make the above change, rebuild the kernel (idbuild -B), and then reboot (shutdown -i6 -g0 -y). Emergency Recovery Master Boot Record Option When restoring the system using emergency recovery boot media (CD or floppy), a new option to write the master boot record (MBR) of the primary hard disk is displayed. This option writes the UnixWare MBR to the boot sector of the primary hard disk. This option is useful if the disk is known to have a valid operating system (OS) on it, yet the error No OS found, No operating system, or a similar message is displayed when you attempt to boot from the disk. Writing the MBR may permit the disk to boot without further recovery. Note: any other OS boot loader in the boot sector (such as grub, lilo, or System Commander) will be overwritten by this option. Host Bus Adapter Drivers The following Host Bus Adapter (HBA) drivers are new or updated: mpt A new LSI Logic PCI to SCSI and Fibre Channel host adapter driver for LSI Logic Ultra320 and Fibre Channel chipsets. For supported devices and other information, see mpt(7). qlc2200 Updated QLogic PCI FC host adapter driver to fix problems reported when removing disks from an IBM ESS Storage Area Network (SAN) Cabinet. For supported devices and other information, see qlc2200(7). These drivers are not installed by the Upgrade Wizard (uli), unless (in the case of qlc2200), a previous version exists on the system. To install them, use the pkgadd command as shown in the section Installing Additional Packages after the Update Pack Set. Also see the Compatible Hardware Page for the latest supported HBAs and drivers. Network Card Drivers The nd package on the Update Pack CD contains updated versions of the following network interface card (NIC) drivers, which now support the indicated network cards: eeE8 PRO/100+ Management Adapter (PILA8900) PRO/100 Server (PILA8480) Pro/100B T4 (PILA8475B) PRO/100 S Server (PILA8474B) PRO/100 S Server (PILA8474BUS) PRO/100+ Dual Port Server Adapter (PILA8472) PRO/100+ Server Adapter (PILA8470) PRO/100+ Server Adapter (PILA8470B) PRO/100+ Dual Port Server Adapter (61PMCA00) PRO/100 (PILA8465) PRO/100B Adapter (PILA8465B) InBusiness 10/100 Adapter (SA101TX) PRO/100 S Management (PILA8464B) Pro/100+ Management Adapter (PILA8461) Pro/100+ (PILA8460) Pro/100+ Management Adapter (PILA8460B) Pro/100+ (PILA8460BN) PRO/100 S Management (PILA8460BUS) Pro/10+ (PILA8500) Pro/10+ (PILA8520) e1008g PRO/1000 Gigabit Server Adapter PWLA8490 PRO/1000 Gigabit Server Adapter PWLA8490G1 PRO/1000 F Server Adapter PWLA8490SX PRO/1000 Gigabit Adapter PWLA8490SXG1P20 PRO/1000 T Server Adapter PWLA8490T PRO/1000 T Server Adapter PWLA8490TG1P20 PRO/1000 XT Server Adapter PWLA8490XT PRO/1000 XT Server Adapter PWLA8490XTL PRO/1000 XT Lo Profile Server Adapter PWLA8490XTL PRO/1000 XF Server Adapter PWLA8490XF IBM Netfinity Gigabit Ethernet SX Adapter 09N3599 IBM Netfinity Gigabit Ethernet SX Adapter 30L7076 IBM Gigabit Ethernet SX Server Adapter 06P3718 IBM Gigabit Ethernet Server Adapter 22P4618 PRO/1000 MT Desktop Adapter PWLA8390MT PRO/1000 MT Server Adapter PWLA8490MT PRO/1000 MT Dual Port Server Adapter PWLA8492MT PRO/1000 MF Server Adapter PWLA8490MF PRO/1000 MF Dual Port Server Adapter PWLA8492MF You can select the nd package when you use the Upgrade Wizard to install the Update Pack CD. To add the nd package separately, see the instructions in the section Installing Additional Packages after the Update Pack Set. The UnixWare 7.1.3 nd package can also be installed on Release 7.1.1 and Release 7.1.2 (also known as OpenUNIX 8.0.0) to update the network drivers or to take advantage of the enhanced tcpdump functionality (see tcpdump Enhancements). Please note the following when installing the Release 7.1.3 nd package on Release 7.1.1: * You will also need to install ptf7689b ( view text file | download) on Release 7.1.1 before installing the updated nd package; otherwise the latest tcpdump fails on Release 7.1.1 with the message dynamic linker: tcpdump: binder error: symbol not found: strlcpy. * During installation on Release 7.1.1, the error UX:grep: ERROR: cannot open /etc/inst/nd/mdi/shrkudi/Master: No such file or directory is displayed. This error affects the UDI shrk driver only, which is not supported on Release 7.1.1. Use the MDI version of the shrk driver instead. See the Compatible Hardware Page for the latest supported network cards and drivers. Networking: dlpid Performance Enhancements Poor system and network performance has been observed on some systems when one or more of the Network Interface Cards (NICs) attached to the system is unplugged from the network. This was due to repeated failure indications being sent to the dlpid(1M) daemon. In Release 7.1.3, a change was made to dplid to correct this problem. dlpid was changed to check the time between successive hardware failure indications. If the time difference is less than 10 seconds, dlpid sleeps for a 10 second interval before trying the device again. dlpid has been further extended to sleep for a configurable duration between successive hardware failure indications, to allow the NIC to reset and come out of the failure mode, in cases where the default 10-second wait is not enough time for the NIC to reset. A new dlpid option, -r, is added to wait for the specified time. By default it is set to 10 seconds. If the pre-7.1.3 behavior is required (i.e., no wait between successive hardware failure indications), then dlpid can be started with the -r option set to 0. PPP Enhancements Various enhancements were made to the pppd(1M) daemon to enhance the reliability and scalability of Point-to-Point Protocol (PPP) connections. Most of these improvements were made to driver code, and so are not visible at the user level. Some are listed in the section Problems Fixed. Printing PostScript Files on PCL Printers A System V lp(1) filter has been added to allow printing of PostScript files (such as those created by Netscape) to be printed on PCL Printers (such as Hewlett-Packard). To enable this feature: 1. Check to see if GhostScript is already installed, by entering: pkginfo gs If it is not installed, install the gs package from the Update Pack as shown in the section Installing Additional Packages after the Update Pack Set. 2. Define a PCL printer using the scoadmin printer interface. 3. Enter a command like the following to print a PostScript file on the printer. lp -TPS -d pcl_printer file.ps Where pcl_printer is the name of the printer and file.ps is the name of the PostScript file. This command (without the file name) can be specified in your browser's preferences to print files automatically to this printer. tcpdump Enhancements Version 3.7.1 of tcpdump(1M) is provided, along with its supporting library, libpcap(3) (version 0.7). The tcpdump utility allows you to view and save TCP headers passing through a particular network interface. Boolean expressions can be used to select only those headers that match the criteria given by the expression. This version of tcpdump has many enhancements over the version (3.4a5) provided in UnixWare 7.1.3. Most notably, the new version does not require a dedicated network card for tcpdump. Multiple instances of tcpdump can be started to monitor the same card. See the tcpdump(1M) and pcap(3) manual pages. Also see the tcpdump web site for libpcap tutorials, as well as tcpdump and libpcap source code. A number of changes to the MDI and DLPI interfaces were made to support the new version of tcpdump. 1. Two new MDI ioctl commands are added for MDI2.2 drivers, to turn promiscuous mode on and off: MACIOC_PROMISCON and MACIOC_PROMISCOFF. MACIOC_PROMISCON is compatible with MACIOC_PROMISC in MDI2.1. 2. The following DLPI2.0 features are also implemented: o Allow sharing of SAPs by network interface cards. o Support the DL_PROMISCON_REQ and DL_PROMISCOFF_REQ primitives. To support the above changes, updated header files dlpimod.h and mdi.h are provided in the nics package, as well as the updated support for running tcpdump on a non-dedicated network card. tcpdump, libpcap, and related header files are provided by the nd package. If the nd package is installed without the updated nics package, the updated tcpdump, etc., are installed, but must be used with a dedicated network controller as in previous releases. The updated nd package can also be installed on Release 7.1.1 and Release 7.1.2 (Open UNIX 8.0.0) if the latest version of tcpdump is desired. The nics package is not supported and will not install on these earlier releases, however, so tcpdump on Release 7.1.1 and 7.1.2 will continue to require a dedicated network card. UNIX95 Conformance The following minor modifications have been made in order to maintain conformance to the UNIX95 standard: * The dd command was modified to accept and ignore a double dash (--) as an end of options indicator. Note that dd has no options that begin with a dash (-), so "--" can only appear as the leading argument and consequently has no real purpose. * The sort command has been modified to remove its previous (mistaken) UNIX95 behavior. Previously, when using sort -c with the POSIX2 environment variable set, sort only indicated whether the input was sorted through its exit value. Now, sort -c will always return a diagnostic if the input is out of order (regardless of whether POSIX2 is set or not). * Previously, the two supported Korn shells (/bin/ksh and /u95/bin/sh) did not recognize an integer literal with a leading 0 as being octal, nor a leading 0x or 0X as hexadecimal in arithmetic constructs. This does not match the intent of the POSIX.2 and Open Group shell specification. So, for example, the following output was seen in previous versions of the Korn shell: $ echo $((10+1)) 11 $ echo $((010+1)) 11 $ echo $((0x10+1)) /u95/bin/sh: 0x10+1: arithmetic syntax error A change has been made to accept octal and hexadecimal specifiers as explained above when the POSIX2 environment variable is set: $ export POSIX2=on $ echo $((10+1)) 11 $ echo $((010+1)) 9 $ echo $((0x10+1)) 17 Note that because integer constants like 010 have a silent change in behavior, this change requires POSIX2 to be set in the environment. * Minor namespace changes were made to the following header files: arpa/inet.h netdb.h netinet/in.h netinet/in6_f.h netinet/in_f.h fmtmsg.h grp.h libgen.h pwd.h stdarg.h strings.h unistd.h utmp.h utmpx.h wchar.h sys/fcntl.h sys/stat.h sys/statvfs.h sys/convsa.h sys/stropts.h sys/mman.h sys/socket.h sys/un.h sys/regset.h sys/siginfo.h sys/ucontext.h sys/fp.h ------------------------------------------------------------------------ Problems Fixed in UnixWare 7.1.3 Update Pack 4 Update Pack 4 (uw713up4) contains all the fixes from Maintenance Pack 1 (uw713mp1), Maintenance Pack 2 (uw713mp2), Maintenance Pack 3 (uw713mp2), Update Pack 1 (uw713up1), Update Pack 2 (uw713up2), and Update Pack 3 (uw713up3), plus additional fixes. See the lists below. The identifiers at the end of each description are SCO escalation and problem report numbers. Problems fixed in Maintenance Pack 1 Problems fixed in Update Pack 1 Problems fixed in Maintenance Pack 2 Problems fixed in Update Pack 2 Problems fixed in Update Pack 3 Problems fixed in Update Pack 4 Problems Fixed in Update Pack 2 Supplemental Packages Problems Fixed in Update Pack 3 Supplemental Packages Problems Fixed in Update Pack 4 Supplemental Packages Problems fixed in Maintenance Pack 1 uw713mp1 contained the following fixes: 1. Prevents system panics previously caused when fusers examines an exiting process. fz526462 2. Prevents hangs seen on Compaq ML350 and ML370 Systems when hyperthreading (Jackson Technology) is enabled, i.e., when the boot parameter ENABLE_JT is set to YES. fz526444 3. Fixed problems with the CDE desktop help viewer. fz526501 4. Provides missing scoadmin filesystem files that were not installed when upgrading from UnixWare 7.1.1 or Open UNIX 8.0.0. fz526550 5. Provides updated /usr/include files that were not installed when upgrading from UnixWare 7.1.1 or Open UNIX 8.0.0. fz526552 6. Provides a new makewhatis(1M) command that was not installed when upgrading from UnixWare 7.1.1 or Open UNIX 8.0.0. fz526526 7. Fixed crash(1M) to recognize changes to the callout structure. fz518517 8. Fixes issues target disk driver error recovery. fz520729 Problems fixed in Update Pack 1 uw713up1 contains all the fixes listed above for uw713mp1, plus the following additional fixes. Fixes listed with (MP2) at the beginning of the description are also included in Maintgenance Pack 2 (MP2); see Problems fixed in Maintenance Pack 2. Security Fixes 9. (MP2) Closing file descriptors 0, 1 and/or 2 before exec'ing a setuid program can make this program open files under these file descriptors, which have special meanings for libc (stdin/stdout/stderr). Reading or writing to root-owned files can be made possible, since stdin/stdout/stderr==opened_file. erg712059/fz526562/CSSA-2002-SCO.43 10. (MP2) A rogue talk client is able to cause the talk demon to overrun a buffer, and could be able to compromise a machine running talkd. erg712055/fz521053/CSSA-2002-SCO.42 11. (MP2) Buffer overflow in XPR portion of libnsl library. erg712182/fz526861/CSSA-2003-SCO.7 12. (MP2) A command line buffer overflow in ps command can be exploited. erg712109/fz525292/CSSA-2003-SCO.1 13. (MP2) The implementation of xdr_array can be tricked into writing beyond the buffers it allocated when deserializing the XDR stream. erg501642/fz525725/CSSA-2003-SCO.7 14. (MP2) Fixed a security vulnerability in the sendmail binary that can be exploited by remote users to gain root access. fz527484/erg712247/CSSA-2003-SCO.5 15. (MP2) When using ftp to transfer a file with a pipe as the first character in its name (for example, |xyz), ftp executes the file on client machine. erg712227/fz527425/CSSA-2003-SCO.3 Networking Fixes 16. (MP2) Panic in PPP driver - pppwsrv() - due to a race condition. erg501673/fz526330 17. (MP2) Panic in PPP's pcid driver. erg501650/fz525867 18. (MP2) Communication problem between pcid and ppp driver. erg501678/fz526352 19. (MP2) The ttymon process sometimes stops listening to a port after PPP disconnect. erg501634/fz525626 20. (MP2) When receiving data from a TCP socket it may lock up indefinitely with data buffered up in the kernel but never returned to the process. erg501604/fz520887 21. (MP2) Connection server fails with the following error: 10/24/02 17:14:51; 27209; cs: ioctl() set signal error; errno=22 erg712153/fz526540 22. (MP2) Improved network printing performance. erg712041/fz520932 23. (MP2) If an ftp client host was reset (as in cycling the power) during the data transmission to the server, the ftp-data connection never times out on the server. If the client tries to use again the same port after reboot for an ftp transmission, the server responds with EADDRINUSE. erg501703/fz526973 24. (MP2) After removing a network interface, pkgchk nics complains about missing files. erg712152/fz526505 25. (MP2) Repeated logins on virtual terminals (/dev/vt02 ... /dev/vt08) result in file descriptor leakage in ttymon. erg501636/fz525650 26. (MP2) When excessive short-lived rlogin sessions are being created, /var/adm/wtmp and /var/adm/wtmpx get out of sync and must be rewritten. While these files are being rewritten, no one can rlogin to the system. If these files grow quite large, this can take up to 20-30 minutes. Also under heavy load the short-lived rlogin sessions may leave in utmp the entries from sessions that have actually completed. fz526496/erg712151 27. (MP2) Can't write to /dev/_tcp/num tty device (rlogin connection). erg712250/fz526110 28. (MP2) Occasionally bind() returns EADDRINUSE for no apparent reason. erg712209/fz527217 29. (MP2) Fixed tape driver bug relating to SAN attached tape drives. erg712195/fz526396 30. (MP2) Fixed an NFS panic which can occur following certain types of transmission errors. fz526648 31. (MP2) Cleaned up code which handles dispatching of tcp timers. fz526796 32. (MP2) Panic in tcp_close. fz527439/erg712230 33. The function write(2) erroneously returns EISCONN on a raw socket. erg501681 fz526404 34. Fixed an NFS hang which can occur when mounting an NFS file system. fz526665 35. Unplugged network cable causes terrible interactive console performance. fz520663 36. System panic while running LSV inet stress tests (GetService). fz526345 37. The utility cs(1Mbnu) fails to include the phone number. erg501670, fz526315 38. PPP stability and scalability improvements. fz527328 Miscellaneous Fixes 39. (MP2) Multi-threaded application may hang in an unkillable sleep, during exec. erg712172 fz526750 40. (MP2) Fix for sdiadd -n panic on systems with a pre-DDI8 Host Bus Adapter (HBA). The problem was that sdi_hot_add() was not converting the older style SCSI address into the newer extended SCSI addressing scheme properly. The original fix set the address to -1's instead of 0's for the wildcard case. pdi_hot will set the SCSI address to all -1's to tell SDI that we want to scan the entire SCSI bus starting from absolute address 0/0/0/0 (controller/bus/target/lun). erg712223 fz527360 41. (MP2) Added minor command modifications required by The Open Group for UNIX95 certification. For details, see UNIX95 Conformance. fz526395/fz526629/fz527377 42. (MP2) The emergency_disk(1M) boot media hangs on system with more than 4 GB RAM. fz527578 43. (MP2) Added undocumented option noquota to the vxfs mount command to fix the problem where the output of mount -p when used in /etc/vfstab, is rejected by mount with the message: UX:vxfs mount: ERROR: illegal -o suboption -- noquota erg712190 fz526894 44. (MP2) The kernel can panic in mod_dev_load if a DDI8 driver does not get configured properly. fz526791 45. (MP2) Repeated logins on virtual terminals (/dev/vt02 ... /dev/vt08) result in file descriptor leakage in ttymon. erg501636 fz525650 46. System hangs due to multiple, racing calls to stropen. erg501706 fz527158 47. lint(1) previously warned about _nanf() and nanf() in math.h. Adding a /*LINTED*/ line in front of each suppresses this noise. fz527588 48. The utility cs(1Mbnu) exits unexpectedly due to fork(2) failure. erg501710 fz527253 49. The emergency_rec(1M) command doesn't ignore commented entries in /usr/lib/drf/tapeconfig. fz527399 50. The command pwck(1M) should print the line being processed, when errors are encountered. erg712157 fz518020 51. Fix locking of CD-ROM tray. fz527497 52. The command sar -d returns busy values > 100% fz521100 erg501658 53. Fixed bugs which caused the licensing daemons (ifor_pmd, ifor_sld, and sco_cpd) and the idmknodd daemon to be killed on transitions to init state 1 and never restarted. fz526649, fz526656 54. The mousemgr process could not be run in init state 1. fz527032 55. Updated /sbin/usb to only run when usbd is configured. fz527495 56. Fixed potential problem evaluating constant expressions in full_optimization asm(1) functions. fz527501 57. Panic in the routine v86bios0(). fz526652 58. Include support tool sysinfo(1M) in shipping product. fz519999 59. Intel's fix for p6update panics on prototype Pentium 4 Xeon system. fz521607 60. Kernel panic in kmem_alloc, from tcpopen. fz521356 61. New tunable COREFILE_SECURE. Privileged, setuid or setgid processes are prohibited from dumping core. A new tunable COREFILE_SECURE, if tuned to 0, will allow such processes to core dump. fz526524/erg712163 62. System hangs sporadically after calling execv directly after fork1 in multithreaded applications. fz526597 63. Netscape postscript printing in kole (Korean) environment is broken. fz520071 64. If the Skunkware ghostscript package is installed, the PostScript files (such as those printed by Netscape) can be automatically converted for printing on the PCL printers (such as HP LaserJet). An example of command to enter in the Netscape print dialog: lp -T PS 65. Correctly display version of dump command with -V option. fz518607 66. Fix for missing charset attribute for Japanese documentation in DocView. fz526356 Development Fixes 67. Assembly peep-hole optimizer (optim) fix for three operand integer multiplication by one which was not caught by the global optimizer on C++ code. fz526555 68. C++ compiler fix: Unless in strict ANSI mode, allow an undefined inline function to be referenced if the point of reference is never used. fz526499 fz526480 69. Debugging information for a "long long" local variable assigned to register pair %ebx/%esi was incorrectly stated as %ebx/%esp. C and C++ compilers fixed. Compatibility Fixes 70. (MP2) Fix for panic on certain OpenServer binaries. erg550013/fz514721 71. (MP2) chown() arguments of -1 do not work for OpenServer binaries fz526683 Problems fixed in Maintenance Pack 2 uw713mp2 contains all the fixes listed above for Maintenance Pack 1, the fixes marked (MP2) delivered with Update Pack 1, plus the following fixes: Security Fixes: 72. uudecode does not validate the filename; it should not write to pipes or symbolic links. CSSA-2002-SCO.44 Networking Fixes: 73. KMA corruption in tcp. fz521356/erg712086 74. Status requests are not being automatically generated for a network printer if it is very busy resulting in job ids not being freed. erg501666/fz526164 75. Hangs and delays in streams caused by streams routines unnecessarily allocating large physically contiguous buffers. fz527550/erg712266 Compatibility Fixes: 76. Fixed system call restart code for OpenServer applications. Also modified code for the connect system call so that connect is properly restartable for OpenServer applications. fz527264 77. System hangs during boot up on older (Pentium III and earlier) IBM hardware. fz527522 78. Allow use of an ELF interpreter which contains a PT_NOTES section, as some older OpenServer libraries do. fz527571 79. Enable 16-bit IPC IDs for OpenServer and Xenix compatibility. fz527373 80. Implement support of MAP_NOEOF mmap flag for OpenServer applications running on UnixWare. fz527536 Miscellaneous Fixes: 81. Fixed an unrecoverable "internal error" experienced by the debug command when reading some core files from threaded applications. Fixed the recently added -m command line option to specify an alternate runtime library path when analyzing core files from other systems. erg501675/fz526224/fz526635/fz526681 82. The vtoc driver has been fixed to support disks whose physical sector size is an integral multiple of 512. erg501717/fz527726 83. System may refuse to take console input after 248 days, thereby appearing to hang, due to invalid time stamps in the cmux driver. fz527517/erg501720 84. The command useradd(1M) allows $ in usernames (SAMBA requirement) fz526483 85. The ksh95 built in pwd command can output pathnames starting with //. fz199364 86. PSE memory remains unavailable after dynamically adding memory. erg712235/fz527455 87. System hangs in vxfs filesystem. Processes blocked waiting on a call to vx_iget. erg712184/fz526355 88. Restore the pre-7.1.3 lookuppn syntax so that third-party provided filesystems continue to work. The extra root vnode argument has been removed from lookuppn. A new lookuppnx function has been created with this extra argument. fz527503 Problems fixed in the Update Pack 2 Set uw713up2 contains all the fixes listed above for Maintenance Pack 1, Update Pack 1, and Maintenance Pack 2, plus the following additional fixes. Networking Fixes: 89. Hangs and delays in streams caused by streams routines unnecessarily allocating large physically contiguous buffers. fz527550 erg712266 90. If two arp -d's are called in quick succession, one of the entries may not be deleted. erg711628/fz516107 91. When DNS is not configured, mailadmin (scoadmin mail) will not allow you to change any settings. erg712296/fz527783 92. System panic due to a race condition in tcp timers code. erg501722/fz527554 93. Fixed scoadmin DNS Manager' abnormal terminations; fixed corruption of DNS/BIND's configuration and zone data files caused by scoadmin DNS Manager; fixed ndc/rndc utility and interactions with DNS/BIND. fz518460 fz518604 fz521436 Compatibility Fixes: 94. If the name of remote system for a remote printer is not found in /etc/lp/Systems, lpsched does not complain at startup and later on coredumps when a status or cancel request is sent to that printer. fz527931 95. Remote print requests remain indefinitely in queue if remote system is down. They do not timeout even if timeout parameter is specified in /etc/lp/Systems for the corresponding remote system. fz527934 WARNING: Since by default the timeout is set to 10 minutes, print setups with large network delays may suddenly experience timed-out jobs. For such systems, system administrators should either increase the timeout value or set timeout to "never" to restore old behavior. Miscellaneous Fixes: 96. System can refuse to take console input after 248 days, thereby appearing to hang, due to invalid time stamps in the cmux driver. fz527517 erg501720 97. Short-lived floating point temp value may be left on the floating point stack when used within the second or third operand of a conditional operator. This may result in a floating point stack overflow. fz527712 98. Potential floating point stack overflow detected in /usr/sbin/vxassist. fz527712 99. Shell metacharacters that are part of the options to the C++ compiler are properly preserved (escaped) for reuse during recompilation done as part of C++ auto template instantiation. fz527527 100. Fixed an unrecoverable "internal error" experienced by the debug command when reading some core files from threaded applications. Fixed the recently added '-m' command line option to specify an alternate runtime library path when analyzing core files from other systems. erg501675 fz526224 fz526635 fz526681 101. The vtoc driver has been fixed to support disks whose physical sector size is an integral multiple of 512. erg501717 fz527726 102. Fixed division by zero error in /usr/ccs/lib/optim encountered in calculating potential benefits of locals in a register for what appears to be a series of heavily nested loops. 103. Fix to ps -o time so that when the accumulated CPU time exceeds 24 hours, the number of days is no longer off by one. fz527776/erg712295 104. Change the "enum boolean" tag in /usr/include/sys/types.h to "enum __boolean", removing the type/tag "boolean" from the user name space. fz527818 105. Add support for Digi ClassicBoard/PCI and Connect Blue Heat serial cards. fz527694 106. System hangs in vxfs filesystem. Processes blocked waiting on a call to vx_iget. erg712184 fz526355 107. Restore the pre UnixWare 7.1.3 lookuppn syntax so that third-party provided filesystems continue to work. The extra "root vnode" argument has been removed from lookuppn. A new lookuppnx function has been created with this extra argument. fz527503 108. Status requests are not being automatically generated for a network printer if is very busy resulting in job ids not being freed. erg501666 fz526164 109. Display per-processor callouts as well as global callouts from the callout command. fz527802 110. Enhanced the Printing subsytem to have a maximum of 999 printjobs per printer or class of printers rather 999 printjobs for the whole system. erg501712/fz526370 111. Lpsched performs poorly when a large number of jobs (200+) are submitted at once. erg501718/fz527462 112. The sdipath -o repair command can hang when run against active paths. erg712254/fz527498 113. PSE memory remains unavailable after dynamically adding memory. erg712235 fz527455 114. Periodic Local timeouts can migrate to global callout lists. If a driver uses a dtimeout interface to schedule a periodic callout on a particular cpu, the callout migrates to the global list after the first firing. This then allows allows callout to be scheduled on any cpu. fz527675 115. scoadmin now includes a graphical disk manager fz527823 116. xAPIC support for IBM xSeries x440 servers - allows multiple CECs to be used and more than 8 logical CPUs fz526749 fz527522 117. Fix the ksh problem where an empty assignment (for example, ksh -c 'x=; echo ${x/y/z}') would cause a memory fault. fz527943 118. Change umask to 022 so that /etc/ssh.pid is not world writable. fz526605 119. Correct /usr/sbin/sshd binary to use /usr/X/bin/xauth instead of /usr/X11R6/bin/xauth. fz526871 120. Added STO_386_COPY support to RTLD and the linker to aid in the evolution of the IA32 psABI. fz527833 121. Add support for the BSD and Linux asprintf() and vasprintf() routines. These two routines are additional *sprintf() variations. Here, you pass the address of a "char *" into which is placed a malloc()d buffer of sufficient length to hold the entire sprintf() result. The caller is responsible for free()ing the buffer when done. fz527834 122. Correct /usr/include/sys/nattr.h definition of NATTR_CSUM_MASK. fz527534 Problems fixed in the Update Pack 3 Set uw713up3 contains all the fixes listed above for Maintenance Pack 1, Update Pack 1, Maintenance Pack 2, and Update Pack 2, plus the following additional fixes. Security Fixes: 123. Fixed exploitable buffer overflows in metamail. erg712265 fz527543 124. Drop TCP packets when both SYN & FIN are set. erg712274 fz527623 125. sendmail char sign extension buffer overflow. Upgraded to Sendmail 8.12.9. erg712276 fz527629 126. DocView no longer permits certain URLs from reading publicly-readable system files. fz528126 erg712368 127. sendmail remotely exploitable buffer overflow in prescan. erg712433 fz528320 CSSA-2003-SCO.23 Networking Fixes: 128. Kernel panics with a bad read pointer in a STREAMS message block, caused by mishandling of the message block in the STREAMS utility msgpullup and in the IP protocol handling routine ip_input. erg712321 fz527939 129. Some STREAMS ioctl coomands involving multiple message exchanges with the driver may timeout prematurely and return EAGAIN erroneously. erg712396 fz528199 130. Code generation error in ppp library. fz528222 131. flock() hangs when the NFS server is Microsoft SFU (3.0) erg712347 fz528048 132. Data corruption during TCP connection setup. A race condition could erroneously acknowledge enqueued data that has not been sent causing receiver to get partial data. erg712389 fz528172 Development Fixes: 133. C/C++ inlining of a small function may attempt to use a FP constant as if it were and integer value in memory. fz528225 134. Optimzation bug fix. Optim may erroneously remove a structure return temp space from the stack. fz528221:1 135. C++ compiler internal error if shift operator amount is a 64 bit data type. fz528230 136. Warning diagnostic for cc -Xc about intermixed statements and declarations could be issued inappropriately. fz527343 137. The qsort() routine was reworked to increase performance, especially when presented with lots of "equal" data items. fz527984 fz528071 138. The C compiler's preprocessing inappropriately took a '_' as starting a fresh token when in the middle of a "ppnumber" token. In practice, this only had an effect on code which created identifier tokens through pasting. fz528049 139. The bsearch() routine was improved to handle zero-valued "size" and "number of items" parameters. fz528073 140. cc -Xt no longer warns about "return;" for functions whose return type is other than void. fz528120 141. A bug was repaired in which an inlined function call, having been passed a null pointer, would trigger an internal C compiler error when this parameter was the target of a strcpy() or strncpy() call. fz528141 142. The obsolete ustat() routine has been moved from the unshared portion of the C library to the shared libc.so.1. The backward compatibility library libcudk70.a has an unshared ustat() added. fz528274 143. The strip and mcs utilities no longer attempt to make use of the rename() system call to move the updated temporary file over the file being operated on. fz528164 Miscellaneous Fixes: 144. When pkgadd fails early on, before any package has been selected, it gives the following message: UX:mailx: WARNING: No message !?! This message was confusing to users and is now not displayed. fz527750 145. When hyperthreading is enabled on a uniprocessor system without MPS BIOS tables, the system will attempt to use a standard two cpu multiprocessor configuration to enable hyperthreading. fz527457 146. Hyperthreading is disabled (erroneously) on some systems. erg712350 fz528053 147. System hang. Hard hang unable to enter kdb or dump the system. erg712346 fz528045 148. ksh93 autoload functions invoked within command substitution fail to execute. erg712312 fz527879 149. /etc/conf/bin/idconfupdate now creates its .idlock file in /etc/conf instead of /var/tmp. This avoids idtools problems when /var/tmp is not mounted. fz528107:1 fz528129:1 150. /etc/magic expanded to recognize Java class files and SVR4 pkgadd datastream image files. fz160445, fz527896 151. Large block sized i/o requests failing with Pre-DDI8 HBA drivers. fz527917:1 erg712316 152. When reporting information for multiple files, /usr/bin/file may reference previously freed memory. fz219396 153. Panic in specfs, NULL pointer dereference (s_cp). erg712337 fz528010 154. /usr/ucb/lastcomm core dumps. fz528025 155. syslogd fails to respond to SIGHUP. erg712414 fz528159 156. /etc/magic has been expanded to provide recognition of of more file types. fz144358 fz528024 157. /u95/bin/ksh users' `w` idle time resets every 10 min. erg712362 fz528070 158. Added dacread,macread privileges to /usr/lib/fs/vxfs/quota. fz528196 159. Fixed failures mounting/creating vxfs snapshots which indicated that the filesystem is either already mounted, busy, or the allowable number of mount point exceeded when none of these failure conditions were true. erg712361 / fz528100:1 160. Fixed kernel stack overflows with lxuwfs, replacing relatively large stack variables with allocated areas. Matching change made to lxdevfs. fz527910 / fz528131 161. /sbin/dfspace now does not list LKP and OKP mount points. fz519343:1 162. Updated kcrash with bug fixes. fz528295 163. Fixed scoadmin Slice Manager character mode display for cylinders and attributes views. fz528041 164. Updated mkmsgs. fz527996, fz528200 165. Updated swap command to handle swap files up to 4GB. fz202265 166. Updated time zone data for India (IST). fz526471 167. ksh95 built in pwd can output pathnames starting with //. fz199364 168. When installing UnixWare on some machines with the nVidia GeForce4 video chipset, the screen goes black and the machines freezes after the initial kernel is loaded and before the language selection screen. Separate boot floppies are required to install such a system. The fix delivered in UP3 ensures systems installed in such a manner continue to work. erg712344 fz528030 169. USB chipsets using the optional EHCI 64-bit addressing modes no longer get "Descriptor Read Failure load failed during enumeration" on USB startup. fz528043 170. The USB drive from Melco/Yedata no longer fails on USB startup with "Inquiry Read failed, unbinding". fz528046 171. DocView Print Book feature now handles documents that were not properly assembled for printing. fz527824 172. Support logical volumes up to 1 TB. mkfs_vxfs failed on logical volumes > 512GB and fdisk reported invalid cylinders in "1 TB boundary" cases. fz520676 erg712311 173. The queue command within crash prints garbage at the end of the line. fz528406 174. The date command core dumps. Attempting to update the time via SCOadmin will display an error message, although the time does get updated. erg712397 fz528056 175. The userdel command core dumps. fz528409 Problems fixed in the Update Pack 4 Set uw713up4 contains all the fixes listed above for Maintenance Pack 1, Update Pack 1, Maintenance Pack 2, Update Pack 2, and Update Pack 3, plus the following additional fixes. Note that some of the fixes below were also include in Maintenance Pack 3; all Maintenance Pack 3 fixes are included in Update Pack 4. Security Fixes: 176. SECURITY - CRLF (Carriage Return, Line Feed) injection vulnerability in lynx. fz712379 fz528144 177. Security fix for OpenSSL version 0.9.7b. See http://cvs.openssl.org/chngview?cn=11213. fz528383 178. Fixed /proc security bug. fz712482 fz528474 179. Fixed LKP chroot security vulnerability in intpexec fz528642 erg712519 Networking Fixes: 181. Repaired a bug in the ftp daemon that would cause it to report "426 Data connection: Error 0" after a successful transfer. fz528430 fz528034 182. Fixed problem where rcp of /proc causes denial of service. fz712112 fz525927 183. Fixed a bug in traceroute that would cause it to core dump. fz528289 184. An optimization to predict the MAC header size is now a tuneable. A value of 0 allows the OS to discover the optimal header size. A value less than 0 disables the optimization and a value above 0 enforces the value specified in the tuneable. This is specifically useful for applications like IBM SNA Gateway which provides a media frame header size different than calculated by the OS. fz527969 185. There are three new tuneables provided: tcp_rexmit_min to control the minimum retransmission timeout value, tcp_rttdflt to specify a default initial RTT value and the tcp_maxrxt_min to allow configuration of cumulative minimum retransmission value. fz527766 Development Fixes: 186. C/C++ inlining of a function or type "char *" into an expression that expects an integer type expression may result in an internal compiler error. fz528442 187. DT_RUN_PATH formats accepted with the -R option of the CC (C++) command have been expanded to include $ORIGIN and relative paths. fz528471 188. The Java first-class executables feature has been upgraded to support Java 1.4.2. fz528476 189. The 'fs' memory checking tool within the UDK C++ compilation system has been fixed to handle the C++ standard library header. fz528482 190. Optimization bug fix. /usr/ccs/lib/optim does not properly track source memory usage for the third operand of a three operand SHLDL instruction. fz528620 191. The C++ compiler would emit incorrect code to handle object cleanup during exception handling throw processing, when the object was of a multidimensional array of classes type. fz528674 192. C/C++ compilers may encounter an internal compiler error when handling a cast of a volatile type to a void type. fz528689 193. Fixed problem where programs linked with libthread that call fork1() from the original thread produce children that are not properly protected from signals in critical library code. fz528522 194. Changed libc's internal %f and fcvt() formatting to give a slightly more accurate result when more digits are requested than are handled internally. fz528370 195. Corrected some exported libc symbols that should have been weak to be so. fz528448 196. Fill-in some missing iconv (command and library routine) codeset conversion to permit direct conversion to/from UTF-8 and the following codesets: PC437, PC850, PC860, PC863, PC865, 8859/1, eucJP, and sjis. The same effect was available before this by using a "unicode" (UCS2) intermediate codeset target. fz528539 197. Repair a qsort() bug in which an incorrect internal swap routine can be used. fz528569 198. Changed the Motif (libXm and libWXm) libraries to be built using the system's strcasecmp() and register expression routines. fz528651 199. Repaired a bug in libthread such that a null pointer can be dereferenced in cond_broadcast() after a fork1(). fz528714 200. Changed libthread's timer mechanism so it recognizes hard system clock resets. fz712390 fz527957 201. Fixed RTLD exit() processing to prevent a segmentation fault observed when a loaded-at-startup shared libary dlopen()s some other library and then uses its _fini() routine to dlclose() this other library. Previously, the RTLD exit() processing resulted in the dlclose() causing a segmentation fault as it attempts to modify memory through a null pointer. fz528933 Miscellaneous Fixes: 201. Fixed panic in realitexpire. fz712352 fz528064 202. The rtpm command incorrectly reports it is out of memory and exits; the time reported by rtpm gets out of sync with the system clock. fz712441 fz528135 erg712393 fz528133 203. Shared memory that is in use by a process experiencing a fork failure might not be released. fz712399 fz528204 204. System hang; infinite loop in deadflck. fz712154 fz526541 205. Ksh sleep call is waiting forever due to missed SIGALRM. fz712386 fz528169 206. The multibyte to wide-character conversion code for EUC was broken. fz712507 fz528536 207. cs daemon allows 2 child processes to talk to the same device. fz501731 fz527737 208. System call entry handler for linux binaries will panic if a real device is attached to the same vector or if a spurious interrupt is received on that vector. fz712348 fz528051 209. Corrected permissions on various /etc/inst/locale/*/menus/LKP/lxrpms.msgs files. These permissions were correct for systems which had a fresh Unixware 7.1.3 ISL installation. The permissions were incorrect for customers who had upgraded from to UnixWare 7.1.3 from a prior UnixWare/Open UNIX release. fz520137 210. MAXRUN is a new cron tuneable parameter in /etc/default/cron. It defaults to 25 and defines the number of simultaneous cron jobs in the system. fz712469 fz528435 211. Fix libDtHelp buffer overflow problem. erg712445 fz528372 212. Fix bug in mousemgr which causes graphical login to fail to restart after logout when using a serial mouse. fz528706 213. Ensure that /etc/conf/bin/idcpunix invokes rm -rf from a directory with a known path to avoid certain failures which can occur when invoking /etc/conf/bin/idcpunix (and therefore rm -rf) from a directory with no known path. Also, add the directory /etc/conf.unix.old/mod.d to the loadable module search path after moving the current loadable module directory there. fz527874 fz527875 214. The compress command dies with a SIGSEGV, and fails to compress the file. fz712220 fz527292 215. Fixed problem where embedded EHCI on IBM 8430/13x took inordinate amount of time to reset. fz501727 fz527381 216. Packaging change to samba and sambamb packages. fz526999 217. sysi86 doesn't validate selector when clearing a descriptor. fz521540 218. Updated Scoadmin Video Configuration Manager to stay set to VESA if configured to VESA and not switch to an autodetected video adapter configuration. fz528393 219. /etc/magic was updated to handle the OSR5 tar format. fz528854:1 220. Auto-enabling of memory above 4GB. When the OS detects memory above 4GB, it automatically enables PAE mode in order to access the memory above 4GB. Previously, this had to be done manually, by setting ENABLE_4GB_MEM=yes in /stand/boot followed by a reboot. fz528501:3 Fixes Included in Update Pack 2 Supplemental Packages The following fixes are not included in the Update Pack Set; they are installed with the indicated package provided on the Update Pack CD. See Update Pack CD Contents. 1. adst70 - Provide updated adst70 HBA driver to prevent a panic going into init 1. fz527526 2. basex - Avoid potential duplicate data being flushed from buffers when the child process, used for initial house keeping, in the pseudo tty client open transport function exits. fz527709 3. nd - Updated Intel PRO/100 driver (eeE8) to version 2.5.4. Bug fixes and new card support. fz527508 fz527922 4. nd - Updated Intel PRO/1000 driver (e1008g) to version 7.0.11. Bug fixes and new card support. fz527502 fz527911 5. nd - Correct typos in Intel PRO/1000 (e1008g) Drvmap file affecting hotplug support for certain NICS. fz527792 6. nics - Short Ethernet frames are now padded with octets of zero to prevent information leakage. erg712090 fz521367 7. openssh - SECURITY Provide rlogin/telnet login replacements to correct flawed kill routine. fz526587 8. openssl - SECURITY Upgraded OpenSSL version to fix timing attack vulnerability. fz527507 9. samba and sambamb - SECURITY Upgraded Samba version to fix security holes where anonymous or remote users could gain root access. fz527530 fz527681 10. xdrivers - Matrox G100/G200/G400 Series Graphics driver (mtx) doesn't close pcix driver causing xserver package to hang during installation. fz527729 11. xdrivers - Provide support for Nvidia TNT2, GeForce2 and Quadro2 Graphics adapters. fz527795 12. zlib - SECURITY Fix a zlib (gzprintf) format string overflow vulnerability by rebuilding the zlib library to use snprintf(). fz527490 Problems Fixed in Update Pack 3 Supplemental Packages The following fixes are not included in the Update Pack Set; they are installed with the indicated package provided on the Update Pack CD. See Update Pack CD Contents. 13. basex, j2jre131, xfonts - The /usr/lib/X11/fonts/TrueType/watanabe-mincho.ttf Japanese font has been removed from these packages, and is removed from the system when you install these packages on top of a previous version. fz528440 14. nd - Updated Intel PRO/1000 driver (e1008g) to version 7.2.10. Bug fixes and new card support. fz528257 15. nd - Updated Broadcom NetXtreme Gigabit Ethernet driver (bcme) to version 6.0.16. Corrects panic in bcopy+13 with bcme v6.0.3. fz527953 fz528305 16. netmgmt - The SNMP trap_rece utility trap_rece quits prematurely with the error message Couldn't assign requested address. erg712289 fz527728 17. nics - A new dlpi driver tuneable in /etc/conf/pack.d/dlpi/space.c allows the administrator to turn off MAC header size prediction, which causes problems on IBM SNA Gateway systems. See Known Problems. 527969 18. nics - Changed ndcfg for PCI device recognition to fix a bug which prevented some serial port boards from being recognized. erg712319 fz527935 Problems Fixed in Update Pack 4 Supplemental Packages The following fixes are not included in the Update Pack Set; they are installed with the indicated package provided on the Update Pack CD. See Update Pack CD Contents. 19. apache - Updated to 1.3.29 to pick up latest fixes. 20. nd - Fixed 'nd' package menu option #2 install. Install failed to work properly when installing on either UnixWare 7.1.1 or Open UNIX 8.0.0. fz527574 21. nd - Updated AMD PCnet driver (pnt) to version 3.0.1. Fixes a panic that appeared in bcopy(). fz527095 22. nd - Updated 3Com EtherLink DDI8 driver (e3bc) to version 1.1.1. Fixes a bad ASSERT panic in the DEBUG kernel on startup. Only occurs in DEBUG kernel. fz528447 23. nd - Updated Intel PRO/100 driver (eeE8) to version 2.6.8. Bug fixes and new support. fz528724 24. nd - Updated Intel PRO/1000 driver (e1008g) to version 7.2.15. Bug fixes and new support. fz528381 25. nd - Updated Broadcom NetXtreme Gigabit Ethernet driver (bcme) to version 7.0.7. Bug fixes and new card support. fz528589 26. nd - Updated tcpdump(1M) command to fix the following security vulnerabilities: o A vulnerability existed in the way the rawprint() function (in print-isakmp.c) parses certain malformed ISAKMP packets containing an invalid "len" or "loc" value. o A vulnerability existed in the way the I() function (in print-radius.c) parses RADIUS attributes containing overly long length values. o A vulnerability existed in the way tcpdump parses specially crafted ISAKMP packets. erg712544 fz528784 27. nics - netconfig fails to configure network card properly in certain situations with multiple NICS. erg712451 fz528400 28. xdrivers - Provide support for ATI Radeon 7000, 7200 and 7500 Graphics adapters. fz528394 ------------------------------------------------------------------------ Known Problems and Workarounds Please take note of the following known problems and workarounds when installing UnixWare 7.1.3 Update Pack 4 or UnixWare 7.1.4: Installation: xAPIC Support Installation: Disabling MAC header size prediction for IBM SNA Gateways Installation: IBM xSeries PCI Expansion Box Devices Installation: License Message in System Logs Installation: OpenSSH requires OpenSSL Installation: Timezone and Locale Clashes Display Warnings Installation: Restart Upgrade Wizard When Freeing Space Installation: Upgrade Wizard Exits if Space Pressed Repeatedly Installation: Upgrade Wizard Fails with "Incorrect media detected" Installation: Upgrade Wizard Mouse Failure Installation: Warnings About Changed Files Installation: Warnings in Installation Logs Mozilla: Classic Theme May Not Work with 256 Colors Netscape: Default Home Page Networking: OpenLDAP slapd Startup Script Missing Online Documentation: "Print Book" Problems OKP: Do Not Add OKP License Before Installing OKP Package Removal: Removing vxva Package Causes Account Manager to Fail PostgreSQL: Documentation Errata Samba: Sample smb.conf Not Provided Samba: Warnings When Starting smbd and smbclient Security: Updated Perl CGI.pm Squid: Documentation Errata Installation: xAPIC Support xAPIC support was designed for IBM x440 systems. On some platforms, such as the IBM xSeries 360 (x360), the OS detects it should use xAPIC but the platform does not properly support it. If this happens, the symptoms are device timeouts (either a disk driver or HBA) very early during the boot process. The system will display a message stating that an HBA or disk command has timed out, and the system will become unresponsive (hang). If you are using a Multi-Processing (MP) system with Pentium 4 (Xeon) processors and this occurs do the following: 1. Reset the system. 2. When the system displays the UnixWare logo during the boot sequence, interrupt the boot by pressing any key. 3. At the boot prompt enter: USE_XAPIC=N boot The system should now boot normally. 4. Once the system is running, edit /stand/boot and add the following entry to the file: USE_XAPIC=N This will ensure that you do not need to interrupt the boot process again. Installation: Disabling MAC header size prediction for IBM SNA Gateways A new dlpi driver tuneable in /etc/conf/pack.d/dlpi/space.c allows the administrator to turn off MAC header size prediction, which causes problems on IBM SNA Gateway systems: int mac_header_size = 0; This variable can be set as follows: 0 (default) the kernel discovers the optimal MAC header size less than 0 disable MAC header size prediction optimization greater than 0 use the MAC header size specified in the space.c file To disable MAC header size prediction, edit /etc/conf/pack.d/dlpi/space.c and change the value of mac_header_size to -1. Then enter the following commands to rebuild the kernel and reboot: # idbuild -M dlpi # shutdown -i6 -g0 -y The mac_header_size tuneable is installed with the nics package. 527969 Installation: IBM xSeries PCI Expansion Box Devices If you are installing UnixWare 7.1.4 for the first time on an IBM xSeries Server with devices in an attached IBM RXE-100 Remote I/O Expansion Enclosure, you must enter a boot paramater for the devices in the RXE-100 to be recognized. As the UnixWare installation program boots, it displays the Unixware logo. When you see the logo, press the Spacebar to interrupt the program. When the [boot] prompt appears, enter the following two commands: [boot] psm=mps [boot] boot Your system will then continue to boot. Continue the installation normally. Installation: License Messages in System Logs Notices like the following may appear in /var/adm/syslog and /var/adm/log/osmlog after installation of the Update Pack: Jan 30 11:47:40 systemname sco_pmd[884]: license [nnnnnnnnn/167/1.0] missing dependent product [xxx/8.0] These messages are a consequence of the license upgrade process and can be safely ignored. Enter the following commands, as root, to remove the offending license from the license database and refresh the Policy Manager Daemon (sco_pmd): /etc/brand -r nnnnnnnnn /etc/sco_pmd -r Where nnnnnnnnn is copied from the notices in the system logs, as shown in the example above. Once the brand command is run as shown and sco_pmd is restarted, these notices will no longer be generated in the system logs. Installation: OpenSSH requires OpenSSL You may see the following error during installation of the OpenSSH (openssh) package: ##Executing postinstall script. dynamic linker: /usr/sbin/sshd: could not open libcrypto.so.0.9.7 Killed /etc/init.d/opensshd: Error 137 starting /usr/sbin/sshd....Bailing. Or, you may see the following errors when running OpenSSH commands after installation: dynamic linker: /usr/bin/ssh-keygen: binder error: symbol not found: OPENSSL_add_all_algorithms_noconf; referenced from: /usr/bin/ssh-keygen Killed dynamic linker: /usr/bin/ssh-keygen: binder error: symbol not found: OPENSSL_add_all_algorithms_noconf; referenced from: /usr/bin/ssh-keygen Killed dynamic linker: /usr/bin/ssh-keygen: binder error: symbol not found: OPENSSL_add_all_algorithms_noconf; referenced from: /usr/bin/ssh-keygen Killed OpenSSL version mismatch. Built against 90703f, you have 90607f /etc/init.d/opensshd: Error 255 starting /usr/sbin/sshd... bailing. These messages indicates that the OpenSSL (openssl) package is either not installed, or the installed version of OpenSSL is an earlier version than the one required by OpenSSH. To fix this, install the latest openssl package (from the same media on which you found openssh) and then re-install openssh. 527982 528971 Installation: Restart Upgrade Wizard When Freeing Space Although the Upgrade Wizard will display a warning about insufficient disk space when selecting packages, it may fail to automatically select all packages for update without displaying a warning. If the summary of packages automatically selected to be installed is incomplete due to insufficient disk space, use the work-around below to abort the Upgrade Wizard: # ps -af | grep uli root 3672 2721 TS 80 0 13:23:58 pts/15 0:00 /usr/lib/uli/framework/w izardFW /usr/lib/uli/wizard/ULIWZD # kill -9 3672 # rm -f /tmp/uli.lck The kill command takes as its argument the Process ID (PID) of the uli process returned by the ps command, as shown. After terminating the uli process, and freeing space on your hard disk, restart the Upgrade Wizard. Installation: Upgrade Wizard Exits if Space Pressed Repeatedly When launching the Upgrde Wizard using the uli command from a desktop window, the Upgrade Wizard may exit unexpectedly if you press the space bar a few times while it is loading. To work around this, re-run the Upgrade Wizard. 527905 Installation: Upgrade Wizard Fails with "Incorrect media detected" If you use the Upgrade Wizard (uli) to install, and you see the message Incorrect media detected, you are using the incorrect version of the Upgrade Wizard for the media you are trying to install. Exit the Upgrade Wizard, and load the uli package from the Update Pack media you are attempting to install, following the directions in the section Installation Procedures. Installation: Upgrade Wizard Mouse Failure If the Upgrade Wizard loses window focus after the Update Set is installed and it's not possible to select packages or activate window buttons using the mouse, either press the key while clicking the mouse button, or re-start the window manager from the root window menu (click the right mouse button to see the menu). Installation: Warnings About Changed Files During installation of the Update Pack on a system that was upgraded from a release prior to Release 7.1.3, warnings such as the following may be displayed: UX:pkginstall: WARNING: /etc/conf/pack.d/msr/Driver.o UX:pkginstall: WARNING: /etc/conf/pack.d/pcid/Driver.o UX:pkginstall: WARNING: /etc/conf/pack.d/ppp/Driver.o UX:pkginstall: WARNING: /etc/conf/pack.d/pppml/Driver.o ... The Warnings displayed on your system will depend on the originally installed release. These Warnings are expected and can be safely ignored. 527406 Installation: Warnings in Installation Logs After installation, you may see the following messages in /var/sadm/install/logs/uw713u4.out: UX:removef: ERROR: attribute verification of failed pathname does not exist UX:removef: ERROR: attribute verification of failed pathname does not exist UX:removef: ERROR: attribute verification of failed pathname does not exist UX:removef: ERROR: attribute verification of failed pathname does not exist You may also see the following warnings in /var/sadm/install/logs/uw713u4.log: UX:pkginstall: WARNING: /etc/conf/mdevice.d/mps UX:pkginstall: WARNING: /usr/sbin/ifor_pmd These messages are expected and may be safely ignored. 528812 Mozilla: Classic Theme May Not Work with 256 Colors If you use the CDE desktop, the default Classic Mozilla theme may result in a color scheme that is unreadable when your graphics card is set to use 256 colors. To work around this, do one of the following: * Increase the number of colors used by the card to more than 256. Do this using the scoadmin video configuration manager. * Change the Mozilla theme to the modern theme. Open Mozilla, and select Edit > Preferences > Appearance > Themes from the menu. Choose the modern them, and select OK. A screen pops up, informing you that you need to restart Mozilla for the change to take effect. Click OK, and then restart Mozilla. Netscape: Default Home Page The default home page listed in the Edit > Preferences > Navigator window is http://www.caldera.com, even though the link points to The SCO Group, Inc., Web Site at http://www.sco.com. This is a legacy of previous releases of the system, and can be updated if desired. Networking: OpenLDAP slapd Startup Script Missing The startup script for the OpenLDAP slapd daemon is missing, so slapd will not start on boot. To start slapd, enter the following command, as root: /usr/libexec/slapd -u root -h 'ldap:/// ldaps:///' 2>/dev/null You can also create a file named /etc/rc2.d/S99slapd, with the above contents, and slapd will start automatically on reboots. For further information on slapd, see the slapd(8C) manual page and the OpenLDAP documentation under Networking in the online documentation on http://localhost:8458. Online Documentation: "Print Book" Problems Problems have been observed with the DocView (http://hostname:8458) PRINT BOOK facility: 1. Some files do not print when selected from the PRINT BOOK list, or the incorrect content is printed instead. This occurs in C and non-C locales. 2. Multibyte files cannot be printed (this includes, for example, Japanese-language documentation from the jabasedoc package on the Localized Documentation CD in the UnixWare Media Kit) from the PRINT BOOK list. This is because the underlying engine in DocView for printing HTML (HTMLDOC) does not support multibyte files. 3. Some documents are not being printed in foreign languages when locale is properly selected and the foreign-language documentation is installed. The workaround in all these cases is to display the files individually from the DocView SITE MAP interface (which is identical to the PRINT BOOK list), and use your browser's Print command to print the files. For example, if you use the PRINT BOOK interface to print a New Features file and it does not work, click on the SITE MAP button on the DocView menu (http://hostname:8458) and select the name of the link that you wanted to print (the SITE MAP and PRINT BOOK lists are identical). Once the document is loaded into the browser, print it using your browser's Print command (File > Print in Netscape) to print to a local printer or to a file. The formats available depend on your local browser's setup. 527817 OKP: Do Not Add OKP License Before Installing OKP If you are installing the OpenServer Kernel Personality (OKP) product on top of the Upgrade Pack, do not add the OKP License to the License Manager before beginning installation of OKP. Instead, add the license during installation of OKP, as described in the OKP Release Notes. If you do add an OKP License to the License Manager before the OKP product is installed, the License Manager may report the following when you install the license: Licensing of is successfully completed Thereafter, the main License Manager screen may list the OKP license incorrectly, as follows: Unknown Product with id 181 If this occurs, you should remove the OKP license (License > Remove in the License Manager menu) and then add it again (License > Add). The License Manager will then display the license correctly. 528252 Package Removal: Removing vxva Package Causes Account Manager to Fail Removing the vxva package (VERITAS ODM Visual Administrator) from the system causes the scoadmin account graphical account manager to fail with these messages: Unable to retrieve locales Unable to get initial list of users The problem is caused by symbolic links left behind by the removal of the vxva package. To fix the problem, remove the links by entering the following commands (as root): rm /usr/lib/locale/C/LC_MESSAGES/Vxva_inst /usr/lib/locale/C/LC_MESSAGES/Vxva_msgs PostgreSQL: Documentation Errata The PostgreSQL installation creates a postgres user if one does not already exist on the system. The postgres user is automatically configured with root's password. The script /etc/init.d/postgresql can be used to automatically start the PostgreSQL postmaster binary running as this user. The postgres user's password can be modified using the passwd(1) program. Samba: Sample smb.conf Not Provided The samba package (Samba 3.0) does not contain a sample /usr/lib/samba/lib/smb.conf; Samba will not start without one. If you already have an earlier version of Samba installed, your existing smb.conf file will not be altered, and Samba should start normally. If you are installing Samba for the first time, copy the file provided in Appendix A below to /usr/lib/samba/lib/smb.conf, and to /usr/lib/samba/lib/smb.conf.sample as a backup copy. You can then edit smb.conf for your configuration. Another alternative is to launch the Samba Web Administration Tool (SWAT) utility (/usr/lib/samba/sbin/swat) and use the web interface to create an initial smb.conf. Note: if you use SWAT to configure Samba, SWAT overwrites /usr/lib/samba/lib/smb.conf with a version it creates from your specifications in the web interface. This will lose any customizations you make to a manually edited version. It is therefore important to keep a back-up copy of any manual edits you make to smb.conf. Samba: Warnings When Starting smbd and smbclient When starting smbd or smbclient, warnings like the example below are displayed: for smbd in /var/adm/syslog, and for smbclient to standard out. [2004/02/23 10:52:17, 0] lib/charcnv.c:(134) Conversion from UTF8 to CP850 not supported These warnings can be safely ignored; both smbd and smbclient should startup after these messages are displayed. Security: Updated Perl CGI.pm CGI.pm is a Perl module (contained in the perl5 package available from the base UnixWare media) that provides function calls for form definition. There is a vulnerability present in forms created with the start_form() and start_multipart_form() functions defined in CGI.pm. If the action for the form is left unspecified in a call to either function, the form action can be manipulated by a malicious user (using an appropriate URL) to launch a cross site scripting attack against the host system. If you use the CGI.pm module in any Perl programs, it is recommended that you install the perl and perlmods packages, available on the SCO Web Services Enabling CD. The perlmods package contains an updated CGI.pm module that closes this vulnerability. 528214 Squid: Documentation Errata The squid manual page installed by the squid package contains a number of errors: * The Squid proxy server control script is located at /etc/init.d/squid. * The Squid software is located under /usr/lib/squid. * To start up Squid, the Domain Name Service (DNS) daemon in.named(1M) must already be running, and Squid must be able to reach at least one of the specified DNS servers; otherwise, it will not start. Follow this procedure to configure and begin using Squid: 1. Edit the file /usr/lib/squid/etc/squid.conf, and make the following changes: a. Search for the visible_hostname keyword, and insert a line like the following: visible_hostname nodename where nodename is the name you want returned by the server to clients in messages. b. Enable access for your clients. This is done with a combination of the http_access and acl keywords (search for http_access keyword; the acl section is just above it in the file). To simply allow all hosts to access squid, enter a single http_access statement: http_access allow all Most sites will want better security, and allow only known sites to access the proxy. The following two statements allow only hosts on the "10.0.0" subnet to access the server: acl local 10.0.0.0/255.255.255.0 http_access allow local Note that the ordering of http_access entries in the squid.conf file is important. You may need to put entries for local clients at the top of the list of http_access entries in order for them to work. See the comments in the file /usr/lib/squid/etc/squid.conf as well as the Squid documentation installed along with the squid package, in the online documentation under Internet and Intranet, for more information on configuring Squid. 2. Enter, as root: /usr/lib/squid/bin/squid -z to initialize the Squid caches. 3. Start Squid: /etc/init.d/squid start 4. On each client (including the local system), set the browser's preferences to go to the proxy server instead of connecting directly to the internet. In Netscape or Mozilla, this is done by opening the browser Preferences (Edit > Preferences) and selecting Advanced > Proxies. Select Manual Configuration, and click on View. In the following window, set at least the http: and ftp: entries to point to the nodename or IP address of the UnixWare system running the Squid proxy server; then, set the port for both entries to 3128, the default port on which the UnixWare Squid server listens for requests. Save your changes to the browser's Preferences. The browser will now access the internet through the Squid proxy. Check the files under /usr/lib/squid/logs if you encounter problems. ------------------------------------------------------------------------ Appendix A: Sample Samba 3.0 smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = MYGROUP # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = lpstat load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = sysv # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /usr/lib/samba/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = NT-Server-Name # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes ; smb passwd file = /etc/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = NT-Domain-Controller-SMBName # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 ------------------------------------------------------------------------ (c) Copyright 2004 The SCO Group, Inc. All rights reserved.